def Handle(self, args, token=None):
ValidateVfsPath(args.file_path)
if args.timestamp:
age = args.timestamp
else:
age = aff4.ALL_TIMES
file_obj = aff4.FACTORY.Open(args.client_id.ToClientURN().Add(
args.file_path),
mode="r",
age=age,
token=token)
if data_store.RelationalDBReadEnabled(category="vfs"):
# These are not really "files" so they cannot be stored in the database
# but they still can be queried so we need to return something. Sometimes
# they contain a trailing slash so we need to take care of that.
#
# TODO(hanuszczak): Require VFS paths to be normalized so that trailing
# slash is either forbidden or mandatory.
if args.file_path.endswith("/"):
args.file_path = args.file_path[:-1]
if args.file_path in ["fs", "registry", "temp", "fs/os", "fs/tsk"]:
api_file = ApiFile()
api_file.name = api_file.path = args.file_path
api_file.is_directory = True
return ApiGetFileDetailsResult(file=api_file)
path_type, components = rdf_objects.ParseCategorizedPath(
args.file_path)
# TODO(hanuszczak): The tests passed even without support for timestamp
# filtering. The test suite should be probably improved in that regard.
path_id = rdf_objects.PathID(components)
path_info = data_store.REL_DB.FindPathInfoByPathID(
str(args.client_id),
path_type,
path_id,
timestamp=args.timestamp)
if path_info:
stat_entry = path_info.stat_entry
else:
stat_entry = rdf_client.StatEntry()
else:
stat_entry = None
return ApiGetFileDetailsResult(file=ApiFile().InitFromAff4Object(
file_obj, stat_entry=stat_entry, with_details=True))
def CreateFileVersion(client_id, path, content, timestamp, token=None):
"""Add a new version for a file."""
with test_lib.FakeTime(timestamp):
with aff4.FACTORY.Create(
client_id.Add(path), aff4_type=aff4_grr.VFSFile, mode="w",
token=token) as fd:
fd.Write(content)
fd.Set(fd.Schema.CONTENT_LAST, rdfvalue.RDFDatetime.Now())
if data_store.RelationalDBWriteEnabled():
path_type, components = rdf_objects.ParseCategorizedPath(path)
path_info = rdf_objects.PathInfo()
path_info.path_type = path_type
path_info.components = components
path_info.directory = False
data_store.REL_DB.WritePathInfos(client_id.Basename(), [path_info])
def CreateFolder(client_id, path, timestamp, token=None):
"""Creates a VFS folder."""
with test_lib.FakeTime(timestamp):
with aff4.FACTORY.Create(
client_id.Add(path),
aff4_type=aff4_standard.VFSDirectory,
mode="w",
token=token) as _:
pass
if data_store.RelationalDBWriteEnabled():
path_type, components = rdf_objects.ParseCategorizedPath(path)
path_info = rdf_objects.PathInfo()
path_info.path_type = path_type
path_info.components = components
path_info.directory = True
data_store.REL_DB.WritePathInfos(client_id.Basename(), [path_info])
def CreateFileVersions(self, client_id, file_path):
"""Add a new version for a file."""
path_type, components = rdf_objects.ParseCategorizedPath(file_path)
with test_lib.FakeTime(self.time_1):
token = access_control.ACLToken(username="******")
fd = aff4.FACTORY.Create(client_id.Add(file_path),
aff4.AFF4MemoryStream,
mode="w",
token=token)
fd.Write("Hello World")
fd.Close()
if data_store.RelationalDBWriteEnabled():
path_info = rdf_objects.PathInfo()
path_info.path_type = path_type
path_info.components = components
path_info.directory = False
data_store.REL_DB.WritePathInfos(client_id.Basename(),
[path_info])
with test_lib.FakeTime(self.time_2):
fd = aff4.FACTORY.Create(client_id.Add(file_path),
aff4.AFF4MemoryStream,
mode="w",
token=token)
fd.Write("Goodbye World")
fd.Close()
if data_store.RelationalDBWriteEnabled():
path_info = rdf_objects.PathInfo()
path_info.path_type = path_type
path_info.components = components
path_info.directory = False
data_store.REL_DB.WritePathInfos(client_id.Basename(),
[path_info])
def testParseIncorrect(self):
with self.assertRaisesRegexp(ValueError, "path"):
objects.ParseCategorizedPath("foo/bar")
with self.assertRaisesRegexp(ValueError, "path"):
objects.ParseCategorizedPath("fs")
def testParseTskExtraSlashes(self):
path_type, components = objects.ParseCategorizedPath(
"/fs///tsk/foo///bar")
self.assertEqual(path_type, objects.PathInfo.PathType.TSK)
self.assertEqual(components, ["foo", "bar"])
def testParseOsRoot(self):
path_type, components = objects.ParseCategorizedPath("fs/os")
self.assertEqual(path_type, objects.PathInfo.PathType.OS)
self.assertEqual(components, [])
def testParseTemp(self):
path_type, components = objects.ParseCategorizedPath(
"temp/os/registry")
self.assertEqual(path_type, objects.PathInfo.PathType.TEMP)
self.assertEqual(components, ["os", "registry"])
def testParseRegistry(self):
path_type, components = objects.ParseCategorizedPath(
"registry/thud/blargh")
self.assertEqual(path_type, objects.PathInfo.PathType.REGISTRY)
self.assertEqual(components, ["thud", "blargh"])
def testParseTsk(self):
path_type, components = objects.ParseCategorizedPath(
"fs/tsk/quux/norf")
self.assertEqual(path_type, objects.PathInfo.PathType.TSK)
self.assertEqual(components, ["quux", "norf"])
def testParseOs(self):
path_type, components = objects.ParseCategorizedPath("fs/os/foo/bar")
self.assertEqual(path_type, objects.PathInfo.PathType.OS)
self.assertEqual(components, ["foo", "bar"])
def _HandleRelational(self, args, token=None):
client_id = args.client_id.ToClientURN()
if not args.file_path or args.file_path == "/":
return self._GetRootChildren(args, token=token)
if args.file_path == "fs":
return self._GetFilesystemChildren(args)
path_type, components = rdf_objects.ParseCategorizedPath(
args.file_path)
path_id = rdf_objects.PathID(components)
child_path_ids = data_store.REL_DB.FindDescendentPathIDs(
client_id=client_id.Basename(),
path_type=path_type,
path_id=path_id,
max_depth=1)
child_path_infos = data_store.REL_DB.FindPathInfosByPathIDs(
client_id=client_id.Basename(),
path_type=path_type,
path_ids=child_path_ids).values()
items = []
for child_path_info in child_path_infos:
if args.directories_only and not child_path_info.directory:
continue
child_item = ApiFile()
child_item.name = child_path_info.basename
if path_type == rdf_objects.PathInfo.PathType.OS:
prefix = "fs/os/"
elif path_type == rdf_objects.PathInfo.PathType.TSK:
prefix = "fs/tsk/"
elif path_type == rdf_objects.PathInfo.PathType.REGISTRY:
prefix = "registry/"
elif path_type == rdf_objects.PathInfo.PathType.TEMP:
prefix = "temp/"
child_item.path = prefix + "/".join(child_path_info.components)
# TODO(hanuszczak): `PathInfo#directory` tells us whether given path has
# ever been observed as a directory. Is this what we want here or should
# we use `st_mode` information instead?
child_item.is_directory = child_path_info.directory
child_item.stat = child_path_info.stat_entry
# The `age` field collides with RDF `age` pseudo-property so `Set` lets us
# set the right thing.
child_item.Set("age", child_path_info.timestamp)
items.append(child_item)
# TODO(hanuszczak): Instead of getting the whole list from the database and
# then filtering the results we should do the filtering directly in the
# database query.
if args.filter:
pattern = re.compile(args.filter, re.IGNORECASE)
is_matching = lambda item: pattern.search(item.name)
items = filter(is_matching, items)
items.sort(key=lambda item: item.path)
if args.count:
items = items[args.offset:args.offset + args.count]
else:
items = items[args.offset:]
return ApiListFilesResult(items=items)