def testMatches(self):
"""Test the Matches function."""
file_system = self._CreateTestFileSystem()
path_spec = fake_path_spec.FakePathSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py')
file_entry = file_system.GetFileEntryByPathSpec(path_spec)
find_spec = file_system_searcher.FindSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py',
location_separator='/')
result = find_spec.Matches(file_entry)
self.assertEqual(result, (True, True))
result = find_spec.Matches(file_entry, search_depth=6)
self.assertEqual(result, (True, True))
result = find_spec.Matches(file_entry, search_depth=0)
self.assertEqual(result, (False, True))
find_spec = file_system_searcher.FindSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/bogus.py',
location_separator='/')
result = find_spec.Matches(file_entry, search_depth=6)
self.assertEqual(result, (False, False))
def testCheckLocation(self):
"""Test the _CheckLocation() function."""
file_system = self._CreateTestFileSystem()
path_spec = fake_path_spec.FakePathSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py')
file_entry = file_system.GetFileEntryByPathSpec(path_spec)
find_spec = file_system_searcher.FindSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py',
location_separator='/')
result = find_spec._CheckLocation(file_entry, 6)
self.assertTrue(result)
result = find_spec._CheckLocation(file_entry, 0)
self.assertTrue(result)
result = find_spec._CheckLocation(file_entry, 5)
self.assertFalse(result)
find_spec = file_system_searcher.FindSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/bogus.py',
location_separator='/')
result = find_spec._CheckLocation(file_entry, 6)
self.assertFalse(result)
def testCompareNameWithLocationSegment(self):
"""Test the CompareNameWithLocationSegment function."""
file_system = self._CreateTestFileSystem()
path_spec = fake_path_spec.FakePathSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py')
file_entry = file_system.GetFileEntryByPathSpec(path_spec)
find_spec = file_system_searcher.FindSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py',
location_separator='/')
result = find_spec.CompareNameWithLocationSegment(file_entry, 6)
self.assertTrue(result)
result = find_spec.CompareNameWithLocationSegment(file_entry, 5)
self.assertFalse(result)
# Currently comparing against the root location segment always
# returns True.
result = find_spec.CompareNameWithLocationSegment(file_entry, 0)
self.assertTrue(result)
find_spec = file_system_searcher.FindSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/bogus.py',
location_separator='/')
result = find_spec.CompareNameWithLocationSegment(file_entry, 6)
self.assertFalse(result)
def testInitialize(self):
"""Test the __init__ function."""
find_spec = file_system_searcher.FindSpec(location='location')
self.assertIsNotNone(find_spec)
find_spec = file_system_searcher.FindSpec(location=['location'])
self.assertIsNotNone(find_spec)
with self.assertRaises(TypeError):
find_spec = file_system_searcher.FindSpec(location={})
find_spec = file_system_searcher.FindSpec(location_glob='loca?ion')
self.assertIsNotNone(find_spec)
find_spec = file_system_searcher.FindSpec(location_glob=['loca?ion'])
self.assertIsNotNone(find_spec)
with self.assertRaises(TypeError):
find_spec = file_system_searcher.FindSpec(location_glob={})
find_spec = file_system_searcher.FindSpec(location_regex='loca.ion')
self.assertIsNotNone(find_spec)
find_spec = file_system_searcher.FindSpec(location_regex=['loca.ion'])
self.assertIsNotNone(find_spec)
with self.assertRaises(TypeError):
find_spec = file_system_searcher.FindSpec(location_regex={})
with self.assertRaises(ValueError):
find_spec = file_system_searcher.FindSpec(location='location',
location_glob='loca?ion')
def _FindPathSpec(self, path):
"""Searches for a path specification.
Args:
path: the path of the Windows Registry file.
Returns:
A path specification (instance of dfvfs.PathSpec) of
the Windows Registry file.
Raises:
IOError: If the Windows Registry file cannot be found.
"""
path, _, filename = path.rpartition(u'/')
# TODO: determine why this first find is used add comment or remove.
# It does not appear to help with making sure path segment separate
# is correct.
find_spec = file_system_searcher.FindSpec(
location=path, case_sensitive=False)
path_specs = list(self._searcher.Find(find_specs=[find_spec]))
if not path_specs or len(path_specs) != 1:
raise IOError(
u'Unable to find directory: {0:s}'.format(path))
relative_path = self._searcher.GetRelativePath(path_specs[0])
if not relative_path:
raise IOError(u'Unable to determine relative path of: {0:s}'.format(path))
# The path is split in segments to make it path segement separator
# independent (and thus platform independent).
path_segments = self._searcher.SplitPath(relative_path)
path_segments.append(filename)
find_spec = file_system_searcher.FindSpec(
location=path_segments, case_sensitive=False)
path_specs = list(self._searcher.Find(find_specs=[find_spec]))
if not path_specs:
raise IOError(
u'Unable to find file: {0:s} in directory: {1:s}'.format(
filename, relative_path))
if len(path_specs) != 1:
raise IOError((
u'Find for file: {0:s} in directory: {1:s} returned {2:d} '
u'results.').format(filename, relative_path, len(path_specs)))
if not relative_path:
raise IOError(
u'Missing file: {0:s} in directory: {1:s}'.format(
filename, relative_path))
return path_specs[0]
def testHasLocation(self):
"""Test the HasLocation function."""
find_spec = file_system_searcher.FindSpec()
result = find_spec.HasLocation()
self.assertFalse(result)
find_spec = file_system_searcher.FindSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py',
location_separator='/')
result = find_spec.HasLocation()
self.assertTrue(result)
def _FindRegistryPaths(self, searcher, pattern):
"""Return a list of Windows Registry file paths.
Args:
searcher: The file system searcher object (instance of
dfvfs.FileSystemSearcher).
pattern: The pattern to find.
"""
# TODO: optimize this in one find.
hive_paths = []
file_path, _, file_name = pattern.rpartition(u'/')
# The path is split in segments to make it path segment separator
# independent (and thus platform independent).
path_segments = file_path.split(u'/')
if not path_segments[0]:
path_segments = path_segments[1:]
find_spec = file_system_searcher.FindSpec(
location_regex=path_segments, case_sensitive=False)
path_specs = list(searcher.Find(find_specs=[find_spec]))
if not path_specs:
logging.debug(u'Directory: {0:s} not found'.format(file_path))
return hive_paths
for path_spec in path_specs:
directory_location = getattr(path_spec, 'location', None)
if not directory_location:
raise errors.PreProcessFail(
u'Missing directory location for: {0:s}'.format(file_path))
# The path is split in segments to make it path segment separator
# independent (and thus platform independent).
path_segments = searcher.SplitPath(directory_location)
path_segments.append(file_name)
find_spec = file_system_searcher.FindSpec(
location_regex=path_segments, case_sensitive=False)
fh_path_specs = list(searcher.Find(find_specs=[find_spec]))
if not fh_path_specs:
logging.debug(u'File: {0:s} not found in directory: {1:s}'.format(
file_name, directory_location))
continue
hive_paths.extend(fh_path_specs)
return hive_paths
def find_paths(self,
locations,
case_sensitive=False,
regex=False,
partitions=None):
"""
Fast search for paths inside the volume. Must match path depth exactly!
:param locations: list of search strings
:param case_sensitive: bool
:param regex: bool if search strings contain regex
:param partitions: optional: limit search to certain partitions (from partitions() )
:return: list of PathSpec results
"""
if not partitions:
partitions = self.base_path_specs
if not locations:
LOGGER.debug("dfvfs.find_paths called with empty search specs")
return
specs = []
for search in locations:
if regex:
spec = file_system_searcher.FindSpec(
location_regex=search, case_sensitive=case_sensitive)
elif '*' in search or '?' in search:
spec = file_system_searcher.FindSpec(
location_glob=search, case_sensitive=case_sensitive)
else:
spec = file_system_searcher.FindSpec(
location=search, case_sensitive=case_sensitive)
specs.append(spec)
for base_path_spec in partitions:
file_system = None
try:
file_system = resolver.Resolver.OpenFileSystem(base_path_spec)
searcher = file_system_searcher.FileSystemSearcher(
file_system, base_path_spec)
for result in searcher.Find(specs):
yield result
except dfvfs_errors.Error as error:
LOGGER.warning("Encountered exception in dfVFS: %s", error)
continue
finally:
if file_system:
resolver.Resolver._resolver_context.ReleaseFileSystem(
file_system)
def GetValue(self, searcher):
"""Returns the path as found by the searcher.
Args:
searcher: The file system searcher object (instance of
dfvfs.FileSystemSearcher).
Returns:
The first path location string.
Raises:
PreProcessFail: if the path could not be found.
"""
find_spec = file_system_searcher.FindSpec(location_regex=self.PATH,
case_sensitive=False)
path_specs = list(searcher.Find(find_specs=[find_spec]))
if not path_specs:
raise errors.PreProcessFail(u'Unable to find path: {0:s}'.format(
self.PATH))
path_location = getattr(path_specs[0], 'location', None)
if not path_location:
raise errors.PreProcessFail(
u'Missing path location for: {0:s}'.format(self.PATH))
return path_location
def ExtractTargetDirToPath(self, source_path_spec, configuration, dir_path=None, file_spec=None, output_path=None):
#TODO(jbc): 함수명 변경, 파일 넣어도 됨.
"""Extract target directory to path
Args:
source_path_spec:
configuration:
dir_path:
output_path:
"""
try:
if not file_spec:
find_spec = file_system_searcher.FindSpec(
case_sensitive=False, location=dir_path,
location_separator='/')
else:
find_spec = file_spec
except ValueError as exception:
logger.error(
'Unable to build find specification for path: "{0:s}" with '
'error: {1!s}'.format(dir_path, exception))
path_spec_generator = self._path_spec_extractor.ExtractPathSpecs(
[source_path_spec], find_specs=[find_spec], recurse_file_system=False,
resolver_context=configuration.resolver_context)
for path_spec in path_spec_generator:
self.DirectoryTraversal(path_spec, output_path)
def GetValue(self, searcher, unused_knowledge_base):
"""Returns the path as found by the searcher.
Args:
searcher: The file system searcher object (instance of
dfvfs.FileSystemSearcher).
knowledge_base: A knowledge base object (instance of KnowledgeBase),
which contains information from the source data needed
for parsing.
Returns:
The first path location string.
Raises:
PreProcessFail: if the path could not be found.
"""
find_spec = file_system_searcher.FindSpec(location_regex=self.PATH,
case_sensitive=False)
path_specs = list(searcher.Find(find_specs=[find_spec]))
if not path_specs:
raise errors.PreProcessFail(u'Unable to find path: {0:s}'.format(
self.PATH))
relative_path = searcher.GetRelativePath(path_specs[0])
if not relative_path:
raise errors.PreProcessFail(
u'Missing relative path for: {0:s}'.format(self.PATH))
return relative_path
def Collect(self, knowledge_base, artifact_definition, searcher,
file_system):
"""Collects values using a file artifact definition.
Args:
knowledge_base (KnowledgeBase): to fill with preprocessing information.
artifact_definition (artifacts.ArtifactDefinition): artifact definition.
searcher (dfvfs.FileSystemSearcher): file system searcher to preprocess
the file system.
file_system (dfvfs.FileSystem): file system to be preprocessed.
Raises:
PreProcessFail: if the preprocessing fails.
"""
for source in artifact_definition.sources:
if source.type_indicator not in (
artifact_definitions.TYPE_INDICATOR_FILE,
artifact_definitions.TYPE_INDICATOR_PATH):
continue
for path in source.paths:
# Make sure the path separators used in the artifact definition
# correspond to those used by the file system.
path_segments = path.split(source.separator)
find_spec = file_system_searcher.FindSpec(
location_glob=path_segments[1:], case_sensitive=False)
for path_specification in searcher.Find(
find_specs=[find_spec]):
self._ParsePathSpecification(knowledge_base, searcher,
file_system,
path_specification,
source.separator)
def _FindFileEntry(self, searcher, path):
"""Searches for a file entry that matches the path.
Args:
searcher: The file system searcher object (instance of
dfvfs.FileSystemSearcher).
path: The location of the file entry relative to the file system
of the searcher.
Returns:
The file entry if successful or None otherwise.
Raises:
errors.PreProcessFail: if the file entry cannot be found or opened.
"""
find_spec = file_system_searcher.FindSpec(location=path,
case_sensitive=False)
path_specs = list(searcher.Find(find_specs=[find_spec]))
if not path_specs or len(path_specs) != 1:
raise errors.PreProcessFail(u'Unable to find: {0:s}'.format(path))
try:
file_entry = searcher.GetFileEntryByPathSpec(path_specs[0])
except IOError as exception:
raise errors.PreProcessFail(
u'Unable to retrieve file entry: {0:s} with error: {1:s}'.
format(path, exception))
return file_entry
def Collect(self, mediator, artifact_definition, searcher, file_system):
"""Collects values using a file artifact definition.
Args:
mediator (PreprocessMediator): mediates interactions between preprocess
plugins and other components, such as storage and knowledge base.
artifact_definition (artifacts.ArtifactDefinition): artifact definition.
searcher (dfvfs.FileSystemSearcher): file system searcher to preprocess
the file system.
file_system (dfvfs.FileSystem): file system to be preprocessed.
Raises:
PreProcessFail: if the preprocessing fails.
"""
for source in artifact_definition.sources:
if source.type_indicator not in (
artifact_definitions.TYPE_INDICATOR_FILE,
artifact_definitions.TYPE_INDICATOR_PATH):
continue
for path in source.paths:
find_spec = file_system_searcher.FindSpec(
case_sensitive=False,
location_glob=path,
location_separator=source.separator)
for path_specification in searcher.Find(
find_specs=[find_spec]):
self._ParsePathSpecification(mediator, searcher,
file_system,
path_specification,
source.separator)
def LoadTargetFileToMemory(self,
source_path_spec,
configuration,
file_path=None,
file_spec=None,
data_stream_name=None):
try:
if not file_spec:
find_spec = file_system_searcher.FindSpec(
case_sensitive=False,
location=file_path,
location_separator=source_path_spec.location)
else:
find_spec = file_spec
except ValueError as exception:
logger.error(
'Unable to build find specification for path: "{0:s}" with '
'error: {1!s}'.format(file_path, exception))
path_spec_generator = self._path_spec_extractor.ExtractPathSpecs(
[source_path_spec],
find_specs=[find_spec],
recurse_file_system=False,
resolver_context=configuration.resolver_context)
for path_spec in path_spec_generator:
display_name = path_helper.PathHelper.GetDisplayNameForPathSpec(
path_spec)
try:
file_entry = path_spec_resolver.Resolver.OpenFileEntry(
path_spec, resolver_context=configuration.resolver_context)
if file_entry is None or not file_entry.IsFile():
logger.warning(
'Unable to open file entry with path spec: {0:s}'.
format(display_name))
return False
if data_stream_name:
file_object = file_entry.GetFileObject(
data_stream_name=data_stream_name)
if not file_object:
return False
return file_object
elif not data_stream_name:
file_object = file_entry.GetFileObject()
if not file_object:
return False
return file_object
except KeyboardInterrupt:
return False
def GetValue(self, searcher, unused_knowledge_base):
"""Determines the user accounts.
Args:
searcher: The file system searcher object (instance of
dfvfs.FileSystemSearcher).
knowledge_base: A knowledge base object (instance of KnowledgeBase),
which contains information from the source data needed
for parsing.
Returns:
A list containing username information dicts.
Raises:
errors.PreProcessFail: if the preprocessing fails.
"""
find_spec = file_system_searcher.FindSpec(
location_regex=self.USER_PATH, case_sensitive=False)
path_specs = list(searcher.Find(find_specs=[find_spec]))
if not path_specs:
raise errors.PreProcessFail(u'Unable to find user plist files.')
users = []
for path_spec in path_specs:
plist_file_location = getattr(path_spec, 'location', u'')
if not plist_file_location:
raise errors.PreProcessFail(u'Missing user plist file location.')
try:
top_level_object = self._OpenPlistFile(searcher, path_spec)
except IOError:
logging.warning(u'Unable to parse user plist file: {0:s}'.format(
plist_file_location))
continue
try:
match = plist_interface.GetKeysDefaultEmpty(
top_level_object, self._KEYS)
except KeyError as exception:
logging.warning(
u'Unable to read user plist file: {0:s} with error: {1:s}'.format(
plist_file_location, exception))
continue
# TODO: as part of artifacts, create a proper object for this.
user = {
'uid': match.get('uid', [-1])[0],
'path': match.get('home', [u'<not set>'])[0],
'name': match.get('name', [u'<not set>'])[0],
'realname': match.get('realname', [u'N/A'])[0]}
users.append(user)
if not users:
raise errors.PreProcessFail(u'Unable to find any users on the system.')
return users
def BuildFindSpecs(self, path_filters, environment_variables=None):
"""Builds find specifications from path filters.
Args:
path_filters (list[PathFilter]): path filters.
environment_variables (Optional[list[EnvironmentVariableArtifact]]):
environment variables.
"""
for path_filter in path_filters:
for path in path_filter.paths:
# Since paths are regular expression the path separator is escaped.
if path_filter.path_separator == '\\':
path_separator = '\\\\'
else:
path_separator = path_filter.path_separator
expand_path = False
path_segments = path.split(path_separator)
for index, path_segment in enumerate(path_segments):
if len(path_segment) <= 2:
continue
if path_segment[0] == '{' and path_segment[-1] == '}':
# Rewrite legacy path expansion attributes, such as {systemroot}
# into %SystemRoot%.
path_segment = '%{0:s}%'.format(path_segment[1:-1])
path_segments[index] = path_segment
if path_segment[0] == '%' and path_segment[-1] == '%':
expand_path = True
if expand_path:
path_segments = path_helper.PathHelper.ExpandWindowsPathSegments(
path_segments, environment_variables)
if path_segments[0] != '':
logger.warning((
'The path filter must be defined as an absolute path: '
'{0:s}').format(path))
continue
# Strip the root path segment.
path_segments.pop(0)
if not path_segments[-1]:
logger.warning(
'Empty last path segment in path: {0:s}'.format(path))
continue
find_spec = file_system_searcher.FindSpec(
case_sensitive=False, location_regex=path_segments)
if path_filter.filter_type == PathFilter.FILTER_TYPE_EXCLUDE:
self.excluded_file_system_find_specs.append(find_spec)
elif path_filter.filter_type == PathFilter.FILTER_TYPE_INCLUDE:
self.included_file_system_find_specs.append(find_spec)
def testAtMaximumDepth(self):
"""Test the AtMaximumDepth function."""
find_spec = file_system_searcher.FindSpec()
result = find_spec.AtMaximumDepth(6)
self.assertFalse(result)
find_spec = file_system_searcher.FindSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py',
location_separator='/')
result = find_spec.AtMaximumDepth(0)
self.assertFalse(result)
result = find_spec.AtMaximumDepth(6)
self.assertTrue(result)
result = find_spec.AtMaximumDepth(9)
self.assertTrue(result)
def BuildFindSpecsFromFileArtifact(self, source_path, path_separator,
environment_variables, user_accounts):
"""Builds find specifications from a file source type.
Args:
source_path (str): file system path defined by the source.
path_separator (str): file system path segment separator.
environment_variables (list[str]): environment variable attributes used to
dynamically populate environment variables in key.
user_accounts (list[str]): identified user accounts stored in the
knowledge base.
Returns:
list[dfvfs.FindSpec]: find specifications for the file source type.
"""
find_specs = []
for glob_path in path_helper.PathHelper.ExpandRecursiveGlobs(
source_path, path_separator):
for path in path_helper.PathHelper.ExpandUsersHomeDirectoryPath(
glob_path, user_accounts):
if '%' in path:
path = path_helper.PathHelper.ExpandWindowsPath(
path, environment_variables)
if not path.startswith(path_separator):
logger.warning((
'The path filter must be defined as an absolute path: '
'"{0:s}"').format(path))
continue
# Convert the path filters into a list of path segments and
# strip the root path segment.
path_segments = path.split(path_separator)
# Remove initial root entry
path_segments.pop(0)
if not path_segments[-1]:
logger.warning(
'Empty last path segment in path filter: "{0:s}"'.
format(path))
path_segments.pop(-1)
try:
find_spec = file_system_searcher.FindSpec(
location_glob=path_segments, case_sensitive=False)
except ValueError as exception:
logger.error((
'Unable to build find specification for path: "{0:s}" with '
'error: {1!s}').format(path, exception))
continue
find_specs.append(find_spec)
return find_specs
def _BuildFindSpecsFromFileSourcePath(self, source_path, path_separator,
environment_variables,
user_accounts):
"""Builds find specifications from a file source type.
Args:
source_path (str): file system path defined by the source.
path_separator (str): file system path segment separator.
environment_variables (list[str]): environment variable attributes used to
dynamically populate environment variables in key.
user_accounts (list[str]): identified user accounts stored in the
knowledge base.
Returns:
list[dfvfs.FindSpec]: find specifications for the file source type.
"""
find_specs = []
for path_glob in path_helper.PathHelper.ExpandGlobStars(
source_path, path_separator):
logger.debug(
'building find spec from path glob: {0:s}'.format(path_glob))
for path in path_helper.PathHelper.ExpandUsersVariablePath(
path_glob, path_separator, user_accounts):
logger.debug(
'building find spec from path: {0:s}'.format(path))
if '%' in path:
path = path_helper.PathHelper.ExpandWindowsPath(
path, environment_variables)
logger.debug(
'building find spec from expanded path: {0:s}'.format(
path))
if not path.startswith(path_separator):
logger.warning((
'The path filter must be defined as an absolute path: '
'"{0:s}"').format(path))
continue
try:
find_spec = file_system_searcher.FindSpec(
case_sensitive=False,
location_glob=path,
location_separator=path_separator)
except ValueError as exception:
logger.error((
'Unable to build find specification for path: "{0:s}" with '
'error: {1!s}').format(path, exception))
continue
find_specs.append(find_spec)
return find_specs
def testCompareWithLocationSegment(self):
"""Test the _CompareWithLocationSegment function."""
find_spec = file_system_searcher.FindSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py',
location_separator='/')
result = find_spec._CompareWithLocationSegment('__init__.py', 6)
self.assertTrue(result)
result = find_spec._CompareWithLocationSegment('__init__.py', 0)
self.assertTrue(result)
result = find_spec._CompareWithLocationSegment('__init__.py', 5)
self.assertFalse(result)
find_spec = file_system_searcher.FindSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/bogus.py',
location_separator='/')
result = find_spec._CompareWithLocationSegment('__init__.py', 6)
self.assertFalse(result)
def testCheckIsSocket(self):
"""Test the _CheckIsSocket function."""
file_system = self._CreateTestFileSystem()
find_spec = file_system_searcher.FindSpec(
file_entry_types=[definitions.FILE_ENTRY_TYPE_FILE])
path_spec = fake_path_spec.FakePathSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py')
file_entry = file_system.GetFileEntryByPathSpec(path_spec)
result = find_spec._CheckIsSocket(file_entry)
self.assertFalse(result)
def testCompareTraits(self):
"""Test the CompareTraits function."""
file_system = self._CreateTestFileSystem()
path_spec = fake_path_spec.FakePathSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py')
file_entry = file_system.GetFileEntryByPathSpec(path_spec)
find_spec = file_system_searcher.FindSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py',
location_separator='/')
result = find_spec.CompareTraits(file_entry)
self.assertTrue(result)
def BuildFindSpecsFromFile(filter_file_path, pre_obj=None):
"""Returns a list of find specification from a filter file.
Args:
filter_file_path: A path to a file that contains find specifications.
pre_obj: A preprocessing object (instance of PreprocessObject). This is
optional but when provided takes care of expanding each segment.
"""
find_specs = []
if pre_obj:
expander = dfwinreg_path_expander.WinRegistryKeyPathExpander()
with open(filter_file_path, 'rb') as file_object:
for line in file_object:
line = line.strip()
if line.startswith(u'#'):
continue
if pre_obj:
path_attributes = pre_obj.__dict__
try:
line = expander.ExpandPath(line, path_attributes=path_attributes)
except KeyError as exception:
logging.error((
u'Unable to use collection filter line: {0:s} with error: '
u'{1:s}').format(line, exception))
continue
if not line.startswith(u'/'):
logging.warning((
u'The filter string must be defined as an abolute path: '
u'{0:s}').format(line))
continue
_, _, file_path = line.rstrip().rpartition(u'/')
if not file_path:
logging.warning(
u'Unable to parse the filter string: {0:s}'.format(line))
continue
# Convert the filter paths into a list of path segments and strip
# the root path segment.
path_segments = line.split(u'/')
path_segments.pop(0)
find_specs.append(file_system_searcher.FindSpec(
location_regex=path_segments, case_sensitive=False))
return find_specs
def testIsLastLocationSegment(self):
"""Test the IsLastLocationSegment function."""
find_spec = file_system_searcher.FindSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py',
location_separator='/')
result = find_spec.IsLastLocationSegment(0)
self.assertFalse(result)
result = find_spec.IsLastLocationSegment(6)
self.assertTrue(result)
result = find_spec.IsLastLocationSegment(9)
self.assertFalse(result)
def _FindPathSpecs(self, searcher, path):
"""Searches for path specifications that matches the path.
Args:
searcher (dfvfs.FileSystemSearcher): file system searcher.
path (str): location of the file entry relative to the file system
of the searcher.
Returns:
list[dfvfs.PathSpec]: path specifcations.
"""
find_spec = file_system_searcher.FindSpec(location_regex=path,
case_sensitive=False)
return list(searcher.Find(find_specs=[find_spec]))
def _DetermineOperatingSystem(self, searcher):
"""Tries to determine the underlying operating system.
Args:
searcher (dfvfs.FileSystemSearcher): file system searcher.
Returns:
str: operating system for example "Windows". This should be one of
the values in definitions.OPERATING_SYSTEM_FAMILIES.
"""
find_specs = [
file_system_searcher.FindSpec(case_sensitive=False,
location='/etc',
location_separator='/'),
file_system_searcher.FindSpec(case_sensitive=False,
location='/System/Library',
location_separator='/'),
file_system_searcher.FindSpec(case_sensitive=False,
location='\\Windows\\System32',
location_separator='\\'),
file_system_searcher.FindSpec(case_sensitive=False,
location='\\WINNT\\System32',
location_separator='\\'),
file_system_searcher.FindSpec(case_sensitive=False,
location='\\WINNT35\\System32',
location_separator='\\'),
file_system_searcher.FindSpec(case_sensitive=False,
location='\\WTSRV\\System32',
location_separator='\\')
]
locations = []
for path_spec in searcher.Find(find_specs=find_specs):
relative_path = searcher.GetRelativePath(path_spec)
if relative_path:
locations.append(relative_path.lower())
# We need to check for both forward and backward slashes since the path
# spec will be OS dependent, as in running the tool on Windows will return
# Windows paths (backward slash) vs. forward slash on *NIX systems.
windows_locations = set([
'/windows/system32', '\\windows\\system32', '/winnt/system32',
'\\winnt\\system32', '/winnt35/system32', '\\winnt35\\system32',
'\\wtsrv\\system32', '/wtsrv/system32'
])
operating_system = definitions.OPERATING_SYSTEM_FAMILY_UNKNOWN
if windows_locations.intersection(set(locations)):
operating_system = definitions.OPERATING_SYSTEM_FAMILY_WINDOWS_NT
elif '/system/library' in locations:
operating_system = definitions.OPERATING_SYSTEM_FAMILY_MACOS
elif '/etc' in locations:
operating_system = definitions.OPERATING_SYSTEM_FAMILY_LINUX
return operating_system
def testPrepareMatches(self):
"""Test the PrepareMatches function."""
file_system = self._CreateTestFileSystem()
find_spec = file_system_searcher.FindSpec(
location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py')
self.assertIsNone(find_spec._location_segments)
self.assertEqual(find_spec._number_of_location_segments, 0)
find_spec.PrepareMatches(file_system)
self.assertEqual(find_spec._location_segments, [
'usr', 'lib', 'python2.7', 'site-packages', 'dfvfs', '__init__.py'
])
self.assertEqual(find_spec._number_of_location_segments, 6)
def _FindPathSpecs(self, searcher, path):
"""Searches for path specifications that matches the path.
Args:
searcher: The file system searcher object (instance of
dfvfs.FileSystemSearcher).
path: The location of the file entry relative to the file system
of the searcher.
Returns:
A list of path specifcations.
"""
find_spec = file_system_searcher.FindSpec(
location_regex=path, case_sensitive=False)
return list(searcher.Find(find_specs=[find_spec]))
def GuessOS(searcher):
"""Returns a string representing what we think the underlying OS is.
The available return strings are:
* Linux
* MacOSX
* Windows
Args:
searcher: The file system searcher object (instance of
dfvfs.FileSystemSearcher).
Returns:
A string indicating which OS we are dealing with.
"""
find_specs = [
file_system_searcher.FindSpec(
location=u'/etc', case_sensitive=False),
file_system_searcher.FindSpec(
location=u'/System/Library', case_sensitive=False),
file_system_searcher.FindSpec(
location=u'/Windows/System32', case_sensitive=False),
file_system_searcher.FindSpec(
location=u'/WINNT/System32', case_sensitive=False),
file_system_searcher.FindSpec(
location=u'/WINNT35/System32', case_sensitive=False),
file_system_searcher.FindSpec(
location=u'/WTSRV/System32', case_sensitive=False)]
locations = []
for path_spec in searcher.Find(find_specs=find_specs):
relative_path = searcher.GetRelativePath(path_spec)
if relative_path:
locations.append(relative_path.lower())
# We need to check for both forward and backward slashes since the path
# spec will be OS dependent, as in running the tool on Windows will return
# Windows paths (backward slash) vs. forward slash on *NIX systems.
windows_locations = set([
u'/windows/system32', u'\\windows\\system32', u'/winnt/system32',
u'\\winnt\\system32', u'/winnt35/system32', u'\\winnt35\\system32',
u'\\wtsrv\\system32', u'/wtsrv/system32'])
if windows_locations.intersection(set(locations)):
return definitions.OS_WINDOWS
if u'/system/library' in locations:
return definitions.OS_MACOSX
if u'/etc' in locations:
return definitions.OS_LINUX
return definitions.OS_UNKNOWN
