Fixed a bug where deleted files which could not be opened were skipped.

Ignore-this: 4580f604946918dc6dc4493960364c90 darcs-hash:20090616135637-f1522-8a7bb7e6a7c762526f8aedfa9d0cb2b76ff8b75f.gz
anarchivist · Jun 16, 2009 · 3031395 · 3031395
1 parent 5009a44
commit 3031395
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 23 deletions.
diff --git a/src/plugins/DiskForensics/FileSystems/Sleuthkit.py b/src/plugins/DiskForensics/FileSystems/Sleuthkit.py
@@ -204,20 +204,31 @@ def insert_inode(inode):
             else:
                 status = 'deleted'
 
+            args = dict(inode = inodestr,
+                        status = status,
+                        _fast = True)
+
             try:
+                print "%r" % inode
+                if inode.__str__()=="22-0-0":
+                    print "found it"
+                    raise IOError("foo")
+
+
+                ## If this fails we return the default deleted Inode
+                ## because we dont know anything about this inode (we
+                ## dont know its run list or attributes).
                 f = fs.open(inode=str(inode))
                 s = fs.fstat(f)
 
-                args = dict(inode = inodestr,
-                            status = status,
-                            uid = s.st_uid,
-                            gid = s.st_gid,
-                            mode = s.st_mode,
-                            links = s.st_nlink,
-                            link = "",
-                            size = s.st_size,
-                            _fast = True
-                            )
+                args.update(dict(
+                    uid = s.st_uid,
+                    gid = s.st_gid,
+                    mode = s.st_mode,
+                    links = s.st_nlink,
+                    link = "",
+                    size = s.st_size,
+                    ))
 
                 if s.st_mtime:
                     args['_mtime'] = "from_unixtime(%d)" % s.st_mtime
@@ -228,9 +239,6 @@ def insert_inode(inode):
                 if s.st_ctime:
                     args['_ctime'] = "from_unixtime(%d)" % s.st_ctime
 
-                dbh_inode.insert( "inode", **args)
-                inode_id = dbh_inode.autoincrement()
-
                 #insert block runs
                 index = 0
                 for (index, start, count) in runs(f.blocks()):
@@ -242,9 +250,12 @@ def insert_inode(inode):
                     )
                 #f.close()
 
-            except IOError:
-                pass
+            except IOError,e:
+                pyflaglog.log(pyflaglog.WARNING, "Error creating inode: %s", e)
 
+            dbh_inode.insert( "inode", **args)
+            inode_id = dbh_inode.autoincrement()
+
             ## If needed schedule inode for scanning:
             if scanners:
                 pdbh.mass_insert(
@@ -402,7 +413,7 @@ def reset(self, dbh, case):
 
 ## Unit Tests:
 import unittest
-from hashlib import md5
+import hashlib
 import pyflag.pyflagsh as pyflagsh
 import pyflag.tests as tests
 
@@ -444,15 +455,15 @@ def test02ReadNTFSFile(self):
         ## This file is Images/250px-Holmes_by_Paget.jpg
         fd = self.fsfd.open(inode='Itest|K33-128-4')
         data = fd.read()
-        m = md5.new()
+        m = hashlib.md5()
         m.update(data)
         self.assertEqual(m.hexdigest(),'f9c4ea83dfcdcf5eb441e130359f4a0d')
 
     def test03ReadNTFSCompressed(self):
         """ Test reading a compressed NTFS file """
         self.fsfd = DBFS(self.test_case)
         fd = self.fsfd.open("/Books/80day11.txt")
-        m = md5.new()
+        m = hashlib.md5()
         m.update(fd.read())
         self.assertEqual(m.hexdigest(),'f5b394b5d0ca8c9ce206353e71d1d1f2')
 

diff --git a/src/plugins/FileHandlers.py b/src/plugins/FileHandlers.py
@@ -45,7 +45,7 @@ def open(self):
             fd=gzip.open(file,'rb')
 
             ## gzip doesnt really verify the file until you read something:
-            magic = fd.read(10)
+            magic=fd.read(10)
             if len(magic)!=10:
                 fd = open(file,'rb')
             else:

diff --git a/src/plugins/LoadData.py b/src/plugins/LoadData.py
@@ -636,7 +636,7 @@ def reset(self,query):
 
 ## Unit Tests:
 import unittest
-from hashlib import md5
+import hashlib
 import pyflag.pyflagsh as pyflagsh
 from pyflag.FileSystem import DBFS
 
@@ -698,13 +698,13 @@ def test03MultipleSources(self):
         ## Try to read a file from the first source:
         fsfd = DBFS(self.test_case)
         fd = fsfd.open("/stdimage/dscf1081.jpg")
-        m = md5.new()
+        m = hashlib.md5()
         m.update(fd.read())
         self.assertEqual(m.hexdigest(),'11bec410aebe0c22c14f3eaaae306f46')
 
         ## Try to read a file from the second source:
         fd = fsfd.open("/ntfsimage/Books/80day11.txt")
-        m = md5.new()
+        m = hashlib.md5()
         m.update(fd.read())
         self.assertEqual(m.hexdigest(),'f5b394b5d0ca8c9ce206353e71d1d1f2')
 
diff --git a/src/pyflag/HTMLUI.py b/src/pyflag/HTMLUI.py
@@ -340,7 +340,7 @@ def _calculate_js_for_pane(self, target=None, pane="main", **opts):
 
         if pane=='new':
             id=self.get_unique_id()
-            return "window.open('f?%s&__pyflag_parent='+window.__pyflag_name+'&__pyflag_name=child_%s','child_%s',  'fullscreen=yes,scrollbars=yes'); return false;" % (target, id,id)
+            return "window.open('f?%s&__pyflag_parent='+window.__pyflag_name+'&__pyflag_name=child_%s','child_%s',  'width=1024, height=800, scrollbars=yes'); return false;" % (target, id,id)
 
         if target:
             ## Try to remove the callback which we are generated from: