def test_multiple_mbr_plugins_for_same_id(self): detector = FilesystemDetector() detector.register_mbr_plugin(self.mbr_fs_id, object()) detector.register_mbr_plugin(self.mbr_fs_id, object()) self.assertEqual(len(detector.get_mbr_plugins(fs_id=self.mbr_fs_id)), 2)
def test_multiple_gpt_plugins_for_same_id(self): detector = FilesystemDetector() detector.register_gpt_plugin(self.guid_fs_id, object()) detector.register_gpt_plugin(self.guid_fs_id, object()) self.assertEqual(len(detector.get_gpt_plugins( fs_guid=uuid.UUID(self.guid_fs_id))), 2)
def test_multiple_mbr_plugins_for_same_id(self): detector = FilesystemDetector() detector.register_mbr_plugin(self.mbr_fs_id, object()) detector.register_mbr_plugin(self.mbr_fs_id, object()) self.assertEqual(len(detector.get_mbr_plugins( fs_id=self.mbr_fs_id)), 2)
def register(self): """Registers this plugin with \ :class:`~rawdisk.filesystems.detector.FilesystemDetector` \ as gpt plugin, with type guid *{426f6f74-0000-11aa-aa11-00306543ecac}* """ detector = FilesystemDetector() detector.add_gpt_plugin(uuid.UUID("{426f6f74-0000-11aa-aa11-00306543ecac}"), self)
def load(self, filename, bs=512): """Starts filesystem analysis. Detects supported filesystems and \ loads :attr:`partitions` array. Args: filename - Path to file or device for reading. Raises: IOError - File/device does not exist or is not readable. """ self.__filename = filename self.__volumes = [] # Detect partitioning scheme self.__partition_scheme = rawdisk.scheme.common.detect_scheme(filename) plugin_objects = [plugin.plugin_object for plugin in self.__fs_plugins] fs_detector = FilesystemDetector(fs_plugins=plugin_objects) if self.__partition_scheme == PartitionScheme.SCHEME_MBR: self.__load_mbr_volumes(filename, fs_detector, bs) elif self.__partition_scheme == PartitionScheme.SCHEME_GPT: self.__load_gpt_volumes(filename, fs_detector, bs) else: self.logger.warning('Partitioning scheme could not be determined.') # try detecting standalone volume volume = fs_detector.detect_standalone(filename, offset=0) if volume is not None: volume.load(filename, offset=0) self.__volumes.append(volume) else: self.logger.warning( 'Were not able to detect standalone volume type')
def load(self, filename, bs=512): """Starts filesystem analysis. Detects supported filesystems and \ loads :attr:`partitions` array. Args: filename - Path to file or device for reading. Raises: IOError - File/device does not exist or is not readable. """ self.__filename = filename self.__volumes = [] # Detect partitioning scheme self.__partition_scheme = rawdisk.scheme.common.detect_scheme(filename) plugin_objects = [plugin.plugin_object for plugin in self.__fs_plugins] fs_detector = FilesystemDetector(fs_plugins=plugin_objects) if self.__partition_scheme == PartitionScheme.SCHEME_MBR: self.__load_mbr_volumes(filename, fs_detector, bs) elif self.__partition_scheme == PartitionScheme.SCHEME_GPT: self.__load_gpt_volumes(filename, fs_detector, bs) else: self.logger.warning('Partitioning scheme could not be determined.') # try detecting standalone volume volume = fs_detector.detect_standalone(filename, offset=0) if volume is not None: volume.load(filename, offset=0) self.__volumes.append(volume) else: self.logger.warning( 'Were not able to detect standalone volume type')
def test_detect_mbr_returns_none_when_plugin_returns_false(self): detector = FilesystemDetector() mbr_plugin_mock = Mock() mbr_plugin_mock.get_volume_object.return_value = "volume" mbr_plugin_mock.detect.return_value = False detector.register_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock) volume_object = detector.detect_mbr("filename", 0, self.mbr_fs_id) self.assertIsNone(volume_object)
def test_detect_mbr_returns_valid_volume_object(self): detector = FilesystemDetector() mbr_plugin_mock = Mock() mbr_plugin_mock.get_volume_object.return_value = "volume" mbr_plugin_mock.detect.return_value = True detector.register_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock) volume_object = detector.detect_mbr("filename", 0, self.mbr_fs_id) self.assertEqual(volume_object, "volume")
def test_detect_mbr_returns_valid_volume_object(self): detector = FilesystemDetector() mbr_plugin_mock = Mock() mbr_plugin_mock.get_volume_object.return_value = "volume" mbr_plugin_mock.detect.return_value = True detector.register_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock) volume_object = detector.detect_mbr("filename", 0, self.mbr_fs_id) self.assertEqual(volume_object, "volume")
def test_detect_mbr_returns_none_when_plugin_returns_false(self): detector = FilesystemDetector() mbr_plugin_mock = Mock() mbr_plugin_mock.get_volume_object.return_value = "volume" mbr_plugin_mock.detect.return_value = False detector.register_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock) volume_object = detector.detect_mbr("filename", 0, self.mbr_fs_id) self.assertIsNone(volume_object)
def register(self): """Registers this plugin with \ :class:`~rawdisk.filesystems.detector.FilesystemDetector` \ as gpt plugin, with type guid *{426f6f74-0000-11aa-aa11-00306543ecac}* """ detector = FilesystemDetector() detector.add_gpt_plugin( uuid.UUID('{426f6f74-0000-11aa-aa11-00306543ecac}'), self)
def test_detect_gpt_returns_valid_volume_object(self): detector = FilesystemDetector() gpt_plugin_mock = Mock() gpt_plugin_mock.get_volume_object.return_value = "volume" gpt_plugin_mock.detect.return_value = True detector.add_gpt_plugin(self.guid_fs_id, gpt_plugin_mock) volume_object = detector.detect_gpt("filename", 0, self.guid_fs_id) self.assertEquals(volume_object, "volume")
def register(self): """Registers this plugin with \ :class:`~rawdisk.filesystems.detector.FilesystemDetector` \ as gpt plugin, with type guid *{48465300-0000-11AA-AA11-00306543ECAC}* """ detector = FilesystemDetector() detector.add_gpt_plugin( uuid.UUID('{48465300-0000-11AA-AA11-00306543ECAC}'), self)
def test_multiple_gpt_plugins_for_same_id(self): detector = FilesystemDetector() detector.register_gpt_plugin(self.guid_fs_id, object()) detector.register_gpt_plugin(self.guid_fs_id, object()) self.assertEqual( len(detector.get_gpt_plugins(fs_guid=uuid.UUID(self.guid_fs_id))), 2)
def test_detect_gpt_returns_none_when_plugin_returns_false(self): detector = FilesystemDetector() gpt_plugin_mock = Mock() gpt_plugin_mock.get_volume_object.return_value = "volume" gpt_plugin_mock.detect.return_value = False detector.add_gpt_plugin(self.guid_fs_id, gpt_plugin_mock) volume_object = detector.detect_gpt("filename", 0, self.guid_fs_id) self.assertIsNone(volume_object)
def register(self): """Registers this plugin with \ :class:`~rawdisk.filesystems.detector.FilesystemDetector` \ as gpt plugin, with type guid *{C12A7328-F81F-11D2-BA4B-00A0C93EC93B}* """ detector = FilesystemDetector() detector.add_gpt_plugin( uuid.UUID('{C12A7328-F81F-11D2-BA4B-00A0C93EC93B}'), self)
def test_detect_gpt_returns_valid_volume_object(self): detector = FilesystemDetector() gpt_plugin_mock = Mock() gpt_plugin_mock.get_volume_object.return_value = "volume" gpt_plugin_mock.detect.return_value = True detector.register_gpt_plugin(self.guid_fs_id, gpt_plugin_mock) volume_object = detector.detect_gpt("filename", 0, uuid.UUID(self.guid_fs_id)) self.assertEqual(volume_object, "volume")
def test_singleton(self): detector = FilesystemDetector() self.assertEquals(len(detector.mbr_plugins), 0) detector.add_mbr_plugin(self.mbr_fs_id, object()) detector.add_gpt_plugin(self.guid_fs_id, object()) detector2 = FilesystemDetector() self.assertEquals(len(detector2.mbr_plugins), 1) self.assertEquals(len(detector2.gpt_plugins), 1)
def register(self): """Registers this plugin with \ :class:`~rawdisk.filesystems.detector.FilesystemDetector` \ as gpt plugin, with type guid *{C12A7328-F81F-11D2-BA4B-00A0C93EC93B}* """ detector = FilesystemDetector() detector.add_gpt_plugin( uuid.UUID('{C12A7328-F81F-11D2-BA4B-00A0C93EC93B}'), self )
def test_detect_mbr_calls_detect_on_mbr_plugin(self): filename = "filename" offset = 0x10 detector = FilesystemDetector() mbr_plugin_mock = Mock() mbr_plugin_mock.get_volume_object.return_value = "volume" detector.add_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock) detector.detect_mbr(filename, offset, self.mbr_fs_id) mbr_plugin_mock.detect.assert_called_once_with(filename, offset)
def test_detect_gpt_calls_detect_on_gpt_plugin(self): offset = 0x10 filename = "filename" detector = FilesystemDetector() gpt_plugin_mock = Mock() gpt_plugin_mock.get_volume_object.return_value = "volume" detector.add_gpt_plugin(self.guid_fs_id, gpt_plugin_mock) detector.detect_gpt(filename, offset, self.guid_fs_id) gpt_plugin_mock.detect.assert_called_once_with(filename, offset)
def register(self): """Registers this plugin with \ :class:`~rawdisk.filesystems.detector.FilesystemDetector` \ as gpt plugin, with type guid *{48465300-0000-11AA-AA11-00306543ECAC}* """ detector = FilesystemDetector() detector.add_gpt_plugin( uuid.UUID('{48465300-0000-11AA-AA11-00306543ECAC}'), self )
def test_detect_standalone_calls_plugin_detect_with_standalone_arg(self): detector = FilesystemDetector() offset = 0x10 filename = "filename" mbr_plugin_mock = Mock() mbr_plugin_mock.get_volume_object.return_value = "volume" detector.register_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock) detector.detect_standalone(filename, offset) mbr_plugin_mock.detect.assert_called_once_with( filename, offset, standalone=True)
def register(self): """Registers this plugin with :class:`FilesystemDetector \ <rawdisk.filesystems.detector.FilesystemDetector>` as gpt plugin, \ with type guid *{EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}* and \ as mbr plugin with type id 0x07 """ detector = FilesystemDetector() detector.add_mbr_plugin(0x07, self) detector.add_gpt_plugin( uuid.UUID('{EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}'), self )
def load(self, filename): """Starts filesystem analysis. Detects supported filesystems and \ loads :attr:`partitions` array. Args: filename - Path to file or device for reading. Raises: IOError - File/device does not exist or is not readable. """ self.filename = filename # Detect partitioning scheme self.scheme = rawdisk.scheme.common.detect_scheme(filename) detector = FilesystemDetector() if (self.scheme == rawdisk.scheme.common.SCHEME_MBR): mbr = rawdisk.scheme.mbr.Mbr(filename) # Go through table entries and analyse ones that are supported for entry in mbr.partition_table.entries: volume = detector.detect_mbr( filename, entry.part_offset, entry.part_type ) if (volume is not None): volume.load(filename, entry.part_offset) self.partitions.append(volume) elif (self.scheme == rawdisk.scheme.common.SCHEME_GPT): gpt = rawdisk.scheme.gpt.Gpt() gpt.load(filename) for entry in gpt.partition_entries: volume = detector.detect_gpt( filename, entry.first_lba * 512, entry.type_guid ) if (volume is not None): volume.load(filename, entry.first_lba * 512) self.partitions.append(volume) elif (self.scheme == rawdisk.scheme.common.SCHEME_UNKNOWN): print 'Partitioning scheme is not supported.' else: print 'Partitioning scheme could not be determined.'
def test_init_with_plugin_list_registers_plugins(self): mbr_plugin_mock = Mock() mbr_plugin_mock.mbr_identifiers = [self.mbr_fs_id] mbr_plugin_mock.gpt_identifiers = [] gpt_plugin_mock = Mock() gpt_plugin_mock.mbr_identifiers = [] gpt_plugin_mock.gpt_identifiers = [self.guid_fs_id] detector = FilesystemDetector( fs_plugins=[mbr_plugin_mock, gpt_plugin_mock]) detector.detect_mbr( filename="filename", offset=0x10, fs_id=self.mbr_fs_id) mbr_plugin_mock.detect.assert_called_once_with("filename", 0x10) detector.detect_gpt( filename="filename", offset=0x20, fs_guid=uuid.UUID(self.guid_fs_id) ) gpt_plugin_mock.detect.assert_called_once_with("filename", 0x20)
class TestNtfsPlugin(unittest.TestCase): def setUp(self): self.filename = "sample_images/ntfs_mbr.vhd" self.offset = SAMPLE_NTFS_PART_OFFSET self.p = NtfsPlugin() self.detector = FilesystemDetector() def test_detect(self): self.assertTrue(self.p.detect(self.filename, self.offset)) self.assertFalse(self.p.detect(self.filename, self.offset + 1)) def test_register(self): self.p.register() mbr_plugins = self.detector.mbr_plugins.get(0x07) gpt_plugins = self.detector.gpt_plugins.get(uuid.UUID("{EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}")) self.assertEquals(len(mbr_plugins), 1) self.assertEquals(len(gpt_plugins), 1) def tearDown(self): # remove plugin registration self.detector._clear_plugins()
class TestNtfsPlugin(unittest.TestCase): def setUp(self): self.filename = 'sample_images/ntfs_mbr.vhd' self.offset = SAMPLE_NTFS_PART_OFFSET self.p = Ntfs() self.detector = FilesystemDetector() def test_detect(self): self.assertTrue(self.p.detect(self.filename, self.offset)) self.assertFalse(self.p.detect(self.filename, self.offset + 1)) def test_register(self): self.p.register() mbr_plugins = self.detector.mbr_plugins.get(0x07) gpt_plugins = self.detector.gpt_plugins.get( uuid.UUID('{EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}')) self.assertEqual(len(mbr_plugins), 1) self.assertEqual(len(gpt_plugins), 1) def tearDown(self): # remove plugin registration self.detector._clear_plugins()
def test_detect_mbr_calls_detect_on_mbr_plugin(self): filename = "filename" offset = 0x10 detector = FilesystemDetector() mbr_plugin_mock = Mock() mbr_plugin_mock.get_volume_object.return_value = "volume" detector.register_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock) detector.detect_mbr(filename, offset, self.mbr_fs_id) mbr_plugin_mock.detect.assert_called_once_with(filename, offset)
def test_detect_gpt_calls_detect_on_gpt_plugin(self): offset = 0x10 filename = "filename" detector = FilesystemDetector() gpt_plugin_mock = Mock() gpt_plugin_mock.get_volume_object.return_value = "volume" detector.register_gpt_plugin(self.guid_fs_id, gpt_plugin_mock) detector.detect_gpt(filename, offset, uuid.UUID(self.guid_fs_id)) gpt_plugin_mock.detect.assert_called_once_with(filename, offset)
def register(self): """Registers this plugin with :class:`FilesystemDetector \ <rawdisk.filesystems.detector.FilesystemDetector>` as gpt plugin, \ with type guid *{EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}* and \ as mbr plugin with type id 0x07 """ detector = FilesystemDetector() detector.add_mbr_plugin(0x07, self) detector.add_gpt_plugin( uuid.UUID('{EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}'), self)
def test_detect_standalone_calls_plugin_detect_with_standalone_arg(self): detector = FilesystemDetector() offset = 0x10 filename = "filename" mbr_plugin_mock = Mock() mbr_plugin_mock.get_volume_object.return_value = "volume" detector.register_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock) detector.detect_standalone(filename, offset) mbr_plugin_mock.detect.assert_called_once_with(filename, offset, standalone=True)
def test_init_with_plugin_list_registers_plugins(self): mbr_plugin_mock = Mock() mbr_plugin_mock.mbr_identifiers = [self.mbr_fs_id] mbr_plugin_mock.gpt_identifiers = [] gpt_plugin_mock = Mock() gpt_plugin_mock.mbr_identifiers = [] gpt_plugin_mock.gpt_identifiers = [self.guid_fs_id] detector = FilesystemDetector( fs_plugins=[mbr_plugin_mock, gpt_plugin_mock]) detector.detect_mbr(filename="filename", offset=0x10, fs_id=self.mbr_fs_id) mbr_plugin_mock.detect.assert_called_once_with("filename", 0x10) detector.detect_gpt(filename="filename", offset=0x20, fs_guid=uuid.UUID(self.guid_fs_id)) gpt_plugin_mock.detect.assert_called_once_with("filename", 0x20)
def setUp(self): self.filename = 'sample_images/ntfs_mbr.vhd' self.offset = SAMPLE_NTFS_PART_OFFSET self.p = Ntfs() self.detector = FilesystemDetector()
def test_detection_with_no_plugins(self): detector = FilesystemDetector() self.assertIsNone(detector.detect_mbr("filename", 0, self.mbr_fs_id)) self.assertIsNone(detector.detect_gpt("filename", 0, self.guid_fs_id))
def test_multiple_gpt_plugins_for_same_id(self): detector = FilesystemDetector() detector.add_gpt_plugin(self.guid_fs_id, object()) detector.add_gpt_plugin(self.guid_fs_id, object()) self.assertEquals(len(detector.gpt_plugins.get(self.guid_fs_id)), 2)
def test_detection_with_no_plugins(self): detector = FilesystemDetector() self.assertIsNone(detector.detect_mbr("filename", 0, self.mbr_fs_id)) self.assertIsNone(detector.detect_gpt("filename", 0, self.guid_fs_id))
def setUp(self): self.filename = "sample_images/ntfs_mbr.vhd" self.offset = SAMPLE_NTFS_PART_OFFSET self.p = NtfsPlugin() self.detector = FilesystemDetector()