def is_valid_for(self, target_file: TargetPath): if "Event Log" in target_file.get_type() and \ target_file.is_file() and \ isinstance(target_file, TargetFile) and \ target_file.get_extension() == ".evtx": return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): if "ASCII text" in target_file.get_type(): return True if "UTF-8 Unicode text" in target_file.get_type(): return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): if isinstance(target_file, TargetFile): if target_file.get_extension() in [ ".cer", ".crt", ".cer", ".der", ".pem" ]: return True return False
def _check_extensions(self, target_file: TargetPath): if target_file.is_file(): if EXTENSIONS in self._params: if self._extensions is None: self._extensions = self._read_file( self._params[EXTENSIONS]) if isinstance(target_file, TargetFile): if target_file.get_extension() in self._extensions: self._ignore()
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): if "ignore_extensions" in self.get_params(): if isinstance(target_file, TargetFile): if target_file.get_extension() in self.get_params( )["ignore_extensions"].split(","): return False return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): if "JPEG image data" in target_file.get_type(): return True elif "PNG image data" in target_file.get_type(): return True elif "GIF image data" in target_file.get_type(): return True return False
def _check_sizes(self, target_file: TargetPath): info = target_file.get_info() if target_file.is_file() and "st_size" in info: if IGNORE_MAX in self._params: if self._max_size is None: self._max_size = int(self._params[IGNORE_MAX]) if info["st_size"] >= self._max_size: self._ignore() if IGNORE_MIN in self._params: if self._min_size is None: self._min_size = int(self._params[IGNORE_MIN]) if info["st_size"] <= self._min_size: self._ignore()
def _check_paths(self, target_path: TargetPath): if PATH in self._params: if self._paths is None: paths_list = self._read_file(self._params[PATH]) self._paths = [] for path in paths_list: self._paths.append(os.path.abspath(path)) path = os.path.abspath(target_path.get_path()) while path not in ["", ".", ".."]: if path in self._paths: self._ignore() path = os.path.dirname(path)
def test_directory(self): path = "./tests/examples/testdirectorydonotinsertmoreitems" target_path = TargetPath(path) self.assertEqual(target_path.get_name(), "testdirectorydonotinsertmoreitems") self.assertEqual(target_path.get_path(), path) self.assertEqual(target_path.get_directory(), "./tests/examples") info = target_path.get_info() self.assertTrue("st_atime" in info) self.assertTrue("st_ctime" in info) self.assertTrue("st_mtime" in info)
def test_file(self): path = "./tests/examples/collie.jpg" target_path = TargetPath(path) self.assertEqual(target_path.get_name(), "collie.jpg") self.assertEqual(target_path.get_path(), path) self.assertEqual(target_path.get_directory(), "./tests/examples") info = target_path.get_info() self.assertEqual(info["st_size"], 19863) self.assertTrue("st_atime" in info) self.assertTrue("st_ctime" in info) self.assertTrue("st_mtime" in info)
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): if "PDF document" in target_file.get_type(): return True elif "Composite Document" in target_file.get_type(): return True elif "OpenDocument" in target_file.get_type(): return True elif "Microsoft Word" in target_file.get_type(): return True elif "Microsoft Excel" in target_file.get_type(): return True elif "Microsoft PowerPoint" in target_file.get_type(): return True if isinstance(target_file, TargetFile): if target_file.get_extension() in [ ".pages", ".numbers", ".keynote" ]: return True return False
def test_invalid_file3(self): path = "./tests/examples" target_file = TargetPath(path) module = Constructor() self.assertFalse(module.is_valid_for(target_file))
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): if ("Zip archive data" in target_file.get_type()): return True return False
def is_valid_for(self, target_file: TargetPath): if "Windows registry" in target_file.get_type() and \ target_file.is_file(): return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file( ) and "Microsoft Outlook email" in target_file.get_type(): return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): if "SQLite" in target_file.get_type() and ("History" in target_file.get_name() \ or "places" in target_file.get_name()): return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file() \ and isinstance(target_file, TargetFile) \ and target_file.get_extension() == ".pf": return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): return True return False
def is_valid_for(self, target_file: TargetPath): if target_file.is_file(): if "data" in target_file.get_type( ) and "MFT" in target_file.get_name(): return True return False