def testHuntIsStoppedIfAveragePerClientResultsCountTooHigh(self): client_ids = self.SetupClients(5) hunt_args = rdf_hunt_objects.HuntArguments.Standard( flow_name=compatibility.GetName(processes.ListProcesses)) hunt_id = self._CreateHunt( client_rule_set=foreman_rules.ForemanClientRuleSet(), client_rate=0, avg_results_per_client_limit=1, args=hunt_args) single_process = [rdf_client.Process(pid=1, exe="a.exe")] with utils.Stubber(hunt, "MIN_CLIENTS_FOR_AVERAGE_THRESHOLDS", 4): def CheckState(hunt_state, num_results): hunt_obj = data_store.REL_DB.ReadHuntObject(hunt_id) self.assertEqual(hunt_obj.hunt_state, hunt_state) hunt_counters = data_store.REL_DB.ReadHuntCounters(hunt_id) self.assertEqual(hunt_counters.num_results, num_results) self._RunHunt( client_ids[:2], client_mock=action_mocks.ListProcessesMock(single_process)) # Hunt should still be running: we got 1 response from 2 clients. We need # at least 3 clients to start calculating the average. CheckState(rdf_hunt_objects.Hunt.HuntState.STARTED, 2) self._RunHunt([client_ids[2]], client_mock=action_mocks.ListProcessesMock( single_process * 2)) # Hunt should still be running: we got 1 response for first 2 clients and # 2 responses for the third. This is over the limit but we need at least 4 # clients to start applying thresholds. CheckState(rdf_hunt_objects.Hunt.HuntState.STARTED, 4) self._RunHunt([client_ids[3]], client_mock=action_mocks.ListProcessesMock([])) # Hunt should still be running: we got 1 response for first 2 clients, # 2 responses for the third and zero for the 4th. This makes it 1 result # per client on average. This is within the limit of 1. CheckState(rdf_hunt_objects.Hunt.HuntState.STARTED, 4) self._RunHunt(client_ids[4:5], client_mock=action_mocks.ListProcessesMock( single_process * 2)) # Hunt should be terminated: 5 clients did run and we got 6 results. # That's more than the allowed average of 1. # Note that this check also implicitly checks that the 6th client didn't # run at all (otherwise total number of results would be 8, not 6). CheckState(rdf_hunt_objects.Hunt.HuntState.STOPPED, 6) self._CheckHuntStoppedNotification( "reached the average results per client")
def _StartFlow(self, client_id, flow_cls, **kw): if data_store.RelationalDBEnabled(): flow_id = flow.StartFlow(flow_cls=flow_cls, client_id=client_id, **kw) # Lease the client message. data_store.REL_DB.LeaseClientActionRequests( client_id, lease_time=rdfvalue.Duration("10000s")) # Write some responses. In the relational db, the client queue will be # cleaned up as soon as all responses are available. Therefore we cheat # here and make it look like the request needs more responses so it's not # considered complete. # Write the status first. This will mark the request as waiting for 2 # responses. status = rdf_flow_objects.FlowStatus(client_id=client_id, flow_id=flow_id, request_id=1, response_id=2) data_store.REL_DB.WriteFlowResponses([status]) # Now we read the request, adjust the number, and write it back. reqs = data_store.REL_DB.ReadAllFlowRequestsAndResponses( client_id, flow_id) req = reqs[0][0] req.nr_responses_expected = 99 data_store.REL_DB.WriteFlowRequests([req]) # This response now won't trigger any deletion of client messages. response = rdf_flow_objects.FlowResponse( client_id=client_id, flow_id=flow_id, request_id=1, response_id=1, payload=rdf_client.Process(name="test_process")) data_store.REL_DB.WriteFlowResponses([response]) # This is not strictly needed as we don't display this information in the # UI. req.nr_responses_expected = 2 data_store.REL_DB.WriteFlowRequests([req]) return flow_id else: flow_id = flow.StartAFF4Flow( flow_name=compatibility.GetName(flow_cls), client_id=client_id, token=self.token, **kw).Basename() # Have the client write some responses. test_process = rdf_client.Process(name="test_process") mock = flow_test_lib.MockClient(client_id, action_mocks.ListProcessesMock( [test_process]), token=self.token) mock.Next() return flow_id
def testProcessListingOnly(self): """Test that the ListProcesses flow works.""" client_id = test_lib.TEST_CLIENT_ID client_mock = action_mocks.ListProcessesMock([ rdf_client.Process(pid=2, ppid=1, cmdline=["cmd.exe"], exe="c:\\windows\\cmd.exe", ctime=long(1333718907.167083 * 1e6)) ]) flow_urn = flow.GRRFlow.StartFlow( client_id=client_id, flow_name=flow_processes.ListProcesses.__name__, token=self.token) for s in flow_test_lib.TestFlowHelper(flow_urn, client_mock, client_id=client_id, token=self.token): session_id = s # Check the output collection processes = flow.GRRFlow.ResultCollectionForFID(session_id) self.assertEqual(len(processes), 1) self.assertEqual(processes[0].ctime, 1333718907167083L) self.assertEqual(processes[0].cmdline, ["cmd.exe"])
def testGetExportedResultsArchiveForListProcessesFlow(self): process = rdf_client.Process( pid=2, ppid=1, cmdline=["cmd.exe"], exe="c:\\windows\\cmd.exe", ctime=1333718907167083, RSS_size=42) client_id = self.SetupClient(0) flow_id = flow_test_lib.TestFlowHelper( compatibility.GetName(processes.ListProcesses), client_id=client_id, client_mock=action_mocks.ListProcessesMock([process]), token=self.token) result_flow = self.api.Client(client_id=client_id).Flow(flow_id) exported_archive = result_flow.GetExportedResultsArchive( csv_plugin.CSVInstantOutputPlugin.plugin_name) out_fd = io.BytesIO() exported_archive.WriteToStream(out_fd) out_fd.seek(0) zip_fd = zipfile.ZipFile(out_fd, "r") self.assertNotEmpty([n for n in zip_fd.namelist() if "MANIFEST" not in n])
def testDoesNotFetchDuplicates(self): process1 = rdf_client.Process(pid=2, ppid=1, cmdline=["test_img.dd"], exe=os.path.join(self.base_path, "test_img.dd"), ctime=long(1333718907.167083 * 1e6)) process2 = rdf_client.Process(pid=3, ppid=1, cmdline=["test_img.dd", "--arg"], exe=os.path.join(self.base_path, "test_img.dd"), ctime=long(1333718907.167083 * 1e6)) client_mock = action_mocks.ListProcessesMock([process1, process2]) for s in flow_test_lib.TestFlowHelper( flow_processes.ListProcesses.__name__, client_mock, client_id=test_lib.TEST_CLIENT_ID, fetch_binaries=True, token=self.token): session_id = s processes = flow.GRRFlow.ResultCollectionForFID(session_id) self.assertEqual(len(processes), 1)
def testProcessListingOnlyFleetspeak(self): """Test that the ListProcesses flow works with Fleetspeak.""" client_id = self.SetupClient(0) data_store.REL_DB.WriteClientMetadata(client_id, fleetspeak_enabled=True) client_mock = action_mocks.ListProcessesMock([ rdf_client.Process(pid=2, ppid=1, cmdline=["cmd.exe"], exe=r"c:\windows\cmd.exe", ctime=1333718907167083) ]) flow_id = flow_test_lib.TestFlowHelper( flow_processes.ListProcesses.__name__, client_mock, client_id=client_id, token=self.token) processes = flow_test_lib.GetFlowResults(client_id, flow_id) self.assertLen(processes, 1) process, = processes self.assertEqual(process.ctime, 1333718907167083) self.assertEqual(process.cmdline, ["cmd.exe"])
def testListResultsForListProcessesFlow(self): process = rdf_client.Process(pid=2, ppid=1, cmdline=["cmd.exe"], exe="c:\\windows\\cmd.exe", ctime=1333718907167083, RSS_size=42) client_urn = self.SetupClient(0) flow_urn = flow_test_lib.TestFlowHelper( compatibility.GetName(processes.ListProcesses), client_id=client_urn, client_mock=action_mocks.ListProcessesMock([process]), token=self.token) if isinstance(flow_urn, rdfvalue.RDFURN): flow_id = flow_urn.Basename() else: flow_id = flow_urn result_flow = self.api.Client( client_id=client_urn.Basename()).Flow(flow_id) results = list(result_flow.ListResults()) self.assertLen(results, 1) self.assertEqual(process.AsPrimitiveProto(), results[0].payload)
def testWhenFetchingFiltersOutProcessesWithoutExeAndConnectionState(self): client_id = test_lib.TEST_CLIENT_ID p1 = rdf_client.Process(pid=2, ppid=1, cmdline=["test_img.dd"], ctime=long(1333718907.167083 * 1e6)) p2 = rdf_client.Process(pid=2, ppid=1, cmdline=["cmd.exe"], exe="c:\\windows\\cmd.exe", ctime=long(1333718907.167083 * 1e6), connections=rdf_client.NetworkConnection( family="INET", state="ESTABLISHED")) client_mock = action_mocks.ListProcessesMock([p1, p2]) for s in flow_test_lib.TestFlowHelper( flow_processes.ListProcesses.__name__, client_mock, fetch_binaries=True, client_id=client_id, connection_states=["LISTEN"], token=self.token): session_id = s # No output matched. processes = flow.GRRFlow.ResultCollectionForFID(session_id) self.assertEqual(len(processes), 0)
def testProcessListingOnly(self): """Test that the ListProcesses flow works.""" client_id = self.SetupClient(0) client_mock = action_mocks.ListProcessesMock([ rdf_client.Process( pid=2, ppid=1, cmdline=["cmd.exe"], exe="c:\\windows\\cmd.exe", ctime=1333718907167083) ]) flow_urn = flow.StartAFF4Flow( client_id=client_id, flow_name=flow_processes.ListProcesses.__name__, token=self.token) session_id = flow_test_lib.TestFlowHelper( flow_urn, client_mock, client_id=client_id, token=self.token) # Check the output collection processes = flow.GRRFlow.ResultCollectionForFID(session_id) self.assertLen(processes, 1) self.assertEqual(processes[0].ctime, 1333718907167083) self.assertEqual(processes[0].cmdline, ["cmd.exe"])
def testWhenFetchingIgnoresMissingFiles(self): client_id = self.SetupClient(0) process1 = rdf_client.Process( pid=2, ppid=1, cmdline=["test_img.dd"], exe=os.path.join(self.base_path, "test_img.dd"), ctime=1333718907167083) process2 = rdf_client.Process( pid=2, ppid=1, cmdline=["file_that_does_not_exist"], exe=os.path.join(self.base_path, "file_that_does_not_exist"), ctime=1333718907167083) client_mock = action_mocks.ListProcessesMock([process1, process2]) session_id = flow_test_lib.TestFlowHelper( flow_processes.ListProcesses.__name__, client_mock, client_id=client_id, fetch_binaries=True, creator=self.test_username, check_flow_errors=False) binaries = flow_test_lib.GetFlowResults(client_id, session_id) self.assertLen(binaries, 1) self.assertEqual(binaries[0].pathspec.path, process1.exe)
def testDoesNotFetchDuplicates(self): client_id = self.SetupClient(0) process1 = rdf_client.Process( pid=2, ppid=1, cmdline=["test_img.dd"], exe=os.path.join(self.base_path, "test_img.dd"), ctime=1333718907167083) process2 = rdf_client.Process( pid=3, ppid=1, cmdline=["test_img.dd", "--arg"], exe=os.path.join(self.base_path, "test_img.dd"), ctime=1333718907167083) client_mock = action_mocks.ListProcessesMock([process1, process2]) session_id = flow_test_lib.TestFlowHelper( flow_processes.ListProcesses.__name__, client_mock, client_id=client_id, fetch_binaries=True, creator=self.test_username) processes = flow_test_lib.GetFlowResults(client_id, session_id) self.assertLen(processes, 1)
def testPidFiltering(self): client_id = self.SetupClient(0) proc_foo = rdf_client.Process() proc_foo.pid = 42 proc_foo.exe = "/usr/bin/foo" proc_bar = rdf_client.Process() proc_bar.pid = 108 proc_bar.exe = "/usr/bin/bar" proc_baz = rdf_client.Process() proc_baz.pid = 1337 proc_baz.exe = "/usr/bin/baz" args = flow_processes.ListProcessesArgs() args.pids = [42, 1337] client_mock = action_mocks.ListProcessesMock([proc_foo, proc_bar, proc_baz]) flow_id = flow_test_lib.StartAndRunFlow( flow_processes.ListProcesses, client_mock=client_mock, client_id=client_id, flow_args=args, ) results = flow_test_lib.GetFlowResults(client_id=client_id, flow_id=flow_id) self.assertLen(results, 2) result_exes = {result.exe for result in results} self.assertIn("/usr/bin/foo", result_exes) self.assertIn("/usr/bin/baz", result_exes) self.assertNotIn("/usr/bin/bar", result_exes)
def testListResultsForListProcessesFlow(self): process = rdf_client.Process(pid=2, ppid=1, cmdline=["cmd.exe"], exe="c:\\windows\\cmd.exe", ctime=1333718907167083, RSS_size=42) client_urn = self.SetupClient(0) client_mock = action_mocks.ListProcessesMock([process]) flow_urn = flow.StartAFF4Flow( client_id=client_urn, flow_name=processes.ListProcesses.__name__, token=self.token) flow_test_lib.TestFlowHelper(flow_urn, client_mock, client_id=client_urn, token=self.token) result_flow = self.api.Client(client_id=client_urn.Basename()).Flow( flow_urn.Basename()) results = list(result_flow.ListResults()) self.assertEqual(len(results), 1) self.assertEqual(process.AsPrimitiveProto(), results[0].payload)
def ProcessFlow(): time.sleep(1) client_mock = action_mocks.ListProcessesMock([]) flow_test_lib.TestFlowHelper(flow_urn, client_mock, client_id=client_urn, token=self.token)
def testWhenFetchingFiltersOutProcessesWithoutExeAndConnectionState(self): client_id = self.SetupClient(0) p1 = rdf_client.Process( pid=2, ppid=1, cmdline=["test_img.dd"], ctime=1333718907167083) p2 = rdf_client.Process( pid=2, ppid=1, cmdline=["cmd.exe"], exe="c:\\windows\\cmd.exe", ctime=1333718907167083, connections=[ rdf_client_network.NetworkConnection( family="INET", state="ESTABLISHED") ]) client_mock = action_mocks.ListProcessesMock([p1, p2]) session_id = flow_test_lib.TestFlowHelper( flow_processes.ListProcesses.__name__, client_mock, fetch_binaries=True, client_id=client_id, connection_states=["LISTEN"], creator=self.test_username) # No output matched. processes = flow_test_lib.GetFlowResults(client_id, session_id) self.assertEmpty(processes)
def testWhenFetchingIgnoresMissingFiles(self): process1 = rdf_client.Process(pid=2, ppid=1, cmdline=["test_img.dd"], exe=os.path.join(self.base_path, "test_img.dd"), ctime=long(1333718907.167083 * 1e6)) process2 = rdf_client.Process(pid=2, ppid=1, cmdline=["file_that_does_not_exist"], exe=os.path.join( self.base_path, "file_that_does_not_exist"), ctime=long(1333718907.167083 * 1e6)) client_mock = action_mocks.ListProcessesMock([process1, process2]) for s in flow_test_lib.TestFlowHelper( flow_processes.ListProcesses.__name__, client_mock, client_id=test_lib.TEST_CLIENT_ID, fetch_binaries=True, token=self.token, check_flow_errors=False): session_id = s results = flow.GRRFlow.ResultCollectionForFID(session_id) binaries = list(results) self.assertEqual(len(binaries), 1) self.assertEqual(binaries[0].pathspec.path, process1.exe)
def testProcessListingWithFilter(self): """Test that the ListProcesses flow works with filter.""" client_id = self.SetupClient(0) client_mock = action_mocks.ListProcessesMock([ rdf_client.Process( pid=2, ppid=1, cmdline=["cmd.exe"], exe="c:\\windows\\cmd.exe", ctime=long(1333718907.167083 * 1e6)), rdf_client.Process( pid=3, ppid=1, cmdline=["cmd2.exe"], exe="c:\\windows\\cmd2.exe", ctime=long(1333718907.167083 * 1e6)), rdf_client.Process( pid=4, ppid=1, cmdline=["missing_exe.exe"], ctime=long(1333718907.167083 * 1e6)), rdf_client.Process( pid=5, ppid=1, cmdline=["missing2_exe.exe"], ctime=long(1333718907.167083 * 1e6)) ]) flow_urn = flow.GRRFlow.StartFlow( client_id=client_id, flow_name=flow_processes.ListProcesses.__name__, filename_regex=r".*cmd2.exe", token=self.token) session_id = flow_test_lib.TestFlowHelper( flow_urn, client_mock, client_id=client_id, token=self.token) # Expect one result that matches regex processes = flow.GRRFlow.ResultCollectionForFID(session_id) self.assertEqual(len(processes), 1) self.assertEqual(processes[0].ctime, 1333718907167083L) self.assertEqual(processes[0].cmdline, ["cmd2.exe"]) # Expect two skipped results logs = flow.GRRFlow.LogCollectionForFID(flow_urn) for log in logs: if "Skipped 2" in log.log_message: return raise RuntimeError("Skipped process not mentioned in logs")
def testProcessListingOnlyFleetspeak(self): """Test that the ListProcesses flow works with Fleetspeak.""" client_mock = action_mocks.ListProcessesMock([ rdf_client.Process(pid=2, ppid=1, cmdline=["cmd.exe"], exe=r"c:\windows\cmd.exe", ctime=1333718907167083) ]) client_mock.mock_task_queue = [] def SendCallback(fs_msg): pb_msg = jobs_pb2.GrrMessage() fs_msg.data.Unpack(pb_msg) msg = rdf_flows.GrrMessage.FromSerializedString( pb_msg.SerializeToString()) client_mock.mock_task_queue.append(msg) service_name = "GRR" fake_service_client = _FakeGRPCServiceClient( service_name, send_callback=SendCallback) fleetspeak_connector.Reset() fleetspeak_connector.Init(service_client=fake_service_client) with mock.patch.object( fake_service_client.outgoing, "InsertMessage", wraps=fake_service_client.outgoing.InsertMessage): flow_urn = flow.StartFlow( client_id=self.client_id, flow_name=flow_processes.ListProcesses.__name__, token=self.token) session_id = flow_test_lib.TestFlowHelper(flow_urn, client_mock, client_id=self.client_id, token=self.token) fleetspeak_connector.CONN.outgoing.InsertMessage.assert_called() # Check the output collection processes = flow.GRRFlow.ResultCollectionForFID(session_id) self.assertEqual(len(processes), 1) process, = processes self.assertEqual(process.ctime, 1333718907167083) self.assertEqual(process.cmdline, ["cmd.exe"])
def Run(self): client_id = self.SetupClient(0) with test_lib.FakeTime(42): flow_id = flow_test_lib.StartFlow( processes.ListProcesses, client_id, creator=self.test_username) test_process = rdf_client.Process(name="test_process") mock = flow_test_lib.MockClient( client_id, action_mocks.ListProcessesMock([test_process])) mock.Next() replace = api_regression_test_lib.GetFlowTestReplaceDict(client_id, flow_id) self.Check( "ListFlowRequests", args=flow_plugin.ApiListFlowRequestsArgs( client_id=client_id, flow_id=flow_id), replace=replace)
def testProcessListingWithFilter(self): """Test that the ListProcesses flow works with filter.""" client_id = self.SetupClient(0) client_mock = action_mocks.ListProcessesMock([ rdf_client.Process(pid=2, ppid=1, cmdline=["cmd.exe"], exe="c:\\windows\\cmd.exe", ctime=1333718907167083), rdf_client.Process(pid=3, ppid=1, cmdline=["cmd2.exe"], exe="c:\\windows\\cmd2.exe", ctime=1333718907167083), rdf_client.Process(pid=4, ppid=1, cmdline=["missing_exe.exe"], ctime=1333718907167083), rdf_client.Process(pid=5, ppid=1, cmdline=["missing2_exe.exe"], ctime=1333718907167083) ]) session_id = flow_test_lib.TestFlowHelper(compatibility.GetName( flow_processes.ListProcesses), client_mock, client_id=client_id, creator=self.test_username, filename_regex=r".*cmd2.exe") # Expect one result that matches regex processes = flow_test_lib.GetFlowResults(client_id, session_id) self.assertLen(processes, 1) self.assertEqual(processes[0].ctime, 1333718907167083) self.assertEqual(processes[0].cmdline, ["cmd2.exe"]) # Expect two skipped results logs = data_store.REL_DB.ReadFlowLogEntries(client_id, session_id, 0, 100) for log in logs: if "Skipped 2" in log.message: return raise RuntimeError("Skipped process not mentioned in logs")
def testProcessListingFilterConnectionState(self): client_id = self.SetupClient(0) p1 = rdf_client.Process(pid=2, ppid=1, cmdline=["cmd.exe"], exe="c:\\windows\\cmd.exe", ctime=1333718907167083, connections=[ rdf_client_network.NetworkConnection( family="INET", state="CLOSED") ]) p2 = rdf_client.Process(pid=3, ppid=1, cmdline=["cmd2.exe"], exe="c:\\windows\\cmd2.exe", ctime=1333718907167083, connections=[ rdf_client_network.NetworkConnection( family="INET", state="LISTEN") ]) p3 = rdf_client.Process(pid=4, ppid=1, cmdline=["missing_exe.exe"], ctime=1333718907167083, connections=[ rdf_client_network.NetworkConnection( family="INET", state="ESTABLISHED") ]) client_mock = action_mocks.ListProcessesMock([p1, p2, p3]) flow_urn = flow.StartFlow( client_id=client_id, flow_name=flow_processes.ListProcesses.__name__, connection_states=["ESTABLISHED", "LISTEN"], token=self.token) session_id = flow_test_lib.TestFlowHelper(flow_urn, client_mock, client_id=client_id, token=self.token) processes = flow.GRRFlow.ResultCollectionForFID(session_id) self.assertEqual(len(processes), 2) states = set() for process in processes: states.add(str(process.connections[0].state)) self.assertItemsEqual(states, ["ESTABLISHED", "LISTEN"])
def testProcessListingFilterConnectionState(self): client_id = self.SetupClient(0) p1 = rdf_client.Process( pid=2, ppid=1, cmdline=["cmd.exe"], exe="c:\\windows\\cmd.exe", ctime=1333718907167083, connections=[ rdf_client_network.NetworkConnection(family="INET", state="CLOSED") ]) p2 = rdf_client.Process( pid=3, ppid=1, cmdline=["cmd2.exe"], exe="c:\\windows\\cmd2.exe", ctime=1333718907167083, connections=[ rdf_client_network.NetworkConnection(family="INET", state="LISTEN") ]) p3 = rdf_client.Process( pid=4, ppid=1, cmdline=["missing_exe.exe"], ctime=1333718907167083, connections=[ rdf_client_network.NetworkConnection( family="INET", state="ESTABLISHED") ]) client_mock = action_mocks.ListProcessesMock([p1, p2, p3]) session_id = flow_test_lib.TestFlowHelper( compatibility.GetName(flow_processes.ListProcesses), client_mock, client_id=client_id, creator=self.test_username, connection_states=["ESTABLISHED", "LISTEN"]) processes = flow_test_lib.GetFlowResults(client_id, session_id) self.assertLen(processes, 2) states = set() for process in processes: states.add(str(process.connections[0].state)) self.assertCountEqual(states, ["ESTABLISHED", "LISTEN"])
def testProcessListingOnlyFleetspeak(self): """Test that the ListProcesses flow works with Fleetspeak.""" client_mock = action_mocks.ListProcessesMock([ rdf_client.Process(pid=2, ppid=1, cmdline=["cmd.exe"], exe=r"c:\windows\cmd.exe", ctime=1333718907167083) ]) client_mock.mock_task_queue = [] def SendCallback(fs_msg): pb_msg = jobs_pb2.GrrMessage() fs_msg.data.Unpack(pb_msg) msg = rdf_flows.GrrMessage.FromSerializedString( pb_msg.SerializeToString()) client_mock.mock_task_queue.append(msg) fake_conn = _FakeGRPCServiceClient(FS_SERVICE_NAME, send_callback=SendCallback) with fleetspeak_test_lib.ConnectionOverrider(fake_conn): with mock.patch.object(fake_conn.outgoing, "InsertMessage", wraps=fake_conn.outgoing.InsertMessage): session_id = flow_test_lib.TestFlowHelper( flow_processes.ListProcesses.__name__, client_mock, client_id=self.client_id, token=self.token) fleetspeak_connector.CONN.outgoing.InsertMessage.assert_called( ) # Check the output collection processes = flow_test_lib.GetFlowResults(self.client_id, session_id) self.assertLen(processes, 1) process, = processes self.assertEqual(process.ctime, 1333718907167083) self.assertEqual(process.cmdline, ["cmd.exe"])
def testFetchesAndStoresBinary(self): process = rdf_client.Process(pid=2, ppid=1, cmdline=["test_img.dd"], exe=os.path.join(self.base_path, "test_img.dd"), ctime=1333718907167083) client_mock = action_mocks.ListProcessesMock([process]) session_id = flow_test_lib.TestFlowHelper( flow_processes.ListProcesses.__name__, client_mock, client_id=self.SetupClient(0), fetch_binaries=True, token=self.token) results = flow.GRRFlow.ResultCollectionForFID(session_id) binaries = list(results) self.assertEqual(len(binaries), 1) self.assertEqual(binaries[0].pathspec.path, process.exe) self.assertEqual(binaries[0].st_size, os.stat(process.exe).st_size)
def testProcessListingOnly(self): """Test that the ListProcesses flow works.""" client_id = self.SetupClient(0) client_mock = action_mocks.ListProcessesMock([ rdf_client.Process(pid=2, ppid=1, cmdline=["cmd.exe"], exe="c:\\windows\\cmd.exe", ctime=1333718907167083) ]) session_id = flow_test_lib.TestFlowHelper(compatibility.GetName( flow_processes.ListProcesses), client_mock, client_id=client_id, creator=self.test_username) processes = flow_test_lib.GetFlowResults(client_id, session_id) self.assertLen(processes, 1) self.assertEqual(processes[0].ctime, 1333718907167083) self.assertEqual(processes[0].cmdline, ["cmd.exe"])
def testFetchesAndStoresBinary(self): client_id = self.SetupClient(0) process = rdf_client.Process( pid=2, ppid=1, cmdline=["test_img.dd"], exe=os.path.join(self.base_path, "test_img.dd"), ctime=1333718907167083) client_mock = action_mocks.ListProcessesMock([process]) session_id = flow_test_lib.TestFlowHelper( flow_processes.ListProcesses.__name__, client_mock, client_id=client_id, fetch_binaries=True, creator=self.test_username) binaries = flow_test_lib.GetFlowResults(client_id, session_id) self.assertLen(binaries, 1) self.assertEqual(binaries[0].pathspec.path, process.exe) self.assertEqual(binaries[0].st_size, os.stat(process.exe).st_size)
def _StartFlow(self, client_id, flow_cls, **kw): if data_store.RelationalDBFlowsEnabled(): flow_id = flow.StartFlow(flow_cls=flow_cls, client_id=client_id, **kw) # Lease the client message. data_store.REL_DB.LeaseClientMessages( client_id, lease_time=rdfvalue.Duration("10000s")) # Write some responses. response = rdf_flow_objects.FlowResponse( client_id=client_id, flow_id=flow_id, request_id=1, response_id=1, payload=rdf_client.Process(name="test_process")) status = rdf_flow_objects.FlowStatus(client_id=client_id, flow_id=flow_id, request_id=1, response_id=2) data_store.REL_DB.WriteFlowResponses([response, status]) return flow_id else: flow_id = flow.StartAFF4Flow( flow_name=compatibility.GetName(flow_cls), client_id=client_id, token=self.token, **kw).Basename() # Have the client write some responses. test_process = rdf_client.Process(name="test_process") mock = flow_test_lib.MockClient(client_id, action_mocks.ListProcessesMock( [test_process]), token=self.token) mock.Next() return flow_id
def RunOnClients(client_ids, num_processes): client_mock = action_mocks.ListProcessesMock( [rdf_client.Process(pid=1, exe="a.exe")] * num_processes) self.AssignTasksToClients(client_ids) hunt_test_lib.TestHuntHelper( client_mock, client_ids, check_flow_errors=False, token=self.token)
def ProcessFlow(): time.sleep(1) client_mock = action_mocks.ListProcessesMock([]) flow_test_lib.FinishAllFlowsOnClient(client_urn, client_mock=client_mock)