def testRawMemory(self, mockEvidence, mockClient):
"""Test raw memory evidence"""
mockClient.create_request.return_value = TurbiniaRequest()
args = argparse.Namespace(request_id=None,
command='rawmemory',
force_evidence=False,
decryption_keys=None,
recipe=None,
recipe_path=None,
skip_recipe_validation=False,
dump_json=None,
debug_tasks=None,
jobs_denylist=None,
jobs_allowlist=None,
run_local=False,
wait=False,
module_list=['mod1', 'mod2'])
mockEvidence.return_value = FakeEvidence(type='rawmemory',
source_path=self.source_path)
turbiniactl.process_evidence(name='My Evidence',
source_path=self.source_path,
args=args,
client=mockClient,
group_id='FakeGroupID',
profile='testProfile')
mockEvidence.assert_called_with(name='My Evidence',
source_path=mock.ANY,
profile='testProfile',
module_list=['mod1', 'mod2'])
def testRawDiskEvidence(self, mockEvidence, mockClient):
"""Test RawDisk evidence."""
mockClient.create_request.return_value = TurbiniaRequest()
args = argparse.Namespace(request_id=None,
command='rawdisk',
force_evidence=False,
decryption_keys=None,
recipe=None,
recipe_path=None,
skip_recipe_validation=False,
dump_json=None,
debug_tasks=None,
jobs_denylist=None,
jobs_allowlist=None,
run_local=False,
wait=False)
mockEvidence.return_value = FakeEvidence(type='rawdisk',
source_path=self.source_path)
config.SHARED_FILESYSTEM = True
turbiniactl.process_evidence(name='My Evidence',
source_path='/tmp/foo.img',
args=args,
source='case',
client=mockClient,
group_id='FakeGroupID')
mockEvidence.assert_called_with(name='My Evidence',
source_path='/tmp/foo.img',
source='case')
def testCloudDisk(self, mockEvidence, mockClient):
"""Test Google Cloud Disk evidence."""
mockClient.create_request.return_value = TurbiniaRequest()
args = argparse.Namespace(request_id=None,
command='googleclouddisk',
force_evidence=False,
decryption_keys=None,
recipe=None,
recipe_path=None,
skip_recipe_validation=False,
dump_json=None,
debug_tasks=None,
jobs_denylist=None,
jobs_allowlist=None,
run_local=False,
wait=False)
mockEvidence.return_value = FakeEvidence(type='googleclouddisk',
project='testProject',
disk_name='testDisk',
cloud_only=True)
turbiniactl.process_evidence(name='My Evidence',
disk_name='testDisk',
zone='testZone',
project='testProject',
args=args,
source='case',
client=mockClient,
group_id='FakeGroupID')
mockEvidence.assert_called_with(name='My Evidence',
disk_name='testDisk',
project='testProject',
source='case',
zone='testZone')
def testCompressedDirectory(self, mockEvidence, mockClient):
"""Test compressed directory evidence"""
mockClient.create_request.return_value = TurbiniaRequest()
args = argparse.Namespace(request_id=None,
command='compresseddirectory',
force_evidence=False,
decryption_keys=None,
recipe=None,
recipe_path=None,
skip_recipe_validation=False,
dump_json=None,
debug_tasks=None,
jobs_denylist=None,
jobs_allowlist=None,
run_local=False,
wait=False)
archive.ValidateTarFile = mock.MagicMock()
mockEvidence.return_value = FakeEvidence(type='compresseddirectory',
source_path=self.source_path,
cloud_only=True)
mockClient.send_request = mock.MagicMock()
turbiniactl.process_evidence(name='My Evidence',
source_path=self.source_path,
args=args,
source='case',
client=mockClient,
group_id='FakeGroupID')
self.assertTrue(archive.ValidateTarFile.called)
mockEvidence.assert_called_with(name='My Evidence',
source_path=mock.ANY,
source='case')
def testDirectoryDiskEvidence(self, mockDirectory, mockCompressedEvidence,
mockClient):
"""Test directory evidence."""
mockClient.create_request.return_value = TurbiniaRequest()
args = argparse.Namespace(request_id=None,
command='directory',
force_evidence=False,
decryption_keys=None,
recipe=None,
recipe_path=None,
skip_recipe_validation=False,
dump_json=None,
debug_tasks=None,
jobs_denylist=None,
jobs_allowlist=None,
run_local=False,
wait=False)
# Test not shared filesystem
archive.CompressDirectory = mock.MagicMock()
config.SHARED_FILESYSTEM = False
mockCompressedEvidence.return_value = FakeEvidence(
type='compresseddirectory',
source_path=self.source_path,
cloud_only=True)
mockClient.send_request = mock.MagicMock()
turbiniactl.process_evidence(name='My Evidence',
source_path=self.source_path,
args=args,
source='case',
client=mockClient,
group_id='FakeGroupID')
self.assertTrue(archive.CompressDirectory.called)
mockCompressedEvidence.assert_called_with(name='My Evidence',
source_path=mock.ANY,
source='case')
# Test Directory evidence for shared filesystem
mockDirectory.return_value = FakeEvidence(type='directory',
source_path=self.source_path)
mockDirectory.cloud_only = False
config.SHARED_FILESYSTEM = True
turbiniactl.process_evidence(name='My Evidence',
source_path=self.source_path,
args=args,
source='case',
client=mockClient,
group_id='FakeGroupID')
mockDirectory.assert_called_with(name='My Evidence',
source_path=mock.ANY,
source='case')
def testCloudEmbedded(self, mockCloudEvidence, mockEmbeddedEvidence,
mockClient, _, __):
"""Test Google Cloud Disk Embedded evidence."""
args = argparse.Namespace(request_id=None,
command='googleclouddiskembedded',
force_evidence=False,
decryption_keys=None,
recipe=None,
recipe_path=None,
dump_json=None,
debug_tasks=None,
jobs_denylist=None,
jobs_allowlist=None,
run_local=False,
wait=False)
mockCloudEvidence.return_value = FakeEvidence(type='googleclouddisk',
project='testProject',
disk_name='testDisk',
cloud_only=True)
mockEmbeddedEvidence.return_value = FakeEvidence(
type='googleclouddiskembedded',
project='testProject',
disk_name='testDisk',
cloud_only=True)
mockClient.send_request = mock.MagicMock()
mockEmbeddedEvidence.set_parent = mock.MagicMock()
turbiniactl.process_evidence(name='My Evidence',
disk_name='testDisk',
zone='testZone',
project='testProject',
args=args,
source='case',
client=mockClient,
group_id='FakeGroupID',
mount_partition='testMount')
mockCloudEvidence.assert_called_with(name='My Evidence',
disk_name='testDisk',
project='testProject',
source='case',
zone='testZone',
mount_partition='testMount')
mockEmbeddedEvidence.assert_called_with(name='My Evidence',
disk_name='testDisk',
project='testProject',
zone='testZone',
embedded_path=mock.ANY)
self.assertTrue(mockEmbeddedEvidence.called)
def testHindsight(self, mockEvidence, mockClient):
"""Test hindsight evidence"""
mockClient.create_request.return_value = TurbiniaRequest()
args = argparse.Namespace(request_id=None,
command='hindsight',
force_evidence=False,
decryption_keys=None,
recipe=None,
recipe_path=None,
skip_recipe_validation=False,
dump_json=None,
debug_tasks=None,
jobs_denylist=None,
jobs_allowlist=None,
run_local=False,
wait=False)
with self.assertRaisesRegex(TurbiniaException,
'Invalid output format.'):
turbiniactl.process_evidence(name='My Evidence',
source_path=self.source_path,
args=args,
client=mockClient,
group_id='FakeGroupID',
format='invalid')
with self.assertRaisesRegex(TurbiniaException, 'Browser type'):
turbiniactl.process_evidence(name='My Evidence',
source_path=self.source_path,
args=args,
client=mockClient,
group_id='FakeGroupID',
format='sqlite',
browser_type='firefox')
mockEvidence.return_value = FakeEvidence(type='chromiumProfile',
source_path=self.source_path)
turbiniactl.process_evidence(name='My Evidence',
source_path=self.source_path,
args=args,
client=mockClient,
group_id='FakeGroupID',
format='sqlite',
browser_type='Chrome')
mockEvidence.assert_called_with(name='My Evidence',
output_format='sqlite',
browser_type='Chrome',
source_path=mock.ANY)