Python JSONEventFormattingHelper Beispiele

Programmiersprache: Python

Namespace / Paketname: plaso.output.shared_json

Methode / Funktion: JSONEventFormattingHelper

Beispiele auf hotexamples.com: 3

Python JSONEventFormattingHelper - 3 Beispiele gefunden. Dies sind die am besten bewerteten Python Beispiele für die plaso.output.shared_json.JSONEventFormattingHelper, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Beispiel #1

Datei anzeigen

 def __init__(self, output_mediator):
     """Initializes the output module object.
 Args:
   output_mediator (OutputMediator): mediates interactions between output
       modules and other components, such as storage and dfvfs.
 """
     event_formatting_helper = shared_json.JSONEventFormattingHelper(
         output_mediator)
     super(JSONLineOutputModule, self).__init__(output_mediator,
                                                event_formatting_helper)

Beispiel #2

Datei anzeigen

    def testGetFormattedEvent(self):
        """Tests the GetFormattedEvent function."""
        output_mediator = self._CreateOutputMediator()

        formatters_directory_path = self._GetTestFilePath(['formatters'])
        output_mediator.ReadMessageFormattersFromDirectory(
            formatters_directory_path)

        formatting_helper = shared_json.JSONEventFormattingHelper(
            output_mediator)

        event, event_data, event_data_stream = (
            containers_test_lib.CreateEventFromValues(self._TEST_EVENTS[0]))

        if sys.platform.startswith('win'):
            # The dict comparison is very picky on Windows hence we
            # have to make sure the drive letter is in the same case.
            expected_os_location = os.path.abspath('\\{0:s}'.format(
                os.path.join('cases', 'image.dd')))
            expected_os_location = expected_os_location.replace('\\', '\\\\')
        else:
            expected_os_location = '{0:s}{1:s}'.format(
                os.path.sep, os.path.join('cases', 'image.dd'))

        expected_json_string = (
            '{{"__container_type__": "event", "__type__": "AttributeContainer", '
            '"data_type": "test:event", "date_time": {{"__class_name__": '
            '"PosixTimeInMicroseconds", "__type__": "DateTimeValues", "timestamp": '
            '1340821021000000}}, "display_name": "TSK:/var/log/syslog.1", '
            '"filename": "/var/log/syslog.1", "hostname": "ubuntu", "inode": '
            '"15", "message": "Reporter <CRON> PID: |8442| '
            '(pam_unix(cron:session): session closed for user root)", "pathspec": '
            '{{"__type__": "PathSpec", "inode": 15, "location": '
            '"/var/log/syslog.1", "parent": {{"__type__": "PathSpec", "location": '
            '"{0:s}", "type_indicator": "OS"}}, "type_indicator": "TSK"}}, "text": '
            '"Reporter <CRON> PID: |8442| (pam_unix(cron:session): session\\n '
            'closed for user root)", "timestamp": 1340821021000000, '
            '"timestamp_desc": "Unknown Time", "username": "******"}}'
        ).format(expected_os_location)

        json_string = formatting_helper.GetFormattedEvent(
            event, event_data, event_data_stream, None)

        self.assertEqual(json_string, expected_json_string)

Beispiel #3

Datei anzeigen

    def testWriteSerializedDict(self):
        """Tests the _WriteSerializedDict function."""
        output_mediator = self._CreateOutputMediator()

        formatters_directory_path = self._GetTestFilePath(['formatters'])
        output_mediator.ReadMessageFormattersFromDirectory(
            formatters_directory_path)

        formatting_helper = shared_json.JSONEventFormattingHelper(
            output_mediator)

        event, event_data, event_data_stream = (
            containers_test_lib.CreateEventFromValues(self._TEST_EVENTS[0]))

        expected_timestamp = shared_test_lib.CopyTimestampFromString(
            '2012-06-27 18:17:01')

        if sys.platform.startswith('win'):
            # The dict comparison is very picky on Windows hence we
            # have to make sure the drive letter is in the same case.
            expected_os_location = os.path.abspath('\\{0:s}'.format(
                os.path.join('cases', 'image.dd')))
        else:
            expected_os_location = '{0:s}{1:s}'.format(
                os.path.sep, os.path.join('cases', 'image.dd'))

        expected_json_dict = {
            '__container_type__':
            'event',
            '__type__':
            'AttributeContainer',
            'date_time': {
                '__class_name__': 'PosixTimeInMicroseconds',
                '__type__': 'DateTimeValues',
                'timestamp': 1340821021000000,
            },
            'data_type':
            'test:event',
            'display_name':
            'TSK:/var/log/syslog.1',
            'filename':
            '/var/log/syslog.1',
            'hostname':
            'ubuntu',
            'inode':
            '15',
            'message':
            ('Reporter <CRON> PID: |8442| (pam_unix(cron:session): session '
             'closed for user root)'),
            'pathspec': {
                '__type__': 'PathSpec',
                'type_indicator': 'TSK',
                'location': '/var/log/syslog.1',
                'inode': 15,
                'parent': {
                    '__type__': 'PathSpec',
                    'type_indicator': 'OS',
                    'location': expected_os_location,
                }
            },
            'text': ('Reporter <CRON> PID: |8442| (pam_unix(cron:session): '
                     'session\n closed for user root)'),
            'timestamp':
            expected_timestamp,
            'timestamp_desc':
            definitions.TIME_DESCRIPTION_UNKNOWN,
            'username':
            '******',
        }
        json_dict = formatting_helper._WriteSerializedDict(
            event, event_data, event_data_stream, None)

        self.assertEqual(json_dict, expected_json_dict)