How to use artifacts - 10 common examples
To help you get started, we’ve selected a few artifacts examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
ForensicArtifacts / artifacts / tests / source_type.py View on Github 
def testInitialize(self):
"""Tests the __init__ function."""
source_type.WindowsRegistryValueSourceType(
key_value_pairs=[{'key': u'test', 'value': u'test'}])
with self.assertRaises(errors.FormatError):
source_type.WindowsRegistryValueSourceType(
key_value_pairs=[{'bad': u'test', 'value': u'test'}])
with self.assertRaises(errors.FormatError):
source_type.WindowsRegistryValueSourceType(
key_value_pairs={'bad': u'test', 'value': u'test'})def testProcessSources(self):
"""Tests the PreprocessSources and ProcessSources function."""
artifacts_path = shared_test_lib.GetTestFilePath(['artifacts'])
self._SkipIfPathNotExists(artifacts_path)
registry = artifacts_registry.ArtifactDefinitionsRegistry()
reader = artifacts_reader.YamlArtifactsReader()
registry.ReadFromDirectory(reader, artifacts_path)
test_engine = task_engine.TaskMultiProcessEngine(
maximum_number_of_tasks=100)
test_file_path = self._GetTestFilePath(['ímynd.dd'])
self._SkipIfPathNotExists(test_file_path)
os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path)
source_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK, location='/',
parent=os_path_spec)
test_engine.PreprocessSources(registry, [source_path_spec])def testCollectFromFileSystem(self):
"""Tests the CollectFromFileSystem function."""
artifacts_path = self._GetTestFilePath(['artifacts'])
self._SkipIfPathNotExists(artifacts_path)
registry = artifacts_registry.ArtifactDefinitionsRegistry()
reader = artifacts_reader.YamlArtifactsReader()
registry.ReadFromDirectory(reader, artifacts_path)
knowledge_base_object = knowledge_base_library.KnowledgeBase()
_ = knowledge_base_objectdef _CreateTestArtifactDefinitionsFiltersHelper(self, knowledge_base):
"""Creates an artifact definitions filters helper for testing.
Args:
knowledge_base (KnowledgeBase): contains information from the source
data needed for filtering.
Returns:
ArtifactDefinitionsFiltersHelper: artifact definitions filters helper.
Raises:
SkipTest: if the path inside the test data directory does not exist and
the test should be skipped.
"""
registry = artifacts_registry.ArtifactDefinitionsRegistry()
reader = artifacts_reader.YamlArtifactsReader()
test_artifacts_path = self._GetTestFilePath(['artifacts'])
self._SkipIfPathNotExists(test_artifacts_path)
registry.ReadFromDirectory(reader, test_artifacts_path)
return artifact_filters.ArtifactDefinitionsFiltersHelper(
registry, knowledge_base)def testPreprocessSources(self):
"""Tests the PreprocessSources function."""
test_file_path = self._GetTestFilePath(['SOFTWARE'])
self._SkipIfPathNotExists(test_file_path)
test_file_path = self._GetTestFilePath(['SYSTEM'])
self._SkipIfPathNotExists(test_file_path)
test_artifacts_path = shared_test_lib.GetTestFilePath(['artifacts'])
self._SkipIfPathNotExists(test_artifacts_path)
registry = artifacts_registry.ArtifactDefinitionsRegistry()
reader = artifacts_reader.YamlArtifactsReader()
registry.ReadFromDirectory(reader, test_artifacts_path)
test_engine = TestEngine()
source_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_FAKE, location='/')
test_engine.PreprocessSources(registry, [source_path_spec])
operating_system = test_engine.knowledge_base.GetValue('operating_system')
self.assertEqual(operating_system, 'Windows NT')
test_engine.PreprocessSources(registry, [None])def testParseSystemWithArtifactFilters(self):
"""Tests the Parse function on a SYSTEM file with artifact filters."""
artifacts_path = self._GetTestFilePath(['artifacts'])
self._SkipIfPathNotExists(artifacts_path)
parser = winreg.WinRegistryParser()
knowledge_base = knowledge_base_engine.KnowledgeBase()
artifact_filter_names = ['TestRegistryKey', 'TestRegistryValue']
registry = artifacts_registry.ArtifactDefinitionsRegistry()
reader = artifacts_reader.YamlArtifactsReader()
registry.ReadFromDirectory(reader, artifacts_path)
artifacts_filters_helper = (
artifact_filters.ArtifactDefinitionsFiltersHelper(
registry, knowledge_base))
artifacts_filters_helper.BuildFindSpecs(
artifact_filter_names, environment_variables=None)
storage_writer = self._ParseFile(
['SYSTEM'], parser, collection_filters_helper=artifacts_filters_helper)
events = list(storage_writer.GetEvents())def _CreateTestArtifactDefinitionsFiltersHelper(self, knowledge_base):
"""Creates an artifact definitions filters helper for testing.
Args:
knowledge_base (KnowledgeBase): contains information from the source
data needed for filtering.
Returns:
ArtifactDefinitionsFiltersHelper: artifact definitions filters helper.
Raises:
SkipTest: if the path inside the test data directory does not exist and
the test should be skipped.
"""
registry = artifacts_registry.ArtifactDefinitionsRegistry()
reader = artifacts_reader.YamlArtifactsReader()
test_artifacts_path = self._GetTestFilePath(['artifacts'])
self._SkipIfPathNotExists(test_artifacts_path)
registry.ReadFromDirectory(reader, test_artifacts_path)
return artifact_filters.ArtifactDefinitionsFiltersHelper(
registry, knowledge_base)def testCollectFromFileSystem(self):
"""Tests the CollectFromFileSystem function."""
artifacts_path = self._GetTestFilePath(['artifacts'])
self._SkipIfPathNotExists(artifacts_path)
registry = artifacts_registry.ArtifactDefinitionsRegistry()
reader = artifacts_reader.YamlArtifactsReader()
registry.ReadFromDirectory(reader, artifacts_path)
knowledge_base_object = knowledge_base_library.KnowledgeBase()
_ = knowledge_base_objectdef testProcessSources(self):
"""Tests the ProcessSources function."""
test_artifacts_path = self._GetTestFilePath(['artifacts'])
self._SkipIfPathNotExists(test_artifacts_path)
test_file_path = self._GetTestFilePath(['ímynd.dd'])
self._SkipIfPathNotExists(test_file_path)
registry = artifacts_registry.ArtifactDefinitionsRegistry()
reader = artifacts_reader.YamlArtifactsReader()
registry.ReadFromDirectory(reader, test_artifacts_path)
test_engine = single_process.SingleProcessEngine()
resolver_context = context.Context()
session = sessions.Session()
os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path)
source_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK, location='/',
parent=os_path_spec)
test_engine.PreprocessSources(registry, [source_path_spec])
storage_writer = fake_writer.FakeStorageWriter(session)def testInitialize(self):
"""Tests the __init__ function."""
source_type.WindowsRegistryValueSourceType(
key_value_pairs=[{'key': u'test', 'value': u'test'}])
with self.assertRaises(errors.FormatError):
source_type.WindowsRegistryValueSourceType(
key_value_pairs=[{'bad': u'test', 'value': u'test'}])
with self.assertRaises(errors.FormatError):
source_type.WindowsRegistryValueSourceType(
key_value_pairs={'bad': u'test', 'value': u'test'})artifacts
ForensicArtifacts.com Artifact Repository.
Package Health Score
74 / 100Popular artifacts functions
- artifacts.collector.CollectorDefinition
- artifacts.definitions
- artifacts.definitions.SUPPORTED_OS
- artifacts.definitions.TYPE_INDICATOR_ARTIFACT_GROUP
- artifacts.definitions.TYPE_INDICATOR_FILE
- artifacts.definitions.TYPE_INDICATOR_PATH
- artifacts.definitions.TYPE_INDICATOR_WINDOWS_REGISTRY_KEY
- artifacts.definitions.TYPE_INDICATOR_WINDOWS_REGISTRY_VALUE
- artifacts.errors
- artifacts.errors.FormatError
- artifacts.reader
- artifacts.reader.YamlArtifactsReader
- artifacts.registry
- artifacts.source_type
- artifacts.source_type.FileSourceType
- artifacts.source_type.PathSourceType
- artifacts.source_type.SourceType
- artifacts.source_type.WindowsRegistryKeySourceType
- artifacts.win_artifacts.AbstractWMIArtifact