def testMatches(self): """Tests the Matches function.""" specification_store = specification.FormatSpecificationStore() format_specification = specification.FormatSpecification('regf') format_specification.AddNewSignature(b'regf', offset=0) specification_store.AddSpecification(format_specification) test_filter = file_entry_filters.SignaturesFileEntryFilter( specification_store, ['regf']) # Test a filter match. test_path = self._GetTestFilePath(['NTUSER.DAT']) os_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path) file_entry = path_spec_resolver.Resolver.OpenFileEntry(os_path_spec) self.assertTrue(test_filter.Matches(file_entry)) # Test a filter non-match. test_path = self._GetTestFilePath(['test_pe.exe']) os_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path) file_entry = path_spec_resolver.Resolver.OpenFileEntry(os_path_spec) self.assertFalse(test_filter.Matches(file_entry))
def testGetScanner(self): """Tests the _GetScanner function.""" test_filter = file_entry_filters.SignaturesFileEntryFilter(None, []) test_filter._GetScanner(None, []) self.assertIsNone(test_filter._file_scanner) specification_store = specification.FormatSpecificationStore() format_specification = specification.FormatSpecification('no_offset') format_specification.AddNewSignature(b'test1') specification_store.AddSpecification(format_specification) format_specification = specification.FormatSpecification( 'negative_offset') format_specification.AddNewSignature(b'test2', offset=-4) specification_store.AddSpecification(format_specification) format_specification = specification.FormatSpecification( 'positive_offset') format_specification.AddNewSignature(b'test3', offset=4) specification_store.AddSpecification(format_specification) with self.assertRaises(TypeError): # Currently pysigscan does not support patterns without an offset. test_filter._GetScanner(specification_store, ['no_offset']) file_scanner = test_filter._GetScanner(specification_store, ['negative_offset']) self.assertIsNotNone(file_scanner) file_scanner = test_filter._GetScanner(specification_store, ['positive_offset']) self.assertIsNotNone(file_scanner)
def testPrint(self): """Tests the Print function.""" output_writer = cli_test_lib.TestBinaryOutputWriter(encoding='utf-8') specification_store = specification.FormatSpecificationStore() specification_store.AddNewSpecification('7z') test_filter = file_entry_filters.SignaturesFileEntryFilter( specification_store, ['7z', 'bzip2']) test_filter.Print(output_writer) expected_output = [b'\tsignature identifiers: 7z', b''] output = output_writer.ReadOutput() # Compare the output as list of lines which makes it easier to spot # differences. self.assertEqual(output.split(b'\n'), expected_output)
def _ParseSignatureIdentifiers(self, data_location, signature_identifiers): """Parses the signature identifiers. Args: data_location (str): location of the format specification file, for example, "signatures.conf". signature_identifiers (str): comma separated signature identifiers. Raises: IOError: if the format specification file could not be read from the specified data location. OSError: if the format specification file could not be read from the specified data location. ValueError: if no data location was specified. """ if not signature_identifiers: return if not data_location: raise ValueError('Missing data location.') path = os.path.join(data_location, 'signatures.conf') if not os.path.exists(path): raise IOError( 'No such format specification file: {0:s}'.format(path)) try: specification_store = self._ReadSpecificationFile(path) except IOError as exception: raise IOError( ('Unable to read format specification file: {0:s} with error: ' '{1!s}').format(path, exception)) signature_identifiers = signature_identifiers.lower() signature_identifiers = [ identifier.strip() for identifier in signature_identifiers.split(',') ] file_entry_filter = file_entry_filters.SignaturesFileEntryFilter( specification_store, signature_identifiers) self._filter_collection.AddFilter(file_entry_filter)