def Run(self):
# Fix the time to avoid regressions.
with test_lib.FakeTime(42):
client_urn = self.SetupClient(0)
# Delete the certificates as it's being regenerated every time the
# client is created.
with aff4.FACTORY.Open(client_urn, mode="rw",
token=self.token) as client_obj:
client_obj.DeleteAttribute(client_obj.Schema.CERT)
flow_id = flow.GRRFlow.StartFlow(
flow_name=discovery.Interrogate.__name__,
client_id=client_urn,
token=self.token)
self.Check("GetFlow",
args=flow_plugin.ApiGetFlowArgs(
client_id=client_urn.Basename(),
flow_id=flow_id.Basename()),
replace={flow_id.Basename(): "F:ABCDEF12"})
with data_store.DB.GetMutationPool() as pool:
flow.GRRFlow.MarkForTermination(flow_id,
reason="Some reason",
mutation_pool=pool)
# Fetch the same flow which is now should be marked as pending
# termination.
self.Check("GetFlow",
args=flow_plugin.ApiGetFlowArgs(
client_id=client_urn.Basename(),
flow_id=flow_id.Basename()),
replace={flow_id.Basename(): "F:ABCDEF13"})
def testGetFlowWorksIfFlowWasCreatedBySameRouter(self):
flow_id = self._CreateFlowWithRobotId()
router = self._CreateRouter(get_flow=rr.RobotRouterGetFlowParams(
enabled=True))
router.GetFlow(api_flow.ApiGetFlowArgs(client_id=self.client_id,
flow_id=flow_id),
token=self.token)
def testNestedFlowsAppearCorrectlyAfterAutoRefresh(self):
self.Open("/#/clients/%s" % self.client_id)
# Ensure auto-refresh updates happen every second.
self.GetJavaScriptValue(
"grrUi.flow.flowsListDirective.setAutoRefreshInterval(1000);")
flow_1 = flow.GRRFlow.StartFlow(
client_id=self.client_id,
flow_name=gui_test_lib.FlowWithOneLogStatement.__name__,
token=self.token)
# Go to the flows page without refreshing the page, so that
# AUTO_REFRESH_INTERVAL_MS setting is not reset and wait
# until flow_1 is visible.
self.Click("css=a[grrtarget='client.flows']")
self.WaitUntil(self.IsElementPresent,
"css=tr:contains('%s')" % flow_1.Basename())
# Create a recursive flow_2 that will appear after auto-refresh.
flow_2 = flow.GRRFlow.StartFlow(
client_id=self.client_id,
flow_name=gui_test_lib.RecursiveTestFlow.__name__,
token=self.token)
# Check that the flow we started in the background appears in the list.
self.WaitUntil(self.IsElementPresent,
"css=tr:contains('%s')" % flow_2.Basename())
# Check that flow_2 is the row 1 (row 0 is the table header).
self.WaitUntil(
self.IsElementPresent,
"css=grr-client-flows-list tr:nth(1):contains('%s')" %
flow_2.Basename())
# Click on a nested flow.
self.Click("css=tr:contains('%s') span.tree_branch" %
flow_2.Basename())
# Check that flow_2 is still row 1 and that nested flows occupy next
# rows.
self.WaitUntil(
self.IsElementPresent,
"css=grr-client-flows-list tr:nth(1):contains('%s')" %
flow_2.Basename())
flow_data = api_flow.ApiGetFlowHandler().Handle(
api_flow.ApiGetFlowArgs(client_id=self.client_id,
flow_id=flow_2.Basename()),
token=self.token)
for index, nested_flow in enumerate(flow_data.nested_flows):
self.WaitUntil(
self.IsElementPresent,
"css=grr-client-flows-list tr:nth(%d):contains('%s')" %
(index + 2, nested_flow.flow_id))
def testAllClientFlowsMethodsAreAccessChecked(self):
args = api_flow.ApiListFlowsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlows, "CheckClientAccess", args=args)
args = api_flow.ApiGetFlowArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.GetFlow, "CheckClientAccess", args=args)
args = api_flow.ApiCreateFlowArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.CreateFlow, "CheckClientAccess", args=args)
self.CheckMethodIsAccessChecked(
self.router.CreateFlow, "CheckIfCanStartClientFlow", args=args)
args = api_flow.ApiCancelFlowArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.CancelFlow, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowRequestsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowRequests, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowResultsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowResults, "CheckClientAccess", args=args)
args = api_flow.ApiGetExportedFlowResultsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.GetExportedFlowResults, "CheckClientAccess", args=args)
args = api_flow.ApiGetFlowResultsExportCommandArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.GetFlowResultsExportCommand, "CheckClientAccess", args=args)
args = api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.GetFlowFilesArchive, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowOutputPluginsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowOutputPlugins, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowOutputPluginLogsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowOutputPluginLogs, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowOutputPluginErrorsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowOutputPluginErrors, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowLogsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowLogs, "CheckClientAccess", args=args)
def testGetFlowRaisesIfFlowWasNotCreatedBySameRouter(self):
flow_urn = flow.GRRFlow.StartFlow(
client_id=self.client_id,
flow_name=file_finder.FileFinder.__name__,
token=self.token)
router = self._CreateRouter(get_flow=rr.RobotRouterGetFlowParams(
enabled=True))
with self.assertRaises(access_control.UnauthorizedAccess):
router.GetFlow(api_flow.ApiGetFlowArgs(
client_id=self.client_id, flow_id=flow_urn.Basename()),
token=self.token)
def Handle(self, args, token=None):
return api_flow.ApiGetFlowHandler().Handle(
api_flow.ApiGetFlowArgs(
client_id=args.client_id, flow_id=self.flow_urn.Basename()),
token=token)