Exemplo n.º 1
0
def call_returning_exit_and_output(exec_args, **popen_args):
    def readInputStream(inputStream):
        reader = BufferedReader(InputStreamReader(inputStream))
        builder = StringBuilder()
        line = None
        while True:
            line = reader.readLine()
            if line is None:
                break
            builder.append(line)
            builder.append(System.getProperty("line.separator"))
        return builder.toString()

    # WORKAOUND: because capturing output of Jython's subprocess module at testing with
    # pytest is not possible using Java implementation
    pb = ProcessBuilder(exec_args)
    env = popen_args.get('env')
    if env:
        process_env = pb.environment()
        for key in list(process_env.keySet()):
            if key not in env:
                _log.debug("remove from process-env: %s", key)
                process_env.remove(key)
        for key in env:
            process_env.put(key, env[key])
    pb.redirectErrorStream(True)
    process = pb.start()
    stdout = readInputStream(process.getInputStream())
    exitValue = process.waitFor()
    return exitValue, (stdout, stdout)
Exemplo n.º 2
0
def runJob(cmdArray, hosts, sleepTime=60, maxWaits=60, interimResult=None):
    finished = HashSet()
    failures = HashSet()
    pb = ProcessBuilder(cmdArray)
    done = False
    # first wait is short in case job finishes quickly
    waitTime = 10
    while not done:
        p = pb.start()
        dataOut = DataOutputStream(p.getOutputStream())
        try:
            for host in hosts:
                dataOut.writeBytes(host + "\n")
        finally:
            dataOut.close()
        p.waitFor()
        (curFinished, curFailures) = processJobResults(p.getInputStream(), interimResult)
        finished.addAll(curFinished)
        failures.addAll(curFailures)
        done = finished.size() == len(hosts)

        if not done:
            maxWaits = maxWaits - 1
            done == maxWaits == 0

        if not done:
            time.sleep(waitTime)
            waitTime = sleepTime
    return failures
Exemplo n.º 3
0
    def process(self, dataSource, progressBar):

        # Set the ogress bar to an Indeterminate state for now
        progressBar.switchToIndeterminate()

        # Return if we're not running on a windows sytem
        if not PlatformUtil.isWindowsOS():
            self.log(Level.INFO,
                     "Ignoring data source.  Not running on Windows")
            return IngestModule.ProcessResult.OK

        # Verify we have a disk image and not a folder of files
        if not isinstance(dataSource, Image):
            self.log(Level.INFO, "Ignoring data source.  Not an image")
            return IngestModule.ProcessResult.OK

        # Get disk image paths
        imagePaths = dataSource.getPaths()

        # Save our output to a file in the reports folder
        #   named based on EXE and data source ID
        reportFile = File(Case.getCurrentCase().getCaseDirectory() +
                          "\\Reports" + "\\img_stat-" +
                          str(dataSource.getId()) + ".txt")

        # Run the EXE, saving output to the report
        # Check if the ingest is terminated and
        #   delete the incomplete report file
        self.log(Level.INFO, "Running program on data source")
        cmd = ArrayList()
        cmd.add(self.pathToEXE.toString())
        cmd.add(imagePaths[0])

        processBuilder = ProcessBuilder(cmd)
        processBuilder.redirectOutput(reportFile)
        ExecUtil.execute(processBuilder,
                         DataSourceIngestModuleProcessTerminator(self.context))

        # Add the report to the case, so it shows up in the tree
        if not self.context.dataSourceIngestIsCancelled():
            Case.getCurrentCase().addReport(reportFile.toString(), "Run EXE",
                                            "img_stat output")
        else:
            if reportFile.exists():
                if not reportFile.delete():
                    self.log(LEVEL.warning,
                             "Error deleting the incomplete report file")

        return IngestModule.ProcessResult.OK
Exemplo n.º 4
0
    def process(self, dataSource, progressBar):

        # we don't know how much work there will be
        progressBar.switchToIndeterminate()
        # Example has only a Windows EXE, so bail if we aren't on Windows
        if not PlatformUtil.isWindowsOS():
            self.log(Level.INFO,
                     "Ignoring data source.  Not running on Windows")
            return IngestModule.ProcessResult.OK

        # Verify we have a disk image and not a folder of files
        if not isinstance(dataSource, Image):
            self.log(Level.INFO, "Ignoring data source.  Not an image")
            return IngestModule.ProcessResult.OK

        # Get disk image paths
        imagePaths = dataSource.getPaths()

        # We'll save our output to a file in the reports folder, named based on EXE and data source ID
        reportFile = File(Case.getCurrentCase().getCaseDirectory() +
                          "\\Reports" + "\\img_stat-" +
                          str(dataSource.getId()) + ".txt")
        # Run the EXE, saving output to the report
        # Check if the ingest is terminated and delete the incomplete report file
        # Do not add report to the case tree if the ingest is cancelled before finish.
        # This can be done by using IngestJobContext.dataSourceIngestIsCancelled
        # See: http://sleuthkit.org/autopsy/docs/api-docs/4.7.0/_ingest_job_context_8java.html
        self.log(Level.INFO, "Running program on data source")
        cmd = ArrayList()
        cmd.add(self.pathToEXE.toString())
        cmd.add(imagePaths[0])

        processBuilder = ProcessBuilder(cmd)
        processBuilder.redirectOutput(reportFile)
        ExecUtil.execute(processBuilder,
                         DataSourceIngestModuleProcessTerminator(self.context))

        # Add the report to the case, so it shows up in the tree
        if not self.context.dataSourceIngestIsCancelled():
            Case.getCurrentCase().addReport(reportFile.toString(), "Run EXE",
                                            "img_stat output")
        else:
            if reportFile.exists():
                if not reportFile.delete():
                    self.log(LEVEL.warning,
                             "Error deleting the incomplete report file")

        return IngestModule.ProcessResult.OK
Exemplo n.º 5
0
    def process(self, dataSource, progressBar):
        
        # we don't know how much work there will be
        progressBar.switchToIndeterminate()
        # Example has only a Windows EXE, so bail if we aren't on Windows
        if not PlatformUtil.isWindowsOS(): 
            self.log(Level.INFO, "Ignoring data source.  Not running on Windows")
            return IngestModule.ProcessResult.OK

        # Verify we have a disk image and not a folder of files
        if not isinstance(dataSource, Image):
            self.log(Level.INFO, "Ignoring data source.  Not an image")
            return IngestModule.ProcessResult.OK

        # Get disk image paths            
        imagePaths = dataSource.getPaths()
        
        # We'll save our output to a file in the reports folder, named based on EXE and data source ID
        reportFile = File(Case.getCurrentCase().getCaseDirectory() + "\\Reports" + "\\img_stat-" + str(dataSource.getId()) + ".txt")
        # Run the EXE, saving output to the report
        # Check if the ingest is terminated and delete the incomplete report file
        # Do not add report to the case tree if the ingest is cancelled before finish.
        # This can be done by using IngestJobContext.dataSourceIngestIsCancelled
        # See: http://sleuthkit.org/autopsy/docs/api-docs/4.7.0/_ingest_job_context_8java.html
        self.log(Level.INFO, "Running program on data source")
        cmd = ArrayList()
        cmd.add(self.pathToEXE.toString())
        cmd.add(imagePaths[0])
        
        processBuilder = ProcessBuilder(cmd);
        processBuilder.redirectOutput(reportFile)
        ExecUtil.execute(processBuilder,DataSourceIngestModuleProcessTerminator(self.context))
        
        # Add the report to the case, so it shows up in the tree
        if not self.context.dataSourceIngestIsCancelled():
            Case.getCurrentCase().addReport(reportFile.toString(), "Run EXE", "img_stat output")
        else:
            if reportFile.exists():
                if not reportFile.delete():
                    self.log(LEVEL.warning,"Error deleting the incomplete report file")
            
        return IngestModule.ProcessResult.OK
Exemplo n.º 6
0
    def process(self, dataSource, progressBar):
        
        # we don't know how much work there will be
        progressBar.switchToIndeterminate()
        # Example has only a Windows EXE, so bail if we aren't on Windows
        if not PlatformUtil.isWindowsOS(): 
            self.log(Level.INFO, "Ignoring data source.  Not running on Windows")
            return IngestModule.ProcessResult.OK

        # Verify we have a disk image and not a folder of files
        if not isinstance(dataSource, Image):
            self.log(Level.INFO, "Ignoring data source.  Not an image")
            return IngestModule.ProcessResult.OK

        # Get disk image paths            
        imagePaths = dataSource.getPaths()
        
        # We'll save our output to a file in the reports folder, named based on EXE and data source ID
        reportFile = File(Case.getCurrentCase().getCaseDirectory() + "\\Reports" + "\\img_stat-" + str(dataSource.getId()) + ".txt")
        
        # Run the EXE, saving output to reportFile
        # We use ExecUtil because it will deal with the user cancelling the job
        self.log(Level.INFO, "Running program on data source")
        cmd = ArrayList()
        cmd.add(self.pathToEXE.toString())
        # Add each argument in its own line.  I.e. "-f foo" would be two calls to .add()
        cmd.add(imagePaths[0])
        
        processBuilder = ProcessBuilder(cmd);
        processBuilder.redirectOutput(reportFile)
        ExecUtil.execute(processBuilder, DataSourceIngestModuleProcessTerminator(self.context))
        
        # Add the report to the case, so it shows up in the tree
        # Do not add report to the case tree if the ingest is cancelled before finish.
        if not self.context.dataSourceIngestIsCancelled():
            Case.getCurrentCase().addReport(reportFile.toString(), "Run EXE", "img_stat output")
        else:
            if reportFile.exists():
                if not reportFile.delete():
                    self.log(LEVEL.warning,"Error deleting the incomplete report file")
            
        return IngestModule.ProcessResult.OK
Exemplo n.º 7
0
def call_returning_exit_and_output(exec_args, **popen_args):
    def readInputStream(inputStream):
        reader = BufferedReader(InputStreamReader(inputStream))
        builder = StringBuilder()
        line = None
        while True:
            line = reader.readLine()
            if line is None:
                break
            builder.append(line)
            builder.append(System.getProperty("line.separator"))
        return builder.toString()

    # WORKAOUND: because capturing output of Jython's subprocess module at testing with
    # pytest is not possible using Java implementation
    pb = ProcessBuilder(exec_args)
    env = popen_args.get('env')
    if env:
        process_env = pb.environment()
        for key in list(process_env.keySet()):
            if key not in env:
                _log.debug("remove from process-env: %s", key)
                process_env.remove(key)
        for key in env:
            process_env.put(key, env[key])
    pb.redirectErrorStream(True)
    process = pb.start()
    stdout = readInputStream(process.getInputStream())
    exitValue = process.waitFor()
    return exitValue, (stdout, stdout)
    def _analyze(self, content, path):
        # w10-facemessenger.exe must point to a user profile directory
        # 'path' should resemble '...\autopsy\cases\<Case>\Temp\<DataSourceId>\Users\<Username>\AppData\Local\Packages\Facebook.FacebookMessenger_8xx8rvfyw5nnt'
        # So we ought to remove '\AppData\Local\Packages\Facebook.FacebookMessenger_8xx8rvfyw5nnt' from it
        pathParts = path.split("\\")
        pathToUserProfile = "\\".join(pathParts[:-4])

        # We use ExecUtil because it will deal with the user cancelling the job
        self.log(
            Level.INFO,
            "Running => {} --input {} --output {} --format csv".format(
                self.EXE_PATH, pathToUserProfile, pathToUserProfile))
        cmd = ArrayList()
        cmd.add(self.EXE_PATH)
        cmd.add("--input")
        cmd.add(pathToUserProfile)
        cmd.add("--output")
        cmd.add(pathToUserProfile)
        cmd.add("--format")
        cmd.add("csv")
        cmd.add("--delimiter")
        cmd.add(self.CSV_DELIMITER)
        processBuilder = ProcessBuilder(cmd)
        ExecUtil.execute(processBuilder,
                         DataSourceIngestModuleProcessTerminator(self.context))

        # If w10-facemessenger.exe was successful it should have generated a report directory
        pathToReports = os.path.join(pathToUserProfile, "report")
        pathToCachedImagesReport = os.path.join(pathToReports, "cache")
        self._analyzeCachedImages(content, pathToCachedImagesReport)
        facebookUserReports = [
            report for report in os.listdir(pathToReports) if report != "cache"
        ]
        for facebookUserId in facebookUserReports:
            pathToFacebookUserReport = os.path.join(pathToReports,
                                                    facebookUserId)
            self._analyzeLostFound(content, pathToFacebookUserReport,
                                   facebookUserId)
            self._analyzeContacts(content, pathToFacebookUserReport,
                                  facebookUserId)
            self._analyzeMessagesAndCalllogs(content, pathToFacebookUserReport,
                                             facebookUserId)
        x = input_stream.read()
        try:
            x = chr(x)
            f.write(x)
        except:
            break
finally:
    f.close()
print(f.closed)
#q = System.getenv()
#for k in q.items():
#	print (k)
#System.getenv("user.dir")
import os
from java.io import File
builder = ProcessBuilder(["python", "prog.py"])
builder.directory(File(os.getcwd()))
process = builder.start()
x = br1(br(process.getInputStream()))
y = bw1(bw(process.getOutputStream()))
y.write(10)
y.flush()
y.close()
from java.util import Scanner as S
X = S(x)
print(X.nextLine())
print(X.nextLine())
t.sleep(5000)
print(X.nextLine())
#while x!=-1:
#	b = x.read()