def testUIDAndGIDFilter(self):
"""Test filtering based on combination of uid and gid happens correctly."""
pathspec = rdf_paths.PathSpec(
path="/mock2/", pathtype=rdf_paths.PathSpec.PathType.OS)
# Look for files that have uid of 90 and gid of 500
request = rdf_client.FindSpec(
pathspec=pathspec, path_regex=".", uid=90, gid=500, cross_devs=True)
request.iterator.number = 200
result = self.RunAction(searching.Find, request)
all_files = [x.hit for x in result if isinstance(x, rdf_client.FindSpec)]
self.assertEqual(len(all_files), 0)
# Look for files that have uid of 50 and gid of 500
request = rdf_client.FindSpec(
pathspec=pathspec, path_regex=".", uid=50, gid=500, cross_devs=True)
request.iterator.number = 200
result = self.RunAction(searching.Find, request)
all_files = [x.hit for x in result if isinstance(x, rdf_client.FindSpec)]
self.assertEqual(len(all_files), 2)
self.assertEqual(all_files[0].pathspec.Dirname().Basename(), "directory2")
self.assertEqual(all_files[0].pathspec.Basename(), "file.jpg")
self.assertEqual(all_files[1].pathspec.Dirname().Basename(), "directory2")
self.assertEqual(all_files[1].pathspec.Basename(), "file.mp3")
def testFindAction(self):
"""Test the find action."""
# First get all the files at once
pathspec = rdf_paths.PathSpec(
path="/mock2/", pathtype=rdf_paths.PathSpec.PathType.OS)
request = rdf_client.FindSpec(pathspec=pathspec, path_regex=".")
request.iterator.number = 200
result = self.RunAction(searching.Find, request)
all_files = [x.hit for x in result if isinstance(x, rdf_client.FindSpec)]
# Ask for the files one at the time
files = []
request = rdf_client.FindSpec(pathspec=pathspec, path_regex=".")
request.iterator.number = 1
while True:
result = self.RunAction(searching.Find, request)
if request.iterator.state == rdf_client.Iterator.State.FINISHED:
break
self.assertEqual(len(result), 2)
self.assertTrue(isinstance(result[0], rdf_client.FindSpec))
self.assertTrue(isinstance(result[1], rdf_client.Iterator))
files.append(result[0].hit)
request.iterator = result[1].Copy()
for x, y in zip(all_files, files):
self.assertRDFValuesEqual(x, y)
# Make sure the iterator is finished
self.assertEqual(request.iterator.state, rdf_client.Iterator.State.FINISHED)
# Ensure we remove old states from client_state
self.assertEqual(len(request.iterator.client_state.dat), 0)
def testFindActionCrossDev(self):
"""Test that devices boundaries don't get crossed, also by default."""
pathspec = rdf_paths.PathSpec(path="/mock2/",
pathtype=rdf_paths.PathSpec.PathType.OS)
request = rdf_client.FindSpec(pathspec=pathspec,
cross_devs=True,
path_regex=".")
request.iterator.number = 200
results = self.RunAction(searching.Find, request)
all_files = [
x.hit for x in results if isinstance(x, rdf_client.FindSpec)
]
self.assertEqual(len(all_files), 9)
request = rdf_client.FindSpec(pathspec=pathspec,
cross_devs=False,
path_regex=".")
request.iterator.number = 200
results = self.RunAction(searching.Find, request)
all_files = [
x.hit for x in results if isinstance(x, rdf_client.FindSpec)
]
self.assertEqual(len(all_files), 7)
request = rdf_client.FindSpec(pathspec=pathspec, path_regex=".")
request.iterator.number = 200
results = self.RunAction(searching.Find, request)
all_files = [
x.hit for x in results if isinstance(x, rdf_client.FindSpec)
]
self.assertEqual(len(all_files), 7)
def testUIDFilter(self):
"""Test filtering based on uid happens correctly."""
pathspec = rdf_paths.PathSpec(
path="/mock2/", pathtype=rdf_paths.PathSpec.PathType.OS)
# Look for files that have uid of 60
request = rdf_client.FindSpec(
pathspec=pathspec, path_regex=".", uid=60, cross_devs=True)
request.iterator.number = 200
result = self.RunAction(searching.Find, request)
all_files = [x.hit for x in result if isinstance(x, rdf_client.FindSpec)]
self.assertEqual(len(all_files), 2)
self.assertEqual(all_files[0].pathspec.Dirname().Basename(), "directory3")
self.assertEqual(all_files[0].pathspec.Basename(), "file1.txt")
self.assertEqual(all_files[1].pathspec.Dirname().Basename(), "directory3")
self.assertEqual(all_files[1].pathspec.Basename(), "long_file.text")
# Look for files that have uid of 0
request = rdf_client.FindSpec(
pathspec=pathspec, path_regex=".", uid=0, cross_devs=True)
request.iterator.number = 200
result = self.RunAction(searching.Find, request)
all_files = [x.hit for x in result if isinstance(x, rdf_client.FindSpec)]
self.assertEqual(len(all_files), 3)
self.assertEqual(all_files[0].pathspec.Basename(), "directory2")
self.assertEqual(all_files[1].pathspec.Basename(), "directory1")
self.assertEqual(all_files[2].pathspec.Basename(), "directory3")
def testExtAttrsCollection(self):
with test_lib.AutoTempDirPath(remove_non_empty=True) as temp_dirpath:
foo_filepath = test_lib.TempFilePath(dir=temp_dirpath)
self._Setfattr(foo_filepath, name="user.quux", value="foo")
bar_filepath = test_lib.TempFilePath(dir=temp_dirpath)
self._Setfattr(bar_filepath, name="user.quux", value="bar")
baz_filepath = test_lib.TempFilePath(dir=temp_dirpath)
self._Setfattr(baz_filepath, name="user.quux", value="baz")
request = rdf_client.FindSpec(pathspec=rdf_paths.PathSpec(
path=temp_dirpath, pathtype=rdf_paths.PathSpec.PathType.OS),
path_glob="*",
collect_ext_attrs=True)
request.iterator.number = 100
hits = []
for response in self.RunAction(searching.Find, request):
if isinstance(response, rdf_client.FindSpec):
hits.append(response.hit)
self.assertEqual(len(hits), 3)
values = []
for hit in hits:
self.assertEqual(len(hit.ext_attrs), 1)
values.append(hit.ext_attrs[0].value)
self.assertItemsEqual(values, ["foo", "bar", "baz"])
def Iterate(self, request, client_state):
"""Restores its way through the directory using an Iterator."""
self.request = request
filters = self.BuildChecks(request)
limit = request.iterator.number
if self.request.quick_listing:
listing_strategy = self.QuickListDirectory
else:
listing_strategy = self.ListDirectory
# TODO(user): What is a reasonable measure of work here?
for count, f in enumerate(listing_strategy(request.pathspec, client_state)):
self.Progress()
# Ignore this file if any of the checks fail.
if not any((check(f) for check in filters)):
self.SendReply(rdf_client.FindSpec(hit=f))
# We only check a limited number of files in each iteration. This might
# result in returning an empty response - but the iterator is not yet
# complete. Flows must check the state of the iterator explicitly.
if count >= limit - 1:
logging.debug("Processed %s entries, quitting", count)
return
# End this iterator
request.iterator.state = rdf_client.Iterator.State.FINISHED
def testCollectionOverwriting(self):
"""Test we overwrite the collection every time the flow is executed."""
client_mock = action_mocks.ActionMock(searching.Find)
# Prepare a findspec.
findspec = rdf_client.FindSpec()
findspec.path_regex = "bin"
findspec.pathspec.path = "/"
findspec.pathspec.pathtype = rdf_paths.PathSpec.PathType.OS
session_id = flow_test_lib.TestFlowHelper(find.FindFiles.__name__,
client_mock,
client_id=self.client_id,
token=self.token,
findspec=findspec)
# Check the results collection.
fd = flow.GRRFlow.ResultCollectionForFID(session_id)
self.assertEqual(len(fd), 2)
# Now find a new result, should overwrite the collection
findspec.path_regex = "dd"
session_id = flow_test_lib.TestFlowHelper(find.FindFiles.__name__,
client_mock,
client_id=self.client_id,
token=self.token,
findspec=findspec,
max_results=1)
# Check the results collection.
fd = flow.GRRFlow.ResultCollectionForFID(session_id)
self.assertEqual(len(fd), 1)
def testFindFiles(self):
"""Test that the Find flow works with files."""
client_mock = action_mocks.ActionMock(searching.Find)
# Prepare a findspec.
findspec = rdf_client.FindSpec(
path_regex="bash",
pathspec=rdf_paths.PathSpec(
path="/", pathtype=rdf_paths.PathSpec.PathType.OS))
for s in test_lib.TestFlowHelper("FindFiles",
client_mock,
client_id=self.client_id,
token=self.token,
findspec=findspec):
session_id = s
# Check the results collection.
fd = flow.GRRFlow.ResultCollectionForFID(session_id, token=self.token)
# Should match ["bash" and "rbash"].
matches = set([x.AFF4Path(self.client_id).Basename() for x in fd])
self.assertEqual(sorted(matches), ["bash", "rbash"])
self.assertEqual(len(fd), 4)
for child in fd:
path = utils.SmartStr(child.AFF4Path(self.client_id))
self.assertTrue(path.endswith("bash"))
self.assertEqual(child.__class__.__name__, "StatEntry")
def runTest(self):
"""Launch our flows."""
for flow, args in [
("ListDirectory", {
"pathspec":
rdf_paths.PathSpec(
pathtype=rdf_paths.PathSpec.PathType.REGISTRY,
path=self.reg_path)
}),
("FindFiles", {
"findspec":
rdf_client.FindSpec(pathspec=rdf_paths.PathSpec(
path=self.reg_path,
pathtype=rdf_paths.PathSpec.PathType.REGISTRY),
path_regex="ProfileImagePath"),
"output":
self.output_path
})
]:
if self.local_worker:
self.session_id = debugging.StartFlowAndWorker(
self.client_id, flow, **args)
else:
self.session_id = flow_utils.StartFlowAndWait(self.client_id,
flow_name=flow,
token=self.token,
**args)
self.CheckFlow()
def testCollectionOverwriting(self):
"""Test we overwrite the collection every time the flow is executed."""
client_mock = action_mocks.ActionMock("Find")
output_path = "analysis/FindFlowTest5"
# Prepare a findspec.
findspec = rdf_client.FindSpec()
findspec.path_regex = "bin"
findspec.pathspec.path = "/"
findspec.pathspec.pathtype = rdf_paths.PathSpec.PathType.OS
for _ in test_lib.TestFlowHelper(
"FindFiles", client_mock, client_id=self.client_id, token=self.token,
findspec=findspec, output=output_path):
pass
# Check the output file with the right number of results.
fd = aff4.FACTORY.Open(self.client_id.Add(output_path),
token=self.token)
self.assertEqual(len(fd), 2)
# Now find a new result, should overwrite the collection
findspec.path_regex = "dd"
for _ in test_lib.TestFlowHelper(
"FindFiles", client_mock, client_id=self.client_id, token=self.token,
findspec=findspec, output=output_path, max_results=1):
pass
fd = aff4.FACTORY.Open(self.client_id.Add(output_path),
token=self.token)
self.assertEqual(len(fd), 1)
def runTest(self):
"""Launch our flows."""
for flow, args in [
(filesystem.ListDirectory.__name__, {
"pathspec":
rdf_paths.PathSpec(
pathtype=rdf_paths.PathSpec.PathType.REGISTRY,
path=self.reg_path)
}),
(find.FindFiles.__name__, {
"findspec":
rdf_client.FindSpec(pathspec=rdf_paths.PathSpec(
path=self.reg_path,
pathtype=rdf_paths.PathSpec.PathType.REGISTRY),
path_regex="ProfileImagePath"),
})
]:
if self.local_worker:
self.session_id = debugging.StartFlowAndWorker(
self.client_id, flow, **args)
else:
self.session_id = flow_utils.StartFlowAndWait(self.client_id,
flow_name=flow,
token=self.token,
**args)
results = self.CheckResultCollectionNotEmptyWithRetry(self.session_id)
for stat_entry in results:
self.assertTrue(isinstance(stat_entry, rdf_client.StatEntry))
self.assertTrue("ProfileImagePath" in stat_entry.pathspec.path)
def testFindFilesWithGlob(self):
"""Test that the Find flow works with glob."""
client_mock = action_mocks.ActionMock(searching.Find)
# Prepare a findspec.
findspec = rdf_client.FindSpec(
path_glob="bash*",
pathspec=rdf_paths.PathSpec(
path="/", pathtype=rdf_paths.PathSpec.PathType.OS))
for s in test_lib.TestFlowHelper("FindFiles",
client_mock,
client_id=self.client_id,
token=self.token,
findspec=findspec):
session_id = s
# Check the output file is created
fd = aff4.FACTORY.Open(session_id.Add(flow_runner.RESULTS_SUFFIX),
token=self.token)
# Make sure that bash is a file.
matches = set([x.aff4path.Basename() for x in fd])
self.assertEqual(sorted(matches), ["bash"])
self.assertEqual(len(fd), 2)
for child in fd:
path = utils.SmartStr(child.aff4path)
self.assertTrue(path.endswith("bash"))
self.assertEqual(child.__class__.__name__, "StatEntry")
def testFindDirectories(self):
"""Test that the Find flow works with directories."""
client_mock = action_mocks.ActionMock(searching.Find)
# Prepare a findspec.
findspec = rdf_client.FindSpec(
path_regex="bin",
pathspec=rdf_paths.PathSpec(
path="/", pathtype=rdf_paths.PathSpec.PathType.OS))
session_id = flow_test_lib.TestFlowHelper(
find.FindFiles.__name__,
client_mock,
client_id=self.client_id,
token=self.token,
findspec=findspec)
# Check the results collection.
fd = flow.GRRFlow.ResultCollectionForFID(session_id)
# Make sure that bin is a directory
self.assertEqual(len(fd), 2)
for child in fd:
path = utils.SmartStr(child.AFF4Path(self.client_id))
self.assertTrue("bin" in path)
self.assertEqual(child.__class__.__name__, "StatEntry")
def testFindWithMaxFiles(self):
"""Test that the Find flow works when specifying proto directly."""
client_mock = action_mocks.ActionMock(searching.Find)
# Prepare a findspec.
findspec = rdf_client.FindSpec(
path_regex=".*",
pathspec=rdf_paths.PathSpec(
path="/", pathtype=rdf_paths.PathSpec.PathType.OS))
session_id = flow_test_lib.TestFlowHelper(
find.FindFiles.__name__,
client_mock,
client_id=self.client_id,
token=self.token,
findspec=findspec,
iteration_count=3,
max_results=7)
# Check the output file is created
collection = flow.GRRFlow.ResultCollectionForFID(session_id)
# Make sure we got the right number of results.
self.assertEqual(len(collection), 7)
def testFindFilesWithGlob(self):
"""Test that the Find flow works with glob."""
client_mock = action_mocks.ActionMock(searching.Find)
# Prepare a findspec.
findspec = rdf_client.FindSpec(
path_glob="bash*",
pathspec=rdf_paths.PathSpec(
path="/", pathtype=rdf_paths.PathSpec.PathType.OS))
session_id = flow_test_lib.TestFlowHelper(
find.FindFiles.__name__,
client_mock,
client_id=self.client_id,
token=self.token,
findspec=findspec)
# Check the results collection.
fd = flow.GRRFlow.ResultCollectionForFID(session_id)
# Make sure that bash is a file.
matches = set([x.AFF4Path(self.client_id).Basename() for x in fd])
self.assertEqual(sorted(matches), ["bash"])
self.assertEqual(len(fd), 2)
for child in fd:
path = utils.SmartStr(child.AFF4Path(self.client_id))
self.assertTrue(path.endswith("bash"))
self.assertEqual(child.__class__.__name__, "StatEntry")
def testFindFiles(self):
"""Test that the Find flow works with files."""
client_mock = action_mocks.ActionMock("Find")
output_path = "analysis/FindFlowTest1"
# Prepare a findspec.
findspec = rdf_client.FindSpec(
path_regex="bash",
pathspec=rdf_paths.PathSpec(
path="/", pathtype=rdf_paths.PathSpec.PathType.OS))
for _ in test_lib.TestFlowHelper(
"FindFiles", client_mock, client_id=self.client_id,
token=self.token, output=output_path, findspec=findspec):
pass
# Check the output file is created
fd = aff4.FACTORY.Open(self.client_id.Add(output_path), token=self.token)
# Should match ["bash" and "rbash"].
matches = set([x.aff4path.Basename() for x in fd])
self.assertEqual(sorted(matches), ["bash", "rbash"])
self.assertEqual(len(fd), 4)
for child in fd:
path = utils.SmartStr(child.aff4path)
self.assertTrue(path.endswith("bash"))
self.assertEqual(child.__class__.__name__, "StatEntry")
def testFindDirectories(self):
"""Test that the Find flow works with directories."""
client_mock = action_mocks.ActionMock(searching.Find)
# Prepare a findspec.
findspec = rdf_client.FindSpec(
path_regex="bin",
pathspec=rdf_paths.PathSpec(
path="/", pathtype=rdf_paths.PathSpec.PathType.OS))
for s in test_lib.TestFlowHelper("FindFiles",
client_mock,
client_id=self.client_id,
token=self.token,
findspec=findspec):
session_id = s
# Check the output file is created
fd = aff4.FACTORY.Open(session_id.Add(flow_runner.RESULTS_SUFFIX),
token=self.token)
# Make sure that bin is a directory
self.assertEqual(len(fd), 2)
for child in fd:
path = utils.SmartStr(child.aff4path)
self.assertTrue("bin" in path)
self.assertEqual(child.__class__.__name__, "StatEntry")
def testFindWithMaxFiles(self):
"""Test that the Find flow works when specifying proto directly."""
client_mock = action_mocks.ActionMock(searching.Find)
# Prepare a findspec.
findspec = rdf_client.FindSpec(
path_regex=".*",
pathspec=rdf_paths.PathSpec(
path="/", pathtype=rdf_paths.PathSpec.PathType.OS))
for s in test_lib.TestFlowHelper("FindFiles",
client_mock,
client_id=self.client_id,
token=self.token,
findspec=findspec,
iteration_count=3,
max_results=7):
session_id = s
# Check the output file is created
fd = aff4.FACTORY.Open(session_id.Add(flow_runner.RESULTS_SUFFIX),
token=self.token)
# Make sure we got the right number of results.
self.assertEqual(len(fd), 7)
def RunFind():
pathspec = rdf_paths.PathSpec(
path=self.base_path, pathtype=rdf_paths.PathSpec.PathType.OS)
request = rdf_client.FindSpec(pathspec=pathspec)
request.iterator.number = 80
result = self.RunAction(searching.Find, request)
# 80 results plus one iterator.
self.assertEqual(len(result), 81)
def testNoFilters(self):
"""Test the we get all files with no filters in place."""
# First get all the files at once
pathspec = rdf_paths.PathSpec(
path="/mock2/", pathtype=rdf_paths.PathSpec.PathType.OS)
request = rdf_client.FindSpec(pathspec=pathspec, cross_devs=True)
request.iterator.number = 200
result = self.RunAction(searching.Find, request)
all_files = [x.hit for x in result if isinstance(x, rdf_client.FindSpec)]
self.assertEqual(len(all_files), 9)
def ProcessEntry(self, responses):
"""Process the responses from the client."""
if not responses.success:
return
# If we get a response with an unfinished iterator then we missed some
# files. Call Find on the client until we're done.
if (responses.iterator and
responses.iterator.state != responses.iterator.State.FINISHED):
findspec = rdf_client.FindSpec(responses.request.request.payload)
findspec.quick_listing = self.state.quick_listing
findspec.iterator = responses.iterator
self.CallClient(searching_actions.Find,
findspec,
next_state="ProcessEntry",
request_data=responses.request_data)
# The Find client action does not return a StatEntry but a
# FindSpec. Normalize to a StatEntry.
stat_responses = [
r.hit if isinstance(r, rdf_client.FindSpec) else r
for r in responses
]
# If this was a pure path matching call without any regex / recursion, we
# know exactly which node in the component tree we have to process next and
# get it from the component_path. If this was a regex match though, we
# sent the client a combined regex that matches all nodes in order to save
# round trips and client processing time. In that case we only get the
# base node and have to check for all subnodes if the response actually
# matches that subnode before we continue processing.
component_path = responses.request_data.get("component_path")
if component_path is not None:
for response in stat_responses:
self._ProcessResponse(response, [component_path])
else:
# This is a combined match.
base_path = responses.request_data["base_path"]
base_node = self.FindNode(base_path)
for response in stat_responses:
matching_components = []
for next_node in base_node.keys():
pathspec = rdf_paths.PathSpec.FromSerializedString(
next_node)
if self._MatchPath(pathspec, response):
matching_path = base_path + [next_node]
matching_components.append(matching_path)
if matching_components:
self._ProcessResponse(response,
matching_components,
base_wildcard=True)
class TestFindTSKLinux(TestListDirectoryTSKLinux):
"""Tests if the find flow works on Linux and Darwin using Sleuthkit."""
flow = "FindFiles"
args = {
"findspec":
rdf_client.FindSpec(path_regex=".",
pathspec=rdf_paths.PathSpec(
path="/usr/bin/",
pathtype=rdf_paths.PathSpec.PathType.TSK))
}
def testFindAction2(self):
"""Test the find action path regex."""
pathspec = rdf_paths.PathSpec(
path="/mock2/", pathtype=rdf_paths.PathSpec.PathType.OS)
request = rdf_client.FindSpec(pathspec=pathspec, path_regex=".*mp3")
request.iterator.number = 200
result = self.RunAction(searching.Find, request)
all_files = [x.hit for x in result if isinstance(x, rdf_client.FindSpec)]
self.assertEqual(len(all_files), 1)
self.assertEqual(all_files[0].pathspec.Basename(), "file.mp3")
class TestFindOSLinuxDarwin(TestListDirectoryOSLinuxDarwin):
"""Tests if the find flow works on Linux and Darwin."""
flow = "FindFiles"
args = {
"findspec":
rdf_client.FindSpec(path_regex=".",
pathspec=rdf_paths.PathSpec(
path="/bin/",
pathtype=rdf_paths.PathSpec.PathType.OS))
}
class TestFindOSLinuxDarwin(base.TestVFSPathExists):
"""Tests if the find flow works on Linux and Darwin."""
platforms = ["Linux", "Darwin"]
flow = find.FindFiles.__name__
args = {
"findspec":
rdf_client.FindSpec(path_regex=".",
pathspec=rdf_paths.PathSpec(
path="/bin/",
pathtype=rdf_paths.PathSpec.PathType.OS))
}
test_output_path = "/fs/os/bin/ls"
def testFindAction3(self):
"""Test the find action data regex."""
# First get all the files at once
pathspec = rdf_paths.PathSpec(
path="/mock2/", pathtype=rdf_paths.PathSpec.PathType.OS)
request = rdf_client.FindSpec(
pathspec=pathspec, data_regex="Secret", cross_devs=True)
request.iterator.number = 200
result = self.RunAction(searching.Find, request)
all_files = [x.hit for x in result if isinstance(x, rdf_client.FindSpec)]
self.assertEqual(len(all_files), 2)
self.assertEqual(all_files[0].pathspec.Basename(), "file1.txt")
self.assertEqual(all_files[1].pathspec.Basename(), "long_file.text")
class TestFindTSKLinux(base.TestVFSPathExists):
"""Tests if the find flow works on Linux and Darwin using Sleuthkit."""
platforms = ["Linux"]
flow = find.FindFiles.__name__
args = {
"findspec":
rdf_client.FindSpec(
# Cut down the number of files by specifying a partial regex
# match, we just want to find /usr/bin/diff, when run on a real
# system there are thousands which takes forever with TSK.
path_regex="di",
pathspec=rdf_paths.PathSpec(
path="/usr/bin/", pathtype=rdf_paths.PathSpec.PathType.TSK))
}
test_output_path = "/fs/tsk/.*/usr/bin/diff"
def Start(self):
"""Call the find flow to get the MRU data for each user."""
fd = aff4.FACTORY.Open(self.client_id, mode="r", token=self.token)
for user in fd.Get(fd.Schema.USER):
mru_path = ("HKEY_USERS/%s/Software/Microsoft/Windows"
"/CurrentVersion/Explorer/ComDlg32"
"/OpenSavePidlMRU" % user.sid)
findspec = rdf_client.FindSpec(max_depth=2, path_regex=".")
findspec.iterator.number = 1000
findspec.pathspec.path = mru_path
findspec.pathspec.pathtype = rdf_paths.PathSpec.PathType.REGISTRY
self.CallFlow("FindFiles", findspec=findspec, output=None,
next_state="StoreMRUs",
request_data=dict(username=user.username))
def testFindSizeLimits(self):
"""Test the find action size limits."""
# First get all the files at once
request = rdf_client.FindSpec(
min_file_size=4, max_file_size=15, cross_devs=True)
request.pathspec.Append(
path="/mock2/", pathtype=rdf_paths.PathSpec.PathType.OS)
request.iterator.number = 200
results = self.RunAction(searching.Find, request)
all_files = []
for result in results:
if isinstance(result, rdf_client.FindSpec):
all_files.append(result.hit.pathspec.Basename())
self.assertEqual(len(all_files), 5)
for filename in all_files:
# Our mock filesize is the length of the base filename, check all the
# files we got match the size criteria
self.assertTrue(4 <= len(filename) <= 15)
def testCollectionOverwriting(self):
"""Test we overwrite the collection every time the flow is executed."""
client_mock = action_mocks.ActionMock(searching.Find)
# Prepare a findspec.
findspec = rdf_client.FindSpec()
findspec.path_regex = "bin"
findspec.pathspec.path = "/"
findspec.pathspec.pathtype = rdf_paths.PathSpec.PathType.OS
for s in test_lib.TestFlowHelper("FindFiles",
client_mock,
client_id=self.client_id,
token=self.token,
findspec=findspec):
session_id = s
# Check the output file with the right number of results.
fd = aff4.FACTORY.Open(session_id.Add(flow_runner.RESULTS_SUFFIX),
token=self.token)
self.assertEqual(len(fd), 2)
# Now find a new result, should overwrite the collection
findspec.path_regex = "dd"
for s in test_lib.TestFlowHelper("FindFiles",
client_mock,
client_id=self.client_id,
token=self.token,
findspec=findspec,
max_results=1):
session_id = s
fd = aff4.FACTORY.Open(session_id.Add(flow_runner.RESULTS_SUFFIX),
token=self.token)
self.assertEqual(len(fd), 1)