def testRaisesIfOneOfArgumentAttributesIsNone(self):
model_args = hunt_plugin.ApiGetHuntFileArgs(
hunt_id=self.hunt.urn.Basename(),
client_id=self.client_id,
vfs_path=self.aff4_file_path,
timestamp=rdfvalue.RDFDatetime.Now())
with self.assertRaises(ValueError):
args = model_args.Copy()
args.hunt_id = None
self.handler.Handle(args)
with self.assertRaises(ValueError):
args = model_args.Copy()
args.client_id = None
self.handler.Handle(args)
with self.assertRaises(ValueError):
args = model_args.Copy()
args.vfs_path = None
self.handler.Handle(args)
with self.assertRaises(ValueError):
args = model_args.Copy()
args.timestamp = None
self.handler.Handle(args)
def testRaisesIfVfsRootIsNotWhitelisted(self):
args = hunt_plugin.ApiGetHuntFileArgs(
hunt_id=self.hunt.urn.Basename(),
client_id=self.client_id,
vfs_path="flows/W:123456",
timestamp=rdfvalue.RDFDatetime().Now())
with self.assertRaises(ValueError):
self.handler.Handle(args)
def testRaisesIfResultIsBeforeTimestamp(self):
results = aff4.FACTORY.Open(self.results_urn, token=self.token)
args = hunt_plugin.ApiGetHuntFileArgs(hunt_id=self.hunt.urn.Basename(),
client_id=self.client_id,
vfs_path=self.aff4_file_path,
timestamp=results[0].age +
rdfvalue.Duration("1s"))
with self.assertRaises(hunt_plugin.HuntFileNotFoundError):
self.handler.Handle(args, token=self.token)
def testReturnsResultIfWithinMaxRecordsAfterTimestamp(self):
original_result = self._FillInStubResults()
args = hunt_plugin.ApiGetHuntFileArgs(
hunt_id=self.hunt.urn.Basename(),
client_id=self.client_id,
vfs_path=self.aff4_file_path,
timestamp=original_result.age -
self.handler.MAX_RECORDS_TO_CHECK * rdfvalue.Duration("1s"))
self.handler.Handle(args, token=self.token)
def testReturnsBinaryStreamIfResultFound(self):
results = aff4.FACTORY.Open(self.results_urn, token=self.token)
args = hunt_plugin.ApiGetHuntFileArgs(hunt_id=self.hunt.urn.Basename(),
client_id=self.client_id,
vfs_path=self.aff4_file_path,
timestamp=results[0].age)
result = self.handler.Handle(args, token=self.token)
self.assertTrue(hasattr(result, "GenerateContent"))
self.assertEqual(result.content_length,
results[0].payload.stat_entry.st_size)
def testRaisesIfResultIsAfterMaxRecordsAfterTimestamp(self):
original_result = self._FillInStubResults()
args = hunt_plugin.ApiGetHuntFileArgs(
hunt_id=self.hunt.urn.Basename(),
client_id=self.client_id,
vfs_path=self.aff4_file_path,
timestamp=original_result.age -
(self.handler.MAX_RECORDS_TO_CHECK + 1) * rdfvalue.Duration("1s"))
with self.assertRaises(hunt_plugin.HuntFileNotFoundError):
self.handler.Handle(args, token=self.token)
def testRaisesIfResultFileIsNotStream(self):
original_results = aff4.FACTORY.Open(self.results_urn,
token=self.token)
original_result = original_results[0]
with aff4.FACTORY.Create(original_result.payload.stat_entry.aff4path,
aff4_type=aff4.AFF4Volume,
token=self.token) as _:
pass
args = hunt_plugin.ApiGetHuntFileArgs(hunt_id=self.hunt.urn.Basename(),
client_id=self.client_id,
vfs_path=self.aff4_file_path,
timestamp=original_result.age)
with self.assertRaises(hunt_plugin.HuntFileNotFoundError):
self.handler.Handle(args, token=self.token)
def testRaisesIfResultIsEmptyStream(self):
original_results = implementation.GRRHunt.ResultCollectionForHID(
self.hunt.urn, token=self.token)
original_result = original_results[0]
urn = original_result.payload.stat_entry.AFF4Path(self.client_id)
aff4.FACTORY.Delete(urn, token=self.token)
with aff4.FACTORY.Create(urn, aff4_type=aff4_grr.VFSFile, token=self.token):
pass
args = hunt_plugin.ApiGetHuntFileArgs(
hunt_id=self.hunt.urn.Basename(),
client_id=self.client_id,
vfs_path=self.aff4_file_path,
timestamp=original_result.age)
with self.assertRaises(hunt_plugin.HuntFileNotFoundError):
self.handler.Handle(args, token=self.token)
def testGetHuntFileIsAccessChecked(self):
args = api_hunt.ApiGetHuntFileArgs(hunt_id="H:123456")
self.CheckMethodIsAccessChecked(self.router.GetHuntFilesArchive,
"CheckHuntAccess",
args=args)
