def testMatches(self): """Test the Matches function.""" file_system = self._CreateTestFileSystem() path_spec = fake_path_spec.FakePathSpec( location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py') file_entry = file_system.GetFileEntryByPathSpec(path_spec) find_spec = file_system_searcher.FindSpec( location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py', location_separator='/') result = find_spec.Matches(file_entry) self.assertEqual(result, (True, True)) result = find_spec.Matches(file_entry, search_depth=6) self.assertEqual(result, (True, True)) result = find_spec.Matches(file_entry, search_depth=0) self.assertEqual(result, (False, True)) find_spec = file_system_searcher.FindSpec( location='/usr/lib/python2.7/site-packages/dfvfs/bogus.py', location_separator='/') result = find_spec.Matches(file_entry, search_depth=6) self.assertEqual(result, (False, False))
def testCheckLocation(self): """Test the _CheckLocation() function.""" file_system = self._CreateTestFileSystem() path_spec = fake_path_spec.FakePathSpec( location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py') file_entry = file_system.GetFileEntryByPathSpec(path_spec) find_spec = file_system_searcher.FindSpec( location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py', location_separator='/') result = find_spec._CheckLocation(file_entry, 6) self.assertTrue(result) result = find_spec._CheckLocation(file_entry, 0) self.assertTrue(result) result = find_spec._CheckLocation(file_entry, 5) self.assertFalse(result) find_spec = file_system_searcher.FindSpec( location='/usr/lib/python2.7/site-packages/dfvfs/bogus.py', location_separator='/') result = find_spec._CheckLocation(file_entry, 6) self.assertFalse(result)
def testCompareNameWithLocationSegment(self): """Test the CompareNameWithLocationSegment function.""" file_system = self._CreateTestFileSystem() path_spec = fake_path_spec.FakePathSpec( location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py') file_entry = file_system.GetFileEntryByPathSpec(path_spec) find_spec = file_system_searcher.FindSpec( location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py', location_separator='/') result = find_spec.CompareNameWithLocationSegment(file_entry, 6) self.assertTrue(result) result = find_spec.CompareNameWithLocationSegment(file_entry, 5) self.assertFalse(result) # Currently comparing against the root location segment always # returns True. result = find_spec.CompareNameWithLocationSegment(file_entry, 0) self.assertTrue(result) find_spec = file_system_searcher.FindSpec( location='/usr/lib/python2.7/site-packages/dfvfs/bogus.py', location_separator='/') result = find_spec.CompareNameWithLocationSegment(file_entry, 6) self.assertFalse(result)
def testInitialize(self): """Test the __init__ function.""" find_spec = file_system_searcher.FindSpec(location='location') self.assertIsNotNone(find_spec) find_spec = file_system_searcher.FindSpec(location=['location']) self.assertIsNotNone(find_spec) with self.assertRaises(TypeError): find_spec = file_system_searcher.FindSpec(location={}) find_spec = file_system_searcher.FindSpec(location_glob='loca?ion') self.assertIsNotNone(find_spec) find_spec = file_system_searcher.FindSpec(location_glob=['loca?ion']) self.assertIsNotNone(find_spec) with self.assertRaises(TypeError): find_spec = file_system_searcher.FindSpec(location_glob={}) find_spec = file_system_searcher.FindSpec(location_regex='loca.ion') self.assertIsNotNone(find_spec) find_spec = file_system_searcher.FindSpec(location_regex=['loca.ion']) self.assertIsNotNone(find_spec) with self.assertRaises(TypeError): find_spec = file_system_searcher.FindSpec(location_regex={}) with self.assertRaises(ValueError): find_spec = file_system_searcher.FindSpec(location='location', location_glob='loca?ion')
def _FindPathSpec(self, path): """Searches for a path specification. Args: path: the path of the Windows Registry file. Returns: A path specification (instance of dfvfs.PathSpec) of the Windows Registry file. Raises: IOError: If the Windows Registry file cannot be found. """ path, _, filename = path.rpartition(u'/') # TODO: determine why this first find is used add comment or remove. # It does not appear to help with making sure path segment separate # is correct. find_spec = file_system_searcher.FindSpec( location=path, case_sensitive=False) path_specs = list(self._searcher.Find(find_specs=[find_spec])) if not path_specs or len(path_specs) != 1: raise IOError( u'Unable to find directory: {0:s}'.format(path)) relative_path = self._searcher.GetRelativePath(path_specs[0]) if not relative_path: raise IOError(u'Unable to determine relative path of: {0:s}'.format(path)) # The path is split in segments to make it path segement separator # independent (and thus platform independent). path_segments = self._searcher.SplitPath(relative_path) path_segments.append(filename) find_spec = file_system_searcher.FindSpec( location=path_segments, case_sensitive=False) path_specs = list(self._searcher.Find(find_specs=[find_spec])) if not path_specs: raise IOError( u'Unable to find file: {0:s} in directory: {1:s}'.format( filename, relative_path)) if len(path_specs) != 1: raise IOError(( u'Find for file: {0:s} in directory: {1:s} returned {2:d} ' u'results.').format(filename, relative_path, len(path_specs))) if not relative_path: raise IOError( u'Missing file: {0:s} in directory: {1:s}'.format( filename, relative_path)) return path_specs[0]
def testHasLocation(self): """Test the HasLocation function.""" find_spec = file_system_searcher.FindSpec() result = find_spec.HasLocation() self.assertFalse(result) find_spec = file_system_searcher.FindSpec( location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py', location_separator='/') result = find_spec.HasLocation() self.assertTrue(result)
def _FindRegistryPaths(self, searcher, pattern): """Return a list of Windows Registry file paths. Args: searcher: The file system searcher object (instance of dfvfs.FileSystemSearcher). pattern: The pattern to find. """ # TODO: optimize this in one find. hive_paths = [] file_path, _, file_name = pattern.rpartition(u'/') # The path is split in segments to make it path segment separator # independent (and thus platform independent). path_segments = file_path.split(u'/') if not path_segments[0]: path_segments = path_segments[1:] find_spec = file_system_searcher.FindSpec( location_regex=path_segments, case_sensitive=False) path_specs = list(searcher.Find(find_specs=[find_spec])) if not path_specs: logging.debug(u'Directory: {0:s} not found'.format(file_path)) return hive_paths for path_spec in path_specs: directory_location = getattr(path_spec, 'location', None) if not directory_location: raise errors.PreProcessFail( u'Missing directory location for: {0:s}'.format(file_path)) # The path is split in segments to make it path segment separator # independent (and thus platform independent). path_segments = searcher.SplitPath(directory_location) path_segments.append(file_name) find_spec = file_system_searcher.FindSpec( location_regex=path_segments, case_sensitive=False) fh_path_specs = list(searcher.Find(find_specs=[find_spec])) if not fh_path_specs: logging.debug(u'File: {0:s} not found in directory: {1:s}'.format( file_name, directory_location)) continue hive_paths.extend(fh_path_specs) return hive_paths
def find_paths(self, locations, case_sensitive=False, regex=False, partitions=None): """ Fast search for paths inside the volume. Must match path depth exactly! :param locations: list of search strings :param case_sensitive: bool :param regex: bool if search strings contain regex :param partitions: optional: limit search to certain partitions (from partitions() ) :return: list of PathSpec results """ if not partitions: partitions = self.base_path_specs if not locations: LOGGER.debug("dfvfs.find_paths called with empty search specs") return specs = [] for search in locations: if regex: spec = file_system_searcher.FindSpec( location_regex=search, case_sensitive=case_sensitive) elif '*' in search or '?' in search: spec = file_system_searcher.FindSpec( location_glob=search, case_sensitive=case_sensitive) else: spec = file_system_searcher.FindSpec( location=search, case_sensitive=case_sensitive) specs.append(spec) for base_path_spec in partitions: file_system = None try: file_system = resolver.Resolver.OpenFileSystem(base_path_spec) searcher = file_system_searcher.FileSystemSearcher( file_system, base_path_spec) for result in searcher.Find(specs): yield result except dfvfs_errors.Error as error: LOGGER.warning("Encountered exception in dfVFS: %s", error) continue finally: if file_system: resolver.Resolver._resolver_context.ReleaseFileSystem( file_system)
def GetValue(self, searcher): """Returns the path as found by the searcher. Args: searcher: The file system searcher object (instance of dfvfs.FileSystemSearcher). Returns: The first path location string. Raises: PreProcessFail: if the path could not be found. """ find_spec = file_system_searcher.FindSpec(location_regex=self.PATH, case_sensitive=False) path_specs = list(searcher.Find(find_specs=[find_spec])) if not path_specs: raise errors.PreProcessFail(u'Unable to find path: {0:s}'.format( self.PATH)) path_location = getattr(path_specs[0], 'location', None) if not path_location: raise errors.PreProcessFail( u'Missing path location for: {0:s}'.format(self.PATH)) return path_location
def ExtractTargetDirToPath(self, source_path_spec, configuration, dir_path=None, file_spec=None, output_path=None): #TODO(jbc): 함수명 변경, 파일 넣어도 됨. """Extract target directory to path Args: source_path_spec: configuration: dir_path: output_path: """ try: if not file_spec: find_spec = file_system_searcher.FindSpec( case_sensitive=False, location=dir_path, location_separator='/') else: find_spec = file_spec except ValueError as exception: logger.error( 'Unable to build find specification for path: "{0:s}" with ' 'error: {1!s}'.format(dir_path, exception)) path_spec_generator = self._path_spec_extractor.ExtractPathSpecs( [source_path_spec], find_specs=[find_spec], recurse_file_system=False, resolver_context=configuration.resolver_context) for path_spec in path_spec_generator: self.DirectoryTraversal(path_spec, output_path)
def GetValue(self, searcher, unused_knowledge_base): """Returns the path as found by the searcher. Args: searcher: The file system searcher object (instance of dfvfs.FileSystemSearcher). knowledge_base: A knowledge base object (instance of KnowledgeBase), which contains information from the source data needed for parsing. Returns: The first path location string. Raises: PreProcessFail: if the path could not be found. """ find_spec = file_system_searcher.FindSpec(location_regex=self.PATH, case_sensitive=False) path_specs = list(searcher.Find(find_specs=[find_spec])) if not path_specs: raise errors.PreProcessFail(u'Unable to find path: {0:s}'.format( self.PATH)) relative_path = searcher.GetRelativePath(path_specs[0]) if not relative_path: raise errors.PreProcessFail( u'Missing relative path for: {0:s}'.format(self.PATH)) return relative_path
def Collect(self, knowledge_base, artifact_definition, searcher, file_system): """Collects values using a file artifact definition. Args: knowledge_base (KnowledgeBase): to fill with preprocessing information. artifact_definition (artifacts.ArtifactDefinition): artifact definition. searcher (dfvfs.FileSystemSearcher): file system searcher to preprocess the file system. file_system (dfvfs.FileSystem): file system to be preprocessed. Raises: PreProcessFail: if the preprocessing fails. """ for source in artifact_definition.sources: if source.type_indicator not in ( artifact_definitions.TYPE_INDICATOR_FILE, artifact_definitions.TYPE_INDICATOR_PATH): continue for path in source.paths: # Make sure the path separators used in the artifact definition # correspond to those used by the file system. path_segments = path.split(source.separator) find_spec = file_system_searcher.FindSpec( location_glob=path_segments[1:], case_sensitive=False) for path_specification in searcher.Find( find_specs=[find_spec]): self._ParsePathSpecification(knowledge_base, searcher, file_system, path_specification, source.separator)
def _FindFileEntry(self, searcher, path): """Searches for a file entry that matches the path. Args: searcher: The file system searcher object (instance of dfvfs.FileSystemSearcher). path: The location of the file entry relative to the file system of the searcher. Returns: The file entry if successful or None otherwise. Raises: errors.PreProcessFail: if the file entry cannot be found or opened. """ find_spec = file_system_searcher.FindSpec(location=path, case_sensitive=False) path_specs = list(searcher.Find(find_specs=[find_spec])) if not path_specs or len(path_specs) != 1: raise errors.PreProcessFail(u'Unable to find: {0:s}'.format(path)) try: file_entry = searcher.GetFileEntryByPathSpec(path_specs[0]) except IOError as exception: raise errors.PreProcessFail( u'Unable to retrieve file entry: {0:s} with error: {1:s}'. format(path, exception)) return file_entry
def Collect(self, mediator, artifact_definition, searcher, file_system): """Collects values using a file artifact definition. Args: mediator (PreprocessMediator): mediates interactions between preprocess plugins and other components, such as storage and knowledge base. artifact_definition (artifacts.ArtifactDefinition): artifact definition. searcher (dfvfs.FileSystemSearcher): file system searcher to preprocess the file system. file_system (dfvfs.FileSystem): file system to be preprocessed. Raises: PreProcessFail: if the preprocessing fails. """ for source in artifact_definition.sources: if source.type_indicator not in ( artifact_definitions.TYPE_INDICATOR_FILE, artifact_definitions.TYPE_INDICATOR_PATH): continue for path in source.paths: find_spec = file_system_searcher.FindSpec( case_sensitive=False, location_glob=path, location_separator=source.separator) for path_specification in searcher.Find( find_specs=[find_spec]): self._ParsePathSpecification(mediator, searcher, file_system, path_specification, source.separator)
def LoadTargetFileToMemory(self, source_path_spec, configuration, file_path=None, file_spec=None, data_stream_name=None): try: if not file_spec: find_spec = file_system_searcher.FindSpec( case_sensitive=False, location=file_path, location_separator=source_path_spec.location) else: find_spec = file_spec except ValueError as exception: logger.error( 'Unable to build find specification for path: "{0:s}" with ' 'error: {1!s}'.format(file_path, exception)) path_spec_generator = self._path_spec_extractor.ExtractPathSpecs( [source_path_spec], find_specs=[find_spec], recurse_file_system=False, resolver_context=configuration.resolver_context) for path_spec in path_spec_generator: display_name = path_helper.PathHelper.GetDisplayNameForPathSpec( path_spec) try: file_entry = path_spec_resolver.Resolver.OpenFileEntry( path_spec, resolver_context=configuration.resolver_context) if file_entry is None or not file_entry.IsFile(): logger.warning( 'Unable to open file entry with path spec: {0:s}'. format(display_name)) return False if data_stream_name: file_object = file_entry.GetFileObject( data_stream_name=data_stream_name) if not file_object: return False return file_object elif not data_stream_name: file_object = file_entry.GetFileObject() if not file_object: return False return file_object except KeyboardInterrupt: return False
def GetValue(self, searcher, unused_knowledge_base): """Determines the user accounts. Args: searcher: The file system searcher object (instance of dfvfs.FileSystemSearcher). knowledge_base: A knowledge base object (instance of KnowledgeBase), which contains information from the source data needed for parsing. Returns: A list containing username information dicts. Raises: errors.PreProcessFail: if the preprocessing fails. """ find_spec = file_system_searcher.FindSpec( location_regex=self.USER_PATH, case_sensitive=False) path_specs = list(searcher.Find(find_specs=[find_spec])) if not path_specs: raise errors.PreProcessFail(u'Unable to find user plist files.') users = [] for path_spec in path_specs: plist_file_location = getattr(path_spec, 'location', u'') if not plist_file_location: raise errors.PreProcessFail(u'Missing user plist file location.') try: top_level_object = self._OpenPlistFile(searcher, path_spec) except IOError: logging.warning(u'Unable to parse user plist file: {0:s}'.format( plist_file_location)) continue try: match = plist_interface.GetKeysDefaultEmpty( top_level_object, self._KEYS) except KeyError as exception: logging.warning( u'Unable to read user plist file: {0:s} with error: {1:s}'.format( plist_file_location, exception)) continue # TODO: as part of artifacts, create a proper object for this. user = { 'uid': match.get('uid', [-1])[0], 'path': match.get('home', [u'<not set>'])[0], 'name': match.get('name', [u'<not set>'])[0], 'realname': match.get('realname', [u'N/A'])[0]} users.append(user) if not users: raise errors.PreProcessFail(u'Unable to find any users on the system.') return users
def BuildFindSpecs(self, path_filters, environment_variables=None): """Builds find specifications from path filters. Args: path_filters (list[PathFilter]): path filters. environment_variables (Optional[list[EnvironmentVariableArtifact]]): environment variables. """ for path_filter in path_filters: for path in path_filter.paths: # Since paths are regular expression the path separator is escaped. if path_filter.path_separator == '\\': path_separator = '\\\\' else: path_separator = path_filter.path_separator expand_path = False path_segments = path.split(path_separator) for index, path_segment in enumerate(path_segments): if len(path_segment) <= 2: continue if path_segment[0] == '{' and path_segment[-1] == '}': # Rewrite legacy path expansion attributes, such as {systemroot} # into %SystemRoot%. path_segment = '%{0:s}%'.format(path_segment[1:-1]) path_segments[index] = path_segment if path_segment[0] == '%' and path_segment[-1] == '%': expand_path = True if expand_path: path_segments = path_helper.PathHelper.ExpandWindowsPathSegments( path_segments, environment_variables) if path_segments[0] != '': logger.warning(( 'The path filter must be defined as an absolute path: ' '{0:s}').format(path)) continue # Strip the root path segment. path_segments.pop(0) if not path_segments[-1]: logger.warning( 'Empty last path segment in path: {0:s}'.format(path)) continue find_spec = file_system_searcher.FindSpec( case_sensitive=False, location_regex=path_segments) if path_filter.filter_type == PathFilter.FILTER_TYPE_EXCLUDE: self.excluded_file_system_find_specs.append(find_spec) elif path_filter.filter_type == PathFilter.FILTER_TYPE_INCLUDE: self.included_file_system_find_specs.append(find_spec)
def testAtMaximumDepth(self): """Test the AtMaximumDepth function.""" find_spec = file_system_searcher.FindSpec() result = find_spec.AtMaximumDepth(6) self.assertFalse(result) find_spec = file_system_searcher.FindSpec( location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py', location_separator='/') result = find_spec.AtMaximumDepth(0) self.assertFalse(result) result = find_spec.AtMaximumDepth(6) self.assertTrue(result) result = find_spec.AtMaximumDepth(9) self.assertTrue(result)
def BuildFindSpecsFromFileArtifact(self, source_path, path_separator, environment_variables, user_accounts): """Builds find specifications from a file source type. Args: source_path (str): file system path defined by the source. path_separator (str): file system path segment separator. environment_variables (list[str]): environment variable attributes used to dynamically populate environment variables in key. user_accounts (list[str]): identified user accounts stored in the knowledge base. Returns: list[dfvfs.FindSpec]: find specifications for the file source type. """ find_specs = [] for glob_path in path_helper.PathHelper.ExpandRecursiveGlobs( source_path, path_separator): for path in path_helper.PathHelper.ExpandUsersHomeDirectoryPath( glob_path, user_accounts): if '%' in path: path = path_helper.PathHelper.ExpandWindowsPath( path, environment_variables) if not path.startswith(path_separator): logger.warning(( 'The path filter must be defined as an absolute path: ' '"{0:s}"').format(path)) continue # Convert the path filters into a list of path segments and # strip the root path segment. path_segments = path.split(path_separator) # Remove initial root entry path_segments.pop(0) if not path_segments[-1]: logger.warning( 'Empty last path segment in path filter: "{0:s}"'. format(path)) path_segments.pop(-1) try: find_spec = file_system_searcher.FindSpec( location_glob=path_segments, case_sensitive=False) except ValueError as exception: logger.error(( 'Unable to build find specification for path: "{0:s}" with ' 'error: {1!s}').format(path, exception)) continue find_specs.append(find_spec) return find_specs
def _BuildFindSpecsFromFileSourcePath(self, source_path, path_separator, environment_variables, user_accounts): """Builds find specifications from a file source type. Args: source_path (str): file system path defined by the source. path_separator (str): file system path segment separator. environment_variables (list[str]): environment variable attributes used to dynamically populate environment variables in key. user_accounts (list[str]): identified user accounts stored in the knowledge base. Returns: list[dfvfs.FindSpec]: find specifications for the file source type. """ find_specs = [] for path_glob in path_helper.PathHelper.ExpandGlobStars( source_path, path_separator): logger.debug( 'building find spec from path glob: {0:s}'.format(path_glob)) for path in path_helper.PathHelper.ExpandUsersVariablePath( path_glob, path_separator, user_accounts): logger.debug( 'building find spec from path: {0:s}'.format(path)) if '%' in path: path = path_helper.PathHelper.ExpandWindowsPath( path, environment_variables) logger.debug( 'building find spec from expanded path: {0:s}'.format( path)) if not path.startswith(path_separator): logger.warning(( 'The path filter must be defined as an absolute path: ' '"{0:s}"').format(path)) continue try: find_spec = file_system_searcher.FindSpec( case_sensitive=False, location_glob=path, location_separator=path_separator) except ValueError as exception: logger.error(( 'Unable to build find specification for path: "{0:s}" with ' 'error: {1!s}').format(path, exception)) continue find_specs.append(find_spec) return find_specs
def testCompareWithLocationSegment(self): """Test the _CompareWithLocationSegment function.""" find_spec = file_system_searcher.FindSpec( location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py', location_separator='/') result = find_spec._CompareWithLocationSegment('__init__.py', 6) self.assertTrue(result) result = find_spec._CompareWithLocationSegment('__init__.py', 0) self.assertTrue(result) result = find_spec._CompareWithLocationSegment('__init__.py', 5) self.assertFalse(result) find_spec = file_system_searcher.FindSpec( location='/usr/lib/python2.7/site-packages/dfvfs/bogus.py', location_separator='/') result = find_spec._CompareWithLocationSegment('__init__.py', 6) self.assertFalse(result)
def testCheckIsSocket(self): """Test the _CheckIsSocket function.""" file_system = self._CreateTestFileSystem() find_spec = file_system_searcher.FindSpec( file_entry_types=[definitions.FILE_ENTRY_TYPE_FILE]) path_spec = fake_path_spec.FakePathSpec( location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py') file_entry = file_system.GetFileEntryByPathSpec(path_spec) result = find_spec._CheckIsSocket(file_entry) self.assertFalse(result)
def testCompareTraits(self): """Test the CompareTraits function.""" file_system = self._CreateTestFileSystem() path_spec = fake_path_spec.FakePathSpec( location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py') file_entry = file_system.GetFileEntryByPathSpec(path_spec) find_spec = file_system_searcher.FindSpec( location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py', location_separator='/') result = find_spec.CompareTraits(file_entry) self.assertTrue(result)
def BuildFindSpecsFromFile(filter_file_path, pre_obj=None): """Returns a list of find specification from a filter file. Args: filter_file_path: A path to a file that contains find specifications. pre_obj: A preprocessing object (instance of PreprocessObject). This is optional but when provided takes care of expanding each segment. """ find_specs = [] if pre_obj: expander = dfwinreg_path_expander.WinRegistryKeyPathExpander() with open(filter_file_path, 'rb') as file_object: for line in file_object: line = line.strip() if line.startswith(u'#'): continue if pre_obj: path_attributes = pre_obj.__dict__ try: line = expander.ExpandPath(line, path_attributes=path_attributes) except KeyError as exception: logging.error(( u'Unable to use collection filter line: {0:s} with error: ' u'{1:s}').format(line, exception)) continue if not line.startswith(u'/'): logging.warning(( u'The filter string must be defined as an abolute path: ' u'{0:s}').format(line)) continue _, _, file_path = line.rstrip().rpartition(u'/') if not file_path: logging.warning( u'Unable to parse the filter string: {0:s}'.format(line)) continue # Convert the filter paths into a list of path segments and strip # the root path segment. path_segments = line.split(u'/') path_segments.pop(0) find_specs.append(file_system_searcher.FindSpec( location_regex=path_segments, case_sensitive=False)) return find_specs
def testIsLastLocationSegment(self): """Test the IsLastLocationSegment function.""" find_spec = file_system_searcher.FindSpec( location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py', location_separator='/') result = find_spec.IsLastLocationSegment(0) self.assertFalse(result) result = find_spec.IsLastLocationSegment(6) self.assertTrue(result) result = find_spec.IsLastLocationSegment(9) self.assertFalse(result)
def _FindPathSpecs(self, searcher, path): """Searches for path specifications that matches the path. Args: searcher (dfvfs.FileSystemSearcher): file system searcher. path (str): location of the file entry relative to the file system of the searcher. Returns: list[dfvfs.PathSpec]: path specifcations. """ find_spec = file_system_searcher.FindSpec(location_regex=path, case_sensitive=False) return list(searcher.Find(find_specs=[find_spec]))
def _DetermineOperatingSystem(self, searcher): """Tries to determine the underlying operating system. Args: searcher (dfvfs.FileSystemSearcher): file system searcher. Returns: str: operating system for example "Windows". This should be one of the values in definitions.OPERATING_SYSTEM_FAMILIES. """ find_specs = [ file_system_searcher.FindSpec(case_sensitive=False, location='/etc', location_separator='/'), file_system_searcher.FindSpec(case_sensitive=False, location='/System/Library', location_separator='/'), file_system_searcher.FindSpec(case_sensitive=False, location='\\Windows\\System32', location_separator='\\'), file_system_searcher.FindSpec(case_sensitive=False, location='\\WINNT\\System32', location_separator='\\'), file_system_searcher.FindSpec(case_sensitive=False, location='\\WINNT35\\System32', location_separator='\\'), file_system_searcher.FindSpec(case_sensitive=False, location='\\WTSRV\\System32', location_separator='\\') ] locations = [] for path_spec in searcher.Find(find_specs=find_specs): relative_path = searcher.GetRelativePath(path_spec) if relative_path: locations.append(relative_path.lower()) # We need to check for both forward and backward slashes since the path # spec will be OS dependent, as in running the tool on Windows will return # Windows paths (backward slash) vs. forward slash on *NIX systems. windows_locations = set([ '/windows/system32', '\\windows\\system32', '/winnt/system32', '\\winnt\\system32', '/winnt35/system32', '\\winnt35\\system32', '\\wtsrv\\system32', '/wtsrv/system32' ]) operating_system = definitions.OPERATING_SYSTEM_FAMILY_UNKNOWN if windows_locations.intersection(set(locations)): operating_system = definitions.OPERATING_SYSTEM_FAMILY_WINDOWS_NT elif '/system/library' in locations: operating_system = definitions.OPERATING_SYSTEM_FAMILY_MACOS elif '/etc' in locations: operating_system = definitions.OPERATING_SYSTEM_FAMILY_LINUX return operating_system
def testPrepareMatches(self): """Test the PrepareMatches function.""" file_system = self._CreateTestFileSystem() find_spec = file_system_searcher.FindSpec( location='/usr/lib/python2.7/site-packages/dfvfs/__init__.py') self.assertIsNone(find_spec._location_segments) self.assertEqual(find_spec._number_of_location_segments, 0) find_spec.PrepareMatches(file_system) self.assertEqual(find_spec._location_segments, [ 'usr', 'lib', 'python2.7', 'site-packages', 'dfvfs', '__init__.py' ]) self.assertEqual(find_spec._number_of_location_segments, 6)
def _FindPathSpecs(self, searcher, path): """Searches for path specifications that matches the path. Args: searcher: The file system searcher object (instance of dfvfs.FileSystemSearcher). path: The location of the file entry relative to the file system of the searcher. Returns: A list of path specifcations. """ find_spec = file_system_searcher.FindSpec( location_regex=path, case_sensitive=False) return list(searcher.Find(find_specs=[find_spec]))
def GuessOS(searcher): """Returns a string representing what we think the underlying OS is. The available return strings are: * Linux * MacOSX * Windows Args: searcher: The file system searcher object (instance of dfvfs.FileSystemSearcher). Returns: A string indicating which OS we are dealing with. """ find_specs = [ file_system_searcher.FindSpec( location=u'/etc', case_sensitive=False), file_system_searcher.FindSpec( location=u'/System/Library', case_sensitive=False), file_system_searcher.FindSpec( location=u'/Windows/System32', case_sensitive=False), file_system_searcher.FindSpec( location=u'/WINNT/System32', case_sensitive=False), file_system_searcher.FindSpec( location=u'/WINNT35/System32', case_sensitive=False), file_system_searcher.FindSpec( location=u'/WTSRV/System32', case_sensitive=False)] locations = [] for path_spec in searcher.Find(find_specs=find_specs): relative_path = searcher.GetRelativePath(path_spec) if relative_path: locations.append(relative_path.lower()) # We need to check for both forward and backward slashes since the path # spec will be OS dependent, as in running the tool on Windows will return # Windows paths (backward slash) vs. forward slash on *NIX systems. windows_locations = set([ u'/windows/system32', u'\\windows\\system32', u'/winnt/system32', u'\\winnt\\system32', u'/winnt35/system32', u'\\winnt35\\system32', u'\\wtsrv\\system32', u'/wtsrv/system32']) if windows_locations.intersection(set(locations)): return definitions.OS_WINDOWS if u'/system/library' in locations: return definitions.OS_MACOSX if u'/etc' in locations: return definitions.OS_LINUX return definitions.OS_UNKNOWN