def testParse(self): """Tests the Parse function.""" parser = amcache.AmcacheParser() storage_writer = self._ParseFile(['Amcache.hve'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 1179) events = list(storage_writer.GetSortedEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '1992-06-19 22:22:17.000000') event_data = self._GetEventDataOfEvent(storage_writer, event) expected_full_path = ( 'c:\\users\\user\\appdata\\local\\temp\\chocolatey\\' 'is-f4510.tmp\\idafree50.tmp') self.assertEqual(event_data.full_path, expected_full_path) self.assertEqual( event_data.sha1, '82274eef0911a948f91425f5e5b0e730517fe75e') event = events[1148] event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.name, 'FileInsight - File analysis tool') self.assertEqual(event_data.publisher, 'McAfee Inc.') expected_message = 'name: FileInsight - File analysis tool' self._TestGetMessageStrings(event_data, expected_message, expected_message)
def testParse(self): """Tests the Parse function.""" parser = amcache.AmcacheParser() storage_writer = self._ParseFile(['Amcache.hve'], parser) self.assertEqual(storage_writer.number_of_errors, 0) self.assertEqual(storage_writer.number_of_events, 1179) events = list(storage_writer.GetSortedEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '1992-06-19 22:22:17.000000') expected_full_path = ( 'c:\\users\\user\\appdata\\local\\temp\\chocolatey\\' 'is-f4510.tmp\\idafree50.tmp') self.assertEqual(event.full_path, expected_full_path) expected_sha1 = '82274eef0911a948f91425f5e5b0e730517fe75e' self.assertEqual(event.sha1, expected_sha1) event = events[1148] expected_program_name = 'FileInsight - File analysis tool' self.assertEqual(event.name, expected_program_name) expected_publisher = 'McAfee Inc.' self.assertEqual(event.publisher, expected_publisher)
def testParseWithSystem(self): """Tests the Parse function with a SYSTEM Registry file.""" parser = amcache.AmcacheParser() storage_writer = self._ParseFile(['SYSTEM'], parser) self.assertEqual(storage_writer.number_of_events, 0)