Python ClientSummary示例

示例#1

  def _SampleTwoTypeHuntResults(self,
                                client_id=None,
                                flow_id=None,
                                hunt_id=None,
                                count_per_type=5,
                                timestamp_start=10):
    self.assertIsNotNone(client_id)
    self.assertIsNotNone(flow_id)
    self.assertIsNotNone(hunt_id)

    return [
        rdf_flow_objects.FlowResult(
            client_id=client_id,
            flow_id=flow_id,
            hunt_id=hunt_id,
            tag="tag_%d" % i,
            payload=rdf_client.ClientSummary(
                client_id=client_id,
                system_manufacturer="manufacturer_%d" % i,
                install_date=rdfvalue.RDFDatetime.FromSecondsSinceEpoch(
                    timestamp_start + i))) for i in range(count_per_type)
    ] + [
        rdf_flow_objects.FlowResult(
            client_id=client_id,
            flow_id=flow_id,
            hunt_id=hunt_id,
            tag="tag_%d" % i,
            payload=rdf_client.ClientCrash(
                client_id=client_id,
                timestamp=rdfvalue.RDFDatetime.FromSecondsSinceEpoch(
                    timestamp_start + i))) for i in range(count_per_type)
    ]

示例#2

    def testRdfFormatter(self):
        """Hints format RDF values with arbitrary values and attributes."""
        # Create a complex RDF value
        rdf = rdf_client.ClientSummary()
        rdf.system_info.system = "Linux"
        rdf.system_info.fqdn = "coreai.skynet.com"
        # Users (repeated)
        rdf.users = [rdf_client.User(username=u) for u in ("root", "jconnor")]
        # Interface (nested, repeated)
        addresses = [
            rdf_client_network.NetworkAddress(human_readable_address=a)
            for a in ("1.1.1.1", "2.2.2.2", "3.3.3.3")
        ]
        eth0 = rdf_client_network.Interface(ifname="eth0",
                                            addresses=addresses[:2])
        ppp0 = rdf_client_network.Interface(ifname="ppp0",
                                            addresses=addresses[2:3])
        rdf.interfaces = [eth0, ppp0]

        template = (
            "{system_info.system} {users.username} {interfaces.ifname} "
            "{interfaces.addresses.human_readable_address}\n")
        hinter = hints.Hinter(template=template)
        expected = "Linux root,jconnor eth0,ppp0 1.1.1.1,2.2.2.2,3.3.3.3"
        result = hinter.Render(rdf)
        self.assertEqual(expected, result)

示例#3

  def testClientSummaryToExportedNetworkInterfaceConverter(self):
    mac_address_bytes = b"123456"
    mac_address = text.Hexify(mac_address_bytes)

    summary = rdf_client.ClientSummary(interfaces=[
        rdf_client_network.Interface(
            mac_address=mac_address_bytes,
            ifname="eth0",
            addresses=[
                rdf_client_network.NetworkAddress(
                    address_type=rdf_client_network.NetworkAddress.Family.INET,
                    packed_bytes=socket.inet_pton(socket.AF_INET, "127.0.0.1"),
                ),
                rdf_client_network.NetworkAddress(
                    address_type=rdf_client_network.NetworkAddress.Family.INET,
                    packed_bytes=socket.inet_pton(socket.AF_INET, "10.0.0.1"),
                ),
                rdf_client_network.NetworkAddress(
                    address_type=rdf_client_network.NetworkAddress.Family.INET6,
                    packed_bytes=socket.inet_pton(socket.AF_INET6,
                                                  "2001:720:1500:1::a100"),
                )
            ])
    ])

    converter = client_summary.ClientSummaryToExportedNetworkInterfaceConverter(
    )
    results = list(converter.Convert(self.metadata, summary))
    self.assertLen(results, 1)
    self.assertEqual(results[0].mac_address, mac_address)
    self.assertEqual(results[0].ifname, "eth0")
    self.assertEqual(results[0].ip4_addresses, "127.0.0.1 10.0.0.1")
    self.assertEqual(results[0].ip6_addresses, "2001:720:1500:1::a100")

示例#4

  def testClientSummaryToExportedClientConverter(self):
    summary = rdf_client.ClientSummary()
    metadata = base.ExportedMetadata(hostname="ahostname")

    converter = client_summary.ClientSummaryToExportedClientConverter()
    results = list(converter.Convert(metadata, summary))

    self.assertLen(results, 1)
    self.assertEqual(results[0].metadata.hostname, "ahostname")

示例#5

 def _SampleSingleTypeHuntResults(self, client_id=None, count=10):
     client_id = client_id or "C.1234567890123456"
     return [
         rdf_flow_objects.FlowResult(
             tag="tag_%d" % i,
             payload=rdf_client.ClientSummary(
                 client_id=client_id,
                 system_manufacturer="manufacturer_%d" % i,
                 install_date=rdfvalue.RDFDatetime.FromSecondsSinceEpoch(
                     10 + i))) for i in range(count)
     ]

示例#6

文件： objects.py 项目： tsehori/grr

    def GetSummary(self):
        """Gets a client summary object.

    Returns:
      rdf_client.ClientSummary
    Raises:
      ValueError: on bad cloud type
    """
        summary = rdf_client.ClientSummary()
        summary.client_id = self.client_id
        summary.timestamp = self.timestamp

        summary.system_info.release = self.os_release
        summary.system_info.version = str(self.os_version or "")
        summary.system_info.kernel = self.kernel
        summary.system_info.machine = self.arch
        summary.system_info.install_date = self.install_time
        kb = self.knowledge_base
        if kb:
            summary.system_info.fqdn = kb.fqdn
            summary.system_info.system = kb.os
            summary.users = kb.users
            summary.interfaces = self.interfaces
            summary.client_info = self.startup_info.client_info
            if kb.os_release:
                summary.system_info.release = kb.os_release
                if kb.os_major_version:
                    summary.system_info.version = "%d.%d" % (
                        kb.os_major_version, kb.os_minor_version)

        summary.edr_agents = self.edr_agents
        summary.fleetspeak_validation_info = self.fleetspeak_validation_info

        hwi = self.hardware_info
        if hwi:
            summary.serial_number = hwi.serial_number
            summary.system_manufacturer = hwi.system_manufacturer
            summary.system_uuid = hwi.system_uuid

        cloud_instance = self.cloud_instance
        if cloud_instance:
            summary.cloud_type = cloud_instance.cloud_type
            if cloud_instance.cloud_type == "GOOGLE":
                summary.cloud_instance_id = cloud_instance.google.unique_id
            elif cloud_instance.cloud_type == "AMAZON":
                summary.cloud_instance_id = cloud_instance.amazon.instance_id
            else:
                raise ValueError("Bad cloud type: %s" %
                                 cloud_instance.cloud_type)

        return summary

示例#7

文件： aff4_grr.py 项目： weslambert/grr

    def GetSummary(self):
        """Gets a client summary object.

    Returns:
      rdf_client.ClientSummary
    Raises:
      ValueError: on bad cloud type
    """
        self.max_age = 0
        summary = rdf_client.ClientSummary(client_id=self.urn)
        summary.system_info.system = self.Get(self.Schema.SYSTEM)
        summary.system_info.release = self.Get(self.Schema.OS_RELEASE)
        summary.system_info.version = str(self.Get(self.Schema.OS_VERSION, ""))
        summary.system_info.kernel = self.Get(self.Schema.KERNEL)
        summary.system_info.fqdn = self.Get(self.Schema.FQDN)
        summary.system_info.machine = self.Get(self.Schema.ARCH)
        summary.system_info.install_date = self.Get(self.Schema.INSTALL_DATE)
        kb = self.Get(self.Schema.KNOWLEDGE_BASE)
        if kb:
            summary.users = kb.users
        summary.interfaces = self.Get(self.Schema.INTERFACES)
        summary.client_info = self.Get(self.Schema.CLIENT_INFO)
        hwi = self.Get(self.Schema.HARDWARE_INFO)
        if hwi:
            summary.serial_number = hwi.serial_number
            summary.system_manufacturer = hwi.system_manufacturer
            summary.system_uuid = hwi.system_uuid
        summary.timestamp = self.age
        cloud_instance = self.Get(self.Schema.CLOUD_INSTANCE)
        if cloud_instance:
            summary.cloud_type = cloud_instance.cloud_type
            if cloud_instance.cloud_type == "GOOGLE":
                summary.cloud_instance_id = cloud_instance.google.unique_id
            elif cloud_instance.cloud_type == "AMAZON":
                summary.cloud_instance_id = cloud_instance.amazon.instance_id
            else:
                raise ValueError("Bad cloud type: %s" %
                                 cloud_instance.cloud_type)

        return summary