Python FileQuery Examples, grapl_analyzerlib.nodes.file_node.FileQuery Python Examples

Example #1

0

Show file

File: process_node.py Project: wimax-grapl/grapl

 def with_deleted_files(
         self: "NQ",
         deleted_files_query: Optional["IFileQuery"] = None) -> "NQ":
     deleted_files = deleted_files_query or FileQuery()
     deleted_files._deleter = cast(ProcessQuery, self)
     cast(ProcessQuery, self)._deleted_files = deleted_files
     return self

Example #2

0

Show file

    def test_process_with_created_files(self) -> None:
        # Given: a process with a pid 100 & process_name word.exe,
        local_client = DgraphClient(DgraphClientStub("localhost:9080"))

        created_timestamp = int(time.time())

        parent_process = {
            "process_id": 100,
            "process_name": "word.exe",
            "created_timestamp": created_timestamp,
        }  # type: Dict[str, Property]

        parent_process_view = upsert(
            local_client,
            "Process",
            ProcessView,
            "763ddbda-8812-4a07-acfe-83402b92379d",
            parent_process,
        )

        created_file = {
            "file_path": "/folder/file.txt",
            "created_timestamp": created_timestamp + 1000,
        }  # type: Dict[str, Property]

        created_file_view = upsert(
            local_client,
            "File",
            FileView,
            "575f103e-1a11-4650-9f1b-5b72e44dfec3",
            created_file,
        )

        create_edge(
            local_client,
            parent_process_view.uid,
            "created_files",
            created_file_view.uid,
        )

        queried_process = (
            ProcessQuery()
            .with_node_key(eq="763ddbda-8812-4a07-acfe-83402b92379d")
            .with_process_id(eq=100)
            .with_process_name(contains="word")
            .with_created_timestamp(eq=created_timestamp)
            .with_created_files(
                FileQuery()
                .with_node_key(eq="575f103e-1a11-4650-9f1b-5b72e44dfec3")
                .with_file_path(eq="/folder/file.txt")
            )
            .query_first(local_client)
        )

        assert queried_process
        assert queried_process.process_id == 100

        assert len(queried_process.created_files) == 1
        created_file = queried_process.created_files[0]
        assert created_file.file_path == "/folder/file.txt"

Example #3

0

Show file

File: process_node.py Project: wimax-grapl/grapl

 def with_created_files(
         self: "NQ",
         created_files_query: Optional["IFileQuery"] = None) -> "NQ":
     created_files = created_files_query or FileQuery()
     created_files._creator = cast(ProcessQuery, self)
     cast(ProcessQuery, self)._created_files = created_files
     return self

Example #4

0

Show file

    def test_with_wrote_files(self) -> None:
        # Given: a process with a pid 100 & process_name word.exe,
        local_client = MasterGraphClient()

        created_timestamp = int(time.time())

        parent_process = {
            "process_id": 100,
            "process_name": "word.exe",
            "created_timestamp": created_timestamp,
        }  # type: Dict[str, Property]

        parent_process_view = upsert(
            local_client,
            "Process",
            ProcessView,
            "test_with_wrote_files-8f0761fb-2ffe-4d4b-ab38-68e5489f56dc",
            parent_process,
        )

        wrote_file = {
            "file_path": "/folder/file.txt",
            "created_timestamp": created_timestamp + 1000,
        }  # type: Dict[str, Property]

        wrote_file_view = upsert(
            local_client,
            "File",
            FileView,
            "test_with_wrote_files-2325c49a-95b4-423f-96d0-99539fe03833",
            wrote_file,
        )

        create_edge(
            local_client,
            parent_process_view.uid,
            "wrote_files",
            wrote_file_view.uid,
        )

        queried_process = (ProcessQuery().with_node_key(
            eq="test_with_wrote_files-8f0761fb-2ffe-4d4b-ab38-68e5489f56dc"
        ).with_process_id(eq=100).with_process_name(
            contains="word"
        ).with_created_timestamp(eq=created_timestamp).with_wrote_files(
            FileQuery().with_node_key(
                eq="test_with_wrote_files-2325c49a-95b4-423f-96d0-99539fe03833"
            ).with_file_path(eq="/folder/file.txt")).query_first(local_client))

        assert queried_process
        assert (queried_process.node_key ==
                "test_with_wrote_files-8f0761fb-2ffe-4d4b-ab38-68e5489f56dc")
        assert queried_process.process_id == 100
        assert queried_process.process_name == "word.exe"

        assert len(queried_process.wrote_files) == 1
        assert (queried_process.wrote_files[0].node_key ==
                "test_with_wrote_files-2325c49a-95b4-423f-96d0-99539fe03833")
        assert queried_process.wrote_files[0].file_path == "/folder/file.txt"

Example #5

0

Show file

File: process_node.py Project: wimax-grapl/grapl

    def with_wrote_files(
            self: "NQ",
            wrote_files_query: Optional["IFileQuery"] = None) -> "NQ":
        wrote_files = wrote_files_query or FileQuery()

        wrote_files._writers = cast(ProcessQuery, self)
        cast(ProcessQuery, self)._wrote_files = wrote_files
        return self

Example #6

0

Show file

    def test_with_bin_file(self) -> None:
        # Given: a process with a pid 100 & process_name word.exe,
        local_client = MasterGraphClient()

        created_timestamp = int(time.time())

        parent_process = {
            "process_id": 100,
            "process_name": "word.exe",
            "created_timestamp": created_timestamp,
        }  # type: Dict[str, Property]

        parent_process_view = upsert(
            local_client,
            "Process",
            ProcessView,
            "635952af-87f3-4a2a-a65d-3f1859db9525",
            parent_process,
        )

        bin_file = {
            "file_path": "/folder/file.txt",
            "created_timestamp": created_timestamp + 1000,
        }  # type: Dict[str, Property]

        bin_file_view = upsert(
            local_client,
            "File",
            FileView,
            "9f16e0c9-33c0-4d18-9878-ef686373570b",
            bin_file,
        )

        create_edge(
            local_client,
            parent_process_view.uid,
            "bin_file",
            bin_file_view.uid,
        )

        queried_process = (ProcessQuery().with_node_key(
            eq="635952af-87f3-4a2a-a65d-3f1859db9525"
        ).with_process_id(eq=100).with_process_name(
            contains="word").with_created_timestamp(
                eq=created_timestamp).with_bin_file(FileQuery().with_node_key(
                    eq="9f16e0c9-33c0-4d18-9878-ef686373570b").with_file_path(
                        eq="/folder/file.txt")).query_first(local_client))

        assert queried_process
        assert "635952af-87f3-4a2a-a65d-3f1859db9525"
        assert queried_process.process_id == 100
        assert queried_process.process_name == "word.exe"
        assert queried_process.created_timestamp == created_timestamp

        bin_file = queried_process.bin_file
        assert bin_file.node_key == "9f16e0c9-33c0-4d18-9878-ef686373570b"

        assert bin_file.file_path == "/folder/file.txt"

Example #7

0

Show file

File: process_node.py Project: wimax-grapl/grapl

    def with_read_files(
            self: "NQ",
            read_files_query: Optional["IFileQuery"] = None) -> "NQ":

        read_files = read_files_query or FileQuery()

        read_files._readers = cast(ProcessQuery, self)
        cast(ProcessQuery, self)._read_files = read_files
        return self

Example #8

0

Show file

    def test_with_read_files(self) -> None:
        # Given: a process with a pid 100 & process_name word.exe,
        local_client = MasterGraphClient()

        created_timestamp = int(time.time())

        parent_process = {
            "process_id": 100,
            "process_name": "word.exe",
            "created_timestamp": created_timestamp,
        }  # type: Dict[str, Property]

        parent_process_view = upsert(
            local_client,
            "Process",
            ProcessView,
            "test_with_read_files-669a3693-d960-401c-8d29-5d669ffcd660",
            parent_process,
        )

        read_file = {
            "file_path": "/folder/file.txt",
            "created_timestamp": created_timestamp + 1000,
        }  # type: Dict[str, Property]

        read_file_view = upsert(
            local_client,
            "File",
            FileView,
            "test_with_read_files-aa9248ec-36ee-4177-ba1a-999de735e682",
            read_file,
        )

        create_edge(
            local_client,
            parent_process_view.uid,
            "read_files",
            read_file_view.uid,
        )

        queried_process = (ProcessQuery().with_process_id(
            eq=100).with_process_name(contains="word").with_created_timestamp(
                eq=created_timestamp).with_read_files(
                    FileQuery().with_file_path(
                        eq="/folder/file.txt")).query_first(local_client))

        assert queried_process
        assert (queried_process.node_key ==
                "test_with_read_files-669a3693-d960-401c-8d29-5d669ffcd660")

        assert queried_process.process_id == 100
        assert queried_process.process_name == "word.exe"

        assert len(queried_process.read_files) == 1
        assert (queried_process.read_files[0].node_key ==
                "test_with_read_files-aa9248ec-36ee-4177-ba1a-999de735e682")
        assert queried_process.read_files[0].file_path == "/folder/file.txt"

Example #9

0

Show file

    def test_with_deleted_files(self) -> None:
        # Given: a process with a pid 100 & process_name word.exe,
        local_client = DgraphClient(DgraphClientStub("localhost:9080"))

        created_timestamp = int(time.time())

        parent_process = {
            "process_id": 100,
            "process_name": "word.exe",
            "created_timestamp": created_timestamp,
        }  # type: Dict[str, Property]

        parent_process_view = upsert(
            local_client,
            "Process",
            ProcessView,
            "test_with_deleted_files-47527d73-22c4-4e0f-bf7d-184bf1f206e2",
            parent_process,
        )

        deleted_file = {
            "file_path": "/folder/file.txt",
            "created_timestamp": created_timestamp + 1000,
        }  # type: Dict[str, Property]

        deleted_file_view = upsert(
            local_client,
            "File",
            FileView,
            "test_with_deleted_files8b8364ea-9b47-476b-8cf0-0f724adff10f",
            deleted_file,
        )

        create_edge(
            local_client,
            parent_process_view.uid,
            "deleted_files",
            deleted_file_view.uid,
        )

        queried_process = (
            ProcessQuery()
            .with_process_id(eq=100)
            .with_process_name(contains="word")
            .with_created_timestamp(eq=created_timestamp)
            .with_deleted_files(FileQuery().with_file_path(eq="/folder/file.txt"))
            .query_first(local_client)
        )

        assert queried_process
        assert queried_process.process_id == 100

Example #10

0

Show file

File: test_file_node.py Project: wittekm/grapl_analyzerlib

    def test_single_file_view_parity_eq(
        self,
        node_key,
        file_path,
        asset_id,
        file_extension,
        file_mime_type,
        file_size,
        file_version,
        file_description,
        file_product,
        file_company,
        file_directory,
        file_inode,
        file_hard_links,
        signed,
        signed_status,
        md5_hash,
        sha1_hash,
        sha256_hash,
    ):
        node_key = "test_single_file_view_parity_eq" + str(node_key)
        local_client = DgraphClient(DgraphClientStub("localhost:9080"))

        get_or_create_file_node(
            local_client,
            node_key,
            file_path,
            asset_id,
            file_extension,
            file_mime_type,
            file_size,
            file_version,
            file_description,
            file_product,
            file_company,
            file_directory,
            file_inode,
            file_hard_links,
            signed,
            signed_status,
            md5_hash,
            sha1_hash,
            sha256_hash,
        )

        queried_file = (FileQuery().with_node_key(eq=node_key).with_file_path(
            eq=file_path).with_asset_id(eq=asset_id).with_file_extension(
                eq=file_extension).with_file_mime_type(
                    eq=file_mime_type).with_file_size(
                        eq=file_size).with_file_version(
                            eq=file_version).with_file_description(
                                eq=file_description).with_file_product(
                                    eq=file_product).
                        with_file_company(eq=file_company).with_file_directory(
                            eq=file_directory).with_file_inode(
                                eq=file_inode).with_file_hard_links(
                                    eq=file_hard_links).with_signed(eq=signed).
                        with_signed_status(eq=signed_status).with_md5_hash(
                            eq=md5_hash).with_sha1_hash(
                                eq=sha1_hash).with_sha256_hash(
                                    eq=sha256_hash).query_first(local_client))

        assert node_key == queried_file.node_key

        assert file_path == queried_file.get_file_path()
        assert asset_id == queried_file.get_asset_id()
        assert file_extension == queried_file.get_file_extension()
        assert file_mime_type == queried_file.get_file_mime_type()
        assert file_size == queried_file.get_file_size()
        assert file_version == queried_file.get_file_version()
        assert file_description == queried_file.get_file_description()
        assert file_product == queried_file.get_file_product()
        assert file_company == queried_file.get_file_company()
        assert file_directory == queried_file.get_file_directory()
        assert file_inode == queried_file.get_file_inode()
        assert file_hard_links == queried_file.get_file_hard_links()
        assert signed == queried_file.get_signed()
        assert signed_status == queried_file.get_signed_status()
        assert md5_hash == queried_file.get_md5_hash()
        assert sha1_hash == queried_file.get_sha1_hash()
        assert sha256_hash == queried_file.get_sha256_hash()

Example #11

0

Show file

File: test_file_node.py Project: wittekm/grapl_analyzerlib

    def test_single_file_contains_key(
        self,
        node_key,
        file_path,
        asset_id,
        file_extension,
        file_mime_type,
        file_size,
        file_version,
        file_description,
        file_product,
        file_company,
        file_directory,
        file_inode,
        file_hard_links,
        signed,
        signed_status,
        md5_hash,
        sha1_hash,
        sha256_hash,
    ):
        node_key = "test_single_file_contains_key" + str(node_key)
        local_client = DgraphClient(DgraphClientStub("localhost:9080"))

        get_or_create_file_node(
            local_client,
            node_key,
            file_path,
            asset_id,
            file_extension,
            file_mime_type,
            file_size,
            file_version,
            file_description,
            file_product,
            file_company,
            file_directory,
            file_inode,
            file_hard_links,
            signed,
            signed_status,
            md5_hash,
            sha1_hash,
            sha256_hash,
        )

        queried_proc = FileQuery().query_first(local_client,
                                               contains_node_key=node_key)

        # assert process_view.process_id == queried_proc.get_process_id()
        assert node_key == queried_proc.node_key

        assert file_path == queried_proc.get_file_path()
        assert asset_id == queried_proc.get_asset_id()
        assert file_extension == queried_proc.get_file_extension()
        assert file_mime_type == queried_proc.get_file_mime_type()
        assert file_size == queried_proc.get_file_size()
        assert file_version == queried_proc.get_file_version()
        assert file_description == queried_proc.get_file_description()
        assert file_product == queried_proc.get_file_product()
        assert file_company == queried_proc.get_file_company()
        assert file_directory == queried_proc.get_file_directory()
        assert file_inode == queried_proc.get_file_inode()
        assert file_hard_links == queried_proc.get_file_hard_links()
        assert signed == queried_proc.get_signed()
        assert signed_status == queried_proc.get_signed_status()
        assert md5_hash == queried_proc.get_md5_hash()
        assert sha1_hash == queried_proc.get_sha1_hash()
        assert sha256_hash == queried_proc.get_sha256_hash()

Example #12

0

Show file

File: process_node.py Project: wimax-grapl/grapl

 def with_bin_file(self: "NQ",
                   bin_file_query: Optional["IFileQuery"] = None) -> "NQ":
     bin_file = bin_file_query or FileQuery()  # type: FileQuery
     bin_file._spawned_from = cast(ProcessQuery, self)
     cast(ProcessQuery, self)._bin_file = bin_file
     return self