def RenderOption(self, option, request, response): if option == "Windows": return self.RenderFromTemplate(self.match_system_template, response, system="Windows") elif option == "Linux": return self.RenderFromTemplate(self.match_system_template, response, system="Linux") elif option == "OSX": return self.RenderFromTemplate(self.match_system_template, response, system="OSX") elif option == "Regex": return self.RenderFromTemplate( self.form_template, response, form=forms.SemanticProtoFormRenderer( rdfvalue.ForemanAttributeRegex(), prefix=self.prefix).RawHTML(request)) elif option == "Integer": return self.RenderFromTemplate( self.form_template, response, form=forms.SemanticProtoFormRenderer( rdfvalue.ForemanAttributeInteger(), prefix=self.prefix).RawHTML(request))
def ParseOption(self, option, request): """Parse the form that is selected by option.""" if option == "Windows": return implementation.GRRHunt.MATCH_WINDOWS elif option == "Linux": return implementation.GRRHunt.MATCH_LINUX elif option == "OSX": return implementation.GRRHunt.MATCH_DARWIN elif option == "Label": label_name = ClientLabelNameFormRenderer( descriptor=type_info.TypeInfoObject(), default="", prefix=self.prefix).ParseArgs(request) regex = rdfvalue.AFF4ObjectLabelsList.RegexForStringifiedValueMatch( label_name) return rdfvalue.ForemanAttributeRegex(attribute_name="Labels", attribute_regex=regex) elif option == "Regex": return forms.SemanticProtoFormRenderer( rdfvalue.ForemanAttributeRegex(), prefix=self.prefix).ParseArgs(request) elif option == "Integer": return forms.SemanticProtoFormRenderer( rdfvalue.ForemanAttributeInteger(), prefix=self.prefix).ParseArgs(request)
def testRuleAdding(self): foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) rules = foreman.Get(foreman.Schema.RULES) # Make sure there are no rules yet in the foreman. self.assertEqual(len(rules), 0) hunt = hunts.GRRHunt.StartHunt( hunt_name="SampleHunt", regex_rules=[ rdfvalue.ForemanAttributeRegex( attribute_name="GRR client", attribute_regex="HUNT") ], integer_rules=[ rdfvalue.ForemanAttributeInteger( attribute_name="Clock", operator=rdfvalue.ForemanAttributeInteger.Operator.GREATER_THAN, value=1336650631137737) ], client_rate=0, token=self.token) # Push the rules to the foreman. with hunt: hunt.GetRunner().Start() foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) rules = foreman.Get(foreman.Schema.RULES) # Make sure they were written correctly. self.assertEqual(len(rules), 1) rule = rules[0] self.assertEqual(len(rule.regex_rules), 1) self.assertEqual(rule.regex_rules[0].attribute_name, "GRR client") self.assertEqual(rule.regex_rules[0].attribute_regex, "HUNT") self.assertEqual(len(rule.integer_rules), 1) self.assertEqual(rule.integer_rules[0].attribute_name, "Clock") self.assertEqual(rule.integer_rules[0].operator, rdfvalue.ForemanAttributeInteger.Operator.GREATER_THAN) self.assertEqual(rule.integer_rules[0].value, 1336650631137737) self.assertEqual(len(rule.actions), 1) self.assertEqual(rule.actions[0].hunt_name, "SampleHunt") # Running a second time should not change the rules any more. with hunt: hunt.GetRunner().Start() foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) rules = foreman.Get(foreman.Schema.RULES) # Still just one rule. self.assertEqual(len(rules), 1)
def ParseOption(self, option, request): """Parse the form that is selected by option.""" if option == "Windows": return implementation.GRRHunt.MATCH_WINDOWS elif option == "Linux": return implementation.GRRHunt.MATCH_LINUX elif option == "OSX": return implementation.GRRHunt.MATCH_DARWIN elif option == "Regex": return forms.SemanticProtoFormRenderer( rdfvalue.ForemanAttributeRegex(), prefix=self.prefix).ParseArgs(request) elif option == "Integer": return forms.SemanticProtoFormRenderer( rdfvalue.ForemanAttributeInteger(), prefix=self.prefix).ParseArgs(request)
def RenderOption(self, option, request, response): if option == "Windows": return self.RenderFromTemplate(self.match_system_template, response, system="Windows") elif option == "Linux": return self.RenderFromTemplate(self.match_system_template, response, system="Linux") elif option == "OSX": return self.RenderFromTemplate(self.match_system_template, response, system="OSX") elif option == "Label": return self.RenderFromTemplate( self.form_template, response, form=ClientLabelNameFormRenderer( descriptor=type_info.TypeInfoObject(friendly_name="Label"), default="", prefix=self.prefix).RawHTML(request)) elif option == "Regex": return self.RenderFromTemplate( self.form_template, response, form=forms.SemanticProtoFormRenderer( rdfvalue.ForemanAttributeRegex(), prefix=self.prefix).RawHTML(request)) elif option == "Integer": return self.RenderFromTemplate( self.form_template, response, form=forms.SemanticProtoFormRenderer( rdfvalue.ForemanAttributeInteger(), prefix=self.prefix).RawHTML(request))
def testStopping(self): """Tests if we can stop a hunt.""" foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) rules = foreman.Get(foreman.Schema.RULES) # Make sure there are no rules yet. self.assertEqual(len(rules), 0) now = rdfvalue.RDFDatetime().Now() expires = rdfvalue.Duration("1h").Expiry() # Add some rules. rules = [ rdfvalue.ForemanRule(created=now, expires=expires, description="Test rule1"), rdfvalue.ForemanRule(created=now, expires=expires, description="Test rule2") ] self.AddForemanRules(rules) hunt = hunts.GRRHunt.StartHunt( hunt_name="SampleHunt", regex_rules=[ rdfvalue.ForemanAttributeRegex(attribute_name="GRR client", attribute_regex="HUNT") ], integer_rules=[ rdfvalue.ForemanAttributeInteger( attribute_name="Clock", operator=rdfvalue.ForemanAttributeInteger.Operator. GREATER_THAN, value=1336650631137737) ], client_rate=0, token=self.token) with hunt: runner = hunt.GetRunner() runner.Start() # Add some more rules. rules = [ rdfvalue.ForemanRule(created=now, expires=expires, description="Test rule3"), rdfvalue.ForemanRule(created=now, expires=expires, description="Test rule4") ] self.AddForemanRules(rules) foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) rules = foreman.Get(foreman.Schema.RULES) self.assertEqual(len(rules), 5) # It should be running. self.assertTrue(runner.IsHuntStarted()) # Now we stop the hunt. hunt.Stop() foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token) rules = foreman.Get(foreman.Schema.RULES) # The rule for this hunt should be deleted but the rest should be there. self.assertEqual(len(rules), 4) # And the hunt should report no outstanding requests any more. with hunt: self.assertFalse(hunt.GetRunner().IsHuntStarted())