def testMatches(self):
"""Tests the Matches function."""
specification_store = specification.FormatSpecificationStore()
format_specification = specification.FormatSpecification('regf')
format_specification.AddNewSignature(b'regf', offset=0)
specification_store.AddSpecification(format_specification)
test_filter = file_entry_filters.SignaturesFileEntryFilter(
specification_store, ['regf'])
# Test a filter match.
test_path = self._GetTestFilePath(['NTUSER.DAT'])
os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path)
file_entry = path_spec_resolver.Resolver.OpenFileEntry(os_path_spec)
self.assertTrue(test_filter.Matches(file_entry))
# Test a filter non-match.
test_path = self._GetTestFilePath(['test_pe.exe'])
os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path)
file_entry = path_spec_resolver.Resolver.OpenFileEntry(os_path_spec)
self.assertFalse(test_filter.Matches(file_entry))
def testGetScanner(self):
"""Tests the _GetScanner function."""
test_filter = file_entry_filters.SignaturesFileEntryFilter(None, [])
test_filter._GetScanner(None, [])
self.assertIsNone(test_filter._file_scanner)
specification_store = specification.FormatSpecificationStore()
format_specification = specification.FormatSpecification('no_offset')
format_specification.AddNewSignature(b'test1')
specification_store.AddSpecification(format_specification)
format_specification = specification.FormatSpecification(
'negative_offset')
format_specification.AddNewSignature(b'test2', offset=-4)
specification_store.AddSpecification(format_specification)
format_specification = specification.FormatSpecification(
'positive_offset')
format_specification.AddNewSignature(b'test3', offset=4)
specification_store.AddSpecification(format_specification)
with self.assertRaises(TypeError):
# Currently pysigscan does not support patterns without an offset.
test_filter._GetScanner(specification_store, ['no_offset'])
file_scanner = test_filter._GetScanner(specification_store,
['negative_offset'])
self.assertIsNotNone(file_scanner)
file_scanner = test_filter._GetScanner(specification_store,
['positive_offset'])
self.assertIsNotNone(file_scanner)
def testPrint(self):
"""Tests the Print function."""
output_writer = cli_test_lib.TestBinaryOutputWriter(encoding='utf-8')
specification_store = specification.FormatSpecificationStore()
specification_store.AddNewSpecification('7z')
test_filter = file_entry_filters.SignaturesFileEntryFilter(
specification_store, ['7z', 'bzip2'])
test_filter.Print(output_writer)
expected_output = [b'\tsignature identifiers: 7z', b'']
output = output_writer.ReadOutput()
# Compare the output as list of lines which makes it easier to spot
# differences.
self.assertEqual(output.split(b'\n'), expected_output)
def _ParseSignatureIdentifiers(self, data_location, signature_identifiers):
"""Parses the signature identifiers.
Args:
data_location (str): location of the format specification file, for
example, "signatures.conf".
signature_identifiers (str): comma separated signature identifiers.
Raises:
IOError: if the format specification file could not be read from
the specified data location.
OSError: if the format specification file could not be read from
the specified data location.
ValueError: if no data location was specified.
"""
if not signature_identifiers:
return
if not data_location:
raise ValueError('Missing data location.')
path = os.path.join(data_location, 'signatures.conf')
if not os.path.exists(path):
raise IOError(
'No such format specification file: {0:s}'.format(path))
try:
specification_store = self._ReadSpecificationFile(path)
except IOError as exception:
raise IOError(
('Unable to read format specification file: {0:s} with error: '
'{1!s}').format(path, exception))
signature_identifiers = signature_identifiers.lower()
signature_identifiers = [
identifier.strip()
for identifier in signature_identifiers.split(',')
]
file_entry_filter = file_entry_filters.SignaturesFileEntryFilter(
specification_store, signature_identifiers)
self._filter_collection.AddFilter(file_entry_filter)
