def LoadTargetFileToMemory(self,
source_path_spec,
configuration,
file_path=None,
file_spec=None,
data_stream_name=None):
try:
if not file_spec:
find_spec = file_system_searcher.FindSpec(
case_sensitive=False,
location=file_path,
location_separator=source_path_spec.location)
else:
find_spec = file_spec
except ValueError as exception:
logger.error(
'Unable to build find specification for path: "{0:s}" with '
'error: {1!s}'.format(file_path, exception))
path_spec_generator = self._path_spec_extractor.ExtractPathSpecs(
[source_path_spec],
find_specs=[find_spec],
recurse_file_system=False,
resolver_context=configuration.resolver_context)
for path_spec in path_spec_generator:
display_name = path_helper.PathHelper.GetDisplayNameForPathSpec(
path_spec)
try:
file_entry = path_spec_resolver.Resolver.OpenFileEntry(
path_spec, resolver_context=configuration.resolver_context)
if file_entry is None or not file_entry.IsFile():
logger.warning(
'Unable to open file entry with path spec: {0:s}'.
format(display_name))
return False
if data_stream_name:
file_object = file_entry.GetFileObject(
data_stream_name=data_stream_name)
if not file_object:
return False
return file_object
elif not data_stream_name:
file_object = file_entry.GetFileObject()
if not file_object:
return False
return file_object
except KeyboardInterrupt:
return False
def RecursiveDirOrFileSearch(self, path_spec, output_path):
display_name = path_helper.PathHelper.GetDisplayNameForPathSpec(
path_spec)
file_entry = path_spec_resolver.Resolver.OpenFileEntry(path_spec)
if file_entry is None:
logger.warning(
'Unable to open file entry with path spec: {0:s}'.format(
display_name))
return False
if file_entry.IsDirectory():
if not os.path.exists(output_path + os.sep + file_entry.name):
os.mkdir(output_path + os.sep + file_entry.name)
for sub_file_entry in file_entry.sub_file_entries:
try:
if not sub_file_entry.IsAllocated():
continue
except dfvfs_errors.BackEndError as exception:
logger.warning(
'Unable to process file: {0:s} with error: {1!s}'.
format(
sub_file_entry.path_spec.comparable.replace(
'\n', ';'), exception))
continue
if sub_file_entry.type_indicator == dfvfs_definitions.TYPE_INDICATOR_TSK:
if file_entry.IsRoot(
) and sub_file_entry.name == '$OrphanFiles':
continue
self.RecursiveDirOrFileSearch(
sub_file_entry.path_spec,
output_path + os.sep + file_entry.name)
if file_entry.IsFile():
for data_stream in file_entry.data_streams:
file_object = file_entry.GetFileObject(
data_stream_name=data_stream.name)
if not file_object:
return False
try:
buffer_size = 65536
file = open(output_path + os.sep + file_entry.name, 'wb')
file_object.seek(0, os.SEEK_SET)
data = file_object.read(buffer_size)
while data:
file.write(data)
data = file_object.read(buffer_size)
file.close()
except IOError as exception:
print(display_name)
logger.error(
'Failed to extract file "{0:s}" : {1!s}'.format(
display_name, exception))
finally:
file_object.close()
def ExtractTargetFileToPath(self,
source_path_spec,
configuration,
file_path=None,
file_spec=None,
output_path=None,
data_stream_name=None):
# TODO: find_spec 있을 경우 처리 해야함. Load참조
try:
if not file_spec:
find_spec = file_system_searcher.FindSpec(
case_sensitive=False,
location=file_path,
location_separator=source_path_spec.location)
else:
find_spec = file_spec
except ValueError as exception:
logger.error(
'Unable to build find specification for path: "{0:s}" with '
'error: {1!s}'.format(file_path, exception))
path_spec_generator = self._path_spec_extractor.ExtractPathSpecs(
[source_path_spec],
find_specs=[find_spec],
recurse_file_system=False,
resolver_context=configuration.resolver_context)
for path_spec in path_spec_generator:
display_name = path_helper.PathHelper.GetDisplayNameForPathSpec(
path_spec)
try:
file_entry = path_spec_resolver.Resolver.OpenFileEntry(
path_spec, resolver_context=configuration.resolver_context)
if file_entry is None or not file_entry.IsFile():
logger.warning(
'Unable to open file entry with path spec: {0:s}'.
format(display_name))
return False
if data_stream_name:
file_object = file_entry.GetFileObject(
data_stream_name=data_stream_name)
if not file_object:
return False
try:
buffer_size = 65536
file = open(
output_path + os.sep + file_entry.name + '_' +
data_stream_name, 'wb')
file_object.seek(0, os.SEEK_SET)
data = file_object.read(buffer_size)
while data:
file.write(data)
data = file_object.read(buffer_size)
file.close()
except IOError as exception:
# TODO: replace location by display name.
location = getattr(file_entry.path_spec, 'location',
'')
logger.error(
'Failed to extract file "{0:s}" : {1!s}'.format(
data_stream_name, exception))
return False
finally:
file_object.close()
elif not data_stream_name:
file_object = file_entry.GetFileObject()
if not file_object:
return False
try:
buffer_size = 65536
file = open(output_path + os.sep + file_entry.name,
'wb')
file_object.seek(0, os.SEEK_SET)
data = file_object.read(buffer_size)
while data:
file.write(data)
data = file_object.read(buffer_size)
file.close()
except IOError as exception:
logger.error(
'Failed to extract file "{0:s}" : {1!s}'.format(
display_name, exception))
finally:
file_object.close()
except KeyboardInterrupt:
return False
def BuildFindSpecs(self,
paths,
path_separator,
environment_variables=None):
"""Builds find specifications from path filters.
Args:
path_filters (list[PathFilter]): path filters.
environment_variables (Optional[list[EnvironmentVariableArtifact]]):
environment variables.
Returns:
list[dfvfs.FindSpec]: find specifications for the file source type.
"""
find_specs = []
for path in paths:
# Since paths are regular expression the path separator is escaped.
if path_separator == '\\':
path_separator = '\\\\'
else:
path_separator = path_separator
expand_path = False
path_segments = path.split(path_separator)
for index, path_segment in enumerate(path_segments):
if len(path_segment) <= 2:
continue
if path_segment[0] == '{' and path_segment[-1] == '}':
# Rewrite legacy path expansion attributes, such as {systemroot}
# into %SystemRoot%.
path_segment = '%{0:s}%'.format(path_segment[1:-1])
path_segments[index] = path_segment
if path_segment[0] == '%' and path_segment[-1] == '%':
expand_path = True
if expand_path:
path_segments = path_helper.PathHelper.ExpandWindowsPathSegments(
path_segments, environment_variables)
if path_segments[0] != '':
logger.warning(
'The path filter must be defined as an absolute path: '
'{0:s}'.format(path))
continue
# Strip the root path segment.
path_segments.pop(0)
if not path_segments[-1]:
logger.warning(
'Empty last path segment in path: {0:s}'.format(path))
continue
find_spec = file_system_searcher.FindSpec(
case_sensitive=False, location_regex=path_segments)
find_specs.append(find_spec)
return find_specs