def testSearchFileContentDownload(self): pattern = "searching/*.log" client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile", "FingerprintFile", "HashBuffer", "TransferBuffer") path = os.path.join(self.base_path, pattern) # Do not provide a Grep expression - should match all files. args = grep.SearchFileContentArgs(paths=[path], also_download=True) # Run the flow. for s in test_lib.TestFlowHelper( "SearchFileContent", client_mock, client_id=self.client_id, args=args, token=self.token): session_id = s fd = aff4.FACTORY.Open( session_id.Add(flow_runner.RESULTS_SUFFIX), token=self.token) self.assertEqual(len(fd), 3) for log in aff4.FACTORY.Open( rdfvalue.RDFURN(self.client_id).Add("/fs/os/").Add(self.base_path).Add( "searching"), token=self.token).OpenChildren(): self.assertTrue(isinstance(log, aff4_grr.VFSBlobImage)) # Make sure there is some data. self.assertGreater(len(log), 0)
def testSearchFileContents(self): pattern = "searching/*.log" client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile") path = os.path.join(self.base_path, pattern) args = grep.SearchFileContentArgs( paths=[path], pathtype=rdf_paths.PathSpec.PathType.OS) args.grep.literal = rdf_standard.LiteralExpression( "session opened for user dearjohn") args.grep.mode = rdf_client.GrepSpec.Mode.ALL_HITS # Run the flow. for s in test_lib.TestFlowHelper( "SearchFileContent", client_mock, client_id=self.client_id, args=args, token=self.token): session_id = s fd = aff4.FACTORY.Open( session_id.Add(flow_runner.RESULTS_SUFFIX), token=self.token) # Make sure that there is a hit. self.assertEqual(len(fd), 1) first = fd[0] self.assertEqual(first.offset, 350) self.assertEqual(first.data, "session): session opened for user dearjohn by (uid=0")
def testSearchFileContents(self): pattern = "test_data/*.log" client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile") path = os.path.join(os.path.dirname(self.base_path), pattern) args = grep.SearchFileContentArgs( paths=[path], pathtype=rdf_paths.PathSpec.PathType.OS) args.grep.literal = rdf_standard.LiteralExpression( "session opened for user dearjohn") args.grep.mode = rdf_client.GrepSpec.Mode.ALL_HITS # Run the flow. for _ in test_lib.TestFlowHelper("SearchFileContent", client_mock, client_id=self.client_id, output="analysis/grep/testing", args=args, token=self.token): pass fd = aff4.FACTORY.Open(rdfvalue.RDFURN( self.client_id).Add("/analysis/grep/testing"), token=self.token) # Make sure that there is a hit. self.assertEqual(len(fd), 1) first = fd[0] self.assertEqual(first.offset, 350) self.assertEqual( first.data, "session): session opened for user dearjohn by (uid=0")
def testSearchFileContentDownload(self): pattern = "searching/*.log" client_mock = action_mocks.GrepClientMock() path = os.path.join(self.base_path, pattern) # Do not provide a Grep expression - should match all files. args = grep.SearchFileContentArgs(paths=[path], also_download=True) # Run the flow. for s in test_lib.TestFlowHelper("SearchFileContent", client_mock, client_id=self.client_id, args=args, token=self.token): session_id = s fd = flow.GRRFlow.ResultCollectionForFID(session_id, token=self.token) self.assertEqual(len(fd), 3) for log in aff4.FACTORY.Open(rdfvalue.RDFURN( self.client_id).Add("/fs/os/").Add( self.base_path).Add("searching"), token=self.token).OpenChildren(): self.assertTrue(isinstance(log, aff4_grr.VFSBlobImage)) # Make sure there is some data. self.assertGreater(len(log), 0)
def testSearchFileContents(self): pattern = "searching/*.log" client_mock = action_mocks.GrepClientMock() path = os.path.join(self.base_path, pattern) args = grep.SearchFileContentArgs( paths=[path], pathtype=rdf_paths.PathSpec.PathType.OS) args.grep.literal = rdf_standard.LiteralExpression( "session opened for user dearjohn") args.grep.mode = rdf_client.GrepSpec.Mode.ALL_HITS # Run the flow. for s in test_lib.TestFlowHelper("SearchFileContent", client_mock, client_id=self.client_id, args=args, token=self.token): session_id = s fd = flow.GRRFlow.ResultCollectionForFID(session_id, token=self.token) # Make sure that there is a hit. self.assertEqual(len(fd), 1) first = fd[0] self.assertEqual(first.offset, 350) self.assertEqual( first.data, "session): session opened for user dearjohn by (uid=0")
def testSearchFileContentsNoGrep(self): """Search files without a grep specification.""" pattern = "searching/*.log" client_mock = action_mocks.GrepClientMock() path = os.path.join(self.base_path, pattern) # Do not provide a Grep expression - should match all files. args = grep.SearchFileContentArgs(paths=[path]) # Run the flow. for s in test_lib.TestFlowHelper("SearchFileContent", client_mock, client_id=self.client_id, args=args, token=self.token): session_id = s fd = flow.GRRFlow.ResultCollectionForFID(session_id, token=self.token) self.assertEqual(len(fd), 3)
def testSearchFileContentsNoGrep(self): """Search files without a grep specification.""" pattern = "searching/*.log" client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile") path = os.path.join(self.base_path, pattern) # Do not provide a Grep expression - should match all files. args = grep.SearchFileContentArgs(paths=[path]) # Run the flow. for s in test_lib.TestFlowHelper( "SearchFileContent", client_mock, client_id=self.client_id, args=args, token=self.token): session_id = s fd = aff4.FACTORY.Open( session_id.Add(flow_runner.RESULTS_SUFFIX), token=self.token) self.assertEqual(len(fd), 3)
def testSearchFileContentsNoGrep(self): """Search files without a grep specification.""" pattern = "test_data/*.log" client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile") path = os.path.join(os.path.dirname(self.base_path), pattern) # Do not provide a Grep expression - should match all files. args = grep.SearchFileContentArgs(paths=[path]) # Run the flow. for _ in test_lib.TestFlowHelper("SearchFileContent", client_mock, client_id=self.client_id, output="analysis/grep/testing", args=args, token=self.token): pass fd = aff4.FACTORY.Open(rdfvalue.RDFURN( self.client_id).Add("/analysis/grep/testing"), token=self.token) self.assertEqual(len(fd), 3)