def FromSerializedBytes(cls, value: bytes):
raise NotImplementedError(
"Class {} does not implement FromSerializedBytes.".format(
compatibility.GetName(cls)))
def GetRegistryValue(self, source):
"""Retrieve directly specified registry values, returning Stat objects."""
new_paths = set()
has_glob = False
for kvdict in source.attributes["key_value_pairs"]:
if "*" in kvdict["key"] or rdf_paths.GROUPING_PATTERN.search(
kvdict["key"]):
has_glob = True
if kvdict["value"]:
# This currently only supports key value pairs specified using forward
# slash.
path = "\\".join((kvdict["key"], kvdict["value"]))
else:
# If value is not set, we want to get the default value. In
# GRR this is done by specifying the key only, so this is what
# we do here.
path = kvdict["key"]
try:
expanded_paths = artifact_utils.InterpolateKbAttributes(
path, self.state.knowledge_base)
except artifact_utils.KbInterpolationMissingAttributesError as error:
logging.error(str(error))
if not self.args.ignore_interpolation_errors:
raise
else:
expanded_paths = []
new_paths.update(expanded_paths)
if has_glob:
self.CallFlow(
filesystem.Glob.__name__,
paths=new_paths,
pathtype=rdf_paths.PathSpec.PathType.REGISTRY,
request_data={
"artifact_name": self.current_artifact_name,
"source": source.ToPrimitiveDict()
},
next_state=compatibility.GetName(self.ProcessCollected))
else:
# We call statfile directly for keys that don't include globs because it
# is faster and some artifacts rely on getting an IOError to trigger
# fallback processing.
for new_path in new_paths:
pathspec = rdf_paths.PathSpec(
path=new_path, pathtype=rdf_paths.PathSpec.PathType.REGISTRY)
# TODO(hanuszczak): Support for old clients ends on 2021-01-01.
# This conditional should be removed after that date.
if not self.client_version or self.client_version >= 3221:
stub = server_stubs.GetFileStat
request = rdf_client_action.GetFileStatRequest(pathspec=pathspec)
else:
stub = server_stubs.StatFile
request = rdf_client_action.ListDirRequest(pathspec=pathspec)
self.CallClient(
stub,
request,
request_data={
"artifact_name": self.current_artifact_name,
"source": source.ToPrimitiveDict()
},
next_state=compatibility.GetName(
self.ProcessCollectedRegistryStatEntry))
def CollectArtifactFiles(self, source):
"""Collect files from artifact pathspecs."""
self._StartSubArtifactCollector(
artifact_list=source.attributes["artifact_list"],
source=source,
next_state=compatibility.GetName(self.ProcessCollectedArtifactFiles))
def _GroupItemsByType(iterable):
"""Returns a dict, grouping items by the name of their type."""
results = {}
for item in iterable:
results.setdefault(compatibility.GetName(type(item)), []).append(item)
return results
def Start(self):
"""Start processing."""
self.CallClient(
server_stubs.ListProcesses,
next_state=compatibility.GetName(self.IterateProcesses))
def CreateBlobStore(self):
backing_store_name = compatibility.GetName(mem_blobs.InMemoryBlobStore)
bs = dual_blob_store.DualBlobStore(backing_store_name,
backing_store_name)
return bs, lambda: _StopBackgroundThread(bs)
def MultiGetFileStarted():
return compatibility.GetName(transfer.MultiGetFile) in [
f.flow_class_name for f in data_store.REL_DB.ReadAllFlowObjects(
client_id=self.client_id)
]
def Start(self):
"""Call the kill function on the client."""
self.CallClient(
server_stubs.Kill, next_state=compatibility.GetName(self.Confirmation))
def Start(self):
"""Call the UpdateConfiguration function on the client."""
self.CallClient(
server_stubs.UpdateConfiguration,
request=self.args.config,
next_state=compatibility.GetName(self.Confirmation))
def Start(self):
self.CallClient(
server_stubs.GetClientStats,
next_state=compatibility.GetName(self.StoreResults))
def Start(self):
"""Issue a request to delete tempfiles in directory."""
self.CallClient(
server_stubs.DeleteGRRTempFiles,
self.args.pathspec,
next_state=compatibility.GetName(self.Done))
def _ScheduleCronJob(self):
cron_job_id = compatibility.GetName(cron_system.OSBreakDownCronJob)
cronjobs.ScheduleSystemCronJobs(names=[cron_job_id])
cronjobs.CronManager().DisableJob(cron_job_id)
return cron_job_id
def __repr__(self):
return "<{} {}>".format(compatibility.GetName(type(self)), self)
def __repr__(self):
content = str(self)
# Note %r, which prevents nasty nonascii characters from being printed,
# including dangerous terminal escape sequences.
return "<%s(%r)>" % (compatibility.GetName(self.__class__), content)
def testRelationalDBFlowsEnabled(self):
result = data_store.RelationalDBFlowsEnabled()
expected = self._IsDBTest() or self._IsStableDBTest()
self.assertEqual(
result, expected, "RelationalDBFlowsEnabled() is %s for %s" %
(result, compatibility.GetName(self.__class__)))
def Start(self): self.state.end_time = self.args.duration.Expiry() self.CallStateInline(next_state=compatibility.GetName(self.SendMessage))
def __repr__(self):
cls_name = compatibility.GetName(self.__class__)
value = text.Hexify(self._value)
return "{cls_name}('{value}')".format(cls_name=cls_name, value=value)
def testClass(self):
class Foo(object):
pass
self.assertEqual(compatibility.GetName(Foo), "Foo")
def Start(self):
"""Issue a request to list the directory."""
self.CallClient(server_stubs.PlistQuery,
request=self.args.request,
next_state=compatibility.GetName(self.Receive))
def testFunction(self):
def Bar():
pass
self.assertEqual(compatibility.GetName(Bar), "Bar")
def __repr__(self):
return "<{} varname={!r} fields={!r} metric={!r}>".format(
compatibility.GetName(type(self)), self.metadata.varname,
self.fields, self.metric)
def testClass(self):
class Foo(object):
pass
compatibility.SetName(Foo, "Bar")
self.assertEqual(compatibility.GetName(Foo), "Bar")
def _CreateOSBreakDownCronJobApproval(self):
job_name = compatibility.GetName(cron_system.OSBreakDownCronJob)
cronjobs.ScheduleSystemCronJobs(names=[job_name])
cronjobs.CronManager().DisableJob(job_name)
return job_name
def testFunction(self):
def Baz():
pass
compatibility.SetName(Baz, "Thud")
self.assertEqual(compatibility.GetName(Baz), "Thud")
def testCreateHuntFromFlow(self):
email_descriptor = rdf_output_plugin.OutputPluginDescriptor(
plugin_name=compatibility.GetName(email_plugin.EmailOutputPlugin),
plugin_args=email_plugin.EmailOutputPluginArgs(
email_address="test@localhost", emails_limit=42))
args = flows_processes.ListProcessesArgs(filename_regex="test[a-z]*",
fetch_binaries=True)
flow_test_lib.StartFlow(flows_processes.ListProcesses,
flow_args=args,
client_id=self.client_id,
output_plugins=[email_descriptor])
# Navigate to client and select newly created flow.
self.Open("/#/clients/%s" % self.client_id)
self.Click("css=a[grrtarget='client.flows']")
self.Click("css=td:contains('ListProcesses')")
# Open wizard and check if flow arguments are copied.
self.Click("css=button[name=create_hunt]")
self.WaitUntilEqual("test[a-z]*", self.GetValue,
"css=label:contains('Filepath Regex') ~ * input")
self.WaitUntil(
self.IsChecked, "css=label:contains('Fetch Binaries') "
"~ * input[type=checkbox]")
# Go to output plugins page and check that we did not copy the output
# plugins.
self.Click("css=button:contains('Next')")
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('Hunt parameters')")
self.Click("css=grr-new-hunt-wizard-form button.Next")
self.WaitUntil(
self.IsElementPresent,
"css=grr-wizard-form:contains('How to process results')")
self.WaitUntilNot(self.IsElementPresent,
"css=grr-output-plugin-descriptor-form")
# Nothing else to check, so finish the hunt.
# Click on "Next" button
self.Click("css=grr-new-hunt-wizard-form button.Next")
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('Where to run?')")
self.Click("css=button:contains('Next')")
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('Review')")
self.Click("css=button:contains('Create Hunt')")
self.Click("css=button:contains('Done')")
# Check that we get redirected to ManageHunts.
self.WaitUntilEqual(1, self.GetCssCount,
"css=grr-hunts-list table tbody tr")
self.WaitUntilEqual(1, self.GetCssCount,
"css=grr-hunts-list table tbody tr.row-selected")
self.WaitUntil(self.IsTextPresent, "GenericHunt")
self.WaitUntil(self.IsTextPresent,
compatibility.GetName(flows_processes.ListProcesses))
def testSimple(self):
cls = compatibility.MakeType("Foo", (object, ), {})
self.assertEqual(compatibility.GetName(cls), "Foo")
self.assertIsInstance(cls(), cls)
def CollectArtifacts(self, source):
self._StartSubArtifactCollector(
artifact_list=source.attributes["names"],
source=source,
next_state=compatibility.GetName(self.ProcessCollected))
def _IsStableDBTest(self):
name = compatibility.GetName(self.__class__)
return name.endswith("_StableRelationalDBEnabled")
def CollectArtifacts(self, client_artifact_collector_args):
"""Start the client side artifact collection."""
self.CallClient(
server_stubs.ArtifactCollector,
request=client_artifact_collector_args,
next_state=compatibility.GetName(self.ProcessCollected))
def FromWireFormat(cls, value):
raise NotImplementedError(
"Class {} does not implement FromWireFormat.".format(
compatibility.GetName(cls)))
