def testUserInterpolation(self): """User interpolation returns a list of paths.""" path = "hotexamples_com\\dir" new_path = flow_utils.InterpolatePath(path, self.client, users=["test"]) self.assertEqual(new_path[0].lower(), "c:\\users\\test\\dir") path = "{systemroot}\\{last_logon}\\dir" new_path = flow_utils.InterpolatePath(path, self.client, users=["test"]) self.assertEqual(new_path[0].lower(), "c:\\windows\\2012-11-10 00:00:00\\dir") path = "hotexamples_com\\a" new_path = flow_utils.InterpolatePath(path, self.client, users=["test", "test2"]) self.assertEqual(len(new_path), 2) self.assertEqual(new_path[0].lower(), "c:\\users\\test\\a") self.assertEqual(new_path[1].lower(), "c:\\users\\test2\\a") new_path = flow_utils.InterpolatePath("{does_not_exist}", self.client, users=["test"]) self.assertEqual(new_path, [])
def testBasicInterpolation(self): """Test Basic.""" path = "{systemroot}\\test" new_path = flow_utils.InterpolatePath(path, self.client, users=None) self.assertEqual(new_path.lower(), "c:\\windows\\test") new_path = flow_utils.InterpolatePath("{does_not_exist}", self.client) self.assertEqual(new_path, "")
def StartRequests(self): """Generate and send the Find requests.""" client = aff4.FACTORY.Open(self.client_id, token=self.token) if self.runner.output is not None: self.runner.output.Set( self.runner.output.Schema.DESCRIPTION("CacheGrep for {0}".format( self.args.data_regex))) usernames = ["%s\\%s" % (u.domain, u.username) for u in self.state.users] usernames = [u.lstrip("\\") for u in usernames] # Strip \\ if no domain. condition = rdfvalue.FileFinderCondition( condition_type=rdfvalue.FileFinderCondition.Type.CONTENTS_REGEX_MATCH, contents_regex_match=rdfvalue.FileFinderContentsRegexMatchCondition( regex=self.args.data_regex, mode=rdfvalue.FileFinderContentsRegexMatchCondition.Mode.FIRST_HIT)) for path in self.state.all_paths: full_paths = flow_utils.InterpolatePath(path, client, users=usernames) for full_path in full_paths: self.CallFlow( "FileFinder", paths=[os.path.join(full_path, "**5")], pathtype=self.state.args.pathtype, conditions=[condition], action=rdfvalue.FileFinderAction( action_type=rdfvalue.FileFinderAction.Action.DOWNLOAD), next_state="HandleResults")
def StartRequests(self): """Generate and send the Find requests.""" client = aff4.FACTORY.Open(self.client_id, token=self.token) usernames = [ "%s\\%s" % (u.userdomain, u.username) for u in self.state.users ] usernames = [u.lstrip("\\") for u in usernames] # Strip \\ if no domain. condition = rdf_file_finder.FileFinderCondition( condition_type=( rdf_file_finder.FileFinderCondition.Type.CONTENTS_REGEX_MATCH), contents_regex_match=rdf_file_finder. FileFinderContentsRegexMatchCondition( regex=self.args.data_regex, mode=rdf_file_finder.FileFinderContentsRegexMatchCondition. Mode.FIRST_HIT)) for path in self.state.all_paths: full_paths = flow_utils.InterpolatePath(path, client, users=usernames) for full_path in full_paths: self.CallFlow(file_finder.FileFinder.__name__, paths=[os.path.join(full_path, "**5")], pathtype=self.args.pathtype, conditions=[condition], action=rdf_file_finder.FileFinderAction( action_type=rdf_file_finder.FileFinderAction. Action.DOWNLOAD), next_state="HandleResults")
def StartRequests(self): """Generate and send the Find requests.""" client = aff4.FACTORY.Open(self.client_id, token=self.token) if self.runner.output: self.runner.output.Set( self.runner.output.Schema.DESCRIPTION("CacheGrep for {0}".format( self.args.data_regex))) usernames = ["%s\\%s" % (u.domain, u.username) for u in self.state.users] usernames = [u.lstrip("\\") for u in usernames] # Strip \\ if no domain. for path in self.state.all_paths: full_paths = flow_utils.InterpolatePath(path, client, users=usernames) for full_path in full_paths: findspec = rdfvalue.FindSpec(data_regex=self.args.data_regex) findspec.iterator.number = 800 findspec.pathspec.path = full_path findspec.pathspec.pathtype = self.args.pathtype self.CallFlow("FetchFiles", findspec=findspec, next_state="HandleResults")