def _SetupClientImpl(self, client_nr, index=None, arch="x86_64", kernel="4.0.0", os_version="buster/sid", ping=None, system="Linux"): client_id_urn = rdf_client.ClientURN("C.1%015x" % client_nr) with aff4.FACTORY.Create(client_id_urn, aff4_grr.VFSGRRClient, mode="rw", token=self.token) as fd: cert = self.ClientCertFromPrivateKey( config.CONFIG["Client.private_key"]) fd.Set(fd.Schema.CERT, cert) fd.Set(fd.Schema.CLIENT_INFO, self._TestClientInfo()) fd.Set(fd.Schema.PING, ping or rdfvalue.RDFDatetime.Now()) fd.Set(fd.Schema.HOSTNAME("Host-%x" % client_nr)) fd.Set(fd.Schema.FQDN("Host-%x.example.com" % client_nr)) fd.Set( fd.Schema.MAC_ADDRESS("aabbccddee%02x\nbbccddeeff%02x" % (client_nr, client_nr))) fd.Set( fd.Schema.HOST_IPS("192.168.0.%d\n2001:abcd::%x" % (client_nr, client_nr))) if system: fd.Set(fd.Schema.SYSTEM(system)) if os_version: fd.Set(fd.Schema.OS_VERSION(os_version)) if arch: fd.Set(fd.Schema.ARCH(arch)) if kernel: fd.Set(fd.Schema.KERNEL(kernel)) kb = rdf_client.KnowledgeBase() kb.fqdn = "Host-%x.example.com" % client_nr kb.users = [ rdf_client.User(username="******"), rdf_client.User(username="******"), ] artifact.SetCoreGRRKnowledgeBaseValues(kb, fd) fd.Set(fd.Schema.KNOWLEDGE_BASE, kb) fd.Set(fd.Schema.INTERFACES(self._TestInterfaces(client_nr))) hardware_info = fd.Schema.HARDWARE_INFO() hardware_info.system_manufacturer = ("System-Manufacturer-%x" % client_nr) hardware_info.bios_version = ("Bios-Version-%x" % client_nr) fd.Set(fd.Schema.HARDWARE_INFO, hardware_info) fd.Flush() index.AddClient(fd) return client_id_urn
def _SetupClientImpl(self, client_nr, index=None, system=None, os_version=None, arch=None, uname=None, ping=None): client_id_urn = rdf_client.ClientURN("C.1%015x" % client_nr) with aff4.FACTORY.Create(client_id_urn, aff4_grr.VFSGRRClient, mode="rw", token=self.token) as fd: cert = self.ClientCertFromPrivateKey( config.CONFIG["Client.private_key"]) fd.Set(fd.Schema.CERT, cert) info = fd.Schema.CLIENT_INFO() info.client_name = "GRR Monitor" fd.Set(fd.Schema.CLIENT_INFO, info) fd.Set(fd.Schema.PING, ping or rdfvalue.RDFDatetime.Now()) fd.Set(fd.Schema.HOSTNAME("Host-%x" % client_nr)) fd.Set(fd.Schema.FQDN("Host-%x.example.com" % client_nr)) fd.Set( fd.Schema.MAC_ADDRESS("aabbccddee%02x\nbbccddeeff%02x" % (client_nr, client_nr))) fd.Set( fd.Schema.HOST_IPS("192.168.0.%d\n2001:abcd::%x" % (client_nr, client_nr))) if system: fd.Set(fd.Schema.SYSTEM(system)) if os_version: fd.Set(fd.Schema.OS_VERSION(os_version)) if arch: fd.Set(fd.Schema.ARCH(arch)) if uname: fd.Set(fd.Schema.UNAME(uname)) kb = rdf_client.KnowledgeBase() artifact.SetCoreGRRKnowledgeBaseValues(kb, fd) fd.Set(fd.Schema.KNOWLEDGE_BASE, kb) hardware_info = fd.Schema.HARDWARE_INFO() hardware_info.system_manufacturer = ("System-Manufacturer-%x" % client_nr) hardware_info.bios_version = ("Bios-Version-%x" % client_nr) fd.Set(fd.Schema.HARDWARE_INFO, hardware_info) fd.Flush() index.AddClient(fd) return client_id_urn
def setUp(self): """Make sure things are initialized.""" super(TestArtifactCollectors, self).setUp() test_artifacts_file = os.path.join(config.CONFIG["Test.data_dir"], "artifacts", "test_artifacts.json") artifact_registry.REGISTRY.AddFileSource(test_artifacts_file) self.fakeartifact = artifact_registry.REGISTRY.GetArtifact("FakeArtifact") self.fakeartifact2 = artifact_registry.REGISTRY.GetArtifact("FakeArtifact2") self.output_count = 0 with aff4.FACTORY.Open(self.client_id, token=self.token, mode="rw") as fd: fd.Set(fd.Schema.SYSTEM("Linux")) kb = fd.Schema.KNOWLEDGE_BASE() artifact.SetCoreGRRKnowledgeBaseValues(kb, fd) fd.Set(kb)
def setUp(self): super(ArtifactFilesDownloaderFlowTest, self).setUp() with aff4.FACTORY.Open(self.client_id, token=self.token, mode="rw") as fd: fd.Set(fd.Schema.SYSTEM("Windows")) kb = fd.Schema.KNOWLEDGE_BASE() artifact.SetCoreGRRKnowledgeBaseValues(kb, fd) fd.Set(kb) self.stubbers = [] self.collector_replies = [] def ArtifactCollectorStub(this): for r in self.collector_replies: this.SendReply(r) stubber = utils.Stubber(collectors.ArtifactCollectorFlow, "Start", ArtifactCollectorStub) stubber.Start() self.stubbers.append(stubber) self.start_file_fetch_args = [] self.received_files = [] self.failed_files = [] def StartFileFetch(this, pathspec, request_data=None): self.start_file_fetch_args.append(pathspec) for r in self.received_files: this.ReceiveFetchedFile(r, None, request_data=request_data) for r in self.failed_files: this.FileFetchFailed(pathspec, "StatFile", request_data=request_data) stubber = utils.Stubber(transfer.MultiGetFileMixin, "StartFileFetch", StartFileFetch) stubber.Start() self.stubbers.append(stubber)
def RunFlow(self, client_id, artifact_list=None, use_tsk=False): if artifact_list is None: artifact_list = ["WindowsRunKeys"] client_id = self.SetupClient(0, system="Windows", os_version="6.2") with aff4.FACTORY.Open(client_id, token=self.token, mode="rw") as fd: fd.Set(fd.Schema.SYSTEM("Windows")) kb = fd.Schema.KNOWLEDGE_BASE() artifact.SetCoreGRRKnowledgeBaseValues(kb, fd) fd.Set(kb) urn = flow.GRRFlow.StartFlow( flow_name=collectors.ArtifactFilesDownloaderFlow.__name__, client_id=client_id, artifact_list=artifact_list, use_tsk=use_tsk, token=self.token) for _ in flow_test_lib.TestFlowHelper(urn, token=self.token): pass results_fd = flow.GRRFlow.ResultCollectionForFID(urn) return list(results_fd)
def CreateClientObject(self, vfs_fixture): """Make a new client object.""" # First remove the old fixture just in case its still there. aff4.FACTORY.Delete(self.client_id, token=self.token) # Create the fixture at a fixed time. with test_lib.FakeTime(self.age): for path, (aff4_type, attributes) in vfs_fixture: path %= self.args aff4_object = aff4.FACTORY.Create(self.client_id.Add(path), aff4_type, mode="rw", token=self.token) for attribute_name, value in attributes.items(): attribute = aff4.Attribute.PREDICATES[attribute_name] if isinstance(value, (str, unicode)): # Interpolate the value value %= self.args # Is this supposed to be an RDFValue array? if aff4.issubclass(attribute.attribute_type, rdf_protodict.RDFValueArray): rdfvalue_object = attribute() for item in value: new_object = rdfvalue_object.rdf_type.FromTextFormat( utils.SmartStr(item)) rdfvalue_object.Append(new_object) # It is a text serialized protobuf. elif aff4.issubclass(attribute.attribute_type, rdf_structs.RDFProtoStruct): # Use the alternate constructor - we always write protobufs in # textual form: rdfvalue_object = attribute.attribute_type.FromTextFormat( utils.SmartStr(value)) elif aff4.issubclass(attribute.attribute_type, rdfvalue.RDFInteger): rdfvalue_object = attribute(int(value)) else: rdfvalue_object = attribute(value) # If we don't already have a pathspec, try and get one from the stat. if aff4_object.Get(aff4_object.Schema.PATHSPEC) is None: # If the attribute was a stat, it has a pathspec nested in it. # We should add that pathspec as an attribute. if attribute.attribute_type == rdf_client.StatEntry: stat_object = attribute.attribute_type.FromTextFormat( utils.SmartStr(value)) if stat_object.pathspec: pathspec_attribute = aff4.Attribute( "aff4:pathspec", rdf_paths.PathSpec, "The pathspec used to retrieve " "this object from the client.", "pathspec") aff4_object.AddAttribute( pathspec_attribute, stat_object.pathspec) if attribute in ["aff4:content", "aff4:content"]: # For AFF4MemoryStreams we need to call Write() instead of # directly setting the contents.. aff4_object.Write(rdfvalue_object) else: aff4_object.AddAttribute(attribute, rdfvalue_object) # Populate the KB from the client attributes. if aff4_type == aff4_grr.VFSGRRClient: kb = rdf_client.KnowledgeBase() artifact.SetCoreGRRKnowledgeBaseValues(kb, aff4_object) aff4_object.Set(aff4_object.Schema.KNOWLEDGE_BASE, kb) # Make sure we do not actually close the object here - we only want to # sync back its attributes, not run any finalization code. aff4_object.Flush() if aff4_type == aff4_grr.VFSGRRClient: index = client_index.CreateClientIndex(token=self.token) index.AddClient(aff4_object)