def testRuleDocumentPrint(self):
"""Tests the document_print tagging rule."""
event = events.EventObject()
event.timestamp = self._TEST_TIMESTAMP
event.timestamp_desc = definitions.TIME_DESCRIPTION_UNKNOWN
summary_information = summary.OLECFSummaryInformation(None)
event_data = summary_information.GetEventData()
storage_writer = self._TagEvent(event, event_data)
self.assertEqual(storage_writer.number_of_event_tags, 0)
self._CheckLabels(storage_writer, [])
event.timestamp_desc = definitions.TIME_DESCRIPTION_LAST_PRINTED
storage_writer = self._TagEvent(event, event_data)
self.assertEqual(storage_writer.number_of_event_tags, 1)
self._CheckLabels(storage_writer, ['document_print'])
def testRuleDocumentPrint(self):
"""Tests the document_print tagging rule."""
# Test: data_type is 'olecf:summary_info' AND
# timestamp_desc is 'Last Printed Time'
event = events.EventObject()
event.timestamp = self._TEST_TIMESTAMP
event.timestamp_desc = definitions.TIME_DESCRIPTION_UNKNOWN
summary_information = summary.OLECFSummaryInformation(None)
event_data = summary_information.GetEventData()
event_data.parser = 'olecf/olecf_summary'
storage_writer = self._TagEvent(event, event_data, None)
self._CheckLabels(storage_writer, [])
event.timestamp_desc = definitions.TIME_DESCRIPTION_LAST_PRINTED
storage_writer = self._TagEvent(event, event_data, None)
self._CheckLabels(storage_writer, ['document_print'])