Ejemplo n.º 1
0
    def testReadRecord(self):
        """Tests the _ReadRecord function."""
        output_writer = test_lib.TestOutputWriter()
        test_file = bsm.BSMEventAuditingFile(output_writer=output_writer)

        test_file_path = self._GetTestFilePath(['openbsm.bsm'])
        with open(test_file_path, 'rb') as file_object:
            test_file._ReadRecord(file_object, 0)
Ejemplo n.º 2
0
    def testReadFileObjectWithAppleBSM(self):
        """Tests the ReadFileObject function with an Apple BSM file."""
        output_writer = test_lib.TestOutputWriter()
        test_file = bsm.BSMEventAuditingFile(debug=True,
                                             output_writer=output_writer)

        test_file_path = self._GetTestFilePath(['apple.bsm'])
        test_file.Open(test_file_path)
Ejemplo n.º 3
0
def Main():
    """The main program function.

  Returns:
    bool: True if successful or False if not.
  """
    argument_parser = argparse.ArgumentParser(
        description=('Extracts information from BSM event auditing files.'))

    argument_parser.add_argument('-d',
                                 '--debug',
                                 dest='debug',
                                 action='store_true',
                                 default=False,
                                 help='enable debug output.')

    argument_parser.add_argument('source',
                                 nargs='?',
                                 action='store',
                                 metavar='PATH',
                                 default=None,
                                 help='path of the BSM event auditing file.')

    options = argument_parser.parse_args()

    if not options.source:
        print('Source file missing.')
        print('')
        argument_parser.print_help()
        print('')
        return False

    logging.basicConfig(level=logging.INFO,
                        format='[%(levelname)s] %(message)s')

    output_writer = output_writers.StdoutWriter()

    try:
        output_writer.Open()
    except IOError as exception:
        print(
            'Unable to open output writer with error: {0!s}'.format(exception))
        print('')
        return False

    log_file = bsm.BSMEventAuditingFile(debug=options.debug,
                                        output_writer=output_writer)

    log_file.Open(options.source)

    print('BSM event auditing information:')
    print('')

    log_file.Close()

    output_writer.Close()

    return True
Ejemplo n.º 4
0
    def testFormatIntegerAsNetType(self):
        """Tests the _FormatIntegerAsNetType function."""
        test_file = bsm.BSMEventAuditingFile()

        formatted_net_type = test_file._FormatIntegerAsNetType(4)
        self.assertEqual(formatted_net_type, '4')

        with self.assertRaises(errors.ParseError):
            test_file._FormatIntegerAsNetType(0)
Ejemplo n.º 5
0
    def testReadToken(self):
        """Tests the _ReadToken function."""
        output_writer = test_lib.TestOutputWriter()
        test_file = bsm.BSMEventAuditingFile(output_writer=output_writer)

        test_file_path = self._GetTestFilePath(['openbsm.bsm'])
        with open(test_file_path, 'rb') as file_object:
            token_type, token_data = test_file._ReadToken(file_object, 0)

            self.assertEqual(token_type, 20)
            self.assertIsNotNone(token_data)
Ejemplo n.º 6
0
    def testFormatArrayOfIntegersAsIPAddress(self):
        """Tests the _FormatArrayOfIntegersAsIPAddress function."""
        test_file = bsm.BSMEventAuditingFile()

        ip_address = [127, 0, 0, 1]
        formatted_ip_address = test_file._FormatArrayOfIntegersAsIPAddress(
            ip_address)
        self.assertEqual(formatted_ip_address, '127.0.0.1')

        ip_address = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1]
        formatted_ip_address = test_file._FormatArrayOfIntegersAsIPAddress(
            ip_address)
        self.assertEqual(formatted_ip_address,
                         '0000:0000:0000:0000:0000:0000:0000:0001')

        ip_address = []
        formatted_ip_address = test_file._FormatArrayOfIntegersAsIPAddress(
            ip_address)
        self.assertIsNone(formatted_ip_address)
Ejemplo n.º 7
0
    def testFormatString(self):
        """Tests the _FormatString function."""
        test_file = bsm.BSMEventAuditingFile()

        formatted_string = test_file._FormatString('string\x00')
        self.assertEqual(formatted_string, 'string')
Ejemplo n.º 8
0
    def testFormatIntegerAsEventType(self):
        """Tests the _FormatIntegerAsEventType function."""
        test_file = bsm.BSMEventAuditingFile()

        formatted_event_type = test_file._FormatIntegerAsEventType(1)
        self.assertEqual(formatted_event_type, '0x0001 (exit(2))')