Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
return self._link
# Note that the SleuthKit does not expose NTFS
# IO_REPARSE_TAG_MOUNT_POINT or IO_REPARSE_TAG_SYMLINK as a link.
link = getattr(self._tsk_file.info.meta, 'link', None)
if link is None:
return self._link
try:
# pytsk3 returns an UTF-8 encoded byte string without a leading
# path segment separator.
link = '{0:s}{1:s}'.format(
self._file_system.PATH_SEPARATOR, link.decode('utf8'))
except UnicodeError:
raise errors.BackEndError('pytsk3 returned a non UTF-8 formatted link.')
self._link = link
return self._link
Raises:
BackEndError: if pytsk3 returns a non UTF-8 formatted name.
"""
if self._name is None:
# If pytsk3.FS_Info.open() was used file.info has an attribute name
# (pytsk3.TSK_FS_FILE) that contains the name string. Otherwise the
# name from the path specification is used.
if getattr(self._tsk_file.info, 'name', None) is not None:
name = getattr(self._tsk_file.info.name, 'name', None)
try:
# pytsk3 returns an UTF-8 encoded byte string.
self._name = name.decode('utf8')
except UnicodeError:
raise errors.BackEndError(
'pytsk3 returned a non UTF-8 formatted name.')
else:
location = getattr(self.path_spec, 'location', None)
if location:
self._name = self._file_system.BasenamePath(location)
return self._name
"""
# Opening a file by MFT entry is faster than opening a file by location.
# However we need the index of the corresponding $FILE_NAME MFT attribute.
fsntfs_file_entry = None
location = getattr(path_spec, 'location', None)
mft_attribute = getattr(path_spec, 'mft_attribute', None)
mft_entry = getattr(path_spec, 'mft_entry', None)
try:
if mft_attribute is not None and mft_entry is not None:
fsntfs_file_entry = self._fsntfs_volume.get_file_entry(mft_entry)
elif location is not None:
fsntfs_file_entry = self._fsntfs_volume.get_file_entry_by_path(location)
except IOError as exception:
raise errors.BackEndError(exception)
return fsntfs_file_entry is not None
resolver.Resolver.key_chain.SetCredential(
path_spec, credential_identifier, credential_data)
if path_spec.type_indicator == definitions.TYPE_INDICATOR_APFS_CONTAINER:
# TODO: consider changes this when upstream changes have been made.
# Currently pyfsapfs does not support reading from a volume as a device.
# Also see: https://github.com/log2timeline/dfvfs/issues/332
container_file_entry = resolver.Resolver.OpenFileEntry(
path_spec, resolver_context=self._resolver_context)
fsapfs_volume = container_file_entry.GetAPFSVolume()
try:
is_locked = not apfs_helper.APFSUnlockVolume(
fsapfs_volume, path_spec, resolver.Resolver.key_chain)
except IOError as exception:
raise errors.BackEndError(
'Unable to unlock APFS volume with error: {0!s}'.format(exception))
else:
file_object = resolver.Resolver.OpenFileObject(
path_spec, resolver_context=self._resolver_context)
is_locked = not file_object or file_object.is_locked
file_object.close()
if not is_locked:
scan_context.UnlockScanNode(path_spec)
return not is_locked
Args:
source_path_spec (PathSpec): source path specification.
Returns:
PathSpec: storage media image path specification or None if no supported
storage media image type was found.
Raises:
BackEndError: if the source cannot be scanned or more than one storage
media image type is found.
"""
try:
type_indicators = analyzer.Analyzer.GetStorageMediaImageTypeIndicators(
source_path_spec, resolver_context=self._resolver_context)
except RuntimeError as exception:
raise errors.BackEndError((
'Unable to process source path specification with error: '
'{0!s}').format(exception))
if not type_indicators:
# The RAW storage media image type cannot be detected based on
# a signature so we try to detect it based on common file naming schemas.
file_system = resolver.Resolver.OpenFileSystem(
source_path_spec, resolver_context=self._resolver_context)
raw_path_spec = path_spec_factory.Factory.NewPathSpec(
definitions.TYPE_INDICATOR_RAW, parent=source_path_spec)
try:
# The RAW glob function will raise a PathSpecError if the path
# specification is unsuitable for globbing.
glob_results = raw.RawGlobPathSpec(file_system, raw_path_spec)
except errors.PathSpecError:
Args:
resolver_context (Context): resolver context.
file_system (FileSystem): file system.
path_spec (PathSpec): path specification.
is_root (Optional[bool]): True if the file entry is the root file entry
of the corresponding file system.
is_virtual (Optional[bool]): True if the file entry is a virtual file
Raises:
BackEndError: when the encoded stream is missing.
"""
encoded_stream = resolver.Resolver.OpenFileObject(
path_spec, resolver_context=resolver_context)
if not encoded_stream:
raise errors.BackEndError(
'Unable to open encoded stream: {0:s}.'.format(
self.path_spec.comparable))
super(EncodedStreamFileEntry, self).__init__(
resolver_context, file_system, path_spec, is_root=is_root,
is_virtual=is_virtual)
self._encoded_stream = encoded_stream
self.entry_type = definitions.FILE_ENTRY_TYPE_FILE
try:
type_indicators = analyzer.Analyzer.GetFileSystemTypeIndicators(
source_path_spec, resolver_context=self._resolver_context)
except RuntimeError as exception:
raise errors.BackEndError((
'Unable to process source path specification with error: '
'{0!s}').format(exception))
if not type_indicators:
return None
type_indicator = type_indicators[0]
if len(type_indicators) > 1:
if definitions.PREFERRED_NTFS_BACK_END not in type_indicators:
raise errors.BackEndError(
'Unsupported source found more than one file system types.')
type_indicator = definitions.PREFERRED_NTFS_BACK_END
# TODO: determine root location from file system or path specification.
if type_indicator == definitions.TYPE_INDICATOR_NTFS:
root_location = '\\'
else:
root_location = '/'
file_system_path_spec = path_spec_factory.Factory.NewPathSpec(
type_indicator, location=root_location, parent=source_path_spec)
if type_indicator == definitions.TYPE_INDICATOR_TSK:
# Check if the file system can be opened since the file system by
# signature detection results in false positives.
path_spec (PathSpec): path specification.
is_root (Optional[bool]): True if the file entry is the root file entry
of the corresponding file system.
is_virtual (Optional[bool]): True if the file entry is a virtual file
vslvm_logical_volume (Optional[pyvslvm.logical_volume]): a LVM logical
volume.
Raises:
BackEndError: when LVM logical volume is missing for a non-virtual file
entry.
"""
if not is_virtual and vslvm_logical_volume is None:
vslvm_logical_volume = file_system.GetLVMLogicalVolumeByPathSpec(
path_spec)
if not is_virtual and vslvm_logical_volume is None:
raise errors.BackEndError(
'Missing vslvm logical volume in non-virtual file entry.')
super(LVMFileEntry, self).__init__(
resolver_context, file_system, path_spec, is_root=is_root,
is_virtual=is_virtual)
self._name = None
self._vslvm_logical_volume = vslvm_logical_volume
if self._is_virtual:
self.entry_type = definitions.FILE_ENTRY_TYPE_DIRECTORY
else:
self.entry_type = definitions.FILE_ENTRY_TYPE_FILE
def _GetStat(self):
"""Retrieves the stat object.
Returns:
VFSStat: stat object.
Raises:
BackEndError: when the SQLite blob file-like object is missing.
"""
stat_object = super(SQLiteBlobFileEntry, self)._GetStat()
if not self._is_virtual:
file_object = self.GetFileObject()
if not file_object:
raise errors.BackEndError(
'Unable to retrieve SQLite blob file-like object.')
try:
stat_object.size = file_object.get_size()
finally:
file_object.close()
return stat_object
Args:
resolver_context (Context): resolver context.
file_system (FileSystem): file system.
path_spec (PathSpec): path specification.
is_root (Optional[bool]): True if the file entry is the root file entry
of the corresponding file system.
is_virtual (Optional[bool]): True if the file entry is a virtual file
Raises:
BackEndError: when the encrypted stream is missing.
"""
encrypted_stream = resolver.Resolver.OpenFileObject(
path_spec, resolver_context=resolver_context)
if not encrypted_stream:
raise errors.BackEndError(
'Unable to open encrypted stream: {0:s}.'.format(
self.path_spec.comparable))
super(EncryptedStreamFileEntry, self).__init__(
resolver_context, file_system, path_spec, is_root=is_root,
is_virtual=is_virtual)
self._encrypted_stream = encrypted_stream
self.entry_type = definitions.FILE_ENTRY_TYPE_FILE