def testNotAppliedParsers(self, db: abstract_db.Database) -> None:
client_id = db_test_utils.InitializeClient(db)
flow_id = "4815162342ABCDEF"
flow_obj = rdf_flow_objects.Flow()
flow_obj.client_id = client_id
flow_obj.flow_id = flow_id
flow_obj.flow_class_name = collectors.ArtifactCollectorFlow.__name__
flow_obj.args = rdf_artifacts.ArtifactCollectorFlowArgs(
apply_parsers=False)
db.WriteFlowObject(flow_obj)
flow_result = rdf_flow_objects.FlowResult()
flow_result.client_id = client_id
flow_result.flow_id = flow_id
flow_result.tag = "artifact:Fake"
flow_result.payload = rdfvalue.RDFString("foobar")
db.WriteFlowResults([flow_result])
args = flow_plugin.ApiListFlowApplicableParsersArgs()
args.client_id = client_id
args.flow_id = flow_id
result = self.handler.Handle(args)
self.assertCountEqual(result.parsers, [
flow_plugin.ApiParserDescriptor(
type=flow_plugin.ApiParserDescriptor.Type.SINGLE_RESPONSE,
name="FakeSingleResponse",
),
flow_plugin.ApiParserDescriptor(
type=flow_plugin.ApiParserDescriptor.Type.MULTI_RESPONSE,
name="FakeMultiResponse",
),
flow_plugin.ApiParserDescriptor(
type=flow_plugin.ApiParserDescriptor.Type.SINGLE_FILE,
name="FakeSingleFile",
),
flow_plugin.ApiParserDescriptor(
type=flow_plugin.ApiParserDescriptor.Type.MULTI_FILE,
name="FakeMultiFile",
),
])
def testFlowWithResult(self, db: abstract_db.Database) -> None:
client_id = "C.1234567890123456"
flow_id = "ABCDEF92"
db.WriteClientMetadata(client_id, last_ping=rdfvalue.RDFDatetime.Now())
flow_obj = rdf_flow_objects.Flow()
flow_obj.client_id = client_id
flow_obj.flow_id = flow_id
flow_obj.flow_class_name = timeline_flow.TimelineFlow.__name__
flow_obj.create_time = rdfvalue.RDFDatetime.Now()
db.WriteFlowObject(flow_obj)
flow_result = rdf_flow_objects.FlowResult()
flow_result.client_id = client_id
flow_result.flow_id = flow_id
flow_result.payload = rdf_timeline.TimelineResult(
filesystem_type="ntfs")
db.WriteFlowResults([flow_result])
self.assertEqual(timeline_flow.FilesystemType(client_id, flow_id),
"ntfs")
def testAlreadyAppliedParsers(self, db: abstract_db.Database) -> None:
client_id = db_test_utils.InitializeClient(db)
flow_id = "4815162342ABCDEF"
flow_obj = rdf_flow_objects.Flow()
flow_obj.client_id = client_id
flow_obj.flow_id = flow_id
flow_obj.flow_class_name = collectors.ArtifactCollectorFlow.__name__
flow_obj.args = rdf_artifacts.ArtifactCollectorFlowArgs(
apply_parsers=True)
db.WriteFlowObject(flow_obj)
flow_result = rdf_flow_objects.FlowResult()
flow_result.client_id = client_id
flow_result.flow_id = flow_id
flow_result.tag = "artifact:Fake"
db.WriteFlowResults([flow_result])
args = flow_plugin.ApiListFlowApplicableParsersArgs()
args.client_id = client_id
args.flow_id = flow_id
result = self.handler.Handle(args)
self.assertEmpty(result.parsers)
