def testLogsWarningIfBtimeNotSupported(self, db: abstract_db.Database): client_id = self.client_id db.WriteClientMetadata(client_id, fleetspeak_enabled=True) snapshot = rdf_objects.ClientSnapshot() snapshot.client_id = client_id snapshot.knowledge_base.os = "Linux" snapshot.startup_info.client_info.timeline_btime_support = False db.WriteClientSnapshot(snapshot) with temp.AutoTempDirPath() as tempdir: args = rdf_timeline.TimelineArgs(root=tempdir.encode("utf-8")) flow_id = flow_test_lib.TestFlowHelper( timeline_flow.TimelineFlow.__name__, action_mocks.ActionMock(timeline_action.Timeline), client_id=client_id, token=self.token, args=args) flow_test_lib.FinishAllFlowsOnClient(client_id) log_entries = db.ReadFlowLogEntries(client_id, flow_id, offset=0, count=1) self.assertLen(log_entries, 1) self.assertRegex(log_entries[0].message, "birth time is not supported")
def testNoLogsIfBtimeSupported(self, db: abstract_db.Database): client_id = self.client_id db.WriteClientMetadata(client_id, fleetspeak_enabled=True) snapshot = rdf_objects.ClientSnapshot() snapshot.client_id = client_id snapshot.knowledge_base.os = "Linux" snapshot.startup_info.client_info.timeline_btime_support = True db.WriteClientSnapshot(snapshot) with temp.AutoTempDirPath() as tempdir: args = rdf_timeline.TimelineArgs(root=tempdir.encode("utf-8")) flow_id = flow_test_lib.TestFlowHelper( timeline_flow.TimelineFlow.__name__, action_mocks.ActionMock(timeline_action.Timeline), client_id=client_id, creator=self.test_username, args=args) flow_test_lib.FinishAllFlowsOnClient(client_id) log_entries = db.ReadFlowLogEntries(client_id, flow_id, offset=0, count=1) self.assertEmpty(log_entries)
def testClientInfoDefault(self, db: abstract_db.Database): client_id = "C.0123456789ABCDEF" db.WriteClientMetadata(client_id, fleetspeak_enabled=False) flow = rdf_flow_objects.Flow() flow.client_id = client_id flow.flow_id = "FEDCBA9876543210" flow = FlowBaseTest.Flow(flow) self.assertIsInstance(flow.client_info, rdf_client.ClientInformation) self.assertEmpty(flow.client_info.client_name)
def testFlowWithNoResult(self, db: abstract_db.Database) -> None: client_id = "C.1234567890123456" flow_id = "ABCDEF92" db.WriteClientMetadata(client_id, last_ping=rdfvalue.RDFDatetime.Now()) flow_obj = rdf_flow_objects.Flow() flow_obj.client_id = client_id flow_obj.flow_id = flow_id flow_obj.flow_class_name = timeline_flow.TimelineFlow.__name__ flow_obj.create_time = rdfvalue.RDFDatetime.Now() db.WriteFlowObject(flow_obj) self.assertIsNone(timeline_flow.FilesystemType(client_id, flow_id))
def testClientInfo(self, db: abstract_db.Database): client_id = "C.0123456789ABCDEF" db.WriteClientMetadata(client_id, fleetspeak_enabled=False) startup_info = rdf_client.StartupInfo() startup_info.client_info.client_name = "rrg" startup_info.client_info.client_version = 1337 db.WriteClientStartupInfo(client_id, startup_info) flow = rdf_flow_objects.Flow() flow.client_id = client_id flow.flow_id = "FEDCBA9876543210" flow = FlowBaseTest.Flow(flow) self.assertIsInstance(flow.client_info, rdf_client.ClientInformation) self.assertEqual(flow.client_info.client_name, "rrg") self.assertEqual(flow.client_info.client_version, 1337)
def testFlowWithResult(self, db: abstract_db.Database) -> None: client_id = "C.1234567890123456" flow_id = "ABCDEF92" db.WriteClientMetadata(client_id, last_ping=rdfvalue.RDFDatetime.Now()) flow_obj = rdf_flow_objects.Flow() flow_obj.client_id = client_id flow_obj.flow_id = flow_id flow_obj.flow_class_name = timeline_flow.TimelineFlow.__name__ flow_obj.create_time = rdfvalue.RDFDatetime.Now() db.WriteFlowObject(flow_obj) flow_result = rdf_flow_objects.FlowResult() flow_result.client_id = client_id flow_result.flow_id = flow_id flow_result.payload = rdf_timeline.TimelineResult( filesystem_type="ntfs") db.WriteFlowResults([flow_result]) self.assertEqual(timeline_flow.FilesystemType(client_id, flow_id), "ntfs")
def TestMethod(self, db: abstract_db.Database): client_id = "C.0123456789abcdef" db.WriteClientMetadata(client_id, first_seen=now) client = db.ReadClientFullInfo(client_id) self.assertEqual(client.metadata.first_seen, now)