def testValidation(self):
glob_expression = rdfvalue.GlobExpression(
"/home/%%Users.username%%/**/.mozilla/")
glob_expression.Validate()
glob_expression = rdfvalue.GlobExpression("/home/**/**")
self.assertRaises(ValueError, glob_expression.Validate)
def FetchBinaries(self, responses):
"""Parses the Rekall response and initiates FileFinder flows."""
if not responses.success:
self.Log("Error fetching VAD data: %s", responses.status)
return
self.Log("Found %d binaries", len(responses))
if self.args.filename_regex:
binaries = []
for response in responses:
if self.args.filename_regex.Match(response.CollapsePath()):
binaries.append(response)
self.Log("Applied filename regex. Have %d files after filtering.",
len(binaries))
else:
binaries = responses
if self.args.fetch_binaries:
self.CallFlow(
"FileFinder",
next_state="HandleDownloadedFiles",
paths=[
rdfvalue.GlobExpression(b.CollapsePath()) for b in binaries
],
pathtype=rdfvalue.PathSpec.PathType.OS,
action=rdfvalue.FileFinderAction(
action_type=rdfvalue.FileFinderAction.Action.DOWNLOAD))
else:
for b in binaries:
self.SendReply(b)
def testInterpolateClientAttributes(self):
path = rdfvalue.GlobExpression(u"%%Users.homedir%%\\.ssh")
res = list(path.InterpolateClientAttributes(self.client))
self.assertEqual(len(res), 2)
self.assertTrue("c:\\Users\\test\\.ssh" in res)
self.assertTrue("c:\\Users\\test2\\.ssh" in res)
def testClientInterpolation(self):
client_id = "C.0000000000000001"
fd = aff4.FACTORY.Create(client_id, "VFSGRRClient", token=self.token)
users = fd.Schema.USER()
# Add 2 users
for i in range(2):
account_info = self.USER_ACCOUNT.copy()
account_info["username"] = "******" % i
users.Append(**account_info)
fd.Set(users)
fd.Close()
fd = aff4.FACTORY.Open(client_id, token=self.token)
glob_expression = rdfvalue.GlobExpression(
"/home/%%Users.username%%/.mozilla/")
interpolated = sorted(glob_expression.InterpolateClientAttributes(
client=fd))
self.assertEqual(interpolated[0], "/home/user0/.mozilla/")
self.assertEqual(interpolated[1], "/home/user1/.mozilla/")
