def testKnowledgeBase(self): """Test that the knowledge base is passed in the bundle.""" artifact_collector = collectors.ClientArtifactCollector(None) artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs() kb = rdf_client.KnowledgeBase() kb.os = "Windows" artifact_collector.args.knowledge_base = kb artifact_bundle = artifact_collector._GetArtifactCollectorArgs([]) self.assertEqual(artifact_bundle.knowledge_base.os, "Windows")
def testDuplicationChecks(self): """Test duplicated artifacts are only processed once.""" artifact_list = [ "TestAggregationArtifact", "TestFilesArtifact", "TestCmdArtifact", "TestFilesArtifact" ] artifact_collector = collectors.ClientArtifactCollector(None) artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs() artifact_bundle = artifact_collector._GetArtifactCollectorArgs( artifact_list) artifacts_objects = list(artifact_bundle.artifacts) self.assertEqual(len(artifacts_objects), 2)
def testPrepareBasicArtifactBundle(self): """Test we can prepare a basic artifact.""" artifact_list = ["TestCmdArtifact"] artifact_collector = collectors.ClientArtifactCollector(None) artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs() artifact_bundle = artifact_collector._GetArtifactCollectorArgs( artifact_list) artifacts_objects = list(artifact_bundle.artifacts) art_obj = artifacts_objects[0] source = list(art_obj.sources)[0] self.assertEqual(art_obj.name, "TestCmdArtifact") self.assertEqual(source.base_source.attributes["cmd"], "/usr/bin/dpkg") self.assertEqual(source.base_source.attributes.get("args", []), ["--list"])
def testPrepareAggregatedArtifactBundle(self): """Test we can prepare the source artifacts of an aggregation artifact.""" artifact_list = ["TestAggregationArtifact"] artifact_collector = collectors.ClientArtifactCollector(None) artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs() artifact_bundle = artifact_collector._GetArtifactCollectorArgs( artifact_list) artifacts_objects = list(artifact_bundle.artifacts) art_obj = artifacts_objects[0] self.assertEqual(art_obj.name, "TestAggregationArtifact") source = list(art_obj.sources)[0] self.assertEqual(source.base_source.type, "GRR_CLIENT_ACTION") source = list(art_obj.sources)[1] self.assertEqual(source.base_source.type, "COMMAND")
def testSourceMeetsConditions(self): """Test we can get a GRR client artifact with conditions.""" artifact_collector = collectors.ClientArtifactCollector(None) artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs() kb = rdf_client.KnowledgeBase() kb.os = "Windows" artifact_collector.args.knowledge_base = kb # Run with false condition. source = rdf_artifacts.ArtifactSource( type=rdf_artifacts.ArtifactSource.SourceType.GRR_CLIENT_ACTION, attributes={"client_action": standard.ListProcesses.__name__}, conditions=["os == 'Linux'"]) self.assertFalse(artifact_collector._MeetsConditions(source)) # Run with matching or condition. source = rdf_artifacts.ArtifactSource( type=rdf_artifacts.ArtifactSource.SourceType.GRR_CLIENT_ACTION, attributes={"client_action": standard.ListProcesses.__name__}, conditions=["os == 'Linux' or os == 'Windows'"]) self.assertTrue(artifact_collector._MeetsConditions(source))
def testPrepareMultipleArtifacts(self): """Test we can prepare multiple artifacts of different types.""" artifact_list = [ "TestFilesArtifact", "DepsWindirRegex", "DepsProvidesMultiple", "WMIActiveScriptEventConsumer" ] artifact_collector = collectors.ClientArtifactCollector(None) artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs() artifact_bundle = artifact_collector._GetArtifactCollectorArgs( artifact_list) artifacts_objects = list(artifact_bundle.artifacts) self.assertEqual(len(artifacts_objects), 4) self.assertEqual(artifacts_objects[0].name, "TestFilesArtifact") self.assertEqual(artifacts_objects[1].name, "DepsWindirRegex") self.assertEqual(artifacts_objects[2].name, "DepsProvidesMultiple") self.assertEqual(artifacts_objects[3].name, "WMIActiveScriptEventConsumer") art_obj = artifacts_objects[3] source = list(art_obj.sources)[0] self.assertEqual(source.base_source.attributes["query"], "SELECT * FROM ActiveScriptEventConsumer")