def GetClientInformation():
return rdf_client.ClientInformation(
client_name=config.CONFIG["Client.name"],
client_description=config.CONFIG["Client.description"],
client_version=int(config.CONFIG["Source.version_numeric"]),
build_time=config.CONFIG["Client.build_time"],
labels=config.CONFIG.Get("Client.labels", default=None))
def testResultMetadataHasGroupedNumberOfReplies(self,
db: abstract_db.Database):
client_id = db_test_utils.InitializeClient(db)
flow = rdf_flow_objects.Flow()
flow.client_id = client_id
flow.flow_id = self._FLOW_ID
db.WriteFlowObject(flow)
flow_obj = FlowBaseTest.Flow(flow)
flow_obj.SendReply(rdf_client.ClientInformation())
flow_obj.SendReply(rdf_client.StartupInfo())
flow_obj.SendReply(rdf_client.StartupInfo())
flow_obj.SendReply(rdf_client.StartupInfo(), tag="foo")
flow_obj.PersistState()
db.WriteFlowObject(flow_obj.rdf_flow)
flow_2 = db.ReadFlowObject(client_id, self._FLOW_ID)
flow_obj_2 = FlowBaseTest.Flow(flow_2)
result_metadata = flow_obj_2.GetResultMetadata()
self.assertLen(result_metadata.num_results_per_type_tag, 3)
sorted_counts = sorted(result_metadata.num_results_per_type_tag,
key=lambda v: (v.type, v.tag))
self.assertEqual(sorted_counts[0].type, "ClientInformation")
self.assertEqual(sorted_counts[0].tag, "")
self.assertEqual(sorted_counts[0].count, 1)
self.assertEqual(sorted_counts[1].type, "StartupInfo")
self.assertEqual(sorted_counts[1].tag, "")
self.assertEqual(sorted_counts[1].count, 2)
self.assertEqual(sorted_counts[2].type, "StartupInfo")
self.assertEqual(sorted_counts[2].tag, "foo")
self.assertEqual(sorted_counts[2].count, 1)
def testResultMetadataAreCorrectlyUpdatedAfterMultiplePersistStateCalls(
self, db: abstract_db.Database):
client_id = db_test_utils.InitializeClient(db)
flow = rdf_flow_objects.Flow()
flow.client_id = client_id
flow.flow_id = self._FLOW_ID
db.WriteFlowObject(flow)
flow_obj = FlowBaseTest.Flow(flow)
flow_obj.SendReply(rdf_client.ClientInformation())
flow_obj.PersistState()
flow_obj.PersistState()
db.WriteFlowObject(flow_obj.rdf_flow)
flow_2 = db.ReadFlowObject(client_id, self._FLOW_ID)
flow_obj_2 = FlowBaseTest.Flow(flow_2)
result_metadata = flow_obj_2.GetResultMetadata()
self.assertLen(result_metadata.num_results_per_type_tag, 1)
self.assertTrue(result_metadata.is_metadata_set)
self.assertEqual(result_metadata.num_results_per_type_tag[0].type,
"ClientInformation")
self.assertEqual(result_metadata.num_results_per_type_tag[0].tag, "")
self.assertEqual(result_metadata.num_results_per_type_tag[0].count, 1)
def GetClientInformation() -> rdf_client.ClientInformation:
return rdf_client.ClientInformation(
client_name=config.CONFIG["Client.name"],
client_binary_name=psutil.Process().name(),
client_description=config.CONFIG["Client.description"],
client_version=int(config.CONFIG["Source.version_numeric"]),
build_time=config.CONFIG["Client.build_time"],
labels=config.CONFIG.Get("Client.labels", default=None),
timeline_btime_support=timeline.BTIME_SUPPORT)
def GetClientInformation(client_id: str) -> rdf_client.ClientInformation:
startup_info = data_store.REL_DB.ReadClientStartupInfo(client_id)
if startup_info is None:
# If we have no startup information, we just return an empty message. This
# makes the code that handles it easier (as it does not have to consider the
# null case) and missing fields have to be taken into consideration anyway.
return rdf_client.ClientInformation()
else:
return startup_info.client_info
def _TestClientInfo(self, labels=None):
res = rdf_client.ClientInformation(
client_name="GRR Monitor",
client_version=config.CONFIG["Source.version_numeric"],
build_time="1980-01-01")
if labels is None:
res.labels = ["label1", "label2"]
else:
res.labels = labels
return res
def GetClientInfo(self, _):
self.response_count += 1
return [
rdf_client.ClientInformation(
client_name=config.CONFIG["Client.name"],
client_version=int(config.CONFIG["Source.version_numeric"]),
build_time=config.CONFIG["Client.build_time"],
labels=["GRRLabel1", "Label2", "[broken]"],
)
]
def GetClientInfo(self, _):
self.response_count += 1
return [
rdf_client.ClientInformation(
client_name=config.CONFIG["Client.name"],
client_version=int(config.CONFIG["Source.version_numeric"]),
build_time=config.CONFIG["Client.build_time"],
labels=[self.LABEL1, self.LABEL2, self.LABEL3],
)
]
def _TestClientInfo(self):
return rdf_client.ClientInformation(
client_name="GRR Monitor",
client_version=config.CONFIG["Source.version_numeric"],
build_time="1980-01-01",
labels=["label1", "label2"])
class SchemaCls(standard.VFSDirectory.SchemaCls):
"""The schema for the client."""
client_index = rdfvalue.RDFURN("aff4:/index/client")
FLEETSPEAK_ENABLED = aff4.Attribute(
"metadata:IsFleetspeak", rdfvalue.RDFBool,
"Whether this client uses Fleetspeak for comms.")
CERT = aff4.Attribute("metadata:cert", rdf_crypto.RDFX509Cert,
"The PEM encoded cert of the client.")
FILESYSTEM = aff4.Attribute("aff4:filesystem", rdf_client_fs.Filesystems,
"Filesystems on the client.")
CLIENT_INFO = aff4.Attribute(
"metadata:ClientInfo",
rdf_client.ClientInformation,
"GRR client information",
"GRR client",
default=rdf_client.ClientInformation())
LAST_BOOT_TIME = aff4.Attribute("metadata:LastBootTime",
rdfvalue.RDFDatetime,
"When the machine was last booted",
"BootTime")
FIRST_SEEN = aff4.Attribute("metadata:FirstSeen", rdfvalue.RDFDatetime,
"First time the client registered with us",
"FirstSeen")
# Information about the host.
HOSTNAME = aff4.Attribute(
"metadata:hostname",
rdfvalue.RDFString,
"Hostname of the host.",
"Host",
index=client_index)
FQDN = aff4.Attribute(
"metadata:fqdn",
rdfvalue.RDFString,
"Fully qualified hostname of the host.",
"FQDN",
index=client_index)
SYSTEM = aff4.Attribute("metadata:system", rdfvalue.RDFString,
"Operating System class.", "System")
UNAME = aff4.Attribute("metadata:uname", rdfvalue.RDFString,
"Uname string.", "Uname")
OS_RELEASE = aff4.Attribute("metadata:os_release", rdfvalue.RDFString,
"OS Major release number.", "Release")
OS_VERSION = aff4.Attribute("metadata:os_version", rdf_client.VersionString,
"OS Version number.", "Version")
# ARCH values come from platform.uname machine value, e.g. x86_64, AMD64.
ARCH = aff4.Attribute("metadata:architecture", rdfvalue.RDFString,
"Architecture.", "Architecture")
INSTALL_DATE = aff4.Attribute("metadata:install_date", rdfvalue.RDFDatetime,
"Install Date.", "Install")
# The knowledge base is used for storing data about the host and users.
# This is currently a slightly odd object as we only use some of the fields.
# The proto itself is used in Artifact handling outside of GRR (e.g. Plaso).
# Over time we will migrate fields into this proto, but for now it is a mix.
KNOWLEDGE_BASE = aff4.Attribute("metadata:knowledge_base",
rdf_client.KnowledgeBase,
"Artifact Knowledge Base", "KnowledgeBase")
GRR_CONFIGURATION = aff4.Attribute(
"aff4:client_configuration", rdf_protodict.Dict,
"Running configuration for the GRR client.", "Config")
LIBRARY_VERSIONS = aff4.Attribute(
"aff4:library_versions", rdf_protodict.Dict,
"Running library versions for the client.", "Libraries")
USERNAMES = aff4.Attribute(
"aff4:user_names",
SpaceSeparatedStringArray,
"A space separated list of system users.",
"Usernames",
index=client_index)
# This information is duplicated from the INTERFACES attribute but is done
# to allow for fast searching by mac address.
MAC_ADDRESS = aff4.Attribute(
"aff4:mac_addresses",
rdfvalue.RDFString,
"A hex encoded MAC address.",
"MAC",
index=client_index)
KERNEL = aff4.Attribute("aff4:kernel_version", rdfvalue.RDFString,
"Kernel version string.", "KernelVersion")
# Same for IP addresses.
HOST_IPS = aff4.Attribute(
"aff4:host_ips",
rdfvalue.RDFString,
"An IP address.",
"Host_ip",
index=client_index)
PING = aff4.Attribute(
"metadata:ping",
rdfvalue.RDFDatetime,
"The last time the server heard from this client.",
"LastCheckin",
versioned=False,
default=0)
CLOCK = aff4.Attribute(
"metadata:clock",
rdfvalue.RDFDatetime, "The last clock read on the client "
"(Can be used to estimate client clock skew).",
"Clock",
versioned=False)
CLIENT_IP = aff4.Attribute(
"metadata:client_ip",
rdfvalue.RDFString,
"The ip address this client connected from.",
"Client_ip",
versioned=False)
# This is the last foreman rule that applied to us
LAST_FOREMAN_TIME = aff4.Attribute(
"aff4:last_foreman_time",
rdfvalue.RDFDatetime,
"The last time the foreman checked us.",
versioned=False)
LAST_CRASH = aff4.Attribute(
"aff4:last_crash",
rdf_client.ClientCrash,
"Last client crash.",
creates_new_object_version=False,
versioned=False)
VOLUMES = aff4.Attribute("aff4:volumes", rdf_client_fs.Volumes,
"Client disk volumes.")
INTERFACES = aff4.Attribute("aff4:interfaces",
rdf_client_network.Interfaces,
"Network interfaces.", "Interfaces")
HARDWARE_INFO = aff4.Attribute(
"aff4:hardware_info",
rdf_client.HardwareInfo,
"Various hardware information.",
default=rdf_client.HardwareInfo())
MEMORY_SIZE = aff4.Attribute("aff4:memory_size", rdfvalue.ByteSize,
"Amount of memory this client's machine has.")
# Cloud VM information.
CLOUD_INSTANCE = aff4.Attribute("metadata:cloud_instance",
rdf_cloud.CloudInstance,
"Information about cloud machines.")
def testAFF4CreateAndSet(self):
"""How long does it take to create and set properties."""
client_info = rdf_client.ClientInformation(
client_name="GRR", client_description="Description")
def CreateAFF4Object():
"""Blind write a VFSGRRClient with 1000 client info attributes."""
fd = aff4.FACTORY.Create("C.1234567812345678",
aff4_grr.VFSGRRClient,
token=self.token)
fd.Set(fd.Schema.HOSTNAME("Foobar"))
for _ in range(1000):
fd.AddAttribute(fd.Schema.CLIENT_INFO, client_info)
fd.Close()
# Time creation into an empty data store.
self.TimeIt(CreateAFF4Object, pre=data_store.DB.ClearTestDB)
# Now we want to measure the time to read one of these object.
data_store.DB.ClearTestDB()
CreateAFF4Object()
def ReadAFF4Object():
fd = aff4.FACTORY.Open("C.1234567812345678",
token=self.token,
age=aff4.ALL_TIMES)
self.assertEqual(fd.Get(fd.Schema.HOSTNAME), "Foobar")
self.TimeIt(ReadAFF4Object, name="Read attribute from AFF4Object")
def ReadVersionedAFF4Attribute():
fd = aff4.FACTORY.Open("C.1234567812345678",
token=self.token,
age=aff4.ALL_TIMES)
for x in fd.GetValuesForAttribute(fd.Schema.CLIENT_INFO):
self.assertEqual(x.client_name, "GRR")
self.TimeIt(ReadVersionedAFF4Attribute,
name="Read heavily versioned Attributes")
def ReadSomeVersionedAFF4Attribute():
fd = aff4.FACTORY.Open("C.1234567812345678",
token=self.token,
age=aff4.ALL_TIMES)
# Only read the top 5 attributes.
for i, x in enumerate(
fd.GetValuesForAttribute(fd.Schema.CLIENT_INFO)):
self.assertEqual(x.client_name, "GRR")
if i > 50:
break
self.TimeIt(ReadSomeVersionedAFF4Attribute,
name="Read few versioned Attributes")
# Using Get() on a multi versioned object should only parse one value.
def ReadAVersionedAFF4Attribute():
fd = aff4.FACTORY.Open("C.1234567812345678",
token=self.token,
age=aff4.ALL_TIMES)
x = fd.Get(fd.Schema.CLIENT_INFO)
self.assertEqual(x.client_name, "GRR")
self.TimeIt(ReadAVersionedAFF4Attribute,
name="Read one versioned Attributes")
