def testExtractEventsFromSourceSingleFile(self):
"""Tests the ExtractEventsFromSources function on a single file."""
test_artifacts_path = self._GetTestFilePath(['artifacts'])
self._SkipIfPathNotExists(test_artifacts_path)
test_file_path = self._GetTestFilePath(['System.evtx'])
self._SkipIfPathNotExists(test_file_path)
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = psteal_tool.PstealTool(output_writer=output_writer)
options = test_lib.TestOptions()
options.artifact_definitions_path = test_artifacts_path
options.quiet = True
options.status_view_mode = 'none'
options.source = test_file_path
with shared_test_lib.TempDirectory() as temp_directory:
options.log_file = os.path.join(temp_directory, 'output.log')
options.storage_file = os.path.join(temp_directory,
'storage.plaso')
options.write = os.path.join(temp_directory, 'output.txt')
test_tool.ParseOptions(options)
test_tool.ExtractEventsFromSources()
expected_output = [
'', 'Source path\t\t: {0:s}'.format(options.source),
'Source type\t\t: single file',
'Processing time\t\t: 00:00:00', '', 'Processing started.',
'Processing completed.', '', ''
]
output = output_writer.ReadOutput()
self._CheckOutput(output, expected_output)
def Main():
"""The main function."""
tool = psteal_tool.PstealTool()
if not tool.ParseArguments(sys.argv[1:]):
return False
if tool.show_troubleshooting:
print('Using Python version {0!s}'.format(sys.version))
print()
print('Path: {0:s}'.format(os.path.abspath(__file__)))
print()
print(tool.GetVersionInformation())
print()
dependencies.CheckDependencies(verbose_output=True)
print('Also see: https://plaso.readthedocs.io/en/latest/sources/user/'
'Troubleshooting.html')
return True
try:
tool.CheckOutDated()
except KeyboardInterrupt:
return False
have_list_option = False
if tool.list_timezones:
tool.ListTimeZones()
have_list_option = True
if tool.list_output_modules:
tool.ListOutputModules()
have_list_option = True
if tool.list_timezones:
tool.ListTimeZones()
have_list_option = True
if tool.list_parsers_and_plugins:
tool.ListParsersAndPlugins()
have_list_option = True
if tool.list_hashers:
tool.ListHashers()
have_list_option = True
if tool.list_language_identifiers:
tool.ListLanguageIdentifiers()
have_list_option = True
if have_list_option:
return True
if tool.dependencies_check and not dependencies.CheckDependencies(
verbose_output=False):
return False
try:
tool.ExtractEventsFromSources()
tool.AnalyzeEvents()
# Writing to stdout and stderr will raise BrokenPipeError if it
# receives a SIGPIPE.
except BrokenPipeError:
pass
except (KeyboardInterrupt, errors.UserAbort):
logging.warning('Aborted by user.')
return False
except errors.SourceScannerError as exception:
logging.warning(exception)
return False
return True
