def testCollectWithProgramData(self):
"""Tests the Collect function with the %ProgramData% variable."""
plugin = windows.WindowsAllUsersAppDataKnowledgeBasePlugin()
session = sessions.Session()
storage_writer = self._CreateTestStorageWriter()
test_knowledge_base = knowledge_base.KnowledgeBase()
test_mediator = mediator.PreprocessMediator(session, storage_writer,
test_knowledge_base)
environment_variable = artifacts.EnvironmentVariableArtifact(
case_sensitive=False,
name='programdata',
value='%SystemDrive%\\ProgramData')
test_mediator.knowledge_base.AddEnvironmentVariable(
environment_variable)
plugin.Collect(test_mediator)
self.assertEqual(storage_writer.number_of_preprocessing_warnings, 0)
environment_variable = test_mediator.knowledge_base.GetEnvironmentVariable(
'allusersappdata')
self.assertIsNotNone(environment_variable)
self.assertEqual(environment_variable.value,
'%SystemDrive%\\ProgramData')
def testCollectWithAllUsersProfile(self):
"""Tests the Collect function with the %AllUsersProfile% variable."""
plugin = windows.WindowsAllUsersAppProfileKnowledgeBasePlugin()
session = sessions.Session()
storage_writer = self._CreateTestStorageWriter()
test_knowledge_base = knowledge_base.KnowledgeBase()
test_mediator = mediator.PreprocessMediator(session, storage_writer,
test_knowledge_base)
environment_variable = artifacts.EnvironmentVariableArtifact(
case_sensitive=False,
name='allusersprofile',
value='C:\\Documents and Settings\\All Users')
test_mediator.knowledge_base.AddEnvironmentVariable(
environment_variable)
plugin.Collect(test_mediator)
self.assertEqual(storage_writer.number_of_preprocessing_warnings, 0)
environment_variable = test_mediator.knowledge_base.GetEnvironmentVariable(
'allusersprofile')
self.assertIsNotNone(environment_variable)
self.assertEqual(environment_variable.value,
'C:\\Documents and Settings\\All Users')
def _RunPreprocessorPluginOnFileSystem(self, file_system, mount_point,
storage_writer, plugin):
"""Runs a preprocessor plugin on a file system.
Args:
file_system (dfvfs.FileSystem): file system to be preprocessed.
mount_point (dfvfs.PathSpec): mount point path specification that refers
to the base location of the file system.
storage_writer (StorageWriter): storage writer.
plugin (ArtifactPreprocessorPlugin): preprocessor plugin.
Return:
PreprocessMediator: preprocess mediator.
"""
artifact_definition = self._artifacts_registry.GetDefinitionByName(
plugin.ARTIFACT_DEFINITION_NAME)
self.assertIsNotNone(artifact_definition)
session = sessions.Session()
test_knowledge_base = knowledge_base.KnowledgeBase()
test_mediator = mediator.PreprocessMediator(session, storage_writer,
test_knowledge_base)
searcher = file_system_searcher.FileSystemSearcher(
file_system, mount_point)
plugin.Collect(test_mediator, artifact_definition, searcher,
file_system)
return test_mediator
def testCollect(self):
"""Tests the Collect function."""
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
test_file_path = shared_test_lib.GetTestFilePath(['SOFTWARE'])
file_system_builder.AddFileReadData(
'/Windows/System32/config/SOFTWARE', test_file_path)
test_file_path = shared_test_lib.GetTestFilePath(['SYSTEM'])
file_system_builder.AddFileReadData('/Windows/System32/config/SYSTEM',
test_file_path)
session = sessions.Session()
test_knowledge_base = knowledge_base.KnowledgeBase()
storage_writer = fake_writer.FakeStorageWriter()
test_mediator = mediator.PreprocessMediator(session, storage_writer,
test_knowledge_base)
mount_point = fake_path_spec.FakePathSpec(location='/')
searcher = file_system_searcher.FileSystemSearcher(
file_system_builder.file_system, mount_point)
plugin = generic.DetermineOperatingSystemPlugin()
storage_writer.Open()
try:
plugin.Collect(test_mediator, None, searcher,
file_system_builder.file_system)
finally:
storage_writer.Close()
operating_system = test_mediator.knowledge_base.GetValue(
'operating_system')
self.assertEqual(operating_system, 'Windows NT')
def testProducePreprocessingWarning(self):
"""Tests the ProducePreprocessingWarning method."""
session = sessions.Session()
storage_writer = fake_writer.FakeStorageWriter()
knowledge_base_object = knowledge_base.KnowledgeBase()
parser_mediator = mediator.PreprocessMediator(session, storage_writer,
knowledge_base_object)
storage_writer.Open()
parser_mediator.ProducePreprocessingWarning('test_plugin',
'test message')
def PreprocessSources(
self, artifact_definitions_path, custom_artifacts_path,
source_path_specs, session, storage_writer, resolver_context=None):
"""Preprocesses the sources.
Args:
artifact_definitions_path (str): path to artifact definitions directory
or file.
custom_artifacts_path (str): path to custom artifact definitions
directory or file.
source_path_specs (list[dfvfs.PathSpec]): path specifications of
the sources to process.
session (Session): session the preprocessing is part of.
storage_writer (StorageWriter): storage writer.
resolver_context (Optional[dfvfs.Context]): resolver context.
"""
artifacts_registry_object = self._BuildArtifactsRegistry(
artifact_definitions_path, custom_artifacts_path)
mediator = preprocess_mediator.PreprocessMediator(
session, storage_writer, self.knowledge_base)
detected_operating_systems = []
for source_path_spec in source_path_specs:
try:
file_system, mount_point = self.GetSourceFileSystem(
source_path_spec, resolver_context=resolver_context)
except (RuntimeError, dfvfs_errors.BackEndError) as exception:
logger.error(exception)
continue
searcher = file_system_searcher.FileSystemSearcher(
file_system, mount_point)
try:
operating_system = self._DetermineOperatingSystem(searcher)
except (ValueError, dfvfs_errors.PathSpecError) as exception:
logger.error(exception)
continue
if operating_system != definitions.OPERATING_SYSTEM_FAMILY_UNKNOWN:
preprocess_manager.PreprocessPluginsManager.RunPlugins(
artifacts_registry_object, file_system, mount_point, mediator)
detected_operating_systems.append(operating_system)
if detected_operating_systems:
logger.info('Preprocessing detected operating systems: {0:s}'.format(
', '.join(detected_operating_systems)))
self.knowledge_base.SetValue(
'operating_system', detected_operating_systems[0])
def testCollect(self):
"""Tests the Collect function."""
plugin = windows.WindowsProgramDataKnowledgeBasePlugin()
session = sessions.Session()
storage_writer = self._CreateTestStorageWriter()
test_knowledge_base = knowledge_base.KnowledgeBase()
test_mediator = mediator.PreprocessMediator(session, storage_writer,
test_knowledge_base)
plugin.Collect(test_mediator)
self.assertEqual(storage_writer.number_of_preprocessing_warnings, 0)
environment_variable = test_mediator.knowledge_base.GetEnvironmentVariable(
'programdata')
self.assertIsNone(environment_variable)
def testCollect(self):
"""Tests the Collect function."""
plugin = windows.WindowsAllUsersAppDataKnowledgeBasePlugin()
session = sessions.Session()
storage_writer = self._CreateTestStorageWriter()
test_knowledge_base = knowledge_base.KnowledgeBase()
test_mediator = mediator.PreprocessMediator(session, storage_writer,
test_knowledge_base)
plugin.Collect(test_mediator)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'preprocessing_warning')
self.assertEqual(number_of_warnings, 0)
environment_variable = test_mediator.knowledge_base.GetEnvironmentVariable(
'allusersappdata')
self.assertIsNone(environment_variable)
def _RunPreprocessorPluginOnWindowsRegistryValue(self, file_system,
mount_point,
storage_writer, plugin):
"""Runs a preprocessor plugin on a Windows Registry value.
Args:
file_system (dfvfs.FileSystem): file system to be preprocessed.
mount_point (dfvfs.PathSpec): mount point path specification that refers
to the base location of the file system.
storage_writer (StorageWriter): storage writer.
plugin (ArtifactPreprocessorPlugin): preprocessor plugin.
Return:
PreprocessMediator: preprocess mediator.
"""
artifact_definition = self._artifacts_registry.GetDefinitionByName(
plugin.ARTIFACT_DEFINITION_NAME)
self.assertIsNotNone(artifact_definition)
environment_variable = artifacts.EnvironmentVariableArtifact(
case_sensitive=False, name='SystemRoot', value='C:\\Windows')
registry_file_reader = manager.FileSystemWinRegistryFileReader(
file_system,
mount_point,
environment_variables=[environment_variable])
win_registry = dfwinreg_registry.WinRegistry(
registry_file_reader=registry_file_reader)
session = sessions.Session()
test_knowledge_base = knowledge_base.KnowledgeBase()
test_mediator = mediator.PreprocessMediator(session, storage_writer,
test_knowledge_base)
searcher = registry_searcher.WinRegistrySearcher(win_registry)
plugin.Collect(test_mediator, artifact_definition, searcher)
return test_mediator
