def GenerateSample(self, number=0):
result = artifact_registry.Artifact(name="artifact%s" % number,
doc="Doco",
provides="environ_windir",
supported_os="Windows",
urls="http://blah")
return result
def testValidateSyntax(self):
sources = [{
"type":
artifact_registry.ArtifactSource.SourceType.REGISTRY_KEY,
"attributes": {
"keys": [
r"%%current_control_set%%\Control\Session "
r"Manager\Environment\Path"
]
}
}, {
"type": artifact_registry.ArtifactSource.SourceType.FILE,
"attributes": {
"paths": [r"%%environ_systemdrive%%\Temp"]
}
}]
artifact = artifact_registry.Artifact(
name="good",
doc="Doco",
provides=["environ_windir"],
supported_os=["Windows"],
urls=["http://blah"],
sources=sources)
artifact.ValidateSyntax()
def testGetArtifactPathDependencies(self):
sources = [{
"type":
artifact_registry.ArtifactSource.SourceType.REGISTRY_KEY,
"attributes": {
"keys": [
r"%%current_control_set%%\Control\Session "
r"Manager\Environment\Path"
]
}
}, {
"type":
artifact_registry.ArtifactSource.SourceType.WMI,
"attributes": {
"query":
"SELECT * FROM Win32_UserProfile "
"WHERE SID='%%users.sid%%'"
}
}, {
"type": artifact_registry.ArtifactSource.SourceType.GREP,
"attributes": {
"content_regex_list": ["^%%users.username%%:"]
}
}]
artifact = artifact_registry.Artifact(
name="artifact",
doc="Doco",
provides=["environ_windir"],
supported_os=["Windows"],
urls=["http://blah"],
sources=sources)
self.assertItemsEqual(
[x["type"] for x in artifact.ToPrimitiveDict()["sources"]],
["REGISTRY_KEY", "WMI", "GREP"])
class Parser1(object):
knowledgebase_dependencies = ["appdata", "sid"]
class Parser2(object):
knowledgebase_dependencies = ["sid", "desktop"]
@classmethod
def MockGetClassesByArtifact(unused_cls, _):
return [Parser1, Parser2]
with utils.Stubber(parsers.Parser, "GetClassesByArtifact",
MockGetClassesByArtifact):
self.assertItemsEqual(artifact.GetArtifactPathDependencies(), [
"appdata", "sid", "desktop", "current_control_set", "users.sid",
"users.username"
])
def testValidateSyntaxBadPathDependency(self):
sources = [
{"type": artifact_registry.ArtifactSource.SourceType.FILE,
"attributes": {
"paths": [r"%%systemdrive%%\Temp"]}}]
artifact = artifact_registry.Artifact(name="bad", doc="Doco",
provides=["environ_windir"],
supported_os=["Windows"],
urls=["http://blah"],
sources=sources)
with self.assertRaises(artifact_registry.ArtifactDefinitionError):
artifact.ValidateSyntax()
def testCommandArgumentOrderIsPreserved(self):
content = """name: CommandOrder
doc: here's the doc
sources:
- type: COMMAND
attributes:
args: ["-L", "-v", "-n"]
cmd: /sbin/iptables
supported_os: [Linux]
"""
artifact.UploadArtifactYamlFile(content, token=self.token)
artifact_obj = artifact_registry.REGISTRY.GetArtifacts(
name_list=["CommandOrder"]).pop()
arglist = artifact_obj.sources[0].attributes.get("args")
self.assertEqual(arglist, ["-L", "-v", "-n"])
# Check serialize/deserialize doesn't change order.
serialized = artifact_obj.SerializeToString()
artifact_obj = artifact_registry.Artifact(serialized)
arglist = artifact_obj.sources[0].attributes.get("args")
self.assertEqual(arglist, ["-L", "-v", "-n"])
