def testParseFileEntryWithBogusTZif(self):
"""Tests the _ParseFileEntry function on a bogus TZif file."""
test_file_path = self._GetTestFilePath(['syslog'])
self._SkipIfPathNotExists(test_file_path)
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
file_system_builder.AddFileReadData('/etc/localtime', test_file_path)
mount_point = fake_path_spec.FakePathSpec(location='/')
storage_writer = self._CreateTestStorageWriter()
plugin = linux.LinuxTimeZonePlugin()
test_mediator = self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, storage_writer,
plugin)
self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1)
self.assertEqual(test_mediator.knowledge_base.timezone.zone, 'UTC')
def testParseFileEntryWithBogusLink(self):
"""Tests the _ParseFileEntry function a bogus symbolic link."""
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
file_system_builder.AddSymbolicLink('/private/etc/localtime',
'/usr/share/zoneinfo/Bogus')
mount_point = fake_path_spec.FakePathSpec(location='/')
storage_writer = self._CreateTestStorageWriter()
plugin = macos.MacOSTimeZonePlugin()
test_mediator = self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, storage_writer,
plugin)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'preprocessing_warning')
self.assertEqual(number_of_warnings, 1)
self.assertEqual(test_mediator.knowledge_base.timezone.zone, 'UTC')
def _CreateTestFileSystem(self):
"""Create a file system for testing.
Returns:
FakeFileSystem: file system for testing.
"""
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
test_path = '/usr/lib/python2.7/site-packages/dfvfs/__init__.py'
test_file_data = b'\n'.join([
b'# -*- coding: utf-8 -*-',
b'"""Digital Forensics Virtual File System (dfVFS).', b'',
b'dfVFS, or Digital Forensics Virtual File System, is a Python module',
b'that provides read-only access to file-system objects from various',
b'storage media types and file formats.', b'"""'
])
file_system_builder.AddFile(test_path, test_file_data)
return file_system_builder.file_system
def testRunWithTruncatedFile(self):
"""Tests the Run function on a truncated plist file."""
test_file_path = self._GetTestFilePath(['truncated.plist'])
self._SkipIfPathNotExists(test_file_path)
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
file_system_builder.AddFileReadData(
'/private/var/db/dslocal/nodes/Default/users/nobody.plist',
test_file_path)
mount_point = fake_path_spec.FakePathSpec(location='/')
storage_writer = self._CreateTestStorageWriter()
plugin = macos.MacOSUserAccountsPlugin()
self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, storage_writer,
plugin)
self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1)
def testParseFileEntryWithTZif(self):
"""Tests the _ParseFileEntry function on a timezone information file."""
test_file_path = self._GetTestFilePath(['localtime.tzif'])
self._SkipIfPathNotExists(test_file_path)
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
file_system_builder.AddFileReadData('/etc/localtime', test_file_path)
mount_point = fake_path_spec.FakePathSpec(location='/')
storage_writer = self._CreateTestStorageWriter()
plugin = linux.LinuxTimeZonePlugin()
test_mediator = self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, storage_writer, plugin)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'preprocessing_warning')
self.assertEqual(number_of_warnings, 0)
self.assertEqual(test_mediator.knowledge_base.timezone.zone, 'CET')
def _RunPreprocessorPluginOnWindowsRegistryValueSystem(
self, storage_writer, plugin):
"""Runs a preprocessor plugin on a Windows Registry value in SYSTEM.
Args:
storage_writer (StorageWriter): storage writer.
plugin (ArtifactPreprocessorPlugin): preprocessor plugin.
Return:
PreprocessMediator: preprocess mediator.
"""
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
test_file_path = self._GetTestFilePath(['SYSTEM'])
file_system_builder.AddFileReadData(
'/Windows/System32/config/SYSTEM', test_file_path)
mount_point = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_FAKE, location='/')
return self._RunPreprocessorPluginOnWindowsRegistryValue(
file_system_builder.file_system, mount_point, storage_writer, plugin)
def __init__(self, path_spec_queue, event_object_queue, parse_error_queue):
"""Initialize the engine object.
Args:
path_spec_queue: the path specification queue object (instance of Queue).
event_object_queue: the event object queue object (instance of Queue).
parse_error_queue: the parser error queue object (instance of Queue).
"""
super(TestEngine, self).__init__(
path_spec_queue, event_object_queue, parse_error_queue)
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
test_file_path = self._GetTestFilePath([u'SOFTWARE'])
file_system_builder.AddFileReadData(
u'/Windows/System32/config/SOFTWARE', test_file_path)
test_file_path = self._GetTestFilePath([u'SYSTEM'])
file_system_builder.AddFileReadData(
u'/Windows/System32/config/SYSTEM', test_file_path)
self._file_system = file_system_builder.file_system
self._mount_point = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_FAKE, location=u'/')
def testParseFileData(self):
"""Tests the _ParseFileData function."""
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
file_system_builder.AddFile('/etc/passwd', self._FILE_DATA)
mount_point = fake_path_spec.FakePathSpec(location='/')
plugin = linux.LinuxUserAccountsPlugin()
knowledge_base = self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, plugin)
users = sorted(knowledge_base.user_accounts,
key=lambda user_account: user_account.identifier)
self.assertEqual(len(users), 13)
user_account = users[4]
self.assertEqual(user_account.identifier, '14')
self.assertEqual(user_account.group_identifier, '50')
self.assertEqual(user_account.user_directory, '/var/ftp')
self.assertEqual(user_account.username, 'ftp')
self.assertEqual(user_account.shell, '/sbin/nologin')
def testAddFile(self):
"""Tests the AddFile function."""
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
test_path = '/usr/lib/python2.7/site-packages/dfvfs/__init__.py'
test_file_data = b'\n'.join([
b'# -*- coding: utf-8 -*-',
b'"""Digital Forensics Virtual File System (dfVFS).', b'',
b'dfVFS, or Digital Forensics Virtual File System, is a Python module',
b'that provides read-only access to file-system objects from various',
b'storage media types and file formats.', b'"""'
])
file_system_builder.AddFile(test_path, test_file_data)
with self.assertRaises(ValueError):
file_system_builder.AddFile(test_path, test_file_data)
test_path = '/usr/bin/empty'
file_system_builder.AddFile(test_path, b'')
test_path = '/usr/bin/empty/file'
with self.assertRaises(ValueError):
file_system_builder.AddFile(test_path, b'')
def testRun(self):
"""Tests the Run function."""
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
test_file_path = self._GetTestFilePath([u'nobody.plist'])
file_system_builder.AddFileReadData(
u'/private/var/db/dslocal/nodes/Default/users/nobody.plist',
test_file_path)
mount_point = fake_path_spec.FakePathSpec(location=u'/')
plugin = macos.MacOSUserAccountsPlugin()
knowledge_base = self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, plugin)
users = sorted(knowledge_base.user_accounts,
key=lambda user_account: user_account.identifier)
self.assertEqual(len(users), 1)
user_account = users[0]
self.assertEqual(user_account.identifier, u'-2')
self.assertEqual(user_account.full_name, u'Unprivileged User')
self.assertEqual(user_account.user_directory, u'/var/empty')
self.assertEqual(user_account.username, u'nobody')
def testParseFileData(self):
"""Tests the _ParseFileData function."""
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
file_system_builder.AddFile('/etc/passwd', self._FILE_DATA)
mount_point = fake_path_spec.FakePathSpec(location='/')
storage_writer = self._CreateTestStorageWriter()
plugin = linux.LinuxUserAccountsPlugin()
test_mediator = self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, storage_writer,
plugin)
self.assertEqual(storage_writer.number_of_preprocessing_warnings, 0)
users = sorted(test_mediator.knowledge_base.user_accounts,
key=lambda user_account: user_account.identifier)
self.assertEqual(len(users), 13)
user_account = users[4]
self.assertEqual(user_account.identifier, '14')
self.assertEqual(user_account.group_identifier, '50')
self.assertEqual(user_account.user_directory, '/var/ftp')
self.assertEqual(user_account.username, 'ftp')
self.assertEqual(user_account.shell, '/sbin/nologin')
# Test on /etc/passwd with missing field.
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
file_system_builder.AddFile(
'/etc/passwd', b'error:99:99:Nobody:/home/error:/sbin/nologin\n')
mount_point = fake_path_spec.FakePathSpec(location='/')
storage_writer = self._CreateTestStorageWriter()
plugin = linux.LinuxUserAccountsPlugin()
test_mediator = self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, storage_writer,
plugin)
self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1)
# Test on /etc/passwd with empty username.
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
file_system_builder.AddFile(
'/etc/passwd', b':x:99:99:Nobody:/home/error:/sbin/nologin\n')
mount_point = fake_path_spec.FakePathSpec(location='/')
storage_writer = self._CreateTestStorageWriter()
plugin = linux.LinuxUserAccountsPlugin()
test_mediator = self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, storage_writer,
plugin)
self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1)
# Test on /etc/passwd with empty user identifier.
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
file_system_builder.AddFile(
'/etc/passwd', b'error:x::99:Nobody:/home/error:/sbin/nologin\n')
mount_point = fake_path_spec.FakePathSpec(location='/')
storage_writer = self._CreateTestStorageWriter()
plugin = linux.LinuxUserAccountsPlugin()
test_mediator = self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, storage_writer,
plugin)
self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1)
# Test on /etc/passwd with non UTF-8 username.
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
file_system_builder.AddFile(
'/etc/passwd',
b'er\xbfor:x:99:99:Nobody:/home/error:/sbin/nologin\n')
mount_point = fake_path_spec.FakePathSpec(location='/')
storage_writer = self._CreateTestStorageWriter()
plugin = linux.LinuxUserAccountsPlugin()
test_mediator = self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, storage_writer,
plugin)
self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1)
# Test on /etc/passwd with non UTF-8 user identifier.
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
file_system_builder.AddFile(
'/etc/passwd',
b'error:x:\xbf9:99:Nobody:/home/error:/sbin/nologin\n')
mount_point = fake_path_spec.FakePathSpec(location='/')
storage_writer = self._CreateTestStorageWriter()
plugin = linux.LinuxUserAccountsPlugin()
test_mediator = self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, storage_writer,
plugin)
self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1)
# Test on /etc/passwd with non UTF-8 group identifier.
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
file_system_builder.AddFile(
'/etc/passwd',
b'error:x:99:\xbf9:Nobody:/home/error:/sbin/nologin\n')
mount_point = fake_path_spec.FakePathSpec(location='/')
storage_writer = self._CreateTestStorageWriter()
plugin = linux.LinuxUserAccountsPlugin()
test_mediator = self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, storage_writer,
plugin)
self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1)
# Test on /etc/passwd with non UTF-8 full name.
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
file_system_builder.AddFile(
'/etc/passwd',
b'error:x:99:99:Nob\xbfdy:/home/error:/sbin/nologin\n')
mount_point = fake_path_spec.FakePathSpec(location='/')
storage_writer = self._CreateTestStorageWriter()
plugin = linux.LinuxUserAccountsPlugin()
test_mediator = self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, storage_writer,
plugin)
self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1)
# Test on /etc/passwd with non UTF-8 user directory.
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
file_system_builder.AddFile(
'/etc/passwd',
b'error:x:99:99:Nobody:/home/er\xbfor:/sbin/nologin\n')
mount_point = fake_path_spec.FakePathSpec(location='/')
storage_writer = self._CreateTestStorageWriter()
plugin = linux.LinuxUserAccountsPlugin()
test_mediator = self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, storage_writer,
plugin)
self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1)
# Test on /etc/passwd with non UTF-8 shell.
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
file_system_builder.AddFile(
'/etc/passwd',
b'error:x:99:99:Nobody:/home/error:/sbin/nol\xbfgin\n')
mount_point = fake_path_spec.FakePathSpec(location='/')
storage_writer = self._CreateTestStorageWriter()
plugin = linux.LinuxUserAccountsPlugin()
test_mediator = self._RunPreprocessorPluginOnFileSystem(
file_system_builder.file_system, mount_point, storage_writer,
plugin)
self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1)
