def setUp(self):
super(TestSearchFileContentWithFixture, self).setUp()
self.client_mock = action_mocks.GrepClientMock()
self.vfs_overrider = test_lib.VFSOverrider(
rdf_paths.PathSpec.PathType.OS, test_lib.ClientVFSHandlerFixture)
self.vfs_overrider.Start()
def testSearchFileContents(self):
pattern = "searching/*.log"
client_mock = action_mocks.GrepClientMock()
path = os.path.join(self.base_path, pattern)
args = grep.SearchFileContentArgs(
paths=[path], pathtype=rdf_paths.PathSpec.PathType.OS)
args.grep.literal = rdf_standard.LiteralExpression(
"session opened for user dearjohn")
args.grep.mode = rdf_client.GrepSpec.Mode.ALL_HITS
# Run the flow.
for s in test_lib.TestFlowHelper("SearchFileContent",
client_mock,
client_id=self.client_id,
args=args,
token=self.token):
session_id = s
fd = aff4.FACTORY.Open(session_id.Add(flow_runner.RESULTS_SUFFIX),
token=self.token)
# Make sure that there is a hit.
self.assertEqual(len(fd), 1)
first = fd[0]
self.assertEqual(first.offset, 350)
self.assertEqual(
first.data, "session): session opened for user dearjohn by (uid=0")
def testSearchFileContentDownload(self):
pattern = "searching/*.log"
client_mock = action_mocks.GrepClientMock()
path = os.path.join(self.base_path, pattern)
# Do not provide a Grep expression - should match all files.
args = grep.SearchFileContentArgs(paths=[path], also_download=True)
# Run the flow.
for s in test_lib.TestFlowHelper("SearchFileContent",
client_mock,
client_id=self.client_id,
args=args,
token=self.token):
session_id = s
fd = aff4.FACTORY.Open(session_id.Add(flow_runner.RESULTS_SUFFIX),
token=self.token)
self.assertEqual(len(fd), 3)
for log in aff4.FACTORY.Open(rdfvalue.RDFURN(
self.client_id).Add("/fs/os/").Add(
self.base_path).Add("searching"),
token=self.token).OpenChildren():
self.assertTrue(isinstance(log, aff4_grr.VFSBlobImage))
# Make sure there is some data.
self.assertGreater(len(log), 0)
def testSearchFileContentsNoGrep(self):
"""Search files without a grep specification."""
pattern = "searching/*.log"
client_mock = action_mocks.GrepClientMock()
path = os.path.join(self.base_path, pattern)
# Do not provide a Grep expression - should match all files.
args = grep.SearchFileContentArgs(paths=[path])
# Run the flow.
for s in test_lib.TestFlowHelper("SearchFileContent",
client_mock,
client_id=self.client_id,
args=args,
token=self.token):
session_id = s
fd = flow.GRRFlow.ResultCollectionForFID(session_id, token=self.token)
self.assertEqual(len(fd), 3)