def test_get_string(self):
"""Tests the get_string function."""
security_identifier = pyfwnt.security_identifier()
security_identifier.copy_from_byte_stream(self._TEST_DATA)
string = security_identifier.get_string()
self.assertEqual(string, 'S-1-5-21-623811015-3229964156-30300820-1013')
def test_get_string(self):
"""Tests the get_string function."""
security_identifier = pyfwnt.security_identifier()
security_identifier.copy_from_byte_stream(self._TEST_DATA)
string = security_identifier.get_string()
self.assertEqual(string, 'S-1-5-21-623811015-3229964156-30300820-1013')
def _ParseIdentifierMappingRecord(self, parser_mediator, table_name,
record_index, esedb_record):
"""Extracts an identifier mapping from a SruDbIdMapTable record.
Args:
parser_mediator (ParserMediator): mediates interactions between parsers
and other components, such as storage and dfvfs.
table_name (str): name of the table the record is stored in.
record_index (int): ESE record index.
esedb_record (pyesedb.record): ESE record.
Returns:
tuple[int, str]: numeric identifier and its string representation or
None, None if no identifier mapping can be retrieved from the record.
"""
record_values = self._GetRecordValues(parser_mediator, table_name,
record_index, esedb_record)
identifier = record_values.get('IdIndex', None)
if identifier is None:
parser_mediator.ProduceExtractionWarning(
'IdIndex value missing from table: SruDbIdMapTable')
return None, None
identifier_type = record_values.get('IdType', None)
if identifier_type not in self._SUPPORTED_IDENTIFIER_TYPES:
parser_mediator.ProduceExtractionWarning(
'unsupported IdType value: {0!s} in table: SruDbIdMapTable'.
format(identifier_type))
return None, None
mapped_value = record_values.get('IdBlob', None)
if mapped_value is None:
parser_mediator.ProduceExtractionWarning(
'IdBlob value missing from table: SruDbIdMapTable')
return None, None
if identifier_type == 3:
try:
fwnt_identifier = pyfwnt.security_identifier()
fwnt_identifier.copy_from_byte_stream(mapped_value)
mapped_value = fwnt_identifier.get_string()
except IOError:
parser_mediator.ProduceExtractionWarning(
'unable to decode IdBlob value as Windows NT security identifier'
)
return None, None
else:
try:
mapped_value = mapped_value.decode('utf-16le').rstrip('\0')
except UnicodeDecodeError:
parser_mediator.ProduceExtractionWarning(
'unable to decode IdBlob value as UTF-16 little-endian string'
)
return None, None
return identifier, mapped_value
def test_copy_from_byte_stream(self):
"""Tests the copy_from_byte_stream function."""
security_identifier = pyfwnt.security_identifier()
security_identifier.copy_from_byte_stream(self._TEST_DATA)
with self.assertRaises(TypeError):
security_identifier.copy_from_byte_stream(None)
with self.assertRaises(IOError):
security_identifier.copy_from_byte_stream(self._TEST_DATA[:4])
def test_copy_from_byte_stream(self):
"""Tests the copy_from_byte_stream function."""
security_identifier = pyfwnt.security_identifier()
security_identifier.copy_from_byte_stream(self._TEST_DATA)
with self.assertRaises(TypeError):
security_identifier.copy_from_byte_stream(None)
with self.assertRaises(IOError):
security_identifier.copy_from_byte_stream(self._TEST_DATA[:4])
def _ParseIdentifierMappingRecord(
self, parser_mediator, table_name, esedb_record):
"""Extracts an identifier mapping from a SruDbIdMapTable record.
Args:
parser_mediator (ParserMediator): mediates interactions between parsers
and other components, such as storage and dfvfs.
table_name (str): name of the table the record is stored in.
esedb_record (pyesedb.record): record.
Returns:
tuple[int, str]: numeric identifier and its string representation or
None, None if no identifier mapping can be retrieved from the record.
"""
record_values = self._GetRecordValues(
parser_mediator, table_name, esedb_record)
identifier = record_values.get('IdIndex', None)
if identifier is None:
parser_mediator.ProduceExtractionError(
'IdIndex value missing from table: SruDbIdMapTable')
return None, None
identifier_type = record_values.get('IdType', None)
if identifier_type not in self._SUPPORTED_IDENTIFIER_TYPES:
parser_mediator.ProduceExtractionError(
'unsupported IdType value: {0!s} in table: SruDbIdMapTable'.format(
identifier_type))
return None, None
mapped_value = record_values.get('IdBlob', None)
if mapped_value is None:
parser_mediator.ProduceExtractionError(
'IdBlob value missing from table: SruDbIdMapTable')
return None, None
if identifier_type == 3:
try:
fwnt_identifier = pyfwnt.security_identifier()
fwnt_identifier.copy_from_byte_stream(mapped_value)
mapped_value = fwnt_identifier.get_string()
except IOError:
parser_mediator.ProduceExtractionError(
'unable to decode IdBlob value as Windows NT security identifier')
return None, None
else:
try:
mapped_value = mapped_value.decode('utf-16le').rstrip('\0')
except UnicodeDecodeError:
parser_mediator.ProduceExtractionError(
'unable to decode IdBlob value as UTF-16 little-endian string')
return None, None
return identifier, mapped_value