def Run(self):
client_urn = self.SetupClient(0)
client_id = client_urn.Basename()
acl_test_lib.CreateUser(self.token.username)
# Create a running mock refresh operation.
running_flow_id = self.CreateMultiGetFileFlow(
client_urn, file_path="fs/os/c/bin/bash", token=self.token)
# Create a mock refresh operation and complete it.
finished_flow_id = self.CreateMultiGetFileFlow(
client_urn, file_path="fs/os/c/bin/bash", token=self.token)
if data_store.RelationalDBFlowsEnabled():
flow_base.TerminateFlow(client_id, finished_flow_id, reason="Fake Error")
# Create an arbitrary flow to check on 404s.
non_update_flow_id = flow.StartFlow(
client_id=client_id, flow_cls=discovery.Interrogate)
else:
finished_flow_urn = client_urn.Add("flows").Add(finished_flow_id)
with aff4.FACTORY.Open(
finished_flow_urn,
aff4_type=flow.GRRFlow,
mode="rw",
token=self.token) as flow_obj:
flow_obj.GetRunner().Error("Fake error")
# Create an arbitrary flow to check on 404s.
non_update_flow_id = flow.StartAFF4Flow(
client_id=client_urn,
flow_name=discovery.Interrogate.__name__,
token=self.token).Basename()
# Unkonwn flow ids should also cause 404s.
unknown_flow_id = "F:12345678"
# Check both operations.
self.Check(
"GetVfsFileContentUpdateState",
args=vfs_plugin.ApiGetVfsFileContentUpdateStateArgs(
client_id=client_id, operation_id=running_flow_id),
replace={running_flow_id: "W:ABCDEF"})
self.Check(
"GetVfsFileContentUpdateState",
args=vfs_plugin.ApiGetVfsFileContentUpdateStateArgs(
client_id=client_id, operation_id=finished_flow_id),
replace={finished_flow_id: "W:ABCDEF"})
self.Check(
"GetVfsFileContentUpdateState",
args=vfs_plugin.ApiGetVfsFileContentUpdateStateArgs(
client_id=client_id, operation_id=non_update_flow_id),
replace={non_update_flow_id: "W:ABCDEF"})
self.Check(
"GetVfsFileContentUpdateState",
args=vfs_plugin.ApiGetVfsFileContentUpdateStateArgs(
client_id=client_id, operation_id=unknown_flow_id),
replace={unknown_flow_id: "W:ABCDEF"})
def Run(self):
acl_test_lib.CreateUser(self.token.username)
client_id = self.SetupClient(0)
runner_args = rdf_flow_runner.FlowRunnerArgs(
flow_name=transfer.GetFile.__name__)
flow_args = transfer.GetFileArgs(pathspec=rdf_paths.PathSpec(
path="/tmp/evil.txt", pathtype=rdf_paths.PathSpec.PathType.OS))
client_mock = hunt_test_lib.SampleHuntMock()
with test_lib.FakeTime(42):
flow_urn = flow.StartAFF4Flow(client_id=client_id,
args=flow_args,
runner_args=runner_args,
token=self.token)
flow_test_lib.TestFlowHelper(flow_urn,
client_mock=client_mock,
client_id=client_id,
token=self.token)
self.Check("ListFlowResults",
args=flow_plugin.ApiListFlowResultsArgs(
client_id=client_id.Basename(),
flow_id=flow_urn.Basename()),
replace={flow_urn.Basename(): "W:ABCDEF"})
def testNotificationWhenListingRegistry(self):
# Change the username so notifications get written.
token = self.token.Copy()
token.username = "******"
acl_test_lib.CreateUser(token.username)
with vfs_test_lib.RegistryVFSStubber():
client_id = self.SetupClient(0)
pb = rdf_paths.PathSpec(
path="/HKEY_LOCAL_MACHINE/SOFTWARE/ListingTest",
pathtype=rdf_paths.PathSpec.PathType.REGISTRY)
client_mock = action_mocks.ListDirectoryClientMock()
flow_test_lib.TestFlowHelper(compatibility.GetName(
filesystem.ListDirectory),
client_mock,
client_id=client_id,
pathspec=pb,
token=token)
notifications = data_store.REL_DB.ReadUserNotifications(token.username)
self.assertLen(notifications, 1)
n = notifications[0]
self.assertEqual(n.reference.vfs_file.path_type,
rdf_objects.PathInfo.PathType.REGISTRY)
self.assertEqual(n.reference.vfs_file.path_components,
["HKEY_LOCAL_MACHINE", "SOFTWARE", "ListingTest"])
def Run(self):
acl_test_lib.CreateUser(self.test_username)
client_id = self.SetupClient(0)
# Create a running mock refresh operation.
flow_args = filesystem.RecursiveListDirectoryArgs()
running_flow_id = flow_test_lib.StartFlow(
filesystem.RecursiveListDirectory,
client_id,
flow_args=flow_args,
creator=self.test_username)
# Create a mock refresh operation and complete it.
finished_flow_id = flow_test_lib.StartFlow(
filesystem.RecursiveListDirectory,
client_id,
flow_args=flow_args,
creator=self.test_username)
# Kill flow.
rdf_flow = data_store.REL_DB.LeaseFlowForProcessing(
client_id, finished_flow_id,
rdfvalue.Duration.From(5, rdfvalue.MINUTES))
flow_cls = registry.FlowRegistry.FlowClassByName(rdf_flow.flow_class_name)
flow_obj = flow_cls(rdf_flow)
flow_obj.Error("Fake error")
data_store.REL_DB.ReleaseProcessedFlow(rdf_flow)
# Create an arbitrary flow to check on 404s.
non_refresh_flow_id = flow_test_lib.StartFlow(
discovery.Interrogate, client_id, creator=self.test_username)
# Unknown flow ids should also cause 404s.
unknown_flow_id = "12345678"
# Check both operations.
self.Check(
"GetVfsRefreshOperationState",
args=vfs_plugin.ApiGetVfsRefreshOperationStateArgs(
client_id=client_id, operation_id=running_flow_id),
replace={running_flow_id: "ABCDEF"})
self.Check(
"GetVfsRefreshOperationState",
args=vfs_plugin.ApiGetVfsRefreshOperationStateArgs(
client_id=client_id, operation_id=finished_flow_id),
replace={finished_flow_id: "ABCDEF"})
self.Check(
"GetVfsRefreshOperationState",
args=vfs_plugin.ApiGetVfsRefreshOperationStateArgs(
client_id=client_id, operation_id=non_refresh_flow_id),
replace={non_refresh_flow_id: "ABCDEF"})
self.Check(
"GetVfsRefreshOperationState",
args=vfs_plugin.ApiGetVfsRefreshOperationStateArgs(
client_id=client_id, operation_id=unknown_flow_id),
replace={unknown_flow_id: "ABCDEF"})
def Run(self):
acl_test_lib.CreateUser(self.token.username)
client_id = self.SetupClient(0).Basename()
flow_id = self._RunFlow(client_id)
self.Check("ListFlowResults",
args=flow_plugin.ApiListFlowResultsArgs(client_id=client_id,
flow_id=flow_id),
replace={flow_id: "W:ABCDEF"})
def testCorrectlyCallsAmbiguouslyNamedMethod(self):
acl_test_lib.CreateUser(self.token.username)
# Here arguments are provided, so root router is correctly chosen.
args = user_management_pb2.ApiGetGrrUserArgs(username="******")
with self.assertRaises(errors.ResourceNotFoundError):
self.connector.SendRequest("GetGrrUser", args)
# Here no arguments are provided, so non-root router is correctly chosen.
result = self.connector.SendRequest("GetGrrUser", None)
self.assertEqual(result.username, self.token.username)
def Run(self):
acl_test_lib.CreateUser(self.token.username)
with test_lib.FakeTime(42):
client_id = self.SetupClient(0)
with test_lib.FakeTime(43):
flow_id_1 = flow_test_lib.StartFlow(
discovery.Interrogate, client_id, creator=self.token.username)
with test_lib.FakeTime(44):
flow_id_2 = flow_test_lib.StartFlow(
processes.ListProcesses, client_id, creator=self.token.username)
replace = api_regression_test_lib.GetFlowTestReplaceDict(
client_id, flow_id_1, "F:ABCDEF10")
replace.update(
api_regression_test_lib.GetFlowTestReplaceDict(client_id, flow_id_2,
"F:ABCDEF11"))
self.Check(
"ListFlows",
args=flow_plugin.ApiListFlowsArgs(client_id=client_id),
replace=replace)
self.Check(
"ListFlows",
args=flow_plugin.ApiListFlowsArgs(
client_id=client_id,
top_flows_only=True,
),
replace=replace)
self.Check(
"ListFlows",
args=flow_plugin.ApiListFlowsArgs(
client_id=client_id,
min_started_at=rdfvalue.RDFDatetimeSeconds(44),
top_flows_only=True,
),
replace=replace)
self.Check(
"ListFlows",
args=flow_plugin.ApiListFlowsArgs(
client_id=client_id,
max_started_at=rdfvalue.RDFDatetimeSeconds(43),
top_flows_only=True,
),
replace=replace)
def Run(self):
acl_test_lib.CreateUser(self.token.username)
client_id = self.SetupClient(0).Basename()
# Create a running mock refresh operation.
flow_args = filesystem.RecursiveListDirectoryArgs()
running_flow_id = api_regression_test_lib.StartFlow(
client_id,
filesystem.RecursiveListDirectory,
flow_args=flow_args,
token=self.token)
# Create a mock refresh operation and complete it.
finished_flow_id = api_regression_test_lib.StartFlow(
client_id,
filesystem.RecursiveListDirectory,
flow_args=flow_args,
token=self.token)
self._KillFlow(client_id, finished_flow_id)
# Create an arbitrary flow to check on 404s.
non_refresh_flow_id = api_regression_test_lib.StartFlow(
client_id, discovery.Interrogate, token=self.token)
# Unkonwn flow ids should also cause 404s.
unknown_flow_id = "F:12345678"
# Check both operations.
self.Check(
"GetVfsRefreshOperationState",
args=vfs_plugin.ApiGetVfsRefreshOperationStateArgs(
client_id=client_id, operation_id=running_flow_id),
replace={running_flow_id: "W:ABCDEF"})
self.Check(
"GetVfsRefreshOperationState",
args=vfs_plugin.ApiGetVfsRefreshOperationStateArgs(
client_id=client_id, operation_id=finished_flow_id),
replace={finished_flow_id: "W:ABCDEF"})
self.Check(
"GetVfsRefreshOperationState",
args=vfs_plugin.ApiGetVfsRefreshOperationStateArgs(
client_id=client_id, operation_id=non_refresh_flow_id),
replace={non_refresh_flow_id: "W:ABCDEF"})
self.Check(
"GetVfsRefreshOperationState",
args=vfs_plugin.ApiGetVfsRefreshOperationStateArgs(
client_id=client_id, operation_id=unknown_flow_id),
replace={unknown_flow_id: "W:ABCDEF"})
def Run(self):
acl_test_lib.CreateUser(self.test_username)
client_id = self.SetupClient(0)
flow_id = self._RunFlow(client_id)
self.Check("ListFlowResults",
args=flow_plugin.ApiListFlowResultsArgs(client_id=client_id,
flow_id=flow_id,
filter="evil"),
replace={flow_id: "W:ABCDEF"})
self.Check("ListFlowResults",
args=flow_plugin.ApiListFlowResultsArgs(client_id=client_id,
flow_id=flow_id,
filter="benign"),
replace={flow_id: "W:ABCDEF"})
def Run(self):
client_id = self.SetupClient(0)
acl_test_lib.CreateUser(self.token.username)
# Create a running mock refresh operation.
self.running_flow_urn = self.CreateMultiGetFileFlow(
client_id, file_path="fs/os/c/bin/bash", token=self.token)
# Create a mock refresh operation and complete it.
self.finished_flow_urn = self.CreateMultiGetFileFlow(
client_id, file_path="fs/os/c/bin/bash", token=self.token)
with aff4.FACTORY.Open(self.finished_flow_urn,
aff4_type=flow.GRRFlow,
mode="rw",
token=self.token) as flow_obj:
flow_obj.GetRunner().Error("Fake error")
# Create an arbitrary flow to check on 404s.
self.non_update_flow_urn = flow.StartFlow(
client_id=client_id,
flow_name=discovery.Interrogate.__name__,
token=self.token)
# Unkonwn flow ids should also cause 404s.
self.unknown_flow_id = "F:12345678"
# Check both operations.
self.Check("GetVfsFileContentUpdateState",
args=vfs_plugin.ApiGetVfsFileContentUpdateStateArgs(
client_id=client_id.Basename(),
operation_id=str(self.running_flow_urn)),
replace={self.running_flow_urn.Basename(): "W:ABCDEF"})
self.Check("GetVfsFileContentUpdateState",
args=vfs_plugin.ApiGetVfsFileContentUpdateStateArgs(
client_id=client_id.Basename(),
operation_id=str(self.finished_flow_urn)),
replace={self.finished_flow_urn.Basename(): "W:ABCDEF"})
self.Check("GetVfsFileContentUpdateState",
args=vfs_plugin.ApiGetVfsFileContentUpdateStateArgs(
client_id=client_id.Basename(),
operation_id=str(self.non_update_flow_urn)),
replace={self.non_update_flow_urn.Basename(): "W:ABCDEF"})
self.Check("GetVfsFileContentUpdateState",
args=vfs_plugin.ApiGetVfsFileContentUpdateStateArgs(
client_id=client_id.Basename(),
operation_id=str(self.unknown_flow_id)),
replace={self.unknown_flow_id: "W:ABCDEF"})
def Run(self):
client_id = self.SetupClient(0)
acl_test_lib.CreateUser(self.test_username)
# Create a running mock refresh operation.
running_flow_id = self.CreateMultiGetFileFlow(
client_id, file_path="fs/os/c/bin/bash")
# Create a mock refresh operation and complete it.
finished_flow_id = self.CreateMultiGetFileFlow(
client_id, file_path="fs/os/c/bin/bash")
flow_base.TerminateFlow(client_id, finished_flow_id, reason="Fake Error")
# Create an arbitrary flow to check on 404s.
non_update_flow_id = flow.StartFlow(
client_id=client_id, flow_cls=discovery.Interrogate)
# Unknown flow ids should also cause 404s.
unknown_flow_id = "F:12345678"
# Check both operations.
self.Check(
"GetVfsFileContentUpdateState",
args=vfs_plugin.ApiGetVfsFileContentUpdateStateArgs(
client_id=client_id, operation_id=running_flow_id),
replace={running_flow_id: "ABCDEF"})
self.Check(
"GetVfsFileContentUpdateState",
args=vfs_plugin.ApiGetVfsFileContentUpdateStateArgs(
client_id=client_id, operation_id=finished_flow_id),
replace={finished_flow_id: "ABCDEF"})
self.Check(
"GetVfsFileContentUpdateState",
args=vfs_plugin.ApiGetVfsFileContentUpdateStateArgs(
client_id=client_id, operation_id=non_update_flow_id),
replace={non_update_flow_id: "ABCDEF"})
self.Check(
"GetVfsFileContentUpdateState",
args=vfs_plugin.ApiGetVfsFileContentUpdateStateArgs(
client_id=client_id, operation_id=unknown_flow_id),
replace={unknown_flow_id: "ABCDEF"})
def Run(self):
acl_test_lib.CreateUser(self.token.username)
with test_lib.FakeTime(42):
client_id = self.SetupClient(0).Basename()
with test_lib.FakeTime(43):
flow_id_1 = api_regression_test_lib.StartFlow(
client_id, discovery.Interrogate, token=self.token)
with test_lib.FakeTime(44):
flow_id_2 = api_regression_test_lib.StartFlow(
client_id, processes.ListProcesses, token=self.token)
replace = api_regression_test_lib.GetFlowTestReplaceDict(
client_id, flow_id_1, "F:ABCDEF10")
replace.update(
api_regression_test_lib.GetFlowTestReplaceDict(
client_id, flow_id_2, "F:ABCDEF11"))
self.Check("ListFlows",
args=flow_plugin.ApiListFlowsArgs(client_id=client_id),
replace=replace)
def Run(self):
acl_test_lib.CreateUser(self.token.username)
with test_lib.FakeTime(42):
client_urn = self.SetupClient(0)
with test_lib.FakeTime(43):
flow_id_1 = flow.StartAFF4Flow(
flow_name=discovery.Interrogate.__name__,
client_id=client_urn,
token=self.token)
with test_lib.FakeTime(44):
flow_id_2 = flow.StartAFF4Flow(
flow_name=processes.ListProcesses.__name__,
client_id=client_urn,
token=self.token)
self.Check(
"ListFlows",
args=flow_plugin.ApiListFlowsArgs(client_id=client_urn.Basename()),
replace={
flow_id_1.Basename(): "F:ABCDEF10",
flow_id_2.Basename(): "F:ABCDEF11"
})
def testNotificationWhenListingRegistry(self):
# Change the username so notifications get written.
token = self.token.Copy()
token.username = "******"
acl_test_lib.CreateUser(token.username)
with vfs_test_lib.RegistryVFSStubber():
client_id = self.SetupClient(0)
pb = rdf_paths.PathSpec(
path="/HKEY_LOCAL_MACHINE/SOFTWARE/ListingTest",
pathtype=rdf_paths.PathSpec.PathType.REGISTRY)
client_mock = action_mocks.ListDirectoryClientMock()
flow_test_lib.TestFlowHelper(
compatibility.GetName(filesystem.ListDirectory),
client_mock,
client_id=client_id,
pathspec=pb,
token=token)
if data_store.RelationalDBEnabled():
notifications = data_store.REL_DB.ReadUserNotifications(token.username)
self.assertLen(notifications, 1)
n = notifications[0]
self.assertEqual(n.reference.vfs_file.path_type,
rdf_objects.PathInfo.PathType.REGISTRY)
self.assertEqual(n.reference.vfs_file.path_components,
["HKEY_LOCAL_MACHINE", "SOFTWARE", "ListingTest"])
else:
user = aff4.FACTORY.Open("aff4:/users/%s" % token.username, token=token)
notifications = user.Get(user.Schema.PENDING_NOTIFICATIONS)
self.assertLen(notifications, 1)
expected_urn = ("aff4:/C.1000000000000000/registry/"
"HKEY_LOCAL_MACHINE/SOFTWARE/ListingTest")
self.assertEqual(notifications[0].subject, expected_urn)
def setUp(self):
super().setUp()
# Making sure we don't use a system username here.
self.test_username = "******"
acl_test_lib.CreateUser(self.test_username)
def setUp(self):
super(ApiCallHandlerTest, self).setUp()
# The user we use for API tests.
self.context = api_call_context.ApiCallContext("api_test_user")
self.token.username = self.context.username
acl_test_lib.CreateUser(self.context.username)
def testCorrectlyCallsRootGeneralMethod(self):
acl_test_lib.CreateUser(self.token.username)
args = user_management_pb2.ApiDeleteGrrUserArgs(
username=self.token.username)
self.connector.SendRequest("DeleteGrrUser", args)
def setUp(self): super(ApiCallHandlerTest, self).setUp() # The user we use for API tests. self.token.username = "******" acl_test_lib.CreateUser(self.token.username)