def Touch(self, vfs_path, content=b""):
path_type, components = rdf_objects.ParseCategorizedPath(vfs_path)
client_path = db.ClientPath(
client_id=self.client_id.Basename(),
path_type=path_type,
components=components)
vfs_test_lib.CreateFile(client_path, content=content)
def CheckFilesDownloaded(self, fnames):
for fname in fnames:
if data_store.RelationalDBReadEnabled(category="vfs"):
path_info = data_store.REL_DB.ReadPathInfo(
self.client_id.Basename(),
rdf_objects.PathInfo.PathType.OS,
components=self.FilenameToPathComponents(fname))
size = path_info.stat_entry.st_size
else:
file_urn = self.FileNameToURN(fname)
with aff4.FACTORY.Open(file_urn, token=self.token) as fd:
size = fd.Get(fd.Schema.SIZE)
self.assertGreater(size, 100)
if data_store.RelationalDBReadEnabled(category="filestore"):
fd = file_store.OpenLatestFileVersion(
db.ClientPath(
self.client_id.Basename(),
rdf_objects.PathInfo.PathType.OS,
components=self.FilenameToPathComponents(fname)))
# Make sure we can actually read the file.
self.assertEqual(len(fd.read()), size)
def CheckFilesDownloaded(self, fnames):
for fname in fnames:
if data_store.RelationalDBReadEnabled(category="vfs"):
path_info = data_store.REL_DB.ReadPathInfo(
self.client_id.Basename(),
rdf_objects.PathInfo.PathType.OS,
components=self.FilenameToPathComponents(fname))
size = path_info.stat_entry.st_size
else:
file_urn = self.FileNameToURN(fname)
with aff4.FACTORY.Open(file_urn, token=self.token) as fd:
size = fd.Get(fd.Schema.SIZE)
with io.open(os.path.join(self.base_path, "searching",
fname)) as fd:
test_data = fd.read()
self.assertEqual(size, len(test_data))
if data_store.RelationalDBReadEnabled(category="filestore"):
fd = file_store.OpenFile(
db.ClientPath(
self.client_id.Basename(),
rdf_objects.PathInfo.PathType.OS,
components=self.FilenameToPathComponents(fname)))
# Make sure we can actually read the file.
self.assertEqual(fd.read(), test_data)
def CreateFileVersion(client_id, path, content=b"", timestamp=None, token=None):
"""Add a new version for a file."""
if timestamp is None:
timestamp = rdfvalue.RDFDatetime.Now()
with test_lib.FakeTime(timestamp):
path_type, components = rdf_objects.ParseCategorizedPath(path)
client_path = db.ClientPath(client_id.Basename(), path_type, components)
vfs_test_lib.CreateFile(client_path, content=content, token=token)
def _ReadTestFile(self,
path_components,
path_type=rdf_objects.PathInfo.PathType.TSK):
components = self.base_path.strip("/").split("/")
components += path_components
fd = file_store.OpenFile(
db.ClientPath(self.client_id.Basename(),
path_type,
components=tuple(components)))
return fd.read(10000000)
def CreateFileVersions(self, client_id, file_path):
"""Add a new version for a file."""
path_type, components = rdf_objects.ParseCategorizedPath(file_path)
client_path = db.ClientPath(client_id.Basename(), path_type, components)
token = access_control.ACLToken(username="******")
with test_lib.FakeTime(self.time_1):
vfs_test_lib.CreateFile(
client_path, "Hello World".encode("utf-8"), token=token)
with test_lib.FakeTime(self.time_2):
vfs_test_lib.CreateFile(
client_path, "Goodbye World".encode("utf-8"), token=token)
def testIsDirectoryFlag(self):
# Set up a directory.
dir_path = "fs/os/Random/Directory"
path_type, components = rdf_objects.ParseCategorizedPath(dir_path)
client_path = db.ClientPath(self.client_id.Basename(), path_type,
components)
token = access_control.ACLToken(username="******")
vfs_test_lib.CreateDirectory(client_path, token=token)
args = vfs_plugin.ApiGetFileDetailsArgs(
client_id=self.client_id, file_path=self.file_path)
result = self.handler.Handle(args, token=self.token)
self.assertFalse(result.file.is_directory)
args = vfs_plugin.ApiGetFileDetailsArgs(
client_id=self.client_id, file_path=dir_path)
result = self.handler.Handle(args, token=self.token)
self.assertTrue(result.file.is_directory)
def testGetArtifact(self):
"""Test we can get a basic artifact."""
client_mock = action_mocks.FileFinderClientMock()
client_id = self.SetupClient(0, system="Linux")
# Dynamically add an ArtifactSource specifying the base path.
file_path = os.path.join(self.base_path, "hello.exe")
coll1 = rdf_artifacts.ArtifactSource(
type=rdf_artifacts.ArtifactSource.SourceType.FILE,
attributes={"paths": [file_path]})
self.fakeartifact.sources.append(coll1)
artifact_list = ["FakeArtifact"]
flow_test_lib.TestFlowHelper(
aff4_flows.ArtifactCollectorFlow.__name__,
client_mock,
artifact_list=artifact_list,
use_tsk=False,
token=self.token,
client_id=client_id)
fd2 = open(file_path, "rb")
fd2.seek(0, 2)
expected_size = fd2.tell()
if data_store.AFF4Enabled():
# Test the AFF4 file that was created.
fd1 = aff4.FACTORY.Open(
"%s/fs/os/%s" % (client_id, file_path), token=self.token)
size = fd1.Get(fd1.Schema.SIZE)
self.assertEqual(size, expected_size)
else:
components = file_path.strip("/").split("/")
fd = file_store.OpenFile(
db.ClientPath(
client_id.Basename(),
rdf_objects.PathInfo.PathType.OS,
components=tuple(components)))
fd.Seek(0, 2)
size = fd.Tell()
self.assertEqual(size, expected_size)
def _MigrateVfsUrnGroup(self, vfs_urns):
"""Migrates history of given group of VFS URNs."""
client_path_histories = dict()
for fd in aff4.FACTORY.MultiOpen(vfs_urns, age=aff4.ALL_TIMES):
client_id, vfs_path = fd.urn.Split(2)
path_type, components = rdf_objects.ParseCategorizedPath(vfs_path)
client_path = db.ClientPath(client_id, path_type, components)
client_path_history = db.ClientPathHistory()
for stat_entry in fd.GetValuesForAttribute(fd.Schema.STAT):
client_path_history.AddStatEntry(stat_entry.age, stat_entry)
for hash_entry in fd.GetValuesForAttribute(fd.Schema.HASH):
client_path_history.AddHashEntry(hash_entry.age, hash_entry)
client_path_histories[client_path] = client_path_history
data_store.REL_DB.MultiWritePathHistory(client_path_histories)
def CheckFilesNotDownloaded(self, fnames):
for fname in fnames:
if data_store.RelationalDBReadEnabled(category="filestore"):
try:
file_store.OpenFile(
db.ClientPath(
self.client_id.Basename(),
rdf_objects.PathInfo.PathType.OS,
components=self.FilenameToPathComponents(fname)))
self.Fail("Found downloaded file: %s" % fname)
except file_store.FileHasNoContentError:
pass
else:
file_urn = self.FileNameToURN(fname)
with aff4.FACTORY.Open(file_urn, token=self.token) as fd:
# Directories have no size attribute.
if fd.Get(fd.Schema.TYPE
) == aff4_standard.VFSDirectory.__name__:
continue
self.assertEqual(fd.Get(fd.Schema.SIZE), 0)
def ReadLatestPathInfosWithHashBlobReferences(self,
client_paths,
max_timestamp=None,
cursor=None):
"""Returns PathInfos that have corresponding HashBlobReferences."""
path_infos = {client_path: None for client_path in client_paths}
path_id_components = {}
for client_path in client_paths:
path_id = rdf_objects.PathID.FromComponents(client_path.components)
path_id_components[path_id] = client_path.components
params = []
query = """
SELECT t.client_id, t.path_type, t.path_id, unix_timestamp(t.timestamp),
s.stat_entry, h.hash_entry
FROM (SELECT h.client_id, h.path_type, h.path_id,
MAX(h.timestamp) AS timestamp
FROM client_path_hash_entries AS h
INNER JOIN hash_blob_references AS b
ON b.hash_id = h.sha256
WHERE {conditions}
GROUP BY client_id, path_type, path_id) AS t
LEFT JOIN client_path_stat_entries AS s
ON s.client_id = t.client_id
AND s.path_type = t.path_type
AND s.path_id = t.path_id
AND s.timestamp = t.timestamp
LEFT JOIN client_path_hash_entries AS h
ON h.client_id = t.client_id
AND h.path_type = t.path_type
AND h.path_id = t.path_id
AND h.timestamp = t.timestamp
"""
path_conditions = []
for client_path in client_paths:
path_id = rdf_objects.PathID.FromComponents(client_path.components)
path_conditions.append("""
(client_id = %s AND path_type = %s AND path_id = %s)
""")
params.append(db_utils.ClientIDToInt(client_path.client_id))
params.append(int(client_path.path_type))
params.append(path_id.AsBytes())
conditions = " OR ".join(path_conditions)
if max_timestamp is not None:
conditions = "({}) AND unix_timestamp(timestamp) <= %s".format(conditions)
params.append(mysql_utils.RDFDatetimeToTimestamp(max_timestamp))
cursor.execute(query.format(conditions=conditions), params)
for row in cursor.fetchall():
# pyformat: disable
(client_id, path_type, path_id_bytes, timestamp,
stat_entry_bytes, hash_entry_bytes) = row
# pyformat: enable
path_id = rdf_objects.PathID.FromBytes(path_id_bytes)
components = path_id_components[path_id]
if stat_entry_bytes is not None:
stat_entry = rdf_client_fs.StatEntry.FromSerializedString(
stat_entry_bytes)
else:
stat_entry = None
hash_entry = rdf_crypto.Hash.FromSerializedString(hash_entry_bytes)
client_path = db.ClientPath(
client_id=db_utils.IntToClientID(client_id),
path_type=path_type,
components=path_id_components[path_id])
path_info = rdf_objects.PathInfo(
path_type=path_type,
components=components,
stat_entry=stat_entry,
hash_entry=hash_entry,
timestamp=mysql_utils.TimestampToRDFDatetime(timestamp))
path_infos[client_path] = path_info
return path_infos
