def testKnowledgeBase(self):
"""Test that the knowledge base is passed in the bundle."""
artifact_collector = collectors.ClientArtifactCollector(None)
artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()
kb = rdf_client.KnowledgeBase()
kb.os = "Windows"
artifact_collector.args.knowledge_base = kb
artifact_bundle = artifact_collector._GetArtifactCollectorArgs([])
self.assertEqual(artifact_bundle.knowledge_base.os, "Windows")
def testDuplicationChecks(self):
"""Test duplicated artifacts are only processed once."""
artifact_list = [
"TestAggregationArtifact", "TestFilesArtifact", "TestCmdArtifact",
"TestFilesArtifact"
]
artifact_collector = collectors.ClientArtifactCollector(None)
artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()
artifact_bundle = artifact_collector._GetArtifactCollectorArgs(
artifact_list)
artifacts_objects = list(artifact_bundle.artifacts)
self.assertEqual(len(artifacts_objects), 2)
def testPrepareBasicArtifactBundle(self):
"""Test we can prepare a basic artifact."""
artifact_list = ["TestCmdArtifact"]
artifact_collector = collectors.ClientArtifactCollector(None)
artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()
artifact_bundle = artifact_collector._GetArtifactCollectorArgs(
artifact_list)
artifacts_objects = list(artifact_bundle.artifacts)
art_obj = artifacts_objects[0]
source = list(art_obj.sources)[0]
self.assertEqual(art_obj.name, "TestCmdArtifact")
self.assertEqual(source.base_source.attributes["cmd"], "/usr/bin/dpkg")
self.assertEqual(source.base_source.attributes.get("args", []), ["--list"])
def testPrepareAggregatedArtifactBundle(self):
"""Test we can prepare the source artifacts of an aggregation artifact."""
artifact_list = ["TestAggregationArtifact"]
artifact_collector = collectors.ClientArtifactCollector(None)
artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()
artifact_bundle = artifact_collector._GetArtifactCollectorArgs(
artifact_list)
artifacts_objects = list(artifact_bundle.artifacts)
art_obj = artifacts_objects[0]
self.assertEqual(art_obj.name, "TestAggregationArtifact")
source = list(art_obj.sources)[0]
self.assertEqual(source.base_source.type, "GRR_CLIENT_ACTION")
source = list(art_obj.sources)[1]
self.assertEqual(source.base_source.type, "COMMAND")
def testSourceMeetsConditions(self):
"""Test we can get a GRR client artifact with conditions."""
artifact_collector = collectors.ClientArtifactCollector(None)
artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()
kb = rdf_client.KnowledgeBase()
kb.os = "Windows"
artifact_collector.args.knowledge_base = kb
# Run with false condition.
source = rdf_artifacts.ArtifactSource(
type=rdf_artifacts.ArtifactSource.SourceType.GRR_CLIENT_ACTION,
attributes={"client_action": standard.ListProcesses.__name__},
conditions=["os == 'Linux'"])
self.assertFalse(artifact_collector._MeetsConditions(source))
# Run with matching or condition.
source = rdf_artifacts.ArtifactSource(
type=rdf_artifacts.ArtifactSource.SourceType.GRR_CLIENT_ACTION,
attributes={"client_action": standard.ListProcesses.__name__},
conditions=["os == 'Linux' or os == 'Windows'"])
self.assertTrue(artifact_collector._MeetsConditions(source))
def testPrepareMultipleArtifacts(self):
"""Test we can prepare multiple artifacts of different types."""
artifact_list = [
"TestFilesArtifact", "DepsWindirRegex", "DepsProvidesMultiple",
"WMIActiveScriptEventConsumer"
]
artifact_collector = collectors.ClientArtifactCollector(None)
artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()
artifact_bundle = artifact_collector._GetArtifactCollectorArgs(
artifact_list)
artifacts_objects = list(artifact_bundle.artifacts)
self.assertEqual(len(artifacts_objects), 4)
self.assertEqual(artifacts_objects[0].name, "TestFilesArtifact")
self.assertEqual(artifacts_objects[1].name, "DepsWindirRegex")
self.assertEqual(artifacts_objects[2].name, "DepsProvidesMultiple")
self.assertEqual(artifacts_objects[3].name, "WMIActiveScriptEventConsumer")
art_obj = artifacts_objects[3]
source = list(art_obj.sources)[0]
self.assertEqual(source.base_source.attributes["query"],
"SELECT * FROM ActiveScriptEventConsumer")