def with_deleted_files(
self: "NQ",
deleted_files_query: Optional["IFileQuery"] = None) -> "NQ":
deleted_files = deleted_files_query or FileQuery()
deleted_files._deleter = cast(ProcessQuery, self)
cast(ProcessQuery, self)._deleted_files = deleted_files
return self
def test_process_with_created_files(self) -> None:
# Given: a process with a pid 100 & process_name word.exe,
local_client = DgraphClient(DgraphClientStub("localhost:9080"))
created_timestamp = int(time.time())
parent_process = {
"process_id": 100,
"process_name": "word.exe",
"created_timestamp": created_timestamp,
} # type: Dict[str, Property]
parent_process_view = upsert(
local_client,
"Process",
ProcessView,
"763ddbda-8812-4a07-acfe-83402b92379d",
parent_process,
)
created_file = {
"file_path": "/folder/file.txt",
"created_timestamp": created_timestamp + 1000,
} # type: Dict[str, Property]
created_file_view = upsert(
local_client,
"File",
FileView,
"575f103e-1a11-4650-9f1b-5b72e44dfec3",
created_file,
)
create_edge(
local_client,
parent_process_view.uid,
"created_files",
created_file_view.uid,
)
queried_process = (
ProcessQuery()
.with_node_key(eq="763ddbda-8812-4a07-acfe-83402b92379d")
.with_process_id(eq=100)
.with_process_name(contains="word")
.with_created_timestamp(eq=created_timestamp)
.with_created_files(
FileQuery()
.with_node_key(eq="575f103e-1a11-4650-9f1b-5b72e44dfec3")
.with_file_path(eq="/folder/file.txt")
)
.query_first(local_client)
)
assert queried_process
assert queried_process.process_id == 100
assert len(queried_process.created_files) == 1
created_file = queried_process.created_files[0]
assert created_file.file_path == "/folder/file.txt"
def with_created_files(
self: "NQ",
created_files_query: Optional["IFileQuery"] = None) -> "NQ":
created_files = created_files_query or FileQuery()
created_files._creator = cast(ProcessQuery, self)
cast(ProcessQuery, self)._created_files = created_files
return self
def test_with_wrote_files(self) -> None:
# Given: a process with a pid 100 & process_name word.exe,
local_client = MasterGraphClient()
created_timestamp = int(time.time())
parent_process = {
"process_id": 100,
"process_name": "word.exe",
"created_timestamp": created_timestamp,
} # type: Dict[str, Property]
parent_process_view = upsert(
local_client,
"Process",
ProcessView,
"test_with_wrote_files-8f0761fb-2ffe-4d4b-ab38-68e5489f56dc",
parent_process,
)
wrote_file = {
"file_path": "/folder/file.txt",
"created_timestamp": created_timestamp + 1000,
} # type: Dict[str, Property]
wrote_file_view = upsert(
local_client,
"File",
FileView,
"test_with_wrote_files-2325c49a-95b4-423f-96d0-99539fe03833",
wrote_file,
)
create_edge(
local_client,
parent_process_view.uid,
"wrote_files",
wrote_file_view.uid,
)
queried_process = (ProcessQuery().with_node_key(
eq="test_with_wrote_files-8f0761fb-2ffe-4d4b-ab38-68e5489f56dc"
).with_process_id(eq=100).with_process_name(
contains="word"
).with_created_timestamp(eq=created_timestamp).with_wrote_files(
FileQuery().with_node_key(
eq="test_with_wrote_files-2325c49a-95b4-423f-96d0-99539fe03833"
).with_file_path(eq="/folder/file.txt")).query_first(local_client))
assert queried_process
assert (queried_process.node_key ==
"test_with_wrote_files-8f0761fb-2ffe-4d4b-ab38-68e5489f56dc")
assert queried_process.process_id == 100
assert queried_process.process_name == "word.exe"
assert len(queried_process.wrote_files) == 1
assert (queried_process.wrote_files[0].node_key ==
"test_with_wrote_files-2325c49a-95b4-423f-96d0-99539fe03833")
assert queried_process.wrote_files[0].file_path == "/folder/file.txt"
def with_wrote_files(
self: "NQ",
wrote_files_query: Optional["IFileQuery"] = None) -> "NQ":
wrote_files = wrote_files_query or FileQuery()
wrote_files._writers = cast(ProcessQuery, self)
cast(ProcessQuery, self)._wrote_files = wrote_files
return self
def test_with_bin_file(self) -> None:
# Given: a process with a pid 100 & process_name word.exe,
local_client = MasterGraphClient()
created_timestamp = int(time.time())
parent_process = {
"process_id": 100,
"process_name": "word.exe",
"created_timestamp": created_timestamp,
} # type: Dict[str, Property]
parent_process_view = upsert(
local_client,
"Process",
ProcessView,
"635952af-87f3-4a2a-a65d-3f1859db9525",
parent_process,
)
bin_file = {
"file_path": "/folder/file.txt",
"created_timestamp": created_timestamp + 1000,
} # type: Dict[str, Property]
bin_file_view = upsert(
local_client,
"File",
FileView,
"9f16e0c9-33c0-4d18-9878-ef686373570b",
bin_file,
)
create_edge(
local_client,
parent_process_view.uid,
"bin_file",
bin_file_view.uid,
)
queried_process = (ProcessQuery().with_node_key(
eq="635952af-87f3-4a2a-a65d-3f1859db9525"
).with_process_id(eq=100).with_process_name(
contains="word").with_created_timestamp(
eq=created_timestamp).with_bin_file(FileQuery().with_node_key(
eq="9f16e0c9-33c0-4d18-9878-ef686373570b").with_file_path(
eq="/folder/file.txt")).query_first(local_client))
assert queried_process
assert "635952af-87f3-4a2a-a65d-3f1859db9525"
assert queried_process.process_id == 100
assert queried_process.process_name == "word.exe"
assert queried_process.created_timestamp == created_timestamp
bin_file = queried_process.bin_file
assert bin_file.node_key == "9f16e0c9-33c0-4d18-9878-ef686373570b"
assert bin_file.file_path == "/folder/file.txt"
def with_read_files(
self: "NQ",
read_files_query: Optional["IFileQuery"] = None) -> "NQ":
read_files = read_files_query or FileQuery()
read_files._readers = cast(ProcessQuery, self)
cast(ProcessQuery, self)._read_files = read_files
return self
def test_with_read_files(self) -> None:
# Given: a process with a pid 100 & process_name word.exe,
local_client = MasterGraphClient()
created_timestamp = int(time.time())
parent_process = {
"process_id": 100,
"process_name": "word.exe",
"created_timestamp": created_timestamp,
} # type: Dict[str, Property]
parent_process_view = upsert(
local_client,
"Process",
ProcessView,
"test_with_read_files-669a3693-d960-401c-8d29-5d669ffcd660",
parent_process,
)
read_file = {
"file_path": "/folder/file.txt",
"created_timestamp": created_timestamp + 1000,
} # type: Dict[str, Property]
read_file_view = upsert(
local_client,
"File",
FileView,
"test_with_read_files-aa9248ec-36ee-4177-ba1a-999de735e682",
read_file,
)
create_edge(
local_client,
parent_process_view.uid,
"read_files",
read_file_view.uid,
)
queried_process = (ProcessQuery().with_process_id(
eq=100).with_process_name(contains="word").with_created_timestamp(
eq=created_timestamp).with_read_files(
FileQuery().with_file_path(
eq="/folder/file.txt")).query_first(local_client))
assert queried_process
assert (queried_process.node_key ==
"test_with_read_files-669a3693-d960-401c-8d29-5d669ffcd660")
assert queried_process.process_id == 100
assert queried_process.process_name == "word.exe"
assert len(queried_process.read_files) == 1
assert (queried_process.read_files[0].node_key ==
"test_with_read_files-aa9248ec-36ee-4177-ba1a-999de735e682")
assert queried_process.read_files[0].file_path == "/folder/file.txt"
def test_with_deleted_files(self) -> None:
# Given: a process with a pid 100 & process_name word.exe,
local_client = DgraphClient(DgraphClientStub("localhost:9080"))
created_timestamp = int(time.time())
parent_process = {
"process_id": 100,
"process_name": "word.exe",
"created_timestamp": created_timestamp,
} # type: Dict[str, Property]
parent_process_view = upsert(
local_client,
"Process",
ProcessView,
"test_with_deleted_files-47527d73-22c4-4e0f-bf7d-184bf1f206e2",
parent_process,
)
deleted_file = {
"file_path": "/folder/file.txt",
"created_timestamp": created_timestamp + 1000,
} # type: Dict[str, Property]
deleted_file_view = upsert(
local_client,
"File",
FileView,
"test_with_deleted_files8b8364ea-9b47-476b-8cf0-0f724adff10f",
deleted_file,
)
create_edge(
local_client,
parent_process_view.uid,
"deleted_files",
deleted_file_view.uid,
)
queried_process = (
ProcessQuery()
.with_process_id(eq=100)
.with_process_name(contains="word")
.with_created_timestamp(eq=created_timestamp)
.with_deleted_files(FileQuery().with_file_path(eq="/folder/file.txt"))
.query_first(local_client)
)
assert queried_process
assert queried_process.process_id == 100
def test_single_file_view_parity_eq(
self,
node_key,
file_path,
asset_id,
file_extension,
file_mime_type,
file_size,
file_version,
file_description,
file_product,
file_company,
file_directory,
file_inode,
file_hard_links,
signed,
signed_status,
md5_hash,
sha1_hash,
sha256_hash,
):
node_key = "test_single_file_view_parity_eq" + str(node_key)
local_client = DgraphClient(DgraphClientStub("localhost:9080"))
get_or_create_file_node(
local_client,
node_key,
file_path,
asset_id,
file_extension,
file_mime_type,
file_size,
file_version,
file_description,
file_product,
file_company,
file_directory,
file_inode,
file_hard_links,
signed,
signed_status,
md5_hash,
sha1_hash,
sha256_hash,
)
queried_file = (FileQuery().with_node_key(eq=node_key).with_file_path(
eq=file_path).with_asset_id(eq=asset_id).with_file_extension(
eq=file_extension).with_file_mime_type(
eq=file_mime_type).with_file_size(
eq=file_size).with_file_version(
eq=file_version).with_file_description(
eq=file_description).with_file_product(
eq=file_product).
with_file_company(eq=file_company).with_file_directory(
eq=file_directory).with_file_inode(
eq=file_inode).with_file_hard_links(
eq=file_hard_links).with_signed(eq=signed).
with_signed_status(eq=signed_status).with_md5_hash(
eq=md5_hash).with_sha1_hash(
eq=sha1_hash).with_sha256_hash(
eq=sha256_hash).query_first(local_client))
assert node_key == queried_file.node_key
assert file_path == queried_file.get_file_path()
assert asset_id == queried_file.get_asset_id()
assert file_extension == queried_file.get_file_extension()
assert file_mime_type == queried_file.get_file_mime_type()
assert file_size == queried_file.get_file_size()
assert file_version == queried_file.get_file_version()
assert file_description == queried_file.get_file_description()
assert file_product == queried_file.get_file_product()
assert file_company == queried_file.get_file_company()
assert file_directory == queried_file.get_file_directory()
assert file_inode == queried_file.get_file_inode()
assert file_hard_links == queried_file.get_file_hard_links()
assert signed == queried_file.get_signed()
assert signed_status == queried_file.get_signed_status()
assert md5_hash == queried_file.get_md5_hash()
assert sha1_hash == queried_file.get_sha1_hash()
assert sha256_hash == queried_file.get_sha256_hash()
def test_single_file_contains_key(
self,
node_key,
file_path,
asset_id,
file_extension,
file_mime_type,
file_size,
file_version,
file_description,
file_product,
file_company,
file_directory,
file_inode,
file_hard_links,
signed,
signed_status,
md5_hash,
sha1_hash,
sha256_hash,
):
node_key = "test_single_file_contains_key" + str(node_key)
local_client = DgraphClient(DgraphClientStub("localhost:9080"))
get_or_create_file_node(
local_client,
node_key,
file_path,
asset_id,
file_extension,
file_mime_type,
file_size,
file_version,
file_description,
file_product,
file_company,
file_directory,
file_inode,
file_hard_links,
signed,
signed_status,
md5_hash,
sha1_hash,
sha256_hash,
)
queried_proc = FileQuery().query_first(local_client,
contains_node_key=node_key)
# assert process_view.process_id == queried_proc.get_process_id()
assert node_key == queried_proc.node_key
assert file_path == queried_proc.get_file_path()
assert asset_id == queried_proc.get_asset_id()
assert file_extension == queried_proc.get_file_extension()
assert file_mime_type == queried_proc.get_file_mime_type()
assert file_size == queried_proc.get_file_size()
assert file_version == queried_proc.get_file_version()
assert file_description == queried_proc.get_file_description()
assert file_product == queried_proc.get_file_product()
assert file_company == queried_proc.get_file_company()
assert file_directory == queried_proc.get_file_directory()
assert file_inode == queried_proc.get_file_inode()
assert file_hard_links == queried_proc.get_file_hard_links()
assert signed == queried_proc.get_signed()
assert signed_status == queried_proc.get_signed_status()
assert md5_hash == queried_proc.get_md5_hash()
assert sha1_hash == queried_proc.get_sha1_hash()
assert sha256_hash == queried_proc.get_sha256_hash()
def with_bin_file(self: "NQ",
bin_file_query: Optional["IFileQuery"] = None) -> "NQ":
bin_file = bin_file_query or FileQuery() # type: FileQuery
bin_file._spawned_from = cast(ProcessQuery, self)
cast(ProcessQuery, self)._bin_file = bin_file
return self