def testSearchFileContentDownload(self):
pattern = "searching/*.log"
client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile",
"FingerprintFile", "HashBuffer",
"TransferBuffer")
path = os.path.join(self.base_path, pattern)
# Do not provide a Grep expression - should match all files.
args = grep.SearchFileContentArgs(paths=[path], also_download=True)
# Run the flow.
for s in test_lib.TestFlowHelper(
"SearchFileContent",
client_mock,
client_id=self.client_id,
args=args,
token=self.token):
session_id = s
fd = aff4.FACTORY.Open(
session_id.Add(flow_runner.RESULTS_SUFFIX), token=self.token)
self.assertEqual(len(fd), 3)
for log in aff4.FACTORY.Open(
rdfvalue.RDFURN(self.client_id).Add("/fs/os/").Add(self.base_path).Add(
"searching"),
token=self.token).OpenChildren():
self.assertTrue(isinstance(log, aff4_grr.VFSBlobImage))
# Make sure there is some data.
self.assertGreater(len(log), 0)
def testSearchFileContents(self):
pattern = "searching/*.log"
client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile")
path = os.path.join(self.base_path, pattern)
args = grep.SearchFileContentArgs(
paths=[path], pathtype=rdf_paths.PathSpec.PathType.OS)
args.grep.literal = rdf_standard.LiteralExpression(
"session opened for user dearjohn")
args.grep.mode = rdf_client.GrepSpec.Mode.ALL_HITS
# Run the flow.
for s in test_lib.TestFlowHelper(
"SearchFileContent",
client_mock,
client_id=self.client_id,
args=args,
token=self.token):
session_id = s
fd = aff4.FACTORY.Open(
session_id.Add(flow_runner.RESULTS_SUFFIX), token=self.token)
# Make sure that there is a hit.
self.assertEqual(len(fd), 1)
first = fd[0]
self.assertEqual(first.offset, 350)
self.assertEqual(first.data,
"session): session opened for user dearjohn by (uid=0")
def testSearchFileContents(self):
pattern = "test_data/*.log"
client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile")
path = os.path.join(os.path.dirname(self.base_path), pattern)
args = grep.SearchFileContentArgs(
paths=[path], pathtype=rdf_paths.PathSpec.PathType.OS)
args.grep.literal = rdf_standard.LiteralExpression(
"session opened for user dearjohn")
args.grep.mode = rdf_client.GrepSpec.Mode.ALL_HITS
# Run the flow.
for _ in test_lib.TestFlowHelper("SearchFileContent",
client_mock,
client_id=self.client_id,
output="analysis/grep/testing",
args=args,
token=self.token):
pass
fd = aff4.FACTORY.Open(rdfvalue.RDFURN(
self.client_id).Add("/analysis/grep/testing"),
token=self.token)
# Make sure that there is a hit.
self.assertEqual(len(fd), 1)
first = fd[0]
self.assertEqual(first.offset, 350)
self.assertEqual(
first.data, "session): session opened for user dearjohn by (uid=0")
def testSearchFileContentDownload(self):
pattern = "searching/*.log"
client_mock = action_mocks.GrepClientMock()
path = os.path.join(self.base_path, pattern)
# Do not provide a Grep expression - should match all files.
args = grep.SearchFileContentArgs(paths=[path], also_download=True)
# Run the flow.
for s in test_lib.TestFlowHelper("SearchFileContent",
client_mock,
client_id=self.client_id,
args=args,
token=self.token):
session_id = s
fd = flow.GRRFlow.ResultCollectionForFID(session_id, token=self.token)
self.assertEqual(len(fd), 3)
for log in aff4.FACTORY.Open(rdfvalue.RDFURN(
self.client_id).Add("/fs/os/").Add(
self.base_path).Add("searching"),
token=self.token).OpenChildren():
self.assertTrue(isinstance(log, aff4_grr.VFSBlobImage))
# Make sure there is some data.
self.assertGreater(len(log), 0)
def testSearchFileContents(self):
pattern = "searching/*.log"
client_mock = action_mocks.GrepClientMock()
path = os.path.join(self.base_path, pattern)
args = grep.SearchFileContentArgs(
paths=[path], pathtype=rdf_paths.PathSpec.PathType.OS)
args.grep.literal = rdf_standard.LiteralExpression(
"session opened for user dearjohn")
args.grep.mode = rdf_client.GrepSpec.Mode.ALL_HITS
# Run the flow.
for s in test_lib.TestFlowHelper("SearchFileContent",
client_mock,
client_id=self.client_id,
args=args,
token=self.token):
session_id = s
fd = flow.GRRFlow.ResultCollectionForFID(session_id, token=self.token)
# Make sure that there is a hit.
self.assertEqual(len(fd), 1)
first = fd[0]
self.assertEqual(first.offset, 350)
self.assertEqual(
first.data, "session): session opened for user dearjohn by (uid=0")
def testSearchFileContentsNoGrep(self):
"""Search files without a grep specification."""
pattern = "searching/*.log"
client_mock = action_mocks.GrepClientMock()
path = os.path.join(self.base_path, pattern)
# Do not provide a Grep expression - should match all files.
args = grep.SearchFileContentArgs(paths=[path])
# Run the flow.
for s in test_lib.TestFlowHelper("SearchFileContent",
client_mock,
client_id=self.client_id,
args=args,
token=self.token):
session_id = s
fd = flow.GRRFlow.ResultCollectionForFID(session_id, token=self.token)
self.assertEqual(len(fd), 3)
def testSearchFileContentsNoGrep(self):
"""Search files without a grep specification."""
pattern = "searching/*.log"
client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile")
path = os.path.join(self.base_path, pattern)
# Do not provide a Grep expression - should match all files.
args = grep.SearchFileContentArgs(paths=[path])
# Run the flow.
for s in test_lib.TestFlowHelper(
"SearchFileContent",
client_mock,
client_id=self.client_id,
args=args,
token=self.token):
session_id = s
fd = aff4.FACTORY.Open(
session_id.Add(flow_runner.RESULTS_SUFFIX), token=self.token)
self.assertEqual(len(fd), 3)
def testSearchFileContentsNoGrep(self):
"""Search files without a grep specification."""
pattern = "test_data/*.log"
client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile")
path = os.path.join(os.path.dirname(self.base_path), pattern)
# Do not provide a Grep expression - should match all files.
args = grep.SearchFileContentArgs(paths=[path])
# Run the flow.
for _ in test_lib.TestFlowHelper("SearchFileContent",
client_mock,
client_id=self.client_id,
output="analysis/grep/testing",
args=args,
token=self.token):
pass
fd = aff4.FACTORY.Open(rdfvalue.RDFURN(
self.client_id).Add("/analysis/grep/testing"),
token=self.token)
self.assertEqual(len(fd), 3)
