def testBasicInterpolation(self): """Test Basic.""" kb = self._MakeKnowledgeBase() path = "{systemroot}\\test" new_path = flow_utils.InterpolatePath(path, kb, users=None) self.assertEqual(new_path.lower(), "c:\\windows\\test") new_path = flow_utils.InterpolatePath("{does_not_exist}", kb) self.assertEqual(new_path, "")
def testBasicInterpolation(self): """Test Basic.""" client = self._MakeClientRecord() path = "{systemroot}\\test" new_path = flow_utils.InterpolatePath(path, client, users=None) self.assertEqual(new_path.lower(), "c:\\windows\\test") new_path = flow_utils.InterpolatePath("{does_not_exist}", client) self.assertEqual(new_path, "")
def StartRequests(self): """Generate and send the Find requests.""" client = aff4.FACTORY.Open(self.client_id, token=self.token) usernames = [ "%s\\%s" % (u.userdomain, u.username) for u in self.state.users ] usernames = [u.lstrip("\\") for u in usernames] # Strip \\ if no domain. condition = rdf_file_finder.FileFinderCondition( condition_type=( rdf_file_finder.FileFinderCondition.Type.CONTENTS_REGEX_MATCH), contents_regex_match=rdf_file_finder. FileFinderContentsRegexMatchCondition( regex=self.args.data_regex, mode=rdf_file_finder.FileFinderContentsRegexMatchCondition. Mode.FIRST_HIT)) for path in self.state.all_paths: full_paths = flow_utils.InterpolatePath(path, client, users=usernames) for full_path in full_paths: self.CallFlow( file_finder.FileFinder.__name__, paths=[os.path.join(full_path, "**5")], pathtype=self.args.pathtype, conditions=[condition], action=rdf_file_finder.FileFinderAction.Download(), next_state="HandleResults")
def Start(self): """Redirect to start on the workers and not in the UI.""" # Figure out which paths we are going to check. if data_store.RelationalDBReadEnabled(): client = data_store.REL_DB.ReadClientSnapshot(self.client_id) kb = client.knowledge_base system = kb.os else: client = aff4.FACTORY.Open(self.client_id, token=self.token) system = client.Get(client.Schema.SYSTEM) kb = client.Get(client.Schema.KNOWLEDGE_BASE) paths = BROWSER_PATHS.get(system) self.state.all_paths = [] if self.args.check_chrome: self.state.all_paths += paths.get("Chrome", []) if self.args.check_ie: self.state.all_paths += paths.get("IE", []) if self.args.check_firefox: self.state.all_paths += paths.get("Firefox", []) if not self.state.all_paths: raise flow.FlowError("Unsupported system %s for CacheGrep" % system) self.state.users = [] for user in self.args.grep_users: user_info = flow_utils.GetUserInfo(kb, user) if not user_info: raise flow.FlowError("No such user %s" % user) self.state.users.append(user_info) usernames = [ "%s\\%s" % (u.userdomain, u.username) for u in self.state.users ] usernames = [u.lstrip("\\") for u in usernames] # Strip \\ if no domain. condition = rdf_file_finder.FileFinderCondition( condition_type=( rdf_file_finder.FileFinderCondition.Type.CONTENTS_REGEX_MATCH), contents_regex_match=rdf_file_finder. FileFinderContentsRegexMatchCondition( regex=self.args.data_regex, mode=rdf_file_finder.FileFinderContentsRegexMatchCondition. Mode.FIRST_HIT)) for path in self.state.all_paths: full_paths = flow_utils.InterpolatePath(path, kb, users=usernames) for full_path in full_paths: self.CallFlow( file_finder.FileFinder.__name__, paths=[os.path.join(full_path, "**5")], pathtype=self.args.pathtype, conditions=[condition], action=rdf_file_finder.FileFinderAction.Download(), next_state="HandleResults")
def testUserInterpolation(self): """User interpolation returns a list of paths.""" client = self._MakeClientRecord() path = "hotexamples_com\\dir" new_path = flow_utils.InterpolatePath(path, client, users=["test"]) self.assertEqual(new_path[0].lower(), "c:\\users\\test\\dir") path = "{systemroot}\\{last_logon}\\dir" new_path = flow_utils.InterpolatePath(path, client, users=["test"]) self.assertEqual(new_path[0].lower(), "c:\\windows\\2012-11-10 00:00:00\\dir") path = "hotexamples_com\\a" new_path = flow_utils.InterpolatePath(path, client, users=["test", "test2"]) self.assertEqual(len(new_path), 2) self.assertEqual(new_path[0].lower(), "c:\\users\\test\\a") self.assertEqual(new_path[1].lower(), "c:\\users\\test2\\a") new_path = flow_utils.InterpolatePath( "{does_not_exist}", client, users=["test"]) self.assertEqual(new_path, [])