def testBasicInterpolation(self):
"""Test Basic."""
kb = self._MakeKnowledgeBase()
path = "{systemroot}\\test"
new_path = flow_utils.InterpolatePath(path, kb, users=None)
self.assertEqual(new_path.lower(), "c:\\windows\\test")
new_path = flow_utils.InterpolatePath("{does_not_exist}", kb)
self.assertEqual(new_path, "")
def testBasicInterpolation(self):
"""Test Basic."""
client = self._MakeClientRecord()
path = "{systemroot}\\test"
new_path = flow_utils.InterpolatePath(path, client, users=None)
self.assertEqual(new_path.lower(), "c:\\windows\\test")
new_path = flow_utils.InterpolatePath("{does_not_exist}", client)
self.assertEqual(new_path, "")
def StartRequests(self):
"""Generate and send the Find requests."""
client = aff4.FACTORY.Open(self.client_id, token=self.token)
usernames = [
"%s\\%s" % (u.userdomain, u.username) for u in self.state.users
]
usernames = [u.lstrip("\\")
for u in usernames] # Strip \\ if no domain.
condition = rdf_file_finder.FileFinderCondition(
condition_type=(
rdf_file_finder.FileFinderCondition.Type.CONTENTS_REGEX_MATCH),
contents_regex_match=rdf_file_finder.
FileFinderContentsRegexMatchCondition(
regex=self.args.data_regex,
mode=rdf_file_finder.FileFinderContentsRegexMatchCondition.
Mode.FIRST_HIT))
for path in self.state.all_paths:
full_paths = flow_utils.InterpolatePath(path,
client,
users=usernames)
for full_path in full_paths:
self.CallFlow(
file_finder.FileFinder.__name__,
paths=[os.path.join(full_path, "**5")],
pathtype=self.args.pathtype,
conditions=[condition],
action=rdf_file_finder.FileFinderAction.Download(),
next_state="HandleResults")
def Start(self):
"""Redirect to start on the workers and not in the UI."""
# Figure out which paths we are going to check.
if data_store.RelationalDBReadEnabled():
client = data_store.REL_DB.ReadClientSnapshot(self.client_id)
kb = client.knowledge_base
system = kb.os
else:
client = aff4.FACTORY.Open(self.client_id, token=self.token)
system = client.Get(client.Schema.SYSTEM)
kb = client.Get(client.Schema.KNOWLEDGE_BASE)
paths = BROWSER_PATHS.get(system)
self.state.all_paths = []
if self.args.check_chrome:
self.state.all_paths += paths.get("Chrome", [])
if self.args.check_ie:
self.state.all_paths += paths.get("IE", [])
if self.args.check_firefox:
self.state.all_paths += paths.get("Firefox", [])
if not self.state.all_paths:
raise flow.FlowError("Unsupported system %s for CacheGrep" %
system)
self.state.users = []
for user in self.args.grep_users:
user_info = flow_utils.GetUserInfo(kb, user)
if not user_info:
raise flow.FlowError("No such user %s" % user)
self.state.users.append(user_info)
usernames = [
"%s\\%s" % (u.userdomain, u.username) for u in self.state.users
]
usernames = [u.lstrip("\\")
for u in usernames] # Strip \\ if no domain.
condition = rdf_file_finder.FileFinderCondition(
condition_type=(
rdf_file_finder.FileFinderCondition.Type.CONTENTS_REGEX_MATCH),
contents_regex_match=rdf_file_finder.
FileFinderContentsRegexMatchCondition(
regex=self.args.data_regex,
mode=rdf_file_finder.FileFinderContentsRegexMatchCondition.
Mode.FIRST_HIT))
for path in self.state.all_paths:
full_paths = flow_utils.InterpolatePath(path, kb, users=usernames)
for full_path in full_paths:
self.CallFlow(
file_finder.FileFinder.__name__,
paths=[os.path.join(full_path, "**5")],
pathtype=self.args.pathtype,
conditions=[condition],
action=rdf_file_finder.FileFinderAction.Download(),
next_state="HandleResults")
def testUserInterpolation(self):
"""User interpolation returns a list of paths."""
client = self._MakeClientRecord()
path = "hotexamples_com\\dir"
new_path = flow_utils.InterpolatePath(path, client, users=["test"])
self.assertEqual(new_path[0].lower(), "c:\\users\\test\\dir")
path = "{systemroot}\\{last_logon}\\dir"
new_path = flow_utils.InterpolatePath(path, client, users=["test"])
self.assertEqual(new_path[0].lower(),
"c:\\windows\\2012-11-10 00:00:00\\dir")
path = "hotexamples_com\\a"
new_path = flow_utils.InterpolatePath(path, client, users=["test", "test2"])
self.assertEqual(len(new_path), 2)
self.assertEqual(new_path[0].lower(), "c:\\users\\test\\a")
self.assertEqual(new_path[1].lower(), "c:\\users\\test2\\a")
new_path = flow_utils.InterpolatePath(
"{does_not_exist}", client, users=["test"])
self.assertEqual(new_path, [])
