Example #1
0
    def testSearchFileContents(self):
        pattern = "test_data/*.log"

        client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile")
        path = os.path.join(os.path.dirname(self.base_path), pattern)

        args = rdfvalue.SearchFileContentArgs(
            paths=[path], pathtype=rdfvalue.PathSpec.PathType.OS)

        args.grep.literal = rdfvalue.LiteralExpression(
            "session opened for user dearjohn")
        args.grep.mode = rdfvalue.GrepSpec.Mode.ALL_HITS

        # Run the flow.
        for _ in test_lib.TestFlowHelper("SearchFileContent",
                                         client_mock,
                                         client_id=self.client_id,
                                         output="analysis/grep/testing",
                                         args=args,
                                         token=self.token):
            pass

        fd = aff4.FACTORY.Open(rdfvalue.RDFURN(
            self.client_id).Add("/analysis/grep/testing"),
                               token=self.token)

        # Make sure that there is a hit.
        self.assertEqual(len(fd), 1)
        first = fd[0]

        self.assertEqual(first.offset, 350)
        self.assertEqual(
            first.data, "session): session opened for user dearjohn by (uid=0")
Example #2
0
    def testSearchFileContentDownload(self):

        pattern = "test_data/*.log"

        client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile",
                                              "FingerprintFile", "HashBuffer",
                                              "TransferBuffer")
        path = os.path.join(os.path.dirname(self.base_path), pattern)

        # Do not provide a Grep expression - should match all files.
        args = rdfvalue.SearchFileContentArgs(paths=[path], also_download=True)

        # Run the flow.
        for _ in test_lib.TestFlowHelper("SearchFileContent",
                                         client_mock,
                                         client_id=self.client_id,
                                         output="analysis/grep/testing",
                                         args=args,
                                         token=self.token):
            pass

        fd = aff4.FACTORY.Open(rdfvalue.RDFURN(
            self.client_id).Add("/analysis/grep/testing"),
                               token=self.token)

        self.assertEqual(len(fd), 3)

        for log in aff4.FACTORY.Open(rdfvalue.RDFURN(
                self.client_id).Add("/fs/os/").Add(self.base_path),
                                     token=self.token).OpenChildren():
            self.assertTrue(isinstance(log, aff4.VFSBlobImage))
            # Make sure there is some data.
            self.assertGreater(len(log), 0)
Example #3
0
  def testSearchFileContentsNoGrep(self):
    """Search files without a grep specification."""
    pattern = "test_data/*.log"

    client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile")
    path = os.path.join(os.path.dirname(self.base_path), pattern)

    # Do not provide a Grep expression - should match all files.
    args = rdfvalue.SearchFileContentArgs(paths=[path])

    # Run the flow.
    for _ in test_lib.TestFlowHelper(
        "SearchFileContent", client_mock, client_id=self.client_id,
        output="analysis/grep/testing", args=args, token=self.token):
      pass

    fd = aff4.FACTORY.Open(
        rdfvalue.RDFURN(self.client_id).Add("/analysis/grep/testing"),
        token=self.token)

    self.assertEqual(len(fd), 3)