def testGetClientsForHashes(self):
self.AddFile("/Ext2IFS_1_10b.exe")
self.AddFile("/idea.dll")
hash1 = filestore.FileStoreHash(
fingerprint_type="generic",
hash_type="md5",
hash_value="bb0a15eefe63fd41f8dc9dee01c5cf9a")
hash2 = filestore.FileStoreHash(
fingerprint_type="generic",
hash_type="sha1",
hash_value="e1f7e62b3909263f3a2518bbae6a9ee36d5b502b")
hits = dict(
filestore.HashFileStore.GetClientsForHashes([hash1, hash2],
token=self.token))
self.assertEqual(len(hits), 2)
self.assertListEqual(hits[hash1], [
self.client_id.Add("fs/tsk").Add(
self.base_path).Add("winexec_img.dd/Ext2IFS_1_10b.exe")
])
self.assertListEqual(hits[hash2], [
self.client_id.Add("fs/tsk").Add(
self.base_path).Add("winexec_img.dd/idea.dll")
])
def testGetClientsForHashesWithAge(self):
with utils.Stubber(time, "time", lambda: 42):
self.AddFile("/Ext2IFS_1_10b.exe")
self.AddFile("/idea.dll")
hash1 = filestore.FileStoreHash(
fingerprint_type="generic",
hash_type="md5",
hash_value="bb0a15eefe63fd41f8dc9dee01c5cf9a")
hash2 = filestore.FileStoreHash(
fingerprint_type="generic",
hash_type="sha1",
hash_value="e1f7e62b3909263f3a2518bbae6a9ee36d5b502b")
hits = dict(
filestore.HashFileStore.GetClientsForHashes([hash1, hash2],
age=41e6,
token=self.token))
self.assertEqual(len(hits), 0)
hits = dict(
filestore.HashFileStore.GetClientsForHashes([hash1, hash2],
age=43e6,
token=self.token))
self.assertEqual(len(hits), 2)
hits = dict(
filestore.HashFileStore.GetClientsForHashes([hash1, hash2],
token=self.token))
self.assertEqual(len(hits), 2)
def testGetClientsForHashWithAge(self):
with utils.Stubber(time, "time", lambda: 42):
self.AddFile("/Ext2IFS_1_10b.exe")
self.AddFile("/idea.dll")
hits = list(
filestore.HashFileStore.GetClientsForHash(filestore.FileStoreHash(
fingerprint_type="generic",
hash_type="md5",
hash_value="bb0a15eefe63fd41f8dc9dee01c5cf9a"),
age=41e6,
token=self.token))
self.assertEqual(len(hits), 0)
hits = list(
filestore.HashFileStore.GetClientsForHash(filestore.FileStoreHash(
fingerprint_type="generic",
hash_type="md5",
hash_value="bb0a15eefe63fd41f8dc9dee01c5cf9a"),
age=43e6,
token=self.token))
self.assertEqual(len(hits), 1)
hits = list(
filestore.HashFileStore.GetClientsForHash(filestore.FileStoreHash(
fingerprint_type="generic",
hash_type="md5",
hash_value="bb0a15eefe63fd41f8dc9dee01c5cf9a"),
token=self.token))
self.assertEqual(len(hits), 1)
def testListHashes(self):
self.AddFile("/Ext2IFS_1_10b.exe")
hashes = list(filestore.HashFileStore.ListHashes())
self.assertEqual(len(hashes), 5)
self.assertTrue(
filestore.FileStoreHash(
fingerprint_type="pecoff",
hash_type="md5",
hash_value="a3a3259f7b145a21c7b512d876a5da06") in hashes)
self.assertTrue(
filestore.FileStoreHash(
fingerprint_type="pecoff",
hash_type="sha1",
hash_value="019bddad9cac09f37f3941a7f285c79d3c7e7801") in
hashes)
self.assertTrue(
filestore.FileStoreHash(
fingerprint_type="generic",
hash_type="md5",
hash_value="bb0a15eefe63fd41f8dc9dee01c5cf9a") in hashes)
self.assertTrue(
filestore.FileStoreHash(
fingerprint_type="generic",
hash_type="sha1",
hash_value="7dd6bee591dfcb6d75eb705405302c3eab65e21a") in
hashes)
self.assertTrue(
filestore.FileStoreHash(
fingerprint_type="generic",
hash_type="sha256",
hash_value="0e8dc93e150021bb4752029ebbff51394aa36f06"
"9cf19901578e4f06017acdb5") in hashes)
def testHashIsInitializedFromConstructorArguments(self):
"""Test that we can construct FileStoreHash from keyword arguments."""
sample = filestore.FileStoreHash(
fingerprint_type="pecoff",
hash_type="sha1",
hash_value="eb875812858d27b22cb2b75f992dffadc1b05c60")
self.assertEqual(sample, self.GenerateSample())
def testGetClientsForHash(self):
self.AddFile("/Ext2IFS_1_10b.exe")
self.AddFile("/idea.dll")
hits = list(
filestore.HashFileStore.GetClientsForHash(filestore.FileStoreHash(
fingerprint_type="generic",
hash_type="md5",
hash_value="bb0a15eefe63fd41f8dc9dee01c5cf9a"),
token=self.token))
self.assertListEqual(hits, [
self.client_id.Add("fs/tsk").Add(
self.base_path).Add("winexec_img.dd/Ext2IFS_1_10b.exe")
])
def _SetupNSRLFiles(self):
urn1 = self.AddFile("/Ext2IFS_1_10b.exe")
urn2 = self.AddFile("/idea.dll")
fd1 = aff4.FACTORY.Open(urn1, token=self.token)
self.hashes1 = fd1.Get(fd1.Schema.HASH)
fd2 = aff4.FACTORY.Open(urn2, token=self.token)
self.hashes2 = fd2.Get(fd2.Schema.HASH)
# Pretend this file is part of the NSRL.
nsrl_fs = aff4.FACTORY.Open("aff4:/files/nsrl", token=self.token)
nsrl_fs.AddHash("e1f7e62b3909263f3a2518bbae6a9ee36d5b502b",
"bb0a15eefe63fd41f8dc9dee01c5cf9a", None, "idea.dll",
100, None, None, "M")
self.sha1_hash = filestore.FileStoreHash(
fingerprint_type="generic",
hash_type="sha1",
hash_value="e1f7e62b3909263f3a2518bbae6a9ee36d5b502b")
return nsrl_fs
def GenerateSample(self, number=0):
"""Make a sample FileStoreHash instance."""
return filestore.FileStoreHash(
"aff4:/files/hash/pecoff/sha1/"
"eb875812858d27b22cb2b75f992dffadc1b05c6%d" % number)
