Beispiel #1
0
    def testVFSVirtualRoot(self):

        # Let's open a file in the virtual root.
        os_root = "os:%s" % self.base_path
        with test_lib.ConfigOverrider({"Client.vfs_virtualroots": [os_root]}):
            # We need to reset the vfs.VFS_VIRTUALROOTS too.
            vfs.VFSInit().Run()

            fd = vfs.VFSOpen(
                rdf_paths.PathSpec(path="/morenumbers.txt",
                                   pathtype=rdf_paths.PathSpec.PathType.OS))
            data = fd.read(10)
            self.assertEqual(data, "1\n2\n3\n4\n5\n")

        # This should also work with TSK.
        tsk_root = "tsk:%s" % os.path.join(self.base_path, "test_img.dd")
        with test_lib.ConfigOverrider({"Client.vfs_virtualroots": [tsk_root]}):
            vfs.VFSInit().Run()

            image_file_ps = rdf_paths.PathSpec(
                path=u"איןד ןד ש אקדא/איןד.txt",
                pathtype=rdf_paths.PathSpec.PathType.TSK)

            fd = vfs.VFSOpen(image_file_ps)

            data = fd.read(10)
            self.assertEqual(data, "1\n2\n3\n4\n5\n")

            # This should not influence vfs handlers other than OS and TSK.
            reg_type = rdf_paths.PathSpec.PathType.REGISTRY
            os_handler = vfs.VFS_HANDLERS[rdf_paths.PathSpec.PathType.OS]
            with vfs_test_lib.VFSOverrider(reg_type, os_handler):
                with self.assertRaises(IOError):
                    image_file_ps.pathtype = reg_type
                    vfs.VFSOpen(image_file_ps)
Beispiel #2
0
    def Start(self):
        """Install the stubs."""

        modules = {
            "_winreg": FakeWinreg(),
            "ctypes": mock.MagicMock(),
            "ctypes.wintypes": mock.MagicMock(),
        }

        self.module_patcher = mock.patch.dict("sys.modules", modules)
        self.module_patcher.start()

        # pylint: disable= g-import-not-at-top
        from grr_response_client.vfs_handlers import registry
        # pylint: enable=g-import-not-at-top

        fixture = RegistryFake()

        self.stubber = utils.MultiStubber(
            (registry, "KeyHandle", RegistryFake.FakeKeyHandle),
            (registry, "OpenKey", fixture.OpenKey),
            (registry, "QueryValueEx", fixture.QueryValueEx),
            (registry, "QueryInfoKey", fixture.QueryInfoKey),
            (registry, "EnumValue", fixture.EnumValue),
            (registry, "EnumKey", fixture.EnumKey))
        self.stubber.Start()

        # Add the Registry handler to the vfs.
        vfs.VFSInit().Run()
Beispiel #3
0
    def testGrepRegex(self):
        # Use the real file system.
        vfs.VFSInit().Run()

        request = rdf_client_fs.GrepSpec(
            regex="1[0]",
            xor_out_key=self.XOR_OUT_KEY,
            start_offset=0,
            target=rdf_paths.PathSpec(path=os.path.join(
                self.base_path, "numbers.txt"),
                                      pathtype=rdf_paths.PathSpec.PathType.OS))

        result = self.RunAction(searching.Grep, request)
        hits = [x.offset for x in result]
        self.assertEqual(hits, [
            18, 288, 292, 296, 300, 304, 308, 312, 316, 320, 324, 329, 729,
            1129, 1529, 1929, 2329, 2729, 3129, 3529, 3888
        ])
        for x in result:
            self.assertTrue("10" in utils.Xor(x.data, self.XOR_OUT_KEY))
Beispiel #4
0
    def testGrep(self):
        # Use the real file system.
        vfs.VFSInit().Run()

        request = rdf_client.GrepSpec(literal=utils.Xor("10", self.XOR_IN_KEY),
                                      xor_in_key=self.XOR_IN_KEY,
                                      xor_out_key=self.XOR_OUT_KEY)
        request.target.path = os.path.join(self.base_path, "numbers.txt")
        request.target.pathtype = rdf_paths.PathSpec.PathType.OS
        request.start_offset = 0

        result = self.RunAction(searching.Grep, request)
        hits = [x.offset for x in result]
        self.assertEqual(hits, [
            18, 288, 292, 296, 300, 304, 308, 312, 316, 320, 324, 329, 729,
            1129, 1529, 1929, 2329, 2729, 3129, 3529, 3888
        ])
        for x in result:
            self.assertTrue("10" in utils.Xor(x.data, self.XOR_OUT_KEY))
            self.assertEqual(request.target.path, x.pathspec.path)
Beispiel #5
0
  def Start(self):
    """Install the stubs."""

    modules = {
        "_winreg": mock.MagicMock(),
        "ctypes": mock.MagicMock(),
        "ctypes.wintypes": mock.MagicMock(),
        # Requires mocking because exceptions.WindowsError does not exist
        "exceptions": mock.MagicMock(),
    }

    self.module_patcher = mock.patch.dict("sys.modules", modules)
    self.module_patcher.start()

    # pylint: disable= g-import-not-at-top
    from grr_response_client.vfs_handlers import registry
    import exceptions
    import _winreg
    # pylint: enable=g-import-not-at-top

    fixture = RegistryFake()

    self.stubber = utils.MultiStubber(
        (registry, "KeyHandle", RegistryFake.FakeKeyHandle),
        (registry, "OpenKey", fixture.OpenKey), (registry, "QueryValueEx",
                                                 fixture.QueryValueEx),
        (registry, "QueryInfoKey",
         fixture.QueryInfoKey), (registry, "EnumValue",
                                 fixture.EnumValue), (registry, "EnumKey",
                                                      fixture.EnumKey))
    self.stubber.Start()

    # Add the Registry handler to the vfs.
    vfs.VFSInit().Run()
    _winreg.HKEY_USERS = "HKEY_USERS"
    _winreg.HKEY_LOCAL_MACHINE = "HKEY_LOCAL_MACHINE"
    exceptions.WindowsError = IOError
Beispiel #6
0
def main(argv):
    vfs.VFSInit()
    test_lib.main(argv)