def testFileFinderFlowNameCanBeOverriden(self): router = self._CreateRouter( file_finder_flow=rr.RobotRouterFileFinderFlowParams( enabled=True, file_finder_flow_name=AnotherFileFinder.__name__)) with self.assertRaises(access_control.UnauthorizedAccess): router.CreateFlow(api_flow.ApiCreateFlowArgs( flow=api_flow.ApiFlow(name=file_finder.FileFinder.__name__), client_id=self.client_id), token=self.token) router.CreateFlow(api_flow.ApiCreateFlowArgs( flow=api_flow.ApiFlow(name=AnotherFileFinder.__name__), client_id=self.client_id), token=self.token)
def Handle(self, args, token=None): flow_urn = args.flow_id.ResolveCronJobFlowURN(args.cron_job_id) flow_obj = aff4.FACTORY.Open( flow_urn, aff4_type=flow.GRRFlow, mode="r", token=token) return api_plugins_flow.ApiFlow().InitFromAff4Object( flow_obj, with_state_and_context=True)
def Check(path): router.CreateFlow(api_flow.ApiCreateFlowArgs( flow=api_flow.ApiFlow( name=file_finder.FileFinder.__name__, args=rdf_file_finder.FileFinderArgs(paths=[path])), client_id=self.client_id), token=self.token)
def InitFromAff4Object(self, approval_obj, approval_subject_obj=None): if not approval_subject_obj: approval_subject_obj = aff4.FACTORY.Open( approval_obj.Get(approval_obj.Schema.SUBJECT), aff4_type=implementation.GRRHunt, token=approval_obj.token) self.subject = api_hunt.ApiHunt().InitFromAff4Object( approval_subject_obj, with_full_summary=True) result = _InitApiApprovalFromAff4Object(self, approval_obj) original_object = approval_subject_obj.runner_args.original_object if original_object.object_type == "FLOW_REFERENCE": urn = original_object.flow_reference.ToFlowURN() original_flow = aff4.FACTORY.Open(urn, aff4_type=flow.GRRFlow, token=approval_obj.token) result.copied_from_flow = api_flow.ApiFlow().InitFromAff4Object( original_flow, flow_id=original_flow.urn.Basename()) elif original_object.object_type == "HUNT_REFERENCE": urn = original_object.hunt_reference.ToHuntURN() original_hunt = aff4.FACTORY.Open(urn, aff4_type=implementation.GRRHunt, token=approval_obj.token) result.copied_from_hunt = api_hunt.ApiHunt().InitFromAff4Object( original_hunt, with_full_summary=True) return result
def Check(artifacts): router.CreateFlow(api_flow.ApiCreateFlowArgs( flow=api_flow.ApiFlow( name=collectors.ArtifactCollectorFlow.__name__, args=artifact_utils.ArtifactCollectorFlowArgs( artifact_list=artifacts)), client_id=self.client_id), token=self.token)
def Check(path): with self.assertRaises(access_control.UnauthorizedAccess): router.CreateFlow(api_flow.ApiCreateFlowArgs( flow=api_flow.ApiFlow( name=file_finder.FileFinder.__name__, args=rdf_file_finder.FileFinderArgs(paths=[path])), client_id=self.client_id), token=self.token)
def Check(artifacts): with self.assertRaises(access_control.UnauthorizedAccess): router.CreateFlow(api_flow.ApiCreateFlowArgs( flow=api_flow.ApiFlow( name=collectors.ArtifactCollectorFlow.__name__, args=artifact_utils.ArtifactCollectorFlowArgs( artifact_list=artifacts)), client_id=self.client_id), token=self.token)
def testArtifactCollectorFlowNameCanBeOverriden(self): router = self._CreateRouter( artifact_collector_flow=rr.RobotRouterArtifactCollectorFlowParams( enabled=True, artifact_collector_flow_name=AnotherArtifactCollector.__name__) ) with self.assertRaises(access_control.UnauthorizedAccess): router.CreateFlow(api_flow.ApiCreateFlowArgs( flow=api_flow.ApiFlow( name=collectors.ArtifactCollectorFlow.__name__), client_id=self.client_id), token=self.token) router.CreateFlow(api_flow.ApiCreateFlowArgs( flow=api_flow.ApiFlow(name=AnotherArtifactCollector.__name__), client_id=self.client_id), token=self.token)
def _CreateFlowWithRobotId(self, flow_name=None, flow_args=None): flow_name = flow_name or file_finder.FileFinder.__name__ handler = rr.ApiRobotCreateFlowHandler(robot_id=self.robot_id) flow_result = handler.Handle(api_flow.ApiCreateFlowArgs( client_id=self.client_id, flow=api_flow.ApiFlow(name=flow_name, args=flow_args)), token=self.token) return flow_result.flow_id
def Handle(self, args, token=None): flow_urn = aff4_cronjobs.CRON_MANAGER.CRON_JOBS_PATH.Add( args.cron_job_id).Add(args.flow_id.Basename()) flow_obj = aff4.FACTORY.Open(flow_urn, aff4_type=flow.GRRFlow, mode="r", token=token) return api_plugins_flow.ApiFlow().InitFromAff4Object(flow_obj)
def testOnlyFileFinderAndArtifactCollectorFlowsAreAllowed(self): router = self._CreateRouter( file_finder_flow=rr.RobotRouterFileFinderFlowParams(enabled=True), artifact_collector_flow=rr.RobotRouterArtifactCollectorFlowParams( enabled=True)) with self.assertRaises(access_control.UnauthorizedAccess): router.CreateFlow(api_flow.ApiCreateFlowArgs( flow=api_flow.ApiFlow(name=test_lib.BrokenFlow.__name__), client_id=self.client_id), token=self.token)
def testRunnerArgsBaseSessionIdDoesNotAffectCreatedFlow(self): """When multiple clients match, check we run on the latest one.""" flow_runner_args = rdf_flows.FlowRunnerArgs( base_session_id="aff4:/foo") args = flow_plugin.ApiCreateFlowArgs( client_id=self.client_id.Basename(), flow=flow_plugin.ApiFlow(name=processes.ListProcesses.__name__, runner_args=flow_runner_args)) result = self.handler.Handle(args, token=self.token) self.assertFalse(utils.SmartStr(result.urn).startswith("aff4:/foo"))
def testLeavesClientIdEmptyForNonClientBasedFlows(self): client_id = self.SetupClients(1)[0] flow_urn = flow.GRRFlow.StartFlow( client_id=client_id, flow_name=processes.ListProcesses.__name__, token=self.token) flow_obj = aff4.FACTORY.Open(flow_urn, token=self.token) flow_api_obj = flow_plugin.ApiFlow().InitFromAff4Object( flow_obj, flow_id=flow_urn.Basename()) self.assertEquals(flow_api_obj.client_id, client_plugin.ApiClientId(client_id))
def testInitializesClientIdForClientBasedFlows(self): client_id = self.SetupClients(1)[0] flow_urn = flow.GRRFlow.StartFlow( # Override base session id, so that the flow URN looks # like: aff4:/F:112233 base_session_id="aff4:/", client_id=client_id, flow_name=processes.ListProcesses.__name__, token=self.token) flow_obj = aff4.FACTORY.Open(flow_urn, token=self.token) flow_api_obj = flow_plugin.ApiFlow().InitFromAff4Object( flow_obj, flow_id=flow_urn.Basename()) self.assertIsNone(flow_api_obj.client_id)
def Handle(self, args, token=None): if not args.client_id: raise RuntimeError("Client id has to be specified.") if not args.flow.name: raise RuntimeError("Flow name is not specified.") # Note that runner_args are dropped. From all the arguments We use only # the flow name and the arguments. flow_id = flow.GRRFlow.StartFlow( client_id=args.client_id.ToClientURN(), flow_name=args.flow.name, token=token, args=self.override_flow_args or args.flow.args) with aff4.FACTORY.Open( flow_id, aff4_type=flow.GRRFlow, mode="rw", token=token) as fd: fd.AddLabel(LABEL_NAME_PREFIX + self.robot_id) return api_flow.ApiFlow().InitFromAff4Object( fd, flow_id=flow_id.Basename())
def Run(self): def ReplaceFlowId(): flows_dir_fd = aff4.FACTORY.Open(self.client_id.Add("flows"), token=self.token) flow_urn = list(flows_dir_fd.ListChildren())[0] return {flow_urn.Basename(): "W:ABCDEF"} with test_lib.FakeTime(42): self.Check("CreateFlow", args=flow_plugin.ApiCreateFlowArgs( client_id=self.client_id.Basename(), flow=flow_plugin.ApiFlow( name=processes.ListProcesses.__name__, args=processes.ListProcessesArgs( filename_regex=".", fetch_binaries=True), runner_args=rdf_flows.FlowRunnerArgs( output_plugins=[], priority="HIGH_PRIORITY", notify_to_user=False))), replace=ReplaceFlowId)
def testFileFinderHashMaxFileSizeCanBeOverriden(self): router = self._CreateRouter( file_finder_flow=rr.RobotRouterFileFinderFlowParams( enabled=True, max_file_size=42)) ha = rdf_file_finder.FileFinderHashActionOptions() ha.max_size = 80 ha.oversized_file_policy = ha.OversizedFilePolicy.HASH_TRUNCATED path = "/foo/bar" handler = router.CreateFlow(api_flow.ApiCreateFlowArgs( flow=api_flow.ApiFlow(name=file_finder.FileFinder.__name__, args=rdf_file_finder.FileFinderArgs( paths=[path], action=rdf_file_finder.FileFinderAction( action_type="HASH", hash=ha))), client_id=self.client_id), token=self.token) ha = handler.override_flow_args.action.hash self.assertEqual(ha.oversized_file_policy, ha.OversizedFilePolicy.SKIP) self.assertEqual(ha.max_size, 42)
def testFileFinderDownloadMaxFileSizeCanBeOverriden(self): router = self._CreateRouter( file_finder_flow=rr.RobotRouterFileFinderFlowParams( enabled=True, max_file_size=42)) da = rdf_file_finder.FileFinderDownloadActionOptions() da.max_size = 80 da.oversized_file_policy = da.OversizedFilePolicy.DOWNLOAD_TRUNCATED path = "/foo/bar" handler = router.CreateFlow(api_flow.ApiCreateFlowArgs( flow=api_flow.ApiFlow(name=file_finder.FileFinder.__name__, args=rdf_file_finder.FileFinderArgs( paths=[path], action=rdf_file_finder.FileFinderAction( action_type="DOWNLOAD", download=da))), client_id=self.client_id), token=self.token) da = handler.override_flow_args.action.download self.assertEqual(da.oversized_file_policy, da.OversizedFilePolicy.SKIP) self.assertEqual(da.max_size, 42)
def setUp(self): super(ApiLabelsRestrictedCallRouterTest, self).setUp() self.client_urn = self.SetupClient(0) with aff4.FACTORY.Open(self.client_urn, mode="rw", token=self.token) as fd: fd.AddLabel("foo", owner="GRR") self.client_id = self.client_urn.Basename() self.hunt_id = "H:123456" c = api_router.ApiLabelsRestrictedCallRouter self.checks = {} # Artifacts methods. self.CheckMethod(c.ListArtifacts) self.CheckMethod(c.UploadArtifact) self.CheckMethod(c.DeleteArtifacts) # Clients methods self.CheckMethod(c.SearchClients) self.CheckMethod(c.GetClient, client_id=self.client_id) self.CheckMethod(c.GetClientVersions, client_id=self.client_id) self.CheckMethod(c.GetClientVersionTimes, client_id=self.client_id) self.CheckMethod(c.InterrogateClient, client_id=self.client_id) self.CheckMethod(c.GetInterrogateOperationState) self.CheckMethod(c.GetLastClientIPAddress, client_id=self.client_id) # Virtual file system methods. self.CheckMethod(c.ListFiles, client_id=self.client_id) self.CheckMethod(c.GetFileDetails, client_id=self.client_id) self.CheckMethod(c.GetFileText, client_id=self.client_id) self.CheckMethod(c.GetFileBlob, client_id=self.client_id) self.CheckMethod(c.GetFileVersionTimes, client_id=self.client_id) self.CheckMethod(c.GetFileDownloadCommand, client_id=self.client_id) self.CheckMethod(c.CreateVfsRefreshOperation, client_id=self.client_id) self.CheckMethod(c.GetVfsRefreshOperationState) self.CheckMethod(c.GetVfsTimeline, client_id=self.client_id) self.CheckMethod(c.GetVfsTimelineAsCsv, client_id=self.client_id) # Clients labels methods. self.CheckMethod(c.ListClientsLabels) self.CheckMethod(c.AddClientsLabels, client_ids=[self.client_id]) self.CheckMethod(c.RemoveClientsLabels, client_ids=[self.client_id]) # Clients flows methods. self.CheckMethod(c.ListFlows, client_id=self.client_id) self.CheckMethod(c.GetFlow, client_id=self.client_id) self.CheckMethod( c.CreateFlow, client_id=self.client_id, flow=api_flow.ApiFlow(name=processes.ListProcesses.__name__)) self.CheckMethod(c.CancelFlow, client_id=self.client_id) self.CheckMethod(c.ListFlowResults, client_id=self.client_id) self.CheckMethod(c.GetFlowResultsExportCommand, client_id=self.client_id) self.CheckMethod(c.GetFlowFilesArchive, client_id=self.client_id) self.CheckMethod(c.ListFlowOutputPlugins, client_id=self.client_id) self.CheckMethod(c.ListFlowOutputPluginLogs, client_id=self.client_id) self.CheckMethod(c.ListFlowOutputPluginErrors, client_id=self.client_id) self.CheckMethod(c.ListFlowLogs, client_id=self.client_id) # Cron jobs methods. self.CheckMethod(c.ListCronJobs) self.CheckMethod(c.CreateCronJob) self.CheckMethod(c.DeleteCronJob) # Hunts methods. self.CheckMethod(c.ListHunts) self.CheckMethod(c.GetHunt, hunt_id=self.hunt_id) self.CheckMethod(c.ListHuntErrors, hunt_id=self.hunt_id) self.CheckMethod(c.ListHuntLogs, hunt_id=self.hunt_id) self.CheckMethod(c.ListHuntResults, hunt_id=self.hunt_id) self.CheckMethod(c.GetHuntResultsExportCommand, hunt_id=self.hunt_id) self.CheckMethod(c.ListHuntOutputPlugins, hunt_id=self.hunt_id) self.CheckMethod(c.ListHuntOutputPluginLogs, hunt_id=self.hunt_id) self.CheckMethod(c.ListHuntOutputPluginErrors, hunt_id=self.hunt_id) self.CheckMethod(c.ListHuntCrashes, hunt_id=self.hunt_id) self.CheckMethod(c.GetHuntClientCompletionStats, hunt_id=self.hunt_id) self.CheckMethod(c.GetHuntStats, hunt_id=self.hunt_id) self.CheckMethod(c.ListHuntClients, hunt_id=self.hunt_id) self.CheckMethod(c.GetHuntContext, hunt_id=self.hunt_id) self.CheckMethod(c.CreateHunt) self.CheckMethod(c.GetHuntFilesArchive, hunt_id=self.hunt_id) self.CheckMethod(c.GetHuntFile, hunt_id=self.hunt_id) # Stats metrics methods. self.CheckMethod(c.ListStatsStoreMetricsMetadata) self.CheckMethod(c.GetStatsStoreMetric) # Approvals methods. self.CheckMethod(c.CreateClientApproval, client_id=self.client_id) self.CheckMethod(c.GetClientApproval, client_id=self.client_id) self.CheckMethod(c.ListClientApprovals, client_id=self.client_id) self.CheckMethod(c.ListHuntApprovals) self.CheckMethod(c.ListCronJobApprovals) # User settings methods. self.CheckMethod(c.GetPendingUserNotificationsCount) self.CheckMethod(c.ListPendingUserNotifications) self.CheckMethod(c.DeletePendingUserNotification) self.CheckMethod(c.ListAndResetUserNotifications) self.CheckMethod(c.GetGrrUser) self.CheckMethod(c.UpdateGrrUser) self.CheckMethod(c.ListPendingGlobalNotifications) self.CheckMethod(c.DeletePendingGlobalNotification) # Config methods. self.CheckMethod(c.GetConfig) self.CheckMethod(c.GetConfigOption) # Reflection methods. self.CheckMethod(c.ListKbFields) self.CheckMethod(c.ListFlowDescriptors) self.CheckMethod(c.ListAff4AttributeDescriptors) self.CheckMethod(c.GetRDFValueDescriptor) self.CheckMethod(c.ListRDFValuesDescriptors) self.CheckMethod(c.ListOutputPluginDescriptors) self.CheckMethod(c.ListKnownEncodings) self.CheckMethod(c.ListApiMethods) non_checked_methods = (set(self.checks.keys()) - set(c.GetAnnotatedMethods().keys())) if non_checked_methods: raise RuntimeError( "Not all methods are covered with CheckMethod() " "checks: " + ", ".join(non_checked_methods))
def testAllGlobalFlowsMethodsAreAccessChecked(self): args = api_flow.ApiCreateFlowArgs(flow=api_flow.ApiFlow( name="ListProcesses")) self.CheckMethodIsAccessChecked(self.router.CreateGlobalFlow, "CheckIfCanStartFlow", args=args)