def testPreprocessLVM(self, mock_subprocess, mock_output):
"""Test PreprocessLosetup method on LVM."""
source_path = os.path.join('/dev/loop0')
lv_uuid = 'RI0pgm-rdy4-XxcL-5eoK-Easc-fgPq-CWaEJb'
mock_output.return_value = (
' /dev/test_volume_group/test_logical_volume1:test_volume_group:3:0:-1:'
'0:8192:1:-1:0:-1:-1:-1\n')
device = mount_local.PreprocessLosetup(source_path, lv_uuid=lv_uuid)
expected_args = [
'sudo', 'lvdisplay', '--colon', '--select',
'lv_uuid={0:s}'.format(lv_uuid)
]
mock_output.assert_called_once_with(expected_args,
universal_newlines=True)
mock_subprocess.assert_called_once_with(
['sudo', 'vgchange', '-a', 'y', 'test_volume_group'])
self.assertEqual(device, '/dev/test_volume_group/test_logical_volume1')
# Test vgchange error
mock_subprocess.reset_mock()
mock_subprocess.side_effect = CalledProcessError(1, 'vgchange')
with self.assertRaises(TurbiniaException):
mount_local.PreprocessLosetup(source_path, lv_uuid=lv_uuid)
# Test lvdisplay failure
mock_output.side_effect = CalledProcessError(1, 'lvdisplay')
with self.assertRaises(TurbiniaException):
mount_local.PreprocessLosetup(source_path, lv_uuid=lv_uuid)
def testPreprocessLosetup(self, mock_subprocess):
"""Test PreprocessLosetup method."""
current_path = os.path.abspath(os.path.dirname(__file__))
source_path = os.path.join(current_path, '..', '..', 'test_data',
'tsk_volume_system.raw')
mock_subprocess.return_value = '/dev/loop0'
device, _ = mount_local.PreprocessLosetup(source_path)
expected_args = [
'sudo', 'losetup', '--show', '--find', '-r', '-P', source_path
]
mock_subprocess.assert_called_once_with(expected_args,
universal_newlines=True)
self.assertEqual(device, '/dev/loop0')
# Test multiple partitions
mock_subprocess.reset_mock()
mock_subprocess.return_value = '/dev/loop0'
with mock.patch('glob.glob') as mock_glob:
glob_partitions = [
'loop0p1', 'loop0p2', 'loop0p3', 'loop0p5', 'loop0p6'
]
mock_glob.return_value = glob_partitions
device, partitions = mount_local.PreprocessLosetup(source_path)
self.assertEqual(device, '/dev/loop0')
self.assertEqual(partitions, glob_partitions)
# Test mount partition
mock_subprocess.reset_mock()
mock_subprocess.return_value = '/dev/loop0'
device, _ = mount_local.PreprocessLosetup(source_path,
partition_offset=180224,
partition_size=1294336)
expected_args = [
'sudo', 'losetup', '--show', '--find', '-r', '-o', '180224',
'--sizelimit', '1294336', source_path
]
mock_subprocess.assert_called_once_with(expected_args,
universal_newlines=True)
self.assertEqual(device, '/dev/loop0')
# Test losetup failure
mock_subprocess.side_effect = CalledProcessError(1, 'losetup')
with self.assertRaises(TurbiniaException):
mount_local.PreprocessLosetup(source_path)
# Test if source doesn't exist
source_path = 'test.dd'
with self.assertRaises(TurbiniaException):
mount_local.PreprocessLosetup(source_path)
def _preprocess(self, _, required_states):
if self.size is None:
self.size = mount_local.GetDiskSize(self.source_path)
if EvidenceState.ATTACHED in required_states or self.has_child_evidence:
self.device_path = mount_local.PreprocessLosetup(self.source_path)
self.state[EvidenceState.ATTACHED] = True
self.local_path = self.device_path
def _preprocess(self, _, required_states):
# Late loading the partition processor to avoid loading dfVFS unnecessarily.
from turbinia.processors import partitions
# We need to enumerate partitions in preprocessing so the path_specs match
# the parent evidence location for each task.
try:
# We should only get one path_spec here since we're specifying the location.
path_specs = partitions.Enumerate(self.parent_evidence,
self.partition_location)
except TurbiniaException as e:
log.error(e)
if len(path_specs) > 1:
path_specs_dicts = [
path_spec.CopyToDict() for path_spec in path_specs
]
raise TurbiniaException(
'Found more than one path_spec for {0:s} {1:s}: {2!s}'.format(
self.parent_evidence.name, self.partition_location,
path_specs_dicts))
elif len(path_specs) == 1:
self.path_spec = path_specs[0]
log.debug('Found path_spec {0!s} for parent evidence {1:s}'.format(
self.path_spec.CopyToDict(), self.parent_evidence.name))
else:
raise TurbiniaException(
'Could not find path_spec for location {0:s}'.format(
self.partition_location))
# In attaching a partition, we create a new loopback device using the
# partition offset and size.
if EvidenceState.ATTACHED in required_states or self.has_child_evidence:
# Check for encryption
encryption_type = partitions.GetPartitionEncryptionType(
self.path_spec)
if encryption_type == 'BDE':
self.device_path = mount_local.PreprocessBitLocker(
self.parent_evidence.device_path,
partition_offset=self.partition_offset,
credentials=self.parent_evidence.credentials)
if not self.device_path:
log.error('Could not decrypt partition.')
else:
self.device_path = mount_local.PreprocessLosetup(
self.parent_evidence.device_path,
partition_offset=self.partition_offset,
partition_size=self.partition_size,
lv_uuid=self.lv_uuid)
if self.device_path:
self.state[EvidenceState.ATTACHED] = True
self.local_path = self.device_path
if EvidenceState.MOUNTED in required_states or self.has_child_evidence:
self.mount_path = mount_local.PreprocessMountPartition(
self.device_path, self.path_spec.type_indicator)
if self.mount_path:
self.local_path = self.mount_path
self.state[EvidenceState.MOUNTED] = True
def _preprocess(self, _, required_states):
if EvidenceState.ATTACHED in required_states:
self.device_path, _ = mount_local.PreprocessLosetup(
self.source_path,
partition_offset=self.partition_offset,
partition_size=self.partition_size)
if self.device_path:
self.state[EvidenceState.ATTACHED] = True
self.local_path = self.device_path
def _preprocess(self, _, required_states):
if EvidenceState.ATTACHED in required_states:
self.device_path, partition_paths = mount_local.PreprocessLosetup(
self.source_path)
self.state[EvidenceState.ATTACHED] = True
if EvidenceState.MOUNTED in required_states:
self.mount_path = mount_local.PreprocessMountDisk(
partition_paths, self.mount_partition)
self.local_path = self.device_path
self.state[EvidenceState.MOUNTED] = True
def _preprocess(self, _):
rawdisk_path = os.path.join(self.parent_evidence.mount_path,
self.embedded_path)
if not os.path.exists(rawdisk_path):
raise TurbiniaException(
'Unable to find raw disk image {0:s} in GoogleCloudDisk'.
format(rawdisk_path))
self.device_path, partition_paths = mount_local.PreprocessLosetup(
rawdisk_path)
self.mount_path = mount_local.PreprocessMountDisk(
partition_paths, self.mount_partition)
self.local_path = self.device_path
def _preprocess(self, _, required_states):
if EvidenceState.PARENT_ATTACHED in required_states:
rawdisk_path = os.path.join(self.parent_evidence.mount_path,
self.embedded_path)
if not os.path.exists(rawdisk_path):
raise TurbiniaException(
'Unable to find raw disk image {0:s} in GoogleCloudDisk'.
format(rawdisk_path))
self.device_path, partition_paths = mount_local.PreprocessLosetup(
rawdisk_path)
self.state[EvidenceState.PARENT_ATTACHED] = True
if EvidenceState.PARENT_MOUNTED in required_states:
self.mount_path = mount_local.PreprocessMountDisk(
partition_paths, self.mount_partition)
self.local_path = self.device_path
self.state[EvidenceState.PARENT_MOUNTED] = True
def _preprocess(self, _, required_states):
# Late loading the partition processor to avoid loading dfVFS unnecessarily.
from turbinia.processors import partitions
# We need to enumerate partitions in preprocessing so the path_specs match
# the parent evidence location for each task.
try:
path_specs = partitions.Enumerate(self.parent_evidence)
except TurbiniaException as e:
log.error(e)
path_spec = partitions.GetPathSpecByLocation(path_specs,
self.partition_location)
if path_spec:
self.path_spec = path_spec
# In attaching a partition, we create a new loopback device using the
# partition offset and size.
if EvidenceState.ATTACHED in required_states or self.has_child_evidence:
# Check for encryption
encryption_type = partitions.GetPartitionEncryptionType(path_spec)
if encryption_type == 'BDE':
self.device_path = mount_local.PreprocessBitLocker(
self.parent_evidence.device_path,
partition_offset=self.partition_offset,
credentials=self.parent_evidence.credentials)
if not self.device_path:
log.error('Could not decrypt partition.')
else:
self.device_path = mount_local.PreprocessLosetup(
self.parent_evidence.device_path,
partition_offset=self.partition_offset,
partition_size=self.partition_size,
lv_uuid=self.lv_uuid)
if self.device_path:
self.state[EvidenceState.ATTACHED] = True
self.local_path = self.device_path
if EvidenceState.MOUNTED in required_states or self.has_child_evidence:
self.mount_path = mount_local.PreprocessMountPartition(
self.device_path, self.path_spec.type_indicator)
if self.mount_path:
self.local_path = self.mount_path
self.state[EvidenceState.MOUNTED] = True
def _preprocess(self, _, required_states):
# Need to mount parent disk
if not self.parent_evidence.partition_paths:
self.parent_evidence.mount_path = mount_local.PreprocessMountPartition(
self.parent_evidence.device_path)
else:
partition_paths = self.parent_evidence.partition_paths
self.parent_evidence.mount_path = mount_local.PreprocessMountDisk(
partition_paths, self.parent_evidence.mount_partition)
self.parent_evidence.local_path = self.parent_evidence.mount_path
self.parent_evidence.state[EvidenceState.MOUNTED] = True
if EvidenceState.ATTACHED in required_states or self.has_child_evidence:
rawdisk_path = os.path.join(
self.parent_evidence.mount_path, self.embedded_path)
if not os.path.exists(rawdisk_path):
raise TurbiniaException(
'Unable to find raw disk image {0:s} in GoogleCloudDisk'.format(
rawdisk_path))
self.device_path = mount_local.PreprocessLosetup(rawdisk_path)
self.state[EvidenceState.ATTACHED] = True
self.local_path = self.device_path
def _preprocess(self):
self.local_path = google_cloud.PreprocessAttachDisk(self.disk_name)
self.loopdevice_path = mount_local.PreprocessLosetup(self.local_path)
self.mount_path = mount_local.PreprocessMountDisk(
self.loopdevice_path, self.mount_partition)
self.local_path = os.path.join(self.mount_path, self.embedded_path)
def _preprocess(self): self.loopdevice_path = mount_local.PreprocessLosetup(self.local_path)
def _preprocess(self, _):
self.device_path, partition_paths = mount_local.PreprocessLosetup(
self.source_path)
self.mount_path = mount_local.PreprocessMountDisk(
partition_paths, self.mount_partition)
self.local_path = self.device_path
def _preprocess(self, _, required_states):
if EvidenceState.ATTACHED in required_states:
self.device_path, _ = mount_local.PreprocessLosetup(
self.source_path)
self.state[EvidenceState.ATTACHED] = True
self.local_path = self.device_path