def call_returning_exit_and_output(exec_args, **popen_args):
def readInputStream(inputStream):
reader = BufferedReader(InputStreamReader(inputStream))
builder = StringBuilder()
line = None
while True:
line = reader.readLine()
if line is None:
break
builder.append(line)
builder.append(System.getProperty("line.separator"))
return builder.toString()
# WORKAOUND: because capturing output of Jython's subprocess module at testing with
# pytest is not possible using Java implementation
pb = ProcessBuilder(exec_args)
env = popen_args.get('env')
if env:
process_env = pb.environment()
for key in list(process_env.keySet()):
if key not in env:
_log.debug("remove from process-env: %s", key)
process_env.remove(key)
for key in env:
process_env.put(key, env[key])
pb.redirectErrorStream(True)
process = pb.start()
stdout = readInputStream(process.getInputStream())
exitValue = process.waitFor()
return exitValue, (stdout, stdout)
def runJob(cmdArray, hosts, sleepTime=60, maxWaits=60, interimResult=None):
finished = HashSet()
failures = HashSet()
pb = ProcessBuilder(cmdArray)
done = False
# first wait is short in case job finishes quickly
waitTime = 10
while not done:
p = pb.start()
dataOut = DataOutputStream(p.getOutputStream())
try:
for host in hosts:
dataOut.writeBytes(host + "\n")
finally:
dataOut.close()
p.waitFor()
(curFinished, curFailures) = processJobResults(p.getInputStream(), interimResult)
finished.addAll(curFinished)
failures.addAll(curFailures)
done = finished.size() == len(hosts)
if not done:
maxWaits = maxWaits - 1
done == maxWaits == 0
if not done:
time.sleep(waitTime)
waitTime = sleepTime
return failures
def process(self, dataSource, progressBar):
# Set the ogress bar to an Indeterminate state for now
progressBar.switchToIndeterminate()
# Return if we're not running on a windows sytem
if not PlatformUtil.isWindowsOS():
self.log(Level.INFO,
"Ignoring data source. Not running on Windows")
return IngestModule.ProcessResult.OK
# Verify we have a disk image and not a folder of files
if not isinstance(dataSource, Image):
self.log(Level.INFO, "Ignoring data source. Not an image")
return IngestModule.ProcessResult.OK
# Get disk image paths
imagePaths = dataSource.getPaths()
# Save our output to a file in the reports folder
# named based on EXE and data source ID
reportFile = File(Case.getCurrentCase().getCaseDirectory() +
"\\Reports" + "\\img_stat-" +
str(dataSource.getId()) + ".txt")
# Run the EXE, saving output to the report
# Check if the ingest is terminated and
# delete the incomplete report file
self.log(Level.INFO, "Running program on data source")
cmd = ArrayList()
cmd.add(self.pathToEXE.toString())
cmd.add(imagePaths[0])
processBuilder = ProcessBuilder(cmd)
processBuilder.redirectOutput(reportFile)
ExecUtil.execute(processBuilder,
DataSourceIngestModuleProcessTerminator(self.context))
# Add the report to the case, so it shows up in the tree
if not self.context.dataSourceIngestIsCancelled():
Case.getCurrentCase().addReport(reportFile.toString(), "Run EXE",
"img_stat output")
else:
if reportFile.exists():
if not reportFile.delete():
self.log(LEVEL.warning,
"Error deleting the incomplete report file")
return IngestModule.ProcessResult.OK
def process(self, dataSource, progressBar):
# we don't know how much work there will be
progressBar.switchToIndeterminate()
# Example has only a Windows EXE, so bail if we aren't on Windows
if not PlatformUtil.isWindowsOS():
self.log(Level.INFO,
"Ignoring data source. Not running on Windows")
return IngestModule.ProcessResult.OK
# Verify we have a disk image and not a folder of files
if not isinstance(dataSource, Image):
self.log(Level.INFO, "Ignoring data source. Not an image")
return IngestModule.ProcessResult.OK
# Get disk image paths
imagePaths = dataSource.getPaths()
# We'll save our output to a file in the reports folder, named based on EXE and data source ID
reportFile = File(Case.getCurrentCase().getCaseDirectory() +
"\\Reports" + "\\img_stat-" +
str(dataSource.getId()) + ".txt")
# Run the EXE, saving output to the report
# Check if the ingest is terminated and delete the incomplete report file
# Do not add report to the case tree if the ingest is cancelled before finish.
# This can be done by using IngestJobContext.dataSourceIngestIsCancelled
# See: http://sleuthkit.org/autopsy/docs/api-docs/4.7.0/_ingest_job_context_8java.html
self.log(Level.INFO, "Running program on data source")
cmd = ArrayList()
cmd.add(self.pathToEXE.toString())
cmd.add(imagePaths[0])
processBuilder = ProcessBuilder(cmd)
processBuilder.redirectOutput(reportFile)
ExecUtil.execute(processBuilder,
DataSourceIngestModuleProcessTerminator(self.context))
# Add the report to the case, so it shows up in the tree
if not self.context.dataSourceIngestIsCancelled():
Case.getCurrentCase().addReport(reportFile.toString(), "Run EXE",
"img_stat output")
else:
if reportFile.exists():
if not reportFile.delete():
self.log(LEVEL.warning,
"Error deleting the incomplete report file")
return IngestModule.ProcessResult.OK
def process(self, dataSource, progressBar):
# we don't know how much work there will be
progressBar.switchToIndeterminate()
# Example has only a Windows EXE, so bail if we aren't on Windows
if not PlatformUtil.isWindowsOS():
self.log(Level.INFO, "Ignoring data source. Not running on Windows")
return IngestModule.ProcessResult.OK
# Verify we have a disk image and not a folder of files
if not isinstance(dataSource, Image):
self.log(Level.INFO, "Ignoring data source. Not an image")
return IngestModule.ProcessResult.OK
# Get disk image paths
imagePaths = dataSource.getPaths()
# We'll save our output to a file in the reports folder, named based on EXE and data source ID
reportFile = File(Case.getCurrentCase().getCaseDirectory() + "\\Reports" + "\\img_stat-" + str(dataSource.getId()) + ".txt")
# Run the EXE, saving output to the report
# Check if the ingest is terminated and delete the incomplete report file
# Do not add report to the case tree if the ingest is cancelled before finish.
# This can be done by using IngestJobContext.dataSourceIngestIsCancelled
# See: http://sleuthkit.org/autopsy/docs/api-docs/4.7.0/_ingest_job_context_8java.html
self.log(Level.INFO, "Running program on data source")
cmd = ArrayList()
cmd.add(self.pathToEXE.toString())
cmd.add(imagePaths[0])
processBuilder = ProcessBuilder(cmd);
processBuilder.redirectOutput(reportFile)
ExecUtil.execute(processBuilder,DataSourceIngestModuleProcessTerminator(self.context))
# Add the report to the case, so it shows up in the tree
if not self.context.dataSourceIngestIsCancelled():
Case.getCurrentCase().addReport(reportFile.toString(), "Run EXE", "img_stat output")
else:
if reportFile.exists():
if not reportFile.delete():
self.log(LEVEL.warning,"Error deleting the incomplete report file")
return IngestModule.ProcessResult.OK
def process(self, dataSource, progressBar):
# we don't know how much work there will be
progressBar.switchToIndeterminate()
# Example has only a Windows EXE, so bail if we aren't on Windows
if not PlatformUtil.isWindowsOS():
self.log(Level.INFO, "Ignoring data source. Not running on Windows")
return IngestModule.ProcessResult.OK
# Verify we have a disk image and not a folder of files
if not isinstance(dataSource, Image):
self.log(Level.INFO, "Ignoring data source. Not an image")
return IngestModule.ProcessResult.OK
# Get disk image paths
imagePaths = dataSource.getPaths()
# We'll save our output to a file in the reports folder, named based on EXE and data source ID
reportFile = File(Case.getCurrentCase().getCaseDirectory() + "\\Reports" + "\\img_stat-" + str(dataSource.getId()) + ".txt")
# Run the EXE, saving output to reportFile
# We use ExecUtil because it will deal with the user cancelling the job
self.log(Level.INFO, "Running program on data source")
cmd = ArrayList()
cmd.add(self.pathToEXE.toString())
# Add each argument in its own line. I.e. "-f foo" would be two calls to .add()
cmd.add(imagePaths[0])
processBuilder = ProcessBuilder(cmd);
processBuilder.redirectOutput(reportFile)
ExecUtil.execute(processBuilder, DataSourceIngestModuleProcessTerminator(self.context))
# Add the report to the case, so it shows up in the tree
# Do not add report to the case tree if the ingest is cancelled before finish.
if not self.context.dataSourceIngestIsCancelled():
Case.getCurrentCase().addReport(reportFile.toString(), "Run EXE", "img_stat output")
else:
if reportFile.exists():
if not reportFile.delete():
self.log(LEVEL.warning,"Error deleting the incomplete report file")
return IngestModule.ProcessResult.OK
def call_returning_exit_and_output(exec_args, **popen_args):
def readInputStream(inputStream):
reader = BufferedReader(InputStreamReader(inputStream))
builder = StringBuilder()
line = None
while True:
line = reader.readLine()
if line is None:
break
builder.append(line)
builder.append(System.getProperty("line.separator"))
return builder.toString()
# WORKAOUND: because capturing output of Jython's subprocess module at testing with
# pytest is not possible using Java implementation
pb = ProcessBuilder(exec_args)
env = popen_args.get('env')
if env:
process_env = pb.environment()
for key in list(process_env.keySet()):
if key not in env:
_log.debug("remove from process-env: %s", key)
process_env.remove(key)
for key in env:
process_env.put(key, env[key])
pb.redirectErrorStream(True)
process = pb.start()
stdout = readInputStream(process.getInputStream())
exitValue = process.waitFor()
return exitValue, (stdout, stdout)
def _analyze(self, content, path):
# w10-facemessenger.exe must point to a user profile directory
# 'path' should resemble '...\autopsy\cases\<Case>\Temp\<DataSourceId>\Users\<Username>\AppData\Local\Packages\Facebook.FacebookMessenger_8xx8rvfyw5nnt'
# So we ought to remove '\AppData\Local\Packages\Facebook.FacebookMessenger_8xx8rvfyw5nnt' from it
pathParts = path.split("\\")
pathToUserProfile = "\\".join(pathParts[:-4])
# We use ExecUtil because it will deal with the user cancelling the job
self.log(
Level.INFO,
"Running => {} --input {} --output {} --format csv".format(
self.EXE_PATH, pathToUserProfile, pathToUserProfile))
cmd = ArrayList()
cmd.add(self.EXE_PATH)
cmd.add("--input")
cmd.add(pathToUserProfile)
cmd.add("--output")
cmd.add(pathToUserProfile)
cmd.add("--format")
cmd.add("csv")
cmd.add("--delimiter")
cmd.add(self.CSV_DELIMITER)
processBuilder = ProcessBuilder(cmd)
ExecUtil.execute(processBuilder,
DataSourceIngestModuleProcessTerminator(self.context))
# If w10-facemessenger.exe was successful it should have generated a report directory
pathToReports = os.path.join(pathToUserProfile, "report")
pathToCachedImagesReport = os.path.join(pathToReports, "cache")
self._analyzeCachedImages(content, pathToCachedImagesReport)
facebookUserReports = [
report for report in os.listdir(pathToReports) if report != "cache"
]
for facebookUserId in facebookUserReports:
pathToFacebookUserReport = os.path.join(pathToReports,
facebookUserId)
self._analyzeLostFound(content, pathToFacebookUserReport,
facebookUserId)
self._analyzeContacts(content, pathToFacebookUserReport,
facebookUserId)
self._analyzeMessagesAndCalllogs(content, pathToFacebookUserReport,
facebookUserId)
x = input_stream.read()
try:
x = chr(x)
f.write(x)
except:
break
finally:
f.close()
print(f.closed)
#q = System.getenv()
#for k in q.items():
# print (k)
#System.getenv("user.dir")
import os
from java.io import File
builder = ProcessBuilder(["python", "prog.py"])
builder.directory(File(os.getcwd()))
process = builder.start()
x = br1(br(process.getInputStream()))
y = bw1(bw(process.getOutputStream()))
y.write(10)
y.flush()
y.close()
from java.util import Scanner as S
X = S(x)
print(X.nextLine())
print(X.nextLine())
t.sleep(5000)
print(X.nextLine())
#while x!=-1:
# b = x.read()
