def GetReportData(self, get_report_args, token):
"""Filter the cron job approvals in the given timerange."""
ret = rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.AUDIT_CHART,
audit_chart=rdf_report_plugins.ApiAuditChartReportData(
used_fields=self.__class__.USED_FIELDS))
try:
timerange_offset = get_report_args.duration
timerange_end = get_report_args.start_time + timerange_offset
rows = []
try:
for event in report_utils.GetAuditLogEntries(
timerange_offset, timerange_end, token):
if event.action in self.__class__.TYPES:
rows.append(event)
except ValueError: # Couldn't find any logs..
pass
except IOError:
pass
rows.sort(key=lambda row: row.timestamp, reverse=True)
ret.audit_chart.rows = rows
return ret
def GetReportData(self, get_report_args, token):
"""Extract only the operating system type from the active histogram."""
ret = rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.PIE_CHART)
try:
fd = aff4.FACTORY.Open(
rdfvalue.RDFURN("aff4:/stats/ClientFleetStats").Add(
get_report_args.client_label),
token=token)
for graph in fd.Get(
aff4_stats.ClientFleetStats.SchemaCls.RELEASE_HISTOGRAM):
# Find the correct graph and merge the OS categories together
if "%s day" % self.__class__.ACTIVE_DAYS in graph.title:
for sample in graph:
ret.pie_chart.data.Append(
rdf_report_plugins.ApiReportDataPoint1D(
label=sample.label, x=sample.y_value))
break
except (IOError, TypeError):
pass
ret.pie_chart.data = sorted(ret.pie_chart.data,
key=lambda point: point.label)
return ret
def GetReportData(self, get_report_args, token):
"""Filter the last week of user actions."""
ret = rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.PIE_CHART)
try:
timerange_offset = get_report_args.duration
timerange_end = get_report_args.start_time + timerange_offset
counts = {}
try:
for event in report_utils.GetAuditLogEntries(
timerange_offset, timerange_end, token):
counts.setdefault(event.user, 0)
counts[event.user] += 1
except ValueError: # Couldn't find any logs..
pass
ret.pie_chart.data = sorted(
(rdf_report_plugins.ApiReportDataPoint1D(x=count, label=user)
for user, count in counts.iteritems()
if user not in aff4_users.GRRUser.SYSTEM_USERS),
key=lambda series: series.label)
except IOError:
pass
return ret
def GetReportData(self, get_report_args, token):
ret = rdf_report_plugins.ApiReportData(
representation_type=RepresentationType.STACK_CHART,
stack_chart=rdf_report_plugins.ApiStackChartReportData(x_ticks=[]))
counts = self._GetFlows(get_report_args, token)
total_counts = collections.Counter(
{flow: sum(cts.values())
for flow, cts in iteritems(counts)})
for i, (flow, total_count) in enumerate(total_counts.most_common()):
topusercounts = counts[flow].most_common(3)
topusers = ", ".join("{} ({})".format(user, count)
for user, count in topusercounts)
ret.stack_chart.data.append(
rdf_report_plugins.ApiReportDataSeries2D(
# \u2003 is an emspace, a long whitespace character.
label="{}\u2003Run By: {}".format(flow, topusers),
points=[
rdf_report_plugins.ApiReportDataPoint2D(x=i,
y=total_count)
]))
return ret
def GetReportData(self, get_report_args, token):
"""Show how the last active breakdown evolved over time."""
report = rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.LINE_CHART)
series_with_timestamps = client_report_utils.FetchAllGraphSeries(
get_report_args.client_label,
rdf_stats.ClientGraphSeries.ReportType.N_DAY_ACTIVE,
period=rdfvalue.Duration.From(180, rdfvalue.DAYS))
categories = {}
for timestamp, graph_series in sorted(
iteritems(series_with_timestamps)):
self._ProcessGraphSeries(graph_series, timestamp, categories)
series = []
for label, points in iteritems(categories):
series.append(
rdf_report_plugins.ApiReportDataSeries2D(
label=label,
points=(rdf_report_plugins.ApiReportDataPoint2D(x=x, y=y)
for x, y in points)))
report.line_chart.data = sorted(series,
key=lambda s: int(s.label.split()[0]),
reverse=True)
return report
def testHuntActionsReportPluginWithNoActivityToReport(self):
report = report_plugins.GetReportByName(
server_report_plugins.HuntActionsReportPlugin.__name__)
now = rdfvalue.RDFDatetime().Now()
month_duration = rdfvalue.Duration("30d")
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(
name=report.__class__.__name__,
start_time=now - month_duration,
duration=month_duration),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.AUDIT_CHART,
audit_chart=rdf_report_plugins.ApiAuditChartReportData(
used_fields=[
"action", "description", "flow_name", "timestamp", "urn",
"user"
],
rows=[])))
def testUserFlowsReportPlugin(self):
client_id = self.SetupClient(1)
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")):
AddFakeAuditLog(user="******")
data_store.REL_DB.WriteFlowObject(
rdf_flow_objects.Flow(flow_class_name="GetClientStats",
creator="User123",
client_id=client_id,
flow_id="E0000000",
create_time=rdfvalue.RDFDatetime.Now()))
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22")):
for i in range(10):
data_store.REL_DB.WriteFlowObject(
rdf_flow_objects.Flow(
flow_class_name="GetClientStats",
creator="User123",
client_id=client_id,
flow_id="{:08X}".format(i),
create_time=rdfvalue.RDFDatetime.Now()))
AddFakeAuditLog(user="******")
data_store.REL_DB.WriteFlowObject(
rdf_flow_objects.Flow(flow_class_name="ArtifactCollectorFlow",
creator="User456",
client_id=client_id,
flow_id="F0000000",
create_time=rdfvalue.RDFDatetime.Now()))
AddFakeAuditLog(user="******")
report = report_plugins.GetReportByName(
server_report_plugins.UserFlowsReportPlugin.__name__)
start = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/15")
month_duration = rdfvalue.Duration.From(30, rdfvalue.DAYS)
api_report_data = report.GetReportData(stats_api.ApiGetReportArgs(
name=report.__class__.__name__,
start_time=start,
duration=month_duration),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=RepresentationType.STACK_CHART,
stack_chart=rdf_report_plugins.ApiStackChartReportData(
x_ticks=[],
data=[
rdf_report_plugins.ApiReportDataSeries2D(
label=u"GetClientStats\u2003Run By: User123 (10)",
points=[ApiReportDataPoint2D(x=0, y=10)]),
rdf_report_plugins.ApiReportDataSeries2D(
label=
u"ArtifactCollectorFlow\u2003Run By: User456 (1)",
points=[ApiReportDataPoint2D(x=1, y=1)])
])))
def GetReportData(self, get_report_args, token):
"""Show how the last active breakdown evolved over time."""
report = rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.LINE_CHART)
series_with_timestamps = client_report_utils.FetchAllGraphSeries(
get_report_args.client_label,
rdf_stats.ClientGraphSeries.ReportType.GRR_VERSION,
period=rdfvalue.DurationSeconds("180d"))
categories = {}
for timestamp, graph_series in sorted(
iteritems(series_with_timestamps)):
self._ProcessGraphSeries(graph_series, timestamp, categories)
graphs = []
for k, v in iteritems(categories):
graph = dict(label=k, data=v)
graphs.append(graph)
report.line_chart.data = sorted(
(rdf_report_plugins.ApiReportDataSeries2D(
label=label,
points=(rdf_report_plugins.ApiReportDataPoint2D(x=x, y=y)
for x, y in points))
for label, points in iteritems(categories)),
key=lambda series: series.label)
return report
def GetReportData(self, get_report_args, token):
"""Filter the last week of user actions."""
ret = rdf_report_plugins.ApiReportData(
representation_type=RepresentationType.STACK_CHART)
now = rdfvalue.RDFDatetime.Now()
weeks = range(-self.WEEKS, 0, 1)
week_duration = rdfvalue.Duration("7d")
user_activity = collections.defaultdict(
lambda: {week: 0
for week in weeks})
for username, timestamp in self._LoadUserActivity(token):
week = (timestamp - now).seconds // week_duration.seconds
if week in user_activity[username]:
user_activity[username][week] += 1
user_activity = sorted(iteritems(user_activity))
user_activity = [(user, data) for user, data in user_activity
if user not in aff4_users.GRRUser.SYSTEM_USERS]
ret.stack_chart.data = [
rdf_report_plugins.ApiReportDataSeries2D(
label=user,
points=(rdf_report_plugins.ApiReportDataPoint2D(x=x, y=y)
for x, y in sorted(data.items())))
for user, data in user_activity
]
return ret
def GetReportData(self, get_report_args, token):
ret = rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.RepresentationType.
STACK_CHART)
database = {
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/11"): (1, 0),
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/12"): (2, 1),
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/13"): (3, 2),
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14"): (5, 3),
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/15"): (8, 4),
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/16"): (13, 5),
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/17"): (21, 6),
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/18"): (34, 7)
}
ret.stack_chart.data = [
rdf_report_plugins.ApiReportDataSeries2D(
label="Bar",
points=[
rdf_report_plugins.ApiReportDataPoint2D(x=x, y=y)
for (t, (x, y)) in sorted(iteritems(database))
if get_report_args.start_time <= t and
t < get_report_args.start_time + get_report_args.duration
])
]
return ret
def testMostActiveUsersReportPlugin(self):
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")):
AddFakeAuditLog(
"Fake audit description 14 Dec.",
"C.123",
"User123",
token=self.token)
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22")):
for _ in range(10):
AddFakeAuditLog(
"Fake audit description 22 Dec.",
"C.123",
"User123",
token=self.token)
AddFakeAuditLog(
"Fake audit description 22 Dec.",
"C.456",
"User456",
token=self.token)
report = report_plugins.GetReportByName(
server_report_plugins.MostActiveUsersReportPlugin.__name__)
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/31")):
now = rdfvalue.RDFDatetime().Now()
month_duration = rdfvalue.Duration("30d")
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(
name=report.__class__.__name__,
start_time=now - month_duration,
duration=month_duration),
token=self.token)
# pyformat: disable
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.PIE_CHART,
pie_chart=rdf_report_plugins.ApiPieChartReportData(
data=[
rdf_report_plugins.ApiReportDataPoint1D(
label="User123",
x=11
),
rdf_report_plugins.ApiReportDataPoint1D(
label="User456",
x=1
)
]
)))
def GetReportData(self, get_report_args):
"""Filter the hunt actions in the given timerange."""
ret = rdf_report_plugins.ApiReportData(
representation_type=RepresentationType.AUDIT_CHART,
audit_chart=rdf_report_plugins.ApiAuditChartReportData(
used_fields=self.USED_FIELDS))
ret.audit_chart.rows = _LoadAuditEvents(self.HANDLERS, get_report_args)
return ret
def testUserActivityReportPlugin(self):
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")):
AddFakeAuditLog(user="******", token=self.token)
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22")):
for _ in range(10):
AddFakeAuditLog(user="******", token=self.token)
AddFakeAuditLog(user="******", token=self.token)
report = report_plugins.GetReportByName(
server_report_plugins.UserActivityReportPlugin.__name__)
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/31")):
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(name=report.__class__.__name__),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=RepresentationType.STACK_CHART,
stack_chart=rdf_report_plugins.ApiStackChartReportData(
data=[
rdf_report_plugins.ApiReportDataSeries2D(
label=u"User123",
points=[
ApiReportDataPoint2D(x=-10, y=0),
ApiReportDataPoint2D(x=-9, y=0),
ApiReportDataPoint2D(x=-8, y=0),
ApiReportDataPoint2D(x=-7, y=0),
ApiReportDataPoint2D(x=-6, y=0),
ApiReportDataPoint2D(x=-5, y=0),
ApiReportDataPoint2D(x=-4, y=0),
ApiReportDataPoint2D(x=-3, y=1),
ApiReportDataPoint2D(x=-2, y=10),
ApiReportDataPoint2D(x=-1, y=0)
]),
rdf_report_plugins.ApiReportDataSeries2D(
label=u"User456",
points=[
ApiReportDataPoint2D(x=-10, y=0),
ApiReportDataPoint2D(x=-9, y=0),
ApiReportDataPoint2D(x=-8, y=0),
ApiReportDataPoint2D(x=-7, y=0),
ApiReportDataPoint2D(x=-6, y=0),
ApiReportDataPoint2D(x=-5, y=0),
ApiReportDataPoint2D(x=-4, y=0),
ApiReportDataPoint2D(x=-3, y=0),
ApiReportDataPoint2D(x=-2, y=1),
ApiReportDataPoint2D(x=-1, y=0)
])
])))
def testSystemFlowsReportPlugin(self):
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")):
AddFakeAuditLog(
action=rdf_events.AuditEvent.Action.RUN_FLOW,
user="******",
flow_name="Flow123",
token=self.token)
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22")):
for _ in range(10):
AddFakeAuditLog(
action=rdf_events.AuditEvent.Action.RUN_FLOW,
user="******",
flow_name="Flow123",
token=self.token)
AddFakeAuditLog(
action=rdf_events.AuditEvent.Action.RUN_FLOW,
user="******",
flow_name="Flow456",
token=self.token)
report = report_plugins.GetReportByName(
server_report_plugins.SystemFlowsReportPlugin.__name__)
start = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/15")
month_duration = rdfvalue.Duration("30d")
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(
name=report.__class__.__name__,
start_time=start,
duration=month_duration),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.STACK_CHART,
stack_chart=rdf_report_plugins.ApiStackChartReportData(
x_ticks=[],
data=[
rdf_report_plugins.ApiReportDataSeries2D(
label=u"Flow123\u2003Run By: GRR (10)",
points=[
rdf_report_plugins.ApiReportDataPoint2D(x=0, y=10)
]),
rdf_report_plugins.ApiReportDataSeries2D(
label=u"Flow456\u2003Run By: GRR (1)",
points=[
rdf_report_plugins.ApiReportDataPoint2D(x=1, y=1)
])
])))
def GetReportData(self, get_report_args=None):
"""Filter the cron job approvals in the given timerange."""
ret = rdf_report_plugins.ApiReportData(
representation_type=RepresentationType.AUDIT_CHART,
audit_chart=rdf_report_plugins.ApiAuditChartReportData(
used_fields=self.USED_FIELDS))
ret.audit_chart.rows = _LoadAuditEvents(
self.HANDLERS, get_report_args, transformers=[_ExtractClientIdFromPath])
return ret
def GetReportData(self, get_report_args, token):
ret = rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.STACK_CHART,
stack_chart=rdf_report_plugins.ApiStackChartReportData(x_ticks=[]))
# TODO(user): move the calculation to a cronjob and store results in
# AFF4.
try:
timerange_offset = get_report_args.duration
timerange_end = get_report_args.start_time + timerange_offset
# Store run count total and per-user
counts = {}
try:
for event in report_utils.GetAuditLogEntries(
timerange_offset, timerange_end, token):
if (event.action == rdf_events.AuditEvent.Action.RUN_FLOW
and self.UserFilter(event.user)):
counts.setdefault(event.flow_name, {
"total": 0,
event.user: 0
})
counts[event.flow_name]["total"] += 1
counts[event.flow_name].setdefault(event.user, 0)
counts[event.flow_name][event.user] += 1
except ValueError: # Couldn't find any logs..
pass
for i, (flow, countdict) in enumerate(
sorted(counts.iteritems(),
key=lambda x: x[1]["total"],
reverse=True)):
total_count = countdict["total"]
countdict.pop("total")
topusercounts = sorted(countdict.iteritems(),
key=operator.itemgetter(1),
reverse=True)[:3]
topusers = ", ".join("%s (%s)" % (user, count)
for user, count in topusercounts)
ret.stack_chart.data.append(
rdf_report_plugins.ApiReportDataSeries2D(
# \u2003 is an emspace, a long whitespace character.
label=u"%s\u2003Run By: %s" % (flow, topusers),
points=[
rdf_report_plugins.ApiReportDataPoint2D(
x=i, y=total_count)
]))
except IOError:
pass
return ret
def testUserActivityReportPluginWithNoActivityToReport(self):
report = report_plugins.GetReportByName(
server_report_plugins.UserActivityReportPlugin.__name__)
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(name=report.__class__.__name__),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=RepresentationType.STACK_CHART,
stack_chart=rdf_report_plugins.ApiStackChartReportData(data=[])))
def testOSReleaseBreakdownReportPluginWithNoDataToReport(self):
report = report_plugins.GetReportByName(
client_report_plugins.OSReleaseBreakdown30ReportPlugin.__name__)
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(name=report.__class__.__name__,
client_label="Linux--buster/sid"))
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
pie_chart=rdf_report_plugins.ApiPieChartReportData(data=[]),
representation_type=RepresentationType.PIE_CHART))
def testUserActivityReportPlugin(self):
entries = {
"2012/12/02": ["User123"],
"2012/12/07": ["User123"],
"2012/12/15": ["User123"] * 2 + ["User456"],
"2012/12/23": ["User123"] * 10,
"2012/12/28": ["User123"],
}
for date_string, usernames in entries.items():
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable(date_string)):
for username in usernames:
AddFakeAuditLog(user=username)
report = report_plugins.GetReportByName(
server_report_plugins.UserActivityReportPlugin.__name__)
# Use 15 days which will be rounded up to 3 full weeks.
duration = rdfvalue.DurationSeconds.FromDays(15)
start_time = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/07")
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(
name=report.__class__.__name__,
start_time=start_time,
duration=duration),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=RepresentationType.STACK_CHART,
stack_chart=rdf_report_plugins.ApiStackChartReportData(data=[
rdf_report_plugins.ApiReportDataSeries2D(
label=u"User123",
points=[
ApiReportDataPoint2D(x=0, y=1),
ApiReportDataPoint2D(x=1, y=2),
ApiReportDataPoint2D(x=2, y=10),
]),
rdf_report_plugins.ApiReportDataSeries2D(
label=u"User456",
points=[
ApiReportDataPoint2D(x=0, y=0),
ApiReportDataPoint2D(x=1, y=1),
ApiReportDataPoint2D(x=2, y=0),
])
])))
def GetReportData(self, get_report_args, token):
"""Filter the last week of user actions."""
ret = rdf_report_plugins.ApiReportData(
representation_type=RepresentationType.PIE_CHART)
counts = self._GetUserCounts(get_report_args, token)
for username in aff4_users.GRRUser.SYSTEM_USERS:
del counts[username]
ret.pie_chart.data = [
rdf_report_plugins.ApiReportDataPoint1D(x=count, label=user)
for user, count in sorted(iteritems(counts))
]
return ret
def testGRRVersionReportPluginWithNoActivityToReport(self):
# Scan for activity to be reported.
cron_system.GRRVersionBreakDownCronJob(None, None).Run()
report = report_plugins.GetReportByName(
client_report_plugins.GRRVersion30ReportPlugin.__name__)
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(name=report.__class__.__name__,
client_label="All"))
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=RepresentationType.LINE_CHART,
line_chart=rdf_report_plugins.ApiLineChartReportData(data=[])))
def GetReportData(self, get_report_args, token):
"""Report file frequency by client count."""
x_ticks = []
for e in range(15):
x = 32**e
x_ticks.append(
rdf_report_plugins.ApiReportTickSpecifier(
x=self._Log(x), label=self._BytesToHumanReadable(x)))
ret = rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.STACK_CHART,
stack_chart=rdf_report_plugins.ApiStackChartReportData(
x_ticks=x_ticks, bar_width=.2))
data = ()
try:
fd = aff4.FACTORY.Open("aff4:/stats/FileStoreStats", token=token)
graph = fd.Get(aff4_stats.FilestoreStats.SchemaCls.
FILESTORE_FILESIZE_HISTOGRAM)
if graph:
data = graph.data
except (IOError, TypeError):
pass
xs = [point.x_value for point in data]
ys = [point.y_value for point in data]
labels = [
"%s - %s" % (self._BytesToHumanReadable(
int(x0)), self._BytesToHumanReadable(int(x1)))
for x0, x1 in itertools.izip(xs[:-1], xs[1:])
]
last_x = data[-1].x_value
labels.append(
# \u221E is the infinity sign.
u"%s - \u221E" % self._BytesToHumanReadable(int(last_x)))
ret.stack_chart.data = (rdf_report_plugins.ApiReportDataSeries2D(
label=label,
points=[
rdf_report_plugins.ApiReportDataPoint2D(x=self._Log(x), y=y)
]) for label, x, y in itertools.izip(labels, xs, ys))
return ret
def testLastActiveReportPluginWithNoActivityToReport(self):
# Scan for activity to be reported.
flow_test_lib.TestFlowHelper(cron_system.LastAccessStats.__name__,
token=self.token)
report = report_plugins.GetReportByName(
client_report_plugins.LastActiveReportPlugin.__name__)
api_report_data = report.GetReportData(stats_api.ApiGetReportArgs(
name=report.__class__.__name__, client_label="All"),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=RepresentationType.LINE_CHART,
line_chart=rdf_report_plugins.ApiLineChartReportData(data=[])))
def testUserFlowsReportPluginWithNoActivityToReport(self):
report = report_plugins.GetReportByName(
server_report_plugins.UserFlowsReportPlugin.__name__)
now = rdfvalue.RDFDatetime().Now()
month_duration = rdfvalue.Duration.From(30, rdfvalue.DAYS)
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(name=report.__class__.__name__,
start_time=now - month_duration,
duration=month_duration))
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=RepresentationType.STACK_CHART,
stack_chart=rdf_report_plugins.ApiStackChartReportData(
x_ticks=[])))
def testUserActivityReportPluginWithNoActivityToReport(self):
report = report_plugins.GetReportByName(
server_report_plugins.UserActivityReportPlugin.__name__)
duration = rdfvalue.Duration.From(14, rdfvalue.DAYS)
start_time = rdfvalue.RDFDatetime.Now() - duration
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(name=report.__class__.__name__,
start_time=start_time,
duration=duration))
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=RepresentationType.STACK_CHART,
stack_chart=rdf_report_plugins.ApiStackChartReportData(
data=[])))
def testClientApprovalsReportPluginWithNoActivityToReport(self):
report = report_plugins.GetReportByName(
server_report_plugins.ClientApprovalsReportPlugin.__name__)
now = rdfvalue.RDFDatetime().Now()
month_duration = rdfvalue.Duration.From(30, rdfvalue.DAYS)
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(name=report.__class__.__name__,
start_time=now - month_duration,
duration=month_duration))
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=RepresentationType.AUDIT_CHART,
audit_chart=rdf_report_plugins.ApiAuditChartReportData(
used_fields=["action", "client", "timestamp", "user"],
rows=[])))
def testMostActiveUsersReportPluginWithNoActivityToReport(self):
report = report_plugins.GetReportByName(
server_report_plugins.MostActiveUsersReportPlugin.__name__)
now = rdfvalue.RDFDatetime().Now()
month_duration = rdfvalue.Duration("30d")
api_report_data = report.GetReportData(stats_api.ApiGetReportArgs(
name=report.__class__.__name__,
start_time=now - month_duration,
duration=month_duration),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.PIE_CHART,
pie_chart=rdf_report_plugins.ApiPieChartReportData(data=[])))
def GetReportData(self, get_report_args, token):
"""Show how the last active breakdown evolved over time."""
ret = rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.LINE_CHART)
try:
# now
end_time = int(time.time() * 1e6)
# half a year ago
start_time = end_time - (60 * 60 * 24 * 1000000 * 180)
fd = aff4.FACTORY.Open(
rdfvalue.RDFURN("aff4:/stats/ClientFleetStats").Add(
get_report_args.client_label),
token=token,
age=(start_time, end_time))
categories = {}
for graph_series in fd.GetValuesForAttribute(
aff4_stats.ClientFleetStats.SchemaCls.
LAST_CONTACTED_HISTOGRAM):
self._ProcessGraphSeries(graph_series, categories)
graphs = []
for k, v in categories.items():
graph = dict(label=k, data=v)
graphs.append(graph)
ret.line_chart.data = sorted(
(rdf_report_plugins.ApiReportDataSeries2D(
label=label,
points=(rdf_report_plugins.ApiReportDataPoint2D(x=x, y=y)
for x, y in points))
for label, points in categories.iteritems()),
key=lambda series: int(series.label.split()[0]),
reverse=True)
except IOError:
pass
return ret
def GetReportData(self, get_report_args, token):
"""Filter the last week of user actions."""
ret = rdf_report_plugins.ApiReportData(
representation_type=RepresentationType.STACK_CHART)
week_duration = rdfvalue.Duration.From(7, rdfvalue.DAYS)
num_weeks = int(
math.ceil(
rdfvalue.Duration(get_report_args.duration).ToFractional(
rdfvalue.SECONDS) /
week_duration.ToFractional(rdfvalue.SECONDS)))
weeks = range(0, num_weeks)
start_time = get_report_args.start_time
end_time = start_time + num_weeks * week_duration
user_activity = collections.defaultdict(
lambda: {week: 0
for week in weeks})
entries = self._LoadUserActivity(start_time=get_report_args.start_time,
end_time=end_time,
token=token)
for username, timestamp, count in entries:
week = (timestamp - start_time).ToInt(
rdfvalue.SECONDS) // week_duration.ToInt(rdfvalue.SECONDS)
if week in user_activity[username]:
user_activity[username][week] += count
user_activity = sorted(iteritems(user_activity))
user_activity = [(user, data) for user, data in user_activity
if user not in access_control.SYSTEM_USERS]
ret.stack_chart.data = [
rdf_report_plugins.ApiReportDataSeries2D(
label=user,
points=(rdf_report_plugins.ApiReportDataPoint2D(x=x, y=y)
for x, y in sorted(data.items())))
for user, data in user_activity
]
return ret
def testOSBreakdownReportPlugin(self):
# Add a client to be reported.
self.SetupClients(1)
# Scan for clients to be reported (the one we just added).
cron_system.OSBreakDownCronJob(None, None).Run()
report = report_plugins.GetReportByName(
client_report_plugins.OSBreakdown30ReportPlugin.__name__)
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(name=report.__class__.__name__,
client_label="All"))
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
pie_chart=rdf_report_plugins.ApiPieChartReportData(data=[
rdf_report_plugins.ApiReportDataPoint1D(label="Linux", x=1)
]),
representation_type=RepresentationType.PIE_CHART))
