def testSearchFileContents(self): pattern = "test_data/*.log" client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile") path = os.path.join(os.path.dirname(self.base_path), pattern) args = rdfvalue.SearchFileContentArgs( paths=[path], pathtype=rdfvalue.PathSpec.PathType.OS) args.grep.literal = rdfvalue.LiteralExpression( "session opened for user dearjohn") args.grep.mode = rdfvalue.GrepSpec.Mode.ALL_HITS # Run the flow. for _ in test_lib.TestFlowHelper("SearchFileContent", client_mock, client_id=self.client_id, output="analysis/grep/testing", args=args, token=self.token): pass fd = aff4.FACTORY.Open(rdfvalue.RDFURN( self.client_id).Add("/analysis/grep/testing"), token=self.token) # Make sure that there is a hit. self.assertEqual(len(fd), 1) first = fd[0] self.assertEqual(first.offset, 350) self.assertEqual( first.data, "session): session opened for user dearjohn by (uid=0")
def testSearchFileContentDownload(self): pattern = "test_data/*.log" client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile", "FingerprintFile", "HashBuffer", "TransferBuffer") path = os.path.join(os.path.dirname(self.base_path), pattern) # Do not provide a Grep expression - should match all files. args = rdfvalue.SearchFileContentArgs(paths=[path], also_download=True) # Run the flow. for _ in test_lib.TestFlowHelper("SearchFileContent", client_mock, client_id=self.client_id, output="analysis/grep/testing", args=args, token=self.token): pass fd = aff4.FACTORY.Open(rdfvalue.RDFURN( self.client_id).Add("/analysis/grep/testing"), token=self.token) self.assertEqual(len(fd), 3) for log in aff4.FACTORY.Open(rdfvalue.RDFURN( self.client_id).Add("/fs/os/").Add(self.base_path), token=self.token).OpenChildren(): self.assertTrue(isinstance(log, aff4.VFSBlobImage)) # Make sure there is some data. self.assertGreater(len(log), 0)
def testSearchFileContentsNoGrep(self): """Search files without a grep specification.""" pattern = "test_data/*.log" client_mock = action_mocks.ActionMock("Find", "Grep", "StatFile") path = os.path.join(os.path.dirname(self.base_path), pattern) # Do not provide a Grep expression - should match all files. args = rdfvalue.SearchFileContentArgs(paths=[path]) # Run the flow. for _ in test_lib.TestFlowHelper( "SearchFileContent", client_mock, client_id=self.client_id, output="analysis/grep/testing", args=args, token=self.token): pass fd = aff4.FACTORY.Open( rdfvalue.RDFURN(self.client_id).Add("/analysis/grep/testing"), token=self.token) self.assertEqual(len(fd), 3)