def setUp(self): super(ApiListHuntOutputPluginLogsHandlerTest, self).setUp() self.client_ids = self.SetupClients(5) self.handler = hunt_plugin.ApiListHuntOutputPluginLogsHandler() self.output_plugins = [ output_plugin.OutputPluginDescriptor( plugin_name=test_plugins.DummyHuntTestOutputPlugin.__name__, plugin_args=test_plugins.DummyHuntTestOutputPlugin.args_type( filename_regex="foo")), output_plugin.OutputPluginDescriptor( plugin_name=test_plugins.DummyHuntTestOutputPlugin.__name__, plugin_args=test_plugins.DummyHuntTestOutputPlugin.args_type( filename_regex="bar")) ]
def Run(self): email_descriptor = output_plugin.OutputPluginDescriptor( plugin_name=email_plugin.EmailOutputPlugin.__name__, plugin_args=email_plugin.EmailOutputPluginArgs( email_address="test@localhost", emails_limit=42)) with test_lib.FakeTime(42): flow_urn = flow.GRRFlow.StartFlow( flow_name=flow_test_lib.DummyFlowWithSingleReply.__name__, client_id=self.client_id, output_plugins=[email_descriptor], token=self.token) with test_lib.FakeTime(43): for _ in flow_test_lib.TestFlowHelper(flow_urn, token=self.token): pass self.Check( "ListFlowOutputPluginLogs", args=flow_plugin.ApiListFlowOutputPluginLogsArgs( client_id=self.client_id.Basename(), flow_id=flow_urn.Basename(), plugin_id="EmailOutputPlugin_0"), replace={ flow_urn.Basename(): "W:ABCDEF" })
def _CreateHuntFromHunt(self): flow_args = rdf_file_finder.FileFinderArgs( paths=["a/*", "b/*"], action=rdf_file_finder.FileFinderAction(action_type="STAT")) flow_runner_args = rdf_flows.FlowRunnerArgs( flow_name=file_finder.FileFinder.__name__) client_rule_set = self._CreateForemanClientRuleSet() source_h = self.CreateHunt(flow_args=flow_args, flow_runner_args=flow_runner_args, description="foo-description", client_rule_set=client_rule_set) ref = rdf_hunts.FlowLikeObjectReference.FromHuntId( source_h.urn.Basename()) # Modify flow_args so that there are differences. flow_args.paths = ["b/*", "c/*"] client_rule_set.rules[0].regex.field = "FQDN" output_plugins = [ output_plugin.OutputPluginDescriptor( plugin_name="TestOutputPlugin") ] new_h = self.CreateHunt(flow_args=flow_args, flow_runner_args=flow_runner_args, description="bar-description", client_rule_set=client_rule_set, output_plugins=output_plugins, original_object=ref) return new_h, source_h
def Run(self): with test_lib.FakeTime(42, increment=1): hunt_urn = self.StartHunt( description="the hunt", output_plugins=[ output_plugin.OutputPluginDescriptor( plugin_name=standard_test.FailingDummyHuntOutputPlugin. __name__) ]) self.client_ids = self.SetupClients(2) for index, client_id in enumerate(self.client_ids): self.AssignTasksToClients(client_ids=[client_id]) self.RunHunt(failrate=-1) with test_lib.FakeTime(100042 + index * 100): try: self.ProcessHuntOutputPlugins() except process_results.ResultsProcessingError: if flags.FLAGS.debug: pdb.post_mortem() self.Check("ListHuntOutputPluginErrors", args=hunt_plugin.ApiListHuntOutputPluginErrorsArgs( hunt_id=hunt_urn.Basename(), plugin_id="FailingDummyHuntOutputPlugin_0"), replace={hunt_urn.Basename(): "H:123456"})
def testFlowLogsSuccessfulOutputPluginProcessing(self): flow_urn = self.RunFlow(plugins=output_plugin.OutputPluginDescriptor( plugin_name="DummyFlowOutputPlugin")) flow_obj = aff4.FACTORY.Open(flow_urn, token=self.token) log_messages = [item.log_message for item in flow_obj.GetLog()] self.assertTrue( "Plugin DummyFlowOutputPlugin sucessfully processed 1 flow replies." in log_messages)
def testFlowLogsFailedOutputPluginProcessing(self): flow_urn = self.RunFlow(plugins=output_plugin.OutputPluginDescriptor( plugin_name="FailingDummyFlowOutputPlugin")) flow_obj = aff4.FACTORY.Open(flow_urn, token=self.token) log_messages = [item.log_message for item in flow_obj.GetLog()] self.assertTrue( "Plugin FailingDummyFlowOutputPlugin failed to process 1 replies " "due to: Oh no!" in log_messages)
def testUserChangesToCopiedFlowAreRespected(self): args = flows_processes.ListProcessesArgs(filename_regex="test[a-z]*", fetch_binaries=True) flow.GRRFlow.StartFlow( flow_name=flows_processes.ListProcesses.__name__, args=args, client_id=self.client_id, output_plugins=[self.email_descriptor], token=self.token) # Navigate to client and select newly created flow. self.Open("/#c=C.0000000000000001") self.Click("css=a[grrtarget='client.flows']") self.Click("css=td:contains('ListProcesses')") # Open wizard and change the arguments. self.Click("css=button[name=copy_flow]") self.Type("css=label:contains('Filename Regex') ~ * input", "somethingElse*") self.Click( "css=label:contains('Fetch Binaries') ~ * input[type=checkbox]") # Change output plugin and add another one. self.Click("css=label:contains('Output Plugins') ~ * button") self.Select( "css=grr-output-plugin-descriptor-form " "label:contains('Plugin') ~ * select:eq(0)", "DummyOutputPlugin") self.Type( "css=grr-output-plugin-descriptor-form " "label:contains('Filename Regex'):eq(0) ~ * input:text", "foobar!") self.Click("css=button:contains('Launch')") # Check that flows list got updated and that the new flow is selected. self.WaitUntil( self.IsElementPresent, "css=grr-client-flows-list tr:contains('ListProcesses'):nth(1)") self.WaitUntil( self.IsElementPresent, "css=grr-client-flows-list " "tr:contains('ListProcesses'):nth(0).row-selected") # Now open the last flow and check that it has the changes we made. fd = aff4.FACTORY.Open(self.client_id.Add("flows"), token=self.token) flows = sorted(fd.ListChildren(), key=lambda x: x.age) fobj = aff4.FACTORY.Open(flows[-1], token=self.token) self.assertEqual( fobj.args, flows_processes.ListProcessesArgs( filename_regex="somethingElse*", )) self.assertListEqual(list(fobj.runner_args.output_plugins), [ output_plugin.OutputPluginDescriptor( plugin_name=gui_test_lib.DummyOutputPlugin.__name__, plugin_args=flows_processes.ListProcessesArgs( filename_regex="foobar!")), self.email_descriptor ])
def testGetPluginArgsHandlesMissingPluginsCorrectly(self): descriptor = output_plugin.OutputPluginDescriptor( plugin_name="TestOutputPluginWithArgs", plugin_args=rdf_flows.FlowRunnerArgs( flow_name=transfer.GetFile.__name__)) serialized = descriptor.SerializeToString() deserialized = output_plugin.OutputPluginDescriptor() deserialized.ParseFromString(serialized) self.assertEqual(deserialized, descriptor) self.assertEqual(deserialized.GetPluginClass(), TestOutputPluginWithArgs) with utils.Stubber(output_plugin.OutputPlugin, "classes", {}): deserialized = output_plugin.OutputPluginDescriptor() deserialized.ParseFromString(serialized) self.assertTrue(deserialized.GetPluginClass(), output_plugin.UnknownOutputPlugin) # UnknownOutputPlugin should just return serialized arguments as bytes. self.assertEqual(deserialized.plugin_args, descriptor.plugin_args.SerializeToString())
def testCreateHuntFromFlow(self): email_descriptor = output_plugin.OutputPluginDescriptor( plugin_name=email_plugin.EmailOutputPlugin.__name__, plugin_args=email_plugin.EmailOutputPluginArgs( email_address="test@localhost", emails_limit=42)) args = flows_processes.ListProcessesArgs(filename_regex="test[a-z]*", fetch_binaries=True) flow.GRRFlow.StartFlow( flow_name=flows_processes.ListProcesses.__name__, args=args, client_id=self.client_id, output_plugins=[email_descriptor], token=self.token) # Navigate to client and select newly created flow. self.Open("/#c=C.0000000000000001") self.Click("css=a[grrtarget='client.flows']") self.Click("css=td:contains('ListProcesses')") # Open wizard and check if flow arguments are copied. self.Click("css=button[name=create_hunt]") self.WaitUntilEqual("test[a-z]*", self.GetValue, "css=label:contains('Filename Regex') ~ * input") self.WaitUntil( self.IsChecked, "css=label:contains('Fetch Binaries') " "~ * input[type=checkbox]") # Go to next page and check that we did not copy the output plugins. self.Click("css=button:contains('Next')") self.WaitUntilNot(self.IsElementPresent, "css=grr-output-plugin-descriptor-form") # Nothing else to check, so finish the hunt. self.Click("css=button:contains('Next')") self.Click("css=button:contains('Next')") self.Click("css=button:contains('Create Hunt')") self.Click("css=button:contains('Done')") # Check that we get redirected to ManageHunts. self.WaitUntilEqual(1, self.GetCssCount, "css=grr-hunts-list table tbody tr") self.WaitUntilEqual(1, self.GetCssCount, "css=grr-hunts-list table tbody tr.row-selected") self.WaitUntil(self.IsTextPresent, "GenericHunt") self.WaitUntil(self.IsTextPresent, flows_processes.ListProcesses.__name__)
def setUp(self): super(TestFlowCopy, self).setUp() # Prepare our fixture. self.client_id = rdf_client.ClientURN("C.0000000000000001") # This attribute is used by StandardHuntTestMixin. self.client_ids = [self.client_id] fixture_test_lib.ClientFixture(self.client_id, self.token) self.RequestAndGrantClientApproval("C.0000000000000001") self.email_descriptor = output_plugin.OutputPluginDescriptor( plugin_name=email_plugin.EmailOutputPlugin.__name__, plugin_args=email_plugin.EmailOutputPluginArgs( email_address="test@localhost", emails_limit=42))
def _CreateHunt(self, description): output_plugins = [ output_plugin.OutputPluginDescriptor( plugin_name="TestOutputPlugin") ] with implementation.GRRHunt.StartHunt( hunt_name=standard.GenericHunt.__name__, flow_runner_args=rdf_flows.FlowRunnerArgs( flow_name=transfer.GetFile.__name__), output_plugins=output_plugins, description=description, client_rate=0, token=self.token) as hunt: return hunt
def Run(self): with test_lib.FakeTime(42): with self.CreateHunt( description="the hunt", output_plugins=[ output_plugin.OutputPluginDescriptor( plugin_name=test_plugins.DummyHuntTestOutputPlugin.__name__, plugin_args=test_plugins.DummyHuntTestOutputPlugin.args_type( filename_regex="blah!", fetch_binaries=True)) ]) as hunt_obj: pass self.Check( "ListHuntOutputPlugins", args=hunt_plugin.ApiListHuntOutputPluginsArgs( hunt_id=hunt_obj.urn.Basename()), replace={hunt_obj.urn.Basename(): "H:123456"})
def Run(self): email_descriptor = output_plugin.OutputPluginDescriptor( plugin_name=email_plugin.EmailOutputPlugin.__name__, plugin_args=email_plugin.EmailOutputPluginArgs( email_address="test@localhost", emails_limit=42)) with test_lib.FakeTime(42): flow_urn = flow.GRRFlow.StartFlow( flow_name=processes.ListProcesses.__name__, client_id=self.client_id, output_plugins=[email_descriptor], token=self.token) self.Check("ListFlowOutputPlugins", args=flow_plugin.ApiListFlowOutputPluginsArgs( client_id=self.client_id.Basename(), flow_id=flow_urn.Basename()), replace={flow_urn.Basename(): "W:ABCDEF"})
def CreateSampleHunt(self, description, token=None): implementation.GRRHunt.StartHunt( hunt_name=standard.GenericHunt.__name__, description=description, flow_runner_args=rdf_flows.FlowRunnerArgs( flow_name=transfer.GetFile.__name__), flow_args=transfer.GetFileArgs(pathspec=rdf_paths.PathSpec( path="/tmp/evil.txt", pathtype=rdf_paths.PathSpec.PathType.TSK, )), client_rule_set=self._CreateForemanClientRuleSet(), output_plugins=[ output_plugin.OutputPluginDescriptor( plugin_name="DummyOutputPlugin", plugin_args=gui_test_lib.DummyOutputPlugin.args_type( filename_regex="blah!", fetch_binaries=True)) ], client_rate=60, token=token)
def Run(self): failing_descriptor = output_plugin.OutputPluginDescriptor( plugin_name=standard_test.FailingDummyHuntOutputPlugin.__name__) with test_lib.FakeTime(42): flow_urn = flow.GRRFlow.StartFlow( flow_name=flow_test_lib.DummyFlowWithSingleReply.__name__, client_id=self.client_id, output_plugins=[failing_descriptor], token=self.token) with test_lib.FakeTime(43): for _ in flow_test_lib.TestFlowHelper(flow_urn, token=self.token): pass self.Check("ListFlowOutputPluginErrors", args=flow_plugin.ApiListFlowOutputPluginErrorsArgs( client_id=self.client_id.Basename(), flow_id=flow_urn.Basename(), plugin_id="FailingDummyHuntOutputPlugin_0"), replace={flow_urn.Basename(): "W:ABCDEF"})
def Run(self): with test_lib.FakeTime(42, increment=1): hunt_urn = self.StartHunt( description="the hunt", output_plugins=[ output_plugin.OutputPluginDescriptor( plugin_name=test_plugins.DummyHuntTestOutputPlugin. __name__, plugin_args=test_plugins.DummyHuntTestOutputPlugin. args_type(filename_regex="blah!", fetch_binaries=True)) ]) self.client_ids = self.SetupClients(2) for index, client_id in enumerate(self.client_ids): self.AssignTasksToClients(client_ids=[client_id]) self.RunHunt(failrate=-1) with test_lib.FakeTime(100042 + index * 100): self.ProcessHuntOutputPlugins() self.Check("ListHuntOutputPluginLogs", args=hunt_plugin.ApiListHuntOutputPluginLogsArgs( hunt_id=hunt_urn.Basename(), plugin_id="DummyHuntTestOutputPlugin_0"), replace={hunt_urn.Basename(): "H:123456"})
def testFlowDoesNotFailWhenOutputPluginFails(self): flow_urn = self.RunFlow(plugins=output_plugin.OutputPluginDescriptor( plugin_name="FailingDummyFlowOutputPlugin")) flow_obj = aff4.FACTORY.Open(flow_urn, token=self.token) self.assertEqual(flow_obj.context.state, "TERMINATED")
def testFlowWithOutputPluginProcessesResultsSuccessfully(self): self.RunFlow(plugins=output_plugin.OutputPluginDescriptor( plugin_name="DummyFlowOutputPlugin")) self.assertEqual(DummyFlowOutputPlugin.num_calls, 1) self.assertEqual(DummyFlowOutputPlugin.num_responses, 1)
def testFlowWithOutputPluginButWithoutResultsCompletes(self): self.RunFlow(flow_name="NoRequestParentFlow", plugins=output_plugin.OutputPluginDescriptor( plugin_name="DummyFlowOutputPlugin")) self.assertEqual(DummyFlowOutputPlugin.num_calls, 0)