def test_magic_registration(self, ip: TerminalInteractiveShell):
"""Test registering a magic."""
res = ip.run_cell(raw_cell=MAGIC_DEFINITION)
self.assertions.assertTrue(res.success)
magics = ip.run_line_magic(magic_name='picatrixmagics', line='')
self.assertions.assertFalse(magics[magics.name == 'my_silly_magic'].empty)
line = ip.run_line_magic(
magic_name='my_silly_magic', line='--magnitude 23 this is my string')
expected_return = (
'This magical magic produced 23 magics of this is my string')
self.assertions.assertEqual(line, expected_return)
def test_context_date(self, ip: TerminalInteractiveShell):
"""Test querying for contex surrounding a date."""
_ = self._get_sketch(ip)
df = ip.run_line_magic(
magic_name='timesketch_context_date',
line=
('--minutes 10 --fields datetime,message,data_type,event_identifier'
',username,workstation 2020-09-18T22:24:36'))
self.assertions.assertTrue(df.shape[0] > 5000)
logon_df = df[df.event_identifier == 4624]
logged_in_users = list(logon_df.username.unique())
self.assertions.assertTrue('Administrator' in logged_in_users)
self.assertions.assertTrue('DWM-1' in logged_in_users)
df.sort_values('datetime', inplace=True)
first_series = df.iloc[0]
last_series = df.iloc[-1]
first_time = first_series.datetime
last_time = last_series.datetime
delta = last_time - first_time
delta_rounded = delta.round('min')
# This should be 10 minutes or 600 seconds.
self.assertions.assertTrue(delta_rounded.total_seconds() == 600.0)
def test_list_views(self, ip: TerminalInteractiveShell):
"""Test listing up the available views for a sketch."""
_ = self._get_sketch(ip)
views = ip.run_line_magic(magic_name='timesketch_list_views', line='')
expected_views = set(
['18:Szechuan Hits', '19:Szechuan All Hits', '16:email_addresses'])
self.assertions.assertEqual(set(views.keys()), expected_views)
def test_list_saved_searches(self, ip: TerminalInteractiveShell):
"""Test listing up the available saved searches for a sketch."""
_ = self._get_sketch(ip)
views = ip.run_line_magic(
magic_name='timesketch_list_saved_searches', line='')
expected_views = set(
[
'18:Szechuan Hits',
'19:Szechuan All Hits',
'16:email_addresses',
'128:Wifitask',
'140:Windows Crash activity',
'139:SSH session view',
'138:Sigma Rule matches',
])
self.assertions.assertEqual(set(views.keys()), expected_views)
def test_query_data(self, ip: TerminalInteractiveShell):
"""Test querying for data in a sketch."""
_ = self._get_sketch(ip)
df = ip.run_line_magic(
magic_name='timesketch_query',
line=('--fields datetime,origin,message,hostname,name secret AND '
'data_type:"windows:shell_item:file_entry"'))
df_slice = df[df.origin == 'Beth_Secret.lnk']
self.assertions.assertTrue(df_slice.shape[0] > 0)
origin_set = set(df.origin.unique())
expected_set = set([
'9b9cdc69c1c24e2b.automaticDestinations-ms', 'Beth_Secret.lnk',
'HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software'
'\\Microsoft\\Windows\\Shell\\BagMRU\\0\\0\\0', 'NoJerry.lnk',
'PortalGunPlans.lnk', 'SECRET_beth.lnk', 'Secret.lnk',
'Szechuan Sauce.lnk', 'f01b4d95cf55d32a.automaticDestinations-ms'
])
self.assertions.assertSetEqual(origin_set, expected_set)
def test_picatrixmagics(self, ip: TerminalInteractiveShell):
"""Test the picatrixmagics."""
magics = ip.run_line_magic(magic_name='picatrixmagics', line='')
self.assertions.assertFalse(magics.empty)
self.assertions.assertTrue(magics.shape[0] > 10)
def _get_sketch(self, ip: TerminalInteractiveShell) -> sketch.Sketch:
"""Return a sketch object."""
self._setup_client(ip)
ip.run_line_magic(magic_name='timesketch_set_active_sketch', line='6')
return ip.run_line_magic(magic_name='timesketch_get_sketch', line='')
