def test_multiple_mbr_plugins_for_same_id(self):
detector = FilesystemDetector()
detector.register_mbr_plugin(self.mbr_fs_id, object())
detector.register_mbr_plugin(self.mbr_fs_id, object())
self.assertEqual(len(detector.get_mbr_plugins(fs_id=self.mbr_fs_id)),
2)
def test_multiple_gpt_plugins_for_same_id(self):
detector = FilesystemDetector()
detector.register_gpt_plugin(self.guid_fs_id, object())
detector.register_gpt_plugin(self.guid_fs_id, object())
self.assertEqual(len(detector.get_gpt_plugins(
fs_guid=uuid.UUID(self.guid_fs_id))), 2)
def test_multiple_mbr_plugins_for_same_id(self):
detector = FilesystemDetector()
detector.register_mbr_plugin(self.mbr_fs_id, object())
detector.register_mbr_plugin(self.mbr_fs_id, object())
self.assertEqual(len(detector.get_mbr_plugins(
fs_id=self.mbr_fs_id)), 2)
def register(self):
"""Registers this plugin with \
:class:`~rawdisk.filesystems.detector.FilesystemDetector` \
as gpt plugin, with type guid *{426f6f74-0000-11aa-aa11-00306543ecac}*
"""
detector = FilesystemDetector()
detector.add_gpt_plugin(uuid.UUID("{426f6f74-0000-11aa-aa11-00306543ecac}"), self)
def load(self, filename, bs=512):
"""Starts filesystem analysis. Detects supported filesystems and \
loads :attr:`partitions` array.
Args:
filename - Path to file or device for reading.
Raises:
IOError - File/device does not exist or is not readable.
"""
self.__filename = filename
self.__volumes = []
# Detect partitioning scheme
self.__partition_scheme = rawdisk.scheme.common.detect_scheme(filename)
plugin_objects = [plugin.plugin_object for plugin in self.__fs_plugins]
fs_detector = FilesystemDetector(fs_plugins=plugin_objects)
if self.__partition_scheme == PartitionScheme.SCHEME_MBR:
self.__load_mbr_volumes(filename, fs_detector, bs)
elif self.__partition_scheme == PartitionScheme.SCHEME_GPT:
self.__load_gpt_volumes(filename, fs_detector, bs)
else:
self.logger.warning('Partitioning scheme could not be determined.')
# try detecting standalone volume
volume = fs_detector.detect_standalone(filename, offset=0)
if volume is not None:
volume.load(filename, offset=0)
self.__volumes.append(volume)
else:
self.logger.warning(
'Were not able to detect standalone volume type')
def load(self, filename, bs=512):
"""Starts filesystem analysis. Detects supported filesystems and \
loads :attr:`partitions` array.
Args:
filename - Path to file or device for reading.
Raises:
IOError - File/device does not exist or is not readable.
"""
self.__filename = filename
self.__volumes = []
# Detect partitioning scheme
self.__partition_scheme = rawdisk.scheme.common.detect_scheme(filename)
plugin_objects = [plugin.plugin_object for plugin in self.__fs_plugins]
fs_detector = FilesystemDetector(fs_plugins=plugin_objects)
if self.__partition_scheme == PartitionScheme.SCHEME_MBR:
self.__load_mbr_volumes(filename, fs_detector, bs)
elif self.__partition_scheme == PartitionScheme.SCHEME_GPT:
self.__load_gpt_volumes(filename, fs_detector, bs)
else:
self.logger.warning('Partitioning scheme could not be determined.')
# try detecting standalone volume
volume = fs_detector.detect_standalone(filename, offset=0)
if volume is not None:
volume.load(filename, offset=0)
self.__volumes.append(volume)
else:
self.logger.warning(
'Were not able to detect standalone volume type')
def test_detect_mbr_returns_none_when_plugin_returns_false(self):
detector = FilesystemDetector()
mbr_plugin_mock = Mock()
mbr_plugin_mock.get_volume_object.return_value = "volume"
mbr_plugin_mock.detect.return_value = False
detector.register_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock)
volume_object = detector.detect_mbr("filename", 0, self.mbr_fs_id)
self.assertIsNone(volume_object)
def test_detect_mbr_returns_valid_volume_object(self):
detector = FilesystemDetector()
mbr_plugin_mock = Mock()
mbr_plugin_mock.get_volume_object.return_value = "volume"
mbr_plugin_mock.detect.return_value = True
detector.register_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock)
volume_object = detector.detect_mbr("filename", 0, self.mbr_fs_id)
self.assertEqual(volume_object, "volume")
def test_detect_mbr_returns_valid_volume_object(self):
detector = FilesystemDetector()
mbr_plugin_mock = Mock()
mbr_plugin_mock.get_volume_object.return_value = "volume"
mbr_plugin_mock.detect.return_value = True
detector.register_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock)
volume_object = detector.detect_mbr("filename", 0, self.mbr_fs_id)
self.assertEqual(volume_object, "volume")
def test_detect_mbr_returns_none_when_plugin_returns_false(self):
detector = FilesystemDetector()
mbr_plugin_mock = Mock()
mbr_plugin_mock.get_volume_object.return_value = "volume"
mbr_plugin_mock.detect.return_value = False
detector.register_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock)
volume_object = detector.detect_mbr("filename", 0, self.mbr_fs_id)
self.assertIsNone(volume_object)
def register(self):
"""Registers this plugin with \
:class:`~rawdisk.filesystems.detector.FilesystemDetector` \
as gpt plugin, with type guid *{426f6f74-0000-11aa-aa11-00306543ecac}*
"""
detector = FilesystemDetector()
detector.add_gpt_plugin(
uuid.UUID('{426f6f74-0000-11aa-aa11-00306543ecac}'), self)
def test_detect_gpt_returns_valid_volume_object(self):
detector = FilesystemDetector()
gpt_plugin_mock = Mock()
gpt_plugin_mock.get_volume_object.return_value = "volume"
gpt_plugin_mock.detect.return_value = True
detector.add_gpt_plugin(self.guid_fs_id, gpt_plugin_mock)
volume_object = detector.detect_gpt("filename", 0, self.guid_fs_id)
self.assertEquals(volume_object, "volume")
def register(self):
"""Registers this plugin with \
:class:`~rawdisk.filesystems.detector.FilesystemDetector` \
as gpt plugin, with type guid *{48465300-0000-11AA-AA11-00306543ECAC}*
"""
detector = FilesystemDetector()
detector.add_gpt_plugin(
uuid.UUID('{48465300-0000-11AA-AA11-00306543ECAC}'), self)
def test_multiple_gpt_plugins_for_same_id(self):
detector = FilesystemDetector()
detector.register_gpt_plugin(self.guid_fs_id, object())
detector.register_gpt_plugin(self.guid_fs_id, object())
self.assertEqual(
len(detector.get_gpt_plugins(fs_guid=uuid.UUID(self.guid_fs_id))),
2)
def test_detect_gpt_returns_none_when_plugin_returns_false(self):
detector = FilesystemDetector()
gpt_plugin_mock = Mock()
gpt_plugin_mock.get_volume_object.return_value = "volume"
gpt_plugin_mock.detect.return_value = False
detector.add_gpt_plugin(self.guid_fs_id, gpt_plugin_mock)
volume_object = detector.detect_gpt("filename", 0, self.guid_fs_id)
self.assertIsNone(volume_object)
def register(self):
"""Registers this plugin with \
:class:`~rawdisk.filesystems.detector.FilesystemDetector` \
as gpt plugin, with type guid *{C12A7328-F81F-11D2-BA4B-00A0C93EC93B}*
"""
detector = FilesystemDetector()
detector.add_gpt_plugin(
uuid.UUID('{C12A7328-F81F-11D2-BA4B-00A0C93EC93B}'), self)
def test_detect_gpt_returns_valid_volume_object(self):
detector = FilesystemDetector()
gpt_plugin_mock = Mock()
gpt_plugin_mock.get_volume_object.return_value = "volume"
gpt_plugin_mock.detect.return_value = True
detector.register_gpt_plugin(self.guid_fs_id, gpt_plugin_mock)
volume_object = detector.detect_gpt("filename", 0,
uuid.UUID(self.guid_fs_id))
self.assertEqual(volume_object, "volume")
def test_singleton(self):
detector = FilesystemDetector()
self.assertEquals(len(detector.mbr_plugins), 0)
detector.add_mbr_plugin(self.mbr_fs_id, object())
detector.add_gpt_plugin(self.guid_fs_id, object())
detector2 = FilesystemDetector()
self.assertEquals(len(detector2.mbr_plugins), 1)
self.assertEquals(len(detector2.gpt_plugins), 1)
def register(self):
"""Registers this plugin with \
:class:`~rawdisk.filesystems.detector.FilesystemDetector` \
as gpt plugin, with type guid *{C12A7328-F81F-11D2-BA4B-00A0C93EC93B}*
"""
detector = FilesystemDetector()
detector.add_gpt_plugin(
uuid.UUID('{C12A7328-F81F-11D2-BA4B-00A0C93EC93B}'),
self
)
def test_detect_mbr_calls_detect_on_mbr_plugin(self):
filename = "filename"
offset = 0x10
detector = FilesystemDetector()
mbr_plugin_mock = Mock()
mbr_plugin_mock.get_volume_object.return_value = "volume"
detector.add_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock)
detector.detect_mbr(filename, offset, self.mbr_fs_id)
mbr_plugin_mock.detect.assert_called_once_with(filename, offset)
def test_detect_gpt_calls_detect_on_gpt_plugin(self):
offset = 0x10
filename = "filename"
detector = FilesystemDetector()
gpt_plugin_mock = Mock()
gpt_plugin_mock.get_volume_object.return_value = "volume"
detector.add_gpt_plugin(self.guid_fs_id, gpt_plugin_mock)
detector.detect_gpt(filename, offset, self.guid_fs_id)
gpt_plugin_mock.detect.assert_called_once_with(filename, offset)
def register(self):
"""Registers this plugin with \
:class:`~rawdisk.filesystems.detector.FilesystemDetector` \
as gpt plugin, with type guid *{48465300-0000-11AA-AA11-00306543ECAC}*
"""
detector = FilesystemDetector()
detector.add_gpt_plugin(
uuid.UUID('{48465300-0000-11AA-AA11-00306543ECAC}'),
self
)
def test_detect_standalone_calls_plugin_detect_with_standalone_arg(self):
detector = FilesystemDetector()
offset = 0x10
filename = "filename"
mbr_plugin_mock = Mock()
mbr_plugin_mock.get_volume_object.return_value = "volume"
detector.register_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock)
detector.detect_standalone(filename, offset)
mbr_plugin_mock.detect.assert_called_once_with(
filename, offset, standalone=True)
def register(self):
"""Registers this plugin with :class:`FilesystemDetector \
<rawdisk.filesystems.detector.FilesystemDetector>` as gpt plugin, \
with type guid *{EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}* and \
as mbr plugin with type id 0x07
"""
detector = FilesystemDetector()
detector.add_mbr_plugin(0x07, self)
detector.add_gpt_plugin(
uuid.UUID('{EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}'),
self
)
def load(self, filename):
"""Starts filesystem analysis. Detects supported filesystems and \
loads :attr:`partitions` array.
Args:
filename - Path to file or device for reading.
Raises:
IOError - File/device does not exist or is not readable.
"""
self.filename = filename
# Detect partitioning scheme
self.scheme = rawdisk.scheme.common.detect_scheme(filename)
detector = FilesystemDetector()
if (self.scheme == rawdisk.scheme.common.SCHEME_MBR):
mbr = rawdisk.scheme.mbr.Mbr(filename)
# Go through table entries and analyse ones that are supported
for entry in mbr.partition_table.entries:
volume = detector.detect_mbr(
filename,
entry.part_offset,
entry.part_type
)
if (volume is not None):
volume.load(filename, entry.part_offset)
self.partitions.append(volume)
elif (self.scheme == rawdisk.scheme.common.SCHEME_GPT):
gpt = rawdisk.scheme.gpt.Gpt()
gpt.load(filename)
for entry in gpt.partition_entries:
volume = detector.detect_gpt(
filename,
entry.first_lba * 512,
entry.type_guid
)
if (volume is not None):
volume.load(filename, entry.first_lba * 512)
self.partitions.append(volume)
elif (self.scheme == rawdisk.scheme.common.SCHEME_UNKNOWN):
print 'Partitioning scheme is not supported.'
else:
print 'Partitioning scheme could not be determined.'
def test_init_with_plugin_list_registers_plugins(self):
mbr_plugin_mock = Mock()
mbr_plugin_mock.mbr_identifiers = [self.mbr_fs_id]
mbr_plugin_mock.gpt_identifiers = []
gpt_plugin_mock = Mock()
gpt_plugin_mock.mbr_identifiers = []
gpt_plugin_mock.gpt_identifiers = [self.guid_fs_id]
detector = FilesystemDetector(
fs_plugins=[mbr_plugin_mock, gpt_plugin_mock])
detector.detect_mbr(
filename="filename", offset=0x10, fs_id=self.mbr_fs_id)
mbr_plugin_mock.detect.assert_called_once_with("filename", 0x10)
detector.detect_gpt(
filename="filename",
offset=0x20,
fs_guid=uuid.UUID(self.guid_fs_id)
)
gpt_plugin_mock.detect.assert_called_once_with("filename", 0x20)
class TestNtfsPlugin(unittest.TestCase):
def setUp(self):
self.filename = "sample_images/ntfs_mbr.vhd"
self.offset = SAMPLE_NTFS_PART_OFFSET
self.p = NtfsPlugin()
self.detector = FilesystemDetector()
def test_detect(self):
self.assertTrue(self.p.detect(self.filename, self.offset))
self.assertFalse(self.p.detect(self.filename, self.offset + 1))
def test_register(self):
self.p.register()
mbr_plugins = self.detector.mbr_plugins.get(0x07)
gpt_plugins = self.detector.gpt_plugins.get(uuid.UUID("{EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}"))
self.assertEquals(len(mbr_plugins), 1)
self.assertEquals(len(gpt_plugins), 1)
def tearDown(self):
# remove plugin registration
self.detector._clear_plugins()
class TestNtfsPlugin(unittest.TestCase):
def setUp(self):
self.filename = 'sample_images/ntfs_mbr.vhd'
self.offset = SAMPLE_NTFS_PART_OFFSET
self.p = Ntfs()
self.detector = FilesystemDetector()
def test_detect(self):
self.assertTrue(self.p.detect(self.filename, self.offset))
self.assertFalse(self.p.detect(self.filename, self.offset + 1))
def test_register(self):
self.p.register()
mbr_plugins = self.detector.mbr_plugins.get(0x07)
gpt_plugins = self.detector.gpt_plugins.get(
uuid.UUID('{EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}'))
self.assertEqual(len(mbr_plugins), 1)
self.assertEqual(len(gpt_plugins), 1)
def tearDown(self):
# remove plugin registration
self.detector._clear_plugins()
def test_detect_mbr_calls_detect_on_mbr_plugin(self):
filename = "filename"
offset = 0x10
detector = FilesystemDetector()
mbr_plugin_mock = Mock()
mbr_plugin_mock.get_volume_object.return_value = "volume"
detector.register_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock)
detector.detect_mbr(filename, offset, self.mbr_fs_id)
mbr_plugin_mock.detect.assert_called_once_with(filename, offset)
def test_detect_gpt_calls_detect_on_gpt_plugin(self):
offset = 0x10
filename = "filename"
detector = FilesystemDetector()
gpt_plugin_mock = Mock()
gpt_plugin_mock.get_volume_object.return_value = "volume"
detector.register_gpt_plugin(self.guid_fs_id, gpt_plugin_mock)
detector.detect_gpt(filename, offset, uuid.UUID(self.guid_fs_id))
gpt_plugin_mock.detect.assert_called_once_with(filename, offset)
def register(self):
"""Registers this plugin with :class:`FilesystemDetector \
<rawdisk.filesystems.detector.FilesystemDetector>` as gpt plugin, \
with type guid *{EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}* and \
as mbr plugin with type id 0x07
"""
detector = FilesystemDetector()
detector.add_mbr_plugin(0x07, self)
detector.add_gpt_plugin(
uuid.UUID('{EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}'), self)
def test_detect_standalone_calls_plugin_detect_with_standalone_arg(self):
detector = FilesystemDetector()
offset = 0x10
filename = "filename"
mbr_plugin_mock = Mock()
mbr_plugin_mock.get_volume_object.return_value = "volume"
detector.register_mbr_plugin(self.mbr_fs_id, mbr_plugin_mock)
detector.detect_standalone(filename, offset)
mbr_plugin_mock.detect.assert_called_once_with(filename,
offset,
standalone=True)
def test_init_with_plugin_list_registers_plugins(self):
mbr_plugin_mock = Mock()
mbr_plugin_mock.mbr_identifiers = [self.mbr_fs_id]
mbr_plugin_mock.gpt_identifiers = []
gpt_plugin_mock = Mock()
gpt_plugin_mock.mbr_identifiers = []
gpt_plugin_mock.gpt_identifiers = [self.guid_fs_id]
detector = FilesystemDetector(
fs_plugins=[mbr_plugin_mock, gpt_plugin_mock])
detector.detect_mbr(filename="filename",
offset=0x10,
fs_id=self.mbr_fs_id)
mbr_plugin_mock.detect.assert_called_once_with("filename", 0x10)
detector.detect_gpt(filename="filename",
offset=0x20,
fs_guid=uuid.UUID(self.guid_fs_id))
gpt_plugin_mock.detect.assert_called_once_with("filename", 0x20)
def setUp(self):
self.filename = 'sample_images/ntfs_mbr.vhd'
self.offset = SAMPLE_NTFS_PART_OFFSET
self.p = Ntfs()
self.detector = FilesystemDetector()
def test_detection_with_no_plugins(self):
detector = FilesystemDetector()
self.assertIsNone(detector.detect_mbr("filename", 0, self.mbr_fs_id))
self.assertIsNone(detector.detect_gpt("filename", 0, self.guid_fs_id))
def test_multiple_gpt_plugins_for_same_id(self):
detector = FilesystemDetector()
detector.add_gpt_plugin(self.guid_fs_id, object())
detector.add_gpt_plugin(self.guid_fs_id, object())
self.assertEquals(len(detector.gpt_plugins.get(self.guid_fs_id)), 2)
def test_detection_with_no_plugins(self):
detector = FilesystemDetector()
self.assertIsNone(detector.detect_mbr("filename", 0, self.mbr_fs_id))
self.assertIsNone(detector.detect_gpt("filename", 0, self.guid_fs_id))
def setUp(self):
self.filename = "sample_images/ntfs_mbr.vhd"
self.offset = SAMPLE_NTFS_PART_OFFSET
self.p = NtfsPlugin()
self.detector = FilesystemDetector()
