Example #1
0
File: osx.py Project: tanner-g/grr 
    def Run(self, unused_args):
        """List all local filesystems mounted on this system."""
        for fs_struct in client_utils_osx.GetFileSystems():
            self.SendReply(
                rdf_client.Filesystem(device=fs_struct.f_mntfromname,
                                      mount_point=fs_struct.f_mntonname,
                                      type=fs_struct.f_fstypename))

        drive_re = re.compile("r?disk[0-9].*")
        for drive in os.listdir("/dev"):
            if not drive_re.match(drive):
                continue

            path = os.path.join("/dev", drive)
            try:
                img_inf = pytsk3.Img_Info(path)
                # This is a volume or a partition - we send back a TSK device.
                self.SendReply(rdf_client.Filesystem(device=path))

                vol_inf = pytsk3.Volume_Info(img_inf)

                for volume in vol_inf:
                    if volume.flags == pytsk3.TSK_VS_PART_FLAG_ALLOC:
                        offset = volume.start * vol_inf.info.block_size
                        self.SendReply(
                            rdf_client.Filesystem(device=path + ":" +
                                                  str(offset),
                                                  type="partition"))

            except (IOError, RuntimeError):
                continue
Example #2
0
 def Parse(self, cmd, args, stdout, stderr, return_val, time_taken,
           knowledge_base):
     """Parse the mount command output."""
     _ = stderr, time_taken, args, knowledge_base  # Unused.
     self.CheckReturn(cmd, return_val)
     result = rdf_protodict.AttributedDict()
     for entry in self.ParseEntries(stdout):
         line_str = " ".join(entry)
         mount_rslt = self.mount_re.match(line_str)
         if mount_rslt:
             device, mount_point, fs_type, option_str = mount_rslt.groups()
             result = rdf_client.Filesystem()
             result.device = device
             result.mount_point = mount_point
             result.type = fs_type
             # Parse these options as a dict as some items may be key/values.
             # KeyValue parser uses OrderedDict as the native parser method. Use it.
             options = KeyValueParser(
                 term=",").ParseToOrderedDict(option_str)
             # Keys without values get assigned [] by default. Because these keys are
             # actually true, if declared, change any [] values to True.
             for k, v in options.iteritems():
                 options[k] = v or [True]
             result.options = rdf_protodict.AttributedDict(**options)
             yield result
Example #3
0
    def testParse(self):
        filt = filters.ItemFilter()

        one = rdf_protodict.AttributedDict(test1="1", test2=[2, 3])
        foo = rdf_protodict.AttributedDict(test1="foo", test2=["bar", "baz"])
        fs = rdf_client.Filesystem(device="/dev/sda1", mount_point="/root")
        objs = [one, foo, fs]

        results = filt.Parse(objs, "test1 is '1'")
        self.assertEqual(1, len(results))
        self.assertEqual("test1", results[0].key)
        self.assertEqual("1", results[0].value)

        results = filt.Parse(objs, "test1 is '2'")
        self.assertFalse(results)

        results = filt.Parse(objs, "test2 contains 3")
        self.assertEqual(1, len(results))
        self.assertEqual("test2", results[0].key)
        self.assertEqual([2, 3], results[0].value)

        results = filt.Parse(objs, "test1 is '1' or test1 contains 'foo'")
        self.assertEqual(2, len(results))
        self.assertEqual("test1", results[0].key)
        self.assertEqual("1", results[0].value)
        self.assertEqual("test1", results[1].key)
        self.assertEqual("foo", results[1].value)

        results = filt.Parse(objs, "mount_point is '/root'")
        self.assertEqual(1, len(results))
        self.assertEqual("mount_point", results[0].key)
        self.assertEqual("/root", results[0].value)
Example #4
0
    def Run(self, unused_args):
        """List all the filesystems mounted on the system."""
        self.devices = {}
        # For now we check all the mounted filesystems.
        self.CheckMounts("/proc/mounts")
        self.CheckMounts("/etc/mtab")

        for device, (fs_type, mnt_point) in self.devices.items():
            self.SendReply(
                rdf_client.Filesystem(mount_point=mnt_point,
                                      type=fs_type,
                                      device=device))
Example #5
0
 def Parse(self, unused_stat, file_obj, unused_knowledge_base):
     for entry in self.ParseEntries(file_obj.read()):
         if not entry:
             continue
         result = rdf_client.Filesystem()
         result.device = entry[0].decode("string_escape")
         result.mount_point = entry[1].decode("string_escape")
         result.type = entry[2].decode("string_escape")
         options = KeyValueParser(term=",").ParseToOrderedDict(entry[3])
         # Keys without values get assigned [] by default. Because these keys are
         # actually true, if declared, change any [] values to True.
         for k, v in options.iteritems():
             options[k] = v or [True]
         result.options = rdf_protodict.AttributedDict(**options)
         yield result
Example #6
0
  def Run(self, unused_args):
    """List all local filesystems mounted on this system."""
    for drive in win32api.GetLogicalDriveStrings().split("\x00"):
      if drive:
        try:
          volume = win32file.GetVolumeNameForVolumeMountPoint(drive).rstrip(
              "\\")

          label, _, _, _, fs_type = win32api.GetVolumeInformation(drive)
          self.SendReply(
              rdf_client.Filesystem(
                  device=volume,
                  mount_point="/%s:/" % drive[0],
                  type=fs_type,
                  label=UnicodeFromCodePage(label)))
        except win32api.error:
          pass
Example #7
0
 def EnumerateFilesystems(self, _):
   self.response_count += 1
   return [rdf_client.Filesystem(device="/dev/sda",
                                 mount_point="/mnt/data")]