def testValidation(self): glob_expression = rdfvalue.GlobExpression( "/home/%%Users.username%%/**/.mozilla/") glob_expression.Validate() glob_expression = rdfvalue.GlobExpression("/home/**/**") self.assertRaises(ValueError, glob_expression.Validate)
def FetchBinaries(self, responses): """Parses the Rekall response and initiates FileFinder flows.""" if not responses.success: self.Log("Error fetching VAD data: %s", responses.status) return self.Log("Found %d binaries", len(responses)) if self.args.filename_regex: binaries = [] for response in responses: if self.args.filename_regex.Match(response.CollapsePath()): binaries.append(response) self.Log("Applied filename regex. Have %d files after filtering.", len(binaries)) else: binaries = responses if self.args.fetch_binaries: self.CallFlow( "FileFinder", next_state="HandleDownloadedFiles", paths=[ rdfvalue.GlobExpression(b.CollapsePath()) for b in binaries ], pathtype=rdfvalue.PathSpec.PathType.OS, action=rdfvalue.FileFinderAction( action_type=rdfvalue.FileFinderAction.Action.DOWNLOAD)) else: for b in binaries: self.SendReply(b)
def testInterpolateClientAttributes(self): path = rdfvalue.GlobExpression(u"%%Users.homedir%%\\.ssh") res = list(path.InterpolateClientAttributes(self.client)) self.assertEqual(len(res), 2) self.assertTrue("c:\\Users\\test\\.ssh" in res) self.assertTrue("c:\\Users\\test2\\.ssh" in res)
def testClientInterpolation(self): client_id = "C.0000000000000001" fd = aff4.FACTORY.Create(client_id, "VFSGRRClient", token=self.token) users = fd.Schema.USER() # Add 2 users for i in range(2): account_info = self.USER_ACCOUNT.copy() account_info["username"] = "******" % i users.Append(**account_info) fd.Set(users) fd.Close() fd = aff4.FACTORY.Open(client_id, token=self.token) glob_expression = rdfvalue.GlobExpression( "/home/%%Users.username%%/.mozilla/") interpolated = sorted(glob_expression.InterpolateClientAttributes( client=fd)) self.assertEqual(interpolated[0], "/home/user0/.mozilla/") self.assertEqual(interpolated[1], "/home/user1/.mozilla/")