New upstream version 20190320
Sascha Steinbiss
4 years ago
0 | # Pylint 1.7.x - 1.9.x configuration file | |
0 | # Pylint 2.1.x - 2.2.x configuration file | |
1 | 1 | # |
2 | 2 | # This file is generated by l2tdevtools update-dependencies.py, any dependency |
3 | 3 | # related changes should be made in dependencies.ini. |
55 | 55 | # --disable=W" |
56 | 56 | # |
57 | 57 | disable= |
58 | assignment-from-none, | |
59 | bad-inline-option, | |
60 | deprecated-pragma, | |
58 | 61 | duplicate-code, |
62 | eq-without-hash, | |
63 | file-ignored, | |
64 | fixme, | |
65 | locally-disabled, | |
66 | locally-enabled, | |
67 | logging-format-interpolation, | |
68 | metaclass-assignment, | |
69 | missing-param-doc, | |
70 | no-absolute-import, | |
71 | no-self-use, | |
59 | 72 | parameter-unpacking, |
60 | 73 | raw-checker-failed, |
61 | bad-inline-option, | |
62 | locally-disabled, | |
63 | locally-enabled, | |
64 | file-ignored, | |
65 | 74 | suppressed-message, |
66 | useless-suppression, | |
67 | deprecated-pragma, | |
68 | no-absolute-import, | |
69 | missing-param-doc, | |
70 | metaclass-assignment, | |
71 | eq-without-hash, | |
72 | fixme, | |
73 | logging-format-interpolation, | |
74 | no-self-use, | |
75 | 75 | too-few-public-methods, |
76 | 76 | too-many-ancestors, |
77 | 77 | too-many-boolean-expressions, |
83 | 83 | too-many-public-methods, |
84 | 84 | too-many-return-statements, |
85 | 85 | too-many-statements, |
86 | unsubscriptable-object | |
86 | unsubscriptable-object, | |
87 | useless-object-inheritance, | |
88 | useless-suppression | |
87 | 89 | |
88 | 90 | # Enable the message, report, category or checker with the given id(s). You can |
89 | 91 | # either give multiple identifier separated by comma (,) or put this option |
0 | 0 | matrix: |
1 | 1 | include: |
2 | - env: TARGET="pylint" | |
2 | - name: "Pylint on Ubuntu Xenial (16.04) with Python 3.5" | |
3 | env: TARGET="pylint" | |
3 | 4 | os: linux |
4 | dist: trusty | |
5 | dist: xenial | |
5 | 6 | sudo: required |
6 | 7 | group: edge |
7 | 8 | language: python |
8 | python: 2.7 | |
9 | python: 3.5 | |
9 | 10 | virtualenv: |
10 | 11 | system_site_packages: true |
11 | - env: TARGET="linux-python27" | |
12 | - name: "Ubuntu Xenial (16.04) with Python 2.7" | |
13 | env: TARGET="linux-python27" | |
12 | 14 | os: linux |
13 | 15 | dist: xenial |
14 | 16 | sudo: required |
17 | 19 | python: 2.7 |
18 | 20 | virtualenv: |
19 | 21 | system_site_packages: true |
20 | - env: TARGET="linux-python35" | |
22 | - name: "Ubuntu Xenial (16.04) with Python 3.5" | |
23 | env: TARGET="linux-python35" | |
21 | 24 | os: linux |
22 | 25 | dist: xenial |
23 | 26 | sudo: required |
26 | 29 | python: 3.5 |
27 | 30 | virtualenv: |
28 | 31 | system_site_packages: true |
29 | - env: [TARGET="linux-python27-tox", TOXENV="py27"] | |
32 | - name: "Fedora Core 29 (Docker) with Python 2.7" | |
33 | env: FEDORA_VERSION="29" | |
30 | 34 | os: linux |
31 | 35 | dist: xenial |
32 | 36 | sudo: required |
33 | 37 | group: edge |
34 | 38 | language: python |
35 | 39 | python: 2.7 |
36 | virtualenv: | |
37 | system_site_packages: false | |
38 | - env: [TARGET="linux-python34-tox", TOXENV="py34"] | |
40 | services: | |
41 | - docker | |
42 | - name: "Fedora Core 29 (Docker) with Python 3.7" | |
43 | env: FEDORA_VERSION="29" | |
44 | os: linux | |
45 | dist: xenial | |
46 | sudo: required | |
47 | group: edge | |
48 | language: python | |
49 | python: 3.7 | |
50 | services: | |
51 | - docker | |
52 | - name: "Ubuntu Bionic (18.04) (Docker) with Python 2.7" | |
53 | env: UBUNTU_VERSION="18.04" | |
54 | os: linux | |
55 | dist: xenial | |
56 | sudo: required | |
57 | group: edge | |
58 | language: python | |
59 | python: 2.7 | |
60 | services: | |
61 | - docker | |
62 | - name: "Ubuntu Bionic (18.04) (Docker) with Python 3.6" | |
63 | env: UBUNTU_VERSION="18.04" | |
64 | os: linux | |
65 | dist: xenial | |
66 | sudo: required | |
67 | group: edge | |
68 | language: python | |
69 | python: 3.6 | |
70 | services: | |
71 | - docker | |
72 | - name: "Ubuntu Bionic (18.04) (Docker) with Python 2.7 and tox" | |
73 | env: [TOXENV="py27", UBUNTU_VERSION="18.04"] | |
74 | os: linux | |
75 | dist: xenial | |
76 | sudo: required | |
77 | group: edge | |
78 | language: python | |
79 | python: 2.7 | |
80 | services: | |
81 | - docker | |
82 | - name: "Ubuntu Bionic (18.04) (Docker) with Python 3.4 and tox" | |
83 | env: [TOXENV="py34", UBUNTU_VERSION="18.04"] | |
39 | 84 | os: linux |
40 | 85 | dist: xenial |
41 | 86 | sudo: required |
42 | 87 | group: edge |
43 | 88 | language: python |
44 | 89 | python: 3.4 |
45 | virtualenv: | |
46 | system_site_packages: false | |
47 | - env: [TARGET="linux-python35-tox", TOXENV="py35"] | |
90 | services: | |
91 | - docker | |
92 | - name: "Ubuntu Bionic (18.04) (Docker) with Python 3.5 and tox" | |
93 | env: [TOXENV="py35", UBUNTU_VERSION="18.04"] | |
48 | 94 | os: linux |
49 | 95 | dist: xenial |
50 | 96 | sudo: required |
51 | 97 | group: edge |
52 | 98 | language: python |
53 | 99 | python: 3.5 |
54 | virtualenv: | |
55 | system_site_packages: false | |
56 | - env: [TARGET="linux-python36-tox", TOXENV="py36"] | |
100 | services: | |
101 | - docker | |
102 | - name: "Ubuntu Bionic (18.04) (Docker) with Python 3.6 and tox" | |
103 | env: [TOXENV="py36", UBUNTU_VERSION="18.04"] | |
57 | 104 | os: linux |
58 | 105 | dist: xenial |
59 | 106 | sudo: required |
60 | 107 | group: edge |
61 | 108 | language: python |
62 | 109 | python: 3.6 |
63 | virtualenv: | |
64 | system_site_packages: false | |
65 | - env: [TARGET="linux-python37-tox", TOXENV="py37"] | |
110 | services: | |
111 | - docker | |
112 | - name: "Ubuntu Bionic (18.04) (Docker) with Python 3.7 and tox" | |
113 | env: [TOXENV="py37", UBUNTU_VERSION="18.04"] | |
66 | 114 | os: linux |
67 | 115 | dist: xenial |
68 | 116 | sudo: required |
69 | 117 | group: edge |
70 | 118 | language: python |
71 | 119 | python: 3.7 |
72 | virtualenv: | |
73 | system_site_packages: false | |
74 | - env: [TARGET="macos-python27", PYTHONPATH="/Library/Python/2.7/site-packages/"] | |
120 | services: | |
121 | - docker | |
122 | - name: "MacOS with Python 2.7.10" | |
123 | env: [TARGET="macos-python27", PYTHONPATH="/Library/Python/2.7/site-packages/"] | |
75 | 124 | os: osx |
76 | 125 | osx_image: xcode9.2 |
77 | 126 | language: generic |
78 | - env: TARGET="trusty-python27" | |
79 | os: linux | |
80 | dist: trusty | |
81 | sudo: required | |
82 | group: edge | |
83 | language: python | |
84 | python: 2.7 | |
85 | virtualenv: | |
86 | system_site_packages: true | |
87 | - env: TARGET="trusty-python34" | |
88 | os: linux | |
89 | dist: trusty | |
90 | sudo: required | |
91 | group: edge | |
92 | language: python | |
93 | python: 3.4 | |
94 | virtualenv: | |
95 | system_site_packages: true | |
96 | 127 | install: |
97 | 128 | - ./config/travis/install.sh |
98 | 129 | script: |
21 | 21 | - cmd: if [%TARGET%]==[windows_python27] ( |
22 | 22 | mkdir dependencies && |
23 | 23 | set PYTHONPATH=..\l2tdevtools && |
24 | "%PYTHON%\\python.exe" ..\l2tdevtools\tools\update.py --download-directory dependencies --machine-type %MACHINE_TYPE% --msi-targetdir "%PYTHON%" --track dev PyYAML funcsigs mock pbr six yapf ) | |
24 | "%PYTHON%\\python.exe" ..\l2tdevtools\tools\update.py --download-directory dependencies --machine-type %MACHINE_TYPE% --msi-targetdir "%PYTHON%" --track dev PyYAML funcsigs mock pbr six ) | |
25 | 25 | - cmd: if [%TARGET%]==[windows_python36] ( |
26 | 26 | mkdir dependencies && |
27 | 27 | set PYTHONPATH=..\l2tdevtools && |
0 | 0 | # -*- coding: utf-8 -*- |
1 | 1 | """ForensicArtifacts.com Artifact Repository.""" |
2 | 2 | |
3 | __version__ = '20190113' | |
3 | __version__ = '20190320' |
87 | 87 | source_definition['supported_os'] = source.supported_os |
88 | 88 | if source.conditions: |
89 | 89 | source_definition['conditions'] = source.conditions |
90 | if source.returned_types: | |
91 | source_definition['returned_types'] = source.returned_types | |
92 | 90 | sources.append(source_definition) |
93 | 91 | |
94 | 92 | artifact_definition = { |
33 | 33 | 'Mail': 'Mail client applications artifacts.', |
34 | 34 | 'Memory': 'Artifacts retrieved from memory.', |
35 | 35 | 'Network': 'Describe networking state.', |
36 | 'Plist': 'Artifact that is a plist.', | |
36 | 37 | 'Processes': 'Describe running processes.', |
37 | 38 | 'Rekall': 'Artifacts using the Rekall memory forensics framework.', |
38 | 39 | 'Software': 'Installed software.', |
40 | 'SQLiteDB': 'Artifact that is a SQLite database.', | |
39 | 41 | 'System': 'Core system artifacts.', |
40 | 42 | 'Users': 'Information about users.' |
41 | 43 | } |
44 | 46 | SUPPORTED_OS_LINUX = 'Linux' |
45 | 47 | SUPPORTED_OS_WINDOWS = 'Windows' |
46 | 48 | |
47 | # yapf: disable | |
48 | 49 | SUPPORTED_OS = frozenset([ |
49 | 50 | SUPPORTED_OS_DARWIN, |
50 | 51 | SUPPORTED_OS_LINUX, |
59 | 60 | 'sources', |
60 | 61 | 'supported_os', |
61 | 62 | 'urls']) |
62 | # yapf: enable |
4 | 4 | |
5 | 5 | import abc |
6 | 6 | import glob |
7 | import io | |
7 | 8 | import os |
8 | 9 | import json |
9 | 10 | import yaml |
187 | 188 | |
188 | 189 | # TODO: deprecate these left overs from the collector definition. |
189 | 190 | if source_type: |
191 | if source.get('returned_types', None): | |
192 | raise errors.FormatError(( | |
193 | 'Invalid artifact definition: {0:s} returned_types no longer ' | |
194 | 'supported.').format(name)) | |
195 | ||
190 | 196 | source_type.conditions = source.get('conditions', []) |
191 | source_type.returned_types = source.get('returned_types', []) | |
192 | 197 | self._ReadSupportedOS(source, source_type, name) |
193 | 198 | if set(source_type.supported_os) - set( |
194 | 199 | artifact_definition.supported_os): |
195 | raise errors.FormatError( | |
196 | ('Invalid artifact definition: {0:s} missing ' | |
197 | 'supported_os.').format(name)) | |
200 | raise errors.FormatError(( | |
201 | 'Invalid artifact definition: {0:s} missing ' | |
202 | 'supported_os.').format(name)) | |
198 | 203 | |
199 | 204 | def ReadArtifactDefinitionValues(self, artifact_definition_values): |
200 | 205 | """Reads an artifact definition from a dictionary. |
236 | 241 | if artifact_definition_values.get('collectors', []): |
237 | 242 | raise errors.FormatError( |
238 | 243 | 'Invalid artifact definition: {0:s} still uses collectors.'.format( |
244 | name)) | |
245 | ||
246 | urls = artifact_definition_values.get('urls', []) | |
247 | if not isinstance(urls, list): | |
248 | raise errors.FormatError( | |
249 | 'Invalid artifact definition: {0:s} urls is not a list.'.format( | |
239 | 250 | name)) |
240 | 251 | |
241 | 252 | # TODO: check conditions. |
245 | 256 | 'provides', []) |
246 | 257 | self._ReadLabels(artifact_definition_values, artifact_definition, name) |
247 | 258 | self._ReadSupportedOS(artifact_definition_values, artifact_definition, name) |
248 | artifact_definition.urls = artifact_definition_values.get('urls', []) | |
259 | artifact_definition.urls = urls | |
249 | 260 | self._ReadSources(artifact_definition_values, artifact_definition, name) |
250 | 261 | |
251 | 262 | return artifact_definition |
280 | 291 | Yields: |
281 | 292 | ArtifactDefinition: an artifact definition. |
282 | 293 | """ |
283 | with open(filename, 'r') as file_object: | |
294 | with io.open(filename, 'r', encoding='utf-8') as file_object: | |
284 | 295 | for artifact_definition in self.ReadFileObject(file_object): |
285 | 296 | yield artifact_definition |
286 | 297 |
3 | 3 | name_description: ForensicArtifacts.com Artifact Repository |
4 | 4 | maintainer: Forensic artifacts <forensicartifacts@googlegroups.com> |
5 | 5 | homepage_url: https://github.com/ForensicArtifacts/artifacts |
6 | git_url: https://github.com/ForensicArtifacts/artifacts.git | |
6 | 7 | description_short: ForensicArtifacts.com Artifact Repository. |
7 | 8 | description_long: A free, community-sourced, machine-readable knowledge base of forensic |
8 | 9 | artifacts that the world can use both as an information source and within other tools. |
0 | artifacts (20190113-1) unstable; urgency=low | |
0 | artifacts (20190320-1) unstable; urgency=low | |
1 | 1 | |
2 | 2 | * Auto-generated |
3 | 3 | |
4 | -- Forensic artifacts <forensicartifacts@googlegroups.com> Sun, 13 Jan 2019 09:44:56 +0100⏎ | |
4 | -- Forensic artifacts <forensicartifacts@googlegroups.com> Wed, 20 Mar 2019 05:20:33 +0100⏎ |
16 | 16 | |
17 | 17 | Package: python-artifacts |
18 | 18 | Architecture: all |
19 | Depends: artifacts-data, python-yaml (>= 3.10), ${python:Depends}, ${misc:Depends} | |
19 | Depends: artifacts-data (>= ${binary:Version}), python-yaml (>= 3.10), ${python:Depends}, ${misc:Depends} | |
20 | 20 | Description: Python 2 module of ForensicArtifacts.com Artifact Repository |
21 | 21 | A free, community-sourced, machine-readable knowledge base of forensic |
22 | 22 | artifacts that the world can use both as an information source and within other tools. |
23 | 23 | |
24 | 24 | Package: python3-artifacts |
25 | 25 | Architecture: all |
26 | Depends: artifacts-data, python3-yaml (>= 3.10), ${python3:Depends}, ${misc:Depends} | |
26 | Depends: artifacts-data (>= ${binary:Version}), python3-yaml (>= 3.10), ${python3:Depends}, ${misc:Depends} | |
27 | 27 | Description: Python 3 module of ForensicArtifacts.com Artifact Repository |
28 | 28 | A free, community-sourced, machine-readable knowledge base of forensic |
29 | 29 | artifacts that the world can use both as an information source and within other tools. |
30 | 30 | |
31 | 31 | Package: artifacts-tools |
32 | 32 | Architecture: all |
33 | Depends: python-artifacts, python (>= 2.7~), ${python:Depends}, ${misc:Depends} | |
33 | Depends: python-artifacts (>= ${binary:Version}), ${python:Depends}, ${misc:Depends} | |
34 | 34 | Description: Tools of ForensicArtifacts.com Artifact Repository |
35 | 35 | A free, community-sourced, machine-readable knowledge base of forensic |
36 | 36 | artifacts that the world can use both as an information source and within other tools. |
6 | 6 | |
7 | 7 | L2TBINARIES_DEPENDENCIES="PyYAML"; |
8 | 8 | |
9 | L2TBINARIES_TEST_DEPENDENCIES="funcsigs mock pbr six yapf"; | |
9 | L2TBINARIES_TEST_DEPENDENCIES="funcsigs mock pbr six"; | |
10 | 10 | |
11 | PYTHON2_DEPENDENCIES="python-yaml"; | |
11 | DPKG_PYTHON2_DEPENDENCIES="python-yaml"; | |
12 | 12 | |
13 | PYTHON2_TEST_DEPENDENCIES="python-coverage python-funcsigs python-mock python-pbr python-six python-tox python-yapf yapf"; | |
13 | DPKG_PYTHON2_TEST_DEPENDENCIES="python-coverage python-funcsigs python-mock python-pbr python-six"; | |
14 | 14 | |
15 | PYTHON3_DEPENDENCIES="python3-yaml"; | |
15 | DPKG_PYTHON3_DEPENDENCIES="python3-yaml"; | |
16 | 16 | |
17 | PYTHON3_TEST_DEPENDENCIES="python-yapf python3-mock python3-pbr python3-setuptools python3-six python3-tox yapf"; | |
17 | DPKG_PYTHON3_TEST_DEPENDENCIES="python3-mock python3-pbr python3-setuptools python3-six"; | |
18 | ||
19 | RPM_PYTHON2_DEPENDENCIES="python2-pyyaml"; | |
20 | ||
21 | RPM_PYTHON2_TEST_DEPENDENCIES="python2-funcsigs python2-mock python2-pbr python2-six"; | |
22 | ||
23 | RPM_PYTHON3_DEPENDENCIES="python3-pyyaml"; | |
24 | ||
25 | RPM_PYTHON3_TEST_DEPENDENCIES="python3-mock python3-pbr python3-six"; | |
18 | 26 | |
19 | 27 | # Exit on error. |
20 | 28 | set -e; |
41 | 49 | sudo /usr/bin/hdiutil detach /Volumes/${PACKAGE}-*.pkg |
42 | 50 | done |
43 | 51 | |
52 | elif test -n "${FEDORA_VERSION}"; | |
53 | then | |
54 | CONTAINER_NAME="fedora${FEDORA_VERSION}"; | |
55 | ||
56 | docker pull registry.fedoraproject.org/fedora:${FEDORA_VERSION}; | |
57 | ||
58 | docker run --name=${CONTAINER_NAME} --detach -i registry.fedoraproject.org/fedora:${FEDORA_VERSION}; | |
59 | ||
60 | docker exec ${CONTAINER_NAME} dnf install -y dnf-plugins-core; | |
61 | ||
62 | docker exec ${CONTAINER_NAME} dnf copr -y enable @gift/dev; | |
63 | ||
64 | if test -n "${TOXENV}"; | |
65 | then | |
66 | docker exec ${CONTAINER_NAME} dnf install -y python3-tox; | |
67 | ||
68 | elif test ${TRAVIS_PYTHON_VERSION} = "2.7"; | |
69 | then | |
70 | docker exec ${CONTAINER_NAME} dnf install -y git python2 ${RPM_PYTHON2_DEPENDENCIES} ${RPM_PYTHON2_TEST_DEPENDENCIES}; | |
71 | else | |
72 | docker exec ${CONTAINER_NAME} dnf install -y git python3 ${RPM_PYTHON3_DEPENDENCIES} ${RPM_PYTHON3_TEST_DEPENDENCIES}; | |
73 | fi | |
74 | ||
75 | docker cp ../artifacts ${CONTAINER_NAME}:/ | |
76 | ||
77 | elif test -n "${UBUNTU_VERSION}"; | |
78 | then | |
79 | CONTAINER_NAME="ubuntu${UBUNTU_VERSION}"; | |
80 | ||
81 | docker pull ubuntu:${UBUNTU_VERSION}; | |
82 | ||
83 | docker run --name=${CONTAINER_NAME} --detach -i ubuntu:${UBUNTU_VERSION}; | |
84 | ||
85 | docker exec ${CONTAINER_NAME} apt-get update -q; | |
86 | docker exec ${CONTAINER_NAME} sh -c "DEBIAN_FRONTEND=noninteractive apt-get install -y locales software-properties-common"; | |
87 | ||
88 | docker exec ${CONTAINER_NAME} add-apt-repository ppa:gift/dev -y; | |
89 | ||
90 | docker exec ${CONTAINER_NAME} locale-gen en_US.UTF-8; | |
91 | ||
92 | if test -n "${TOXENV}"; | |
93 | then | |
94 | docker exec ${CONTAINER_NAME} add-apt-repository universe; | |
95 | docker exec ${CONTAINER_NAME} add-apt-repository ppa:deadsnakes/ppa -y; | |
96 | ||
97 | DPKG_PYTHON="python${TRAVIS_PYTHON_VERSION} python${TRAVIS_PYTHON_VERSION}-dev"; | |
98 | ||
99 | docker exec ${CONTAINER_NAME} sh -c "DEBIAN_FRONTEND=noninteractive apt-get install -y build-essential ${DPKG_PYTHON} tox"; | |
100 | ||
101 | elif test ${TRAVIS_PYTHON_VERSION} = "2.7"; | |
102 | then | |
103 | docker exec ${CONTAINER_NAME} sh -c "DEBIAN_FRONTEND=noninteractive apt-get install -y git python ${DPKG_PYTHON2_DEPENDENCIES} ${DPKG_PYTHON2_TEST_DEPENDENCIES}"; | |
104 | else | |
105 | docker exec ${CONTAINER_NAME} sh -c "DEBIAN_FRONTEND=noninteractive apt-get install -y git python3 ${DPKG_PYTHON3_DEPENDENCIES} ${DPKG_PYTHON3_TEST_DEPENDENCIES}"; | |
106 | fi | |
107 | ||
108 | docker cp ../artifacts ${CONTAINER_NAME}:/ | |
109 | ||
44 | 110 | elif test ${TRAVIS_OS_NAME} = "linux" && test ${TARGET} != "jenkins"; |
45 | 111 | then |
46 | 112 | sudo rm -f /etc/apt/sources.list.d/travis_ci_zeromq3-source.list; |
47 | 113 | |
48 | 114 | if test ${TARGET} = "pylint"; |
49 | 115 | then |
50 | if test ${TRAVIS_PYTHON_VERSION} = "2.7"; | |
51 | then | |
52 | sudo add-apt-repository ppa:gift/pylint2 -y; | |
53 | fi | |
116 | sudo add-apt-repository ppa:gift/pylint3 -y; | |
54 | 117 | fi |
55 | 118 | |
56 | 119 | sudo add-apt-repository ppa:gift/dev -y; |
58 | 121 | |
59 | 122 | if test ${TRAVIS_PYTHON_VERSION} = "2.7"; |
60 | 123 | then |
61 | sudo apt-get install -y ${PYTHON2_DEPENDENCIES} ${PYTHON2_TEST_DEPENDENCIES}; | |
124 | sudo apt-get install -y ${DPKG_PYTHON2_DEPENDENCIES} ${DPKG_PYTHON2_TEST_DEPENDENCIES}; | |
62 | 125 | else |
63 | sudo apt-get install -y ${PYTHON3_DEPENDENCIES} ${PYTHON3_TEST_DEPENDENCIES}; | |
126 | sudo apt-get install -y ${DPKG_PYTHON3_DEPENDENCIES} ${DPKG_PYTHON3_TEST_DEPENDENCIES}; | |
64 | 127 | fi |
65 | 128 | if test ${TARGET} = "pylint"; |
66 | 129 | then |
35 | 35 | if test -f tests/end-to-end.py; |
36 | 36 | then |
37 | 37 | PYTHONPATH=. python ./tests/end-to-end.py --debug -c config/end-to-end.ini; |
38 | fi | |
39 | ||
40 | elif test -n "${FEDORA_VERSION}"; | |
41 | then | |
42 | CONTAINER_NAME="fedora${FEDORA_VERSION}"; | |
43 | ||
44 | if test -n "${TOXENV}"; | |
45 | then | |
46 | docker exec ${CONTAINER_NAME} sh -c "export LANG=en_US.UTF-8; cd artifacts && tox -e ${TOXENV}"; | |
47 | ||
48 | elif test ${TRAVIS_PYTHON_VERSION} = "2.7"; | |
49 | then | |
50 | docker exec ${CONTAINER_NAME} sh -c "export LANG=en_US.UTF-8; cd artifacts && python2 run_tests.py"; | |
51 | else | |
52 | docker exec ${CONTAINER_NAME} sh -c "export LANG=en_US.UTF-8; cd artifacts && python3 run_tests.py"; | |
53 | fi | |
54 | ||
55 | elif test -n "${UBUNTU_VERSION}"; | |
56 | then | |
57 | CONTAINER_NAME="ubuntu${UBUNTU_VERSION}"; | |
58 | ||
59 | if test -n "${TOXENV}"; | |
60 | then | |
61 | docker exec ${CONTAINER_NAME} sh -c "export LANG=en_US.UTF-8; cd artifacts && tox -e ${TOXENV}"; | |
62 | ||
63 | elif test ${TRAVIS_PYTHON_VERSION} = "2.7"; | |
64 | then | |
65 | docker exec ${CONTAINER_NAME} sh -c "export LANG=en_US.UTF-8; cd artifacts && python2 run_tests.py"; | |
66 | else | |
67 | docker exec ${CONTAINER_NAME} sh -c "export LANG=en_US.UTF-8; cd artifacts && python3 run_tests.py"; | |
38 | 68 | fi |
39 | 69 | |
40 | 70 | elif test "${TRAVIS_OS_NAME}" = "linux"; |
3 | 3 | doc: NFS Exports configuration |
4 | 4 | sources: |
5 | 5 | - type: FILE |
6 | attributes: | |
7 | paths: | |
8 | - '/etc/exports' | |
9 | - '/private/etc/exports' | |
10 | supported_os: [Darwin] | |
11 | - type: FILE | |
6 | 12 | attributes: {paths: ['/etc/exports']} |
13 | supported_os: [Linux] | |
7 | 14 | labels: [Configuration Files] |
8 | 15 | supported_os: [Linux, Darwin] |
9 | 16 | --- |
11 | 18 | doc: Sshd configuration |
12 | 19 | sources: |
13 | 20 | - type: FILE |
21 | attributes: | |
22 | paths: | |
23 | - '/etc/ssh/sshd_config' | |
24 | - '/private/etc/ssh/sshd_config' | |
25 | supported_os: [Darwin] | |
26 | - type: FILE | |
14 | 27 | attributes: {paths: ['/etc/ssh/sshd_config']} |
28 | supported_os: [Linux] | |
15 | 29 | labels: [Configuration Files] |
16 | 30 | supported_os: [Linux, Darwin] |
17 | 31 | --- |
10 | 10 | - type: FILE |
11 | 11 | attributes: |
12 | 12 | paths: |
13 | - '%%users.homedir%%/.local/lib/python*/{dist,site}-packages/*.dist-info/*' | |
14 | - '/usr/{lib,lib64}/python*/{dist,site}-packages/*.dist-info/*' | |
15 | - '/usr/local/{lib,lib64}/python*/{dist,site}-packages/*.dist-info/*' | |
13 | - '%%users.homedir%%/.local/lib/python*/dist-packages/*.dist-info/*' | |
14 | - '%%users.homedir%%/.local/lib/python*/site-packages/*.dist-info/*' | |
15 | - '/usr/lib/python*/dist-packages/*.dist-info/*' | |
16 | - '/usr/lib/python*/site-packages/*.dist-info/*' | |
17 | - '/usr/lib64/python*/dist-packages/*.dist-info/*' | |
18 | - '/usr/lib64/python*/site-packages/*.dist-info/*' | |
19 | - '/usr/local/lib/python*/dist-packages/*.dist-info/*' | |
20 | - '/usr/local/lib/python*/site-packages/*.dist-info/*' | |
21 | - '/usr/local/lib64/python*/dist-packages/*.dist-info/*' | |
22 | - '/usr/local/lib64/python*/site-packages/*.dist-info/*' | |
16 | 23 | supported_os: [Linux] |
17 | 24 | supported_os: [Linux] |
18 | 25 | labels: [Software] |
34 | 41 | attributes: |
35 | 42 | paths: |
36 | 43 | # Files containing the install metadata in either a flat file or zipfile. |
37 | - '%%users.homedir%%/.local/lib/python*/site-packages/*.{egg,egg-info}' | |
38 | - '%%users.homedir%%/.cache/pip/*.{egg,egg-info}' | |
39 | - '/usr/{lib,lib64}/python*/{dist,site}-packages/*.{egg,egg-info}' | |
40 | - '/usr/local/{lib,lib64}/python*/{dist,site}-packages/*.{egg,egg-info}' | |
41 | - '/usr/share/pyshared/*.{egg,egg-info}' | |
44 | - '%%users.homedir%%/.local/lib/python*/site-packages/*.egg' | |
45 | - '%%users.homedir%%/.local/lib/python*/site-packages/*.egg-info' | |
46 | - '%%users.homedir%%/.cache/pip/*.egg' | |
47 | - '%%users.homedir%%/.cache/pip/*.egg-info' | |
48 | - '/usr/lib/python*/dist-packages/*.egg' | |
49 | - '/usr/lib/python*/dist-packages/*.egg-info' | |
50 | - '/usr/lib/python*/site-packages/*.egg' | |
51 | - '/usr/lib/python*/site-packages/*.egg-info' | |
52 | - '/usr/lib64/python*/dist-packages/*.egg' | |
53 | - '/usr/lib64/python*/dist-packages/*.egg-info' | |
54 | - '/usr/lib64/python*/site-packages/*.egg' | |
55 | - '/usr/lib64/python*/site-packages/*.egg-info' | |
56 | - '/usr/local/lib/python*/dist-packages/*.egg' | |
57 | - '/usr/local/lib/python*/dist-packages/*.egg-info' | |
58 | - '/usr/local/lib/python*/site-packages/*.egg' | |
59 | - '/usr/local/lib/python*/site-packages/*.egg-info' | |
60 | - '/usr/local/lib64/python*/dist-packages/*.egg' | |
61 | - '/usr/local/lib64/python*/dist-packages/*.egg-info' | |
62 | - '/usr/local/lib64/python*/site-packages/*.egg' | |
63 | - '/usr/local/lib64/python*/site-packages/*.egg-info' | |
64 | - '/usr/share/pyshared/*.egg' | |
65 | - '/usr/share/pyshared/*.egg-info' | |
42 | 66 | # Directories containing the install metadata as separate files. |
43 | - '%%users.homedir%%/.local/lib/python*/site-packages/*.{egg,egg-info}/*' | |
44 | - '%%users.homedir%%/.cache/pip/*.{egg,egg-info}/*' | |
45 | - '/usr/{lib,lib64}/python*/{dist,site}-packages/*.{egg,egg-info}/*' | |
46 | - '/usr/local/{lib,lib64}/python*/{dist,site}-packages/*.{egg,egg-info}/*' | |
47 | - '/usr/share/pyshared/*.{egg,egg-info}/*' | |
67 | - '%%users.homedir%%/.local/lib/python*/site-packages/*.egg/*' | |
68 | - '%%users.homedir%%/.local/lib/python*/site-packages/*.egg-info/*' | |
69 | - '%%users.homedir%%/.cache/pip/*.egg/*' | |
70 | - '%%users.homedir%%/.cache/pip/*.egg-info/*' | |
71 | - '/usr/lib/python*/dist-packages/*.egg/*' | |
72 | - '/usr/lib/python*/dist-packages/*.egg-info/*' | |
73 | - '/usr/lib/python*/site-packages/*.egg/*' | |
74 | - '/usr/lib/python*/site-packages/*.egg-info/*' | |
75 | - '/usr/lib64/python*/dist-packages/*.egg/*' | |
76 | - '/usr/lib64/python*/dist-packages/*.egg-info/*' | |
77 | - '/usr/lib64/python*/site-packages/*.egg/*' | |
78 | - '/usr/lib64/python*/site-packages/*.egg-info/*' | |
79 | - '/usr/local/lib/python*/dist-packages/*.egg/*' | |
80 | - '/usr/local/lib/python*/dist-packages/*.egg-info/*' | |
81 | - '/usr/local/lib/python*/site-packages/*.egg/*' | |
82 | - '/usr/local/lib/python*/site-packages/*.egg-info/*' | |
83 | - '/usr/local/lib64/python*/dist-packages/*.egg/*' | |
84 | - '/usr/local/lib64/python*/dist-packages/*.egg-info/*' | |
85 | - '/usr/local/lib64/python*/site-packages/*.egg/*' | |
86 | - '/usr/local/lib64/python*/site-packages/*.egg-info/*' | |
87 | - '/usr/share/pyshared/*.egg/*' | |
88 | - '/usr/share/pyshared/*.egg-info/*' | |
48 | 89 | supported_os: [Linux] |
49 | 90 | supported_os: [Linux] |
50 | 91 | labels: [Software] |
0 | # Instant Messaging applications specific artifacts. | |
1 | ||
2 | name: SkypeChatSync | |
3 | doc: Chat Sync Directory | |
4 | sources: | |
5 | - type: FILE | |
6 | attributes: | |
7 | paths: ['%%users.homedir%%/Library/Application Support/Skype/*/chatsync/*'] | |
8 | supported_os: [Darwin] | |
9 | supported_os: [Darwin] | |
10 | urls: | |
11 | - 'http://forensicswiki.org/wiki/Mac_OS_X' | |
12 | - 'http://forensicswiki.org/wiki/Mac_OS_X_10.9_-_Artifacts_Location#Skype' | |
13 | --- | |
14 | name: SkypeDb | |
15 | doc: Main Skype database | |
16 | sources: | |
17 | - type: FILE | |
18 | attributes: | |
19 | paths: ['%%users.homedir%%/Library/Application Support/Skype/*/Main.db'] | |
20 | supported_os: [Darwin] | |
21 | supported_os: [Darwin] | |
22 | urls: | |
23 | - 'http://forensicswiki.org/wiki/Mac_OS_X' | |
24 | - 'http://forensicswiki.org/wiki/Mac_OS_X_10.9_-_Artifacts_Location#Skype' | |
25 | --- | |
26 | name: SkypeMainDirectory | |
27 | doc: Skype Directory | |
28 | sources: | |
29 | - type: DIRECTORY | |
30 | attributes: | |
31 | paths: ['%%users.homedir%%/Library/Application Support/Skype/*'] | |
32 | supported_os: [Darwin] | |
33 | supported_os: [Darwin] | |
34 | --- | |
35 | name: SkypePreferences | |
36 | doc: Skype Preferences and Recent Searches | |
37 | sources: | |
38 | - type: FILE | |
39 | attributes: | |
40 | paths: ['%%users.homedir%%/Library/Preferences/com.skype.skype.plist'] | |
41 | supported_os: [Darwin] | |
42 | supported_os: [Darwin] | |
43 | urls: | |
44 | - 'http://forensicswiki.org/wiki/Mac_OS_X' | |
45 | - 'http://forensicswiki.org/wiki/Mac_OS_X_10.9_-_Artifacts_Location#Skype' | |
46 | --- | |
47 | name: SkypeUserProfile | |
48 | doc: Skype User profile | |
49 | sources: | |
50 | - type: FILE | |
51 | attributes: | |
52 | paths: ['%%users.homedir%%/Library/Application Support/Skype/*/*'] | |
53 | supported_os: [Darwin] | |
54 | supported_os: [Darwin] | |
55 | urls: | |
56 | - 'http://forensicswiki.org/wiki/Mac_OS_X' | |
57 | - 'http://forensicswiki.org/wiki/Mac_OS_X_10.9_-_Artifacts_Location#Skype'⏎ |
11 | 11 | - type: FILE |
12 | 12 | attributes: |
13 | 13 | paths: |
14 | - '%%users.localappdata_low%%\Sun\Java\Deployment\cache\**' | |
15 | - '%%users.homedir%%\AppData\LocalLow\Sun\Java\Deployment\cache\**' | |
16 | - '%%users.homedir%%\Application Data\Sun\Java\Deployment\cache\**' | |
14 | - '%%users.appdata%%\Sun\Java\Deployment\cache\**' | |
15 | - '%%users.userprofile%%\AppData\LocalLow\Sun\Java\Deployment\cache\**' | |
17 | 16 | separator: '\' |
18 | 17 | supported_os: [Windows] |
19 | 18 | supported_os: [Windows, Linux, Darwin] |
81 | 81 | - '%%users.appdata%%\microsoft\c_27803.nls' |
82 | 82 | - '%%users.appdata%%\microsoft\objframe.dll' |
83 | 83 | - '%%users.appdata%%\microsoft\shmgr.dll' |
84 | separator: '\' | |
84 | 85 | supported_os: [Windows] |
85 | 86 | urls: ['http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf'] |
86 | 87 | --- |
165 | 165 | provides: [domain] |
166 | 166 | supported_os: [Windows] |
167 | 167 | --- |
168 | name: WindowsEnvironmentVariableAllUsersAppData | |
169 | doc: The %ProgramData% environment variable. | |
170 | sources: | |
171 | - type: REGISTRY_VALUE | |
172 | attributes: | |
173 | key_value_pairs: | |
174 | - {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList', value: 'ProgramData'} | |
175 | provides: [environ_allusersappdata] | |
176 | supported_os: [Windows] | |
177 | urls: ['http://environmentvariables.org/ProgramData'] | |
178 | --- | |
168 | 179 | name: WinPathEnvironmentVariable |
169 | 180 | doc: The %PATH% environment variable. |
170 | 181 | sources: |
358 | 358 | labels: [Configuration Files, System] |
359 | 359 | supported_os: [Linux] |
360 | 360 | --- |
361 | name: LinuxReleaseInfo | |
362 | doc: Release information for Linux platforms. | |
363 | sources: | |
364 | - type: ARTIFACT_GROUP | |
365 | attributes: | |
366 | names: | |
367 | - LinuxDistributionRelease | |
368 | - LinuxLSBRelease | |
369 | - LinuxSystemdOSRelease | |
370 | provides: [os_release, os_major_version, os_minor_version] | |
371 | labels: [Software] | |
372 | supported_os: [Linux] | |
373 | --- | |
361 | 374 | name: LinuxRsyslogConfigs |
362 | 375 | doc: Linux rsyslog configurations. |
363 | 376 | sources: |
3 | 3 | doc: Apple system log (ASL) files |
4 | 4 | sources: |
5 | 5 | - type: FILE |
6 | attributes: {paths: ['/var/log/asl/*']} | |
6 | attributes: | |
7 | paths: | |
8 | - '/private/var/log/asl/*' | |
9 | - '/var/log/asl/*' | |
7 | 10 | labels: [System, Logs] |
8 | 11 | supported_os: [Darwin] |
9 | 12 | urls: |
59 | 62 | doc: Audit log files |
60 | 63 | sources: |
61 | 64 | - type: FILE |
62 | attributes: {paths: ['/var/audit/*']} | |
65 | attributes: | |
66 | paths: | |
67 | - '/private/var/audit/*' | |
68 | - '/var/audit/*' | |
63 | 69 | labels: [System, Logs] |
64 | 70 | supported_os: [Darwin] |
65 | 71 | urls: |
105 | 111 | paths: |
106 | 112 | - '/Library/Logs/DiagnosticReports/*.core_analytics' |
107 | 113 | - '/private/var/db/analyticsd/aggregates/*' |
114 | - '/var/db/analyticsd/aggregates/*' | |
108 | 115 | labels: [Logs, System] |
109 | 116 | supported_os: [Darwin] |
110 | 117 | urls: |
119 | 126 | attributes: |
120 | 127 | paths: |
121 | 128 | - '/etc/crontab' |
129 | - '/private/etc/crontab' | |
122 | 130 | - '/usr/lib/cron/tabs/*' |
123 | 131 | labels: [System] |
124 | 132 | supported_os: [Darwin] |
152 | 160 | doc: Hosts file |
153 | 161 | sources: |
154 | 162 | - type: FILE |
155 | attributes: {paths: ['/etc/hosts']} | |
163 | attributes: | |
164 | paths: | |
165 | - '/etc/hosts' | |
166 | - '/private/etc/hosts' | |
156 | 167 | labels: [System, Network] |
157 | 168 | supported_os: [Darwin] |
158 | 169 | urls: |
204 | 215 | doc: Installation log file |
205 | 216 | sources: |
206 | 217 | - type: FILE |
207 | attributes: {paths: ['/var/log/install.log']} | |
218 | attributes: | |
219 | paths: | |
220 | - '/private/var/log/install.log' | |
221 | - '/var/log/install.log' | |
208 | 222 | labels: [System, Logs] |
209 | 223 | supported_os: [Darwin] |
210 | 224 | urls: |
307 | 321 | paths: |
308 | 322 | - '%%users.homedir%%/Library/Application Support/Knowledge/knowledgeC.db' |
309 | 323 | - '/private/var/db/CoreDuet/Knowledge/knowledgeC.db' |
324 | - '/var/db/CoreDuet/Knowledge/knowledgeC.db' | |
310 | 325 | labels: [Users, Logs] |
311 | 326 | supported_os: [Darwin] |
312 | 327 | urls: ['https://www.mac4n6.com/blog/2018/8/5/knowledge-is-power-using-the-knowledgecdb-database-on-macos-and-ios-to-determine-precise-user-and-application-usage'] |
345 | 360 | doc: Mac OS X lastlog file. |
346 | 361 | sources: |
347 | 362 | - type: FILE |
348 | attributes: {paths: ['/var/log/lastlog']} | |
363 | attributes: | |
364 | paths: | |
365 | - '/private/var/log/lastlog' | |
366 | - '/var/log/lastlog' | |
349 | 367 | labels: [Logs, Authentication] |
350 | 368 | supported_os: [Darwin] |
351 | 369 | --- |
543 | 561 | - type: FILE |
544 | 562 | attributes: |
545 | 563 | paths: |
564 | - '%%users.homedir%%/Library/Application Support/NotificationCenter/*.db' | |
565 | - '/private/var/folders/[a-z][0-9]/*/0/com.apple.notificationcenter/db/db' | |
546 | 566 | - '/private/var/folders/[a-z][0-9]/*/0/com.apple.notificationcenter/db2/db' |
547 | - '/private/var/folders/[a-z][0-9]/*/0/com.apple.notificationcenter/db/db' | |
548 | - '%%users.homedir%%/Library/Application Support/NotificationCenter/*.db' | |
567 | - '/var/folders/[a-z][0-9]/*/0/com.apple.notificationcenter/db/db' | |
568 | - '/var/folders/[a-z][0-9]/*/0/com.apple.notificationcenter/db2/db' | |
549 | 569 | labels: [Users, Logs] |
550 | 570 | supported_os: [Darwin] |
551 | 571 | --- |
555 | 575 | - type: FILE |
556 | 576 | attributes: |
557 | 577 | paths: |
578 | - '/etc/daily.local/*' | |
558 | 579 | - '/etc/defaults/periodic.conf' |
580 | - '/etc/monthly.local/*' | |
581 | - '/etc/periodic/**2' | |
559 | 582 | - '/etc/periodic.conf' |
560 | 583 | - '/etc/periodic.conf.local' |
561 | - '/etc/periodic/**2' | |
584 | - '/etc/periodic/daily/*' | |
585 | - '/etc/periodic/monthly/*' | |
586 | - '/etc/periodic/weekly/*' | |
587 | - '/etc/weekly.local/*' | |
588 | - '/private/etc/daily.local/*' | |
589 | - '/private/etc/defaults/periodic.conf' | |
590 | - '/private/etc/monthly.local/*' | |
591 | - '/private/etc/periodic/**2' | |
592 | - '/private/etc/periodic.conf' | |
593 | - '/private/etc/periodic.conf.local' | |
594 | - '/private/etc/periodic/daily/*' | |
595 | - '/private/etc/periodic/monthly/*' | |
596 | - '/private/etc/periodic/weekly/*' | |
597 | - '/private/etc/weekly.local/*' | |
562 | 598 | - '/usr/local/etc/periodic/**2' |
563 | - '/etc/daily.local/*' | |
564 | - '/etc/weekly.local/*' | |
565 | - '/etc/monthly.local/*' | |
566 | - '/etc/periodic/daily/*' | |
567 | - '/etc/periodic/weekly/*' | |
568 | - '/etc/periodic/monthly/*' | |
569 | 599 | labels: [System] |
570 | 600 | supported_os: [Darwin] |
571 | 601 | urls: |
647 | 677 | doc: Swap files |
648 | 678 | sources: |
649 | 679 | - type: FILE |
650 | attributes: {paths: ['/var/vm/swapfile#']} | |
680 | attributes: | |
681 | paths: | |
682 | - '/private/var/vm/swapfile[0-9]' | |
683 | - '/var/vm/swapfile[0-9]' | |
651 | 684 | labels: [System] |
652 | 685 | supported_os: [Darwin] |
653 | 686 | urls: |
666 | 699 | doc: System installation time |
667 | 700 | sources: |
668 | 701 | - type: FILE |
669 | attributes: {paths: ['/var/db/.AppleSetupDone']} | |
702 | attributes: | |
703 | paths: | |
704 | - '/private/var/db/.AppleSetupDone' | |
705 | - '/var/db/.AppleSetupDone' | |
670 | 706 | labels: [System] |
671 | 707 | supported_os: [Darwin] |
672 | 708 | urls: |
677 | 713 | doc: System log files |
678 | 714 | sources: |
679 | 715 | - type: FILE |
680 | attributes: {paths: ['/var/log/*']} | |
716 | attributes: | |
717 | paths: | |
718 | - '/private/var/log/*' | |
719 | - '/var/log/*' | |
681 | 720 | labels: [System, Logs] |
682 | 721 | supported_os: [Darwin] |
683 | 722 | urls: |
723 | 762 | - type: FILE |
724 | 763 | attributes: |
725 | 764 | paths: |
765 | - '/private/var/db/diagnostics/*.tracev3' | |
766 | - '/private/var/db/diagnostics/*/*.tracev3' | |
767 | - '/private/var/db/uuidtext/*/*' | |
726 | 768 | - '/var/db/diagnostics/*.tracev3' |
727 | 769 | - '/var/db/diagnostics/*/*.tracev3' |
728 | 770 | - '/var/db/uuidtext/*/*' |
848 | 890 | - type: FILE |
849 | 891 | attributes: |
850 | 892 | paths: |
893 | - '/private/var/db/dslocal/nodes/Default/users/*.plist' | |
851 | 894 | - '/var/db/dslocal/nodes/Default/users/*.plist' |
852 | - '/private/var/db/dslocal/nodes/Default/users/*.plist' | |
853 | 895 | labels: [System, Users, Authentication] |
854 | 896 | supported_os: [Darwin] |
855 | 897 | urls: |
929 | 971 | - type: FILE |
930 | 972 | attributes: |
931 | 973 | paths: |
974 | - '/private/var/run/utmp' | |
975 | - '/private/var/log/wtmp' | |
976 | - '/var/run/utmp' | |
932 | 977 | - '/var/log/wtmp' |
933 | - '/var/run/utmp' | |
934 | 978 | labels: [Logs, Authentication] |
935 | 979 | supported_os: [Darwin] |
936 | 980 | urls: ['https://github.com/libyal/dtformats/blob/master/documentation/Utmp%20login%20records%20format.asciidoc'] |
939 | 983 | doc: Mac OS X 10.5 utmpx login record file. |
940 | 984 | sources: |
941 | 985 | - type: FILE |
942 | attributes: {paths: ['/var/run/utmpx']} | |
986 | attributes: | |
987 | paths: | |
988 | - '/private/var/run/utmpx' | |
989 | - '/var/run/utmpx' | |
943 | 990 | labels: [Logs, Authentication] |
944 | 991 | supported_os: [Darwin] |
945 | 992 | urls: ['https://github.com/libyal/dtformats/blob/master/documentation/Utmp%20login%20records%20format.asciidoc'] |
15 | 15 | separator: '\' |
16 | 16 | labels: [System] |
17 | 17 | supported_os: [Windows] |
18 | --- | |
19 | name: NTFSLogFile | |
20 | doc: | | |
21 | The NTFS $LogFile file system metadata file. | |
22 | ||
23 | GRR collection note: you currently need to specify 'use tsk' and | |
24 | 'ignore download size limits' for this artifact to work. This will go away in | |
25 | the future. | |
26 | sources: | |
27 | - type: FILE | |
28 | attributes: | |
29 | paths: ['%%environ_systemdrive%%\$LogFile'] | |
30 | separator: '\' | |
31 | urls: ['https://sourceforge.net/projects/linux-ntfs/'] | |
32 | labels: [System] | |
33 | supported_os: [Windows] |
16 | 16 | - type: FILE |
17 | 17 | attributes: |
18 | 18 | paths: |
19 | - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\catalina.out' | |
20 | - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\catalina.out' | |
21 | - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\catalina.out' | |
22 | - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\**\catalina.out' | |
23 | - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\**\catalina.out' | |
24 | - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\**\catalina.out' | |
25 | - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\access_log*' | |
26 | - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\access_log*' | |
27 | - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\access_log*' | |
28 | - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\**\access_log*' | |
29 | - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\**\access_log*' | |
30 | - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\**\access_log*' | |
19 | - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\**\access_log*' | |
20 | - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\access_log*' | |
21 | - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\**\catalina.out' | |
22 | - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\catalina.out' | |
23 | - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\**\access_log*' | |
24 | - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\access_log*' | |
25 | - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\**\catalina.out' | |
26 | - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\catalina.out' | |
27 | - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\**\access_log*' | |
28 | - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\access_log*' | |
29 | - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\**\catalina.out' | |
30 | - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\catalina.out' | |
31 | 31 | separator: '\' |
32 | 32 | supported_os: [Windows] |
33 | 33 | - type: FILE |
34 | 34 | attributes: |
35 | 35 | paths: |
36 | - '/usr/local/tomcat*/logs/catalina.out' | |
37 | - '/opt/tomcat*/logs/catalina.out' | |
38 | - '/usr/share/tomcat*/logs/catalina.out' | |
39 | - '/var/lib/tomcat*/logs/catalina.out' | |
40 | - '/usr/local/tomcat*/logs/access_log*' | |
41 | - '/opt/tomcat*/logs/access_log*' | |
42 | - '/usr/share/tomcat*/logs/access_log*' | |
43 | - '/var/lib/tomcat*/logs/access_log*' | |
44 | - '/usr/local/tomcat*/logs/**/catalina.out' | |
45 | - '/opt/tomcat*/logs/**/catalina.out' | |
46 | - '/usr/share/tomcat*/logs/**/catalina.out' | |
47 | - '/var/lib/tomcat*/logs/**/catalina.out' | |
48 | - '/usr/local/tomcat*/logs/**/access_log*' | |
49 | - '/opt/tomcat*/logs/**/access_log*' | |
50 | - '/usr/share/tomcat*/logs/**/access_log*' | |
51 | - '/var/lib/tomcat*/logs/**/access_log*' | |
36 | - '/opt/tomcat*/logs/**/access_log*' | |
37 | - '/opt/tomcat*/logs/access_log*' | |
38 | - '/opt/tomcat*/logs/**/catalina.out' | |
39 | - '/opt/tomcat*/logs/catalina.out' | |
40 | - '/usr/local/tomcat*/logs/**/access_log*' | |
41 | - '/usr/local/tomcat*/logs/access_log*' | |
42 | - '/usr/local/tomcat*/logs/**/catalina.out' | |
43 | - '/usr/local/tomcat*/logs/catalina.out' | |
44 | - '/usr/share/tomcat*/logs/**/access_log*' | |
45 | - '/usr/share/tomcat*/logs/access_log*' | |
46 | - '/usr/share/tomcat*/logs/**/catalina.out' | |
47 | - '/usr/share/tomcat*/logs/catalina.out' | |
48 | - '/var/lib/tomcat*/logs/**/access_log*' | |
49 | - '/var/lib/tomcat*/logs/access_log*' | |
50 | - '/var/lib/tomcat*/logs/**/catalina.out' | |
51 | - '/var/lib/tomcat*/logs/catalina.out' | |
52 | 52 | supported_os: [Linux] |
53 | 53 | - type: FILE |
54 | 54 | attributes: |
55 | 55 | paths: |
56 | - '/Library/Tomcat/logs/catalina.out' | |
57 | - '/usr/local/apache-tomcat*/logs/catalina.out' | |
58 | - '/usr/local/Cellar/tomcat*/logs/catalina.out' # Default location for Homebrew | |
59 | - '/Library/Tomcat/logs/**/catalina.out' | |
60 | - '/usr/local/apache-tomcat*/logs/**/catalina.out' | |
61 | - '/usr/local/Cellar/tomcat*/logs/**/catalina.out' # Default location for Homebrew | |
62 | - '/Library/Tomcat/logs/access_log*' | |
63 | - '/usr/local/apache-tomcat*/logs/access_log*' | |
64 | - '/usr/local/Cellar/tomcat*/logs/access_log*' # Default location for Homebrew | |
65 | - '/Library/Tomcat/logs/**/access_log*' | |
66 | - '/usr/local/apache-tomcat*/logs/**/access_log*' | |
67 | - '/usr/local/Cellar/tomcat*/logs/**/access_log*' # Default location for Homebrew | |
56 | - '/Library/Tomcat/logs/**/access_log*' | |
57 | - '/Library/Tomcat/logs/access_log*' | |
58 | - '/Library/Tomcat/logs/**/catalina.out' | |
59 | - '/Library/Tomcat/logs/catalina.out' | |
60 | - '/usr/local/apache-tomcat*/logs/**/access_log*' | |
61 | - '/usr/local/apache-tomcat*/logs/access_log*' | |
62 | - '/usr/local/apache-tomcat*/logs/**/catalina.out' | |
63 | - '/usr/local/apache-tomcat*/logs/catalina.out' | |
64 | - '/usr/local/Cellar/tomcat*/logs/**/access_log*' # Default location for Homebrew | |
65 | - '/usr/local/Cellar/tomcat*/logs/access_log*' # Default location for Homebrew | |
66 | - '/usr/local/Cellar/tomcat*/logs/**/catalina.out' # Default location for Homebrew | |
67 | - '/usr/local/Cellar/tomcat*/logs/catalina.out' # Default location for Homebrew | |
68 | 68 | supported_os: [Darwin] |
69 | 69 | supported_os: [Windows,Linux,Darwin] |
70 | 70 | urls: |
77 | 77 | - type: FILE |
78 | 78 | attributes: |
79 | 79 | paths: |
80 | - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml' | |
81 | - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml' | |
82 | - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml' | |
80 | - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml' | |
81 | - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml' | |
82 | - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml' | |
83 | 83 | separator: '\' |
84 | 84 | supported_os: [Windows] |
85 | 85 | - type: FILE |
86 | 86 | attributes: |
87 | 87 | paths: |
88 | - '/opt/tomcat*/conf/tomcat-users.xml' | |
89 | - '/usr/local/tomcat*/conf/tomcat-users.xml' | |
90 | - '/usr/share/tomcat*/conf/tomcat-users.xml' | |
91 | - '/var/lib/tomcat*/conf/tomcat-users.xml' | |
88 | - '/opt/tomcat*/conf/tomcat-users.xml' | |
89 | - '/private/var/lib/tomcat*/conf/tomcat-users.xml' | |
90 | - '/usr/local/tomcat*/conf/tomcat-users.xml' | |
91 | - '/usr/share/tomcat*/conf/tomcat-users.xml' | |
92 | - '/var/lib/tomcat*/conf/tomcat-users.xml' | |
92 | 93 | supported_os: [Linux] |
93 | 94 | - type: FILE |
94 | 95 | attributes: |
95 | 96 | paths: |
96 | - '/Library/Tomcat/conf/tomcat-users.xml' | |
97 | - '/usr/local/apache-tomcat-*/conf/tomcat-users.xml' | |
98 | - '/usr/local/Cellar/tomcat/*/conf/tomcat-users.xml' # Default location for Homebrew | |
97 | - '/Library/Tomcat/conf/tomcat-users.xml' | |
98 | - '/usr/local/apache-tomcat-*/conf/tomcat-users.xml' | |
99 | - '/usr/local/Cellar/tomcat/*/conf/tomcat-users.xml' # Default location for Homebrew | |
99 | 100 | supported_os: [Darwin] |
100 | 101 | supported_os: [Windows,Linux,Darwin] |
101 | 102 | urls: ['https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Configuring_Manager_Application_Access'] |
5 | 5 | - type: ARTIFACT_GROUP |
6 | 6 | attributes: |
7 | 7 | names: |
8 | - GlobalShellConfigs | |
9 | - UsersShellConfigs | |
10 | - RootUserShellConfigs | |
8 | - 'GlobalShellConfigs' | |
9 | - 'RootUserShellConfigs' | |
10 | - 'UsersShellConfigs' | |
11 | 11 | labels: [Configuration Files] |
12 | 12 | supported_os: [Linux, Darwin] |
13 | 13 | --- |
17 | 17 | - type: ARTIFACT_GROUP |
18 | 18 | attributes: |
19 | 19 | names: |
20 | - UsersShellHistory | |
21 | - RootUserShellHistory | |
20 | - 'RootUserShellHistory' | |
21 | - 'UsersShellHistory' | |
22 | 22 | labels: [History Files] |
23 | 23 | supported_os: [Linux, Darwin] |
24 | 24 | --- |
28 | 28 | - type: FILE |
29 | 29 | attributes: |
30 | 30 | paths: |
31 | - '/etc/bashrc' | |
32 | - '/etc/bash.bashrc' | |
33 | - '/etc/kshrc' | |
34 | - '/etc/csh.cshrc' | |
35 | - '/etc/csh.login' | |
36 | - '/etc/csh.logout' | |
37 | - '/etc/profile' | |
38 | - '/etc/zsh/zlogin' | |
39 | - '/etc/zsh/zlogout' | |
40 | - '/etc/zsh/zprofile' | |
41 | - '/etc/zsh/zshenv' | |
42 | - '/etc/zsh/zshrc' | |
43 | - '/etc/zshenv' | |
44 | - '/etc/zshrc' | |
31 | - '/etc/bash.bashrc' | |
32 | - '/etc/bashrc' | |
33 | - '/etc/csh.cshrc' | |
34 | - '/etc/csh.login' | |
35 | - '/etc/csh.logout' | |
36 | - '/etc/kshrc' | |
37 | - '/etc/profile' | |
38 | - '/etc/zshenv' | |
39 | - '/etc/zshrc' | |
40 | - '/etc/zsh/zlogin' | |
41 | - '/etc/zsh/zlogout' | |
42 | - '/etc/zsh/zprofile' | |
43 | - '/etc/zsh/zshenv' | |
44 | - '/etc/zsh/zshrc' | |
45 | - '/private/etc/bash.bashrc' | |
46 | - '/private/etc/bashrc' | |
47 | - '/private/etc/csh.cshrc' | |
48 | - '/private/etc/csh.login' | |
49 | - '/private/etc/csh.logout' | |
50 | - '/private/etc/kshrc' | |
51 | - '/private/etc/profile' | |
52 | - '/private/etc/zshenv' | |
53 | - '/private/etc/zshrc' | |
54 | - '/private/etc/zsh/zlogin' | |
55 | - '/private/etc/zsh/zlogout' | |
56 | - '/private/etc/zsh/zprofile' | |
57 | - '/private/etc/zsh/zshenv' | |
58 | - '/private/etc/zsh/zshrc' | |
59 | supported_os: [Darwin] | |
60 | - type: FILE | |
61 | attributes: | |
62 | paths: | |
63 | - '/etc/bash.bashrc' | |
64 | - '/etc/bashrc' | |
65 | - '/etc/csh.cshrc' | |
66 | - '/etc/csh.login' | |
67 | - '/etc/csh.logout' | |
68 | - '/etc/kshrc' | |
69 | - '/etc/profile' | |
70 | - '/etc/zshenv' | |
71 | - '/etc/zshrc' | |
72 | - '/etc/zsh/zlogin' | |
73 | - '/etc/zsh/zlogout' | |
74 | - '/etc/zsh/zprofile' | |
75 | - '/etc/zsh/zshenv' | |
76 | - '/etc/zsh/zshrc' | |
77 | supported_os: [Linux] | |
45 | 78 | labels: [Configuration Files] |
46 | 79 | supported_os: [Linux, Darwin] |
47 | 80 | --- |
51 | 84 | - type: FILE |
52 | 85 | attributes: |
53 | 86 | paths: |
54 | - '/root/.bashrc' | |
55 | - '/root/.bash_profile' | |
56 | - '/root/.bash_logout' | |
57 | - '/root/.cshrc' | |
58 | - '/root/.ksh' | |
59 | - '/root/.logout' | |
60 | - '/root/.profile' | |
61 | - '/root/.tcsh' | |
62 | - '/root/.zlogin' | |
63 | - '/root/.zlogout' | |
64 | - '/root/.zprofile' | |
87 | - '/root/.bash_logout' | |
88 | - '/root/.bash_profile' | |
89 | - '/root/.bashrc' | |
90 | - '/root/.cshrc' | |
91 | - '/root/.ksh' | |
92 | - '/root/.logout' | |
93 | - '/root/.profile' | |
94 | - '/root/.tcsh' | |
95 | - '/root/.zlogin' | |
96 | - '/root/.zlogout' | |
97 | - '/root/.zprofile' | |
65 | 98 | labels: [Configuration Files] |
66 | 99 | supported_os: [Linux, Darwin] |
67 | 100 | --- |
71 | 104 | - type: FILE |
72 | 105 | attributes: |
73 | 106 | paths: |
74 | - '/root/.bash_history' | |
75 | - '/root/.sh_history' | |
76 | - '/root/.zhistory' | |
77 | - '/root/.zsh_history' | |
107 | - '/root/.bash_history' | |
108 | - '/root/.sh_history' | |
109 | - '/root/.zhistory' | |
110 | - '/root/.zsh_history' | |
78 | 111 | labels: [History Files] |
79 | 112 | supported_os: [Linux, Darwin] |
80 | 113 | --- |
82 | 115 | doc: Unix groups file. |
83 | 116 | sources: |
84 | 117 | - type: FILE |
118 | attributes: | |
119 | paths: | |
120 | - '/etc/group' | |
121 | - '/private/etc/group' | |
122 | supported_os: [Darwin] | |
123 | - type: FILE | |
85 | 124 | attributes: {paths: ['/etc/group']} |
125 | supported_os: [Linux] | |
86 | 126 | labels: [Authentication] |
87 | 127 | supported_os: [Linux, Darwin] |
88 | 128 | --- |
90 | 130 | doc: Unix hosts file |
91 | 131 | sources: |
92 | 132 | - type: FILE |
133 | attributes: | |
134 | paths: | |
135 | - '/etc/hosts' | |
136 | - '/private/etc/hosts' | |
137 | supported_os: [Darwin] | |
138 | - type: FILE | |
93 | 139 | attributes: {paths: ['/etc/hosts']} |
140 | supported_os: [Linux] | |
94 | 141 | labels: [Configuration Files] |
95 | 142 | supported_os: [Linux, Darwin] |
96 | 143 | --- |
98 | 145 | doc: Unix /etc/passwd file. |
99 | 146 | sources: |
100 | 147 | - type: FILE |
148 | attributes: | |
149 | paths: | |
150 | - '/etc/passwd' | |
151 | - '/private/etc/passwd' | |
152 | supported_os: [Darwin] | |
153 | - type: FILE | |
101 | 154 | attributes: {paths: ['/etc/passwd']} |
155 | supported_os: [Linux] | |
102 | 156 | labels: [Authentication] |
103 | 157 | supported_os: [Linux, Darwin] |
104 | 158 | --- |
106 | 160 | doc: Unix /etc/shadow file. |
107 | 161 | sources: |
108 | 162 | - type: FILE |
163 | attributes: | |
164 | paths: | |
165 | - '/etc/shadow' | |
166 | - '/private/etc/shadow' | |
167 | supported_os: [Darwin] | |
168 | - type: FILE | |
109 | 169 | attributes: {paths: ['/etc/shadow']} |
170 | supported_os: [Linux] | |
110 | 171 | labels: [Authentication] |
111 | 172 | supported_os: [Linux, Darwin] |
112 | 173 | --- |
114 | 175 | doc: Unix sudoers configuration. |
115 | 176 | sources: |
116 | 177 | - type: FILE |
178 | attributes: | |
179 | paths: | |
180 | - '/etc/sudoers' | |
181 | - '/private/etc/sudoers' | |
182 | supported_os: [Darwin] | |
183 | - type: FILE | |
117 | 184 | attributes: {paths: ['/etc/sudoers']} |
185 | supported_os: [Linux] | |
118 | 186 | labels: [Authentication, Configuration Files] |
119 | 187 | supported_os: [Linux, Darwin] |
120 | 188 | --- |
124 | 192 | - type: ARTIFACT_GROUP |
125 | 193 | attributes: |
126 | 194 | names: |
127 | - 'UnixPasswd' | |
128 | - 'UnixShadowFile' | |
129 | - 'UnixGroups' | |
195 | - 'UnixGroups' | |
196 | - 'UnixPasswd' | |
197 | - 'UnixShadowFile' | |
130 | 198 | labels: [Authentication] |
131 | 199 | supported_os: [Linux, Darwin] |
132 | 200 | --- |
136 | 204 | - type: FILE |
137 | 205 | attributes: |
138 | 206 | paths: |
139 | - '%%users.homedir%%/.bashrc' | |
140 | - '%%users.homedir%%/.bash_profile' | |
141 | - '%%users.homedir%%/.bash_logout' | |
142 | - '%%users.homedir%%/.cshrc' | |
143 | - '%%users.homedir%%/.ksh' | |
144 | - '%%users.homedir%%/.logout' | |
145 | - '%%users.homedir%%/.profile' | |
146 | - '%%users.homedir%%/.tcsh' | |
147 | - '%%users.homedir%%/.zlogin' | |
148 | - '%%users.homedir%%/.zlogout' | |
149 | - '%%users.homedir%%/.zprofile' | |
207 | - '%%users.homedir%%/.bash_logout' | |
208 | - '%%users.homedir%%/.bash_profile' | |
209 | - '%%users.homedir%%/.bashrc' | |
210 | - '%%users.homedir%%/.cshrc' | |
211 | - '%%users.homedir%%/.ksh' | |
212 | - '%%users.homedir%%/.logout' | |
213 | - '%%users.homedir%%/.profile' | |
214 | - '%%users.homedir%%/.tcsh' | |
215 | - '%%users.homedir%%/.zlogin' | |
216 | - '%%users.homedir%%/.zlogout' | |
217 | - '%%users.homedir%%/.zprofile' | |
150 | 218 | labels: [Configuration Files] |
151 | 219 | supported_os: [Linux, Darwin] |
152 | 220 | --- |
156 | 224 | - type: FILE |
157 | 225 | attributes: |
158 | 226 | paths: |
159 | - '%%users.homedir%%/.bash_history' | |
160 | - '%%users.homedir%%/.sh_history' | |
161 | - '%%users.homedir%%/.zhistory' | |
162 | - '%%users.homedir%%/.zsh_history' | |
227 | - '%%users.homedir%%/.bash_history' | |
228 | - '%%users.homedir%%/.sh_history' | |
229 | - '%%users.homedir%%/.zhistory' | |
230 | - '%%users.homedir%%/.zsh_history' | |
163 | 231 | labels: [History Files] |
164 | 232 | supported_os: [Linux, Darwin] |
347 | 347 | - type: FILE |
348 | 348 | attributes: |
349 | 349 | paths: |
350 | - '%%users.appdata%%\Microsoft\Windows\IEDownloadHistory\index.dat' | |
351 | - '%%users.localappdata%%\Microsoft\Feeds Cache\index.dat' | |
352 | - '%%users.localappdata%%\Microsoft\Windows\History\History.IE5\*\index.dat' | |
353 | - '%%users.localappdata%%\Microsoft\Windows\History\History.IE5\index.dat' | |
354 | - '%%users.localappdata%%\Microsoft\Windows\History\Low\History.IE5\*\index.dat' | |
355 | - '%%users.localappdata%%\Microsoft\Windows\History\Low\History.IE5\index.dat' | |
350 | 356 | - '%%users.localappdata%%\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat' |
351 | 357 | - '%%users.localappdata%%\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat' |
352 | - '%%users.localappdata%%\Microsoft\Windows\History\History.IE5\index.dat' | |
353 | - '%%users.localappdata%%\Microsoft\Windows\History\Low\History.IE5\index.dat' | |
354 | - '%%users.localappdata%%\Microsoft\Windows\History\History.IE5\*\index.dat' | |
355 | - '%%users.localappdata%%\Microsoft\Windows\History\Low\History.IE5\*\index.dat' | |
356 | - '%%users.userprofile%%\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat' | |
357 | - '%%users.appdata%%\Microsoft\Windows\IEDownloadHistory\index.dat' | |
358 | 358 | - '%%users.localappdata%%\Microsoft\Windows\WebCache\WebCacheV*.dat' |
359 | 359 | separator: '\' |
360 | 360 | labels: [Browser] |
456 | 456 | doc: Opera browser history (global_history.dat). |
457 | 457 | sources: |
458 | 458 | - type: FILE |
459 | attributes: {paths: ['%%users.homedir%%/Library/Opera//global_history.dat']} | |
459 | attributes: {paths: ['%%users.homedir%%/Library/Opera/global_history.dat']} | |
460 | 460 | supported_os: [Darwin] |
461 | 461 | - type: FILE |
462 | 462 | attributes: {paths: ['%%users.homedir%%/.opera/global_history.dat']} |
5 | 5 | - type: FILE |
6 | 6 | attributes: |
7 | 7 | paths: |
8 | - '/var/log/nginx/access.log*' | |
8 | - '/var/log/nginx/access.log*' | |
9 | 9 | labels: [Software, Logs] |
10 | 10 | supported_os: [Linux] |
11 | 11 | --- |
15 | 15 | - type: FILE |
16 | 16 | attributes: |
17 | 17 | paths: |
18 | - '/var/log/apache/access.log*' | |
19 | - '/var/log/apache2/access.log*' | |
20 | - '/var/log/httpd/access.log' | |
18 | - '/var/log/apache/access.log*' | |
19 | - '/var/log/apache2/access.log*' | |
20 | - '/var/log/httpd/access.log' | |
21 | 21 | labels: [Software, Logs] |
22 | 22 | supported_os: [Linux] |
23 | 23 | --- |
27 | 27 | - type: FILE |
28 | 28 | attributes: |
29 | 29 | paths: |
30 | - '/wp/wp-config.php' | |
31 | - '/var/www/wp-config.php' | |
32 | - '/var/www/**/wp-config.php' | |
30 | - '/private/var/www/**/wp-config.php' | |
31 | - '/private/var/www/wp-config.php' | |
32 | - '/var/www/**/wp-config.php' | |
33 | - '/var/www/wp-config.php' | |
34 | - '/wp/wp-config.php' | |
33 | 35 | labels: [Configuration Files] |
34 | 36 | supported_os: [Linux, Darwin] |
22 | 22 | sources: |
23 | 23 | - type: FILE |
24 | 24 | attributes: |
25 | paths: ['%%users.homedir%%\AppData\Local\ConnectedDevicesPlatform\L.%%users.username%%\ActivitiesCache.db'] | |
25 | paths: ['%%users.localappdata%%\ConnectedDevicesPlatform\L.%%users.username%%\ActivitiesCache.db'] | |
26 | 26 | separator: '\' |
27 | 27 | labels: [Users] |
28 | 28 | supported_os: [Windows] |
118 | 118 | - '%%environ_systemroot%%\WinAppXRT.dll' |
119 | 119 | - '%%environ_systemroot%%\System32\Wbem\WinAppXRT.dll' |
120 | 120 | - '%%environ_systemroot%%\System32\WindowsPowerShell\v1.0\WinAppXRT.dll' |
121 | separator: '\' | |
121 | 122 | supported_os: [Windows] |
122 | 123 | conditions: [os_major_version >= 6 AND os_minor_version >= 2] |
123 | 124 | urls: ['http://www.hexacorn.com/blog/2014/08/31/beyond-good-ol-run-key-part-17/'] |
176 | 177 | sources: |
177 | 178 | - type: FILE |
178 | 179 | attributes: |
179 | paths: | |
180 | - '%%environ_allusersprofile%%\Microsoft\Network\Downloader\qmgr*.dat' | |
180 | paths: ['%%environ_allusersprofile%%\Microsoft\Network\Downloader\qmgr*.dat'] | |
181 | separator: '\' | |
181 | 182 | supported_os: [Windows] |
182 | 183 | urls: ['http://dfrws.org/2015/proceedings/presentations/DFRWS2015-pres3.pdf'] |
183 | 184 | --- |
192 | 193 | urls: |
193 | 194 | - 'https://technet.microsoft.com/en-us/library/cc786702(WS.10).aspx' |
194 | 195 | - 'http://gladiator-antivirus.com/forum/index.php?showtopic=24610' |
196 | --- | |
197 | name: WindowsCIMRepositoryFiles | |
198 | doc: | | |
199 | Windows Common Information Model (CIM) repository. | |
200 | ||
201 | Persistent database that holds the schema, also called the object repository or class store, | |
202 | that models the managed environment and defines every piece of data exposed by WMI. | |
203 | ||
204 | This definition does not specify the copies of the CIM repository that are stored in system restore points. | |
205 | sources: | |
206 | - type: FILE | |
207 | attributes: | |
208 | paths: | |
209 | # Windows 95 OSR 2.5, 98, Millennium Edition (Me) | |
210 | - '%%environ_windir%%\System\Wbem\Repository\cim.rep' | |
211 | # Windows NT4 and 2000 | |
212 | - '%%environ_systemroot%%\System32\wbem\Repository\CIM.REC' | |
213 | - '%%environ_systemroot%%\System32\wbem\Repository\CIM.REP' | |
214 | # Windows Vista and later | |
215 | - '%%environ_systemroot%%\System32\wbem\Repository\INDEX.BTR' | |
216 | - '%%environ_systemroot%%\System32\wbem\Repository\INDEX.MAP' | |
217 | - '%%environ_systemroot%%\System32\wbem\Repository\MAPPING.VER' | |
218 | - '%%environ_systemroot%%\System32\wbem\Repository\MAPPING[1-3].MAP' | |
219 | - '%%environ_systemroot%%\System32\wbem\Repository\OBJECTS.DATA' | |
220 | - '%%environ_systemroot%%\System32\wbem\Repository\OBJECTS.MAP' | |
221 | # Windows XP and Windows 2003 | |
222 | - '%%environ_systemroot%%\System32\wbem\Repository\FS\INDEX.BTR' | |
223 | - '%%environ_systemroot%%\System32\wbem\Repository\FS\INDEX.MAP' | |
224 | - '%%environ_systemroot%%\System32\wbem\Repository\FS\MAPPING.VER' | |
225 | - '%%environ_systemroot%%\System32\wbem\Repository\FS\MAPPING[1-2].MAP' | |
226 | - '%%environ_systemroot%%\System32\wbem\Repository\FS\OBJECTS.DATA' | |
227 | - '%%environ_systemroot%%\System32\wbem\Repository\FS\OBJECTS.MAP' | |
228 | separator: '\' | |
229 | supported_os: [Windows] | |
230 | urls: | |
231 | - 'https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-management-instrumentation.pdf' | |
232 | - 'https://github.com/libyal/dtformats/blob/master/documentation/WMI%20repository%20file%20format.asciidoc' | |
195 | 233 | --- |
196 | 234 | name: WindowsCodePage |
197 | 235 | doc: The code page of the system. |
426 | 464 | - 'http://www.hexacorn.com/blog/2014/11/14/beyond-good-ol-run-key-part-18/' |
427 | 465 | - 'https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/cb6f1d6f-60a6-4369-803e-ec03d902e638/gina-how-to-run-domain-scripts-after-logon' |
428 | 466 | --- |
429 | name: WindowsEnvironmentVariableAllUsersAppData | |
430 | doc: The %ProgramData% environment variable. | |
431 | sources: | |
432 | - type: REGISTRY_VALUE | |
433 | attributes: | |
434 | key_value_pairs: | |
435 | - {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList', value: 'ProgramData'} | |
436 | provides: [environ_allusersappdata] | |
437 | supported_os: [Windows] | |
438 | urls: ['http://environmentvariables.org/ProgramData'] | |
439 | --- | |
440 | name: WindowsEnvironmentVariableProfilesDirectory | |
441 | doc: Folder that typically contains users' profile directories; default is '%SystemDrive%\Users' | |
442 | sources: | |
443 | - type: REGISTRY_VALUE | |
444 | attributes: | |
445 | key_value_pairs: | |
446 | - {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList', value: 'ProfilesDirectory'} | |
447 | provides: [environ_profilesdirectory] | |
448 | supported_os: [Windows] | |
449 | urls: | |
450 | - 'https://msdn.microsoft.com/en-us/library/windows/desktop/bb776892(v=vs.85).aspx' | |
451 | - 'https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-recognized-environment-variables' | |
452 | - 'http://support.microsoft.com/kb//214653' | |
453 | --- | |
454 | 467 | name: WindowsEnvironmentVariableAllUsersProfile |
455 | 468 | doc: | |
456 | 469 | The %AllUsersProfile% environment variable |
493 | 506 | provides: [environ_path] |
494 | 507 | supported_os: [Windows] |
495 | 508 | urls: ['http://environmentvariables.org/Path'] |
509 | --- | |
510 | name: WindowsEnvironmentVariableProfilesDirectory | |
511 | doc: Folder that typically contains users' profile directories; default is '%SystemDrive%\Users' | |
512 | sources: | |
513 | - type: REGISTRY_VALUE | |
514 | attributes: | |
515 | key_value_pairs: | |
516 | - {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList', value: 'ProfilesDirectory'} | |
517 | provides: [environ_profilesdirectory] | |
518 | supported_os: [Windows] | |
519 | urls: | |
520 | - 'https://msdn.microsoft.com/en-us/library/windows/desktop/bb776892(v=vs.85).aspx' | |
521 | - 'https://docs.microsoft.com/en-us/windows/deployment/usmt/usmt-recognized-environment-variables' | |
522 | - 'http://support.microsoft.com/kb//214653' | |
523 | --- | |
524 | name: WindowsEnvironmentVariableProgramData | |
525 | doc: The %ProgramData% environment variable. | |
526 | sources: | |
527 | - type: REGISTRY_VALUE | |
528 | attributes: | |
529 | key_value_pairs: | |
530 | - {key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList', value: 'ProgramData'} | |
531 | provides: [environ_programdata] | |
532 | supported_os: [Windows] | |
533 | urls: ['http://environmentvariables.org/ProgramData'] | |
496 | 534 | --- |
497 | 535 | name: WindowsEnvironmentVariableProgramFiles |
498 | 536 | doc: The %ProgramFiles% environment variable. |
1053 | 1091 | doc: Windows Metro application cache. |
1054 | 1092 | sources: |
1055 | 1093 | - type: FILE |
1056 | attributes: {paths: ['%%users.homedir%%\AppData\Local\Packages\*\AC\INetCache']} | |
1094 | attributes: | |
1095 | paths: ['%%users.localappdata%%\Packages\*\AC\INetCache'] | |
1096 | separator: '\' | |
1057 | 1097 | supported_os: [Windows] |
1058 | 1098 | urls: |
1059 | 1099 | - 'http://www.forensicmag.com/article/2012/09/microsoft-windows-8-forensic-first-look' |
1062 | 1102 | doc: Windows Metro application cookies. |
1063 | 1103 | sources: |
1064 | 1104 | - type: FILE |
1065 | attributes: {paths: ['%%users.homedir%%\AppData\Local\Packages\*\AC\INetCookies']} | |
1105 | attributes: | |
1106 | paths: ['%%users.localappdata%%\Packages\*\AC\INetCookies'] | |
1107 | separator: '\' | |
1066 | 1108 | supported_os: [Windows] |
1067 | 1109 | urls: |
1068 | 1110 | - 'http://www.forensicmag.com/article/2012/09/microsoft-windows-8-forensic-first-look' |
1071 | 1113 | doc: Windows Metro application history. |
1072 | 1114 | sources: |
1073 | 1115 | - type: FILE |
1074 | attributes: {paths: ['%%users.homedir%%\AppData\Local\Packages\*\AC\INetHistory']} | |
1116 | attributes: | |
1117 | paths: ['%%users.localappdata%%\Packages\*\AC\INetHistory'] | |
1118 | separator: '\' | |
1075 | 1119 | supported_os: [Windows] |
1076 | 1120 | urls: |
1077 | 1121 | - 'http://www.forensicmag.com/article/2012/09/microsoft-windows-8-forensic-first-look' |
1080 | 1124 | doc: Windows Metro user-pinned favorite tiles. |
1081 | 1125 | sources: |
1082 | 1126 | - type: FILE |
1083 | attributes: {paths: ['%%users.homedir%%\AppData\Local\Microsoft\Windows\RoamingTiles']} | |
1127 | attributes: | |
1128 | paths: ['%%users.localappdata%%\Microsoft\Windows\RoamingTiles'] | |
1129 | separator: '\' | |
1084 | 1130 | supported_os: [Windows] |
1085 | 1131 | urls: |
1086 | 1132 | - 'http://www.forensicmag.com/article/2012/09/microsoft-windows-8-forensic-first-look' |
1174 | 1220 | - WindowsPersistenceRegistryKeys |
1175 | 1221 | - WindowsPowerShellDefaultProfiles |
1176 | 1222 | - WindowsServices |
1177 | returned_types: [PersistenceFile] | |
1178 | 1223 | labels: [Software] |
1179 | 1224 | supported_os: [Windows] |
1180 | 1225 | --- |
1270 | 1315 | paths: |
1271 | 1316 | - '%%environ_systemroot%%\system32\WindowsPowerShell\v1.0\profile.ps1' |
1272 | 1317 | - '%%environ_systemroot%%\system32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1' |
1273 | - '%%users.homedir%%\Documents\WindowsPowerShell\profile.ps1' | |
1274 | - '%%users.homedir%%\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1' | |
1318 | - '%%users.userprofile%%\Documents\WindowsPowerShell\profile.ps1' | |
1319 | - '%%users.userprofile%%\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1' | |
1320 | separator: '\' | |
1275 | 1321 | supported_os: [Windows] |
1276 | 1322 | urls: |
1277 | 1323 | - 'https://technet.microsoft.com/en-us/magazine/2008.10.windowspowershell.aspx#id0190010' |
1435 | 1481 | userinit.exe will load this file and call its RunMonitor export. |
1436 | 1482 | sources: |
1437 | 1483 | - type: FILE |
1438 | attributes: {paths: ['%%environ_systemroot%%\System32\rover.dll']} | |
1484 | attributes: | |
1485 | paths: ['%%environ_systemroot%%\System32\rover.dll'] | |
1486 | separator: '\' | |
1439 | 1487 | supported_os: [Windows] |
1440 | 1488 | urls: ['http://www.hexacorn.com/blog/2014/05/21/beyond-good-ol-run-key-part-12/'] |
1441 | 1489 | --- |
1788 | 1836 | doc: Windows setup API logs. |
1789 | 1837 | sources: |
1790 | 1838 | - type: FILE |
1791 | attributes: {paths: ['%%environ_systemroot%%\setupapi.log']} | |
1839 | attributes: | |
1840 | paths: ['%%environ_systemroot%%\setupapi.log'] | |
1841 | separator: '\' | |
1792 | 1842 | conditions: [os_major_version < 6] |
1793 | 1843 | - type: FILE |
1794 | 1844 | attributes: |
1842 | 1892 | - type: FILE |
1843 | 1893 | attributes: |
1844 | 1894 | paths: |
1845 | - '%%users.homedir%%\Start Menu\Programs\Startup\*' | |
1895 | - '%%environ_allusersprofile%%\Microsoft\Windows\Start Menu\Programs\Startup\*' | |
1846 | 1896 | - '%%environ_allusersprofile%%\Start Menu\Programs\Startup\*' |
1847 | - '%%users.homedir%%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*' | |
1848 | - '%%environ_allusersprofile%%\Microsoft\Windows\Start Menu\Programs\Startup\*' | |
1897 | - '%%users.appdata%%\Microsoft\Windows\Start Menu\Programs\Startup\*' | |
1898 | - '%%users.userprofile%%\Start Menu\Programs\Startup\*' | |
1849 | 1899 | separator: '\' |
1850 | 1900 | supported_os: [Windows] |
1851 | 1901 | --- |
2119 | 2169 | sources: |
2120 | 2170 | - type: DIRECTORY |
2121 | 2171 | attributes: |
2122 | paths: ['%%users.homedir%%\Downloads\*'] | |
2172 | paths: ['%%users.userprofile%%\Downloads\*'] | |
2123 | 2173 | separator: '\' |
2124 | 2174 | labels: [Users] |
2125 | 2175 | supported_os: [Windows] |
2142 | 2192 | - type: FILE |
2143 | 2193 | attributes: |
2144 | 2194 | paths: |
2145 | - '%%users.homedir%%\NTUSER.DAT' | |
2146 | - '%%users.homedir%%\NTUSER.MAN' | |
2195 | - '%%users.userprofile%%\NTUSER.DAT' | |
2196 | - '%%users.userprofile%%\NTUSER.MAN' | |
2147 | 2197 | - '%%users.localappdata%%\Microsoft\Windows\UsrClass.dat' |
2148 | 2198 | separator: '\' |
2149 | 2199 | labels: [Users] |
2156 | 2206 | - type: FILE |
2157 | 2207 | attributes: |
2158 | 2208 | paths: |
2159 | - '%%users.homedir%%\NTUSER.DAT.LOG' | |
2160 | - '%%users.homedir%%\NTUSER.DAT.LOG1' | |
2161 | - '%%users.homedir%%\NTUSER.DAT.LOG2' | |
2209 | - '%%users.userprofile%%\NTUSER.DAT.LOG' | |
2210 | - '%%users.userprofile%%\NTUSER.DAT.LOG1' | |
2211 | - '%%users.userprofile%%\NTUSER.DAT.LOG2' | |
2162 | 2212 | - '%%users.localappdata%%\Microsoft\Windows\UsrClass.dat.LOG' |
2163 | 2213 | - '%%users.localappdata%%\Microsoft\Windows\UsrClass.dat.LOG1' |
2164 | 2214 | - '%%users.localappdata%%\Microsoft\Windows\UsrClass.dat.LOG2' |
6 | 6 | :numbered!: |
7 | 7 | [abstract] |
8 | 8 | == Summary |
9 | ||
9 | 10 | This guide contains a description of the forensics artifacts definitions. |
10 | 11 | The artifacts definitions are |
11 | 12 | link:http://www.yaml.org/spec/1.2/spec.html[YAML]-based. The format is |
15 | 16 | |
16 | 17 | [preface] |
17 | 18 | == Revision history |
19 | ||
18 | 20 | [cols="1,1,1,5",options="header"] |
19 | 21 | |=== |
20 | 22 | | Version | Author | Date | Comments |
23 | 25 | | 0.0.3 | J.B. Metz | April 2015 | Merged style guide and artifact definitions wiki page. |
24 | 26 | | 0.0.3 | J.B. Metz | September 2015 | Additional label. |
25 | 27 | | 0.0.4 | J.B. Metz | July 2016 | Added information about a naming convention. |
28 | | 0.0.5 | J.B. Metz | February 2019 | Removed returned_types as keyword and format changes. | |
26 | 29 | |=== |
27 | 30 | |
28 | 31 | :numbered: |
29 | 32 | == Background |
33 | ||
30 | 34 | The first version of the artifact definitions originated from the |
31 | 35 | https://github.com/google/grr[GRR project], where it is used to describe and |
32 | 36 | quickly collect data of interest, e.g. specific files or Windows Registry keys. |
43 | 47 | various between tools. |
44 | 48 | |
45 | 49 | === Terminology |
46 | The term artifact (or artefact) is widely used within computer (or digital) forensics, though there is no official definition of this term. | |
47 | ||
48 | The definition closest to the meaning of the word within computer forensics is that of the word artifact within http://en.wikipedia.org/wiki/Artifact_(archaeology)[archaeology]. The term should not be confused with the word artifact used within http://en.wikipedia.org/wiki/Artifact_(software_development)[software development]. | |
50 | ||
51 | The term artifact (or artefact) is widely used within computer (or digital) | |
52 | forensics, though there is no official definition of this term. | |
53 | ||
54 | The definition closest to the meaning of the word within computer forensics is | |
55 | that of the word artifact within | |
56 | http://en.wikipedia.org/wiki/Artifact_(archaeology)[archaeology]. The term | |
57 | should not be confused with the word artifact used within | |
58 | http://en.wikipedia.org/wiki/Artifact_(software_development)[software development]. | |
49 | 59 | |
50 | 60 | If archaeology defines an artifact as: |
51 | 61 | ``` |
58 | 68 | An object of digital archaeological interest. |
59 | 69 | ``` |
60 | 70 | |
61 | Where digital archaeology roughly refers to computer forensics without the forensic (legal) context. | |
71 | Where digital archaeology roughly refers to computer forensics without the | |
72 | forensic (legal) context. | |
62 | 73 | |
63 | 74 | == The artifact definition |
75 | ||
64 | 76 | The best way to show what an artifact definition is, is by example. The |
65 | 77 | following example is the artifact definition for the Windows EVTX System Event |
66 | 78 | Logs. |
102 | 114 | |=== |
103 | 115 | |
104 | 116 | === [[artifact_name]]Name |
117 | ||
105 | 118 | *Style note*: The name of an artifact defintion should be in CamelCase name without spaces. |
106 | 119 | |
107 | 120 | As of July 2016 we are migrating to the following naming convention: |
115 | 128 | files use "BrowserHistoryFiles" instead of "BrowserHistory" to reduce ambiguity. |
116 | 129 | |
117 | 130 | === [[artifact_long_docs]]Long docs form |
131 | ||
118 | 132 | Multi-line documentation should use the YAML Literal Style as indicated by the | |
119 | 133 | character. |
120 | 134 | |
133 | 147 | *Style note*: explicit newlines (\n) should not be used. |
134 | 148 | |
135 | 149 | == [[sources]]Sources |
150 | ||
136 | 151 | Every source definition starts with a `type` followed by arguments e.g. |
137 | 152 | |
138 | 153 | [source,yaml] |
178 | 193 | | type | The source type. |
179 | 194 | | conditions | Optional list of conditions to when the artifact definition should apply. + |
180 | 195 | See section: <<conditions,Conditions>>. |
181 | | returned_types | Optional list of returned artifact definition types. | |
182 | 196 | | supported_os | Optional list that indicates which operating systems the artifact definition applies to. + |
183 | 197 | See section: <<supported_os,Supported operating system>>. |
184 | 198 | |=== |
185 | 199 | |
186 | 200 | === Source types |
201 | ||
187 | 202 | Currently the following different source types are defined: |
188 | 203 | |
189 | 204 | [cols="1,5",options="header"] |
203 | 218 | as TYPE_INDICATOR constants. |
204 | 219 | |
205 | 220 | === Artifact group source |
221 | ||
206 | 222 | The artifact group source is a source that consists of a group of other artifacts e.g. |
207 | 223 | |
208 | 224 | [source,yaml] |
210 | 226 | - type: ARTIFACT_GROUP |
211 | 227 | attributes: |
212 | 228 | names: [WindowsRunKeys, WindowsServices] |
213 | returned_types: [PersistenceFile] | |
214 | 229 | ---- |
215 | 230 | |
216 | 231 | Where `attributes` can contain the following values: |
223 | 238 | |=== |
224 | 239 | |
225 | 240 | === Command source |
241 | ||
226 | 242 | The command source is a source that consists of the output of a command e.g. |
227 | 243 | |
228 | 244 | [source,yaml] |
243 | 259 | |=== |
244 | 260 | |
245 | 261 | === File source |
262 | ||
246 | 263 | The file source is a source that consists of the contents of files e.g. |
247 | 264 | |
248 | 265 | [source,yaml] |
263 | 280 | |=== |
264 | 281 | |
265 | 282 | === Path source |
283 | ||
266 | 284 | The path source is a source that consists of the contents of paths e.g. |
267 | 285 | |
268 | 286 | [source,yaml] |
284 | 302 | |=== |
285 | 303 | |
286 | 304 | === Windows Registry key source |
305 | ||
287 | 306 | The Windows Registry key source is a source that consists of the contents of |
288 | 307 | Windows Registry keys e.g. |
289 | 308 | |
307 | 326 | |=== |
308 | 327 | |
309 | 328 | === Windows Registry value source |
329 | ||
310 | 330 | The Windows Registry value source is a source that consists of the contents of |
311 | 331 | Windows Registry values e.g. |
312 | 332 | |
329 | 349 | |=== |
330 | 350 | |
331 | 351 | === Windows Management Instrumentation (WMI) query source |
352 | ||
332 | 353 | The Windows Management Instrumentation (WMI) query source is a source that |
333 | 354 | consists of the output of Windows Management Instrumentation (WMI) queries e.g. |
334 | 355 | |
350 | 371 | |=== |
351 | 372 | |
352 | 373 | == [[conditions]]Conditions |
374 | ||
353 | 375 | *TODO: work is in progress to move this out of GRR into something more portable.* |
354 | 376 | |
355 | 377 | Artifact conditions are currently implemented using the |
366 | 388 | ---- |
367 | 389 | |
368 | 390 | === [[supported_os]]Supported operating system |
391 | ||
369 | 392 | Since operating system (OS) conditions are a very common constraint, this has |
370 | 393 | been provided as a separate option "supported_os" to simplify syntax. For |
371 | 394 | supported_os no quotes are required. The currently supported operating systems |
388 | 411 | ---- |
389 | 412 | |
390 | 413 | == [[labels]]Labels |
414 | ||
391 | 415 | Currently the following different labels are defined: |
392 | 416 | |
393 | 417 | [cols="1,5",options="header"] |
415 | 439 | link:https://github.com/ForensicArtifacts/artifacts/blob/master/artifacts/definitions.py[definitions.py]. |
416 | 440 | |
417 | 441 | == Style notes |
442 | ||
418 | 443 | === Artifact definition YAML files |
444 | ||
419 | 445 | Artifact definition YAML filenames should be of the form: |
420 | 446 | .... |
421 | 447 | $FILENAME.yaml |
433 | 459 | ---- |
434 | 460 | |
435 | 461 | === Lists |
462 | ||
436 | 463 | Generally use the short [] format for single-item lists that fit inside 80 |
437 | 464 | characters to save on unnecessary line breaks: |
438 | 465 | |
456 | 483 | ---- |
457 | 484 | |
458 | 485 | === Quotes |
486 | ||
459 | 487 | Quotes should not be used for doc strings, artifact names, and simple lists |
460 | 488 | like labels and supported_os. |
461 | 489 | |
476 | 504 | ---- |
477 | 505 | |
478 | 506 | === Minimize the number of definitions by using multiple sources |
507 | ||
479 | 508 | To minimize the number of artifacts in the list, combine them using the |
480 | 509 | supported_os and conditions attributes where it makes sense. e.g. rather than |
481 | 510 | having FirefoxHistoryWindows, FirefoxHistoryLinux, FirefoxHistoryDarwin, do: |
504 | 533 | ---- |
505 | 534 | |
506 | 535 | == [[parameter_expansion]]Parameter expansion and globs |
536 | ||
507 | 537 | *TODO* |
508 | 538 |
7 | 7 | AUTHORS |
8 | 8 | LICENSE |
9 | 9 | README |
10 | build_requires = python-setuptools | |
10 | build_requires = python2-setuptools | |
11 | 11 | requires = python2-pyyaml >= 3.10 |
12 | 12 | |
13 | 13 | [bdist_wheel] |
92 | 92 | python_spec_file = [] |
93 | 93 | for line in iter(spec_file): |
94 | 94 | if line.startswith('Summary: '): |
95 | summary = line | |
95 | summary = line[9:] | |
96 | 96 | |
97 | 97 | elif line.startswith('BuildRequires: '): |
98 | 98 | line = 'BuildRequires: {0:s}-setuptools, {0:s}-devel'.format( |
103 | 103 | if python_package == 'python3': |
104 | 104 | requires = requires.replace('python-', 'python3-') |
105 | 105 | requires = requires.replace('python2-', 'python3-') |
106 | continue | |
106 | 107 | |
107 | 108 | elif line.startswith('%description'): |
108 | 109 | in_description = True |
120 | 121 | line = '%py2_install' |
121 | 122 | |
122 | 123 | elif line.startswith('%files'): |
124 | python_spec_file.extend([ | |
125 | '%package -n %{name}-tools', | |
126 | 'Requires: {0:s}-artifacts >= %{{version}}'.format( | |
127 | python_package), | |
128 | 'Summary: Tools for {0:s}'.format(summary), | |
129 | '', | |
130 | '%description -n %{name}-tools']) | |
131 | ||
132 | python_spec_file.extend(description) | |
133 | ||
123 | 134 | lines = [ |
124 | 135 | '%files -n %{name}-data', |
125 | 136 | '%defattr(644,root,root,755)', |
138 | 149 | '%{python3_sitelib}/artifacts*.egg-info/*', |
139 | 150 | '', |
140 | 151 | '%exclude %{_prefix}/share/doc/*', |
141 | '%exclude %{python3_sitelib}/artifacts/__pycache__/*', | |
142 | '%exclude %{_bindir}/*.py']) | |
152 | '%exclude %{python3_sitelib}/artifacts/__pycache__/*']) | |
143 | 153 | |
144 | 154 | else: |
145 | 155 | lines.extend([ |
148 | 158 | '', |
149 | 159 | '%exclude %{_prefix}/share/doc/*', |
150 | 160 | '%exclude %{python2_sitelib}/artifacts/*.pyc', |
151 | '%exclude %{python2_sitelib}/artifacts/*.pyo', | |
152 | '%exclude %{_bindir}/*.py']) | |
161 | '%exclude %{python2_sitelib}/artifacts/*.pyo']) | |
153 | 162 | |
154 | 163 | python_spec_file.extend(lines) |
155 | 164 | break |
171 | 180 | python_spec_file.extend([ |
172 | 181 | 'Obsoletes: python-artifacts < %{version}', |
173 | 182 | 'Provides: python-artifacts = %{version}']) |
183 | python_summary = 'Python 2 module of {0:s}'.format(summary) | |
184 | else: | |
185 | python_summary = 'Python 3 module of {0:s}'.format(summary) | |
174 | 186 | |
175 | 187 | python_spec_file.extend([ |
176 | 'Requires: %{{name}}-data, {0:s}'.format(requires), | |
177 | '{0:s}'.format(summary), | |
188 | 'Requires: artifacts-data >= %{{version}} {0:s}'.format( | |
189 | requires), | |
190 | 'Summary: {0:s}'.format(python_summary), | |
178 | 191 | '', |
179 | 192 | '%description -n {0:s}-%{{name}}'.format(python_package)]) |
180 | 193 | |
188 | 201 | description.append(line) |
189 | 202 | |
190 | 203 | python_spec_file.append(line) |
204 | ||
205 | python_spec_file.extend([ | |
206 | '', | |
207 | '%files -n %{name}-tools', | |
208 | '%{_bindir}/*.py']) | |
191 | 209 | |
192 | 210 | return python_spec_file |
193 | 211 |
0 | 0 | # -*- coding: utf-8 -*- |
1 | 1 | """Tests for the artifact definitions readers.""" |
2 | ||
3 | from __future__ import unicode_literals | |
2 | 4 | |
3 | 5 | import io |
4 | 6 | import unittest |
13 | 15 | |
14 | 16 | class YamlArtifactsReaderTest(test_lib.BaseTestCase): |
15 | 17 | """YAML artifacts reader tests.""" |
18 | ||
19 | _DEFINITION_INVALID_LABELS = """\ | |
20 | name: BadLabel | |
21 | doc: badlabel. | |
22 | sources: | |
23 | - type: ARTIFACT_GROUP | |
24 | attributes: | |
25 | names: | |
26 | - 'SystemEventLogEvtx' | |
27 | labels: Logs | |
28 | supported_os: [Windows] | |
29 | """ | |
30 | ||
31 | _DEFINITION_INVALID_SUPPORTED_OS_1 = """\ | |
32 | name: BadSupportedOS | |
33 | doc: supported_os should be an array of strings. | |
34 | sources: | |
35 | - type: ARTIFACT_GROUP | |
36 | attributes: | |
37 | names: | |
38 | - 'SystemEventLogEvtx' | |
39 | labels: [Logs] | |
40 | supported_os: Windows | |
41 | """ | |
42 | ||
43 | _DEFINITION_INVALID_SUPPORTED_OS_2 = """\ | |
44 | name: BadTopSupportedOS | |
45 | doc: Top supported_os should match supported_os from sources. | |
46 | sources: | |
47 | - type: ARTIFACT_GROUP | |
48 | attributes: | |
49 | names: | |
50 | - 'SystemEventLogEvtx' | |
51 | supported_os: [Windows] | |
52 | labels: [Logs] | |
53 | """ | |
54 | ||
55 | _DEFINITION_INVALID_URLS = """\ | |
56 | name: BadUrls | |
57 | doc: badurls. | |
58 | sources: | |
59 | - type: ARTIFACT_GROUP | |
60 | attributes: | |
61 | names: | |
62 | - 'SystemEventLogEvtx' | |
63 | supported_os: [Windows] | |
64 | urls: 'http://example.com' | |
65 | """ | |
66 | ||
67 | _DEFINITION_WITH_EXTRA_KEY = """\ | |
68 | name: WithExtraKey | |
69 | doc: definition with extra_key | |
70 | sources: | |
71 | - type: ARTIFACT_GROUP | |
72 | attributes: | |
73 | names: | |
74 | - 'SystemEventLogEvtx' | |
75 | extra_key: 'wrong' | |
76 | labels: [Logs] | |
77 | supported_os: [Windows] | |
78 | """ | |
79 | ||
80 | _DEFINITION_WITH_RETURN_TYPES = """\ | |
81 | name: WithReturnTypes | |
82 | doc: definition with return_types | |
83 | sources: | |
84 | - type: ARTIFACT_GROUP | |
85 | attributes: | |
86 | names: [WindowsRunKeys, WindowsServices] | |
87 | returned_types: [PersistenceFile] | |
88 | """ | |
89 | ||
90 | _DEFINITION_WITHOUT_DOC = """\ | |
91 | name: NoDoc | |
92 | sources: | |
93 | - type: ARTIFACT_GROUP | |
94 | attributes: | |
95 | names: | |
96 | - 'SystemEventLogEvtx' | |
97 | """ | |
98 | ||
99 | _DEFINITION_WITHOUT_NAME = """\ | |
100 | name: NoNames | |
101 | doc: Missing names attr. | |
102 | sources: | |
103 | - type: ARTIFACT_GROUP | |
104 | attributes: | |
105 | - 'SystemEventLogEvtx' | |
106 | """ | |
107 | ||
108 | _DEFINITION_WITHOUT_SOURCES = """\ | |
109 | name: BadSources | |
110 | doc: must have one sources. | |
111 | labels: [Logs] | |
112 | supported_os: [Windows] | |
113 | """ | |
16 | 114 | |
17 | 115 | @test_lib.skipUnlessHasTestFile(['definitions.yaml']) |
18 | 116 | def testReadFileObject(self): |
146 | 244 | self.assertEqual( |
147 | 245 | collector_definition.type_indicator, definitions.TYPE_INDICATOR_COMMAND) |
148 | 246 | |
149 | def testBadKey(self): | |
150 | """Tests if top level keys are correct.""" | |
151 | artifact_reader = reader.YamlArtifactsReader() | |
247 | def testReadFileObjectInvalidLabels(self): | |
248 | """Tests the ReadFileObject function on an invalid labels.""" | |
249 | artifact_reader = reader.YamlArtifactsReader() | |
250 | ||
251 | file_object = io.StringIO(initial_value=self._DEFINITION_INVALID_LABELS) | |
252 | with self.assertRaises(errors.FormatError): | |
253 | _ = list(artifact_reader.ReadFileObject(file_object)) | |
254 | ||
255 | def testReadFileObjectInvalidSupportedOS(self): | |
256 | """Tests the ReadFileObject function on an invalid supported_os.""" | |
257 | artifact_reader = reader.YamlArtifactsReader() | |
258 | ||
152 | 259 | file_object = io.StringIO( |
153 | initial_value=u"""name: BadKey | |
154 | doc: bad extra key. | |
155 | sources: | |
156 | - type: ARTIFACT_GROUP | |
157 | attributes: | |
158 | names: | |
159 | - 'SystemEventLogEvtx' | |
160 | extra_key: 'wrong' | |
161 | labels: [Logs] | |
162 | supported_os: [Windows] | |
163 | """) | |
164 | ||
165 | with self.assertRaises(errors.FormatError): | |
166 | _ = list(artifact_reader.ReadFileObject(file_object)) | |
167 | ||
168 | def testMissingSources(self): | |
169 | """Tests if sources is present.""" | |
170 | artifact_reader = reader.YamlArtifactsReader() | |
260 | initial_value=self._DEFINITION_INVALID_SUPPORTED_OS_1) | |
261 | with self.assertRaises(errors.FormatError): | |
262 | _ = list(artifact_reader.ReadFileObject(file_object)) | |
263 | ||
171 | 264 | file_object = io.StringIO( |
172 | initial_value=u"""name: BadSources | |
173 | doc: must have one sources. | |
174 | labels: [Logs] | |
175 | supported_os: [Windows] | |
176 | """) | |
177 | ||
178 | with self.assertRaises(errors.FormatError): | |
179 | _ = list(artifact_reader.ReadFileObject(file_object)) | |
180 | ||
181 | def testBadSupportedOS(self): | |
182 | """Tests if supported_os is checked correctly.""" | |
183 | artifact_reader = reader.YamlArtifactsReader() | |
184 | file_object = io.StringIO( | |
185 | initial_value=u"""name: BadSupportedOS | |
186 | doc: supported_os should be an array of strings. | |
187 | sources: | |
188 | - type: ARTIFACT_GROUP | |
189 | attributes: | |
190 | names: | |
191 | - 'SystemEventLogEvtx' | |
192 | labels: [Logs] | |
193 | supported_os: Windows | |
194 | """) | |
195 | ||
196 | with self.assertRaises(errors.FormatError): | |
197 | _ = list(artifact_reader.ReadFileObject(file_object)) | |
198 | ||
199 | def testBadTopSupportedOS(self): | |
200 | """Tests if top level supported_os is checked correctly.""" | |
201 | artifact_reader = reader.YamlArtifactsReader() | |
202 | file_object = io.StringIO( | |
203 | initial_value=u"""name: BadTopSupportedOS | |
204 | doc: Top supported_os should match supported_os from sources. | |
205 | sources: | |
206 | - type: ARTIFACT_GROUP | |
207 | attributes: | |
208 | names: | |
209 | - 'SystemEventLogEvtx' | |
210 | supported_os: [Windows] | |
211 | labels: [Logs] | |
212 | """) | |
213 | ||
214 | with self.assertRaises(errors.FormatError): | |
215 | _ = list(artifact_reader.ReadFileObject(file_object)) | |
216 | ||
217 | def testBadLabels(self): | |
218 | """Tests if labels is checked correctly.""" | |
219 | artifact_reader = reader.YamlArtifactsReader() | |
220 | file_object = io.StringIO( | |
221 | initial_value=u"""name: BadLabel | |
222 | doc: badlabel. | |
223 | sources: | |
224 | - type: ARTIFACT_GROUP | |
225 | attributes: | |
226 | names: | |
227 | - 'SystemEventLogEvtx' | |
228 | labels: Logs | |
229 | supported_os: [Windows] | |
230 | """) | |
231 | ||
232 | with self.assertRaises(errors.FormatError): | |
233 | _ = list(artifact_reader.ReadFileObject(file_object)) | |
234 | ||
235 | def testMissingDoc(self): | |
236 | """Tests if doc is required.""" | |
237 | artifact_reader = reader.YamlArtifactsReader() | |
238 | file_object = io.StringIO( | |
239 | initial_value=u"""name: NoDoc | |
240 | sources: | |
241 | - type: ARTIFACT_GROUP | |
242 | attributes: | |
243 | names: | |
244 | - 'SystemEventLogEvtx' | |
245 | """) | |
246 | ||
247 | with self.assertRaises(errors.FormatError): | |
248 | _ = list(artifact_reader.ReadFileObject(file_object)) | |
249 | ||
250 | def testMissingNamesAttribute(self): | |
251 | """Tests if missing attribute names are checked correctly.""" | |
252 | artifact_reader = reader.YamlArtifactsReader() | |
253 | file_object = io.StringIO( | |
254 | initial_value=u"""name: NoNames | |
255 | doc: Missing names attr. | |
256 | sources: | |
257 | - type: ARTIFACT_GROUP | |
258 | attributes: | |
259 | - 'SystemEventLogEvtx' | |
260 | """) | |
261 | ||
265 | initial_value=self._DEFINITION_INVALID_SUPPORTED_OS_2) | |
266 | with self.assertRaises(errors.FormatError): | |
267 | _ = list(artifact_reader.ReadFileObject(file_object)) | |
268 | ||
269 | def testReadFileObjectInvalidURLs(self): | |
270 | """Tests the ReadFileObject function on an invalid urls.""" | |
271 | artifact_reader = reader.YamlArtifactsReader() | |
272 | ||
273 | file_object = io.StringIO(initial_value=self._DEFINITION_INVALID_URLS) | |
274 | with self.assertRaises(errors.FormatError): | |
275 | _ = list(artifact_reader.ReadFileObject(file_object)) | |
276 | ||
277 | def testReadFileObjectWithExtraKey(self): | |
278 | """Tests the ReadFileObject function on a definition with extra key.""" | |
279 | artifact_reader = reader.YamlArtifactsReader() | |
280 | ||
281 | file_object = io.StringIO(initial_value=self._DEFINITION_WITH_EXTRA_KEY) | |
282 | with self.assertRaises(errors.FormatError): | |
283 | _ = list(artifact_reader.ReadFileObject(file_object)) | |
284 | ||
285 | def testReadFileObjectWithReturnTypes(self): | |
286 | """Tests the ReadFileObject function on a definition with return types.""" | |
287 | artifact_reader = reader.YamlArtifactsReader() | |
288 | ||
289 | file_object = io.StringIO(initial_value=self._DEFINITION_WITH_RETURN_TYPES) | |
290 | with self.assertRaises(errors.FormatError): | |
291 | _ = list(artifact_reader.ReadFileObject(file_object)) | |
292 | ||
293 | def testReadFileObjectWithoutDoc(self): | |
294 | """Tests the ReadFileObject function on a definition without doc.""" | |
295 | artifact_reader = reader.YamlArtifactsReader() | |
296 | ||
297 | file_object = io.StringIO(initial_value=self._DEFINITION_WITHOUT_DOC) | |
298 | with self.assertRaises(errors.FormatError): | |
299 | _ = list(artifact_reader.ReadFileObject(file_object)) | |
300 | ||
301 | def testReadFileObjectWithoutName(self): | |
302 | """Tests the ReadFileObject function on a definition without name.""" | |
303 | artifact_reader = reader.YamlArtifactsReader() | |
304 | ||
305 | file_object = io.StringIO(initial_value=self._DEFINITION_WITHOUT_NAME) | |
306 | with self.assertRaises(errors.FormatError): | |
307 | _ = list(artifact_reader.ReadFileObject(file_object)) | |
308 | ||
309 | def testReadFileObjectWithoutSources(self): | |
310 | """Tests the ReadFileObject function on a definition without sources.""" | |
311 | artifact_reader = reader.YamlArtifactsReader() | |
312 | ||
313 | file_object = io.StringIO(initial_value=self._DEFINITION_WITHOUT_SOURCES) | |
262 | 314 | with self.assertRaises(errors.FormatError): |
263 | 315 | _ = list(artifact_reader.ReadFileObject(file_object)) |
264 | 316 | |
269 | 321 | test_file = self._GetTestFilePath(['definitions.yaml']) |
270 | 322 | |
271 | 323 | artifact_definitions = list(artifact_reader.ReadFile(test_file)) |
272 | ||
273 | 324 | self.assertEqual(len(artifact_definitions), 7) |
274 | 325 | |
275 | 326 | def testReadDirectory(self): |
278 | 329 | test_file = self._GetTestFilePath(['.']) |
279 | 330 | |
280 | 331 | artifact_definitions = list(artifact_reader.ReadDirectory(test_file)) |
281 | ||
282 | 332 | self.assertEqual(len(artifact_definitions), 7) |
283 | 333 | |
284 | 334 | @test_lib.skipUnlessHasTestFile(['definitions.yaml']) |
304 | 354 | try: |
305 | 355 | artifact_definition = artifact.AsDict() |
306 | 356 | except errors.FormatError: |
307 | error_location = u'At start' | |
357 | error_location = 'At start' | |
308 | 358 | if last_artifact_definition: |
309 | error_location = u'After: {0}'.format(last_artifact_definition.name) | |
310 | self.fail(u'{0} failed to convert to dict'.format(error_location)) | |
359 | error_location = 'After: {0}'.format(last_artifact_definition.name) | |
360 | self.fail('{0} failed to convert to dict'.format(error_location)) | |
311 | 361 | last_artifact_definition = artifact_definition |
312 | 362 | |
313 | 363 |
0 | 0 | # -*- coding: utf-8 -*- |
1 | 1 | """Tests for the artifact definitions registry.""" |
2 | ||
3 | from __future__ import unicode_literals | |
2 | 4 | |
3 | 5 | import io |
4 | 6 | import unittest |
14 | 16 | class TestSourceType(source_type.SourceType): |
15 | 17 | """Class that implements a test source type.""" |
16 | 18 | |
17 | TYPE_INDICATOR = u'test' | |
19 | TYPE_INDICATOR = 'test' | |
18 | 20 | |
19 | 21 | def __init__(self, test=None): |
20 | 22 | """Initializes the source type object. |
26 | 28 | FormatError: when test is not set. |
27 | 29 | """ |
28 | 30 | if not test: |
29 | raise errors.FormatError(u'Missing test value.') | |
31 | raise errors.FormatError('Missing test value.') | |
30 | 32 | |
31 | 33 | super(TestSourceType, self).__init__() |
32 | 34 | self.test = test |
37 | 39 | Returns: |
38 | 40 | dict[str, str]: source type attributes. |
39 | 41 | """ |
40 | return {u'test': self.test} | |
42 | return {'test': self.test} | |
41 | 43 | |
42 | 44 | |
43 | 45 | class ArtifactDefinitionsRegistryTest(test_lib.BaseTestCase): |
59 | 61 | # Make sure the test file got turned into artifacts. |
60 | 62 | self.assertEqual(len(artifact_registry.GetDefinitions()), 7) |
61 | 63 | |
62 | artifact_definition = artifact_registry.GetDefinitionByName(u'EventLogs') | |
64 | artifact_definition = artifact_registry.GetDefinitionByName('EventLogs') | |
63 | 65 | self.assertIsNotNone(artifact_definition) |
64 | 66 | |
65 | 67 | # Try to register something already registered |
76 | 78 | self.assertEqual(len(artifact_registry.GetDefinitions()), 6) |
77 | 79 | |
78 | 80 | test_artifact_definition = artifact_registry.GetDefinitionByName( |
79 | u'SecurityEventLogEvtx') | |
81 | 'SecurityEventLogEvtx') | |
80 | 82 | self.assertIsNotNone(test_artifact_definition) |
81 | 83 | |
82 | self.assertEqual(test_artifact_definition.name, u'SecurityEventLogEvtx') | |
84 | self.assertEqual(test_artifact_definition.name, 'SecurityEventLogEvtx') | |
83 | 85 | |
84 | 86 | expected_description = ( |
85 | u'Windows Security Event log for Vista or later systems.') | |
87 | 'Windows Security Event log for Vista or later systems.') | |
86 | 88 | self.assertEqual(test_artifact_definition.description, expected_description) |
87 | 89 | |
88 | 90 | bad_args = io.BytesIO( |
132 | 134 | registry.ArtifactDefinitionsRegistry.RegisterSourceTypes([TestSourceType]) |
133 | 135 | |
134 | 136 | source_object = registry.ArtifactDefinitionsRegistry.CreateSourceType( |
135 | u'test', {u'test': u'test123'}) | |
137 | 'test', {'test': 'test123'}) | |
136 | 138 | |
137 | 139 | self.assertIsNotNone(source_object) |
138 | self.assertEqual(source_object.test, u'test123') | |
140 | self.assertEqual(source_object.test, 'test123') | |
139 | 141 | |
140 | 142 | with self.assertRaises(errors.FormatError): |
141 | 143 | source_object = registry.ArtifactDefinitionsRegistry.CreateSourceType( |
142 | u'test', {}) | |
144 | 'test', {}) | |
143 | 145 | |
144 | 146 | with self.assertRaises(errors.FormatError): |
145 | 147 | source_object = registry.ArtifactDefinitionsRegistry.CreateSourceType( |
146 | u'bogus', {}) | |
148 | 'bogus', {}) | |
147 | 149 | |
148 | 150 | registry.ArtifactDefinitionsRegistry.DeregisterSourceType(TestSourceType) |
149 | 151 |
0 | 0 | # -*- coding: utf-8 -*- |
1 | 1 | """Tests for the source type objects.""" |
2 | ||
3 | from __future__ import unicode_literals | |
2 | 4 | |
3 | 5 | import unittest |
4 | 6 | |
11 | 13 | class TestSourceType(source_type.SourceType): |
12 | 14 | """Class that implements a test source type.""" |
13 | 15 | |
14 | TYPE_INDICATOR = u'test' | |
16 | TYPE_INDICATOR = 'test' | |
15 | 17 | |
16 | 18 | def __init__(self, test=None): |
17 | 19 | """Initializes the source type object. |
23 | 25 | FormatError: when test is not set. |
24 | 26 | """ |
25 | 27 | if not test: |
26 | raise errors.FormatError(u'Missing test value.') | |
28 | raise errors.FormatError('Missing test value.') | |
27 | 29 | |
28 | 30 | super(TestSourceType, self).__init__() |
29 | 31 | self.test = test |
34 | 36 | Returns: |
35 | 37 | dict[str, str]: source type attributes. |
36 | 38 | """ |
37 | return {u'test': self.test} | |
39 | return {'test': self.test} | |
38 | 40 | |
39 | 41 | |
40 | 42 | class SourceTypeTest(test_lib.BaseTestCase): |
46 | 48 | |
47 | 49 | def testInitialize(self): |
48 | 50 | """Tests the __init__ function.""" |
49 | source_type.ArtifactGroupSourceType(names=[u'test']) | |
51 | source_type.ArtifactGroupSourceType(names=['test']) | |
50 | 52 | |
51 | 53 | |
52 | 54 | class FileSourceTypeTest(test_lib.BaseTestCase): |
54 | 56 | |
55 | 57 | def testInitialize(self): |
56 | 58 | """Tests the __init__ function.""" |
57 | source_type.FileSourceType(paths=[u'test']) | |
58 | source_type.FileSourceType(paths=[u'test'], separator=u'\\') | |
59 | source_type.FileSourceType(paths=['test']) | |
60 | source_type.FileSourceType(paths=['test'], separator='\\') | |
59 | 61 | |
60 | 62 | |
61 | 63 | class PathSourceTypeTest(test_lib.BaseTestCase): |
63 | 65 | |
64 | 66 | def testInitialize(self): |
65 | 67 | """Tests the __init__ function.""" |
66 | source_type.PathSourceType(paths=[u'test']) | |
67 | source_type.PathSourceType(paths=[u'test'], separator=u'\\') | |
68 | source_type.PathSourceType(paths=['test']) | |
69 | source_type.PathSourceType(paths=['test'], separator='\\') | |
68 | 70 | |
69 | 71 | |
70 | 72 | class WindowsRegistryKeySourceTypeTest(test_lib.BaseTestCase): |
72 | 74 | |
73 | 75 | def testInitialize(self): |
74 | 76 | """Tests the __init__ function.""" |
75 | source_type.WindowsRegistryKeySourceType(keys=[u'HKEY_LOCAL_MACHINE\\test']) | |
77 | source_type.WindowsRegistryKeySourceType(keys=['HKEY_LOCAL_MACHINE\\test']) | |
76 | 78 | |
77 | 79 | with self.assertRaises(errors.FormatError): |
78 | source_type.WindowsRegistryKeySourceType(keys=u'HKEY_LOCAL_MACHINE\\test') | |
80 | source_type.WindowsRegistryKeySourceType(keys='HKEY_LOCAL_MACHINE\\test') | |
79 | 81 | |
80 | 82 | |
81 | 83 | class WindowsRegistryValueSourceTypeTest(test_lib.BaseTestCase): |
83 | 85 | |
84 | 86 | def testInitialize(self): |
85 | 87 | """Tests the __init__ function.""" |
86 | key_value_pair = {'key': u'HKEY_LOCAL_MACHINE\\test', 'value': u'test'} | |
88 | key_value_pair = {'key': 'HKEY_LOCAL_MACHINE\\test', 'value': 'test'} | |
87 | 89 | source_type.WindowsRegistryValueSourceType(key_value_pairs=[key_value_pair]) |
88 | 90 | |
89 | key_value_pair = {'bad': u'test', 'value': u'test'} | |
91 | key_value_pair = {'bad': 'test', 'value': 'test'} | |
90 | 92 | with self.assertRaises(errors.FormatError): |
91 | 93 | source_type.WindowsRegistryValueSourceType( |
92 | 94 | key_value_pairs=[key_value_pair]) |
100 | 102 | |
101 | 103 | def testInitialize(self): |
102 | 104 | """Tests the __init__ function.""" |
103 | source_type.WMIQuerySourceType(query=u'test') | |
105 | source_type.WMIQuerySourceType(query='test') | |
104 | 106 | |
105 | 107 | |
106 | 108 | class SourceTypeFactoryTest(test_lib.BaseTestCase): |
114 | 116 | source_type.SourceTypeFactory.RegisterSourceTypes([TestSourceType]) |
115 | 117 | |
116 | 118 | source_object = source_type.SourceTypeFactory.CreateSourceType( |
117 | u'test', {u'test': u'test123'}) | |
119 | 'test', {'test': 'test123'}) | |
118 | 120 | |
119 | 121 | self.assertIsNotNone(source_object) |
120 | self.assertEqual(source_object.test, u'test123') | |
122 | self.assertEqual(source_object.test, 'test123') | |
121 | 123 | |
122 | 124 | with self.assertRaises(errors.FormatError): |
123 | 125 | source_object = source_type.SourceTypeFactory.CreateSourceType( |
124 | u'test', {}) | |
126 | 'test', {}) | |
125 | 127 | |
126 | 128 | with self.assertRaises(errors.FormatError): |
127 | 129 | source_object = source_type.SourceTypeFactory.CreateSourceType( |
128 | u'bogus', {}) | |
130 | 'bogus', {}) | |
129 | 131 | |
130 | 132 | source_type.SourceTypeFactory.DeregisterSourceType(TestSourceType) |
131 | 133 |
0 | """Enforce code style.""" | |
1 | ||
2 | import subprocess | |
3 | import unittest | |
4 | ||
5 | from artifacts import errors | |
6 | ||
7 | from tests import test_lib | |
8 | ||
9 | ||
10 | class StyleTest(test_lib.BaseTestCase): | |
11 | """Enforce code style requirements.""" | |
12 | ||
13 | @unittest.skip('yapf deployment need to be fixed') | |
14 | def testCodeStyle(self): | |
15 | """Check yapf style enforcement runs cleanly.""" | |
16 | try: | |
17 | subprocess.check_output( | |
18 | ['yapf', '--diff', '-r', 'artifacts tools', 'artifacts', 'tests']) | |
19 | except subprocess.CalledProcessError as exception: | |
20 | if hasattr(exception, 'output'): | |
21 | raise errors.CodeStyleError( | |
22 | 'Run "yapf -i -r artifacts tools/ artifacts/ tests/" to correct ' | |
23 | 'these problems: {0}'.format(exception.output)) | |
24 | raise | |
25 | ||
26 | ||
27 | if __name__ == '__main__': | |
28 | unittest.main() |
0 | 0 | # -*- coding: utf-8 -*- |
1 | 1 | """Shared functions and classes for testing.""" |
2 | ||
3 | from __future__ import unicode_literals | |
2 | 4 | |
3 | 5 | import os |
4 | 6 | import shutil |
17 | 19 | function: to invoke. |
18 | 20 | """ |
19 | 21 | fail_unless_has_test_file = getattr( |
20 | unittest, u'fail_unless_has_test_file', False) | |
22 | unittest, 'fail_unless_has_test_file', False) | |
21 | 23 | |
22 | path = os.path.join(u'test_data', *path_segments) | |
24 | path = os.path.join('test_data', *path_segments) | |
23 | 25 | if fail_unless_has_test_file or os.path.exists(path): |
24 | 26 | return lambda function: function |
25 | 27 | |
26 | 28 | if sys.version_info[0] < 3: |
27 | path = path.encode(u'utf-8') | |
29 | path = path.encode('utf-8') | |
28 | 30 | |
29 | 31 | # Note that the message should be of type str which is different for |
30 | 32 | # different versions of Python. |
42 | 44 | """ |
43 | 45 | # Note that we need to pass the individual path segments to os.path.join |
44 | 46 | # and not a list. |
45 | return os.path.join(os.getcwd(), u'test_data', *path_segments) | |
47 | return os.path.join(os.getcwd(), 'test_data', *path_segments) | |
46 | 48 | |
47 | 49 | |
48 | 50 | class BaseTestCase(unittest.TestCase): |
49 | 51 | """The base test case.""" |
50 | 52 | |
51 | _DATA_PATH = os.path.join(os.getcwd(), u'data') | |
52 | _TEST_DATA_PATH = os.path.join(os.getcwd(), u'test_data') | |
53 | _DATA_PATH = os.path.join(os.getcwd(), 'data') | |
54 | _TEST_DATA_PATH = os.path.join(os.getcwd(), 'test_data') | |
53 | 55 | |
54 | 56 | # Show full diff results, part of TestCase so does not follow our naming |
55 | 57 | # conventions. |
75 | 77 | def __init__(self): |
76 | 78 | """Initializes a temporary directory.""" |
77 | 79 | super(TempDirectory, self).__init__() |
78 | self.name = u'' | |
80 | self.name = '' | |
79 | 81 | |
80 | 82 | def __enter__(self): |
81 | 83 | """Make this work with the 'with' statement.""" |
0 | 0 | #!/usr/bin/env python |
1 | 1 | # -*- coding: utf-8 -*- |
2 | 2 | """Tests for the artifact definitions validator.""" |
3 | ||
4 | from __future__ import unicode_literals | |
3 | 5 | |
4 | 6 | import glob |
5 | 7 | import os |
0 | 0 | # -*- coding: utf-8 -*- |
1 | 1 | """Tests for the artifact definitions readers.""" |
2 | ||
3 | from __future__ import unicode_literals | |
2 | 4 | |
3 | 5 | import os |
4 | 6 | import unittest |
19 | 19 | """Artifact definitions validator.""" |
20 | 20 | |
21 | 21 | LEGACY_PATH = os.path.join('data', 'legacy.yaml') |
22 | ||
23 | _MACOS_PRIVATE_SUB_PATHS = ('etc', 'tftpboot', 'tmp', 'var') | |
22 | 24 | |
23 | 25 | def __init__(self): |
24 | 26 | """Initializes an artifact definitions validator.""" |
48 | 50 | '%%CURRENT_CONTROL_SET%%. Replace %%CURRENT_CONTROL_SET%% with ' |
49 | 51 | 'HKEY_LOCAL_MACHINE\\System\\CurrentControlSet').format( |
50 | 52 | artifact_definition.name, filename)) |
53 | ||
54 | return result | |
55 | ||
56 | def _CheckMacOSPaths(self, filename, artifact_definition, source, paths): | |
57 | """Checks if the paths are valid MacOS paths. | |
58 | ||
59 | Args: | |
60 | filename (str): name of the artifacts definition file. | |
61 | artifact_definition (ArtifactDefinition): artifact definition. | |
62 | source (SourceType): source definition. | |
63 | paths (list[str]): paths to validate. | |
64 | ||
65 | Returns: | |
66 | bool: True if the MacOS paths is valid. | |
67 | """ | |
68 | result = True | |
69 | ||
70 | paths_with_private = [] | |
71 | paths_with_symbolic_link_to_private = [] | |
72 | ||
73 | for path in paths: | |
74 | path_lower = path.lower() | |
75 | path_segments = path_lower.split(source.separator) | |
76 | if not path_segments: | |
77 | logging.warning(( | |
78 | 'Empty path defined by artifact definition: {0:s} in file: ' | |
79 | '{1:s}').format(artifact_definition.name, filename)) | |
80 | result = False | |
81 | ||
82 | elif len(path_segments) == 1: | |
83 | continue | |
84 | ||
85 | elif path_segments[1] in self._MACOS_PRIVATE_SUB_PATHS: | |
86 | paths_with_symbolic_link_to_private.append(path) | |
87 | ||
88 | elif path_segments[1] == 'private' and len(path_segments) >= 2: | |
89 | if path_segments[2] in self._MACOS_PRIVATE_SUB_PATHS: | |
90 | paths_with_private.append(path) | |
91 | ||
92 | else: | |
93 | logging.warning(( | |
94 | 'Unsupported private path: {0:s} defined by artifact definition: ' | |
95 | '{1:s} in file: {2:s}').format( | |
96 | path, artifact_definition.name, filename)) | |
97 | result = False | |
98 | ||
99 | for private_path in paths_with_private: | |
100 | if private_path[8:] not in paths_with_symbolic_link_to_private: | |
101 | logging.warning(( | |
102 | 'Missing symbolic link: {0:s} for path: {1:s} defined by artifact ' | |
103 | 'definition: {2:s} in file: {3:s}').format( | |
104 | private_path[8:], private_path, artifact_definition.name, | |
105 | filename)) | |
106 | result = False | |
107 | ||
108 | for path in paths_with_symbolic_link_to_private: | |
109 | private_path = '/private{0:s}'.format(path) | |
110 | if private_path not in paths_with_private: | |
111 | logging.warning(( | |
112 | 'Missing path: {0:s} for symbolic link: {1:s} defined by artifact ' | |
113 | 'definition: {2:s} in file: {3:s}').format( | |
114 | private_path, path, artifact_definition.name, filename)) | |
115 | result = False | |
116 | ||
117 | return result | |
118 | ||
119 | def _CheckWindowsPath(self, filename, artifact_definition, source, path): | |
120 | """Checks if a path is a valid Windows path. | |
121 | ||
122 | Args: | |
123 | filename (str): name of the artifacts definition file. | |
124 | artifact_definition (ArtifactDefinition): artifact definition. | |
125 | source (SourceType): source definition. | |
126 | path (str): path to validate. | |
127 | ||
128 | Returns: | |
129 | bool: True if the Windows path is valid. | |
130 | """ | |
131 | result = True | |
132 | ||
133 | number_of_forward_slashes = path.count('/') | |
134 | number_of_backslashes = path.count('\\') | |
135 | if (number_of_forward_slashes < number_of_backslashes and | |
136 | source.separator != '\\'): | |
137 | logging.warning(( | |
138 | 'Incorrect path separator: {0:s} in path: {1:s} defined ' | |
139 | 'by artifact definition: {2:s} in file: {3:s}').format( | |
140 | source.separator, path, artifact_definition.name, | |
141 | filename)) | |
142 | result = False | |
143 | ||
144 | if source.separator != '\\': | |
145 | return result | |
146 | ||
147 | path_lower = path.lower() | |
148 | path_segments = path_lower.split(source.separator) | |
149 | if not path_segments: | |
150 | logging.warning(( | |
151 | 'Empty path defined by artifact definition: {0:s} in file: ' | |
152 | '{1:s}').format(artifact_definition.name, filename)) | |
153 | result = False | |
154 | ||
155 | elif path_segments[0].startswith('%%users.') and path_segments[0] not in ( | |
156 | '%%users.appdata%%', '%%users.homedir%%', '%%users.localappdata%%', | |
157 | '%%users.temp%%', '%%users.username%%', '%%users.userprofile%%'): | |
158 | logging.warning(( | |
159 | 'Unsupported "{0:s}" in path: {1:s} defined by artifact ' | |
160 | 'definition: {2:s} in file: {3:s}').format( | |
161 | path_segments[0], path, artifact_definition.name, filename)) | |
162 | result = False | |
163 | ||
164 | elif path_segments[0] == '%%users.homedir%%': | |
165 | logging.warning(( | |
166 | 'Replace "%%users.homedir%%" by "%%users.userprofile%%" in path: ' | |
167 | '{0:s} defined by artifact definition: {1:s} in file: ' | |
168 | '{2:s}').format(path, artifact_definition.name, filename)) | |
169 | result = False | |
170 | ||
171 | elif path_lower.startswith('%%users.userprofile%%\\appdata\\local\\'): | |
172 | logging.warning(( | |
173 | 'Replace "%%users.userprofile%%\\AppData\\Local" by ' | |
174 | '"%%users.localappdata%%" in path: {0:s} defined by artifact ' | |
175 | 'definition: {1:s} in file: {2:s}').format( | |
176 | path, artifact_definition.name, filename)) | |
177 | result = False | |
178 | ||
179 | elif path_lower.startswith('%%users.userprofile%%\\appdata\\roaming\\'): | |
180 | logging.warning(( | |
181 | 'Replace "%%users.userprofile%%\\AppData\\Roaming" by ' | |
182 | '"%%users.appdata%%" in path: {0:s} defined by artifact ' | |
183 | 'definition: {1:s} in file: {2:s}').format( | |
184 | path, artifact_definition.name, filename)) | |
185 | result = False | |
186 | ||
187 | elif path_lower.startswith('%%users.userprofile%%\\application data\\'): | |
188 | logging.warning(( | |
189 | 'Replace "%%users.userprofile%%\\Application Data" by ' | |
190 | '"%%users.appdata%%" in path: {0:s} defined by artifact ' | |
191 | 'definition: {1:s} in file: {2:s}').format( | |
192 | path, artifact_definition.name, filename)) | |
193 | result = False | |
194 | ||
195 | elif path_lower.startswith( | |
196 | '%%users.userprofile%%\\local settings\\application data\\'): | |
197 | logging.warning(( | |
198 | 'Replace "%%users.userprofile%%\\Local Settings\\Application Data" ' | |
199 | 'by "%%users.localappdata%%" in path: {0:s} defined by artifact ' | |
200 | 'definition: {1:s} in file: {2:s}').format( | |
201 | path, artifact_definition.name, filename)) | |
202 | result = False | |
51 | 203 | |
52 | 204 | return result |
53 | 205 | |
103 | 255 | artifact_definition.name, filename)) |
104 | 256 | result = False |
105 | 257 | |
258 | artifact_definition_supports_macos = ( | |
259 | definitions.SUPPORTED_OS_DARWIN in ( | |
260 | artifact_definition.supported_os)) | |
261 | artifact_definition_supports_windows = ( | |
262 | definitions.SUPPORTED_OS_WINDOWS in ( | |
263 | artifact_definition.supported_os)) | |
264 | ||
106 | 265 | for source in artifact_definition.sources: |
107 | 266 | if source.type_indicator in ( |
108 | 267 | definitions.TYPE_INDICATOR_FILE, definitions.TYPE_INDICATOR_PATH): |
109 | if definitions.SUPPORTED_OS_WINDOWS in source.supported_os: | |
268 | ||
269 | if (definitions.SUPPORTED_OS_DARWIN in source.supported_os or ( | |
270 | artifact_definition_supports_macos and | |
271 | not source.supported_os)): | |
272 | if not self._CheckMacOSPaths( | |
273 | filename, artifact_definition, source, source.paths): | |
274 | result = False | |
275 | ||
276 | elif (artifact_definition_supports_windows or | |
277 | definitions.SUPPORTED_OS_WINDOWS in source.supported_os): | |
110 | 278 | for path in source.paths: |
111 | number_of_forward_slashes = path.count('/') | |
112 | number_of_backslashes = path.count('\\') | |
113 | if (number_of_forward_slashes < number_of_backslashes and | |
114 | source.separator != '\\'): | |
115 | logging.warning(( | |
116 | 'Incorrect path separator: {0:s} in path: {1:s} defined ' | |
117 | 'by artifact definition: {2:s} in file: {3:s}').format( | |
118 | source.separator, path, artifact_definition.name, | |
119 | filename)) | |
279 | if not self._CheckWindowsPath( | |
280 | filename, artifact_definition, source, path): | |
120 | 281 | result = False |
121 | 282 | |
122 | 283 | elif source.type_indicator == ( |
5 | 5 | setenv = |
6 | 6 | PYTHONPATH = {toxinidir} |
7 | 7 | deps = |
8 | funcsigs ; python_version < '3.0' | |
9 | mock | |
10 | pbr | |
11 | six | |
12 | pytest | |
13 | yapf | |
14 | 8 | -rrequirements.txt |
9 | -rtest_requirements.txt | |
15 | 10 | commands = |
16 | 11 | ./run_tests.py |
17 | 12 | |
20 | 15 | setenv = |
21 | 16 | PYTHONPATH = {toxinidir} |
22 | 17 | deps = |
18 | -rrequirements.txt | |
19 | -rtest_requirements.txt | |
23 | 20 | coverage |
24 | funcsigs ; python_version < '3.0' | |
25 | mock | |
26 | pbr | |
27 | six | |
28 | pytest | |
29 | yapf | |
30 | -rrequirements.txt | |
31 | 21 | commands = |
32 | 22 | coverage erase |
33 | 23 | coverage run --source=artifacts --omit="*_test*,*__init__*,*test_lib*" run_tests.py |