def testGetClientsForHashesWithAge(self): with utils.Stubber(time, "time", lambda: 42): self.AddFile("/Ext2IFS_1_10b.exe") self.AddFile("/idea.dll") hash1 = filestore.FileStoreHash( fingerprint_type="generic", hash_type="md5", hash_value="bb0a15eefe63fd41f8dc9dee01c5cf9a") hash2 = filestore.FileStoreHash( fingerprint_type="generic", hash_type="sha1", hash_value="e1f7e62b3909263f3a2518bbae6a9ee36d5b502b") hits = dict( filestore.HashFileStore.GetClientsForHashes([hash1, hash2], age=41e6, token=self.token)) self.assertEqual(len(hits), 0) hits = dict( filestore.HashFileStore.GetClientsForHashes([hash1, hash2], age=43e6, token=self.token)) self.assertEqual(len(hits), 2) hits = dict( filestore.HashFileStore.GetClientsForHashes([hash1, hash2], token=self.token)) self.assertEqual(len(hits), 2)
def testGetClientsForHashes(self): self.AddFile("/Ext2IFS_1_10b.exe") self.AddFile("/idea.dll") hash1 = filestore.FileStoreHash( fingerprint_type="generic", hash_type="md5", hash_value="bb0a15eefe63fd41f8dc9dee01c5cf9a") hash2 = filestore.FileStoreHash( fingerprint_type="generic", hash_type="sha1", hash_value="e1f7e62b3909263f3a2518bbae6a9ee36d5b502b") hits = dict( filestore.HashFileStore.GetClientsForHashes([hash1, hash2], token=self.token)) self.assertEqual(len(hits), 2) self.assertListEqual(hits[hash1], [ self.client_id.Add("fs/tsk").Add( self.base_path).Add("winexec_img.dd/Ext2IFS_1_10b.exe") ]) self.assertListEqual(hits[hash2], [ self.client_id.Add("fs/tsk").Add( self.base_path).Add("winexec_img.dd/idea.dll") ])
def testGetClientsForHashWithAge(self): with utils.Stubber(time, "time", lambda: 42): self.AddFile("/Ext2IFS_1_10b.exe") self.AddFile("/idea.dll") hits = list( filestore.HashFileStore.GetClientsForHash(filestore.FileStoreHash( fingerprint_type="generic", hash_type="md5", hash_value="bb0a15eefe63fd41f8dc9dee01c5cf9a"), age=41e6, token=self.token)) self.assertEqual(len(hits), 0) hits = list( filestore.HashFileStore.GetClientsForHash(filestore.FileStoreHash( fingerprint_type="generic", hash_type="md5", hash_value="bb0a15eefe63fd41f8dc9dee01c5cf9a"), age=43e6, token=self.token)) self.assertEqual(len(hits), 1) hits = list( filestore.HashFileStore.GetClientsForHash(filestore.FileStoreHash( fingerprint_type="generic", hash_type="md5", hash_value="bb0a15eefe63fd41f8dc9dee01c5cf9a"), token=self.token)) self.assertEqual(len(hits), 1)
def testListHashes(self): self.AddFile("/Ext2IFS_1_10b.exe") hashes = list(filestore.HashFileStore.ListHashes()) self.assertEqual(len(hashes), 5) self.assertTrue( filestore.FileStoreHash( fingerprint_type="pecoff", hash_type="md5", hash_value="a3a3259f7b145a21c7b512d876a5da06") in hashes) self.assertTrue( filestore.FileStoreHash( fingerprint_type="pecoff", hash_type="sha1", hash_value="019bddad9cac09f37f3941a7f285c79d3c7e7801") in hashes) self.assertTrue( filestore.FileStoreHash( fingerprint_type="generic", hash_type="md5", hash_value="bb0a15eefe63fd41f8dc9dee01c5cf9a") in hashes) self.assertTrue( filestore.FileStoreHash( fingerprint_type="generic", hash_type="sha1", hash_value="7dd6bee591dfcb6d75eb705405302c3eab65e21a") in hashes) self.assertTrue( filestore.FileStoreHash( fingerprint_type="generic", hash_type="sha256", hash_value="0e8dc93e150021bb4752029ebbff51394aa36f06" "9cf19901578e4f06017acdb5") in hashes)
def testHashIsInitializedFromConstructorArguments(self): """Test that we can construct FileStoreHash from keyword arguments.""" sample = filestore.FileStoreHash( fingerprint_type="pecoff", hash_type="sha1", hash_value="eb875812858d27b22cb2b75f992dffadc1b05c60") self.assertEqual(sample, self.GenerateSample())
def testGetClientsForHash(self): self.AddFile("/Ext2IFS_1_10b.exe") self.AddFile("/idea.dll") hits = list( filestore.HashFileStore.GetClientsForHash(filestore.FileStoreHash( fingerprint_type="generic", hash_type="md5", hash_value="bb0a15eefe63fd41f8dc9dee01c5cf9a"), token=self.token)) self.assertListEqual(hits, [ self.client_id.Add("fs/tsk").Add( self.base_path).Add("winexec_img.dd/Ext2IFS_1_10b.exe") ])
def _SetupNSRLFiles(self): urn1 = self.AddFile("/Ext2IFS_1_10b.exe") urn2 = self.AddFile("/idea.dll") self.hashes1 = data_store_utils.GetUrnHashEntry(urn1) self.hashes2 = data_store_utils.GetUrnHashEntry(urn2) # Pretend this file is part of the NSRL. nsrl_fs = aff4.FACTORY.Open("aff4:/files/nsrl", token=self.token) nsrl_fs.AddHash("e1f7e62b3909263f3a2518bbae6a9ee36d5b502b", "bb0a15eefe63fd41f8dc9dee01c5cf9a", None, "idea.dll", 100, None, None, "M") self.sha1_hash = filestore.FileStoreHash( fingerprint_type="generic", hash_type="sha1", hash_value="e1f7e62b3909263f3a2518bbae6a9ee36d5b502b") return nsrl_fs
def GenerateSample(self, number=0): """Make a sample FileStoreHash instance.""" return filestore.FileStoreHash( "aff4:/files/hash/pecoff/sha1/" "eb875812858d27b22cb2b75f992dffadc1b05c6%d" % number)