def testParseFileEntryWithBogusTZif(self): """Tests the _ParseFileEntry function on a bogus TZif file.""" test_file_path = self._GetTestFilePath(['syslog']) self._SkipIfPathNotExists(test_file_path) file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() file_system_builder.AddFileReadData('/etc/localtime', test_file_path) mount_point = fake_path_spec.FakePathSpec(location='/') storage_writer = self._CreateTestStorageWriter() plugin = linux.LinuxTimeZonePlugin() test_mediator = self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, storage_writer, plugin) self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1) self.assertEqual(test_mediator.knowledge_base.timezone.zone, 'UTC')
def testParseFileEntryWithBogusLink(self): """Tests the _ParseFileEntry function a bogus symbolic link.""" file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() file_system_builder.AddSymbolicLink('/private/etc/localtime', '/usr/share/zoneinfo/Bogus') mount_point = fake_path_spec.FakePathSpec(location='/') storage_writer = self._CreateTestStorageWriter() plugin = macos.MacOSTimeZonePlugin() test_mediator = self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, storage_writer, plugin) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'preprocessing_warning') self.assertEqual(number_of_warnings, 1) self.assertEqual(test_mediator.knowledge_base.timezone.zone, 'UTC')
def _CreateTestFileSystem(self): """Create a file system for testing. Returns: FakeFileSystem: file system for testing. """ file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() test_path = '/usr/lib/python2.7/site-packages/dfvfs/__init__.py' test_file_data = b'\n'.join([ b'# -*- coding: utf-8 -*-', b'"""Digital Forensics Virtual File System (dfVFS).', b'', b'dfVFS, or Digital Forensics Virtual File System, is a Python module', b'that provides read-only access to file-system objects from various', b'storage media types and file formats.', b'"""' ]) file_system_builder.AddFile(test_path, test_file_data) return file_system_builder.file_system
def testRunWithTruncatedFile(self): """Tests the Run function on a truncated plist file.""" test_file_path = self._GetTestFilePath(['truncated.plist']) self._SkipIfPathNotExists(test_file_path) file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() file_system_builder.AddFileReadData( '/private/var/db/dslocal/nodes/Default/users/nobody.plist', test_file_path) mount_point = fake_path_spec.FakePathSpec(location='/') storage_writer = self._CreateTestStorageWriter() plugin = macos.MacOSUserAccountsPlugin() self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, storage_writer, plugin) self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1)
def testParseFileEntryWithTZif(self): """Tests the _ParseFileEntry function on a timezone information file.""" test_file_path = self._GetTestFilePath(['localtime.tzif']) self._SkipIfPathNotExists(test_file_path) file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() file_system_builder.AddFileReadData('/etc/localtime', test_file_path) mount_point = fake_path_spec.FakePathSpec(location='/') storage_writer = self._CreateTestStorageWriter() plugin = linux.LinuxTimeZonePlugin() test_mediator = self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, storage_writer, plugin) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'preprocessing_warning') self.assertEqual(number_of_warnings, 0) self.assertEqual(test_mediator.knowledge_base.timezone.zone, 'CET')
def _RunPreprocessorPluginOnWindowsRegistryValueSystem( self, storage_writer, plugin): """Runs a preprocessor plugin on a Windows Registry value in SYSTEM. Args: storage_writer (StorageWriter): storage writer. plugin (ArtifactPreprocessorPlugin): preprocessor plugin. Return: PreprocessMediator: preprocess mediator. """ file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() test_file_path = self._GetTestFilePath(['SYSTEM']) file_system_builder.AddFileReadData( '/Windows/System32/config/SYSTEM', test_file_path) mount_point = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_FAKE, location='/') return self._RunPreprocessorPluginOnWindowsRegistryValue( file_system_builder.file_system, mount_point, storage_writer, plugin)
def __init__(self, path_spec_queue, event_object_queue, parse_error_queue): """Initialize the engine object. Args: path_spec_queue: the path specification queue object (instance of Queue). event_object_queue: the event object queue object (instance of Queue). parse_error_queue: the parser error queue object (instance of Queue). """ super(TestEngine, self).__init__( path_spec_queue, event_object_queue, parse_error_queue) file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() test_file_path = self._GetTestFilePath([u'SOFTWARE']) file_system_builder.AddFileReadData( u'/Windows/System32/config/SOFTWARE', test_file_path) test_file_path = self._GetTestFilePath([u'SYSTEM']) file_system_builder.AddFileReadData( u'/Windows/System32/config/SYSTEM', test_file_path) self._file_system = file_system_builder.file_system self._mount_point = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_FAKE, location=u'/')
def testParseFileData(self): """Tests the _ParseFileData function.""" file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() file_system_builder.AddFile('/etc/passwd', self._FILE_DATA) mount_point = fake_path_spec.FakePathSpec(location='/') plugin = linux.LinuxUserAccountsPlugin() knowledge_base = self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, plugin) users = sorted(knowledge_base.user_accounts, key=lambda user_account: user_account.identifier) self.assertEqual(len(users), 13) user_account = users[4] self.assertEqual(user_account.identifier, '14') self.assertEqual(user_account.group_identifier, '50') self.assertEqual(user_account.user_directory, '/var/ftp') self.assertEqual(user_account.username, 'ftp') self.assertEqual(user_account.shell, '/sbin/nologin')
def testAddFile(self): """Tests the AddFile function.""" file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() test_path = '/usr/lib/python2.7/site-packages/dfvfs/__init__.py' test_file_data = b'\n'.join([ b'# -*- coding: utf-8 -*-', b'"""Digital Forensics Virtual File System (dfVFS).', b'', b'dfVFS, or Digital Forensics Virtual File System, is a Python module', b'that provides read-only access to file-system objects from various', b'storage media types and file formats.', b'"""' ]) file_system_builder.AddFile(test_path, test_file_data) with self.assertRaises(ValueError): file_system_builder.AddFile(test_path, test_file_data) test_path = '/usr/bin/empty' file_system_builder.AddFile(test_path, b'') test_path = '/usr/bin/empty/file' with self.assertRaises(ValueError): file_system_builder.AddFile(test_path, b'')
def testRun(self): """Tests the Run function.""" file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() test_file_path = self._GetTestFilePath([u'nobody.plist']) file_system_builder.AddFileReadData( u'/private/var/db/dslocal/nodes/Default/users/nobody.plist', test_file_path) mount_point = fake_path_spec.FakePathSpec(location=u'/') plugin = macos.MacOSUserAccountsPlugin() knowledge_base = self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, plugin) users = sorted(knowledge_base.user_accounts, key=lambda user_account: user_account.identifier) self.assertEqual(len(users), 1) user_account = users[0] self.assertEqual(user_account.identifier, u'-2') self.assertEqual(user_account.full_name, u'Unprivileged User') self.assertEqual(user_account.user_directory, u'/var/empty') self.assertEqual(user_account.username, u'nobody')
def testParseFileData(self): """Tests the _ParseFileData function.""" file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() file_system_builder.AddFile('/etc/passwd', self._FILE_DATA) mount_point = fake_path_spec.FakePathSpec(location='/') storage_writer = self._CreateTestStorageWriter() plugin = linux.LinuxUserAccountsPlugin() test_mediator = self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, storage_writer, plugin) self.assertEqual(storage_writer.number_of_preprocessing_warnings, 0) users = sorted(test_mediator.knowledge_base.user_accounts, key=lambda user_account: user_account.identifier) self.assertEqual(len(users), 13) user_account = users[4] self.assertEqual(user_account.identifier, '14') self.assertEqual(user_account.group_identifier, '50') self.assertEqual(user_account.user_directory, '/var/ftp') self.assertEqual(user_account.username, 'ftp') self.assertEqual(user_account.shell, '/sbin/nologin') # Test on /etc/passwd with missing field. file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() file_system_builder.AddFile( '/etc/passwd', b'error:99:99:Nobody:/home/error:/sbin/nologin\n') mount_point = fake_path_spec.FakePathSpec(location='/') storage_writer = self._CreateTestStorageWriter() plugin = linux.LinuxUserAccountsPlugin() test_mediator = self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, storage_writer, plugin) self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1) # Test on /etc/passwd with empty username. file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() file_system_builder.AddFile( '/etc/passwd', b':x:99:99:Nobody:/home/error:/sbin/nologin\n') mount_point = fake_path_spec.FakePathSpec(location='/') storage_writer = self._CreateTestStorageWriter() plugin = linux.LinuxUserAccountsPlugin() test_mediator = self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, storage_writer, plugin) self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1) # Test on /etc/passwd with empty user identifier. file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() file_system_builder.AddFile( '/etc/passwd', b'error:x::99:Nobody:/home/error:/sbin/nologin\n') mount_point = fake_path_spec.FakePathSpec(location='/') storage_writer = self._CreateTestStorageWriter() plugin = linux.LinuxUserAccountsPlugin() test_mediator = self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, storage_writer, plugin) self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1) # Test on /etc/passwd with non UTF-8 username. file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() file_system_builder.AddFile( '/etc/passwd', b'er\xbfor:x:99:99:Nobody:/home/error:/sbin/nologin\n') mount_point = fake_path_spec.FakePathSpec(location='/') storage_writer = self._CreateTestStorageWriter() plugin = linux.LinuxUserAccountsPlugin() test_mediator = self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, storage_writer, plugin) self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1) # Test on /etc/passwd with non UTF-8 user identifier. file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() file_system_builder.AddFile( '/etc/passwd', b'error:x:\xbf9:99:Nobody:/home/error:/sbin/nologin\n') mount_point = fake_path_spec.FakePathSpec(location='/') storage_writer = self._CreateTestStorageWriter() plugin = linux.LinuxUserAccountsPlugin() test_mediator = self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, storage_writer, plugin) self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1) # Test on /etc/passwd with non UTF-8 group identifier. file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() file_system_builder.AddFile( '/etc/passwd', b'error:x:99:\xbf9:Nobody:/home/error:/sbin/nologin\n') mount_point = fake_path_spec.FakePathSpec(location='/') storage_writer = self._CreateTestStorageWriter() plugin = linux.LinuxUserAccountsPlugin() test_mediator = self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, storage_writer, plugin) self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1) # Test on /etc/passwd with non UTF-8 full name. file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() file_system_builder.AddFile( '/etc/passwd', b'error:x:99:99:Nob\xbfdy:/home/error:/sbin/nologin\n') mount_point = fake_path_spec.FakePathSpec(location='/') storage_writer = self._CreateTestStorageWriter() plugin = linux.LinuxUserAccountsPlugin() test_mediator = self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, storage_writer, plugin) self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1) # Test on /etc/passwd with non UTF-8 user directory. file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() file_system_builder.AddFile( '/etc/passwd', b'error:x:99:99:Nobody:/home/er\xbfor:/sbin/nologin\n') mount_point = fake_path_spec.FakePathSpec(location='/') storage_writer = self._CreateTestStorageWriter() plugin = linux.LinuxUserAccountsPlugin() test_mediator = self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, storage_writer, plugin) self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1) # Test on /etc/passwd with non UTF-8 shell. file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() file_system_builder.AddFile( '/etc/passwd', b'error:x:99:99:Nobody:/home/error:/sbin/nol\xbfgin\n') mount_point = fake_path_spec.FakePathSpec(location='/') storage_writer = self._CreateTestStorageWriter() plugin = linux.LinuxUserAccountsPlugin() test_mediator = self._RunPreprocessorPluginOnFileSystem( file_system_builder.file_system, mount_point, storage_writer, plugin) self.assertEqual(storage_writer.number_of_preprocessing_warnings, 1)