def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = os.path.join(os.getcwd(), u'test_data')
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._os_file_system = os_file_system.OSFileSystem(self._resolver_context)
# TODO: add RAW volume only test image.
test_file = os.path.join(u'test_data', u'vsstest.qcow2')
path_spec = os_path_spec.OSPathSpec(location=test_file)
self._qcow_path_spec = qcow_path_spec.QcowPathSpec(parent=path_spec)
self._tsk_path_spec = tsk_path_spec.TSKPathSpec(
location=u'/', parent=self._qcow_path_spec)
self._tsk_file_system = tsk_file_system.TSKFileSystem(
self._resolver_context)
self._tsk_file_system.Open(path_spec=self._tsk_path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
super(SplitEWFFileTest, self).setUp()
test_file = self._GetTestFilePath(['ext2.split.E01'])
self._SkipIfPathNotExists(test_file)
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._ewf_path_spec = ewf_path_spec.EWFPathSpec(
parent=self._os_path_spec)
def testScanForVolumeSystemPartitionedImage(self):
"""Test the ScanForVolumeSystem function on a partitioned image."""
test_file = self._GetTestFilePath([u'tsk_volume_system.raw'])
source_path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = self._source_scanner.ScanForVolumeSystem(source_path_spec)
self.assertIsNotNone(path_spec)
self.assertEqual(path_spec.type_indicator,
definitions.TYPE_INDICATOR_TSK_PARTITION)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
super(LUKSDEFileWithPathSpecCredentialsTest, self).setUp()
test_file = self._GetTestFilePath(['luks1.raw'])
self._SkipIfPathNotExists(test_file)
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._luksde_path_spec = luksde_path_spec.LUKSDEPathSpec(
password=self._LUKSDE_PASSWORD, parent=self._os_path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
super(QCOWFileTest, self).setUp()
test_file = self._GetTestFilePath(['image.qcow2'])
self._SkipIfPathNotExists(test_file)
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._qcow_path_spec = qcow_path_spec.QCOWPathSpec(
parent=self._os_path_spec)
def testGetCompressedStreamTypeIndicators(self):
"""Function to test the get compressed stream type indicators function."""
test_file = os.path.join(u'test_data', u'syslog.gz')
path_spec = os_path_spec.OSPathSpec(location=test_file)
expected_type_indicators = [definitions.TYPE_INDICATOR_GZIP]
type_indicators = analyzer.Analyzer.GetCompressedStreamTypeIndicators(
path_spec)
self.assertEqual(type_indicators, expected_type_indicators)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = os.path.join(u'test_data', u'syslog.zlib')
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._compressed_stream_path_spec = (
compressed_stream_path_spec.CompressedStreamPathSpec(
compression_method=definitions.COMPRESSION_METHOD_ZLIB,
parent=self._os_path_spec))
def testGetStorageMediaImageTypeIndicatorsVMDK(self):
"""Tests the GetStorageMediaImageTypeIndicator function on a .vmdk file."""
test_file = self._GetTestFilePath(['image.vmdk'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
expected_type_indicators = [definitions.TYPE_INDICATOR_VMDK]
type_indicators = analyzer.Analyzer.GetStorageMediaImageTypeIndicators(
path_spec)
self.assertEqual(type_indicators, expected_type_indicators)
def testGetStorageMediaImageTypeIndicatorsBodyFile(self):
"""Tests the GetStorageMediaImageTypeIndicator function on a bodyfile."""
test_file = self._GetTestFilePath(['mactime.body'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
expected_type_indicators = []
type_indicators = analyzer.Analyzer.GetStorageMediaImageTypeIndicators(
path_spec)
self.assertEqual(type_indicators, expected_type_indicators)
def GetLinkedFileEntry(self):
"""Retrieves the linked file entry, e.g. for a symbolic link."""
link = self._GetLink()
if not link:
return
path_spec = os_path_spec.OSPathSpec(location=link)
return OSFileEntry(self._resolver_context, self._file_system,
path_spec)
def testGetCompressedStreamTypeIndicatorsGZIP(self):
"""Tests the GetCompressedStreamTypeIndicators function on a .gz file."""
test_file = self._GetTestFilePath(['syslog.gz'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
expected_type_indicators = [definitions.TYPE_INDICATOR_GZIP]
type_indicators = analyzer.Analyzer.GetCompressedStreamTypeIndicators(
path_spec)
self.assertEqual(type_indicators, expected_type_indicators)
def testGetArchiveTypeIndicatorsTAR(self):
"""Tests the GetArchiveTypeIndicators function on a .tar file."""
test_file = self._GetTestFilePath(['syslog.tar'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
expected_type_indicators = [definitions.TYPE_INDICATOR_TAR]
type_indicators = analyzer.Analyzer.GetArchiveTypeIndicators(
path_spec)
self.assertEqual(type_indicators, expected_type_indicators)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = self._GetTestFilePath(['syslog.bin.cpio'])
self._SkipIfPathNotExists(test_file)
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._cpio_path_spec = cpio_path_spec.CPIOPathSpec(
location='/syslog', parent=self._os_path_spec)
def testScanForStorageMediaImageVMDK(self):
"""Test the ScanForStorageMediaImage function on a VMDK image."""
test_file = self._GetTestFilePath(['image.vmdk'])
source_path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = self._source_scanner.ScanForStorageMediaImage(source_path_spec)
self.assertIsNotNone(path_spec)
self.assertEqual(
path_spec.type_indicator, definitions.TYPE_INDICATOR_VMDK)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
test_file = self._GetTestFilePath(['gpt.raw'])
self._SkipIfPathNotExists(test_file)
path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = raw_path_spec.RawPathSpec(parent=path_spec)
self._gpt_path_spec = gpt_path_spec.GPTPathSpec(
location='/', parent=path_spec)
def testGetVolumeSystemTypeIndicatorsTSK(self):
"""Tests the GetVolumeSystemTypeIndicators function on partitions."""
test_file = self._GetTestFilePath(['tsk_volume_system.raw'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
expected_type_indicators = [definitions.TYPE_INDICATOR_TSK_PARTITION]
type_indicators = analyzer.Analyzer.GetVolumeSystemTypeIndicators(
path_spec)
self.assertEqual(type_indicators, expected_type_indicators)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
test_file = self._GetTestFilePath(['vsstest.qcow2'])
self._SkipIfPathNotExists(test_file)
path_spec = os_path_spec.OSPathSpec(location=test_file)
path_spec = qcow_path_spec.QCOWPathSpec(parent=path_spec)
self._vshadow_path_spec = vshadow_path_spec.VShadowPathSpec(
location='/', parent=path_spec)
def testGetVolumeSystemTypeIndicatorsBDE(self):
"""Tests the GetVolumeSystemTypeIndicators function on a BDE ToGo drive."""
test_file = self._GetTestFilePath(['bdetogo.raw'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
expected_type_indicators = [definitions.TYPE_INDICATOR_BDE]
type_indicators = analyzer.Analyzer.GetVolumeSystemTypeIndicators(
path_spec)
self.assertEqual(type_indicators, expected_type_indicators)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
super(RawFileTest, self).setUp()
test_file = self._GetTestFilePath(['ext2.raw'])
self._SkipIfPathNotExists(test_file)
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._raw_path_spec = raw_path_spec.RawPathSpec(
parent=self._os_path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = os.path.join(u'test_data', u'syslog.base16')
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._encoded_stream_path_spec = (
encoded_stream_path_spec.EncodedStreamPathSpec(
encoding_method=definitions.ENCODING_METHOD_BASE16,
parent=self._os_path_spec))
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = self._GetTestFilePath([u'syslog.base32'])
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._encoded_stream_path_spec = (
encoded_stream_path_spec.EncodedStreamPathSpec(
encoding_method=definitions.ENCODING_METHOD_BASE32,
parent=self._os_path_spec))
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = os.path.join(u'test_data', u'bdetogo.raw')
path_spec = os_path_spec.OSPathSpec(location=test_file)
self._bde_path_spec = bde_path_spec.BDEPathSpec(parent=path_spec)
resolver.Resolver.key_chain.SetCredential(self._bde_path_spec,
u'password',
self._BDE_PASSWORD)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
super(Version2VHDIFileTest, self).setUp()
test_file = self._GetTestFilePath(['ext2.vhdx'])
self._SkipIfPathNotExists(test_file)
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._vhdi_path_spec = vhdi_path_spec.VHDIPathSpec(
parent=self._os_path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = self._GetTestFilePath([u'syslog.bz2'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
self._compressed_stream_path_spec = (
compressed_stream_path_spec.CompressedStreamPathSpec(
compression_method=definitions.COMPRESSION_METHOD_BZIP2,
parent=path_spec))
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = self._GetTestFilePath(['ext2.raw'])
self._SkipIfPathNotExists(test_file)
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._tsk_path_spec = tsk_path_spec.TSKPathSpec(
location='/', parent=self._os_path_spec)
def testGetFileEntryByPathSpec(self):
"""Tests the GetFileEntryByPathSpec function."""
file_system = os_file_system.OSFileSystem(self._resolver_context)
test_file = self._GetTestFilePath(['testdir_os', 'file1.txt'])
self._SkipIfPathNotExists(test_file)
path_spec = os_path_spec.OSPathSpec(location=test_file)
file_entry = file_system.GetFileEntryByPathSpec(path_spec)
self.assertIsNotNone(file_entry)
self.assertEqual(file_entry.name, 'file1.txt')
test_file = self._GetTestFilePath(['testdir_os', 'file6.txt'])
path_spec = os_path_spec.OSPathSpec(location=test_file)
file_entry = file_system.GetFileEntryByPathSpec(path_spec)
self.assertIsNone(file_entry)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
super(VMDKFileTest, self).setUp()
test_file = self._GetTestFilePath(['image.vmdk'])
self._SkipIfPathNotExists(test_file)
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._vmdk_path_spec = vmdk_path_spec.VMDKPathSpec(
parent=self._os_path_spec)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._resolver_context = context.Context()
test_file = self._GetTestFilePath(['syslog.tar'])
self._os_path_spec = os_path_spec.OSPathSpec(location=test_file)
self._tar_path_spec = tar_path_spec.TARPathSpec(
location='/syslog', parent=self._os_path_spec)
self._file_system = tar_file_system.TARFileSystem(self._resolver_context)
self._file_system.Open(self._tar_path_spec)
def testGetArchiveTypeIndicatorsZIP(self):
"""Tests the GetArchiveTypeIndicators function on a .zip file."""
test_file = self._GetTestFilePath(['syslog.zip'])
self._SkipIfPathNotExists(test_file)
path_spec = os_path_spec.OSPathSpec(location=test_file)
expected_type_indicators = [definitions.TYPE_INDICATOR_ZIP]
type_indicators = analyzer.Analyzer.GetArchiveTypeIndicators(path_spec)
self.assertEqual(type_indicators, expected_type_indicators)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
super(ZipFileTest, self).setUp()
self._resolver_context = context.Context()
test_file = self._GetTestFilePath(['syslog.zip'])
self._SkipIfPathNotExists(test_file)
path_spec = os_path_spec.OSPathSpec(location=test_file)
self._zip_path_spec = zip_path_spec.ZipPathSpec(location='/syslog',
parent=path_spec)
