def testAccessTimeCondition(self):
with utils.Stubber(os, "lstat", MyStat):
test_dir = self._PrepareTimestampedFiles()
paths = [test_dir + "/{dpkg.log,dpkg_false.log,auth.log}"]
change_time = rdfvalue.RDFDatetime.FromHumanReadable("2020-01-01")
# Check we can get the normal files.
access_time_condition = rdf_file_finder.FileFinderCondition(
condition_type="ACCESS_TIME",
access_time=rdf_file_finder.FileFinderAccessTimeCondition(
max_last_access_time=change_time))
self.RunAndCheck(paths,
conditions=[access_time_condition],
expected=["dpkg.log", "dpkg_false.log"],
unexpected=["auth.log"],
base_path=test_dir)
# Now just the file from 2022.
access_time_condition = rdf_file_finder.FileFinderCondition(
condition_type="ACCESS_TIME",
access_time=rdf_file_finder.FileFinderAccessTimeCondition(
min_last_access_time=change_time))
self.RunAndCheck(paths,
conditions=[access_time_condition],
expected=["auth.log"],
unexpected=["dpkg.log", "dpkg_false.log"],
base_path=test_dir)
def testAccessTimeConditionWithDifferentActions(self):
expected_files = ["dpkg.log", "dpkg_false.log"]
non_expected_files = ["auth.log"]
change_time = rdfvalue.RDFDatetime().FromSecondsFromEpoch(1444444440)
access_time_condition = rdf_file_finder.FileFinderCondition(
condition_type=rdf_file_finder.FileFinderCondition.Type.
ACCESS_TIME,
access_time=rdf_file_finder.FileFinderAccessTimeCondition(
min_last_access_time=change_time))
for action in self.CONDITION_TESTS_ACTIONS:
self.RunFlowAndCheckResults(action=action,
conditions=[access_time_condition],
expected_files=expected_files,
non_expected_files=non_expected_files)
