def collect(self): # Make a filespec for the root directory. root = common.FileSpec(self.path, path_sep=self.path_sep) # Now we just build a glob pattern for recursing into the # directory. glob = root.add("**%s" % self.depth) glob_plugin = self._session.plugins.glob(globs=[glob.name], path_sep=glob.path_sep) for row in glob_plugin.collect(): result = row["path"] yield dict(dirname=unicode(result.filename.dirname), filename=unicode(result.filename.basename), st_mode=result.st_mode, st_mode_str=result.st_mode, st_ino=result.st_ino, st_dev=result.st_dev, st_nlink=result.st_nlink, st_uid=result.st_uid.uid, st_gid=result.st_gid.gid, st_size=result.st_size, st_atime=int(result.st_atime), st_mtime=int(result.st_mtime), st_ctime=int(result.st_ctime))
def list(self): for drive in get_drives(): yield self.from_stat(common.FileSpec( filename=drive, path_sep=self.filename.path_sep, filesystem=self.filename.filesystem), session=self.session)
def testFileSpecUnix(self): test_obj = common.FileSpec("/usr/bin/ls") self.assertEqual(test_obj.basename, "ls") self.assertEqual(unicode(test_obj.dirname), "/usr/bin") self.assertEqual(test_obj.components(), ["usr", "bin", "ls"]) self.assertEqual(test_obj.os_path(), "/usr/bin/ls") # It does not matter if the path has a / at the end or not. It # still refers to the same object. test_obj = common.FileSpec("/usr/bin/") self.assertEqual(test_obj.basename, "bin") self.assertEqual(unicode(test_obj.dirname), "/usr") test_obj = common.FileSpec("/") self.assertEqual(test_obj.basename, "") self.assertEqual(unicode(test_obj.dirname), "/") self.assertEqual(test_obj.components(), [])
def from_stat(cls, filespec, session=None): filespec = common.FileSpec(filespec) # The root path. if filespec.name == filespec.path_sep: return WindowsRootFileInformation(session=session, filename=filespec) return super(WindowsFileInformation, cls).from_stat(filespec, session=session)
def testFileSpecWindows(self): """Test windows paths.""" test_obj = common.FileSpec("c:\\Windows\System32\\notepad.exe", path_sep="\\") self.assertEqual(test_obj.basename, "notepad.exe") self.assertEqual(unicode(test_obj.dirname), "c:\\Windows\\System32") self.assertEqual(test_obj.components(), ["c:", "Windows", "System32", "notepad.exe"]) self.assertEqual(test_obj.os_path(), "c:\\Windows\System32\\notepad.exe")
def collect_globs(self, globs): root_spec = common.FileSpec( self.plugin_args.root, filesystem=self.plugin_args.filesystem, path_sep=self.plugin_args.path_sep) expanded_globs = [] for glob in globs: expanded_globs.extend(self._interpolate_grouping(glob)) component_tree = {} for glob in expanded_globs: node = component_tree for component in self.convert_glob_into_path_components(glob): node = node.setdefault(component, {}) root_file = common.FileFactory(root_spec, session=self.session) for item in self._filter(component_tree, root_file): yield item
def testComponents(self): self.component_cache = utils.FastStore(50) literal = files.LiteralComponent(session=self.session, cache=self.component_cache, component="passwd") path_spec = common.FileSpec("/etc") result = list(literal.filter(path_spec)) self.assertTrue("/etc/passwd" in [unicode(x) for x in result]) regex = files.RegexComponent(session=self.session, cache=self.component_cache, component="pass.+") result = list(regex.filter(path_spec)) self.assertTrue("/etc/passwd" in [unicode(x) for x in result]) recursive = files.RecursiveComponent(session=self.session, cache=self.component_cache, component=".+") result = list(recursive.filter(path_spec)) self.assertTrue("/etc/ssh/ssh_config" in [unicode(x) for x in result])
def __init__(self, filename=None, **kwargs): filename = common.FileSpec(filename, filesystem="Reg", path_sep="\\") super(RegistryKeyInformation, self).__init__(filename=filename, **kwargs) self.hive = self.key_name = self.value_name = self.value = "" self.value_type = "REG_NONE" self.st_mode = stat.S_IFDIR path_components = self.filename.components() if not path_components: return # The first component MUST be a hive self.hive = path_components[0] self._hive_handle = KeyHandle(getattr(_winreg, self.hive, None)) if self._hive_handle is None: raise IOError("Unknown hive name %s" % self.hive) # Maybe its a key. try: self._read_key(path_components) except exceptions.WindowsError: # Nop - maybe its a value then. self._read_value(path_components)
def collect_globs(self, globs): component_tree = self.make_component_tree(globs) root = common.FileSpec(self.plugin_args.root, path_sep=self.plugin_args.path_sep) for path in self._filter(component_tree, root): yield common.FileFactory(path, session=self.session)
def convert_glob_into_path_components(self, pattern): """Converts a glob pattern into a list of pathspec components. Wildcards are also converted to regular expressions. The pathspec components do not span directories, and are marked as a regex or a literal component. We also support recursion into directories using the ** notation. For example, /home/**2/foo.txt will find all files named foo.txt recursed 2 directories deep. If the directory depth is omitted, it defaults to 3. Example: /home/test**/*exe -> [{path: 'home', type: "LITERAL", {path: 'test.*\\Z(?ms)', type: "RECURSIVE", {path: '.*exe\\Z(?ms)', type="REGEX"}]] Args: pattern: A glob expression with wildcards. Returns: A list of PathSpec instances for each component. Raises: ValueError: If the glob is invalid. """ pattern_components = common.FileSpec( pattern, path_sep=self.plugin_args.path_sep).components() components = [] for path_component in pattern_components: if not path_component: continue # A ** in the path component means recurse into directories that # match the pattern. m = self.RECURSION_REGEX.search(path_component) if m: depth = 3 # Allow the user to override the recursion depth. if m.group(1): depth = int(m.group(1)) path_component = path_component.replace(m.group(0), "*") component = RecursiveComponent( session=self.session, component=fnmatch.translate(path_component), cache=self.component_cache, depth=depth) elif self.GLOB_MAGIC_CHECK.search(path_component): component = RegexComponent( session=self.session, cache=self.component_cache, component=fnmatch.translate(path_component)) else: component = LiteralComponent( session=self.session, cache=self.component_cache, component=path_component) components.append(component) return components