def runTest(self):
"""Launch our flows."""
for flow, args in [
("ListDirectory", {
"pathspec":
rdf_paths.PathSpec(
pathtype=rdf_paths.PathSpec.PathType.REGISTRY,
path=self.reg_path)
}),
("FindFiles", {
"findspec":
rdf_client.FindSpec(pathspec=rdf_paths.PathSpec(
path=self.reg_path,
pathtype=rdf_paths.PathSpec.PathType.REGISTRY),
path_regex="ProfileImagePath"),
"output":
self.output_path
})
]:
if self.local_worker:
self.session_id = debugging.StartFlowAndWorker(
self.client_id, flow, **args)
else:
self.session_id = flow_utils.StartFlowAndWait(self.client_id,
flow_name=flow,
token=self.token,
**args)
self.CheckFlow()
def runTest(self):
"""Launch our flows."""
for flow, args in [(filesystem.ListDirectory.__name__, {
"pathspec":
rdf_paths.PathSpec(
pathtype=rdf_paths.PathSpec.PathType.REGISTRY,
path=self.reg_path)
}), (find.FindFiles.__name__, {
"findspec":
rdf_client.FindSpec(
pathspec=rdf_paths.PathSpec(
path=self.reg_path,
pathtype=rdf_paths.PathSpec.PathType.REGISTRY),
path_regex="ProfileImagePath"),
})]:
if self.local_worker:
self.session_id = debugging.StartFlowAndWorker(self.client_id, flow,
**args)
else:
self.session_id = flow_utils.StartFlowAndWait(
self.client_id, flow_name=flow, token=self.token, **args)
results = self.CheckResultCollectionNotEmptyWithRetry(self.session_id)
for stat_entry in results:
self.assertTrue(isinstance(stat_entry, rdf_client.StatEntry))
self.assertTrue("ProfileImagePath" in stat_entry.pathspec.path)
def Read(self, path, length=None, offset=0, fh=None):
fd = aff4.FACTORY.Open(self.root.Add(path),
token=self.token,
ignore_cache=True)
last = fd.Get(fd.Schema.CONTENT_LAST)
client_id = client.GetClientURNFromPath(path)
if isinstance(fd, standard.AFF4SparseImage):
# If we have a sparse image, update just a part of it.
self.UpdateSparseImageIfNeeded(fd, length, offset)
else:
# If it's the first time we've seen this path (or we're asking
# explicitly), try and make it an AFF4SparseImage.
if last is None or self.force_sparse_image:
pathspec = fd.Get(fd.Schema.PATHSPEC)
# Either makes a new AFF4SparseImage or gets the file fully,
# depending on size.
flow_utils.StartFlowAndWait(client_id,
token=self.token,
flow_name="MakeNewAFF4SparseImage",
pathspec=pathspec,
size_threshold=self.size_threshold)
# Reopen the fd in case it's changed to be an AFF4SparseImage
fd = aff4.FACTORY.Open(self.root.Add(path), token=self.token)
# If we are now a sparse image, just download the part we requested
# from the client.
if isinstance(fd, standard.AFF4SparseImage):
flow_utils.StartFlowAndWait(
client_id,
token=self.token,
flow_name="FetchBufferForSparseImage",
file_urn=self.root.Add(path),
length=length,
offset=offset)
else:
# This was a file we'd seen before that wasn't a sparse image, so update
# it the usual way.
if self.DataRefreshRequired(last=last):
self._RunAndWaitForVFSFileUpdate(path)
# Read the file from the datastore as usual.
return super(GRRFuse, self).Read(path, length, offset, fh)
def UpdateSparseImageIfNeeded(self, fd, length, offset):
missing_chunks = self.GetMissingChunks(fd, length, offset)
if not missing_chunks:
return
client_id = client.GetClientURNFromPath(fd.urn.Path())
flow_utils.StartFlowAndWait(client_id, token=self.token,
flow_name="UpdateSparseImageChunks",
file_urn=fd.urn,
chunks_to_fetch=missing_chunks)
def ListDirectoryOnClient(self, path):
# NOTE: Path is a client side path, so does not have a leading
# /<client name>/fs/os
pathspec = rdfvalue.PathSpec(path=path, pathtype="OS")
# Decrease the max sleep time since the test flows are pretty fast.
flow_utils.StartFlowAndWait(self.client_id, token=self.token,
flow_name="ListDirectory",
pathspec=pathspec)
def runTest(self):
if self.local_worker:
self.session_id = debugging.StartFlowAndWorker(
self.client_id, self.flow, **self.args)
else:
self.session_id = flow_utils.StartFlowAndWait(self.client_id,
flow_name=self.flow,
timeout=self.timeout,
token=self.token,
**self.args)
self.CheckFlow()
def runTest(self):
if self.client_min_version:
target_client = aff4.FACTORY.Open(self.client_id, token=self.token)
client_info = target_client.Get(target_client.Schema.CLIENT_INFO)
if client_info.client_version < self.client_min_version:
message = "Skipping version %s less than client_min_version: %s" % (
client_info.client_version, self.client_min_version)
return self.skipTest(message)
if self.local_worker:
self.session_id = debugging.StartFlowAndWorker(
self.client_id, self.flow, **self.args)
else:
self.session_id = flow_utils.StartFlowAndWait(
self.client_id, flow_name=self.flow,
timeout=self.timeout, token=self.token, **self.args)
self.CheckFlow()
def runTest(self):
if self.local_worker:
self.session_id = debugging.StartFlowAndWorker(
self.client_id,
self.flow,
cpu_limit=self.cpu_limit,
network_bytes_limit=self.network_bytes_limit,
**self.args)
else:
self.session_id = flow_utils.StartFlowAndWait(
self.client_id,
flow_name=self.flow,
cpu_limit=self.cpu_limit,
network_bytes_limit=self.network_bytes_limit,
token=self.token,
**self.args)
self.CheckFlow()
def GetGRRBinaryName(self, run_interrogate=True):
client = aff4.FACTORY.Open(self.client_id, mode="r", token=self.token)
self.assertIsInstance(client, aff4.VFSGRRClient)
config = client.Get(aff4.VFSGRRClient.SchemaCls.GRR_CONFIGURATION)
if config is None:
# Try running Interrogate once.
if run_interrogate:
flow_utils.StartFlowAndWait(self.client_id,
flow_name="Interrogate",
token=self.token)
return self.GetGRRBinaryName(run_interrogate=False)
else:
self.fail(
"No valid configuration found, interrogate the client before "
"running this test.")
else:
self.binary_name = config["Client.binary_name"]
return self.binary_name
"""GRR console script to collect bashrc."""
from grr.lib import flow_utils
from grr.lib.flows.general import file_finder
action = file_finder.FileFinderAction(action_type="DOWNLOAD")
ff_args = file_finder.FileFinderArgs(paths=["/home/*/.bashrc"], action=action)
newest_time = ""
target_client = None
for client in SearchClients("client-ubuntu-trusty-m"):
if client[3] > newest_time:
newest_time = client[3]
target_client = client[0]
if target_client:
flow_utils.StartFlowAndWait(target_client.urn,
token=None,
flow_name="FileFinder",
args=ff_args)
