def testParseOptions(self): """Tests the ParseOptions function.""" options = cli_test_lib.TestOptions() output_mediator = self._CreateOutputMediator() output_module = sqlite_4n6time.SQLite4n6TimeOutputModule(output_mediator) with self.assertRaises(errors.BadConfigOption): sqlite_4n6time_output.SQLite4n6TimeOutputArgumentsHelper.ParseOptions( options, output_module) options.write = '4n6time.sqlite' sqlite_4n6time_output.SQLite4n6TimeOutputArgumentsHelper.ParseOptions( options, output_module) with self.assertRaises(errors.BadConfigObject): sqlite_4n6time_output.SQLite4n6TimeOutputArgumentsHelper.ParseOptions( options, None)
def testOutput(self): """Tests for the sqlite output.""" def dict_from_row(row): return dict(zip(row.keys(), row)) expected_dict = { u'type': u'Content Modification Time', u'host': u'ubuntu', u'filename': u'log/syslog.1', u'source': u'LOG', u'description': u'[', u'datetime': u'2012-06-27 18:17:01', u'inreport': u'', u'source_name': u'-', u'extra': (u'my_number: 123 some_additional_foo: True text: ' u'Reporter <CRON> PID: 8442 (pam_unix(cron:session): ' u'session closed for user root) '), u'color': u'', u'tag': u'', u'timezone': u'UTC', u'inode': u'-', u'reportnotes': u'', u'sourcetype': u'Log File', u'event_identifier': u'-', u'store_number': 1, u'format': u'-', u'url': u'-', u'store_index': 1, u'record_number': u'0', u'MACB': u'M...', u'computer_name': u'-', u'offset': 0, u'evidence': u'-', u'user_sid': u'-', u'notes': u'-', u'vss_store_number': -1, u'user': u'-' } with shared_test_lib.TempDirectory() as temp_directory: output_mediator = self._CreateOutputMediator() self._sqlite_output = sqlite_4n6time.SQLite4n6TimeOutputModule( output_mediator) sqlite_file = os.path.join(temp_directory, u'4n6time.db') self._sqlite_output.SetFilename(sqlite_file) self._sqlite_output.Open() self._sqlite_output.WriteEventBody(self._event_object) self._sqlite_output.Close() self.conn = sqlite3.connect(sqlite_file) self.conn.row_factory = sqlite3.Row res = self.conn.execute(u'SELECT * from log2timeline') row_dict = dict_from_row(res.fetchone()) self.assertDictContainsSubset(expected_dict, row_dict)
def testOutput(self): """Tests the 4n6time SQLite output module.""" event_data = TestEventData() timestamp = timelib.Timestamp.CopyFromString( u'2012-06-27 18:17:01+00:00') event = time_events.TimestampEvent( timestamp, definitions.TIME_DESCRIPTION_WRITTEN) self._MergeEventAndEventData(event, event_data) expected_dict = { u'type': u'Content Modification Time', u'host': u'ubuntu', u'filename': u'log/syslog.1', u'source': u'LOG', u'description': u'[', u'datetime': u'2012-06-27 18:17:01', u'inreport': u'', u'source_name': u'-', u'extra': (u'my_number: 123 some_additional_foo: True text: ' u'Reporter <CRON> PID: 8442 (pam_unix(cron:session): ' u'session closed for user root) '), u'tag': u'', u'timezone': u'UTC', u'inode': u'-', u'reportnotes': u'', u'sourcetype': u'Log File', u'event_identifier': u'-', u'format': u'-', u'url': u'-', u'record_number': u'0', u'MACB': u'M...', u'computer_name': u'-', u'offset': 0, u'evidence': u'-', u'user_sid': u'-', u'notes': u'-', u'vss_store_number': -1, u'user': u'-' } with shared_test_lib.TempDirectory() as temp_directory: output_mediator = self._CreateOutputMediator() sqlite_output = sqlite_4n6time.SQLite4n6TimeOutputModule( output_mediator) sqlite_file = os.path.join(temp_directory, u'4n6time.db') sqlite_output.SetFilename(sqlite_file) sqlite_output.Open() sqlite_output.WriteEventBody(event) sqlite_output.Close() sqlite_connection = sqlite3.connect(sqlite_file) sqlite_connection.row_factory = sqlite3.Row cursor = sqlite_connection.execute(u'SELECT * from log2timeline') row = cursor.fetchone() row_dict = dict(zip(row.keys(), row)) self.assertDictContainsSubset(expected_dict, row_dict)
def testOutput(self): """Tests the 4n6time SQLite output module.""" with shared_test_lib.TempDirectory() as temp_directory: output_mediator = self._CreateOutputMediator() sqlite_output = sqlite_4n6time.SQLite4n6TimeOutputModule( output_mediator) sqlite_file = os.path.join(temp_directory, '4n6time.db') sqlite_output.SetFilename(sqlite_file) sqlite_output.Open() event, event_data = containers_test_lib.CreateEventFromValues( self._TEST_EVENTS[0]) sqlite_output.WriteEventBody(event, event_data, None) sqlite_output.Close() sqlite_connection = sqlite3.connect(sqlite_file) sqlite_connection.row_factory = sqlite3.Row cursor = sqlite_connection.execute('SELECT * from log2timeline') row = cursor.fetchone() row_dict = dict(zip(row.keys(), row)) expected_dict = { 'type': 'Content Modification Time', 'host': 'ubuntu', 'filename': 'log/syslog.1', 'source': 'LOG', 'description': '[', 'datetime': '2012-06-27 18:17:01', 'inreport': '', 'source_name': '-', 'extra': ('my_number: 123 some_additional_foo: True text: ' 'Reporter <CRON> PID: 8442 (pam_unix(cron:session): ' 'session closed for user root) '), 'tag': '', 'timezone': 'UTC', 'inode': '-', 'reportnotes': '', 'sourcetype': 'Log File', 'event_identifier': '-', 'format': '-', 'url': '-', 'record_number': '0', 'MACB': 'M...', 'computer_name': '-', 'offset': 0, 'evidence': '-', 'user_sid': '-', 'notes': '-', 'vss_store_number': -1, 'user': '******' } self.assertDictContainsSubset(expected_dict, row_dict)