def CreateGenericHuntWithCollection(self, values=None): self.client_ids = self.SetupClients(10) if values is None: values = [ rdfvalue.RDFURN("aff4:/sample/1"), rdfvalue.RDFURN("aff4:/C.0000000000000001/fs/os/c/bin/bash"), rdfvalue.RDFURN("aff4:/sample/3") ] client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( attribute_name="GRR client", attribute_regex="GRR")) ]) with implementation.GRRHunt.StartHunt( hunt_name=standard.GenericHunt.__name__, client_rule_set=client_rule_set, output_plugins=[], token=self.token) as hunt: runner = hunt.GetRunner() runner.Start() collection = hunt.ResultCollection() for value in values: collection.Add( rdf_flows.GrrMessage(payload=value, source=self.client_ids[0])) return hunt.urn
def testHuntNotifications(self): """This tests the Hunt notification event.""" TestHuntListener.received_events = [] # Set up 10 clients. client_ids = self.SetupClients(10) client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( attribute_name="GRR client", attribute_regex="GRR")) ]) with implementation.GRRHunt.StartHunt( hunt_name=BrokenSampleHunt.__name__, client_rule_set=client_rule_set, client_rate=0, notification_event="TestHuntDone", token=self.token) as hunt: hunt.GetRunner().Start() foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) for client_id in client_ids: foreman.AssignTasksToClient(client_id) # Run the hunt. client_mock = hunt_test_lib.SampleHuntMock() hunt_test_lib.TestHuntHelper( client_mock, client_ids, check_flow_errors=False, token=self.token) self.assertEqual(len(TestHuntListener.received_events), 5)
def Start(self): self.state.hunt_id = None self.state.client_ids = set() self.state.client_ids_failures = set() self.state.client_ids_result_reported = set() self.state.client_ids = list( base.GetClientTestTargets(token=self.token)) if not self.state.client_ids: self.Log("No clients to test on, define them in " "Test.end_to_end_client_ids") return # SetUID is required to run a hunt on the configured end-to-end client # targets without an approval. token = access_control.ACLToken( username="******", reason="Running endtoend tests.").SetUID() runner_args = rdf_flows.FlowRunnerArgs(flow_name="EndToEndTestFlow") flow_request = hunts_standard.FlowRequest( client_ids=self.state.client_ids, args=flows_endtoend.EndToEndTestFlowArgs(), runner_args=runner_args) bogus_rule = rdf_foreman.ForemanRegexClientRule( attribute_name="System", attribute_regex="Does not match anything") client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=bogus_rule) ]) hunt_args = hunts_standard.VariableGenericHuntArgs( flows=[flow_request]) hunt_args.output_plugins = self.GetOutputPlugins() with hunts.GRRHunt.StartHunt(hunt_name="VariableGenericHunt", args=hunt_args, client_rule_set=client_rule_set, client_rate=0, expiry_time="1d", token=token) as hunt: self.state.hunt_id = hunt.session_id hunt.SetDescription("EndToEnd tests run by cron") hunt.Run() hunt.ManuallyScheduleClients(token=token) # Set a callback to check the results after 50 minutes. This should be # plenty of time for the clients to receive the hunt and run the tests, but # not so long that the flow lease will expire. wait_duration = rdfvalue.Duration( config_lib.CONFIG.Get("Test.end_to_end_result_check_wait")) completed_time = rdfvalue.RDFDatetime.Now() + wait_duration self.CallState(next_state="CheckResults", start_time=completed_time)
def testEvaluatesNegativeInMatchAnyModeIfNoRuleMatches(self): # Instantiate a rule set that matches if any of its two # operating system rules matches rs = rdf_foreman.ForemanClientRuleSet( match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ANY, rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule(os_windows=False, os_linux=True, os_darwin=False)), rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule(os_windows=False, os_linux=True, os_darwin=True)) ]) client_id_win = self.SetupClient(0, system="Windows") # None of the set's rules has os_windows=True, so the whole set doesn't # match self.assertFalse( rs.Evaluate( CollectAff4Objects(rs.GetPathsToCheck(), client_id_win, self.token), client_id_win))
def _CreateHuntFromHunt(self): flow_args = rdf_file_finder.FileFinderArgs( paths=["a/*", "b/*"], action=rdf_file_finder.FileFinderAction(action_type="STAT")) flow_runner_args = rdf_flows.FlowRunnerArgs( flow_name=file_finder.FileFinder.__name__) client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( attribute_name="GRR client", attribute_regex="GRR")) ]) source_h = self.CreateHunt(flow_args=flow_args, flow_runner_args=flow_runner_args, description="foo-description", client_rule_set=client_rule_set) ref = rdf_hunts.FlowLikeObjectReference.FromHuntId( source_h.urn.Basename()) # Modify flow_args so that there are differences. flow_args.paths = ["b/*", "c/*"] client_rule_set.rules[0].regex.attribute_name = "Something else" output_plugins = [ output_plugin.OutputPluginDescriptor( plugin_name="TestOutputPlugin") ] new_h = self.CreateHunt(flow_args=flow_args, flow_runner_args=flow_runner_args, description="bar-description", client_rule_set=client_rule_set, output_plugins=output_plugins, original_object=ref) return new_h, source_h
def testEvaluatesNegativeInMatchAllModeIfOnlyOneRuleMatches(self): # Instantiate a rule set that matches if all of its two # operating system rules match rs = rdf_foreman.ForemanClientRuleSet( match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL, rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule(os_windows=False, os_linux=True, os_darwin=False)), rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule(os_windows=False, os_linux=True, os_darwin=True)) ]) client_id_dar, = self.SetupClients(nr_clients=1, system="Darwin") # One of the set's rules has os_darwin=False, so the whole set doesn't # match with the match all match mode self.assertFalse( rs.Evaluate( CollectAff4Objects(rs.GetPathsToCheck(), client_id_dar, self.token), client_id_dar))
def _CreateForemanClientRuleSet(self): return rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( field="CLIENT_NAME", attribute_regex="GRR")) ])
def SetUpCrashedFlowInHunt(self): client_ids = [ rdf_client.ClientURN("C.%016X" % i) for i in range(0, 10) ] client_mocks = dict([(client_id, test_lib.CrashClientMock(client_id, self.token)) for client_id in client_ids]) client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( attribute_name="GRR client", attribute_regex="")) ]) with hunts.GRRHunt.StartHunt(hunt_name="SampleHunt", client_rule_set=client_rule_set, client_rate=0, token=self.token) as hunt: hunt.Run() foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) for client_id in client_ids: self.assertTrue(foreman.AssignTasksToClient(client_id)) test_lib.TestHuntHelperWithMultipleMocks(client_mocks, False, self.token) return client_ids
def testCopyHuntPreservesRuleType(self): implementation.GRRHunt.StartHunt( hunt_name=standard.GenericHunt.__name__, description="model hunt", flow_runner_args=rdf_flows.FlowRunnerArgs( flow_name=transfer.GetFile.__name__), flow_args=transfer.GetFileArgs(pathspec=rdf_paths.PathSpec( path="/tmp/evil.txt", pathtype=rdf_paths.PathSpec.PathType.TSK,)), client_rule_set=rdf_foreman.ForemanClientRuleSet( rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule(os_darwin=True)) ]), token=self.token) self.Open("/#main=ManageHunts") self.Click("css=tr:contains('model hunt')") self.Click("css=button[name=CopyHunt]:not([disabled])") # Wait until dialog appears. self.WaitUntil(self.IsTextPresent, "What to run?") # Click on "Next" button. self.Click("css=grr-new-hunt-wizard-form button.Next") self.WaitUntil(self.IsTextPresent, "Output Processing") # Click on "Next" button self.Click("css=grr-new-hunt-wizard-form button.Next") self.WaitUntil(self.IsTextPresent, "Where to run?") self.WaitUntil(self.IsElementPresent, "css=grr-new-hunt-wizard-form " "label:contains('Os darwin') ~ * input:checked")
def testCallback(self, client_limit=None): """Checks that the foreman uses the callback specified in the action.""" client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( attribute_name="GRR client", attribute_regex="GRR")) ]) with implementation.GRRHunt.StartHunt( hunt_name=standard.SampleHunt.__name__, client_rule_set=client_rule_set, client_limit=client_limit, client_rate=0, token=self.token) as hunt: hunt.GetRunner().Start() # Create a client that matches our regex. client = aff4.FACTORY.Open(self.client_id, mode="rw", token=self.token) info = client.Schema.CLIENT_INFO() info.client_name = "GRR Monitor" client.Set(client.Schema.CLIENT_INFO, info) client.Close() foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) with utils.Stubber(standard.SampleHunt, "StartClients", self.Callback): self.called = [] foreman.AssignTasksToClient(client.urn) self.assertEqual(len(self.called), 1) self.assertEqual(self.called[0][1], [client.urn])
def CreateGenericHuntWithCollection(self, values=None): self.client_ids = self.SetupClients(10) if values is None: values = [ rdfvalue.RDFURN("aff4:/sample/1"), rdfvalue.RDFURN("aff4:/C.0000000000000001/fs/os/c/bin/bash"), rdfvalue.RDFURN("aff4:/sample/3") ] client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( attribute_name="GRR client", attribute_regex="GRR")) ]) with hunts.GRRHunt.StartHunt(hunt_name="GenericHunt", client_rule_set=client_rule_set, output_plugins=[], token=self.token) as hunt: runner = hunt.GetRunner() runner.Start() with aff4.FACTORY.Open( hunt.results_collection_urn, aff4_type=hunts_results.HuntResultCollection, mode="w", token=self.token) as collection: for value in values: collection.Add(rdf_flows.GrrMessage(payload=value)) return hunt.urn
def testEvaluatesPositiveInMatchAnyModeIfOneRuleMatches(self): # Instantiate a rule set that matches if any of its two # operating system rules matches rs = rdf_foreman.ForemanClientRuleSet( match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ANY, rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule(os_windows=False, os_linux=True, os_darwin=False)), rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule(os_windows=False, os_linux=True, os_darwin=True)) ]) client_id_dar = self.SetupClient(0, system="Darwin") # One of the set's rules has os_darwin=True, so the whole set matches # with the match any match mode self.assertTrue( rs.Evaluate( CollectAff4Objects(rs.GetPathsToCheck(), client_id_dar, self.token), client_id_dar))
def testRuleAdding(self): foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) rules = foreman.Get(foreman.Schema.RULES) # Make sure there are no rules yet in the foreman. self.assertEqual(len(rules), 0) client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( field="CLIENT_NAME", attribute_regex="HUNT")), rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.INTEGER, integer=rdf_foreman.ForemanIntegerClientRule( field="CLIENT_CLOCK", operator=rdf_foreman.ForemanIntegerClientRule.Operator. GREATER_THAN, value=1336650631137737)) ]) hunt = implementation.GRRHunt.StartHunt( hunt_name=standard.SampleHunt.__name__, client_rule_set=client_rule_set, client_rate=0, token=self.token) # Push the rules to the foreman. with hunt: hunt.GetRunner().Start() foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) rules = foreman.Get(foreman.Schema.RULES) # Make sure they were written correctly. self.assertEqual(len(rules), 1) rule = rules[0] self.assertEqual(rule.client_rule_set, client_rule_set) self.assertEqual(len(rule.actions), 1) self.assertEqual(rule.actions[0].hunt_name, "SampleHunt") # Running a second time should not change the rules any more. with hunt: hunt.GetRunner().Start() foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) rules = foreman.Get(foreman.Schema.RULES) # Still just one rule. self.assertEqual(len(rules), 1)
def testEvaluatesNegativeInMatchAnyModeWithNoRules(self): # Instantiate an empty rule set that matches if any of its rules matches rs = rdf_foreman.ForemanClientRuleSet( match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ANY, rules=[]) client_id_lin = self.SetupClient(0, system="Linux") # None of the set's rules has os_linux=True, so the set doesn't match self.assertFalse( rs.Evaluate(aff4.FACTORY.Open(client_id_lin, token=self.token)))
def testEvaluatesPositiveInMatchAllModeWithNoRules(self): # Instantiate an empty rule set that matches if all of its rules match rs = rdf_foreman.ForemanClientRuleSet( match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL, rules=[]) client_id_lin = self.SetupClient(0, system="Linux") # All of the set's rules have os_linux=True, so the set matches self.assertTrue( rs.Evaluate(aff4.FACTORY.Open(client_id_lin, token=self.token)))
def testEvaluatesNegativeInMatchAnyModeWithNoRules(self): # Instantiate an empty rule set that matches if any of its rules matches rs = rdf_foreman.ForemanClientRuleSet( match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ANY, rules=[]) client_id_lin, = self.SetupClients(nr_clients=1, system="Linux") # None of the set's rules has os_linux=True, so the set doesn't match self.assertFalse(rs.Evaluate(CollectAff4Objects(rs.GetPathsToCheck(), client_id_lin, self.token), client_id_lin))
def testEvaluatesPositiveInMatchAllModeWithNoRules(self): # Instantiate an empty rule set that matches if all of its rules match rs = rdf_foreman.ForemanClientRuleSet( match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL, rules=[]) client_id_lin, = self.SetupClients(nr_clients=1, system="Linux") # All of the set's rules have os_linux=True, so the set matches self.assertTrue(rs.Evaluate(CollectAff4Objects(rs.GetPathsToCheck(), client_id_lin, self.token), client_id_lin))
def CreateSampleHunt(self, token=None): client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( attribute_name="GRR client", attribute_regex="GRR")) ]) with hunts.GRRHunt.StartHunt(hunt_name="SampleHunt", client_rule_set=client_rule_set, token=token or self.token) as hunt: return hunt.session_id
def GenerateSample(self, number=0): ret = rdf_foreman.ForemanClientRuleSet() # Use the number's least significant bit to assign a match mode if number % 1: ret.match_mode = rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL else: ret.match_mode = rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ANY # Generate a sequence of rules using all other bits ret.rules = [ForemanClientRuleTest.GenerateSample(n) for n in xrange(number / 2)] return ret
def testPausingAndRestartingDoesNotStartHuntTwiceOnTheSameClient(self): """This tests if the hunt completes when some clients hang or raise.""" client_ids = self.SetupClients(10) client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( field="CLIENT_NAME", attribute_regex="GRR")) ]) with implementation.GRRHunt.StartHunt( hunt_name=standard.SampleHunt.__name__, client_rule_set=client_rule_set, client_rate=0, token=self.token) as hunt: hunt.GetRunner().Start() hunt_id = hunt.urn foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) for client_id in client_ids: num_tasks = foreman.AssignTasksToClient(client_id.Basename()) self.assertEqual(num_tasks, 1) client_mock = hunt_test_lib.SampleHuntMock() hunt_test_lib.TestHuntHelper(client_mock, client_ids, False, self.token) # Pausing and running hunt: this leads to the fresh rules being written # to Foreman.RULES. with aff4.FACTORY.Open(hunt_id, mode="rw", token=self.token) as hunt: runner = hunt.GetRunner() runner.Pause() runner.Start() # Recreating the foreman so that it updates list of rules. foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) for client_id in client_ids: num_tasks = foreman.AssignTasksToClient(client_id.Basename()) # No tasks should be assigned as this hunt ran on all the clients # before. self.assertEqual(num_tasks, 0)
def CreateSampleHunt(self, token=None): client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( attribute_name="GRR client", attribute_regex="GRR")) ]) with implementation.GRRHunt.StartHunt( hunt_name=standard.SampleHunt.__name__, client_rate=100, filename="TestFilename", client_rule_set=client_rule_set, token=token or self.token) as hunt: return hunt.session_id
def testInvalidRules(self): """Tests the behavior when a wrong attribute name is passed in a rule.""" client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( attribute_name="no such attribute", attribute_regex="HUNT")) ]) with implementation.GRRHunt.StartHunt( hunt_name=BrokenSampleHunt.__name__, client_rule_set=client_rule_set, client_rate=0, token=self.token) as hunt: runner = hunt.GetRunner() self.assertRaises(ValueError, runner.Start)
def CreateSampleHunt(self, path=None, stopped=False, output_plugins=None, client_limit=0, client_count=10, token=None): token = token or self.token self.client_ids = self.SetupClients(client_count) client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( attribute_name="GRR client", attribute_regex="GRR")) ]) with implementation.GRRHunt.StartHunt( hunt_name=standard.GenericHunt.__name__, flow_runner_args=rdf_flows.FlowRunnerArgs( flow_name=transfer.GetFile.__name__), flow_args=transfer.GetFileArgs(pathspec=rdf_paths.PathSpec( path=path or "/tmp/evil.txt", pathtype=rdf_paths.PathSpec.PathType.OS, )), client_rule_set=client_rule_set, output_plugins=output_plugins or [], client_rate=0, client_limit=client_limit, token=token) as hunt: if not stopped: hunt.Run() with aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=token) as foreman: for client_id in self.client_ids: foreman.AssignTasksToClient(client_id) self.hunt_urn = hunt.urn return aff4.FACTORY.Open(hunt.urn, mode="rw", token=token, age=aff4.ALL_TIMES)
def testBrokenHunt(self): """This tests the behavior when a hunt raises an exception.""" # Set up 10 clients. client_ids = self.SetupClients(10) client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( field="CLIENT_NAME", attribute_regex="GRR")) ]) with implementation.GRRHunt.StartHunt( hunt_name=BrokenSampleHunt.__name__, client_rule_set=client_rule_set, client_rate=0, token=self.token) as hunt: hunt.GetRunner().Start() foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) for client_id in client_ids: foreman.AssignTasksToClient(client_id.Basename()) # Run the hunt. client_mock = hunt_test_lib.SampleHuntMock() hunt_test_lib.TestHuntHelper(client_mock, client_ids, False, self.token) hunt_obj = aff4.FACTORY.Open(hunt.session_id, mode="rw", age=aff4.ALL_TIMES, token=self.token) started, finished, errors = hunt_obj.GetClientsCounts() self.assertEqual(started, 10) # There should be errors for the five clients where the hunt raised. self.assertEqual(errors, 5) # All of the clients that have the file should still finish eventually. self.assertEqual(finished, 5)
def testEvaluatesPositiveInMatchAllModeIfAllRuleMatch(self): # Instantiate a rule set that matches if all of its two # operating system rules match rs = rdf_foreman.ForemanClientRuleSet( match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL, rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=False)), rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=True)) ]) client_id_lin = self.SetupClient(0, system="Linux") # All of the set's rules have os_linux=False, so the whole set matches self.assertTrue( rs.Evaluate(aff4.FACTORY.Open(client_id_lin, token=self.token)))
def testClientLimit(self): """This tests that we can limit hunts to a number of clients.""" # Set up 10 clients. client_ids = self.SetupClients(10) client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( field="CLIENT_NAME", attribute_regex="GRR")) ]) with implementation.GRRHunt.StartHunt( hunt_name=standard.SampleHunt.__name__, client_limit=5, client_rule_set=client_rule_set, client_rate=0, token=self.token) as hunt: hunt.Run() foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) for client_id in client_ids: foreman.AssignTasksToClient(client_id.Basename()) # Run the hunt. client_mock = hunt_test_lib.SampleHuntMock() hunt_test_lib.TestHuntHelper(client_mock, client_ids, False, self.token) hunt_obj = aff4.FACTORY.Open(hunt.urn, mode="rw", age=aff4.ALL_TIMES, token=self.token) started, finished, _ = hunt_obj.GetClientsCounts() # We limited here to 5 clients. self.assertEqual(started, 5) self.assertEqual(finished, 5)
def testHangingClients(self): """This tests if the hunt completes when some clients hang or raise.""" # Set up 10 clients. client_ids = self.SetupClients(10) client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( field="CLIENT_NAME", attribute_regex="GRR")) ]) with implementation.GRRHunt.StartHunt( hunt_name=standard.SampleHunt.__name__, client_rule_set=client_rule_set, client_rate=0, token=self.token) as hunt: hunt.GetRunner().Start() foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) for client_id in client_ids: foreman.AssignTasksToClient(client_id.Basename()) client_mock = hunt_test_lib.SampleHuntMock() # Just pass 8 clients to run, the other two went offline. hunt_test_lib.TestHuntHelper(client_mock, client_ids[1:9], False, self.token) hunt_obj = aff4.FACTORY.Open(hunt.session_id, mode="rw", age=aff4.ALL_TIMES, token=self.token) started, finished, _ = hunt_obj.GetClientsCounts() # We started the hunt on 10 clients. self.assertEqual(started, 10) # But only 8 should have finished. self.assertEqual(finished, 8)
def testProcessing(self): """This tests running the hunt on some clients.""" # Set up 10 clients. client_ids = self.SetupClients(10) client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( field="CLIENT_NAME", attribute_regex="GRR")) ]) with implementation.GRRHunt.StartHunt( hunt_name=standard.SampleHunt.__name__, client_rule_set=client_rule_set, client_rate=0, token=self.token) as hunt: hunt.GetRunner().Start() foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) for client_id in client_ids: foreman.AssignTasksToClient(client_id.Basename()) # Run the hunt. client_mock = hunt_test_lib.SampleHuntMock() hunt_test_lib.TestHuntHelper(client_mock, client_ids, False, self.token) hunt_obj = aff4.FACTORY.Open(hunt.session_id, mode="r", age=aff4.ALL_TIMES, aff4_type=standard.SampleHunt, token=self.token) started, finished, _ = hunt_obj.GetClientsCounts() self.assertEqual(started, 10) self.assertEqual(finished, 10)
def testEvaluatesNegativeInMatchAllModeIfOnlyOneRuleMatches(self): # Instantiate a rule set that matches if all of its two # operating system rules match rs = rdf_foreman.ForemanClientRuleSet( match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL, rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=False)), rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=True)) ]) client_id_dar = self.SetupClient(0, system="Darwin") # One of the set's rules has os_darwin=False, so the whole set doesn't # match with the match all match mode self.assertFalse( rs.Evaluate(aff4.FACTORY.Open(client_id_dar, token=self.token)))
def _RunRateLimitedHunt(self, client_ids, start_time): client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.REGEX, regex=rdf_foreman.ForemanRegexClientRule( field="CLIENT_NAME", attribute_regex="GRR")) ]) with implementation.GRRHunt.StartHunt(hunt_name=DummyHunt.__name__, client_rule_set=client_rule_set, client_rate=1, token=self.token) as hunt: hunt.Run() # Pretend to be the foreman now and dish out hunting jobs to all the # clients.. foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) for client_id in client_ids: foreman.AssignTasksToClient(client_id.Basename()) self.assertEqual(len(DummyHunt.client_ids), 0) # Run the hunt. worker_mock = worker_test_lib.MockWorker(check_flow_errors=True, queues=queues.HUNTS, token=self.token) # One client is scheduled in the first minute. with test_lib.FakeTime(start_time + 2): worker_mock.Simulate() self.assertEqual(len(DummyHunt.client_ids), 1) # No further clients will be scheduled until the end of the first minute. with test_lib.FakeTime(start_time + 59): worker_mock.Simulate() self.assertEqual(len(DummyHunt.client_ids), 1) return worker_mock, hunt.urn