def testScanDirectory(self):
"""Test the Scan function on a directory."""
test_file = self._GetTestFilePath([u'testdir_os'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_file)
self._source_scanner.Scan(scan_context)
self.assertEqual(scan_context.source_type,
definitions.SOURCE_TYPE_DIRECTORY)
scan_node = self._GetTestScanNode(scan_context)
self.assertIsNotNone(scan_node)
self.assertIsNotNone(scan_node.path_spec)
self.assertEqual(scan_node.type_indicator,
definitions.TYPE_INDICATOR_OS)
test_file = self._GetTestFilePath([u'testdir_os', u'file1.txt'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_file)
self._source_scanner.Scan(scan_context)
self.assertEqual(scan_context.source_type,
definitions.SOURCE_TYPE_FILE)
scan_node = self._GetTestScanNode(scan_context)
self.assertIsNotNone(scan_node)
self.assertIsNotNone(scan_node.path_spec)
self.assertEqual(scan_node.type_indicator,
definitions.TYPE_INDICATOR_OS)
def testScanVolumeScanNodeRAW(self):
"""Tests the _ScanVolumeScanNode function on a RAW image."""
test_scanner = volume_scanner.VolumeScanner()
test_file = self._GetTestFilePath([u'ímynd.dd'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_file)
test_scanner._source_scanner.Scan(scan_context)
volume_scan_node = scan_context.GetRootScanNode()
base_path_specs = []
test_scanner._ScanVolumeScanNode(scan_context, volume_scan_node,
base_path_specs)
self.assertEqual(len(base_path_specs), 1)
# Test error conditions.
scan_context = source_scanner.SourceScannerContext()
with self.assertRaises(errors.ScannerError):
test_scanner._ScanVolumeScanNode(scan_context, None, [])
volume_scan_node = source_scanner.SourceScanNode(None)
with self.assertRaises(errors.ScannerError):
test_scanner._ScanVolumeScanNode(scan_context, volume_scan_node,
[])
def testGetTSKPartitionIdentifiersOnPartitionedImage(self):
"""Tests the _GetTSKPartitionIdentifiers function on a partitioned image."""
# Test with mediator.
test_mediator = TestVolumeScannerMediator()
test_scanner = volume_scanner.VolumeScanner(mediator=test_mediator)
test_options = volume_scanner.VolumeScannerOptions()
test_path = self._GetTestFilePath(['tsk_volume_system.raw'])
self._SkipIfPathNotExists(test_path)
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_scanner._source_scanner.Scan(scan_context)
scan_node = self._GetTestScanNode(scan_context)
identifiers = test_scanner._GetPartitionIdentifiers(
scan_node, test_options)
self.assertEqual(len(identifiers), 2)
self.assertEqual(identifiers, ['p1', 'p2'])
# Test without mediator.
test_scanner = volume_scanner.VolumeScanner()
test_options = volume_scanner.VolumeScannerOptions()
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_scanner._source_scanner.Scan(scan_context)
scan_node = self._GetTestScanNode(scan_context)
with self.assertRaises(errors.ScannerError):
test_scanner._GetPartitionIdentifiers(scan_node, test_options)
def testScanVolumeScanNode(self):
"""Tests the _ScanVolumeScanNode function on VSS."""
test_mediator = TestVolumeScannerMediator()
test_scanner = volume_scanner.VolumeScanner(test_mediator)
# Test VSS root.
test_file = self._GetTestFilePath([u'vsstest.qcow2'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_file)
test_scanner._source_scanner.Scan(scan_context)
volume_scan_node = self._GetTestScanNode(scan_context)
base_path_specs = []
test_scanner._ScanVolumeScanNode(scan_context, volume_scan_node,
base_path_specs)
self.assertEqual(len(base_path_specs), 0)
# Test VSS volume.
test_file = self._GetTestFilePath([u'vsstest.qcow2'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_file)
test_scanner._source_scanner.Scan(scan_context)
volume_scan_node = self._GetTestScanNode(scan_context)
base_path_specs = []
test_scanner._ScanVolumeScanNode(scan_context,
volume_scan_node.sub_nodes[0],
base_path_specs)
self.assertEqual(len(base_path_specs), 2)
def testScanOnBDE(self):
"""Test the Scan function on BDE."""
resolver.Resolver.key_chain.Empty()
test_path = self._GetTestFilePath(['bdetogo.raw'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
self._source_scanner.Scan(scan_context)
self.assertEqual(
scan_context.source_type, definitions.SOURCE_TYPE_STORAGE_MEDIA_IMAGE)
scan_node = self._GetTestScanNode(scan_context)
self.assertIsNotNone(scan_node)
self.assertEqual(scan_node.type_indicator, definitions.TYPE_INDICATOR_RAW)
scan_node = scan_node.GetSubNodeByLocation(None)
self.assertIsNotNone(scan_node)
self.assertEqual(scan_node.type_indicator, definitions.TYPE_INDICATOR_BDE)
self.assertEqual(len(scan_node.sub_nodes), 0)
self.assertTrue(scan_context.IsLockedScanNode(scan_node.path_spec))
self._source_scanner.Unlock(
scan_context, scan_node.path_spec, 'password', self._BDE_PASSWORD)
self.assertFalse(scan_context.IsLockedScanNode(scan_node.path_spec))
self._source_scanner.Scan(scan_context, scan_path_spec=scan_node.path_spec)
self.assertEqual(len(scan_node.sub_nodes), 1)
scan_node = scan_node.GetSubNodeByLocation('/')
self.assertIsNotNone(scan_node)
self.assertIsNotNone(scan_node.path_spec)
self.assertEqual(scan_node.type_indicator, definitions.TYPE_INDICATOR_TSK)
def testScanOnVSS(self):
"""Test the Scan function on VSS."""
test_path = self._GetTestFilePath(['vsstest.qcow2'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
self._source_scanner.Scan(scan_context)
self.assertEqual(
scan_context.source_type, definitions.SOURCE_TYPE_STORAGE_MEDIA_IMAGE)
scan_node = self._GetTestScanNode(scan_context)
self.assertIsNotNone(scan_node)
self.assertEqual(scan_node.type_indicator, definitions.TYPE_INDICATOR_QCOW)
self.assertEqual(len(scan_node.sub_nodes), 2)
scan_node = scan_node.sub_nodes[0]
self.assertEqual(
scan_node.type_indicator, definitions.TYPE_INDICATOR_VSHADOW)
self.assertEqual(len(scan_node.sub_nodes), 2)
scan_node = scan_node.sub_nodes[0]
self.assertEqual(
scan_node.type_indicator, definitions.TYPE_INDICATOR_VSHADOW)
# By default the file system inside a VSS volume is not scanned.
self.assertEqual(len(scan_node.sub_nodes), 0)
self._source_scanner.Scan(scan_context, scan_path_spec=scan_node.path_spec)
self.assertEqual(len(scan_node.sub_nodes), 1)
scan_node = scan_node.GetSubNodeByLocation('/')
self.assertIsNotNone(scan_node)
expected_type_indicator = definitions.PREFERRED_NTFS_BACK_END
self.assertEqual(scan_node.type_indicator, expected_type_indicator)
def testScanVolumeOnAPFS(self):
"""Tests the _ScanVolume function on an APFS image."""
resolver.Resolver.key_chain.Empty()
test_tool = storage_media_tool.StorageMediaTool()
test_path = self._GetTestFilePath(['apfs.dmg'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_tool._source_scanner.Scan(scan_context)
scan_node = self._GetTestScanNode(scan_context)
apfs_container_scan_node = scan_node.sub_nodes[4].sub_nodes[0]
# Test on volume system root node.
base_path_specs = []
test_tool._ScanVolume(
scan_context, apfs_container_scan_node, base_path_specs)
self.assertEqual(len(base_path_specs), 1)
# Test on volume system sub node.
base_path_specs = []
test_tool._ScanVolume(
scan_context, apfs_container_scan_node.sub_nodes[0], base_path_specs)
self.assertEqual(len(base_path_specs), 1)
def testScanVolumeOnVSS(self):
"""Tests the _ScanVolume function on VSS."""
test_tool = storage_media_tool.StorageMediaTool()
test_tool._process_vss = True
test_tool._vss_only = False
test_tool._vss_stores = 'all'
test_path = self._GetTestFilePath(['vsstest.qcow2'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_tool._source_scanner.Scan(scan_context)
scan_node = self._GetTestScanNode(scan_context)
vss_scan_node = scan_node.sub_nodes[0]
# Test on volume system root node.
base_path_specs = []
test_tool._ScanVolume(scan_context, vss_scan_node, base_path_specs)
self.assertEqual(len(base_path_specs), 2)
# Test on volume system sub node.
base_path_specs = []
test_tool._ScanVolume(
scan_context, vss_scan_node.sub_nodes[0], base_path_specs)
self.assertEqual(len(base_path_specs), 1)
def testScanVolumeSystemRootOnLVM(self):
"""Tests the _ScanVolumeSystemRoot function on a LVM image."""
test_file_path = self._GetTestFilePath(['lvm.raw'])
self._SkipIfPathNotExists(test_file_path)
resolver.Resolver.key_chain.Empty()
test_scanner = storage_media_tool.StorageMediaToolVolumeScanner()
options = storage_media_tool.StorageMediaToolVolumeScannerOptions()
options.scan_mode = options.SCAN_MODE_ALL
options.volumes = ['all']
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_file_path)
test_scanner._source_scanner.Scan(scan_context)
lvm_scan_node = self._GetTestScanNode(scan_context)
base_path_specs = []
test_scanner._ScanVolumeSystemRoot(
scan_context, lvm_scan_node, options, base_path_specs)
self.assertEqual(len(base_path_specs), 1)
# Test error conditions.
with self.assertRaises(dfvfs_errors.ScannerError):
test_scanner._ScanVolumeSystemRoot(
scan_context, lvm_scan_node.sub_nodes[0], options, base_path_specs)
def Analyze(self, source_path, output_writer):
"""Analyzes the source.
Args:
source_path (str): the source path.
output_writer (StdoutWriter): the output writer.
Raises:
RuntimeError: if the source path does not exists, or if the source path
is not a file or directory, or if the format of or within the source
file is not supported.
"""
if (not source_path.startswith('\\\\.\\')
and not os.path.exists(source_path)):
raise RuntimeError('No such source: {0:s}.'.format(source_path))
scan_context = source_scanner.SourceScannerContext()
scan_path_spec = None
scan_step = 0
scan_context.OpenSourcePath(source_path)
while True:
self._source_scanner.Scan(scan_context,
auto_recurse=self._auto_recurse,
scan_path_spec=scan_path_spec)
if not scan_context.updated:
break
if not self._auto_recurse:
output_writer.WriteScanContext(scan_context,
scan_step=scan_step)
scan_step += 1
# The source is a directory or file.
if scan_context.source_type in (
dfvfs_definitions.SOURCE_TYPE_DIRECTORY,
dfvfs_definitions.SOURCE_TYPE_FILE):
break
# The source scanner found a locked volume, e.g. an encrypted volume,
# and we need a credential to unlock the volume.
for locked_scan_node in scan_context.locked_scan_nodes:
credentials = credentials_manager.CredentialsManager.GetCredentials(
locked_scan_node.path_spec)
self._mediator.UnlockEncryptedVolume(self._source_scanner,
scan_context,
locked_scan_node,
credentials)
if not self._auto_recurse:
scan_node = scan_context.GetUnscannedScanNode()
if not scan_node:
return
scan_path_spec = scan_node.path_spec
if self._auto_recurse:
output_writer.WriteScanContext(scan_context)
def testScanVolumeOnVSS(self):
"""Tests the _ScanVolume function on VSS."""
test_mediator = TestVolumeScannerMediator()
test_scanner = volume_scanner.VolumeScanner(mediator=test_mediator)
test_options = volume_scanner.VolumeScannerOptions()
test_path = self._GetTestFilePath(['vsstest.qcow2'])
self._SkipIfPathNotExists(test_path)
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_scanner._source_scanner.Scan(scan_context)
scan_node = self._GetTestScanNode(scan_context)
vss_scan_node = scan_node.sub_nodes[0]
# Test on volume system root node.
base_path_specs = []
test_scanner._ScanVolume(scan_context, vss_scan_node, test_options,
base_path_specs)
self.assertEqual(len(base_path_specs), 2)
# Test on volume system sub node.
base_path_specs = []
test_scanner._ScanVolume(scan_context, vss_scan_node.sub_nodes[0],
test_options, base_path_specs)
self.assertEqual(len(base_path_specs), 1)
def testScanVolumeScanNodeEncrypted(self):
"""Tests the _ScanVolumeScanNodeEncrypted function."""
resolver.Resolver.key_chain.Empty()
test_mediator = TestVolumeScannerMediator()
test_scanner = volume_scanner.VolumeScanner(test_mediator)
test_file = self._GetTestFilePath([u'bdetogo.raw'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_file)
test_scanner._source_scanner.Scan(scan_context)
volume_scan_node = self._GetTestScanNode(scan_context)
base_path_specs = []
test_scanner._ScanVolumeScanNode(scan_context,
volume_scan_node.sub_nodes[0],
base_path_specs)
self.assertEqual(len(base_path_specs), 1)
# Test error conditions.
path_spec = fake_path_spec.FakePathSpec(location=u'/')
scan_node = source_scanner.SourceScanNode(path_spec)
with self.assertRaises(errors.ScannerError):
test_scanner._ScanVolumeScanNodeEncrypted(scan_node, None, [])
volume_scan_node = source_scanner.SourceScanNode(None)
with self.assertRaises(errors.ScannerError):
test_scanner._ScanVolumeScanNodeEncrypted(scan_node,
volume_scan_node, [])
def testScanOnAPFS(self):
"""Test the Scan function on an APFS image."""
test_path = self._GetTestFilePath(['apfs.dmg'])
self._SkipIfPathNotExists(test_path)
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
self._source_scanner.Scan(scan_context)
self.assertEqual(
scan_context.source_type, definitions.SOURCE_TYPE_STORAGE_MEDIA_IMAGE)
scan_node = self._GetTestScanNode(scan_context)
self.assertIsNotNone(scan_node)
self.assertEqual(
scan_node.type_indicator, definitions.TYPE_INDICATOR_TSK_PARTITION)
self.assertEqual(len(scan_node.sub_nodes), 6)
scan_node = scan_node.sub_nodes[4].GetSubNodeByLocation('/')
self.assertIsNotNone(scan_node)
self.assertEqual(
scan_node.type_indicator, definitions.TYPE_INDICATOR_APFS_CONTAINER)
self.assertEqual(len(scan_node.sub_nodes), 1)
scan_node = scan_node.sub_nodes[0]
self.assertIsNotNone(scan_node)
self.assertEqual(
scan_node.type_indicator, definitions.TYPE_INDICATOR_APFS_CONTAINER)
self.assertEqual(len(scan_node.sub_nodes), 1)
scan_node = scan_node.GetSubNodeByLocation('/')
self.assertIsNotNone(scan_node)
self.assertEqual(scan_node.type_indicator, definitions.TYPE_INDICATOR_APFS)
def _ConfigureStorageMediaFileTest(self):
"""Configure a test against a storage media file.
Returns:
A front-end object (instance of PregFrontend).
"""
front_end = preg.PregFrontend()
front_end.SetSingleFile(False)
knowledge_base_object = knowledge_base.KnowledgeBase()
front_end.SetKnowledgeBase(knowledge_base_object)
storage_media_path = self._GetTestFilePath([u'registry_test.dd'])
test_source_scanner = source_scanner.SourceScanner()
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(storage_media_path)
test_source_scanner.Scan(scan_context)
# Getting the most upper node.
scan_node = scan_context.GetRootScanNode()
while scan_node.sub_nodes:
scan_node = scan_node.sub_nodes[0]
front_end.SetSourcePath(storage_media_path)
front_end.SetSourcePathSpecs([scan_node.path_spec])
return front_end
def testScanVolumeSystemRootOnAPFS(self):
"""Tests the _ScanVolumeSystemRoot function on an APFS image."""
resolver.Resolver.key_chain.Empty()
test_mediator = TestVolumeScannerMediator()
test_scanner = volume_scanner.VolumeScanner(mediator=test_mediator)
test_options = volume_scanner.VolumeScannerOptions()
test_path = self._GetTestFilePath(['apfs.dmg'])
self._SkipIfPathNotExists(test_path)
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_scanner._source_scanner.Scan(scan_context)
scan_node = self._GetTestScanNode(scan_context)
apfs_container_scan_node = scan_node.sub_nodes[4].sub_nodes[0]
base_path_specs = []
test_scanner._ScanVolumeSystemRoot(scan_context,
apfs_container_scan_node,
test_options, base_path_specs)
self.assertEqual(len(base_path_specs), 1)
# Test error conditions.
with self.assertRaises(errors.ScannerError):
test_scanner._ScanVolumeSystemRoot(
scan_context, apfs_container_scan_node.sub_nodes[0],
test_options, base_path_specs)
def testScanFVDE(self):
"""Test the Scan function on FVDE."""
resolver.Resolver.key_chain.Empty()
test_file = self._GetTestFilePath(['fvdetest.qcow2'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_file)
self._source_scanner.Scan(scan_context)
self.assertEqual(
scan_context.source_type, definitions.SOURCE_TYPE_STORAGE_MEDIA_IMAGE)
scan_node = self._GetTestScanNode(scan_context)
self.assertIsNotNone(scan_node)
self.assertEqual(
scan_node.type_indicator, definitions.TYPE_INDICATOR_TSK_PARTITION)
scan_node = scan_node.GetSubNodeByLocation('/p1')
scan_node = scan_node.sub_nodes[0]
self.assertIsNotNone(scan_node)
self.assertEqual(scan_node.type_indicator, definitions.TYPE_INDICATOR_FVDE)
self.assertEqual(len(scan_node.sub_nodes), 0)
self._source_scanner.Unlock(
scan_context, scan_node.path_spec, 'password', self._FVDE_PASSWORD)
self._source_scanner.Scan(scan_context, scan_path_spec=scan_node.path_spec)
self.assertEqual(len(scan_node.sub_nodes), 1)
scan_node = scan_node.GetSubNodeByLocation('/')
self.assertIsNotNone(scan_node)
self.assertIsNotNone(scan_node.path_spec)
self.assertEqual(scan_node.type_indicator, definitions.TYPE_INDICATOR_TSK)
def testScanVolumeOnEncryptedAPFS(self):
"""Tests the _ScanVolume function on an encrypted APFS image."""
resolver.Resolver.key_chain.Empty()
test_mediator = TestVolumeScannerMediator()
test_scanner = volume_scanner.VolumeScanner(mediator=test_mediator)
test_options = volume_scanner.VolumeScannerOptions()
test_path = self._GetTestFilePath(['apfs_encrypted.dmg'])
self._SkipIfPathNotExists(test_path)
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_scanner._source_scanner.Scan(scan_context)
scan_node = self._GetTestScanNode(scan_context)
apfs_container_scan_node = scan_node.sub_nodes[4].sub_nodes[0]
# Test on volume system root node.
base_path_specs = []
test_scanner._ScanVolume(scan_context, apfs_container_scan_node,
test_options, base_path_specs)
self.assertEqual(len(base_path_specs), 1)
# Test on volume system sub node.
base_path_specs = []
test_scanner._ScanVolume(scan_context,
apfs_container_scan_node.sub_nodes[0],
test_options, base_path_specs)
self.assertEqual(len(base_path_specs), 1)
def testScanOnNonExisting(self):
"""Test the Scan function on non-existing image file."""
test_path = self._GetTestFilePath(['nosuchfile.raw'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
with self.assertRaises(errors.BackEndError):
self._source_scanner.Scan(scan_context)
def testScanNonExisting(self):
"""Test the Scan function."""
test_file = self._GetTestFilePath([u'nosuchfile.raw'])
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_file)
with self.assertRaises(errors.BackEndError):
_ = self._source_scanner.Scan(scan_context)
def ScanSource(self, source_path):
if os.path.islink(source_path):
source_path = os.path.realpath(source_path)
if (not source_path.startswith('\\\\.\\')
and not os.path.exists(source_path)):
raise errors.SourceScannerError(
'No such device, file or directory: {0:s}.'.format(
source_path))
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(source_path)
try:
self._source_scanner.Scan(scan_context)
except (ValueError, dfvfs_errors.BackEndError) as exception:
raise errors.SourceScannerError(
'Unable to scan source with error: {0!s}.'.format(exception))
# 경로를 입력받을 때
if scan_context.source_type not in (
scan_context.SOURCE_TYPE_STORAGE_MEDIA_DEVICE,
scan_context.SOURCE_TYPE_STORAGE_MEDIA_IMAGE):
scan_node = scan_context.GetRootScanNode()
self._source_path_specs.append(scan_node.path_spec)
return scan_context
# Get the first node where where we need to decide what to process.
scan_node = scan_context.GetRootScanNode()
while len(scan_node.sub_nodes) == 1:
scan_node = scan_node.sub_nodes[0]
# if type_indicator가 TSK_PARTITION이 아닌 경우
base_path_specs = []
if scan_node.type_indicator != (
dfvfs_definitions.TYPE_INDICATOR_TSK_PARTITION):
self._ScanVolume(scan_context, scan_node, base_path_specs)
# type_indicator가 TSK_PARTITION인 경우
else:
# Determine which partition needs to be processed.
partition_identifiers = self._GetTSKPartitionIdentifiers(scan_node)
if not partition_identifiers:
raise errors.SourceScannerError('No partitions found.')
for partition_identifier in partition_identifiers:
location = '/{0:s}'.format(partition_identifier)
sub_scan_node = scan_node.GetSubNodeByLocation(location)
self._ScanVolume(scan_context, sub_scan_node, base_path_specs)
if not base_path_specs:
raise errors.SourceScannerError(
'No supported file system found in source.')
self._source_path_specs = base_path_specs
return scan_context
def testGetVSSStoreIdentifiers(self):
"""Tests the _GetVSSStoreIdentifiers function."""
# Test with mediator.
test_mediator = TestVolumeScannerMediator()
test_scanner = volume_scanner.VolumeScanner(mediator=test_mediator)
test_options = volume_scanner.VolumeScannerOptions()
test_path = self._GetTestFilePath(['vsstest.qcow2'])
self._SkipIfPathNotExists(test_path)
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_scanner._source_scanner.Scan(scan_context)
scan_node = self._GetTestScanNode(scan_context)
identifiers = test_scanner._GetVSSStoreIdentifiers(
scan_node.sub_nodes[0], test_options)
self.assertEqual(len(identifiers), 2)
self.assertEqual(identifiers, ['vss1', 'vss2'])
# Test without mediator.
test_scanner = volume_scanner.VolumeScanner()
test_options = volume_scanner.VolumeScannerOptions()
test_path = self._GetTestFilePath(['vsstest.qcow2'])
self._SkipIfPathNotExists(test_path)
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_scanner._source_scanner.Scan(scan_context)
scan_node = self._GetTestScanNode(scan_context)
with self.assertRaises(errors.ScannerError):
test_scanner._GetVSSStoreIdentifiers(scan_node.sub_nodes[0],
test_options)
# Test error conditions.
with self.assertRaises(errors.ScannerError):
test_scanner._GetVSSStoreIdentifiers(None, test_options)
scan_node = source_scanner.SourceScanNode(None)
with self.assertRaises(errors.ScannerError):
test_scanner._GetVSSStoreIdentifiers(scan_node, test_options)
def testSetSourceType(self):
"""Test the SetSourceType function."""
test_context = source_scanner.SourceScannerContext()
test_context.SetSourceType(definitions.SOURCE_TYPE_FILE)
self.assertEqual(test_context.source_type, definitions.SOURCE_TYPE_FILE)
test_context.SetSourceType(definitions.SOURCE_TYPE_DIRECTORY)
self.assertEqual(test_context.source_type, definitions.SOURCE_TYPE_FILE)
def testScanVolumeOnEncryptedAPFS(self):
"""Tests the _ScanVolume function on an encrypted APFS image."""
resolver.Resolver.key_chain.Empty()
test_mediator = TestVolumeScannerMediator()
test_scanner = volume_scanner.VolumeScanner(mediator=test_mediator)
test_options = volume_scanner.VolumeScannerOptions()
test_path = self._GetTestFilePath(['apfs_encrypted.dmg'])
self._SkipIfPathNotExists(test_path)
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(test_path)
test_scanner._source_scanner.Scan(scan_context)
scan_node = scan_context.GetRootScanNode()
self.assertIsNotNone(scan_node)
self.assertEqual(scan_node.type_indicator,
definitions.TYPE_INDICATOR_OS)
self.assertEqual(len(scan_node.sub_nodes), 1)
scan_node = scan_node.sub_nodes[0]
self.assertIsNotNone(scan_node)
self.assertEqual(scan_node.type_indicator,
definitions.TYPE_INDICATOR_RAW)
self.assertEqual(len(scan_node.sub_nodes), 1)
scan_node = scan_node.sub_nodes[0]
self.assertIsNotNone(scan_node)
self.assertEqual(scan_node.type_indicator,
definitions.PREFERRED_GPT_BACK_END)
if scan_node.type_indicator == definitions.TYPE_INDICATOR_GPT:
self.assertEqual(len(scan_node.sub_nodes), 1)
scan_node = scan_node.sub_nodes[0]
else:
# The pytsk partition back-end yields more than 1 scan node for various
# metadata and unallocated parts of the GPT.
self.assertEqual(len(scan_node.sub_nodes), 6)
scan_node = scan_node.sub_nodes[4]
apfs_container_scan_node = scan_node.sub_nodes[0]
# Test on volume system root node.
base_path_specs = []
test_scanner._ScanVolume(scan_context, apfs_container_scan_node,
test_options, base_path_specs)
self.assertEqual(len(base_path_specs), 1)
# Test on volume system sub node.
base_path_specs = []
test_scanner._ScanVolume(scan_context,
apfs_container_scan_node.sub_nodes[0],
test_options, base_path_specs)
self.assertEqual(len(base_path_specs), 1)
def testHasScanNode(self):
"""Test the HasScanNode function."""
test_fake_path_spec = fake_path_spec.FakePathSpec(location='/')
test_context = source_scanner.SourceScannerContext()
self.assertFalse(test_context.HasScanNode(test_fake_path_spec))
test_context.AddScanNode(test_fake_path_spec, None)
self.assertTrue(test_context.HasScanNode(test_fake_path_spec))
def testAddScanNode(self):
"""Test the AddScanNode function."""
test_context = source_scanner.SourceScannerContext()
self.assertEqual(len(test_context._scan_nodes), 0)
test_fake_path_spec = fake_path_spec.FakePathSpec(location='/')
test_context.AddScanNode(test_fake_path_spec, None)
self.assertEqual(len(test_context._scan_nodes), 1)
def testOpenSourcePath(self):
"""Test the OpenSourcePath function."""
test_context = source_scanner.SourceScannerContext()
self.assertEqual(len(test_context._scan_nodes), 0)
test_path = self._GetTestFilePath(['testdir_os', 'file1.txt'])
test_context.OpenSourcePath(test_path)
self.assertEqual(len(test_context._scan_nodes), 1)
def Analyze(self, source_path, output_writer):
"""Analyzes the source.
Args:
source_path: the source path.
output_writer: the output writer (instance of StdoutWriter).
Raises:
RuntimeError: if the source path does not exists, or if the source path
is not a file or directory, or if the format of or within
the source file is not supported.
"""
if not os.path.exists(source_path):
raise RuntimeError(u'No such source: {0:s}.'.format(source_path))
scan_context = source_scanner.SourceScannerContext()
scan_path_spec = None
scan_step = 0
scan_context.OpenSourcePath(source_path)
while True:
self._source_scanner.Scan(scan_context,
auto_recurse=self._auto_recurse,
scan_path_spec=scan_path_spec)
if not scan_context.updated:
break
if not self._auto_recurse:
output_writer.WriteScanContext(scan_context,
scan_step=scan_step)
scan_step += 1
# The source is a directory or file.
if scan_context.source_type in [
definitions.SOURCE_TYPE_DIRECTORY,
definitions.SOURCE_TYPE_FILE
]:
break
# The source scanner found a locked volume, e.g. an encrypted volume,
# and we need a credential to unlock the volume.
for locked_scan_node in scan_context.locked_scan_nodes:
self._PromptUserForEncryptedVolumeCredential(
scan_context, locked_scan_node, output_writer)
if not self._auto_recurse:
scan_node = scan_context.GetUnscannedScanNode()
if not scan_node:
return
scan_path_spec = scan_node.path_spec
if self._auto_recurse:
output_writer.WriteScanContext(scan_context)
def testLockScanNode(self):
"""Test the LockScanNode function."""
test_fake_path_spec = fake_path_spec.FakePathSpec(location='/')
test_context = source_scanner.SourceScannerContext()
with self.assertRaises(KeyError):
test_context.LockScanNode(test_fake_path_spec)
test_context.AddScanNode(test_fake_path_spec, None)
test_context.LockScanNode(test_fake_path_spec)
def testIsSourceTypeFile(self):
"""Test the IsSourceTypeFile function."""
test_context = source_scanner.SourceScannerContext()
self.assertIsNone(test_context.IsSourceTypeFile())
test_context.source_type = definitions.SOURCE_TYPE_FILE
self.assertTrue(test_context.IsSourceTypeFile())
test_context.source_type = definitions.SOURCE_TYPE_DIRECTORY
self.assertFalse(test_context.IsSourceTypeFile())
def testGetScanNode(self):
"""Test the GetScanNode function."""
test_fake_path_spec = fake_path_spec.FakePathSpec(location='/')
test_context = source_scanner.SourceScannerContext()
scan_node = test_context.GetScanNode(test_fake_path_spec)
self.assertIsNone(scan_node)
test_context.AddScanNode(test_fake_path_spec, None)
scan_node = test_context.GetScanNode(test_fake_path_spec)
self.assertIsNotNone(scan_node)
