def testUnicodeListDirectory(self): """Test that the ListDirectory flow works on unicode directories.""" client_mock = action_mocks.ListDirectoryClientMock() # Deliberately specify incorrect casing pb = rdf_paths.PathSpec(path=os.path.join(self.base_path, "test_img.dd"), pathtype=rdf_paths.PathSpec.PathType.OS) pb.Append(path=u"入乡随俗 海外春节别样过法", pathtype=rdf_paths.PathSpec.PathType.TSK) for _ in test_lib.TestFlowHelper("ListDirectory", client_mock, client_id=self.client_id, pathspec=pb, token=self.token): pass # Check the output file is created output_path = self.client_id.Add("fs/tsk").Add(pb.CollapsePath()) fd = aff4.FACTORY.Open(output_path, token=self.token) children = list(fd.OpenChildren()) self.assertEqual(len(children), 1) child = children[0] self.assertEqual(os.path.basename(utils.SmartUnicode(child.urn)), u"入乡随俗.txt")
def testListDirectory(self): """Test that the ListDirectory flow works.""" client_mock = action_mocks.ListDirectoryClientMock() pb = rdf_paths.PathSpec(path=os.path.join(self.base_path, "test_img.dd"), pathtype=rdf_paths.PathSpec.PathType.OS) pb.Append(path="test directory", pathtype=rdf_paths.PathSpec.PathType.TSK) for _ in test_lib.TestFlowHelper("ListDirectory", client_mock, client_id=self.client_id, pathspec=pb, token=self.token): pass # Check the output file is created output_path = self.client_id.Add("fs/tsk").Add(pb.first.path) fd = aff4.FACTORY.Open(output_path.Add("Test Directory"), token=self.token) children = list(fd.OpenChildren()) self.assertEqual(len(children), 1) child = children[0] # Check that the object is stored with the correct casing. self.assertEqual(child.urn.Basename(), "numbers.txt") # And the wrong object is not there self.assertRaises(IOError, aff4.FACTORY.Open, output_path.Add("test directory"), aff4_type=aff4_standard.VFSDirectory, token=self.token)
def setUp(self): super(TestEndToEndTestFlow, self).setUp() self.SetupClients(1, system="Linux", os_version="14.04", arch="x86_64") install_time = rdfvalue.RDFDatetime.Now() user = "******" userobj = rdf_client.User(username=user) interface = rdf_client.Interface(ifname="eth0") self.client = aff4.FACTORY.Create(self.client_id, aff4_grr.VFSGRRClient, mode="rw", token=self.token, age=aff4.ALL_TIMES) kb = self.client.Get(self.client.Schema.KNOWLEDGE_BASE) kb.users.Append(userobj) self.client.Set(self.client.Schema.HOSTNAME("hostname")) self.client.Set(self.client.Schema.OS_RELEASE("debian")) self.client.Set(self.client.Schema.KERNEL("3.15-rc2")) self.client.Set(self.client.Schema.FQDN("hostname.example.com")) self.client.Set(self.client.Schema.INSTALL_DATE(install_time)) self.client.Set(self.client.Schema.KNOWLEDGE_BASE(kb)) self.client.Set(self.client.Schema.USERNAMES([user])) self.client.Set(self.client.Schema.INTERFACES([interface])) self.client.Flush() self.client_mock = action_mocks.ListDirectoryClientMock()
def testRegistryMTimes(self): # Just listing all keys does not generate a full stat entry for each of # the results. results = self._RunRegistryFinder( ["HKEY_LOCAL_MACHINE/SOFTWARE/ListingTest/*"]) self.assertEqual(len(results), 2) for result in results: st = result.stat_entry self.assertIsNone(st.st_mtime) # Explicitly calling RegistryFinder on a value does though. results = self._RunRegistryFinder([ "HKEY_LOCAL_MACHINE/SOFTWARE/ListingTest/Value1", "HKEY_LOCAL_MACHINE/SOFTWARE/ListingTest/Value2", ]) self.assertEqual(len(results), 2) for result in results: st = result.stat_entry path = utils.SmartStr(st.aff4path) if "Value1" in path: self.assertEqual(st.st_mtime, 110) elif "Value2" in path: self.assertEqual(st.st_mtime, 120) else: self.fail("Unexpected value: %s" % path) # For Listdir, the situation is the same. Listing does not yield mtimes. client_id = self.SetupClients(1)[0] pb = rdf_paths.PathSpec( path="/HKEY_LOCAL_MACHINE/SOFTWARE/ListingTest", pathtype=rdf_paths.PathSpec.PathType.REGISTRY) output_path = client_id.Add("registry").Add(pb.first.path) aff4.FACTORY.Delete(output_path, token=self.token) client_mock = action_mocks.ListDirectoryClientMock() for _ in test_lib.TestFlowHelper( "ListDirectory", client_mock, client_id=client_id, pathspec=pb, token=self.token): pass results = list( aff4.FACTORY.Open( output_path, token=self.token).OpenChildren()) self.assertEqual(len(results), 2) for result in results: st = result.Get(result.Schema.STAT) self.assertIsNone(st.st_mtime)
def testListDirectoryOnNonexistentDir(self): """Test that the ListDirectory flow works.""" client_mock = action_mocks.ListDirectoryClientMock() pb = rdf_paths.PathSpec(path=os.path.join(self.base_path, "test_img.dd"), pathtype=rdf_paths.PathSpec.PathType.OS) pb.Append(path="doesnotexist", pathtype=rdf_paths.PathSpec.PathType.TSK) with self.assertRaises(RuntimeError): for _ in test_lib.TestFlowHelper("ListDirectory", client_mock, client_id=self.client_id, pathspec=pb, token=self.token): pass
def testListDirectoryOnFile(self): """OS ListDirectory on a file will raise.""" client_mock = action_mocks.ListDirectoryClientMock() pb = rdf_paths.PathSpec(path=os.path.join(self.base_path, "test_img.dd"), pathtype=rdf_paths.PathSpec.PathType.OS) # Make sure the flow raises. self.assertRaises( RuntimeError, list, test_lib.TestFlowHelper("ListDirectory", client_mock, client_id=self.client_id, pathspec=pb, token=self.token))
def testEndToEndTestsResultChecking(self): self.client_ids = [ "aff4:/C.6000000000000000", "aff4:/C.6000000000000001", "aff4:/C.6000000000000002" ] for clientid in self.client_ids: self._SetSummaries(clientid) self.client_mock = action_mocks.ListDirectoryClientMock() endtoend = system.EndToEndTests(None, token=self.token) endtoend.state.hunt_id = "aff4:/temphuntid" endtoend.state.client_ids = set(self.client_ids) endtoend.state.client_ids_failures = set() endtoend.state.client_ids_result_reported = set() # No results at all self.assertRaises(flow.FlowError, endtoend._CheckForSuccess, []) # Not enough client results endtoend.state.client_ids_failures = set() endtoend.state.client_ids_result_reported = set() self.assertRaises( flow.FlowError, endtoend._CheckForSuccess, [self._CreateResult(True, "aff4:/C.6000000000000001")]) # All clients succeeded endtoend.state.client_ids_failures = set() endtoend.state.client_ids_result_reported = set() endtoend._CheckForSuccess([ self._CreateResult(True, "aff4:/C.6000000000000000"), self._CreateResult(True, "aff4:/C.6000000000000001"), self._CreateResult(True, "aff4:/C.6000000000000002") ]) # All clients complete, but some failures endtoend.state.client_ids_failures = set() endtoend.state.client_ids_result_reported = set() self.assertRaises(flow.FlowError, endtoend._CheckForSuccess, [ self._CreateResult(True, "aff4:/C.6000000000000000"), self._CreateResult(False, "aff4:/C.6000000000000001"), self._CreateResult(False, "aff4:/C.6000000000000002") ])
def testSystemRootFallback(self): with test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.OS, test_lib.ClientVFSHandlerFixture): client_mock = action_mocks.ListDirectoryClientMock() for s in test_lib.TestFlowHelper( "SystemRootSystemDriveFallbackFlow", client_mock, client_id=self.client_id, token=self.token, artifact_name="SystemRoot"): session_id = s output_fd = flow.GRRFlow.ResultCollectionForFID(session_id, token=self.token) self.assertEqual(len(output_fd), 1) self.assertEqual(str(output_fd[0].registry_data.GetValue()), r"C:\WINDOWS")
def testEndToEndTests(self): self.client_ids = [ "aff4:/C.6000000000000000", "aff4:/C.6000000000000001", "aff4:/C.6000000000000002" ] for clientid in self.client_ids: self._SetSummaries(clientid) self.client_mock = action_mocks.ListDirectoryClientMock() with test_lib.ConfigOverrider( {"Test.end_to_end_client_ids": self.client_ids}): with utils.MultiStubber( (base.AutomatedTest, "classes", { "MockEndToEndTest": endtoend_mocks.MockEndToEndTest }), (system.EndToEndTests, "lifetime", 0)): # The test harness doesn't understand the callstate at a later time that # this flow is doing, so we need to disable check_flow_errors. for _ in flow_test_lib.TestFlowHelper( system.EndToEndTests.__name__, self.client_mock, client_id=self.client_id, check_flow_errors=False, token=self.token): pass hunt_test_lib.TestHuntHelperWithMultipleMocks( {}, check_flow_errors=False, token=self.token) hunt_ids = list( aff4.FACTORY.Open("aff4:/hunts", token=self.token).ListChildren()) # We have only created one hunt, and we should have started with a clean # aff4 space. self.assertEqual(len(hunt_ids), 1) hunt_obj = aff4.FACTORY.Open(hunt_ids[0], token=self.token, age=aff4.ALL_TIMES) self.assertItemsEqual(sorted(hunt_obj.GetClients()), sorted(self.client_ids))
def testFlowExecution(self): client_mock = action_mocks.ListDirectoryClientMock() rollover = config_lib.CONFIG["Logging.aff4_audit_log_rollover"] # Set time to epoch + 20 intervals with test_lib.FakeTime(20 * rollover): for _ in test_lib.TestFlowHelper( "ListDirectory", client_mock, client_id=self.client_id, pathspec=rdf_paths.PathSpec( path=os.path.join(self.base_path, "test_img.dd/test directory"), pathtype=rdf_paths.PathSpec.PathType.OS), token=self.token): pass for _ in test_lib.TestFlowHelper( "ListDirectory", client_mock, client_id=self.client_id, pathspec=rdf_paths.PathSpec( path=os.path.join(self.base_path, "test_img.dd/test directory"), pathtype=rdf_paths.PathSpec.PathType.OS), token=self.token): pass parentdir = aff4.FACTORY.Open("aff4:/audit/logs", aff4.AFF4Volume, mode="r", token=self.token) logs = list(parentdir.ListChildren()) self.assertEqual(len(logs), 1) log = aff4.CurrentAuditLog() stored_events = list(aff4.FACTORY.Open(log, token=self.token)) self.assertEqual(len(stored_events), 2) for event in stored_events: self.assertEqual(event.action, events.AuditEvent.Action.RUN_FLOW) self.assertEqual(event.flow_name, "ListDirectory") self.assertEqual(event.user, self.token.username) # Set time to epoch + 22 intervals with test_lib.FakeTime(22 * rollover): for _ in test_lib.TestFlowHelper( "ListDirectory", client_mock, client_id=self.client_id, pathspec=rdf_paths.PathSpec( path=os.path.join(self.base_path, "test_img.dd/test directory"), pathtype=rdf_paths.PathSpec.PathType.OS), token=self.token): pass parentdir = aff4.FACTORY.Open("aff4:/audit/logs", aff4.AFF4Volume, mode="r", token=self.token) # Now we should have two collections logs = list(parentdir.ListChildren()) self.assertEqual(len(logs), 2) # One with two events stored_events = list(aff4.FACTORY.Open(logs[0], token=self.token)) self.assertEqual(len(stored_events), 2) # The other with one stored_events = list(aff4.FACTORY.Open(logs[1], token=self.token)) self.assertEqual(len(stored_events), 1)