def setUp(self): self.binary = os.path.join(test_base.ARGS.build, "osquery", "osqueryi") ext = "dylib" if sys.platform == "darwin" else "so" self.modules_loader = test_base.Autoloader( [test_base.ARGS.build + "/osquery/libmodexample.%s" % ext]) self.osqueryi = test_base.OsqueryWrapper(self.binary, {"modules_autoload": self.modules_loader.path})
def test_91_extensions_settings(self): loader = test_base.Autoloader( [test_base.ARGS.build + "/osquery/example_extension.ext"]) daemon = self._run_daemon({ "disable_watchdog": True, "extensions_timeout": EXTENSION_TIMEOUT, "extensions_autoload": loader.path, }) self.assertTrue(daemon.isAlive()) # Get a python-based thrift client for the manager (core). client = test_base.EXClient(daemon.options["extensions_socket"]) self.assertTrue(client.open(timeout=EXTENSION_TIMEOUT)) em = client.getEM() # The waiting extension should have connected to the daemon. # This expect statement will block with a short timeout. result = test_base.expect(em.extensions, 1) self.assertEqual(len(result), 1) # The 'complex_example' table reports several columns. # Each is a 'test_type', check each expected value. result = em.query("select * from complex_example") if len(result.response) == 0: # There is a brief race between register and registry broadcast # That fast external client fight when querying tables. # Other config/logger plugins have wrappers to retry/wait. time.sleep(0.5) result = em.query("select * from complex_example") self.assertEqual(result.response[0]['flag_test'], 'false') self.assertEqual(result.response[0]['database_test'], '1') client.close() daemon.kill(True)
def test_10_extensions_settings(self): loader = test_base.Autoloader( [test_base.ARGS.build + "/osquery/example_extension.ext"]) daemon = self._run_daemon({ "disable_watchdog": True, "extensions_timeout": EXTENSION_TIMEOUT, "extensions_autoload": loader.path, }) self.assertTrue(daemon.isAlive()) # Get a python-based thrift client for the manager (core). client = test_base.EXClient(daemon.options["extensions_socket"]) self.assertTrue(client.open(timeout=EXTENSION_TIMEOUT)) em = client.getEM() # The waiting extension should have connected to the daemon. # This expect statement will block with a short timeout. result = test_base.expect(em.extensions, 1) self.assertEqual(len(result), 1) # The 'complex_example' table reports several columns. # Each is a 'test_type', check each expected value. result = em.query("select * from complex_example") self.assertEqual(result.response[0]['flag_test'], 'false') self.assertEqual(result.response[0]['database_test'], '1') client.close() daemon.kill(True)
def test_7_extensions_autoload_watchdog(self): loader = test_base.Autoloader("/tmp/osqueryd-temp-ext.load", [test_base.ARGS.build + "/osquery/example_extension.ext"]) daemon = self._run_daemon({"extensions_autoload": loader.path}) self.assertTrue(daemon.isAlive()) # Get a python-based thrift client client = EXClient() expectTrue(client.open) self.assertTrue(client.open()) em = client.getEM() # The waiting extension should have connected to the daemon. result = expect(em.extensions, 1) self.assertEqual(len(result), 1) client.close() daemon.kill(True)
def test_7_extensions_autoload_watchdog(self): loader = test_base.Autoloader( [test_base.ARGS.build + "/osquery/example_extension.ext"]) daemon = self._run_daemon({ "extensions_timeout": EXTENSION_TIMEOUT, "extensions_autoload": loader.path, }) self.assertTrue(daemon.isAlive()) # Get a python-based thrift client client = test_base.EXClient(daemon.options["extensions_socket"]) self.assertTrue(client.open(timeout=EXTENSION_TIMEOUT)) em = client.getEM() # The waiting extension should have connected to the daemon. result = test_base.expect(em.extensions, 1) self.assertEqual(len(result), 1) client.close() daemon.kill(True)
def test_8_external_config(self): loader = test_base.Autoloader("/tmp/osqueryd-temp-ext.load", [test_base.ARGS.build + "/osquery/example_extension.ext"]) daemon = self._run_daemon({ "extensions_autoload": loader.path, "config_plugin": "example", }) self.assertTrue(daemon.isAlive()) # Get a python-based thrift client client = EXClient() expectTrue(client.open) self.assertTrue(client.open()) em = client.getEM() # The waiting extension should have connected to the daemon. # If there are no extensions the daemon may have exited (in error). result = expect(em.extensions, 1) self.assertEqual(len(result), 1) client.close() daemon.kill(True)
def test_8_external_config(self): loader = test_base.Autoloader( [test_base.ARGS.build + "/osquery/example_extension.ext"]) daemon = self._run_daemon({ "extensions_autoload": loader.path, "extensions_timeout": EXTENSION_TIMEOUT, "config_plugin": "example", "verbose": True, }) self.assertTrue(daemon.isAlive()) # Get a python-based thrift client client = test_base.EXClient(daemon.options["extensions_socket"]) self.assertTrue(client.open(timeout=EXTENSION_TIMEOUT)) em = client.getEM() # The waiting extension should have connected to the daemon. # If there are no extensions the daemon may have exited (in error). result = test_base.expect(em.extensions, 1) self.assertEqual(len(result), 1) client.close() daemon.kill(True)