def testOpenCloseLocation(self):
"""Test the open and close functionality using a location."""
path_spec = tsk_path_spec.TSKPathSpec(location='/passwords.txt',
parent=self._os_path_spec)
file_object = tsk_file_io.TSKFile(self._resolver_context, path_spec)
self._TestOpenCloseLocation(file_object)
# Try open with a path specification that has no parent.
path_spec.parent = None
file_object = tsk_file_io.TSKFile(self._resolver_context, path_spec)
with self.assertRaises(errors.PathSpecError):
self._TestOpenCloseLocation(file_object)
def _TestRead(self, parent_path_spec):
"""Test the read functionality.
Args:
parent_path_spec (PathSpec): parent path specification.
"""
path_spec = tsk_path_spec.TSKPathSpec(inode=self._INODE_PASSWORDS_TXT,
location='/passwords.txt',
parent=parent_path_spec)
file_object = tsk_file_io.TSKFile(self._resolver_context)
file_object.open(path_spec=path_spec)
read_buffer = file_object.read()
expected_buffer = (b'place,user,password\n'
b'bank,joesmith,superrich\n'
b'alarm system,-,1234\n'
b'treasure chest,-,1111\n'
b'uber secret laire,admin,admin\n')
self.assertEqual(read_buffer, expected_buffer)
# TODO: add boundary scenarios.
file_object.close()
def testOpenCloseLocation(self):
"""Test the open and close functionality using a location."""
path_spec = tsk_path_spec.TSKPathSpec(location='/passwords.txt',
parent=self._os_path_spec)
file_object = tsk_file_io.TSKFile(self._resolver_context)
self._TestOpenCloseLocation(path_spec, file_object)
def testOpenCloseMFTEntry(self):
"""Test the open and close functionality using a MFT entry."""
path_spec = tsk_path_spec.TSKPathSpec(
inode=self._MFT_ENTRY_PASSWORDS_TXT, parent=self._os_path_spec)
file_object = tsk_file_io.TSKFile(self._resolver_context)
self._TestOpenCloseMFTEntry(path_spec, file_object)
def testReadADS(self):
"""Test the read functionality on an alternate data stream (ADS)."""
test_file = self._GetTestFilePath(['vsstest.qcow2'])
self._SkipIfPathNotExists(test_file)
path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
path_spec = tsk_path_spec.TSKPathSpec(data_stream='$SDS',
inode=9,
location='\\$Secure',
parent=path_spec)
file_object = tsk_file_io.TSKFile(self._resolver_context)
file_object.open(path_spec=path_spec)
expected_buffer = (
b'H\n\x80\xb9\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
read_buffer = file_object.read(size=16)
self.assertEqual(read_buffer, expected_buffer)
file_object.seek(0x00040000, os.SEEK_SET)
read_buffer = file_object.read(size=16)
self.assertEqual(read_buffer, expected_buffer)
file_object.seek(0x000401a0, os.SEEK_SET)
expected_buffer = (
b'\xc3\xb4\xb1\x34\x03\x01\x00\x00\xa0\x01\x00\x00\x00\x00\x00\x00'
)
read_buffer = file_object.read(size=16)
self.assertEqual(read_buffer, expected_buffer)
def testReadADS(self):
"""Test the read functionality on an alternate data stream (ADS)."""
path_spec = tsk_path_spec.TSKPathSpec(data_stream='$SDS',
location='/$Secure',
inode=9,
parent=self._os_path_spec)
file_object = tsk_file_io.TSKFile(self._resolver_context)
self._TestReadADS(path_spec, file_object)
def testRead(self):
"""Test the read functionality."""
path_spec = tsk_path_spec.TSKPathSpec(
location='/passwords.txt',
inode=self._MFT_ENTRY_PASSWORDS_TXT,
parent=self._os_path_spec)
file_object = tsk_file_io.TSKFile(self._resolver_context)
self._TestRead(path_spec, file_object)
def testSeek(self):
"""Test the seek functionality."""
path_spec = tsk_path_spec.TSKPathSpec(
location='/a_directory/another_file',
inode=self._MFT_ENTRY_ANOTHER_FILE,
parent=self._os_path_spec)
file_object = tsk_file_io.TSKFile(self._resolver_context)
self._TestSeek(path_spec, file_object)
def NewFileObject(self, resolver_context):
"""Creates a new file-like object.
Args:
resolver_context (Context): resolver context.
Returns:
FileIO: file-like object.
"""
return tsk_file_io.TSKFile(resolver_context)
def _TestOpenCloseLocation(self, parent_path_spec):
"""Test the open and close functionality using a location.
Args:
parent_path_spec (PathSpec): parent path specification.
"""
path_spec = tsk_path_spec.TSKPathSpec(location='/passwords.txt',
parent=parent_path_spec)
file_object = tsk_file_io.TSKFile(self._resolver_context, path_spec)
file_object.Open()
self.assertEqual(file_object.get_size(), 126)
def _TestOpenCloseMFTEntry(self, parent_path_spec):
"""Test the open and close functionality using a MFT entry.
Args:
parent_path_spec (PathSpec): parent path specification.
"""
path_spec = tsk_path_spec.TSKPathSpec(inode=self._INODE_PASSWORDS_TXT,
parent=parent_path_spec)
file_object = tsk_file_io.TSKFile(self._resolver_context, path_spec)
file_object.Open()
self.assertEqual(file_object.get_size(), 126)
def _TestOpenCloseInode(self, parent_path_spec):
"""Test the open and close functionality using an inode.
Args:
parent_path_spec: the parent path specification.
"""
path_spec = tsk_path_spec.TSKPathSpec(
inode=self._INODE_PASSWORDS_TXT, parent=parent_path_spec)
file_object = tsk_file_io.TSKFile(self._resolver_context)
file_object.open(path_spec=path_spec)
self.assertEqual(file_object.get_size(), 116)
file_object.close()
def _TestSeek(self, parent_path_spec):
"""Test the seek functionality.
Args:
parent_path_spec (PathSpec): parent path specification.
"""
path_spec = tsk_path_spec.TSKPathSpec(
inode=self._INODE_ANOTHER_FILE,
location='/a_directory/another_file',
parent=parent_path_spec)
file_object = tsk_file_io.TSKFile(self._resolver_context)
file_object.open(path_spec=path_spec)
self.assertEqual(file_object.get_size(), 22)
file_object.seek(10)
self.assertEqual(file_object.read(5), b'other')
self.assertEqual(file_object.get_offset(), 15)
file_object.seek(-10, os.SEEK_END)
self.assertEqual(file_object.read(5), b'her f')
file_object.seek(2, os.SEEK_CUR)
self.assertEqual(file_object.read(2), b'e.')
# Conforming to the POSIX seek the offset can exceed the file size
# but reading will result in no data being returned.
file_object.seek(300, os.SEEK_SET)
self.assertEqual(file_object.get_offset(), 300)
self.assertEqual(file_object.read(2), b'')
with self.assertRaises(IOError):
file_object.seek(-10, os.SEEK_SET)
# On error the offset should not change.
self.assertEqual(file_object.get_offset(), 300)
with self.assertRaises(IOError):
file_object.seek(10, 5)
# On error the offset should not change.
self.assertEqual(file_object.get_offset(), 300)
file_object.close()
