def testCollect(self):
"""Tests the Collect function."""
registry = self._CreateTestRegistry()
test_output_writer = test_lib.TestOutputWriter()
collector_object = sysinfo.SystemInfoCollector(
output_writer=test_output_writer)
result = collector_object.Collect(registry)
self.assertTrue(result)
test_output_writer.Close()
self.assertIsNotNone(collector_object.system_information)
self.assertEqual(collector_object.system_information.csd_version,
self._CSD_VERSION)
self.assertEqual(
collector_object.system_information.current_build_number,
self._CURRENT_BUILD_NUMBER)
self.assertEqual(collector_object.system_information.current_type,
self._CURRENT_TYPE)
self.assertEqual(collector_object.system_information.current_version,
self._CURRENT_VERSION)
self.assertIsNotNone(
collector_object.system_information.installation_date)
self.assertEqual(
collector_object.system_information.product_identifier,
self._PRODUCT_IDENTIFIER)
self.assertEqual(collector_object.system_information.product_name,
self._PRODUCT_NAME)
def testReadStructureFromByteStream(self):
"""Tests the _ReadStructureFromByteStream function."""
output_writer = test_lib.TestOutputWriter()
test_format = TestBinaryDataFormat(debug=True,
output_writer=output_writer)
test_format._ReadStructureFromByteStream(
b'\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00', 0,
test_format.POINT3D, 'point3d')
# Test with missing byte stream.
with self.assertRaises(ValueError):
test_format._ReadStructureFromByteStream(None, 0,
test_format.POINT3D,
'point3d')
# Test with missing data map type.
with self.assertRaises(ValueError):
test_format._ReadStructureFromByteStream(
b'\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00', 0, None,
'point3d')
# Test with data type map that raises an dtfabric.MappingError.
data_type_map = ErrorDataTypeMap(None)
with self.assertRaises(errors.ParseError):
test_format._ReadStructureFromByteStream(
b'\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00', 0,
data_type_map, 'point3d')
def testCollect(self):
"""Tests the Collect function."""
registry = self._CreateTestRegistry()
test_output_writer = test_lib.TestOutputWriter()
collector_object = task_cache.TaskCacheCollector(
output_writer=test_output_writer)
result = collector_object.Collect(registry)
self.assertTrue(result)
test_output_writer.Close()
self.assertEqual(len(collector_object.cached_tasks), 2)
cached_tasks = sorted(collector_object.cached_tasks,
key=lambda task: task.identifier)
cached_task = cached_tasks[0]
self.assertIsNotNone(cached_task)
self.assertEqual(cached_task.identifier, self._GUID1)
# TODO: fix test
# self.assertEqual(cached_task.name, self._NAME1)
cached_task = cached_tasks[1]
self.assertIsNotNone(cached_task)
self.assertEqual(cached_task.identifier, self._GUID2)
def testCollect(self):
"""Tests the Collect function."""
test_path = self._GetTestFilePath(['NTUSER.DAT'])
self._SkipIfPathNotExists(test_path)
registry = dfwinreg_registry.WinRegistry()
with open(test_path, 'rb') as file_object:
registry_file = dfwinreg_regf.REGFWinRegistryFile(
ascii_codepage='cp1252')
registry_file.Open(file_object)
key_path_prefix = registry.GetRegistryFileMapping(registry_file)
registry_file.SetKeyPathPrefix(key_path_prefix)
registry.MapFile(key_path_prefix, registry_file)
test_output_writer = test_lib.TestOutputWriter()
collector_object = programscache.ProgramsCacheCollector(
output_writer=test_output_writer)
result = collector_object.Collect(registry)
self.assertTrue(result)
test_output_writer.Close()
def testReadData(self):
"""Tests the _ReadData function."""
output_writer = test_lib.TestOutputWriter()
test_format = TestBinaryDataFormat(debug=True,
output_writer=output_writer)
file_object = io.BytesIO(
b'\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00')
test_format._ReadData(file_object, 0, test_format.POINT3D_SIZE,
'point3d')
# Test with missing file-like object.
with self.assertRaises(ValueError):
test_format._ReadData(None, 0, test_format.POINT3D_SIZE, 'point3d')
# Test with file-like object with insufficient data.
file_object = io.BytesIO(
b'\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00')
with self.assertRaises(errors.ParseError):
test_format._ReadData(file_object, 0, test_format.POINT3D_SIZE,
'point3d')
# Test with file-like object that raises an IOError.
file_object = ErrorBytesIO(
b'\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00')
with self.assertRaises(errors.ParseError):
test_format._ReadData(file_object, 0, test_format.POINT3D_SIZE,
'point3d')
def testReadFileObject(self):
"""Tests the ReadFileObject function."""
output_writer = test_lib.TestOutputWriter()
test_file = chrome_cache.DataBlockFile(output_writer=output_writer)
test_file_path = self._GetTestFilePath(['chrome_cache', 'data_0'])
test_file.Open(test_file_path)
def testReadFileObject(self):
"""Tests the ReadFileObject."""
output_writer = test_lib.TestOutputWriter()
test_file = wemf.EMFFile(debug=True, output_writer=output_writer)
test_file_path = self._GetTestFilePath(['Memo.emf'])
test_file.Open(test_file_path)
def testReadFileObject(self):
"""Tests the ReadFileObject."""
output_writer = test_lib.TestOutputWriter()
test_file = utmp.LinuxLibc6UtmpFile(debug=True, output_writer=output_writer)
test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
test_file.Open(test_file_path)
def testReadFileObject(self):
"""Tests the ReadFileObject."""
output_writer = test_lib.TestOutputWriter()
test_file = utmp.MacOSXUtmpxFile(debug=True, output_writer=output_writer)
test_file_path = self._GetTestFilePath(['utmpx-macosx10.5'])
test_file.Open(test_file_path)
def testDebugPrintDestListEntry(self):
"""Tests the _DebugPrintDestListEntry function."""
output_writer = test_lib.TestOutputWriter()
test_file = jump_list.AutomaticDestinationsFile(output_writer=output_writer)
test_file._format_version = 3
uuid_value = uuid.UUID('{97d57d7f-24e9-4de7-9306-b40d93442fbb}')
data_type_map = test_file._GetDataTypeMap('dest_list_entry_v3')
dest_list_entry = data_type_map.CreateStructureValues(
unknown1=1,
droid_volume_identifier=uuid_value,
droid_file_identifier=uuid_value,
birth_droid_volume_identifier=uuid_value,
birth_droid_file_identifier=uuid_value,
hostname='myhost',
entry_number=2,
unknown2=3,
unknown3=4.0,
last_modification_time=5,
pin_status=6,
unknown4=7,
unknown5=8,
unknown6=9,
path_size=6,
path='mypath',
unknown7=10)
test_file._DebugPrintDestListEntry(dest_list_entry)
def testReadMemberHeader(self):
"""Tests the _ReadMemberHeader function."""
output_writer = test_lib.TestOutputWriter()
test_file = gzipfile.GZipFile(output_writer=output_writer)
test_file_path = self._GetTestFilePath(['syslog.gz'])
with open(test_file_path, 'rb') as file_object:
test_file._ReadMemberHeader(file_object)
def testReadEntries(self):
"""Tests the _ReadEntries function."""
output_writer = test_lib.TestOutputWriter()
test_file = utmp.LinuxLibc6UtmpFile(output_writer=output_writer)
test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
with open(test_file_path, 'rb') as file_object:
test_file._ReadEntries(file_object)
def testReadFileObject(self):
"""Tests the ReadFileObject function."""
output_writer = test_lib.TestOutputWriter()
test_file = asl.AppleSystemLogFile(debug=True,
output_writer=output_writer)
test_file_path = self._GetTestFilePath(['applesystemlog.asl'])
test_file.Open(test_file_path)
def testReadFileObjectWithAppleBSM(self):
"""Tests the ReadFileObject function with an Apple BSM file."""
output_writer = test_lib.TestOutputWriter()
test_file = bsm.BSMEventAuditingFile(debug=True,
output_writer=output_writer)
test_file_path = self._GetTestFilePath(['apple.bsm'])
test_file.Open(test_file_path)
def testReadFileObjectOnV3File(self):
"""Tests the ReadFileObject function on a format version 3 file."""
output_writer = test_lib.TestOutputWriter()
test_file = jump_list.AutomaticDestinationsFile(output_writer=output_writer)
test_file_path = self._GetTestFilePath([
'9d1f905ce5044aee.automaticDestinations-ms'])
test_file.Open(test_file_path)
def testReadFileObject(self):
"""Tests the ReadFileObject function."""
output_writer = test_lib.TestOutputWriter()
test_file = tzif.TimeZoneInformationFile(debug=True,
output_writer=output_writer)
test_file_path = self._GetTestFilePath(['localtime.tzif'])
test_file.Open(test_file_path)
def testReadFileHeader(self):
"""Tests the _ReadFileHeader function."""
output_writer = test_lib.TestOutputWriter()
test_file = tzif.TimeZoneInformationFile(output_writer=output_writer)
test_file_path = self._GetTestFilePath(['localtime.tzif'])
with open(test_file_path, 'rb') as file_object:
test_file._ReadFileHeader(file_object)
def testReadFileObject(self):
"""Tests the ReadFileObject function."""
output_writer = test_lib.TestOutputWriter()
test_file = safari_cookies.BinaryCookiesFile(
debug=True, output_writer=output_writer)
test_file_path = self._GetTestFilePath(['Cookies.binarycookies'])
test_file.Open(test_file_path)
def setUp(self): """Sets up the needed objects used throughout the test.""" self._output_writer = test_lib.TestOutputWriter(encoding='utf-8') self._test_tool = preg_tool.PregTool(output_writer=self._output_writer) self._test_console = preg.PregConsole(self._test_tool) file_entry = self._GetTestFileEntry(['NTUSER.DAT']) self._file_path = self._GetTestFilePath(['NTUSER.DAT']) self._registry_helper = helper.PregRegistryHelper(file_entry, 'OS')
def testReadFileObject(self):
"""Tests the ReadFileObject function."""
output_writer = test_lib.TestOutputWriter()
test_file = unified_logging.TraceV3File(debug=True,
output_writer=output_writer)
test_file_path = self._GetTestFilePath(['0000000000000030.tracev3'])
test_file.Open(test_file_path)
def testReadChunkHeader(self):
"""Tests the _ReadChunkHeader function."""
output_writer = test_lib.TestOutputWriter()
test_file = unified_logging.TraceV3File(output_writer=output_writer)
test_file_path = self._GetTestFilePath(['0000000000000030.tracev3'])
with open(test_file_path, 'rb') as file_object:
test_file._ReadChunkHeader(file_object, 0)
def testReadFileObject(self):
"""Tests the ReadFileObject."""
output_writer = test_lib.TestOutputWriter()
# TODO: add debug=True
test_file = gzipfile.GZipFile(output_writer=output_writer)
test_file_path = self._GetTestFilePath(['syslog.gz'])
test_file.Open(test_file_path)
def testReadFileObjectOnV1File(self):
"""Tests the ReadFileObject function on a format version 1 file."""
output_writer = test_lib.TestOutputWriter()
test_file = jump_list.AutomaticDestinationsFile(output_writer=output_writer)
test_file_path = self._GetTestFilePath([
'1b4dd67f29cb1962.automaticDestinations-ms'])
test_file.Open(test_file_path)
def testReadFileObjectFormatVersion2(self):
"""Tests the ReadFileObject function on a format version 2 file."""
output_writer = test_lib.TestOutputWriter()
test_file = recycle_bin.RecycleBinMetadataFile(
debug=True, output_writer=output_writer)
test_file_path = self._GetTestFilePath(['$I103S5F.jpg'])
test_file.Open(test_file_path)
def testReadFileObject(self):
"""Tests the ReadFileObject function."""
output_writer = test_lib.TestOutputWriter()
test_file = jump_list.CustomDestinationsFile(output_writer=output_writer)
test_file_path = self._GetTestFilePath([
'5afe4de1b92fc382.customDestinations-ms'])
test_file.Open(test_file_path)
def testReadRecord(self):
"""Tests the _ReadRecord function."""
output_writer = test_lib.TestOutputWriter()
test_file = bsm.BSMEventAuditingFile(output_writer=output_writer)
test_file_path = self._GetTestFilePath(['openbsm.bsm'])
with open(test_file_path, 'rb') as file_object:
test_file._ReadRecord(file_object, 0)
def testReadFileHeader(self):
"""Tests the _ReadFileHeader function."""
output_writer = test_lib.TestOutputWriter()
test_file = wmi_repository.MappingFile(output_writer=output_writer)
test_file_path = self._GetTestFilePath(['cim', 'INDEX.MAP'])
with open(test_file_path, 'rb') as file_object:
test_file._ReadFileHeader(file_object)
def testReadFileObject(self):
"""Tests the ReadFileObject."""
output_writer = test_lib.TestOutputWriter()
test_file = rp_change_log.RestorePointChangeLogFile(
output_writer=output_writer)
test_file_path = self._GetTestFilePath(['change.log.1'])
test_file.Open(test_file_path)
def testReadEntries(self):
"""Tests the _ReadEntries function."""
output_writer = test_lib.TestOutputWriter()
test_file = utmp.MacOSXUtmpxFile(output_writer=output_writer)
test_file_path = self._GetTestFilePath(['utmpx-macosx10.5'])
with open(test_file_path, 'rb') as file_object:
test_file._ReadEntries(file_object)
def testReadFileHeader(self):
"""Tests the _ReadFileHeader function."""
output_writer = test_lib.TestOutputWriter()
test_file = asl.AppleSystemLogFile(output_writer=output_writer)
test_file_path = self._GetTestFilePath(['applesystemlog.asl'])
with open(test_file_path, 'rb') as file_object:
test_file._ReadFileHeader(file_object)