def testInstantiate(self):
name = 'sdx'
path = '/dev/{0:s}'.format(name)
d = disk.DiskArtifact(path, 100)
self.assertEqual(d._path, path)
self.assertEqual(d.name, name)
self.assertEqual(d.remote_path, 'Disks/{0:s}.image'.format(name))
self.assertEqual(d.hashlog_filename, '{0:s}.hash'.format(name))
def testGenerateDDCommand(self):
name = 'sdx'
path = '/dev/{0:s}'.format(name)
dd_command = [
'/some/place/random/bin/dcfldd', 'if={0:s}'.format(path),
'hashlog={0:s}.hash'.format(name)]
dd_static_options = [
'hash=md5,sha1', 'bs=2M', 'conv=noerror', 'hashwindow=128M']
dd_command.extend(dd_static_options)
with mock.patch('auto_forensicate.hostinfo.Which') as patched_which:
patched_which.return_value = '/some/place/random/bin/dcfldd'
d = disk.DiskArtifact(path, 100)
self.assertEqual(d._GenerateDDCommand(), dd_command)
def testGenerateDDCommand(self):
name = 'sdx'
path = '/dev/{0:s}'.format(name)
dd_command = [
'/usr/bin/dcfldd', 'if={0:s}'.format(path),
'hashlog={0:s}.hash'.format(name)
]
dd_static_options = [
'hash=md5,sha1', 'bs=2M', 'conv=noerror', 'hashwindow=128M'
]
dd_command.extend(dd_static_options)
d = disk.DiskArtifact(path, 100)
self.assertEqual(d._GenerateDDCommand(), dd_command)
def testProbablyADisk(self):
disk_object = disk.DiskArtifact('/dev/sdX', 123456789)
disk_object._udevadm_metadata = {'ID_BUS': 'ata'}
self.assertTrue(disk_object.ProbablyADisk())
# We ignore USB to try to avoid copying the GiftStick itself.
disk_object._udevadm_metadata = {'ID_BUS': 'usb'}
self.assertFalse(disk_object.ProbablyADisk())
# We ignore Floppy
disk_object._udevadm_metadata = {'MAJOR': '2'}
self.assertFalse(disk_object.ProbablyADisk())
# Fancy NVME drive
disk_object._udevadm_metadata = {
'DEVTYPE': 'disk',
'MAJOR': '259',
'MINOR': '0'
}
self.assertTrue(disk_object.ProbablyADisk())
def testGetArtifacts(self):
disk_name = 'sdx'
disk_size = 20 * 1024 * 1024 * 1024 # 20GB
disk_object = disk.DiskArtifact('/dev/{0:s}'.format(disk_name),
disk_size)
disk_object._udevadm_metadata = {
'udevadm_text_output': 'fake disk info'
}
with mock.patch('auto_forensicate.recipes.disk.DiskRecipe._ListDisks'
) as patched_listdisk:
patched_listdisk.return_value = [disk_object]
with mock.patch(
'auto_forensicate.recipes.disk.DiskRecipe._GetLsblkDict'
) as patched_lsblk:
patched_lsblk.return_value = self._lsblk_dict
recipe = disk.DiskRecipe('Disk')
artifacts = recipe.GetArtifacts()
self.assertEqual(len(artifacts), 4)
udevadm_artifact = artifacts[0]
self.assertIsInstance(udevadm_artifact, base.StringArtifact)
self.assertEqual(udevadm_artifact._GetStream().read(),
b'fake disk info')
self.assertEqual(udevadm_artifact.remote_path,
'Disks/sdx.udevadm.txt')
lsblk_artifact = artifacts[1]
self.assertIsInstance(lsblk_artifact, base.StringArtifact)
self.assertEqual(lsblk_artifact._GetStream().read(),
json.dumps(self._lsblk_dict).encode('utf-8'))
self.assertEqual(lsblk_artifact.remote_path, 'Disks/lsblk.txt')
self.assertEqual(artifacts[2], disk_object)
file_artifact = artifacts[3]
self.assertIsInstance(file_artifact, base.FileArtifact)
self.assertEqual(file_artifact.name,
'{0:s}.hash'.format(disk_name))
self.assertEqual(file_artifact.remote_path,
'Disks/{0:s}.hash'.format(disk_name))
def testGetDescription(self):
disk_object = disk.DiskArtifact('/dev/sdX', 123456789)
disk_object._udevadm_metadata = {
'ID_BUS': 'ata',
'ID_MODEL': 'TestDisk'
}
self.assertEqual('sdX: TestDisk (internal)',
disk_object.GetDescription())
disk_object._udevadm_metadata = {
'ID_BUS': 'usb',
'ID_MODEL': 'TestDisk',
'ID_VENDOR': 'FakeVendor'
}
self.assertEqual('sdX: FakeVendor TestDisk (usb)',
disk_object.GetDescription())
disk_object._udevadm_metadata = {
'MAJOR': '2',
}
self.assertEqual('sdX: Floppy Disk (internal)',
disk_object.GetDescription())
def testIsUsb(self):
disk_object = disk.DiskArtifact('/dev/sdX', 12345)
disk_object._udevadm_metadata = {'ID_BUS': 'usb'}
self.assertTrue(disk_object._IsUsb())
disk_object._udevadm_metadata = {'ID_BUS': 'ata'}
self.assertFalse(disk_object._IsUsb())
def testIsFloppy(self):
disk_object = disk.DiskArtifact('/dev/sdX', 12345)
disk_object._udevadm_metadata = {'MAJOR': '2'}
self.assertTrue(disk_object._IsFloppy())
disk_object._udevadm_metadata = {'MAJOR': '12'}
self.assertFalse(disk_object._IsFloppy())