def testUserInterpolation(self):
"""User interpolation returns a list of paths."""
path = "hotexamples_com\\dir"
new_path = flow_utils.InterpolatePath(path,
self.client,
users=["test"])
self.assertEqual(new_path[0].lower(), "c:\\users\\test\\dir")
path = "{systemroot}\\{last_logon}\\dir"
new_path = flow_utils.InterpolatePath(path,
self.client,
users=["test"])
self.assertEqual(new_path[0].lower(),
"c:\\windows\\2012-11-10 00:00:00\\dir")
path = "hotexamples_com\\a"
new_path = flow_utils.InterpolatePath(path,
self.client,
users=["test", "test2"])
self.assertEqual(len(new_path), 2)
self.assertEqual(new_path[0].lower(), "c:\\users\\test\\a")
self.assertEqual(new_path[1].lower(), "c:\\users\\test2\\a")
new_path = flow_utils.InterpolatePath("{does_not_exist}",
self.client,
users=["test"])
self.assertEqual(new_path, [])
def testBasicInterpolation(self):
"""Test Basic."""
path = "{systemroot}\\test"
new_path = flow_utils.InterpolatePath(path, self.client, users=None)
self.assertEqual(new_path.lower(), "c:\\windows\\test")
new_path = flow_utils.InterpolatePath("{does_not_exist}", self.client)
self.assertEqual(new_path, "")
def StartRequests(self):
"""Generate and send the Find requests."""
client = aff4.FACTORY.Open(self.client_id, token=self.token)
if self.runner.output is not None:
self.runner.output.Set(
self.runner.output.Schema.DESCRIPTION("CacheGrep for {0}".format(
self.args.data_regex)))
usernames = ["%s\\%s" % (u.domain, u.username) for u in self.state.users]
usernames = [u.lstrip("\\") for u in usernames] # Strip \\ if no domain.
condition = rdfvalue.FileFinderCondition(
condition_type=rdfvalue.FileFinderCondition.Type.CONTENTS_REGEX_MATCH,
contents_regex_match=rdfvalue.FileFinderContentsRegexMatchCondition(
regex=self.args.data_regex,
mode=rdfvalue.FileFinderContentsRegexMatchCondition.Mode.FIRST_HIT))
for path in self.state.all_paths:
full_paths = flow_utils.InterpolatePath(path, client, users=usernames)
for full_path in full_paths:
self.CallFlow(
"FileFinder",
paths=[os.path.join(full_path, "**5")],
pathtype=self.state.args.pathtype,
conditions=[condition],
action=rdfvalue.FileFinderAction(
action_type=rdfvalue.FileFinderAction.Action.DOWNLOAD),
next_state="HandleResults")
def StartRequests(self):
"""Generate and send the Find requests."""
client = aff4.FACTORY.Open(self.client_id, token=self.token)
usernames = [
"%s\\%s" % (u.userdomain, u.username) for u in self.state.users
]
usernames = [u.lstrip("\\")
for u in usernames] # Strip \\ if no domain.
condition = rdf_file_finder.FileFinderCondition(
condition_type=(
rdf_file_finder.FileFinderCondition.Type.CONTENTS_REGEX_MATCH),
contents_regex_match=rdf_file_finder.
FileFinderContentsRegexMatchCondition(
regex=self.args.data_regex,
mode=rdf_file_finder.FileFinderContentsRegexMatchCondition.
Mode.FIRST_HIT))
for path in self.state.all_paths:
full_paths = flow_utils.InterpolatePath(path,
client,
users=usernames)
for full_path in full_paths:
self.CallFlow(file_finder.FileFinder.__name__,
paths=[os.path.join(full_path, "**5")],
pathtype=self.args.pathtype,
conditions=[condition],
action=rdf_file_finder.FileFinderAction(
action_type=rdf_file_finder.FileFinderAction.
Action.DOWNLOAD),
next_state="HandleResults")
def StartRequests(self):
"""Generate and send the Find requests."""
client = aff4.FACTORY.Open(self.client_id, token=self.token)
if self.runner.output:
self.runner.output.Set(
self.runner.output.Schema.DESCRIPTION("CacheGrep for {0}".format(
self.args.data_regex)))
usernames = ["%s\\%s" % (u.domain, u.username) for u in self.state.users]
usernames = [u.lstrip("\\") for u in usernames] # Strip \\ if no domain.
for path in self.state.all_paths:
full_paths = flow_utils.InterpolatePath(path, client, users=usernames)
for full_path in full_paths:
findspec = rdfvalue.FindSpec(data_regex=self.args.data_regex)
findspec.iterator.number = 800
findspec.pathspec.path = full_path
findspec.pathspec.pathtype = self.args.pathtype
self.CallFlow("FetchFiles", findspec=findspec,
next_state="HandleResults")
