def CreateGenericHuntWithCollection(self, values=None):
self.client_ids = self.SetupClients(10)
if values is None:
values = [
rdfvalue.RDFURN("aff4:/sample/1"),
rdfvalue.RDFURN("aff4:/C.0000000000000001/fs/os/c/bin/bash"),
rdfvalue.RDFURN("aff4:/sample/3")
]
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
attribute_name="GRR client", attribute_regex="GRR"))
])
with implementation.GRRHunt.StartHunt(
hunt_name=standard.GenericHunt.__name__,
client_rule_set=client_rule_set,
output_plugins=[],
token=self.token) as hunt:
runner = hunt.GetRunner()
runner.Start()
collection = hunt.ResultCollection()
for value in values:
collection.Add(
rdf_flows.GrrMessage(payload=value,
source=self.client_ids[0]))
return hunt.urn
def testHuntNotifications(self):
"""This tests the Hunt notification event."""
TestHuntListener.received_events = []
# Set up 10 clients.
client_ids = self.SetupClients(10)
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
attribute_name="GRR client", attribute_regex="GRR"))
])
with implementation.GRRHunt.StartHunt(
hunt_name=BrokenSampleHunt.__name__,
client_rule_set=client_rule_set,
client_rate=0,
notification_event="TestHuntDone",
token=self.token) as hunt:
hunt.GetRunner().Start()
foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token)
for client_id in client_ids:
foreman.AssignTasksToClient(client_id)
# Run the hunt.
client_mock = hunt_test_lib.SampleHuntMock()
hunt_test_lib.TestHuntHelper(
client_mock, client_ids, check_flow_errors=False, token=self.token)
self.assertEqual(len(TestHuntListener.received_events), 5)
def Start(self):
self.state.hunt_id = None
self.state.client_ids = set()
self.state.client_ids_failures = set()
self.state.client_ids_result_reported = set()
self.state.client_ids = list(
base.GetClientTestTargets(token=self.token))
if not self.state.client_ids:
self.Log("No clients to test on, define them in "
"Test.end_to_end_client_ids")
return
# SetUID is required to run a hunt on the configured end-to-end client
# targets without an approval.
token = access_control.ACLToken(
username="******", reason="Running endtoend tests.").SetUID()
runner_args = rdf_flows.FlowRunnerArgs(flow_name="EndToEndTestFlow")
flow_request = hunts_standard.FlowRequest(
client_ids=self.state.client_ids,
args=flows_endtoend.EndToEndTestFlowArgs(),
runner_args=runner_args)
bogus_rule = rdf_foreman.ForemanRegexClientRule(
attribute_name="System", attribute_regex="Does not match anything")
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=bogus_rule)
])
hunt_args = hunts_standard.VariableGenericHuntArgs(
flows=[flow_request])
hunt_args.output_plugins = self.GetOutputPlugins()
with hunts.GRRHunt.StartHunt(hunt_name="VariableGenericHunt",
args=hunt_args,
client_rule_set=client_rule_set,
client_rate=0,
expiry_time="1d",
token=token) as hunt:
self.state.hunt_id = hunt.session_id
hunt.SetDescription("EndToEnd tests run by cron")
hunt.Run()
hunt.ManuallyScheduleClients(token=token)
# Set a callback to check the results after 50 minutes. This should be
# plenty of time for the clients to receive the hunt and run the tests, but
# not so long that the flow lease will expire.
wait_duration = rdfvalue.Duration(
config_lib.CONFIG.Get("Test.end_to_end_result_check_wait"))
completed_time = rdfvalue.RDFDatetime.Now() + wait_duration
self.CallState(next_state="CheckResults", start_time=completed_time)
def testEvaluatesNegativeInMatchAnyModeIfNoRuleMatches(self):
# Instantiate a rule set that matches if any of its two
# operating system rules matches
rs = rdf_foreman.ForemanClientRuleSet(
match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ANY,
rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=True,
os_darwin=False)),
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=True,
os_darwin=True))
])
client_id_win = self.SetupClient(0, system="Windows")
# None of the set's rules has os_windows=True, so the whole set doesn't
# match
self.assertFalse(
rs.Evaluate(
CollectAff4Objects(rs.GetPathsToCheck(), client_id_win,
self.token), client_id_win))
def _CreateHuntFromHunt(self):
flow_args = rdf_file_finder.FileFinderArgs(
paths=["a/*", "b/*"],
action=rdf_file_finder.FileFinderAction(action_type="STAT"))
flow_runner_args = rdf_flows.FlowRunnerArgs(
flow_name=file_finder.FileFinder.__name__)
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
attribute_name="GRR client", attribute_regex="GRR"))
])
source_h = self.CreateHunt(flow_args=flow_args,
flow_runner_args=flow_runner_args,
description="foo-description",
client_rule_set=client_rule_set)
ref = rdf_hunts.FlowLikeObjectReference.FromHuntId(
source_h.urn.Basename())
# Modify flow_args so that there are differences.
flow_args.paths = ["b/*", "c/*"]
client_rule_set.rules[0].regex.attribute_name = "Something else"
output_plugins = [
output_plugin.OutputPluginDescriptor(
plugin_name="TestOutputPlugin")
]
new_h = self.CreateHunt(flow_args=flow_args,
flow_runner_args=flow_runner_args,
description="bar-description",
client_rule_set=client_rule_set,
output_plugins=output_plugins,
original_object=ref)
return new_h, source_h
def testEvaluatesNegativeInMatchAllModeIfOnlyOneRuleMatches(self):
# Instantiate a rule set that matches if all of its two
# operating system rules match
rs = rdf_foreman.ForemanClientRuleSet(
match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL,
rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=True,
os_darwin=False)),
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=True,
os_darwin=True))
])
client_id_dar, = self.SetupClients(nr_clients=1, system="Darwin")
# One of the set's rules has os_darwin=False, so the whole set doesn't
# match with the match all match mode
self.assertFalse(
rs.Evaluate(
CollectAff4Objects(rs.GetPathsToCheck(), client_id_dar,
self.token), client_id_dar))
def _CreateForemanClientRuleSet(self):
return rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
field="CLIENT_NAME", attribute_regex="GRR"))
])
def SetUpCrashedFlowInHunt(self):
client_ids = [
rdf_client.ClientURN("C.%016X" % i) for i in range(0, 10)
]
client_mocks = dict([(client_id,
test_lib.CrashClientMock(client_id, self.token))
for client_id in client_ids])
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
attribute_name="GRR client", attribute_regex=""))
])
with hunts.GRRHunt.StartHunt(hunt_name="SampleHunt",
client_rule_set=client_rule_set,
client_rate=0,
token=self.token) as hunt:
hunt.Run()
foreman = aff4.FACTORY.Open("aff4:/foreman",
mode="rw",
token=self.token)
for client_id in client_ids:
self.assertTrue(foreman.AssignTasksToClient(client_id))
test_lib.TestHuntHelperWithMultipleMocks(client_mocks, False,
self.token)
return client_ids
def testCopyHuntPreservesRuleType(self):
implementation.GRRHunt.StartHunt(
hunt_name=standard.GenericHunt.__name__,
description="model hunt",
flow_runner_args=rdf_flows.FlowRunnerArgs(
flow_name=transfer.GetFile.__name__),
flow_args=transfer.GetFileArgs(pathspec=rdf_paths.PathSpec(
path="/tmp/evil.txt",
pathtype=rdf_paths.PathSpec.PathType.TSK,)),
client_rule_set=rdf_foreman.ForemanClientRuleSet(
rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_darwin=True))
]),
token=self.token)
self.Open("/#main=ManageHunts")
self.Click("css=tr:contains('model hunt')")
self.Click("css=button[name=CopyHunt]:not([disabled])")
# Wait until dialog appears.
self.WaitUntil(self.IsTextPresent, "What to run?")
# Click on "Next" button.
self.Click("css=grr-new-hunt-wizard-form button.Next")
self.WaitUntil(self.IsTextPresent, "Output Processing")
# Click on "Next" button
self.Click("css=grr-new-hunt-wizard-form button.Next")
self.WaitUntil(self.IsTextPresent, "Where to run?")
self.WaitUntil(self.IsElementPresent, "css=grr-new-hunt-wizard-form "
"label:contains('Os darwin') ~ * input:checked")
def testCallback(self, client_limit=None):
"""Checks that the foreman uses the callback specified in the action."""
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
attribute_name="GRR client", attribute_regex="GRR"))
])
with implementation.GRRHunt.StartHunt(
hunt_name=standard.SampleHunt.__name__,
client_rule_set=client_rule_set,
client_limit=client_limit,
client_rate=0,
token=self.token) as hunt:
hunt.GetRunner().Start()
# Create a client that matches our regex.
client = aff4.FACTORY.Open(self.client_id, mode="rw", token=self.token)
info = client.Schema.CLIENT_INFO()
info.client_name = "GRR Monitor"
client.Set(client.Schema.CLIENT_INFO, info)
client.Close()
foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token)
with utils.Stubber(standard.SampleHunt, "StartClients", self.Callback):
self.called = []
foreman.AssignTasksToClient(client.urn)
self.assertEqual(len(self.called), 1)
self.assertEqual(self.called[0][1], [client.urn])
def CreateGenericHuntWithCollection(self, values=None):
self.client_ids = self.SetupClients(10)
if values is None:
values = [
rdfvalue.RDFURN("aff4:/sample/1"),
rdfvalue.RDFURN("aff4:/C.0000000000000001/fs/os/c/bin/bash"),
rdfvalue.RDFURN("aff4:/sample/3")
]
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
attribute_name="GRR client", attribute_regex="GRR"))
])
with hunts.GRRHunt.StartHunt(hunt_name="GenericHunt",
client_rule_set=client_rule_set,
output_plugins=[],
token=self.token) as hunt:
runner = hunt.GetRunner()
runner.Start()
with aff4.FACTORY.Open(
hunt.results_collection_urn,
aff4_type=hunts_results.HuntResultCollection,
mode="w",
token=self.token) as collection:
for value in values:
collection.Add(rdf_flows.GrrMessage(payload=value))
return hunt.urn
def testEvaluatesPositiveInMatchAnyModeIfOneRuleMatches(self):
# Instantiate a rule set that matches if any of its two
# operating system rules matches
rs = rdf_foreman.ForemanClientRuleSet(
match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ANY,
rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=True,
os_darwin=False)),
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=True,
os_darwin=True))
])
client_id_dar = self.SetupClient(0, system="Darwin")
# One of the set's rules has os_darwin=True, so the whole set matches
# with the match any match mode
self.assertTrue(
rs.Evaluate(
CollectAff4Objects(rs.GetPathsToCheck(), client_id_dar,
self.token), client_id_dar))
def testRuleAdding(self):
foreman = aff4.FACTORY.Open("aff4:/foreman",
mode="rw",
token=self.token)
rules = foreman.Get(foreman.Schema.RULES)
# Make sure there are no rules yet in the foreman.
self.assertEqual(len(rules), 0)
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
field="CLIENT_NAME", attribute_regex="HUNT")),
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.INTEGER,
integer=rdf_foreman.ForemanIntegerClientRule(
field="CLIENT_CLOCK",
operator=rdf_foreman.ForemanIntegerClientRule.Operator.
GREATER_THAN,
value=1336650631137737))
])
hunt = implementation.GRRHunt.StartHunt(
hunt_name=standard.SampleHunt.__name__,
client_rule_set=client_rule_set,
client_rate=0,
token=self.token)
# Push the rules to the foreman.
with hunt:
hunt.GetRunner().Start()
foreman = aff4.FACTORY.Open("aff4:/foreman",
mode="rw",
token=self.token)
rules = foreman.Get(foreman.Schema.RULES)
# Make sure they were written correctly.
self.assertEqual(len(rules), 1)
rule = rules[0]
self.assertEqual(rule.client_rule_set, client_rule_set)
self.assertEqual(len(rule.actions), 1)
self.assertEqual(rule.actions[0].hunt_name, "SampleHunt")
# Running a second time should not change the rules any more.
with hunt:
hunt.GetRunner().Start()
foreman = aff4.FACTORY.Open("aff4:/foreman",
mode="rw",
token=self.token)
rules = foreman.Get(foreman.Schema.RULES)
# Still just one rule.
self.assertEqual(len(rules), 1)
def testEvaluatesNegativeInMatchAnyModeWithNoRules(self):
# Instantiate an empty rule set that matches if any of its rules matches
rs = rdf_foreman.ForemanClientRuleSet(
match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ANY,
rules=[])
client_id_lin = self.SetupClient(0, system="Linux")
# None of the set's rules has os_linux=True, so the set doesn't match
self.assertFalse(
rs.Evaluate(aff4.FACTORY.Open(client_id_lin, token=self.token)))
def testEvaluatesPositiveInMatchAllModeWithNoRules(self):
# Instantiate an empty rule set that matches if all of its rules match
rs = rdf_foreman.ForemanClientRuleSet(
match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL,
rules=[])
client_id_lin = self.SetupClient(0, system="Linux")
# All of the set's rules have os_linux=True, so the set matches
self.assertTrue(
rs.Evaluate(aff4.FACTORY.Open(client_id_lin, token=self.token)))
def testEvaluatesNegativeInMatchAnyModeWithNoRules(self):
# Instantiate an empty rule set that matches if any of its rules matches
rs = rdf_foreman.ForemanClientRuleSet(
match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ANY,
rules=[])
client_id_lin, = self.SetupClients(nr_clients=1, system="Linux")
# None of the set's rules has os_linux=True, so the set doesn't match
self.assertFalse(rs.Evaluate(CollectAff4Objects(rs.GetPathsToCheck(),
client_id_lin, self.token),
client_id_lin))
def testEvaluatesPositiveInMatchAllModeWithNoRules(self):
# Instantiate an empty rule set that matches if all of its rules match
rs = rdf_foreman.ForemanClientRuleSet(
match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL,
rules=[])
client_id_lin, = self.SetupClients(nr_clients=1, system="Linux")
# All of the set's rules have os_linux=True, so the set matches
self.assertTrue(rs.Evaluate(CollectAff4Objects(rs.GetPathsToCheck(),
client_id_lin, self.token),
client_id_lin))
def CreateSampleHunt(self, token=None):
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
attribute_name="GRR client", attribute_regex="GRR"))
])
with hunts.GRRHunt.StartHunt(hunt_name="SampleHunt",
client_rule_set=client_rule_set,
token=token or self.token) as hunt:
return hunt.session_id
def GenerateSample(self, number=0):
ret = rdf_foreman.ForemanClientRuleSet()
# Use the number's least significant bit to assign a match mode
if number % 1:
ret.match_mode = rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL
else:
ret.match_mode = rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ANY
# Generate a sequence of rules using all other bits
ret.rules = [ForemanClientRuleTest.GenerateSample(n)
for n in xrange(number / 2)]
return ret
def testPausingAndRestartingDoesNotStartHuntTwiceOnTheSameClient(self):
"""This tests if the hunt completes when some clients hang or raise."""
client_ids = self.SetupClients(10)
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
field="CLIENT_NAME", attribute_regex="GRR"))
])
with implementation.GRRHunt.StartHunt(
hunt_name=standard.SampleHunt.__name__,
client_rule_set=client_rule_set,
client_rate=0,
token=self.token) as hunt:
hunt.GetRunner().Start()
hunt_id = hunt.urn
foreman = aff4.FACTORY.Open("aff4:/foreman",
mode="rw",
token=self.token)
for client_id in client_ids:
num_tasks = foreman.AssignTasksToClient(client_id.Basename())
self.assertEqual(num_tasks, 1)
client_mock = hunt_test_lib.SampleHuntMock()
hunt_test_lib.TestHuntHelper(client_mock, client_ids, False,
self.token)
# Pausing and running hunt: this leads to the fresh rules being written
# to Foreman.RULES.
with aff4.FACTORY.Open(hunt_id, mode="rw", token=self.token) as hunt:
runner = hunt.GetRunner()
runner.Pause()
runner.Start()
# Recreating the foreman so that it updates list of rules.
foreman = aff4.FACTORY.Open("aff4:/foreman",
mode="rw",
token=self.token)
for client_id in client_ids:
num_tasks = foreman.AssignTasksToClient(client_id.Basename())
# No tasks should be assigned as this hunt ran on all the clients
# before.
self.assertEqual(num_tasks, 0)
def CreateSampleHunt(self, token=None):
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
attribute_name="GRR client", attribute_regex="GRR"))
])
with implementation.GRRHunt.StartHunt(
hunt_name=standard.SampleHunt.__name__,
client_rate=100,
filename="TestFilename",
client_rule_set=client_rule_set,
token=token or self.token) as hunt:
return hunt.session_id
def testInvalidRules(self):
"""Tests the behavior when a wrong attribute name is passed in a rule."""
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
attribute_name="no such attribute", attribute_regex="HUNT"))
])
with implementation.GRRHunt.StartHunt(
hunt_name=BrokenSampleHunt.__name__,
client_rule_set=client_rule_set,
client_rate=0,
token=self.token) as hunt:
runner = hunt.GetRunner()
self.assertRaises(ValueError, runner.Start)
def CreateSampleHunt(self,
path=None,
stopped=False,
output_plugins=None,
client_limit=0,
client_count=10,
token=None):
token = token or self.token
self.client_ids = self.SetupClients(client_count)
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
attribute_name="GRR client", attribute_regex="GRR"))
])
with implementation.GRRHunt.StartHunt(
hunt_name=standard.GenericHunt.__name__,
flow_runner_args=rdf_flows.FlowRunnerArgs(
flow_name=transfer.GetFile.__name__),
flow_args=transfer.GetFileArgs(pathspec=rdf_paths.PathSpec(
path=path or "/tmp/evil.txt",
pathtype=rdf_paths.PathSpec.PathType.OS,
)),
client_rule_set=client_rule_set,
output_plugins=output_plugins or [],
client_rate=0,
client_limit=client_limit,
token=token) as hunt:
if not stopped:
hunt.Run()
with aff4.FACTORY.Open("aff4:/foreman", mode="rw",
token=token) as foreman:
for client_id in self.client_ids:
foreman.AssignTasksToClient(client_id)
self.hunt_urn = hunt.urn
return aff4.FACTORY.Open(hunt.urn,
mode="rw",
token=token,
age=aff4.ALL_TIMES)
def testBrokenHunt(self):
"""This tests the behavior when a hunt raises an exception."""
# Set up 10 clients.
client_ids = self.SetupClients(10)
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
field="CLIENT_NAME", attribute_regex="GRR"))
])
with implementation.GRRHunt.StartHunt(
hunt_name=BrokenSampleHunt.__name__,
client_rule_set=client_rule_set,
client_rate=0,
token=self.token) as hunt:
hunt.GetRunner().Start()
foreman = aff4.FACTORY.Open("aff4:/foreman",
mode="rw",
token=self.token)
for client_id in client_ids:
foreman.AssignTasksToClient(client_id.Basename())
# Run the hunt.
client_mock = hunt_test_lib.SampleHuntMock()
hunt_test_lib.TestHuntHelper(client_mock, client_ids, False,
self.token)
hunt_obj = aff4.FACTORY.Open(hunt.session_id,
mode="rw",
age=aff4.ALL_TIMES,
token=self.token)
started, finished, errors = hunt_obj.GetClientsCounts()
self.assertEqual(started, 10)
# There should be errors for the five clients where the hunt raised.
self.assertEqual(errors, 5)
# All of the clients that have the file should still finish eventually.
self.assertEqual(finished, 5)
def testEvaluatesPositiveInMatchAllModeIfAllRuleMatch(self):
# Instantiate a rule set that matches if all of its two
# operating system rules match
rs = rdf_foreman.ForemanClientRuleSet(
match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL,
rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(
os_windows=False, os_linux=True, os_darwin=False)),
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(
os_windows=False, os_linux=True, os_darwin=True))
])
client_id_lin = self.SetupClient(0, system="Linux")
# All of the set's rules have os_linux=False, so the whole set matches
self.assertTrue(
rs.Evaluate(aff4.FACTORY.Open(client_id_lin, token=self.token)))
def testClientLimit(self):
"""This tests that we can limit hunts to a number of clients."""
# Set up 10 clients.
client_ids = self.SetupClients(10)
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
field="CLIENT_NAME", attribute_regex="GRR"))
])
with implementation.GRRHunt.StartHunt(
hunt_name=standard.SampleHunt.__name__,
client_limit=5,
client_rule_set=client_rule_set,
client_rate=0,
token=self.token) as hunt:
hunt.Run()
foreman = aff4.FACTORY.Open("aff4:/foreman",
mode="rw",
token=self.token)
for client_id in client_ids:
foreman.AssignTasksToClient(client_id.Basename())
# Run the hunt.
client_mock = hunt_test_lib.SampleHuntMock()
hunt_test_lib.TestHuntHelper(client_mock, client_ids, False,
self.token)
hunt_obj = aff4.FACTORY.Open(hunt.urn,
mode="rw",
age=aff4.ALL_TIMES,
token=self.token)
started, finished, _ = hunt_obj.GetClientsCounts()
# We limited here to 5 clients.
self.assertEqual(started, 5)
self.assertEqual(finished, 5)
def testHangingClients(self):
"""This tests if the hunt completes when some clients hang or raise."""
# Set up 10 clients.
client_ids = self.SetupClients(10)
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
field="CLIENT_NAME", attribute_regex="GRR"))
])
with implementation.GRRHunt.StartHunt(
hunt_name=standard.SampleHunt.__name__,
client_rule_set=client_rule_set,
client_rate=0,
token=self.token) as hunt:
hunt.GetRunner().Start()
foreman = aff4.FACTORY.Open("aff4:/foreman",
mode="rw",
token=self.token)
for client_id in client_ids:
foreman.AssignTasksToClient(client_id.Basename())
client_mock = hunt_test_lib.SampleHuntMock()
# Just pass 8 clients to run, the other two went offline.
hunt_test_lib.TestHuntHelper(client_mock, client_ids[1:9], False,
self.token)
hunt_obj = aff4.FACTORY.Open(hunt.session_id,
mode="rw",
age=aff4.ALL_TIMES,
token=self.token)
started, finished, _ = hunt_obj.GetClientsCounts()
# We started the hunt on 10 clients.
self.assertEqual(started, 10)
# But only 8 should have finished.
self.assertEqual(finished, 8)
def testProcessing(self):
"""This tests running the hunt on some clients."""
# Set up 10 clients.
client_ids = self.SetupClients(10)
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
field="CLIENT_NAME", attribute_regex="GRR"))
])
with implementation.GRRHunt.StartHunt(
hunt_name=standard.SampleHunt.__name__,
client_rule_set=client_rule_set,
client_rate=0,
token=self.token) as hunt:
hunt.GetRunner().Start()
foreman = aff4.FACTORY.Open("aff4:/foreman",
mode="rw",
token=self.token)
for client_id in client_ids:
foreman.AssignTasksToClient(client_id.Basename())
# Run the hunt.
client_mock = hunt_test_lib.SampleHuntMock()
hunt_test_lib.TestHuntHelper(client_mock, client_ids, False,
self.token)
hunt_obj = aff4.FACTORY.Open(hunt.session_id,
mode="r",
age=aff4.ALL_TIMES,
aff4_type=standard.SampleHunt,
token=self.token)
started, finished, _ = hunt_obj.GetClientsCounts()
self.assertEqual(started, 10)
self.assertEqual(finished, 10)
def testEvaluatesNegativeInMatchAllModeIfOnlyOneRuleMatches(self):
# Instantiate a rule set that matches if all of its two
# operating system rules match
rs = rdf_foreman.ForemanClientRuleSet(
match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL,
rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(
os_windows=False, os_linux=True, os_darwin=False)),
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(
os_windows=False, os_linux=True, os_darwin=True))
])
client_id_dar = self.SetupClient(0, system="Darwin")
# One of the set's rules has os_darwin=False, so the whole set doesn't
# match with the match all match mode
self.assertFalse(
rs.Evaluate(aff4.FACTORY.Open(client_id_dar, token=self.token)))
def _RunRateLimitedHunt(self, client_ids, start_time):
client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
regex=rdf_foreman.ForemanRegexClientRule(
field="CLIENT_NAME", attribute_regex="GRR"))
])
with implementation.GRRHunt.StartHunt(hunt_name=DummyHunt.__name__,
client_rule_set=client_rule_set,
client_rate=1,
token=self.token) as hunt:
hunt.Run()
# Pretend to be the foreman now and dish out hunting jobs to all the
# clients..
foreman = aff4.FACTORY.Open("aff4:/foreman",
mode="rw",
token=self.token)
for client_id in client_ids:
foreman.AssignTasksToClient(client_id.Basename())
self.assertEqual(len(DummyHunt.client_ids), 0)
# Run the hunt.
worker_mock = worker_test_lib.MockWorker(check_flow_errors=True,
queues=queues.HUNTS,
token=self.token)
# One client is scheduled in the first minute.
with test_lib.FakeTime(start_time + 2):
worker_mock.Simulate()
self.assertEqual(len(DummyHunt.client_ids), 1)
# No further clients will be scheduled until the end of the first minute.
with test_lib.FakeTime(start_time + 59):
worker_mock.Simulate()
self.assertEqual(len(DummyHunt.client_ids), 1)
return worker_mock, hunt.urn
