def Run(self): with report_plugins_test_mocks.MockedReportPlugins(): self.Check( "GetReport", args=stats_plugin.ApiGetReportArgs( name="BarReportPlugin", start_time=rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14") .AsMicrosecondsSinceEpoch(), duration="4d"))
def testUserActivityReportPlugin(self): with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")): AddFakeAuditLog(user="******", token=self.token) with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22")): for _ in range(10): AddFakeAuditLog(user="******", token=self.token) AddFakeAuditLog(user="******", token=self.token) report = report_plugins.GetReportByName( server_report_plugins.UserActivityReportPlugin.__name__) with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/31")): api_report_data = report.GetReportData( stats_api.ApiGetReportArgs(name=report.__class__.__name__), token=self.token) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( representation_type=RepresentationType.STACK_CHART, stack_chart=rdf_report_plugins.ApiStackChartReportData( data=[ rdf_report_plugins.ApiReportDataSeries2D( label=u"User123", points=[ ApiReportDataPoint2D(x=-10, y=0), ApiReportDataPoint2D(x=-9, y=0), ApiReportDataPoint2D(x=-8, y=0), ApiReportDataPoint2D(x=-7, y=0), ApiReportDataPoint2D(x=-6, y=0), ApiReportDataPoint2D(x=-5, y=0), ApiReportDataPoint2D(x=-4, y=0), ApiReportDataPoint2D(x=-3, y=1), ApiReportDataPoint2D(x=-2, y=10), ApiReportDataPoint2D(x=-1, y=0) ]), rdf_report_plugins.ApiReportDataSeries2D( label=u"User456", points=[ ApiReportDataPoint2D(x=-10, y=0), ApiReportDataPoint2D(x=-9, y=0), ApiReportDataPoint2D(x=-8, y=0), ApiReportDataPoint2D(x=-7, y=0), ApiReportDataPoint2D(x=-6, y=0), ApiReportDataPoint2D(x=-5, y=0), ApiReportDataPoint2D(x=-4, y=0), ApiReportDataPoint2D(x=-3, y=0), ApiReportDataPoint2D(x=-2, y=1), ApiReportDataPoint2D(x=-1, y=0) ]) ])))
def testSystemFlowsReportPlugin(self): with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")): AddFakeAuditLog( action=rdf_events.AuditEvent.Action.RUN_FLOW, user="******", flow_name="Flow123", token=self.token) with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22")): for _ in range(10): AddFakeAuditLog( action=rdf_events.AuditEvent.Action.RUN_FLOW, user="******", flow_name="Flow123", token=self.token) AddFakeAuditLog( action=rdf_events.AuditEvent.Action.RUN_FLOW, user="******", flow_name="Flow456", token=self.token) report = report_plugins.GetReportByName( server_report_plugins.SystemFlowsReportPlugin.__name__) start = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/15") month_duration = rdfvalue.Duration("30d") api_report_data = report.GetReportData( stats_api.ApiGetReportArgs( name=report.__class__.__name__, start_time=start, duration=month_duration), token=self.token) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( representation_type=rdf_report_plugins.ApiReportData. RepresentationType.STACK_CHART, stack_chart=rdf_report_plugins.ApiStackChartReportData( x_ticks=[], data=[ rdf_report_plugins.ApiReportDataSeries2D( label=u"Flow123\u2003Run By: GRR (10)", points=[ rdf_report_plugins.ApiReportDataPoint2D(x=0, y=10) ]), rdf_report_plugins.ApiReportDataSeries2D( label=u"Flow456\u2003Run By: GRR (1)", points=[ rdf_report_plugins.ApiReportDataPoint2D(x=1, y=1) ]) ])))
def testClientApprovalsReportPlugin(self): with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")): AddFakeAuditLog(user="******") with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22"), increment=1): for i in range(10): AddFakeAuditLog( user="******".format(i), router_method_name="CreateClientApproval", http_request_path="/api/users/me/approvals/client/C.{:016X}" .format(i)) AddFakeAuditLog( user="******", router_method_name="GrantClientApproval", http_request_path="/api/users/user0/approvals/client/" + "C.0000000000000000/0/") report = report_plugins.GetReportByName( server_report_plugins.ClientApprovalsReportPlugin.__name__) start = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/15") month_duration = rdfvalue.Duration.From(30, rdfvalue.DAYS) api_report_data = report.GetReportData(stats_api.ApiGetReportArgs( name=report.__class__.__name__, start_time=start, duration=month_duration), token=self.token) self.assertEqual(api_report_data.representation_type, RepresentationType.AUDIT_CHART) self.assertCountEqual(api_report_data.audit_chart.used_fields, ["action", "client", "timestamp", "user"]) expected = [ (Action.CLIENT_APPROVAL_GRANT, "usera", "C.0000000000000000"), (Action.CLIENT_APPROVAL_REQUEST, "user9", "C.0000000000000009"), (Action.CLIENT_APPROVAL_REQUEST, "user8", "C.0000000000000008"), (Action.CLIENT_APPROVAL_REQUEST, "user7", "C.0000000000000007"), (Action.CLIENT_APPROVAL_REQUEST, "user6", "C.0000000000000006"), (Action.CLIENT_APPROVAL_REQUEST, "user5", "C.0000000000000005"), (Action.CLIENT_APPROVAL_REQUEST, "user4", "C.0000000000000004"), (Action.CLIENT_APPROVAL_REQUEST, "user3", "C.0000000000000003"), (Action.CLIENT_APPROVAL_REQUEST, "user2", "C.0000000000000002"), (Action.CLIENT_APPROVAL_REQUEST, "user1", "C.0000000000000001"), (Action.CLIENT_APPROVAL_REQUEST, "user0", "C.0000000000000000"), ] rows = api_report_data.audit_chart.rows self.assertEqual([(row.action, row.user, row.client) for row in rows], expected)
def testOSReleaseBreakdownReportPluginWithNoDataToReport(self): report = report_plugins.GetReportByName( client_report_plugins.OSReleaseBreakdown30ReportPlugin.__name__) api_report_data = report.GetReportData( stats_api.ApiGetReportArgs(name=report.__class__.__name__, client_label="Linux--buster/sid")) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( pie_chart=rdf_report_plugins.ApiPieChartReportData(data=[]), representation_type=RepresentationType.PIE_CHART))
def testUserActivityReportPluginWithNoActivityToReport(self): report = report_plugins.GetReportByName( server_report_plugins.UserActivityReportPlugin.__name__) api_report_data = report.GetReportData( stats_api.ApiGetReportArgs(name=report.__class__.__name__), token=self.token) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( representation_type=RepresentationType.STACK_CHART, stack_chart=rdf_report_plugins.ApiStackChartReportData(data=[])))
def testHuntActionsReportPlugin(self): with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")): AddFakeAuditLog( action=Action.HUNT_CREATED, user="******", flow_name="Flow123", router_method_name="CreateHunt", token=self.token) with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22"), increment=1): for i in range(10): AddFakeAuditLog( action=Action.HUNT_MODIFIED, user="******".format(i), flow_name="Flow{}".format(i), router_method_name="ModifyHunt", token=self.token) report = report_plugins.GetReportByName( server_report_plugins.HuntActionsReportPlugin.__name__) start = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/15") month_duration = rdfvalue.Duration("30d") api_report_data = report.GetReportData( stats_api.ApiGetReportArgs( name=report.__class__.__name__, start_time=start, duration=month_duration), token=self.token) self.assertEqual(api_report_data.representation_type, RepresentationType.AUDIT_CHART) self.assertCountEqual(api_report_data.audit_chart.used_fields, ["action", "timestamp", "user"]) self.assertEqual([(row.action, row.timestamp.Format("%Y/%m/%d"), row.user) for row in api_report_data.audit_chart.rows], [(Action.HUNT_MODIFIED, "2012/12/22", "User9"), (Action.HUNT_MODIFIED, "2012/12/22", "User8"), (Action.HUNT_MODIFIED, "2012/12/22", "User7"), (Action.HUNT_MODIFIED, "2012/12/22", "User6"), (Action.HUNT_MODIFIED, "2012/12/22", "User5"), (Action.HUNT_MODIFIED, "2012/12/22", "User4"), (Action.HUNT_MODIFIED, "2012/12/22", "User3"), (Action.HUNT_MODIFIED, "2012/12/22", "User2"), (Action.HUNT_MODIFIED, "2012/12/22", "User1"), (Action.HUNT_MODIFIED, "2012/12/22", "User0")])
def testUserActivityReportPlugin(self): entries = { "2012/12/02": ["User123"], "2012/12/07": ["User123"], "2012/12/15": ["User123"] * 2 + ["User456"], "2012/12/23": ["User123"] * 10, "2012/12/28": ["User123"], } for date_string, usernames in entries.items(): with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable(date_string)): for username in usernames: AddFakeAuditLog(user=username) report = report_plugins.GetReportByName( server_report_plugins.UserActivityReportPlugin.__name__) # Use 15 days which will be rounded up to 3 full weeks. duration = rdfvalue.DurationSeconds.FromDays(15) start_time = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/07") api_report_data = report.GetReportData( stats_api.ApiGetReportArgs( name=report.__class__.__name__, start_time=start_time, duration=duration), token=self.token) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( representation_type=RepresentationType.STACK_CHART, stack_chart=rdf_report_plugins.ApiStackChartReportData(data=[ rdf_report_plugins.ApiReportDataSeries2D( label=u"User123", points=[ ApiReportDataPoint2D(x=0, y=1), ApiReportDataPoint2D(x=1, y=2), ApiReportDataPoint2D(x=2, y=10), ]), rdf_report_plugins.ApiReportDataSeries2D( label=u"User456", points=[ ApiReportDataPoint2D(x=0, y=0), ApiReportDataPoint2D(x=1, y=1), ApiReportDataPoint2D(x=2, y=0), ]) ])))
def testMostActiveUsersReportPluginWithNoActivityToReport(self): report = report_plugins.GetReportByName( server_report_plugins.MostActiveUsersReportPlugin.__name__) now = rdfvalue.RDFDatetime().Now() month_duration = rdfvalue.Duration.From(30, rdfvalue.DAYS) api_report_data = report.GetReportData( stats_api.ApiGetReportArgs(name=report.__class__.__name__, start_time=now - month_duration, duration=month_duration)) self.assertEqual(api_report_data.representation_type, RepresentationType.PIE_CHART) self.assertEmpty(api_report_data.pie_chart.data)
def testMostActiveUsersReportPlugin(self): with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")): AddFakeAuditLog("Fake audit description 14 Dec.", "C.123", "User123", token=self.token) with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22")): for _ in xrange(10): AddFakeAuditLog("Fake audit description 22 Dec.", "C.123", "User123", token=self.token) AddFakeAuditLog("Fake audit description 22 Dec.", "C.456", "User456", token=self.token) report = report_plugins.GetReportByName( server_report_plugins.MostActiveUsersReportPlugin.__name__) with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/31")): now = rdfvalue.RDFDatetime().Now() month_duration = rdfvalue.Duration("30d") api_report_data = report.GetReportData(stats_api.ApiGetReportArgs( name=report.__class__.__name__, start_time=now - month_duration, duration=month_duration), token=self.token) # pyformat: disable self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( representation_type=rdf_report_plugins.ApiReportData. RepresentationType.PIE_CHART, pie_chart=rdf_report_plugins.ApiPieChartReportData(data=[ rdf_report_plugins.ApiReportDataPoint1D( label="User123", x=11), rdf_report_plugins.ApiReportDataPoint1D( label="User456", x=1) ])))
def testGRRVersionReportPluginWithNoActivityToReport(self): # Scan for activity to be reported. cron_system.GRRVersionBreakDownCronJob(None, None).Run() report = report_plugins.GetReportByName( client_report_plugins.GRRVersion30ReportPlugin.__name__) api_report_data = report.GetReportData( stats_api.ApiGetReportArgs(name=report.__class__.__name__, client_label="All")) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( representation_type=RepresentationType.LINE_CHART, line_chart=rdf_report_plugins.ApiLineChartReportData(data=[])))
def testFileSizeDistributionReportPluginWithNothingToReport(self): # Scan for files to be reported. flow_test_lib.TestFlowHelper( filestore_stats.FilestoreStatsCronFlow.__name__, token=self.token) report = report_plugins.GetReportByName( filestore_report_plugins.FileSizeDistributionReportPlugin.__name__) api_report_data = report.GetReportData( stats_api.ApiGetReportArgs(name=report.__class__.__name__), token=self.token) self.checkStaticData(api_report_data) for series in api_report_data.stack_chart.data: self.assertEqual([p.y for p in series.points], [0])
def testCronApprovalsReportPluginWithNoActivityToReport(self): report = report_plugins.GetReportByName( server_report_plugins.CronApprovalsReportPlugin.__name__) now = rdfvalue.RDFDatetime().Now() month_duration = rdfvalue.Duration.From(30, rdfvalue.DAYS) api_report_data = report.GetReportData( stats_api.ApiGetReportArgs(name=report.__class__.__name__, start_time=now - month_duration, duration=month_duration)) self.assertEqual(api_report_data.representation_type, RepresentationType.AUDIT_CHART) self.assertCountEqual(api_report_data.audit_chart.used_fields, ["action", "timestamp", "user", "urn"]) self.assertEmpty(api_report_data.audit_chart.rows)
def testLastActiveReportPluginWithNoActivityToReport(self): # Scan for activity to be reported. flow_test_lib.TestFlowHelper(cron_system.LastAccessStats.__name__, token=self.token) report = report_plugins.GetReportByName( client_report_plugins.LastActiveReportPlugin.__name__) api_report_data = report.GetReportData(stats_api.ApiGetReportArgs( name=report.__class__.__name__, client_label="All"), token=self.token) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( representation_type=RepresentationType.LINE_CHART, line_chart=rdf_report_plugins.ApiLineChartReportData(data=[])))
def testUserFlowsReportPluginWithNoActivityToReport(self): report = report_plugins.GetReportByName( server_report_plugins.UserFlowsReportPlugin.__name__) now = rdfvalue.RDFDatetime().Now() month_duration = rdfvalue.Duration.From(30, rdfvalue.DAYS) api_report_data = report.GetReportData( stats_api.ApiGetReportArgs(name=report.__class__.__name__, start_time=now - month_duration, duration=month_duration)) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( representation_type=RepresentationType.STACK_CHART, stack_chart=rdf_report_plugins.ApiStackChartReportData( x_ticks=[])))
def testHuntActionsReportPluginWithNoActivityToReport(self): report = report_plugins.GetReportByName( server_report_plugins.HuntActionsReportPlugin.__name__) now = rdfvalue.RDFDatetime().Now() month_duration = rdfvalue.Duration.From(30, rdfvalue.DAYS) api_report_data = report.GetReportData( stats_api.ApiGetReportArgs(name=report.__class__.__name__, start_time=now - month_duration, duration=month_duration)) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( representation_type=RepresentationType.AUDIT_CHART, audit_chart=rdf_report_plugins.ApiAuditChartReportData( used_fields=["action", "timestamp", "user"], rows=[])))
def testUserActivityReportPluginWithNoActivityToReport(self): report = report_plugins.GetReportByName( server_report_plugins.UserActivityReportPlugin.__name__) duration = rdfvalue.Duration.From(14, rdfvalue.DAYS) start_time = rdfvalue.RDFDatetime.Now() - duration api_report_data = report.GetReportData( stats_api.ApiGetReportArgs(name=report.__class__.__name__, start_time=start_time, duration=duration)) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( representation_type=RepresentationType.STACK_CHART, stack_chart=rdf_report_plugins.ApiStackChartReportData( data=[])))
def testMostActiveUsersReportPluginWithNoActivityToReport(self): report = report_plugins.GetReportByName( server_report_plugins.MostActiveUsersReportPlugin.__name__) now = rdfvalue.RDFDatetime().Now() month_duration = rdfvalue.Duration("30d") api_report_data = report.GetReportData(stats_api.ApiGetReportArgs( name=report.__class__.__name__, start_time=now - month_duration, duration=month_duration), token=self.token) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( representation_type=rdf_report_plugins.ApiReportData. RepresentationType.PIE_CHART, pie_chart=rdf_report_plugins.ApiPieChartReportData(data=[])))
def testOSBreakdownReportPlugin(self): # Add a client to be reported. self.SetupClients(1) # Scan for clients to be reported (the one we just added). cron_system.OSBreakDownCronJob(None, None).Run() report = report_plugins.GetReportByName( client_report_plugins.OSBreakdown30ReportPlugin.__name__) api_report_data = report.GetReportData( stats_api.ApiGetReportArgs(name=report.__class__.__name__, client_label="All")) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( pie_chart=rdf_report_plugins.ApiPieChartReportData(data=[ rdf_report_plugins.ApiReportDataPoint1D(label="Linux", x=1) ]), representation_type=RepresentationType.PIE_CHART))
def testGRRVersionReportPlugin(self): self.MockClients() # Scan for activity to be reported. cron_system.GRRVersionBreakDownCronJob(None, None).Run() report = report_plugins.GetReportByName( client_report_plugins.GRRVersion30ReportPlugin.__name__) api_report_data = report.GetReportData( stats_api.ApiGetReportArgs( name=report.__class__.__name__, client_label="All")) self.assertEqual( api_report_data.representation_type, rdf_report_plugins.ApiReportData.RepresentationType.LINE_CHART) self.assertLen(api_report_data.line_chart.data, 1) self.assertEqual(api_report_data.line_chart.data[0].label, "GRR Monitor %s" % config.CONFIG["Source.version_numeric"]) self.assertLen(api_report_data.line_chart.data[0].points, 1) self.assertEqual(api_report_data.line_chart.data[0].points[0].y, 20)
def testCronApprovalsReportPluginWithNoActivityToReport(self): report = report_plugins.GetReportByName( server_report_plugins.CronApprovalsReportPlugin.__name__) now = rdfvalue.RDFDatetime().Now() month_duration = rdfvalue.Duration("30d") api_report_data = report.GetReportData(stats_api.ApiGetReportArgs( name=report.__class__.__name__, start_time=now - month_duration, duration=month_duration), token=self.token) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( representation_type=rdf_report_plugins.ApiReportData. RepresentationType.AUDIT_CHART, audit_chart=rdf_report_plugins.ApiAuditChartReportData( used_fields=[ "action", "description", "timestamp", "urn", "user" ], rows=[])))
def testOSReleaseBreakdownReportPlugin(self): # Add a client to be reported. self.SetupClients(1) # Scan for clients to be reported (the one we just added). flow_test_lib.TestFlowHelper( cron_system.OSBreakDown.__name__, token=self.token) report = report_plugins.GetReportByName( client_report_plugins.OSReleaseBreakdown30ReportPlugin.__name__) api_report_data = report.GetReportData( stats_api.ApiGetReportArgs( name=report.__class__.__name__, client_label="All"), token=self.token) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( pie_chart=rdf_report_plugins.ApiPieChartReportData(data=[ rdf_report_plugins.ApiReportDataPoint1D(label="Unknown", x=1) ]), representation_type=RepresentationType.PIE_CHART))
def testMostActiveUsersReportPlugin(self): with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")): AddFakeAuditLog(user="******") with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22")): for _ in range(10): AddFakeAuditLog(user="******") AddFakeAuditLog(user="******") report = report_plugins.GetReportByName( server_report_plugins.MostActiveUsersReportPlugin.__name__) with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/31")): now = rdfvalue.RDFDatetime().Now() month_duration = rdfvalue.Duration.From(30, rdfvalue.DAYS) api_report_data = report.GetReportData( stats_api.ApiGetReportArgs(name=report.__class__.__name__, start_time=now - month_duration, duration=month_duration)) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( representation_type=RepresentationType.PIE_CHART, pie_chart=rdf_report_plugins.ApiPieChartReportData(data=[ rdf_report_plugins.ApiReportDataPoint1D( label="User123", x=11), rdf_report_plugins.ApiReportDataPoint1D( label="User456", x=1) ])))
def testLastActiveReportPluginWithNoActivityToReport(self): # Scan for activity to be reported. cron_system.LastAccessStatsCronJob(None, None).Run() report = report_plugins.GetReportByName( client_report_plugins.LastActiveReportPlugin.__name__) api_report_data = report.GetReportData( stats_api.ApiGetReportArgs(name=report.__class__.__name__, client_label="All")) self.assertEqual( api_report_data.representation_type, rdf_report_plugins.ApiReportData.RepresentationType.LINE_CHART) self.assertLen(api_report_data.line_chart.data, 5) labels = [ "60 day active", "30 day active", "7 day active", "3 day active", "1 day active" ] for series, label in zip(api_report_data.line_chart.data, labels): self.assertEqual(series.label, label) self.assertLen(series.points, 1) self.assertEqual(series.points[0].y, 0)
def testCronApprovalsReportPlugin(self): with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")): AddFakeAuditLog( action=rdf_events.AuditEvent.Action.CRON_APPROVAL_GRANT, user="******", description="Approval grant description.", token=self.token) with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22"), increment=1): for i in xrange(10): AddFakeAuditLog( action=rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST, user="******" % i, description="Approval request.", token=self.token) AddFakeAuditLog( action=rdf_events.AuditEvent.Action.CRON_APPROVAL_GRANT, user="******", description="Another grant.", token=self.token) report = report_plugins.GetReportByName( server_report_plugins.CronApprovalsReportPlugin.__name__) start = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/15") month_duration = rdfvalue.Duration("30d") api_report_data = report.GetReportData(stats_api.ApiGetReportArgs( name=report.__class__.__name__, start_time=start, duration=month_duration), token=self.token) self.assertEqual( api_report_data.representation_type, rdf_report_plugins.ApiReportData.RepresentationType.AUDIT_CHART) self.assertEqual(api_report_data.audit_chart.used_fields, ["action", "description", "timestamp", "urn", "user"]) self.assertEqual([(row.action, row.description, row.timestamp.Format("%Y/%m/%d"), row.urn, row.user) for row in api_report_data.audit_chart.rows], [(rdf_events.AuditEvent.Action.CRON_APPROVAL_GRANT, "Another grant.", "2012/12/22", None, "User456"), (rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST, "Approval request.", "2012/12/22", None, "User9"), (rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST, "Approval request.", "2012/12/22", None, "User8"), (rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST, "Approval request.", "2012/12/22", None, "User7"), (rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST, "Approval request.", "2012/12/22", None, "User6"), (rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST, "Approval request.", "2012/12/22", None, "User5"), (rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST, "Approval request.", "2012/12/22", None, "User4"), (rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST, "Approval request.", "2012/12/22", None, "User3"), (rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST, "Approval request.", "2012/12/22", None, "User2"), (rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST, "Approval request.", "2012/12/22", None, "User1"), (rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST, "Approval request.", "2012/12/22", None, "User0") ]) # pyformat: disable
def testHuntActionsReportPlugin(self): with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")): AddFakeAuditLog(action=rdf_events.AuditEvent.Action.HUNT_CREATED, user="******", flow_name="Flow123", token=self.token) with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22"), increment=1): for i in xrange(10): AddFakeAuditLog( action=rdf_events.AuditEvent.Action.HUNT_MODIFIED, user="******" % i, flow_name="Flow%d" % i, token=self.token) AddFakeAuditLog(action=rdf_events.AuditEvent.Action.HUNT_PAUSED, user="******", flow_name="Flow456", token=self.token) report = report_plugins.GetReportByName( server_report_plugins.HuntActionsReportPlugin.__name__) start = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/15") month_duration = rdfvalue.Duration("30d") api_report_data = report.GetReportData(stats_api.ApiGetReportArgs( name=report.__class__.__name__, start_time=start, duration=month_duration), token=self.token) self.assertEqual( api_report_data.representation_type, rdf_report_plugins.ApiReportData.RepresentationType.AUDIT_CHART) self.assertEqual( api_report_data.audit_chart.used_fields, ["action", "description", "flow_name", "timestamp", "urn", "user"]) self.assertEqual( [(row.action, row.description, row.flow_name, row.timestamp.Format("%Y/%m/%d"), row.urn, row.user) for row in api_report_data.audit_chart.rows], [(rdf_events.AuditEvent.Action.HUNT_PAUSED, "", "Flow456", "2012/12/22", None, "User456"), (rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow9", "2012/12/22", None, "User9"), (rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow8", "2012/12/22", None, "User8"), (rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow7", "2012/12/22", None, "User7"), (rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow6", "2012/12/22", None, "User6"), (rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow5", "2012/12/22", None, "User5"), (rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow4", "2012/12/22", None, "User4"), (rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow3", "2012/12/22", None, "User3"), (rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow2", "2012/12/22", None, "User2"), (rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow1", "2012/12/22", None, "User1"), (rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow0", "2012/12/22", None, "User0")]) # pyformat: disable
def testUserFlowsReportPlugin(self): client_id = self.SetupClient(1).Basename() with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")): AddFakeAuditLog( action=Action.RUN_FLOW, user="******", flow_name="GetClientStats", token=self.token) if data_store.RelationalDBWriteEnabled(): data_store.REL_DB.WriteFlowObject( rdf_flow_objects.Flow( flow_class_name="GetClientStats", creator="User123", client_id=client_id, flow_id="E0000000", create_time=rdfvalue.RDFDatetime.Now())) with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22")): for i in range(10): if data_store.RelationalDBWriteEnabled(): data_store.REL_DB.WriteFlowObject( rdf_flow_objects.Flow( flow_class_name="GetClientStats", creator="User123", client_id=client_id, flow_id="{:08X}".format(i), create_time=rdfvalue.RDFDatetime.Now())) AddFakeAuditLog( action=Action.RUN_FLOW, user="******", flow_name="GetClientStats", token=self.token) if data_store.RelationalDBWriteEnabled(): data_store.REL_DB.WriteFlowObject( rdf_flow_objects.Flow( flow_class_name="ArtifactCollectorFlow", creator="User456", client_id=client_id, flow_id="F0000000", create_time=rdfvalue.RDFDatetime.Now())) AddFakeAuditLog( action=Action.RUN_FLOW, user="******", flow_name="ArtifactCollectorFlow", token=self.token) report = report_plugins.GetReportByName( server_report_plugins.UserFlowsReportPlugin.__name__) start = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/15") month_duration = rdfvalue.Duration("30d") api_report_data = report.GetReportData( stats_api.ApiGetReportArgs( name=report.__class__.__name__, start_time=start, duration=month_duration), token=self.token) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( representation_type=RepresentationType.STACK_CHART, stack_chart=rdf_report_plugins.ApiStackChartReportData( x_ticks=[], data=[ rdf_report_plugins.ApiReportDataSeries2D( label=u"GetClientStats\u2003Run By: User123 (10)", points=[ApiReportDataPoint2D(x=0, y=10)]), rdf_report_plugins.ApiReportDataSeries2D( label=u"ArtifactCollectorFlow\u2003Run By: User456 (1)", points=[ApiReportDataPoint2D(x=1, y=1)]) ])))
def testCronApprovalsReportPlugin(self): with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")): AddFakeAuditLog( action=Action.CRON_APPROVAL_GRANT, user="******", urn="aff4:/cron/a", router_method_name="GrantCronJobApproval", http_request_path="/api/users/u/approvals/cron-job/a/0/", token=self.token) with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22"), increment=1): for i in range(10): AddFakeAuditLog( action=Action.CRON_APPROVAL_REQUEST, user="******".format(i), urn="aff4:/cron/a{0}".format(i), router_method_name="CreateCronJobApproval", http_request_path="/api/users/u{0}/approvals/cron-job/a{0}/0/" .format(i), token=self.token) AddFakeAuditLog( action=Action.CRON_APPROVAL_GRANT, user="******", urn="aff4:/cron/a0", router_method_name="GrantCronJobApproval", http_request_path="/api/users/u0/approvals/cron-job/a0/0/", token=self.token) report = report_plugins.GetReportByName( server_report_plugins.CronApprovalsReportPlugin.__name__) start = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/15") month_duration = rdfvalue.Duration("30d") api_report_data = report.GetReportData( stats_api.ApiGetReportArgs( name=report.__class__.__name__, start_time=start, duration=month_duration), token=self.token) self.assertEqual( api_report_data.representation_type, rdf_report_plugins.ApiReportData.RepresentationType.AUDIT_CHART) self.assertCountEqual(api_report_data.audit_chart.used_fields, ["action", "timestamp", "user", "urn"]) expected = [ (Action.CRON_APPROVAL_GRANT, "2012/12/22", "User456", "aff4:/cron/a0"), (Action.CRON_APPROVAL_REQUEST, "2012/12/22", "User9", "aff4:/cron/a9"), (Action.CRON_APPROVAL_REQUEST, "2012/12/22", "User8", "aff4:/cron/a8"), (Action.CRON_APPROVAL_REQUEST, "2012/12/22", "User7", "aff4:/cron/a7"), (Action.CRON_APPROVAL_REQUEST, "2012/12/22", "User6", "aff4:/cron/a6"), (Action.CRON_APPROVAL_REQUEST, "2012/12/22", "User5", "aff4:/cron/a5"), (Action.CRON_APPROVAL_REQUEST, "2012/12/22", "User4", "aff4:/cron/a4"), (Action.CRON_APPROVAL_REQUEST, "2012/12/22", "User3", "aff4:/cron/a3"), (Action.CRON_APPROVAL_REQUEST, "2012/12/22", "User2", "aff4:/cron/a2"), (Action.CRON_APPROVAL_REQUEST, "2012/12/22", "User1", "aff4:/cron/a1"), (Action.CRON_APPROVAL_REQUEST, "2012/12/22", "User0", "aff4:/cron/a0"), ] self.assertEqual( [(row.action, row.timestamp.Format("%Y/%m/%d"), row.user, str(row.urn)) for row in api_report_data.audit_chart.rows], expected)
def testHuntApprovalsReportPlugin(self): with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")): AddFakeAuditLog( user="******", router_method_name="GrantHuntApproval", http_request_path="/api/users/u0/approvals/hunt/H:000011/0/") with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22"), increment=1): for i in range(10): AddFakeAuditLog( user="******".format(i), router_method_name="CreateHuntApproval", http_request_path= "/api/users/User{0}/approvals/hunt/H:{0:06d}/0/".format(i)) AddFakeAuditLog( user="******", router_method_name="GrantHuntApproval", http_request_path="/api/users/u0/approvals/hunt/H:000010/0/") report = report_plugins.GetReportByName( server_report_plugins.HuntApprovalsReportPlugin.__name__) start = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/15") month_duration = rdfvalue.Duration.From(30, rdfvalue.DAYS) api_report_data = report.GetReportData( stats_api.ApiGetReportArgs(name=report.__class__.__name__, start_time=start, duration=month_duration)) self.assertEqual( api_report_data.representation_type, rdf_report_plugins.ApiReportData.RepresentationType.AUDIT_CHART) self.assertCountEqual(api_report_data.audit_chart.used_fields, ["action", "timestamp", "user", "urn"]) expected = [ (Action.HUNT_APPROVAL_GRANT, "2012/12/22", "User456", "aff4:/hunts/H:000010"), (Action.HUNT_APPROVAL_REQUEST, "2012/12/22", "User9", "aff4:/hunts/H:000009"), (Action.HUNT_APPROVAL_REQUEST, "2012/12/22", "User8", "aff4:/hunts/H:000008"), (Action.HUNT_APPROVAL_REQUEST, "2012/12/22", "User7", "aff4:/hunts/H:000007"), (Action.HUNT_APPROVAL_REQUEST, "2012/12/22", "User6", "aff4:/hunts/H:000006"), (Action.HUNT_APPROVAL_REQUEST, "2012/12/22", "User5", "aff4:/hunts/H:000005"), (Action.HUNT_APPROVAL_REQUEST, "2012/12/22", "User4", "aff4:/hunts/H:000004"), (Action.HUNT_APPROVAL_REQUEST, "2012/12/22", "User3", "aff4:/hunts/H:000003"), (Action.HUNT_APPROVAL_REQUEST, "2012/12/22", "User2", "aff4:/hunts/H:000002"), (Action.HUNT_APPROVAL_REQUEST, "2012/12/22", "User1", "aff4:/hunts/H:000001"), (Action.HUNT_APPROVAL_REQUEST, "2012/12/22", "User0", "aff4:/hunts/H:000000"), ] self.assertEqual([(row.action, row.timestamp.Format("%Y/%m/%d"), row.user, str(row.urn)) for row in api_report_data.audit_chart.rows], expected)
def testSystemFlowsReportPlugin(self): client_id = self.SetupClient(1) with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")): data_store.REL_DB.WriteFlowObject( rdf_flow_objects.Flow( flow_class_name="GetClientStats", creator="GRR", client_id=client_id, flow_id="0000000B", create_time=rdfvalue.RDFDatetime.Now())) AddFakeAuditLog(user="******") with test_lib.FakeTime( rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22")): for i in range(10): data_store.REL_DB.WriteFlowObject( rdf_flow_objects.Flow( flow_class_name="GetClientStats", creator="GRR", client_id=client_id, flow_id="{:08X}".format(i), create_time=rdfvalue.RDFDatetime.Now())) AddFakeAuditLog(user="******",) data_store.REL_DB.WriteFlowObject( rdf_flow_objects.Flow( flow_class_name="ArtifactCollectorFlow", creator="GRR", client_id=client_id, flow_id="0000000A", create_time=rdfvalue.RDFDatetime.Now())) AddFakeAuditLog(user="******") report = report_plugins.GetReportByName( server_report_plugins.SystemFlowsReportPlugin.__name__) start = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/15") month_duration = rdfvalue.Duration.From(30, rdfvalue.DAYS) api_report_data = report.GetReportData( stats_api.ApiGetReportArgs( name=report.__class__.__name__, start_time=start, duration=month_duration)) self.assertEqual( api_report_data, rdf_report_plugins.ApiReportData( representation_type=RepresentationType.STACK_CHART, stack_chart=rdf_report_plugins.ApiStackChartReportData( x_ticks=[], data=[ rdf_report_plugins.ApiReportDataSeries2D( label=u"GetClientStats\u2003Run By: GRR (10)", points=[ApiReportDataPoint2D(x=0, y=10)]), rdf_report_plugins.ApiReportDataSeries2D( label=u"ArtifactCollectorFlow\u2003Run By: GRR (1)", points=[ApiReportDataPoint2D(x=1, y=1)]) ])))