示例#1
0
  def testProcessToExportedNetworkConnection(self):
    conn1 = rdfvalue.NetworkConnection(
        state=rdfvalue.NetworkConnection.State.LISTEN,
        type=rdfvalue.NetworkConnection.Type.SOCK_STREAM,
        local_address=rdfvalue.NetworkEndpoint(
            ip="0.0.0.0",
            port=22),
        remote_address=rdfvalue.NetworkEndpoint(
            ip="0.0.0.0",
            port=0),
        pid=2136,
        ctime=0)
    conn2 = rdfvalue.NetworkConnection(
        state=rdfvalue.NetworkConnection.State.LISTEN,
        type=rdfvalue.NetworkConnection.Type.SOCK_STREAM,
        local_address=rdfvalue.NetworkEndpoint(
            ip="192.168.1.1",
            port=31337),
        remote_address=rdfvalue.NetworkEndpoint(
            ip="1.2.3.4",
            port=6667),
        pid=1,
        ctime=0)

    process = rdfvalue.Process(
        pid=2,
        ppid=1,
        cmdline=["cmd.exe"],
        exe="c:\\windows\\cmd.exe",
        ctime=long(1333718907.167083 * 1e6),
        connections=[conn1, conn2])

    converter = export.ProcessToExportedNetworkConnectionConverter()
    results = list(converter.Convert(rdfvalue.ExportedMetadata(), process,
                                     token=self.token))

    self.assertEqual(len(results), 2)
    self.assertEqual(results[0].state, rdfvalue.NetworkConnection.State.LISTEN)
    self.assertEqual(results[0].type,
                     rdfvalue.NetworkConnection.Type.SOCK_STREAM)
    self.assertEqual(results[0].local_address.ip, "0.0.0.0")
    self.assertEqual(results[0].local_address.port, 22)
    self.assertEqual(results[0].remote_address.ip, "0.0.0.0")
    self.assertEqual(results[0].remote_address.port, 0)
    self.assertEqual(results[0].pid, 2136)
    self.assertEqual(results[0].ctime, 0)

    self.assertEqual(results[1].state, rdfvalue.NetworkConnection.State.LISTEN)
    self.assertEqual(results[1].type,
                     rdfvalue.NetworkConnection.Type.SOCK_STREAM)
    self.assertEqual(results[1].local_address.ip, "192.168.1.1")
    self.assertEqual(results[1].local_address.port, 31337)
    self.assertEqual(results[1].remote_address.ip, "1.2.3.4")
    self.assertEqual(results[1].remote_address.port, 6667)
    self.assertEqual(results[1].pid, 1)
    self.assertEqual(results[1].ctime, 0)
示例#2
0
    def Run(self, unused_args):
        netstat = []

        for proc in psutil.process_iter():
            try:
                netstat.append((proc.pid, proc.connections()))
            except (psutil.NoSuchProcess, psutil.AccessDenied):
                pass

        for pid, connections in netstat:
            for conn in connections:
                res = rdfvalue.NetworkConnection()
                res.pid = pid
                res.family = conn.family
                res.type = conn.type

                try:
                    if conn.status:
                        res.state = conn.status
                except ValueError:
                    logging.warn("Encountered unknown connection status (%s).",
                                 conn.status)

                res.local_address.ip, res.local_address.port = conn.local_address
                if conn.remote_address:
                    res.remote_address.ip, res.remote_address.port = conn.remote_address

                self.SendReply(res)
示例#3
0
 def AddListener(self, ip, port, family="INET", sock_type="SOCK_STREAM"):
     conn = rdfvalue.NetworkConnection()
     conn.state = "LISTEN"
     conn.family = family
     conn.type = sock_type
     conn.local_address = rdfvalue.NetworkEndpoint(ip=ip, port=port)
     return conn
示例#4
0
            def Netstat(self, _):
                """Returns fake connections."""
                conn1 = rdfvalue.NetworkConnection(
                    state=rdfvalue.NetworkConnection.State.LISTEN,
                    type=rdfvalue.NetworkConnection.Type.SOCK_STREAM,
                    local_address=rdfvalue.NetworkEndpoint(ip="0.0.0.0",
                                                           port=22),
                    remote_address=rdfvalue.NetworkEndpoint(ip="0.0.0.0",
                                                            port=0),
                    pid=2136,
                    ctime=0)
                conn2 = rdfvalue.NetworkConnection(
                    state=rdfvalue.NetworkConnection.State.LISTEN,
                    type=rdfvalue.NetworkConnection.Type.SOCK_STREAM,
                    local_address=rdfvalue.NetworkEndpoint(ip="192.168.1.1",
                                                           port=31337),
                    remote_address=rdfvalue.NetworkEndpoint(ip="1.2.3.4",
                                                            port=6667),
                    pid=1,
                    ctime=0)

                return [conn1, conn2]
示例#5
0
    def testFileViewDoesNotHaveExportTabWhenCollectionHasNoFiles(self):
        collection_urn = "aff4:/C.0000000000000001/analysis/SomeFlow/results"
        with self.ACLChecksDisabled():
            with aff4.FACTORY.Create(collection_urn,
                                     "RDFValueCollection",
                                     token=self.token) as fd:
                fd.Add(rdfvalue.NetworkConnection(pid=42))

            self.GrantClientApproval("C.0000000000000001")

        self.Open("/#c=C.0000000000000001")
        self.Click("css=a:contains('Browse Virtual Filesystem')")
        self.Click("css=li[path='/analysis'] > a")
        self.Click("css=li[path='/analysis/SomeFlow'] > a")
        self.Click("css=tr:contains('results')")

        # The Results tab should appear, but the "Export" tab should be
        # disabled since we only display export hint when we have collections of
        # StatEntries or FileFinderResults.
        self.WaitUntil(self.IsElementPresent, "css=#Export.disabled")
示例#6
0
 def Start(self):
     self.SendReply(rdfvalue.NetworkConnection(pid=42))