Updated script to generate ext4 test file log2timeline#409 (log2timel…

…ine#566)
joachimmetz · May 5, 2021 · 7cb6a87 · 7cb6a87
1 parent 0778d3f
commit 7cb6a87
Show file tree

Hide file tree

Showing 3 changed files with 303 additions and 2 deletions.
diff --git a/test_data/ext4.raw b/test_data/ext4.raw
diff --git a/tests/vfs/ext_file_entry.py b/tests/vfs/ext_file_entry.py
@@ -16,8 +16,8 @@
 # TODO: add tests for EXTDirectory.
 
 
-class EXTFileEntryTest(shared_test_lib.BaseTestCase):
-  """Tests the EXT file entry."""
+class EXTFileEntryTestWithEXT2(shared_test_lib.BaseTestCase):
+  """Tests the EXT file entry on an ext2 image."""
 
   _INODE_A_DIRECTORY = 12
   _INODE_A_FILE = 13
@@ -301,5 +301,291 @@ def testGetDataStream(self):
     self.assertIsNotNone(data_stream)
 
 
+class EXTFileEntryTestWithEXT4(shared_test_lib.BaseTestCase):
+  """Tests the EXT file entry on an ext4 image."""
+
+  _INODE_A_DIRECTORY = 12
+  _INODE_A_FILE = 13
+  _INODE_A_LINK = 16
+  _INODE_ANOTHER_FILE = 15
+
+  def setUp(self):
+    """Sets up the needed objects used throughout the test."""
+    self._resolver_context = context.Context()
+    test_path = self._GetTestFilePath(['ext4.raw'])
+    self._SkipIfPathNotExists(test_path)
+
+    test_os_path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_OS, location=test_path)
+    self._raw_path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_RAW, parent=test_os_path_spec)
+    self._ext_path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, location='/',
+        parent=self._raw_path_spec)
+
+    self._file_system = ext_file_system.EXTFileSystem(
+        self._resolver_context, self._ext_path_spec)
+    self._file_system.Open()
+
+  def tearDown(self):
+    """Cleans up the needed objects used throughout the test."""
+    self._resolver_context.Empty()
+
+  def testInitialize(self):
+    """Tests the __init__ function."""
+    file_entry = ext_file_entry.EXTFileEntry(
+        self._resolver_context, self._file_system, self._ext_path_spec)
+
+    self.assertIsNotNone(file_entry)
+
+  def testAccessTime(self):
+    """Test the access_time property."""
+    test_location = '/a_directory/another_file'
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, inode=self._INODE_ANOTHER_FILE,
+        location=test_location, parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+
+    self.assertIsNotNone(file_entry)
+    self.assertIsNotNone(file_entry.access_time)
+
+  def testChangeTime(self):
+    """Test the change_time property."""
+    test_location = '/a_directory/another_file'
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, inode=self._INODE_ANOTHER_FILE,
+        location=test_location, parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+
+    self.assertIsNotNone(file_entry)
+    self.assertIsNotNone(file_entry.change_time)
+
+  def testCreationTime(self):
+    """Test the creation_time property."""
+    test_location = '/a_directory/another_file'
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, inode=self._INODE_ANOTHER_FILE,
+        location=test_location, parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+
+    self.assertIsNotNone(file_entry)
+    self.assertIsNotNone(file_entry.creation_time)
+
+  def testModificationTime(self):
+    """Test the modification_time property."""
+    test_location = '/a_directory/another_file'
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, inode=self._INODE_ANOTHER_FILE,
+        location=test_location, parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+
+    self.assertIsNotNone(file_entry)
+    self.assertIsNotNone(file_entry.modification_time)
+
+  def testGetFileEntryByPathSpec(self):
+    """Tests the GetFileEntryByPathSpec function."""
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, inode=self._INODE_A_FILE,
+        parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+
+    self.assertIsNotNone(file_entry)
+
+  def testGetLinkedFileEntry(self):
+    """Tests the GetLinkedFileEntry function."""
+    test_location = '/a_link'
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, inode=self._INODE_A_LINK,
+        location=test_location, parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+    self.assertIsNotNone(file_entry)
+
+    linked_file_entry = file_entry.GetLinkedFileEntry()
+
+    self.assertIsNotNone(linked_file_entry)
+
+    self.assertEqual(linked_file_entry.name, 'another_file')
+
+  def testGetParentFileEntry(self):
+    """Tests the GetParentFileEntry function."""
+    test_location = '/a_directory/another_file'
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, inode=self._INODE_ANOTHER_FILE,
+        location=test_location, parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+    self.assertIsNotNone(file_entry)
+
+    parent_file_entry = file_entry.GetParentFileEntry()
+
+    self.assertIsNotNone(parent_file_entry)
+
+    self.assertEqual(parent_file_entry.name, 'a_directory')
+
+  def testGetStat(self):
+    """Tests the GetStat function."""
+    test_location = '/a_directory/another_file'
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, inode=self._INODE_ANOTHER_FILE,
+        location=test_location, parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+    self.assertIsNotNone(file_entry)
+
+    stat_object = file_entry.GetStat()
+
+    self.assertIsNotNone(stat_object)
+    self.assertEqual(stat_object.type, stat_object.TYPE_FILE)
+    self.assertEqual(stat_object.size, 22)
+
+    self.assertEqual(stat_object.mode, 436)
+    self.assertEqual(stat_object.uid, 1000)
+    self.assertEqual(stat_object.gid, 1000)
+
+    self.assertEqual(stat_object.atime, 1620201706)
+    self.assertEqual(stat_object.atime_nano, 4539288)
+
+    self.assertEqual(stat_object.ctime, 1620201706)
+    self.assertEqual(stat_object.ctime_nano, 4549288)
+
+    self.assertEqual(stat_object.crtime, 1620201706)
+    self.assertEqual(stat_object.crtime_nano, 4539288)
+
+    self.assertEqual(stat_object.mtime, 1620201706)
+    self.assertEqual(stat_object.mtime_nano, 4549288)
+
+  def testIsFunctions(self):
+    """Tests the Is? functions."""
+    test_location = '/a_directory/another_file'
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, inode=self._INODE_ANOTHER_FILE,
+        location=test_location, parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+    self.assertIsNotNone(file_entry)
+
+    self.assertFalse(file_entry.IsRoot())
+    self.assertFalse(file_entry.IsVirtual())
+    self.assertTrue(file_entry.IsAllocated())
+
+    self.assertFalse(file_entry.IsDevice())
+    self.assertFalse(file_entry.IsDirectory())
+    self.assertTrue(file_entry.IsFile())
+    self.assertFalse(file_entry.IsLink())
+    self.assertFalse(file_entry.IsPipe())
+    self.assertFalse(file_entry.IsSocket())
+
+    test_location = '/a_directory'
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, inode=self._INODE_A_DIRECTORY,
+        location=test_location, parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+    self.assertIsNotNone(file_entry)
+
+    self.assertFalse(file_entry.IsRoot())
+    self.assertFalse(file_entry.IsVirtual())
+    self.assertTrue(file_entry.IsAllocated())
+
+    self.assertFalse(file_entry.IsDevice())
+    self.assertTrue(file_entry.IsDirectory())
+    self.assertFalse(file_entry.IsFile())
+    self.assertFalse(file_entry.IsLink())
+    self.assertFalse(file_entry.IsPipe())
+    self.assertFalse(file_entry.IsSocket())
+
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, location='/',
+        parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+    self.assertIsNotNone(file_entry)
+
+    self.assertTrue(file_entry.IsRoot())
+    self.assertFalse(file_entry.IsVirtual())
+    self.assertTrue(file_entry.IsAllocated())
+
+    self.assertFalse(file_entry.IsDevice())
+    self.assertTrue(file_entry.IsDirectory())
+    self.assertFalse(file_entry.IsFile())
+    self.assertFalse(file_entry.IsLink())
+    self.assertFalse(file_entry.IsPipe())
+    self.assertFalse(file_entry.IsSocket())
+
+  def testSubFileEntries(self):
+    """Tests the number_of_sub_file_entries and sub_file_entries properties."""
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, location='/',
+        parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+    self.assertIsNotNone(file_entry)
+
+    self.assertEqual(file_entry.number_of_sub_file_entries, 4)
+
+    expected_sub_file_entry_names = [
+        'a_directory',
+        'a_link',
+        'lost+found',
+        'passwords.txt']
+
+    sub_file_entry_names = []
+    for sub_file_entry in file_entry.sub_file_entries:
+      sub_file_entry_names.append(sub_file_entry.name)
+
+    self.assertEqual(
+        len(sub_file_entry_names), len(expected_sub_file_entry_names))
+    self.assertEqual(
+        sorted(sub_file_entry_names), sorted(expected_sub_file_entry_names))
+
+    # Test a path specification without a location.
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, inode=self._INODE_A_DIRECTORY,
+        parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+    self.assertIsNotNone(file_entry)
+
+    self.assertEqual(file_entry.number_of_sub_file_entries, 2)
+
+  def testDataStreams(self):
+    """Tests the data streams functionality."""
+    test_location = '/a_directory/another_file'
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, inode=self._INODE_ANOTHER_FILE,
+        location=test_location, parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+    self.assertIsNotNone(file_entry)
+
+    self.assertEqual(file_entry.number_of_data_streams, 1)
+
+    data_stream_names = []
+    for data_stream in file_entry.data_streams:
+      data_stream_names.append(data_stream.name)
+
+    self.assertEqual(data_stream_names, [''])
+
+    test_location = '/a_directory'
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, inode=self._INODE_A_DIRECTORY,
+        location=test_location, parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+    self.assertIsNotNone(file_entry)
+
+    self.assertEqual(file_entry.number_of_data_streams, 0)
+
+    data_stream_names = []
+    for data_stream in file_entry.data_streams:
+      data_stream_names.append(data_stream.name)
+
+    self.assertEqual(data_stream_names, [])
+
+  def testGetDataStream(self):
+    """Tests the GetDataStream function."""
+    test_location = '/a_directory/another_file'
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        definitions.TYPE_INDICATOR_EXT, inode=self._INODE_ANOTHER_FILE,
+        location=test_location, parent=self._raw_path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+    self.assertIsNotNone(file_entry)
+
+    data_stream_name = ''
+    data_stream = file_entry.GetDataStream(data_stream_name)
+    self.assertIsNotNone(data_stream)
+
+
 if __name__ == '__main__':
   unittest.main()
diff --git a/utils/generate_test_data_linux.sh b/utils/generate_test_data_linux.sh
@@ -137,6 +137,21 @@ create_test_file_entries ${MOUNT_POINT};
 
 sudo umount ${MOUNT_POINT};
 
+# Create test image with an EXT4 file system with creation time and high-precision date and time values
+IMAGE_FILE="test_data/ext4.raw";
+
+dd if=/dev/zero of=${IMAGE_FILE} bs=${SECTOR_SIZE} count=$(( ${IMAGE_SIZE} / ${SECTOR_SIZE} )) 2> /dev/null;
+
+mke2fs -q -t ext4 -I 256 -L "ext4_test" ${IMAGE_FILE};
+
+sudo mount -o loop,rw ${IMAGE_FILE} ${MOUNT_POINT};
+
+sudo chown ${USERNAME} ${MOUNT_POINT};
+
+create_test_file_entries ${MOUNT_POINT};
+
+sudo umount ${MOUNT_POINT};
+
 # Create test image with a FAT-12 file system
 IMAGE_FILE="test_data/fat12.raw";