def testGetUnscannedSubNode(self):
"""Test the GetUnscannedSubNode function."""
test_fake_path_spec = fake_path_spec.FakePathSpec(location='/')
test_node = source_scanner.SourceScanNode(test_fake_path_spec)
sub_node = test_node.GetUnscannedSubNode()
self.assertIsNotNone(sub_node)
def testTypeIndicator(self):
"""Test the type_indicator property."""
test_fake_path_spec = fake_path_spec.FakePathSpec(location='/')
test_node = source_scanner.SourceScanNode(test_fake_path_spec)
self.assertEqual(test_node.type_indicator,
definitions.TYPE_INDICATOR_FAKE)
def testGlobRawAsbExtension(self):
"""Test the glob function for a RAW ASB extension scheme."""
segment_filenames = ['image001.asb']
expected_segment_file_path_specs = []
file_system = self._BuildFileFakeFileSystem(
segment_filenames, expected_segment_file_path_specs)
# Test single segment file: 001.
path_spec = fake_path_spec.FakePathSpec(location='/image001.asb')
path_spec = raw_path_spec.RawPathSpec(parent=path_spec)
segment_file_path_specs = raw.RawGlobPathSpec(file_system, path_spec)
self.assertEqual(len(segment_file_path_specs),
len(expected_segment_file_path_specs))
self.assertEqual(segment_file_path_specs,
expected_segment_file_path_specs)
# Test non exiting segment file: 001.
expected_segment_file_path_specs = []
path_spec = fake_path_spec.FakePathSpec(location='/bogus000.asb')
path_spec = raw_path_spec.RawPathSpec(parent=path_spec)
segment_file_path_specs = raw.RawGlobPathSpec(file_system, path_spec)
self.assertEqual(len(segment_file_path_specs),
len(expected_segment_file_path_specs))
self.assertEqual(segment_file_path_specs,
expected_segment_file_path_specs)
# Test multiple segment files: 001-010.
segment_filenames = [
'image001.asb', 'image002.asb', 'image003.asb', 'image004.asb',
'image005.asb', 'image006.asb', 'image007.asb', 'image008.asb',
'image009.asb', 'image010.asb'
]
expected_segment_file_path_specs = []
file_system = self._BuildFileFakeFileSystem(
segment_filenames, expected_segment_file_path_specs)
path_spec = fake_path_spec.FakePathSpec(location='/image001.asb')
path_spec = raw_path_spec.RawPathSpec(parent=path_spec)
segment_file_path_specs = raw.RawGlobPathSpec(file_system, path_spec)
self.assertEqual(len(segment_file_path_specs),
len(expected_segment_file_path_specs))
self.assertEqual(segment_file_path_specs,
expected_segment_file_path_specs)
def _BuildFileFakeFileSystem(self, filename, number_of_segments,
segment_file_path_specs):
"""Builds a fake file system containing EWF segment files.
Args:
filename: the filename of the first segment file with extension.
number_of_segments: the number of segments.
segment_file_path_specs: a list to store the segment file path
specifications in.
Returns:
The fake file system (instance of dvfvs.FakeFileSystem).
"""
resolver_context = context.Context()
file_system = fake_file_system.FakeFileSystem(resolver_context)
file_system.AddFileEntry(
u'/', file_entry_type=definitions.FILE_ENTRY_TYPE_DIRECTORY)
filename, _, extension = filename.partition(u'.')
number_of_segments += 1
for segment_number in range(1, number_of_segments):
if segment_number < 100:
if extension[1] == u'x':
path = u'/{0:s}.{1:s}x{2:02d}'.format(
filename, extension[0], segment_number)
else:
path = u'/{0:s}.{1:s}{2:02d}'.format(
filename, extension[0], segment_number)
else:
segment_index = segment_number - 100
segment_index, remainder = divmod(segment_index, 26)
if extension[0].islower():
third_letter = chr(ord(u'a') + remainder)
else:
third_letter = chr(ord(u'A') + remainder)
segment_index, remainder = divmod(segment_index, 26)
if extension[0].islower():
second_letter = chr(ord(u'a') + remainder)
else:
second_letter = chr(ord(u'A') + remainder)
first_letter = chr(ord(extension[0]) + segment_index)
if extension[1] == u'x':
path = u'/{0:s}.{1:s}x{2:s}{3:s}'.format(
filename, first_letter, second_letter, third_letter)
else:
path = u'/{0:s}.{1:s}{2:s}{3:s}'.format(
filename, first_letter, second_letter, third_letter)
file_system.AddFileEntry(path)
segment_file_path_specs.append(
fake_path_spec.FakePathSpec(location=path))
return file_system
def testIntialize(self):
"""Test the initialize functionality."""
path_spec = fake_path_spec.FakePathSpec(location=self._test_file)
file_entry = fake_file_entry.FakeFileEntry(self._resolver_context,
self._file_system,
path_spec)
self.assertNotEqual(file_entry, None)
def testIsFunctions(self):
"""Test the Is? functionality."""
test_file = u'/test_data/testdir_fake/file1.txt'
path_spec = fake_path_spec.FakePathSpec(location=test_file)
file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
self.assertFalse(file_entry.IsRoot())
self.assertTrue(file_entry.IsVirtual())
self.assertTrue(file_entry.IsAllocated())
self.assertFalse(file_entry.IsDevice())
self.assertFalse(file_entry.IsDirectory())
self.assertTrue(file_entry.IsFile())
self.assertFalse(file_entry.IsLink())
self.assertFalse(file_entry.IsPipe())
self.assertFalse(file_entry.IsSocket())
test_file = u'/test_data/testdir_fake'
path_spec = fake_path_spec.FakePathSpec(location=test_file)
file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
self.assertFalse(file_entry.IsRoot())
self.assertTrue(file_entry.IsVirtual())
self.assertTrue(file_entry.IsAllocated())
self.assertFalse(file_entry.IsDevice())
self.assertTrue(file_entry.IsDirectory())
self.assertFalse(file_entry.IsFile())
self.assertFalse(file_entry.IsLink())
self.assertFalse(file_entry.IsPipe())
self.assertFalse(file_entry.IsSocket())
test_file = u'/test_data/testdir_fake/link1.txt'
path_spec = fake_path_spec.FakePathSpec(location=test_file)
file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
self.assertFalse(file_entry.IsRoot())
self.assertTrue(file_entry.IsVirtual())
self.assertTrue(file_entry.IsAllocated())
self.assertFalse(file_entry.IsDevice())
self.assertFalse(file_entry.IsDirectory())
self.assertFalse(file_entry.IsFile())
self.assertTrue(file_entry.IsLink())
self.assertFalse(file_entry.IsPipe())
self.assertFalse(file_entry.IsSocket())
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
self._path_spec = fake_path_spec.FakePathSpec(location='/')
self._file_system = fake_file_system.FakeFileSystem(
self._resolver_context)
self._file_system.Open(self._path_spec)
def GetRootFileEntry(self):
"""Retrieves the root file entry.
Returns:
FakeFileEntry: a file entry or None if not available.
"""
path_spec = fake_path_spec.FakePathSpec(location=self.LOCATION_ROOT)
return self.GetFileEntryByPathSpec(path_spec)
def GetRootFileEntry(self):
"""Retrieves the root file entry.
Returns:
A file entry (instance of vfs.FileEntry) or None.
"""
path_spec = fake_path_spec.FakePathSpec(location=self.LOCATION_ROOT)
return self.GetFileEntryByPathSpec(path_spec)
def setUp(self):
"""Makes preparations before running an individual test."""
file_system_builder = shared_test_lib.FakeFileSystemBuilder()
file_system_builder.AddFile(u'/etc/passwd', self._FILE_DATA)
mount_point = fake_path_spec.FakePathSpec(location=u'/')
self._searcher = file_system_searcher.FileSystemSearcher(
file_system_builder.file_system, mount_point)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._fake_file_system = self._BuildSingleFileFakeFileSystem(
u'/etc/passwd', self._FILE_DATA)
mount_point = fake_path_spec.FakePathSpec(location=u'/')
self._searcher = file_system_searcher.FileSystemSearcher(
self._fake_file_system, mount_point)
def testIntialize(self):
"""Test the __init__ function."""
path_spec = fake_path_spec.FakePathSpec(location=self._test_file)
file_entry = fake_file_entry.FakeFileEntry(self._resolver_context,
self._file_system,
path_spec)
self.assertIsNotNone(file_entry)
def testLink(self):
"""Test the link property functionality."""
test_file = '/test_data/testdir_fake/link1.txt'
path_spec = fake_path_spec.FakePathSpec(location=test_file)
file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
self.assertIsNotNone(file_entry)
self.assertEqual(file_entry.link, '/test_data/testdir_fake/file1.txt')
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._fake_file_system = self._BuildSingleLinkFakeFileSystem(
u'/private/etc/localtime', u'/usr/share/zoneinfo/Europe/Amsterdam')
mount_point = fake_path_spec.FakePathSpec(location=u'/')
self._searcher = file_system_searcher.FileSystemSearcher(
self._fake_file_system, mount_point)
class UniqueHashesTest(test_lib.AnalysisPluginTestCase):
"""Test for the unique hashes analysis plugin."""
_TEST_EVENTS = [
{'pathspec': fake_path_spec.FakePathSpec(
location='/var/testing directory with space/file.txt'),
'test_hash': '4'},
{'pathspec': fake_path_spec.FakePathSpec(
location='C:\\Windows\\a.file.txt'),
'test_hash': '4'},
{'pathspec': fake_path_spec.FakePathSpec(
location='/opt/dfvfs'),
'test_hash': '4'},
{'pathspec': fake_path_spec.FakePathSpec(
location='/opt/2hash_file'),
'test_hash': '4',
'alternate_test_hash': '5'},
{'pathspec': fake_path_spec.FakePathSpec(
location='/opt/no_hash_file')}
]
def testExamineEventAndCompileReport(self):
"""Tests the ExamineEvent and CompileReport functions."""
events = []
for event_dictionary in self._TEST_EVENTS:
event = self._CreateTestEventObject(event_dictionary)
events.append(event)
plugin = file_hashes.FileHashesPlugin()
storage_writer = self._AnalyzeEvents(events, plugin)
self.assertEqual(len(storage_writer.analysis_reports), 1)
analysis_report = storage_writer.analysis_reports[0]
expected_text = (
'Listing file paths and hashes\n'
'FAKE:/opt/2hash_file: alternate_test_hash=5 test_hash=4\n'
'FAKE:/opt/dfvfs: test_hash=4\n'
'FAKE:/opt/no_hash_file:\n'
'FAKE:/var/testing directory with space/file.txt: test_hash=4\n'
'FAKE:C:\\Windows\\a.file.txt: test_hash=4\n')
self.assertEqual(expected_text, analysis_report.text)
self.assertEqual(analysis_report.plugin_name, 'file_hashes')
def testFileEntryExistsByPathSpec(self):
"""Test the file entry exists by path specification functionality."""
file_system = fake_file_system.FakeFileSystem(self._resolver_context,
self._fake_path_spec)
self.assertIsNotNone(file_system)
file_system.AddFileEntry('/test_data/testdir_fake/file1.txt',
file_data=b'FILE1')
file_system.Open()
path_spec = fake_path_spec.FakePathSpec(
location='/test_data/testdir_fake/file1.txt')
self.assertTrue(file_system.FileEntryExistsByPathSpec(path_spec))
path_spec = fake_path_spec.FakePathSpec(
location='/test_data/testdir_fake/file6.txt')
self.assertFalse(file_system.FileEntryExistsByPathSpec(path_spec))
def testName(self):
"""Test the name property."""
path_spec = fake_path_spec.FakePathSpec(location=self._test_file)
file_entry = fake_file_entry.FakeFileEntry(self._resolver_context,
self._file_system,
path_spec)
self.assertIsNotNone(file_entry)
self.assertEqual(file_entry.name, 'testdir_fake')
def setUp(self):
"""Sets up the needed objects used throughout the test."""
file_data = self._ReadTestFile([u'com.apple.HIToolbox.plist'])
self._fake_file_system = self._BuildSingleFileFakeFileSystem(
u'/Library/Preferences/com.apple.HIToolbox.plist', file_data)
mount_point = fake_path_spec.FakePathSpec(location=u'/')
self._searcher = file_system_searcher.FileSystemSearcher(
self._fake_file_system, mount_point)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._fake_file_system = self._BuildSingleFileFakeFileSystem(
u'/Library/Preferences/SystemConfiguration/preferences.plist',
self._FILE_DATA)
mount_point = fake_path_spec.FakePathSpec(location=u'/')
self._searcher = file_system_searcher.FileSystemSearcher(
self._fake_file_system, mount_point)
def testSize(self):
"""Test the size property."""
path_spec = fake_path_spec.FakePathSpec(location=self._test_file)
file_entry = fake_file_entry.FakeFileEntry(self._resolver_context,
self._file_system,
path_spec)
self.assertIsNotNone(file_entry)
self.assertIsNone(file_entry.size)
def testComparable(self):
"""Tests the path specification comparable property."""
path_spec = fake_path_spec.FakePathSpec(location='/test')
self.assertIsNotNone(path_spec)
expected_comparable = '\n'.join(['type: FAKE, location: /test', ''])
self.assertEqual(path_spec.comparable, expected_comparable)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
file_data = self._ReadTestFile([u'SYSTEM'])
self._fake_file_system = self._BuildSingleFileFakeFileSystem(
u'/Windows/System32/config/SYSTEM', file_data)
mount_point = fake_path_spec.FakePathSpec(location=u'/')
self._searcher = file_system_searcher.FileSystemSearcher(
self._fake_file_system, mount_point)
def setUp(self):
"""Makes preparations before running an individual test."""
file_system_builder = shared_test_lib.FakeFileSystemBuilder()
file_system_builder.AddSymbolicLink(
u'/private/etc/localtime', u'/usr/share/zoneinfo/Europe/Amsterdam')
mount_point = fake_path_spec.FakePathSpec(location=u'/')
self._searcher = file_system_searcher.FileSystemSearcher(
file_system_builder.file_system, mount_point)
def __init__(self, name):
"""Initializes a file entry.
Args:
name (str): the file entry name.
"""
super(TestFileEntry, self).__init__()
self.name = name
self.path_spec = fake_path_spec.FakePathSpec(location=name)
def _BuildFileFakeFileSystem(self, filename, number_of_segments,
segment_file_path_specs):
"""Builds a fake file system containing EWF segment files.
Args:
filename (str): filename of the first segment file with extension.
number_of_segments (int): number of segments.
segment_file_path_specs (list[PathSpec]): resulting segment file path
specifications.
Returns:
FakeFileSystem: fake file system.
"""
resolver_context = context.Context()
file_system = fake_file_system.FakeFileSystem(resolver_context)
filename, _, extension = filename.partition(u'.')
number_of_segments += 1
for segment_number in range(1, number_of_segments):
if segment_number < 100:
if extension[1] == u'x':
path = u'/{0:s}.{1:s}x{2:02d}'.format(
filename, extension[0], segment_number)
else:
path = u'/{0:s}.{1:s}{2:02d}'.format(
filename, extension[0], segment_number)
else:
segment_index = segment_number - 100
segment_index, remainder = divmod(segment_index, 26)
if extension[0].islower():
third_letter = chr(ord(u'a') + remainder)
else:
third_letter = chr(ord(u'A') + remainder)
segment_index, remainder = divmod(segment_index, 26)
if extension[0].islower():
second_letter = chr(ord(u'a') + remainder)
else:
second_letter = chr(ord(u'A') + remainder)
first_letter = chr(ord(extension[0]) + segment_index)
if extension[1] == u'x':
path = u'/{0:s}.{1:s}x{2:s}{3:s}'.format(
filename, first_letter, second_letter, third_letter)
else:
path = u'/{0:s}.{1:s}{2:s}{3:s}'.format(
filename, first_letter, second_letter, third_letter)
file_system.AddFileEntry(path)
path_spec = fake_path_spec.FakePathSpec(location=path)
segment_file_path_specs.append(path_spec)
return file_system
def setUp(self):
"""Sets up the needed objects used throughout the test."""
file_data = self._ReadTestFile([u'com.apple.HIToolbox.plist'])
self._fake_file_system = self._BuildSingleFileFakeFileSystem(
u'/private/var/db/dslocal/nodes/Default/users/nobody.plist',
file_data)
mount_point = fake_path_spec.FakePathSpec(location=u'/')
self._searcher = file_system_searcher.FileSystemSearcher(
self._fake_file_system, mount_point)
def setUp(self):
"""Makes preparations before running an individual test."""
file_system_builder = shared_test_lib.FakeFileSystemBuilder()
file_system_builder.AddFile(
u'/Library/Preferences/SystemConfiguration/preferences.plist',
self._FILE_DATA)
mount_point = fake_path_spec.FakePathSpec(location=u'/')
self._searcher = file_system_searcher.FileSystemSearcher(
file_system_builder.file_system, mount_point)
def setUp(self):
"""Makes preparations before running an individual test."""
file_system_builder = shared_test_lib.FakeFileSystemBuilder()
file_system_builder.AddTestFile(
u'/private/var/db/dslocal/nodes/Default/users/nobody.plist',
[u'com.apple.HIToolbox.plist'])
mount_point = fake_path_spec.FakePathSpec(location=u'/')
self._searcher = file_system_searcher.FileSystemSearcher(
file_system_builder.file_system, mount_point)
def setUp(self):
"""Makes preparations before running an individual test."""
file_system_builder = shared_test_lib.FakeFileSystemBuilder()
file_system_builder.AddTestFile(
u'/Library/Preferences/com.apple.HIToolbox.plist',
[u'com.apple.HIToolbox.plist'])
mount_point = fake_path_spec.FakePathSpec(location=u'/')
self._searcher = file_system_searcher.FileSystemSearcher(
file_system_builder.file_system, mount_point)
def testGetStat(self):
"""Test the get stat functionality."""
test_file = u'/test_data/testdir_fake/file1.txt'
path_spec = fake_path_spec.FakePathSpec(location=test_file)
file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
stat_object = file_entry.GetStat()
self.assertNotEqual(stat_object, None)
self.assertEqual(stat_object.type, stat_object.TYPE_FILE)
