def testGetNormalizedTimestamp(self):
"""Tests the _GetNormalizedTimestamp function."""
ole_automation_date_object = ole_automation_date.OLEAutomationDate(
timestamp=43044.480556)
expected_normalized_timestamp = decimal.Decimal(
'1509881520.038400194607675076')
normalized_timestamp = ole_automation_date_object._GetNormalizedTimestamp(
)
self.assertEqual(normalized_timestamp, expected_normalized_timestamp)
ole_automation_date_object = ole_automation_date.OLEAutomationDate(
time_zone_offset=60, timestamp=43044.480556)
expected_normalized_timestamp = decimal.Decimal(
'1509877920.038400194607675076')
normalized_timestamp = ole_automation_date_object._GetNormalizedTimestamp(
)
self.assertEqual(normalized_timestamp, expected_normalized_timestamp)
ole_automation_date_object = ole_automation_date.OLEAutomationDate()
normalized_timestamp = ole_automation_date_object._GetNormalizedTimestamp(
)
self.assertIsNone(normalized_timestamp)
def testProperties(self):
"""Tests the properties."""
ole_automation_date_object = ole_automation_date.OLEAutomationDate(
timestamp=43044.480556)
self.assertEqual(ole_automation_date_object.timestamp, 43044.480556)
ole_automation_date_object = ole_automation_date.OLEAutomationDate()
self.assertIsNone(ole_automation_date_object.timestamp)
def testCopyToDateTimeString(self):
"""Tests the CopyToDateTimeString function."""
ole_automation_date_object = ole_automation_date.OLEAutomationDate(
timestamp=43044.480556)
date_time_string = ole_automation_date_object.CopyToDateTimeString()
self.assertEqual(date_time_string, '2017-11-05 11:32:00.038400')
ole_automation_date_object = ole_automation_date.OLEAutomationDate()
date_time_string = ole_automation_date_object.CopyToDateTimeString()
self.assertIsNone(date_time_string)
def testGetTimeOfDay(self):
"""Tests the GetTimeOfDay function."""
ole_automation_date_object = ole_automation_date.OLEAutomationDate(
timestamp=43044.480556)
time_of_day_tuple = ole_automation_date_object.GetTimeOfDay()
self.assertEqual(time_of_day_tuple, (11, 32, 0))
ole_automation_date_object = ole_automation_date.OLEAutomationDate()
time_of_day_tuple = ole_automation_date_object.GetTimeOfDay()
self.assertEqual(time_of_day_tuple, (None, None, None))
def testGetDate(self):
"""Tests the GetDate function."""
ole_automation_date_object = ole_automation_date.OLEAutomationDate(
timestamp=43044.480556)
date_tuple = ole_automation_date_object.GetDate()
self.assertEqual(date_tuple, (2017, 11, 5))
ole_automation_date_object = ole_automation_date.OLEAutomationDate()
date_tuple = ole_automation_date_object.GetDate()
self.assertEqual(date_tuple, (None, None, None))
def testGetDateWithTimeOfDay(self):
"""Tests the GetDateWithTimeOfDay function."""
ole_automation_date_object = ole_automation_date.OLEAutomationDate(
timestamp=43044.480556)
date_with_time_of_day_tuple = (
ole_automation_date_object.GetDateWithTimeOfDay())
self.assertEqual(date_with_time_of_day_tuple, (2017, 11, 5, 11, 32, 0))
ole_automation_date_object = ole_automation_date.OLEAutomationDate()
date_with_time_of_day_tuple = (
ole_automation_date_object.GetDateWithTimeOfDay())
self.assertEqual(date_with_time_of_day_tuple,
(None, None, None, None, None, None))
def testCopyFromDateTimeString(self):
"""Tests the CopyFromDateTimeString function."""
ole_automation_date_object = ole_automation_date.OLEAutomationDate()
expected_timestamp = 43044.0
ole_automation_date_object.CopyFromDateTimeString('2017-11-05')
self.assertEqual(ole_automation_date_object.timestamp, expected_timestamp)
expected_timestamp = 43044.48055555555
ole_automation_date_object.CopyFromDateTimeString('2017-11-05 11:32:00')
self.assertEqual(ole_automation_date_object.timestamp, expected_timestamp)
expected_timestamp = 43044.480561885124
ole_automation_date_object.CopyFromDateTimeString(
'2017-11-05 11:32:00.546875')
self.assertEqual(ole_automation_date_object.timestamp, expected_timestamp)
expected_timestamp = 43044.522228551796
ole_automation_date_object.CopyFromDateTimeString(
'2017-11-05 11:32:00.546875-01:00')
self.assertEqual(ole_automation_date_object.timestamp, expected_timestamp)
expected_timestamp = 43044.43889521846
ole_automation_date_object.CopyFromDateTimeString(
'2017-11-05 11:32:00.546875+01:00')
self.assertEqual(ole_automation_date_object.timestamp, expected_timestamp)
expected_timestamp = 2.0
ole_automation_date_object.CopyFromDateTimeString('1900-01-01 00:00:00')
self.assertEqual(ole_automation_date_object.timestamp, expected_timestamp)
def testCopyFromDateTimeString(self):
"""Tests the CopyFromDateTimeString function."""
ole_automation_date_object = ole_automation_date.OLEAutomationDate()
ole_automation_date_object.CopyFromDateTimeString('2017-11-05')
self.assertEqual(ole_automation_date_object._timestamp, 43044.0)
self.assertEqual(ole_automation_date_object._time_zone_offset, 0)
ole_automation_date_object.CopyFromDateTimeString(
'2017-11-05 11:32:00')
self.assertEqual(ole_automation_date_object._timestamp,
43044.48055555555)
self.assertEqual(ole_automation_date_object._time_zone_offset, 0)
ole_automation_date_object.CopyFromDateTimeString(
'2017-11-05 11:32:00.546875')
self.assertEqual(ole_automation_date_object._timestamp,
43044.480561885124)
self.assertEqual(ole_automation_date_object._time_zone_offset, 0)
ole_automation_date_object.CopyFromDateTimeString(
'2017-11-05 11:32:00.546875-01:00')
self.assertEqual(ole_automation_date_object._timestamp,
43044.480561885124)
self.assertEqual(ole_automation_date_object._time_zone_offset, -60)
ole_automation_date_object.CopyFromDateTimeString(
'2017-11-05 11:32:00.546875+01:00')
self.assertEqual(ole_automation_date_object._timestamp,
43044.480561885124)
self.assertEqual(ole_automation_date_object._time_zone_offset, 60)
ole_automation_date_object.CopyFromDateTimeString(
'1900-01-01 00:00:00')
self.assertEqual(ole_automation_date_object._timestamp, 2.0)
self.assertEqual(ole_automation_date_object._time_zone_offset, 0)
def _ParseGUIDTable(self, parser_mediator, cache, database, esedb_table,
values_map, event_data_class):
"""Parses a table with a GUID as name.
Args:
parser_mediator (ParserMediator): mediates interactions between parsers
and other components, such as storage and dfvfs.
cache (ESEDBCache): cache, which contains information about
the identifiers stored in the SruDbIdMapTable table.
database (pyesedb.file): ESE database.
esedb_table (pyesedb.table): table.
values_map (dict[str, str]): mapping of table columns to event data
attribute names.
event_data_class (type): event data class.
Raises:
ValueError: if the cache, database or table value is missing.
"""
if cache is None:
raise ValueError('Missing cache value.')
if database is None:
raise ValueError('Missing database value.')
if esedb_table is None:
raise ValueError('Missing table value.')
identifier_mappings = self._GetIdentifierMappings(
parser_mediator, cache, database)
for esedb_record in esedb_table.records:
if parser_mediator.abort:
break
record_values = self._GetRecordValues(
parser_mediator,
esedb_table.name,
esedb_record,
value_mappings=self._GUID_TABLE_VALUE_MAPPINGS)
event_data = event_data_class()
for attribute_name, column_name in values_map.items():
record_value = record_values.get(column_name, None)
if attribute_name in ('application', 'user_identifier'):
# Human readable versions of AppId and UserId values are stored
# in the SruDbIdMapTable table; also referred to as identifier
# mapping. Here we look up the numeric identifier stored in the GUID
# table in SruDbIdMapTable.
record_value = identifier_mappings.get(
record_value, record_value)
setattr(event_data, attribute_name, record_value)
timestamp = record_values.get('TimeStamp')
if timestamp:
date_time = dfdatetime_ole_automation_date.OLEAutomationDate(
timestamp=timestamp)
timestamp_description = definitions.TIME_DESCRIPTION_SAMPLE
else:
date_time = dfdatetime_semantic_time.SemanticTime('Not set')
timestamp_description = definitions.TIME_DESCRIPTION_NOT_A_TIME
event = time_events.DateTimeValuesEvent(date_time,
timestamp_description)
parser_mediator.ProduceEventWithEventData(event, event_data)
timestamp = record_values.get('ConnectStartTime')
if timestamp:
date_time = dfdatetime_filetime.Filetime(timestamp=timestamp)
event = time_events.DateTimeValuesEvent(
date_time, definitions.TIME_DESCRIPTION_FIRST_CONNECTED)
parser_mediator.ProduceEventWithEventData(event, event_data)
