예제 #1
0
    def testNoRows(self):
        table = rdf_osquery.OsqueryTable()
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="foo"))
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="bar"))
        table.query = "SELECT * FROM quux;"

        chunks = list(
            osquery.ChunkTable(table, max_chunk_size=1024 * 1024 * 1024))
        self.assertLen(chunks, 1)
        self.assertEqual(chunks[0], table)
예제 #2
0
    def testGetTableColumns(self):
        table = rdf_osquery.OsqueryTable()
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="A"))
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="B"))
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="C"))

        result = rdf_osquery.OsqueryResult()
        result.table = table

        cols = list(result.GetTableColumns())
        self.assertEqual(["A", "B", "C"], cols)
예제 #3
0
    def testGetTableRows(self):
        table = rdf_osquery.OsqueryTable()
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="A"))

        table.rows.append(rdf_osquery.OsqueryRow(values=["cell1"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["cell2"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["cell3"]))

        result = rdf_osquery.OsqueryResult()
        result.table = table

        rows = list(result.GetTableRows())
        self.assertEqual([["cell1"], ["cell2"], ["cell3"]], rows)
예제 #4
0
    def testTruncation(self):
        table = rdf_osquery.OsqueryTable()
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="A"))

        table.rows.append(rdf_osquery.OsqueryRow(values=["cell1"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["cell2"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["cell3"]))

        truncated = table.Truncated(1)
        column_values = list(truncated.Column("A"))

        self.assertLen(truncated.rows, 1)
        self.assertEqual(column_values, ["cell1"])
예제 #5
0
파일: osquery_test.py 프로젝트: avmi/grr
    def testMetadataColumn(self):
        table = rdf_osquery.OsqueryTable()
        table.query = "SELECT metadata FROM foo;"
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="metadata"))
        table.rows.append(rdf_osquery.OsqueryRow(values=["bar"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["baz"]))

        results = self._Convert(table)
        self.assertLen(results, 2)
        self.assertEqual(results[0].metadata, self.metadata)
        self.assertEqual(results[0].__metadata__, "bar")
        self.assertEqual(results[1].metadata, self.metadata)
        self.assertEqual(results[1].__metadata__, "baz")
예제 #6
0
    def testColumnValues(self):
        table = rdf_osquery.OsqueryTable()
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="A"))
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="B"))
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="C"))
        table.rows.append(rdf_osquery.OsqueryRow(values=["foo", "bar", "baz"]))
        table.rows.append(
            rdf_osquery.OsqueryRow(values=["quux", "norf", "thud"]))
        table.rows.append(
            rdf_osquery.OsqueryRow(values=["blarg", "shme", "ztesh"]))

        self.assertEqual(list(table.Column("A")), ["foo", "quux", "blarg"])
        self.assertEqual(list(table.Column("B")), ["bar", "norf", "shme"])
        self.assertEqual(list(table.Column("C")), ["baz", "thud", "ztesh"])
예제 #7
0
    def testTextWithCommasToCsvBytes(self):
        table = rdf_osquery.OsqueryTable()
        table.header.columns.append(
            rdf_osquery.OsqueryColumn(name="c,o,l,u,m,n"))
        table.rows.append(rdf_osquery.OsqueryRow(values=["c,e,l,l"]))

        result = rdf_osquery.OsqueryResult()
        result.table = table

        output_bytes = api_osquery._ParseToCsvBytes([result])
        output_text = list(map(lambda b: b.decode("utf-8"), output_bytes))

        self.assertListEqual(["\"c,o,l,u,m,n\"\r\n", "\"c,e,l,l\"\r\n"],
                             output_text)
예제 #8
0
def ParseTable(table: Any) -> rdf_osquery.OsqueryTable:
    """Parses table of osquery output.

  Args:
    table: A table in a "parsed JSON" representation.

  Returns:
    A parsed `rdf_osquery.OsqueryTable` instance.
  """
    precondition.AssertIterableType(table, dict)

    result = rdf_osquery.OsqueryTable()
    result.header = ParseHeader(table)
    for row in table:
        result.rows.append(ParseRow(result.header, row))
    return result
예제 #9
0
파일: osquery_test.py 프로젝트: avmi/grr
    def testQueryMetadata(self):
        table = rdf_osquery.OsqueryTable()
        table.query = "   SELECT foo FROM quux;          "
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="foo"))
        table.rows.append(rdf_osquery.OsqueryRow(values=["norf"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["thud"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["blargh"]))

        results = self._Convert(table)
        self.assertLen(results, 3)
        self.assertEqual(results[0].__query__, "SELECT foo FROM quux;")
        self.assertEqual(results[0].foo, "norf")
        self.assertEqual(results[1].__query__, "SELECT foo FROM quux;")
        self.assertEqual(results[1].foo, "thud")
        self.assertEqual(results[2].__query__, "SELECT foo FROM quux;")
        self.assertEqual(results[2].foo, "blargh")
예제 #10
0
    def testSomeTextToCsvBytes(self):
        table = rdf_osquery.OsqueryTable()
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="A"))
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="B"))

        table.rows.append(rdf_osquery.OsqueryRow(values=["1-A", "1-B"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["2-A", "2-B"]))

        result = rdf_osquery.OsqueryResult()
        result.table = table

        output_bytes = api_osquery._ParseToCsvBytes([result])
        output_text = list(map(lambda b: b.decode("utf-8"), output_bytes))

        self.assertListEqual(["A,B\r\n", "1-A,1-B\r\n", "2-A,2-B\r\n"],
                             output_text)
예제 #11
0
파일: osquery_test.py 프로젝트: x35029/grr
    def testMultiByteStrings(self):
        table = rdf_osquery.OsqueryTable()
        table.query = "SELECT foo, bar, baz FROM quux;"
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="foo"))
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="bar"))
        table.rows.append(rdf_osquery.OsqueryRow(values=["🐔", "🐓"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["🐣", "🐤"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["🐥", "🦆"]))

        chunks = list(osquery.ChunkTable(table, max_chunk_size=10))
        self.assertLen(chunks, 3)
        self.assertEqual(chunks[0].rows,
                         [rdf_osquery.OsqueryRow(values=["🐔", "🐓"])])
        self.assertEqual(chunks[1].rows,
                         [rdf_osquery.OsqueryRow(values=["🐣", "🐤"])])
        self.assertEqual(chunks[2].rows,
                         [rdf_osquery.OsqueryRow(values=["🐥", "🦆"])])
예제 #12
0
파일: osquery_test.py 프로젝트: x35029/grr
    def testMultiRowChunks(self):
        table = rdf_osquery.OsqueryTable()
        table.query = "SELECT foo, bar, baz FROM quux;"
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="foo"))
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="bar"))
        table.header.columns.append(rdf_osquery.OsqueryColumn(name="baz"))
        table.rows.append(rdf_osquery.OsqueryRow(values=["A", "B", "C"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["D", "E", "F"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["G", "H", "I"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["J", "K", "L"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["M", "N", "O"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["P", "Q", "R"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["S", "T", "U"]))
        table.rows.append(rdf_osquery.OsqueryRow(values=["V", "W", "X"]))

        chunks = list(osquery.ChunkTable(table, max_chunk_size=10))
        self.assertLen(chunks, 3)
        self.assertEqual(chunks[0].query, table.query)
        self.assertEqual(chunks[0].header, table.header)
        self.assertEqual(chunks[0].rows, [
            rdf_osquery.OsqueryRow(values=["A", "B", "C"]),
            rdf_osquery.OsqueryRow(values=["D", "E", "F"]),
            rdf_osquery.OsqueryRow(values=["G", "H", "I"]),
        ])
        self.assertEqual(chunks[1].query, table.query)
        self.assertEqual(chunks[1].header, table.header)
        self.assertEqual(chunks[1].rows, [
            rdf_osquery.OsqueryRow(values=["J", "K", "L"]),
            rdf_osquery.OsqueryRow(values=["M", "N", "O"]),
            rdf_osquery.OsqueryRow(values=["P", "Q", "R"]),
        ])
        self.assertEqual(chunks[2].query, table.query)
        self.assertEqual(chunks[2].header, table.header)
        self.assertEqual(chunks[2].rows, [
            rdf_osquery.OsqueryRow(values=["S", "T", "U"]),
            rdf_osquery.OsqueryRow(values=["V", "W", "X"]),
        ])
예제 #13
0
 def Chunk() -> rdf_osquery.OsqueryTable:
     result = rdf_osquery.OsqueryTable()
     result.query = table.query
     result.header = table.header
     return result