From a0c5d891ba03a9aea125af247dfba2d6daa66f71 Mon Sep 17 00:00:00 2001 From: Matthijs Vos Date: Fri, 3 Jan 2025 15:22:06 +0100 Subject: [PATCH] Add tests --- dissect/target/loaders/acquire.py | 10 ++- dissect/target/loaders/dir.py | 5 +- .../test-anon-filesystems.tar | 0 .../test-windows-fs-c-absolute.tar | 0 .../test-windows-fs-c-relative.tar | 0 .../{tar => acquire}/test-windows-fs-x.tar | 0 .../test-windows-sysvol-absolute.tar | 0 .../test-windows-sysvol-relative.tar | 0 .../uppercase_driveletter.tar | 0 tests/loaders/test_acquire.py | 70 +++++++++++++++++++ tests/loaders/test_tar.py | 68 +++--------------- 11 files changed, 91 insertions(+), 62 deletions(-) rename tests/_data/loaders/{tar => acquire}/test-anon-filesystems.tar (100%) rename tests/_data/loaders/{tar => acquire}/test-windows-fs-c-absolute.tar (100%) rename tests/_data/loaders/{tar => acquire}/test-windows-fs-c-relative.tar (100%) rename tests/_data/loaders/{tar => acquire}/test-windows-fs-x.tar (100%) rename tests/_data/loaders/{tar => acquire}/test-windows-sysvol-absolute.tar (100%) rename tests/_data/loaders/{tar => acquire}/test-windows-sysvol-relative.tar (100%) rename tests/_data/loaders/{tar => acquire}/uppercase_driveletter.tar (100%) create mode 100644 tests/loaders/test_acquire.py diff --git a/dissect/target/loaders/acquire.py b/dissect/target/loaders/acquire.py index a5086246a..bea0a81ea 100644 --- a/dissect/target/loaders/acquire.py +++ b/dissect/target/loaders/acquire.py @@ -13,6 +13,7 @@ log = logging.getLogger(__name__) FILESYSTEMS_ROOT = "fs" +FILESYSTEMS_LEGACY_ROOT = "sysvol" def _get_root(path: Path): @@ -41,10 +42,15 @@ def detect(path: Path) -> bool: if not root: return False - return root.joinpath(FILESYSTEMS_ROOT).exists() + return root.joinpath(FILESYSTEMS_ROOT).exists() or root.joinpath(FILESYSTEMS_LEGACY_ROOT).exists() def map(self, target: Target) -> None: + # Handle both root dir 'fs' and 'sysvol' (legacy) + fs_root = self.root + if fs_root.joinpath(FILESYSTEMS_ROOT).exists(): + fs_root = fs_root.joinpath(FILESYSTEMS_ROOT) + find_and_map_dirs( target, - self.root.joinpath(FILESYSTEMS_ROOT) + fs_root ) diff --git a/dissect/target/loaders/dir.py b/dissect/target/loaders/dir.py index ce1118945..aa938bbbc 100644 --- a/dissect/target/loaders/dir.py +++ b/dissect/target/loaders/dir.py @@ -135,7 +135,10 @@ def find_dirs(path: Path) -> tuple[str, list[Path]]: for p in path.iterdir(): # Look for directories like C or C: if p.is_dir() and (is_drive_letter_path(p) or p.name in ("sysvol", "$rootfs$")): - dirs.append(p) + if p.name == "sysvol": + dirs.append(('c', p)) + else: + dirs.append(p) if not os_type: os_type = os_type_from_path(p) diff --git a/tests/_data/loaders/tar/test-anon-filesystems.tar b/tests/_data/loaders/acquire/test-anon-filesystems.tar similarity index 100% rename from tests/_data/loaders/tar/test-anon-filesystems.tar rename to tests/_data/loaders/acquire/test-anon-filesystems.tar diff --git a/tests/_data/loaders/tar/test-windows-fs-c-absolute.tar b/tests/_data/loaders/acquire/test-windows-fs-c-absolute.tar similarity index 100% rename from tests/_data/loaders/tar/test-windows-fs-c-absolute.tar rename to tests/_data/loaders/acquire/test-windows-fs-c-absolute.tar diff --git a/tests/_data/loaders/tar/test-windows-fs-c-relative.tar b/tests/_data/loaders/acquire/test-windows-fs-c-relative.tar similarity index 100% rename from tests/_data/loaders/tar/test-windows-fs-c-relative.tar rename to tests/_data/loaders/acquire/test-windows-fs-c-relative.tar diff --git a/tests/_data/loaders/tar/test-windows-fs-x.tar b/tests/_data/loaders/acquire/test-windows-fs-x.tar similarity index 100% rename from tests/_data/loaders/tar/test-windows-fs-x.tar rename to tests/_data/loaders/acquire/test-windows-fs-x.tar diff --git a/tests/_data/loaders/tar/test-windows-sysvol-absolute.tar b/tests/_data/loaders/acquire/test-windows-sysvol-absolute.tar similarity index 100% rename from tests/_data/loaders/tar/test-windows-sysvol-absolute.tar rename to tests/_data/loaders/acquire/test-windows-sysvol-absolute.tar diff --git a/tests/_data/loaders/tar/test-windows-sysvol-relative.tar b/tests/_data/loaders/acquire/test-windows-sysvol-relative.tar similarity index 100% rename from tests/_data/loaders/tar/test-windows-sysvol-relative.tar rename to tests/_data/loaders/acquire/test-windows-sysvol-relative.tar diff --git a/tests/_data/loaders/tar/uppercase_driveletter.tar b/tests/_data/loaders/acquire/uppercase_driveletter.tar similarity index 100% rename from tests/_data/loaders/tar/uppercase_driveletter.tar rename to tests/_data/loaders/acquire/uppercase_driveletter.tar diff --git a/tests/loaders/test_acquire.py b/tests/loaders/test_acquire.py new file mode 100644 index 000000000..ac9bb532f --- /dev/null +++ b/tests/loaders/test_acquire.py @@ -0,0 +1,70 @@ +from pathlib import Path + +import pytest + +from dissect.target import Target +from dissect.target.loaders.acquire import AcquireLoader +from dissect.target.loaders.tar import TarLoader +from dissect.target.plugins.os.windows._os import WindowsPlugin +from tests._utils import absolute_path + + + +# def test_tar_sensitive_drive_letter(target_bare: Target) -> None: +# # TODO: determine if we need this test +# tar_file = absolute_path("_data/loaders/acquire/uppercase_driveletter.tar") +# +# loader = AcquireLoader(Path(tar_file)) +# loader.map(target_bare) +# +# # mounts = / and c: +# assert sorted(target_bare.fs.mounts.keys()) == ["/", "c:"] +# assert "C:" not in target_bare.fs.mounts.keys() +# +# # Initialize our own WindowsPlugin to override the detection +# target_bare._os_plugin = WindowsPlugin.create(target_bare, target_bare.fs.mounts["c:"]) +# target_bare._init_os() +# +# # sysvol is now added +# assert sorted(target_bare.fs.mounts.keys()) == ["/", "c:", "sysvol"] +# +# # WindowsPlugin sets the case sensitivity to False +# assert target_bare.fs.get("C:/test.file").open().read() == b"hello_world" +# assert target_bare.fs.get("c:/test.file").open().read() == b"hello_world" + + +@pytest.mark.parametrize( + "archive, expected_drive_letter", + [ + ("_data/loaders/acquire/test-windows-sysvol-absolute.tar", "c:"), # C: due to backwards compatibility + ("_data/loaders/acquire/test-windows-sysvol-relative.tar", "c:"), # C: due to backwards compatibility + ("_data/loaders/acquire/test-windows-fs-c-relative.tar", "c:"), + ("_data/loaders/acquire/test-windows-fs-c-absolute.tar", "c:"), + ("_data/loaders/acquire/test-windows-fs-x.tar", "x:"), + ("_data/loaders/acquire/test-windows-fs-c.zip", "c:"), + ], +) +def test_tar_loader_windows_sysvol_formats(target_default: Target, archive: str, expected_drive_letter: str) -> None: + loader = AcquireLoader(Path(absolute_path(archive))) + loader.map(target_default) + + assert WindowsPlugin.detect(target_default) + # NOTE: for the sysvol archives, this also tests the backwards compatibility + assert sorted(target_default.fs.mounts.keys()) == [expected_drive_letter] + assert target_default.fs.get(f"{expected_drive_letter}/Windows/System32/foo.txt") + + +# TODO check this one +# def test_tar_anonymous_filesystems(target_default: Target) -> None: +# tar_file = absolute_path("_data/loaders/tar/test-anon-filesystems.tar") +# +# loader = AcquireLoader(Path(tar_file)) +# loader.map(target_default) +# +# # mounts = $fs$/fs0, $fs$/fs1 and / +# assert len(target_default.fs.mounts) == 3 +# assert "$fs$/fs0" in target_default.fs.mounts.keys() +# assert "$fs$/fs1" in target_default.fs.mounts.keys() +# assert "/" in target_default.fs.mounts.keys() +# assert target_default.fs.get("$fs$/fs0/foo").open().read() == b"hello world\n" +# assert target_default.fs.get("$fs$/fs1/bar").open().read() == b"hello world\n" diff --git a/tests/loaders/test_tar.py b/tests/loaders/test_tar.py index a591b3c21..a3d6cc0cf 100644 --- a/tests/loaders/test_tar.py +++ b/tests/loaders/test_tar.py @@ -2,12 +2,18 @@ from dissect.target import Target from dissect.target.loaders.tar import TarLoader -from dissect.target.plugins.os.windows._os import WindowsPlugin from tests._utils import absolute_path -def test_tar_loader_compressed_tar_file(target_win: Target) -> None: - archive_path = absolute_path("_data/loaders/tar/test-archive.tar.gz") +@pytest.mark.parametrize( + "archive", + [ + "_data/loaders/tar/test-archive.tar", + "_data/loaders/tar/test-archive.tar.gz", + ], +) +def test_tar_loader_compressed_tar_file(target_win: Target, archive) -> None: + archive_path = absolute_path(archive) loader = TarLoader(archive_path) loader.map(target_win) @@ -20,28 +26,6 @@ def test_tar_loader_compressed_tar_file(target_win: Target) -> None: assert test_file.open().read() == b"test-value\n" -def test_tar_sensitive_drive_letter(target_bare: Target) -> None: - tar_file = absolute_path("_data/loaders/tar/uppercase_driveletter.tar") - - loader = TarLoader(tar_file) - loader.map(target_bare) - - # mounts = / and c: - assert sorted(target_bare.fs.mounts.keys()) == ["/", "c:"] - assert "C:" not in target_bare.fs.mounts.keys() - - # Initialize our own WindowsPlugin to override the detection - target_bare._os_plugin = WindowsPlugin.create(target_bare, target_bare.fs.mounts["c:"]) - target_bare._init_os() - - # sysvol is now added - assert sorted(target_bare.fs.mounts.keys()) == ["/", "c:", "sysvol"] - - # WindowsPlugin sets the case sensitivity to False - assert target_bare.fs.get("C:/test.file").open().read() == b"hello_world" - assert target_bare.fs.get("c:/test.file").open().read() == b"hello_world" - - def test_tar_loader_compressed_tar_file_with_empty_dir(target_unix: Target) -> None: archive_path = absolute_path("_data/loaders/tar/test-archive-empty-folder.tgz") loader = TarLoader(archive_path) @@ -55,37 +39,3 @@ def test_tar_loader_compressed_tar_file_with_empty_dir(target_unix: Target) -> N empty_folder = target_unix.fs.path("test/empty_dir") assert empty_folder.exists() assert empty_folder.is_dir() - - -@pytest.mark.parametrize( - "archive, expected_drive_letter", - [ - ("_data/loaders/tar/test-windows-sysvol-absolute.tar", "c:"), # C: due to backwards compatibility - ("_data/loaders/tar/test-windows-sysvol-relative.tar", "c:"), # C: due to backwards compatibility - ("_data/loaders/tar/test-windows-fs-c-relative.tar", "c:"), - ("_data/loaders/tar/test-windows-fs-c-absolute.tar", "c:"), - ("_data/loaders/tar/test-windows-fs-x.tar", "x:"), - ], -) -def test_tar_loader_windows_sysvol_formats(target_default: Target, archive: str, expected_drive_letter: str) -> None: - loader = TarLoader(absolute_path(archive)) - loader.map(target_default) - - assert WindowsPlugin.detect(target_default) - # NOTE: for the sysvol archives, this also tests the backwards compatibility - assert sorted(target_default.fs.mounts.keys()) == [expected_drive_letter] - - -def test_tar_anonymous_filesystems(target_default: Target) -> None: - tar_file = absolute_path("_data/loaders/tar/test-anon-filesystems.tar") - - loader = TarLoader(tar_file) - loader.map(target_default) - - # mounts = $fs$/fs0, $fs$/fs1 and / - assert len(target_default.fs.mounts) == 3 - assert "$fs$/fs0" in target_default.fs.mounts.keys() - assert "$fs$/fs1" in target_default.fs.mounts.keys() - assert "/" in target_default.fs.mounts.keys() - assert target_default.fs.get("$fs$/fs0/foo").open().read() == b"hello world\n" - assert target_default.fs.get("$fs$/fs1/bar").open().read() == b"hello world\n"