Use implementation_type=DIRECT for VfsFileFinder calls inside interro…

…gate.
google · Nov 15, 2023 · 8f94465 · 8f94465
1 parent 4b78067
commit 8f94465
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 16 deletions.
diff --git a/grr/client/grr_response_client/vfs.py b/grr/client/grr_response_client/vfs.py
@@ -29,8 +29,8 @@
 # TODO: Dictionary keys are of type rdf_paths.PathSpec.PathType,
 # but this is currently not representable as type information in Python.
 VFS_HANDLERS: Dict[Any, Type[vfs_base.VFSHandler]] = {}
-_VFS_HANDLERS_DIRECT: Dict[Any, Type[vfs_base.VFSHandler]] = {}
-_VFS_HANDLERS_SANDBOX: Dict[Any, Type[vfs_base.VFSHandler]] = {}
+VFS_HANDLERS_DIRECT: Dict[Any, Type[vfs_base.VFSHandler]] = {}
+VFS_HANDLERS_SANDBOX: Dict[Any, Type[vfs_base.VFSHandler]] = {}
 
 # The paths we should use as virtual root for VFS operations.
 _VFS_VIRTUALROOTS = {}
@@ -39,8 +39,8 @@
 def Init():
   """Register all known vfs handlers to open a pathspec types."""
   VFS_HANDLERS.clear()
-  _VFS_HANDLERS_DIRECT.clear()
-  _VFS_HANDLERS_SANDBOX.clear()
+  VFS_HANDLERS_DIRECT.clear()
+  VFS_HANDLERS_SANDBOX.clear()
   _VFS_VIRTUALROOTS.clear()
   vfs_virtualroots = config.CONFIG["Client.vfs_virtualroots"]
 
@@ -58,15 +58,15 @@ def Init():
     VFS_HANDLERS[vfs_registry.RegistryFile
                  .supported_pathtype] = vfs_registry.RegistryFile
 
-  _VFS_HANDLERS_DIRECT.update(VFS_HANDLERS)
-  _VFS_HANDLERS_DIRECT[sleuthkit.TSKFile.supported_pathtype] = sleuthkit.TSKFile
-  _VFS_HANDLERS_DIRECT[ntfs.NTFSFile.supported_pathtype] = ntfs.NTFSFile
+  VFS_HANDLERS_DIRECT.update(VFS_HANDLERS)
+  VFS_HANDLERS_DIRECT[sleuthkit.TSKFile.supported_pathtype] = sleuthkit.TSKFile
+  VFS_HANDLERS_DIRECT[ntfs.NTFSFile.supported_pathtype] = ntfs.NTFSFile
 
-  _VFS_HANDLERS_SANDBOX.update(VFS_HANDLERS)
-  _VFS_HANDLERS_SANDBOX[
+  VFS_HANDLERS_SANDBOX.update(VFS_HANDLERS)
+  VFS_HANDLERS_SANDBOX[
       unprivileged_vfs.UnprivilegedNtfsFile
       .supported_pathtype] = unprivileged_vfs.UnprivilegedNtfsFile
-  _VFS_HANDLERS_SANDBOX[
+  VFS_HANDLERS_SANDBOX[
       unprivileged_vfs.UnprivilegedTskFile
       .supported_pathtype] = unprivileged_vfs.UnprivilegedTskFile
 
@@ -107,10 +107,10 @@ def _GetVfsHandlers(
           "a pathspec.")
   if (pathspec.implementation_type ==
       rdf_paths.PathSpec.ImplementationType.DIRECT):
-    return _VFS_HANDLERS_DIRECT
+    return VFS_HANDLERS_DIRECT
   elif (pathspec.implementation_type ==
         rdf_paths.PathSpec.ImplementationType.SANDBOX):
-    return _VFS_HANDLERS_SANDBOX
+    return VFS_HANDLERS_SANDBOX
   else:
     return VFS_HANDLERS
 

diff --git a/grr/server/grr_response_server/artifact.py b/grr/server/grr_response_server/artifact.py
@@ -241,6 +241,9 @@ def Start(self):
       args.action.action_type = rdf_file_finder.FileFinderAction.Action.STAT
       args.pathtype = rdf_paths.PathSpec.PathType.REGISTRY
       args.paths = [r"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\*\ProfileImagePath"]
+      # TODO: remove this when the registry+sandboxing bug
+      # is fixed.
+      args.implementation_type = rdf_paths.PathSpec.ImplementationType.DIRECT
       self.CallClient(
           server_stubs.VfsFileFinder,
           args,
@@ -1149,7 +1152,9 @@ def _ProcessWindowsProfiles(
     # refactored once registry-specific actions are available.
     args.action.action_type = rdf_file_finder.FileFinderAction.Action.STAT
     args.pathtype = rdf_paths.PathSpec.PathType.REGISTRY
-
+    # TODO: remove this when the registry+sandboxing bug
+    # is fixed.
+    args.implementation_type = rdf_paths.PathSpec.ImplementationType.DIRECT
     for user in self.state.knowledge_base.users:
       # pylint: disable=line-too-long
       # pyformat: disable

diff --git a/grr/test_lib/vfs_test_lib.py b/grr/test_lib/vfs_test_lib.py
@@ -40,18 +40,32 @@ def Start(self):
       # Initialize VFS if not yet done, otherwise VFS will not initialize
       # correctly when it is used for the first time in testing code.
       vfs.Init()
-    self._old_handler = vfs.VFS_HANDLERS.get(self._vfs_type)
+    self._old_vfs_handler = vfs.VFS_HANDLERS.get(self._vfs_type)
+    self._old_direct_handler = vfs.VFS_HANDLERS_DIRECT.get(self._vfs_type)
+    self._old_sandbox_handler = vfs.VFS_HANDLERS_SANDBOX.get(self._vfs_type)
     vfs.VFS_HANDLERS[self._vfs_type] = self._temp_handler
+    vfs.VFS_HANDLERS_DIRECT[self._vfs_type] = self._temp_handler
+    vfs.VFS_HANDLERS_SANDBOX[self._vfs_type] = self._temp_handler
 
   def __exit__(self, unused_type, unused_value, unused_traceback):
     self.Stop()
 
   def Stop(self):
-    if self._old_handler:
-      vfs.VFS_HANDLERS[self._vfs_type] = self._old_handler
+    if self._old_vfs_handler:
+      vfs.VFS_HANDLERS[self._vfs_type] = self._old_vfs_handler
     else:
       del vfs.VFS_HANDLERS[self._vfs_type]
 
+    if self._old_direct_handler:
+      vfs.VFS_HANDLERS_DIRECT[self._vfs_type] = self._old_direct_handler
+    else:
+      del vfs.VFS_HANDLERS_DIRECT[self._vfs_type]
+
+    if self._old_sandbox_handler:
+      vfs.VFS_HANDLERS_SANDBOX[self._vfs_type] = self._old_sandbox_handler
+    else:
+      del vfs.VFS_HANDLERS_SANDBOX[self._vfs_type]
+
 
 class FakeTestDataVFSOverrider(VFSOverrider):
   """A context to temporarily change VFS handler to `FakeTestDataVFSHandler`."""