def RunFlow(self,
flow_name=None,
plugins=None,
flow_args=None,
client_mock=None):
runner_args = rdf_flows.FlowRunnerArgs(flow_name=flow_name
or transfer.GetFile.__name__,
output_plugins=plugins)
if flow_args is None:
flow_args = transfer.GetFileArgs(pathspec=rdf_paths.PathSpec(
path="/tmp/evil.txt", pathtype=rdf_paths.PathSpec.PathType.OS))
if client_mock is None:
client_mock = hunt_test_lib.SampleHuntMock()
flow_urn = flow.GRRFlow.StartFlow(client_id=self.client_id,
args=flow_args,
runner_args=runner_args,
token=self.token)
for _ in flow_test_lib.TestFlowHelper(flow_urn,
client_mock=client_mock,
client_id=self.client_id,
token=self.token):
pass
return flow_urn
def testCopyHuntPreservesRuleType(self):
implementation.GRRHunt.StartHunt(
hunt_name=standard.GenericHunt.__name__,
description="model hunt",
flow_runner_args=rdf_flows.FlowRunnerArgs(
flow_name=transfer.GetFile.__name__),
flow_args=transfer.GetFileArgs(pathspec=rdf_paths.PathSpec(
path="/tmp/evil.txt",
pathtype=rdf_paths.PathSpec.PathType.TSK,)),
client_rule_set=rdf_foreman.ForemanClientRuleSet(
rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_darwin=True))
]),
token=self.token)
self.Open("/#main=ManageHunts")
self.Click("css=tr:contains('model hunt')")
self.Click("css=button[name=CopyHunt]:not([disabled])")
# Wait until dialog appears.
self.WaitUntil(self.IsTextPresent, "What to run?")
# Click on "Next" button.
self.Click("css=grr-new-hunt-wizard-form button.Next")
self.WaitUntil(self.IsTextPresent, "Output Processing")
# Click on "Next" button
self.Click("css=grr-new-hunt-wizard-form button.Next")
self.WaitUntil(self.IsTextPresent, "Where to run?")
self.WaitUntil(self.IsElementPresent, "css=grr-new-hunt-wizard-form "
"label:contains('Os darwin') ~ * input:checked")
def Run(self):
runner_args = rdf_flows.FlowRunnerArgs(flow_name=transfer.GetFile.__name__)
flow_args = transfer.GetFileArgs(pathspec=rdf_paths.PathSpec(
path="/tmp/evil.txt", pathtype=rdf_paths.PathSpec.PathType.OS))
client_mock = hunt_test_lib.SampleHuntMock()
with test_lib.FakeTime(42):
flow_urn = flow.GRRFlow.StartFlow(
client_id=self.client_id,
args=flow_args,
runner_args=runner_args,
token=self.token)
for _ in flow_test_lib.TestFlowHelper(
flow_urn,
client_mock=client_mock,
client_id=self.client_id,
token=self.token):
pass
self.Check(
"ListFlowResults",
args=flow_plugin.ApiListFlowResultsArgs(
client_id=self.client_id.Basename(), flow_id=flow_urn.Basename()),
replace={
flow_urn.Basename(): "W:ABCDEF"
})
def CreateSampleHunt(self,
path=None,
stopped=False,
output_plugins=None,
client_limit=0,
client_count=10,
token=None):
token = token or self.token
self.client_ids = self.SetupClients(client_count)
with implementation.GRRHunt.StartHunt(
hunt_name=standard.GenericHunt.__name__,
flow_runner_args=rdf_flows.FlowRunnerArgs(
flow_name=transfer.GetFile.__name__),
flow_args=transfer.GetFileArgs(
pathspec=rdf_paths.PathSpec(
path=path or "/tmp/evil.txt",
pathtype=rdf_paths.PathSpec.PathType.OS,
)),
client_rule_set=self._CreateForemanClientRuleSet(),
output_plugins=output_plugins or [],
client_rate=0,
client_limit=client_limit,
token=token) as hunt:
if not stopped:
hunt.Run()
with aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=token) as foreman:
for client_id in self.client_ids:
foreman.AssignTasksToClient(client_id)
self.hunt_urn = hunt.urn
return aff4.FACTORY.Open(
hunt.urn, mode="rw", token=token, age=aff4.ALL_TIMES)
def CreateSampleHunt(self, description, token=None):
implementation.GRRHunt.StartHunt(
hunt_name=standard.GenericHunt.__name__,
description=description,
flow_runner_args=rdf_flows.FlowRunnerArgs(
flow_name=transfer.GetFile.__name__),
flow_args=transfer.GetFileArgs(pathspec=rdf_paths.PathSpec(
path="/tmp/evil.txt",
pathtype=rdf_paths.PathSpec.PathType.TSK,
)),
client_rule_set=self._CreateForemanClientRuleSet(),
output_plugins=[
output_plugin.OutputPluginDescriptor(
plugin_name="DummyOutputPlugin",
plugin_args=gui_test_lib.DummyOutputPlugin.args_type(
filename_regex="blah!", fetch_binaries=True))
],
client_rate=60,
token=token)
