def testAccessTimeConditionWithDifferentActions(self): expected_files = ["dpkg.log", "dpkg_false.log"] non_expected_files = ["auth.log"] change_time = rdfvalue.RDFDatetime.FromSecondsSinceEpoch(1444444440) access_time_condition = rdf_file_finder.FileFinderCondition( condition_type=rdf_file_finder.FileFinderCondition.Type. ACCESS_TIME, access_time=rdf_file_finder.FileFinderAccessTimeCondition( min_last_access_time=change_time)) for action in self.CONDITION_TESTS_ACTIONS: self.RunFlowAndCheckResults(action=action, conditions=[access_time_condition], expected_files=expected_files, non_expected_files=non_expected_files)
def testPassesAllConditionsToClientFileFinderWhenAllConditionsSpecified( self): modification_time = rdf_file_finder.FileFinderModificationTimeCondition( min_last_modified_time=rdfvalue.RDFDatetime.Now(), ) access_time = rdf_file_finder.FileFinderAccessTimeCondition( min_last_access_time=rdfvalue.RDFDatetime.Now(), ) inode_change_time = rdf_file_finder.FileFinderInodeChangeTimeCondition( min_last_inode_change_time=rdfvalue.RDFDatetime.Now(), ) size = rdf_file_finder.FileFinderSizeCondition(min_file_size=42, ) ext_flags = rdf_file_finder.FileFinderExtFlagsCondition( linux_bits_set=42, ) contents_regex_match = ( rdf_file_finder.FileFinderContentsRegexMatchCondition( regex=b"foo", )) contents_literal_match = ( rdf_file_finder.FileFinderContentsLiteralMatchCondition( literal=b"bar", )) flow_id = flow_test_lib.StartFlow( file.CollectMultipleFiles, client_id=self.client_id, path_expressions=["/some/path"], modification_time=modification_time, access_time=access_time, inode_change_time=inode_change_time, size=size, ext_flags=ext_flags, contents_regex_match=contents_regex_match, contents_literal_match=contents_literal_match, ) children = data_store.REL_DB.ReadChildFlowObjects( self.client_id, flow_id) self.assertLen(children, 1) child = children[0] self.assertEqual(child.flow_class_name, file_finder.ClientFileFinder.__name__) # We expect 7 condition-attributes to be converted # to 7 FileFinderConditions. self.assertLen(child.args.conditions, 7) def _GetCondition(condition_type): for c in child.args.conditions: if c.condition_type == condition_type: return c.UnionCast() raise RuntimeError( f"Condition of type {condition_type} not found.") self.assertEqual( _GetCondition( rdf_file_finder.FileFinderCondition.Type.MODIFICATION_TIME), modification_time) self.assertEqual( _GetCondition( rdf_file_finder.FileFinderCondition.Type.ACCESS_TIME), access_time) self.assertEqual( _GetCondition( rdf_file_finder.FileFinderCondition.Type.INODE_CHANGE_TIME), inode_change_time) self.assertEqual( _GetCondition(rdf_file_finder.FileFinderCondition.Type.SIZE), size) self.assertEqual( _GetCondition(rdf_file_finder.FileFinderCondition.Type.EXT_FLAGS), ext_flags) self.assertEqual( _GetCondition( rdf_file_finder.FileFinderCondition.Type.CONTENTS_REGEX_MATCH), contents_regex_match) self.assertEqual( _GetCondition(rdf_file_finder.FileFinderCondition.Type. CONTENTS_LITERAL_MATCH), contents_literal_match)