def _GetFilePaths(self, path, kb):
"""Guess windows filenames from a commandline string."""
environ_vars = artifact_utils.GetWindowsEnvironmentVariablesMap(kb)
path_guesses = path_detection_windows.DetectExecutablePaths(
[path], environ_vars)
if not path_guesses:
# TODO(user): yield a ParserAnomaly object
return []
return [
rdf_paths.PathSpec(path=path,
pathtype=rdf_paths.PathSpec.PathType.UNSET)
for path in path_guesses
]
def testKnowledgeBaseUsersAttributesExpandIntoLists(self):
kb = rdf_client.KnowledgeBase()
kb.users.append(
rdf_client.User(appdata="the_appdata_1",
localappdata="the_localappdata_1",
userdomain="the_userdomain_1",
userprofile="the_userprofile_1"))
kb.users.append(
rdf_client.User(appdata="the_appdata_2",
localappdata="the_localappdata_2",
userdomain="the_userdomain_2",
userprofile="the_userprofile_2"))
mapping = artifact_utils.GetWindowsEnvironmentVariablesMap(kb)
self.assertEqual(
mapping, {
"appdata": ["the_appdata_1", "the_appdata_2"],
"localappdata": ["the_localappdata_1", "the_localappdata_2"],
"userdomain": ["the_userdomain_1", "the_userdomain_2"],
"userprofile": ["the_userprofile_1", "the_userprofile_2"]
})