def FileFinderOSFromClient(args):
"""This function expands paths from the args and returns related stat entries.
Args:
args: An `rdf_file_finder.FileFinderArgs` object.
Yields:
`rdf_paths.PathSpec` instances.
"""
stat_cache = utils.StatCache()
opts = args.action.stat
for path in GetExpandedPaths(args):
try:
for content_condition in _ParseContentConditions(args):
result = list(content_condition.Search(path))
if not result:
raise _SkipFileException()
stat = stat_cache.Get(path, follow_symlink=opts.resolve_links)
stat_entry = client_utils.StatEntryFromStatPathSpec(
stat, ext_attrs=opts.collect_ext_attrs)
yield stat_entry
except _SkipFileException:
pass
def Start(cls, args):
stat_cache = utils.StatCache()
opts = args.action.stat
for path in _GetExpandedPaths(args):
try:
stat = stat_cache.Get(path, follow_symlink=opts.resolve_links)
stat_entry = client_utils.StatEntryFromStatPathSpec(
stat, ext_attrs=opts.collect_ext_attrs)
yield stat_entry
except _SkipFileException:
pass
def Run(self, args):
self.stat_cache = utils.StatCache()
action = self._ParseAction(args)
for path in GetExpandedPaths(args):
self.Progress()
try:
matches = self._Validate(args, path)
result = rdf_file_finder.FileFinderResult()
result.matches = matches
action.Execute(path, result)
self.SendReply(result)
except _SkipFileException:
pass
def testSmartSymlinkCache(self):
with open(self.Path("foo"), "w") as fd:
fd.write("12345")
stat_cache = utils.StatCache()
with mock.patch.object(utils, "Stat", wraps=utils.Stat) as stat_mock:
foo_stat = stat_cache.Get(self.Path("foo"), follow_symlink=False)
self.assertEqual(foo_stat.GetSize(), 5)
self.assertTrue(stat_mock.called)
with mock.patch.object(utils, "Stat", wraps=utils.Stat) as stat_mock:
other_foo_stat = stat_cache.Get(self.Path("foo"), follow_symlink=True)
self.assertEqual(other_foo_stat.GetSize(), 5)
self.assertFalse(stat_mock.called)
def testFollowSymlink(self):
with open(self.Path("foo"), "w") as fd:
fd.write("123456")
os.symlink(self.Path("foo"), self.Path("bar"))
stat_cache = utils.StatCache()
with mock.patch.object(utils, "Stat", wraps=utils.Stat) as stat_mock:
bar_stat = stat_cache.Get(self.Path("bar"), follow_symlink=False)
self.assertTrue(bar_stat.IsSymlink())
self.assertTrue(stat_mock.called)
with mock.patch.object(utils, "Stat", wraps=utils.Stat) as stat_mock:
foo_stat = stat_cache.Get(self.Path("bar"), follow_symlink=True)
self.assertFalse(foo_stat.IsSymlink())
self.assertEqual(foo_stat.GetSize(), 6)
self.assertTrue(stat_mock.called)
def testFileArtifactParser(self):
"""Test parsing a fake file artifact with a file parser."""
processor = config_file.CronAtAllowDenyParser()
source = rdf_artifact.ArtifactSource(
type=rdf_artifact.ArtifactSource.SourceType.FILE,
attributes={
"paths": ["VFSFixture/etc/passwd", "numbers.txt"],
})
paths = []
for path in source.attributes["paths"]:
paths.append(os.path.join(self.base_path, path))
stat_cache = utils.StatCache()
expanded_paths = []
opts = globbing.PathOpts(follow_links=True)
for path in paths:
for expanded_path in globbing.ExpandPath(path, opts):
expanded_paths.append(expanded_path)
path_type = rdf_paths.PathSpec.PathType.OS
results = []
for path in expanded_paths:
stat = stat_cache.Get(path, follow_symlink=True)
pathspec = rdf_paths.PathSpec(
pathtype=path_type,
path=client_utils.LocalPathToCanonicalPath(stat.GetPath()),
path_options=rdf_paths.PathSpec.Options.CASE_LITERAL)
response = rdf_client_fs.FindSpec(pathspec=pathspec)
for res in artifact_collector.ParseSingleResponse(
processor, response, {}, path_type):
results.append(res)
self.assertEqual(len(results), 3)
self.assertTrue(
results[0]["filename"].endswith("test_data/VFSFixture/etc/passwd"))
self.assertIsInstance(results[0], rdf_protodict.AttributedDict)
self.assertEqual(len(results[0]["users"]), 3)
self.assertIsInstance(results[1], rdf_anomaly.Anomaly)
self.assertEqual(len(results[2]["users"]), 1000)
def testBasicUsage(self):
with open(self.Path("foo"), "w") as fd:
fd.write("123")
with open(self.Path("bar"), "w") as fd:
fd.write("123456")
with open(self.Path("baz"), "w") as fd:
fd.write("123456789")
stat_cache = utils.StatCache()
with mock.patch.object(utils, "Stat", wraps=utils.Stat) as stat_mock:
foo_stat = stat_cache.Get(self.Path("foo"))
self.assertEqual(foo_stat.GetSize(), 3)
self.assertTrue(stat_mock.called)
with mock.patch.object(utils, "Stat", wraps=utils.Stat) as stat_mock:
bar_stat = stat_cache.Get(self.Path("bar"))
self.assertEqual(bar_stat.GetSize(), 6)
self.assertTrue(stat_mock.called)
with mock.patch.object(utils, "Stat", wraps=utils.Stat) as stat_mock:
other_foo_stat = stat_cache.Get(self.Path("foo"))
self.assertEqual(other_foo_stat.GetSize(), 3)
self.assertFalse(stat_mock.called)
with mock.patch.object(utils, "Stat", wraps=utils.Stat) as stat_mock:
other_bar_stat = stat_cache.Get(self.Path("bar"))
self.assertEqual(other_bar_stat.GetSize(), 6)
self.assertFalse(stat_mock.called)
with mock.patch.object(utils, "Stat", wraps=utils.Stat) as stat_mock:
baz_stat = stat_cache.Get(self.Path("baz"))
self.assertEqual(baz_stat.GetSize(), 9)
self.assertTrue(stat_mock.called)
with mock.patch.object(utils, "Stat", wraps=utils.Stat) as stat_mock:
other_baz_stat = stat_cache.Get(self.Path("baz"))
self.assertEqual(other_baz_stat.GetSize(), 9)
self.assertFalse(stat_mock.called)
