def testWriteEventBody(self):
"""Tests the WriteEventBody function."""
formatters_manager.FormattersManager.RegisterFormatter(
TestEventFormatter)
event_object = TestEvent()
filter_object = FakeFilter([
u'date', u'time', u'timezone', u'macb', u'source', u'sourcetype',
u'type', u'user', u'host', u'message_short', u'message',
u'filename', u'inode', u'notes', u'format', u'extra'])
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = dynamic.DynamicOutputModule(
output_mediator, fields_filter=filter_object,
output_writer=output_writer)
output_module.WriteHeader()
expected_header = (
b'date,time,timezone,macb,source,sourcetype,type,user,host,'
b'message_short,message,filename,inode,notes,format,extra\n')
header = output_writer.ReadOutput()
self.assertEqual(header, expected_header)
output_module.WriteEventBody(event_object)
expected_event_body = (
b'2012-06-27,18:17:01,UTC,..C.,LOG,Syslog,Metadata Modification Time,-,'
b'ubuntu,Reporter <CRON> PID: 8442 (pam_unix(cron:session): session '
b'closed for user root),Reporter <CRON> PID: 8442 '
b'(pam_unix(cron:session): session closed for user root),log/syslog.1'
b',-,-,-,-\n')
event_body = output_writer.ReadOutput()
self.assertEqual(event_body, expected_event_body)
filter_object = FakeFilter([
u'datetime', u'nonsense', u'hostname', u'message'])
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = dynamic.DynamicOutputModule(
output_mediator, fields_filter=filter_object,
output_writer=output_writer)
expected_header = b'datetime,nonsense,hostname,message\n'
output_module.WriteHeader()
header = output_writer.ReadOutput()
self.assertEqual(header, expected_header)
expected_event_body = (
b'2012-06-27T18:17:01+00:00,-,ubuntu,Reporter <CRON> PID: 8442'
b' (pam_unix(cron:session): session closed for user root)\n')
output_module.WriteEventBody(event_object)
event_body = output_writer.ReadOutput()
self.assertEqual(event_body, expected_event_body)
formatters_manager.FormattersManager.DeregisterFormatter(
TestEventFormatter)
def setUp(self):
"""Sets up the objects needed for this test."""
output_mediator = self._CreateOutputMediator()
self._output_writer = cli_test_lib.TestOutputWriter()
self._output_module = json_out.JsonOutputModule(
output_mediator, output_writer=self._output_writer)
self._event_object = JsonTestEvent()
def testFlush(self):
"""Test to ensure we empty our buffers and sends to output properly."""
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = TestOutputModule(output_mediator,
output_writer=output_writer)
event_buffer = interface.EventBuffer(output_module, False)
event_buffer.Append(TestEvent(123456, u'Now is now'))
self._CheckBufferLength(event_buffer, 1)
# Add three events.
event_buffer.Append(TestEvent(123456, u'OMG I AM DIFFERENT'))
event_buffer.Append(TestEvent(123456, u'Now is now'))
event_buffer.Append(TestEvent(123456, u'Now is now'))
self._CheckBufferLength(event_buffer, 2)
event_buffer.Flush()
self._CheckBufferLength(event_buffer, 0)
event_buffer.Append(TestEvent(123456, u'Now is now'))
event_buffer.Append(TestEvent(123456, u'Now is now'))
event_buffer.Append(TestEvent(123456, u'Different again :)'))
self._CheckBufferLength(event_buffer, 2)
event_buffer.Append(TestEvent(123457, u'Now is different'))
self._CheckBufferLength(event_buffer, 1)
def setUp(self):
"""Sets up the objects needed for this test."""
output_mediator = self._CreateOutputMediator()
self._output_writer = cli_test_lib.TestOutputWriter()
self.formatter = l2t_csv.L2TCSVOutputModule(
output_mediator, output_writer=self._output_writer)
self.event_object = L2tTestEvent()
def testPrintColumnValue(self):
"""Tests the PrintColumnValue function."""
output_writer = test_lib.TestOutputWriter()
cli_tool = tools.CLITool(output_writer=output_writer)
cli_tool.PrintColumnValue(u'Name', u'Description')
string = output_writer.ReadOutput()
expected_string = b' Name : Description\n'
self.assertEqual(string, expected_string)
cli_tool.PrintColumnValue(u'Name', u'Description', column_width=10)
string = output_writer.ReadOutput()
expected_string = b' Name : Description\n'
self.assertEqual(string, expected_string)
with self.assertRaises(ValueError):
cli_tool.PrintColumnValue(u'Name',
u'Description',
column_width=-10)
# TODO: determine if this is the desired behavior.
cli_tool.PrintColumnValue(u'Name', u'Description', column_width=100)
string = output_writer.ReadOutput()
expected_string = (
b' '
b' Name : \n'
b' '
b' Description\n')
self.assertEqual(string, expected_string)
def testOutput(self):
"""Testing if psort can output data."""
formatters_manager.FormattersManager.RegisterFormatter(
PsortTestEventFormatter)
events = []
events.append(PsortTestEvent(5134324321))
events.append(PsortTestEvent(2134324321))
events.append(PsortTestEvent(9134324321))
events.append(PsortTestEvent(15134324321))
events.append(PsortTestEvent(5134324322))
events.append(PsortTestEvent(5134024321))
output_writer = cli_test_lib.TestOutputWriter()
with test_lib.TempDirectory() as dirname:
temp_file = os.path.join(dirname, u'plaso.db')
storage_file = storage.StorageFile(temp_file, read_only=False)
pfilter.TimeRangeCache.ResetTimeConstraints()
storage_file.SetStoreLimit()
storage_file.AddEventObjects(events)
storage_file.Close()
with storage.StorageFile(temp_file) as storage_file:
storage_file.store_range = [1]
output_mediator_object = output_mediator.OutputMediator(
self._formatter_mediator, storage_file)
output_module = TestOutputModule(output_mediator_object,
output_writer=output_writer)
event_buffer = TestEventBuffer(output_module,
check_dedups=False,
store=storage_file)
self._front_end.ProcessOutput(storage_file, event_buffer)
event_buffer.Flush()
lines = []
output = output_writer.ReadOutput()
for line in output.split(b'\n'):
if line == b'.':
continue
if line:
lines.append(line)
# One more line than events (header row).
self.assertEqual(len(lines), 7)
self.assertTrue(b'My text goes along: My text dude. lines' in lines[2])
self.assertTrue(b'LOG/' in lines[2])
self.assertTrue(b'None in Particular' in lines[2])
self.assertEqual(lines[0], (
b'date,time,timezone,MACB,source,sourcetype,type,user,host,short,desc,'
b'version,filename,inode,notes,format,extra'))
formatters_manager.FormattersManager.DeregisterFormatter(
PsortTestEventFormatter)
def testPrintSeparatorLine(self):
"""Tests the PrintSeparatorLine function."""
output_writer = test_lib.TestOutputWriter()
cli_tool = tools.CLITool(output_writer=output_writer)
cli_tool.PrintSeparatorLine()
string = output_writer.ReadOutput()
expected_string = (b'----------------------------------------'
b'----------------------------------------\n')
self.assertEqual(string, expected_string)
def testHeader(self):
"""Tests the WriteHeader function."""
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = dynamic.DynamicOutputModule(
output_mediator, output_writer=output_writer)
expected_header = (
b'datetime,timestamp_desc,source,source_long,message,parser,'
b'display_name,tag,store_number,store_index\n')
output_module.WriteHeader()
header = output_writer.ReadOutput()
self.assertEqual(header, expected_header)
filter_object = FakeFilter([
u'date', u'time', u'message', u'hostname', u'filename', u'some_stuff'])
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = dynamic.DynamicOutputModule(
output_mediator, fields_filter=filter_object,
output_writer=output_writer)
expected_header = b'date,time,message,hostname,filename,some_stuff\n'
output_module.WriteHeader()
header = output_writer.ReadOutput()
self.assertEqual(header, expected_header)
filter_object = FakeFilter(
[u'date', u'time', u'message', u'hostname', u'filename', u'some_stuff'],
separator='@')
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = dynamic.DynamicOutputModule(
output_mediator, fields_filter=filter_object,
output_writer=output_writer)
expected_header = b'date@time@message@hostname@filename@some_stuff\n'
output_module.WriteHeader()
header = output_writer.ReadOutput()
self.assertEqual(header, expected_header)
def testPrintHeader(self):
"""Tests the PrintHeader function."""
output_writer = test_lib.TestOutputWriter()
cli_tool = tools.CLITool(output_writer=output_writer)
cli_tool.PrintHeader(u'Text')
string = output_writer.ReadOutput()
expected_string = (b'\n'
b'************************************* '
b'Text '
b'*************************************\n')
self.assertEqual(string, expected_string)
cli_tool.PrintHeader(u'Another Text', character=u'x')
string = output_writer.ReadOutput()
expected_string = (b'\n'
b'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx '
b'Another Text '
b'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n')
self.assertEqual(string, expected_string)
# TODO: determine if this is the desired behavior.
cli_tool.PrintHeader(u'')
string = output_writer.ReadOutput()
expected_string = (b'\n'
b'*************************************** '
b' '
b'***************************************\n')
self.assertEqual(string, expected_string)
# TODO: determine if this is the desired behavior.
cli_tool.PrintHeader(None)
string = output_writer.ReadOutput()
expected_string = (b'\n'
b'************************************* '
b'None '
b'*************************************\n')
self.assertEqual(string, expected_string)
# TODO: determine if this is the desired behavior.
expected_string = (
u'\n '
u'In computer programming, a string is traditionally a sequence '
u'of characters, either as a literal constant or as some kind of '
u'variable. \n')
cli_tool.PrintHeader(expected_string[2:-2])
string = output_writer.ReadOutput()
self.assertEqual(string, expected_string)
def testOutput(self):
"""Tests an implementation of output module."""
events = [
TestEvent(123456, u'My Event Is Now!'),
TestEvent(123458, u'There is no tomorrow.'),
TestEvent(123462, u'Tomorrow is now.'),
TestEvent(123489, u'This is just some stuff to fill the line.')
]
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = TestOutputModule(output_mediator,
output_writer=output_writer)
output_module.WriteHeader()
for event_object in events:
output_module.WriteEvent(event_object)
output_module.WriteFooter()
expected_output = (
b'<EventFile>\n'
b'<Event>\n'
b'\t<Date>03/01/2012</Date>\n'
b'\t<Time>123456</Time>\n'
b'\t<Entry>My Event Is Now!</Entry>\n'
b'</Event>\n'
b'<Event>\n'
b'\t<Date>03/01/2012</Date>\n'
b'\t<Time>123458</Time>\n'
b'\t<Entry>There is no tomorrow.</Entry>\n'
b'</Event>\n'
b'<Event>\n'
b'\t<Date>03/01/2012</Date>\n'
b'\t<Time>123462</Time>\n'
b'\t<Entry>Tomorrow is now.</Entry>\n'
b'</Event>\n'
b'<Event>\n'
b'\t<Date>03/01/2012</Date>\n'
b'\t<Time>123489</Time>\n'
b'\t<Entry>This is just some stuff to fill the line.</Entry>\n'
b'</Event>\n'
b'</EventFile>\n')
output = output_writer.ReadOutput()
self.assertEqual(output, expected_output)
def testWriteUtf8(self):
"""Tests the Write function with UTF-8 encoding."""
output_writer = test_lib.TestOutputWriter()
output_writer.Write(u'A first string\n')
string = output_writer.ReadOutput()
self.assertEqual(string, b'A first string\n')
# Byte string with ASCII characters.
output_writer.Write(b'A 2nd string\n')
string = output_writer.ReadOutput()
self.assertEqual(string, b'A 2nd string\n')
# Unicode string with non-ASCII characters.
output_writer.Write(u'þriðja string\n')
string = output_writer.ReadOutput()
self.assertEqual(string, b'\xc3\xberi\xc3\xb0ja string\n')
# Byte string with non-ASCII characters.
with self.assertRaises(UnicodeDecodeError):
# This fails because the byte string cannot be converted to
# a Unicode string before the call to encode().
output_writer.Write(b'\xc3\xberi\xc3\xb0ja string\n')
def testPrintStorageInformation(self):
"""Tests the PrintStorageInformation function."""
# Make sure the test outputs UTF-8.
output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
test_tool = pinfo.PinfoTool(output_writer=output_writer)
options = frontend.Options()
options.storage_file = self._GetTestFilePath([u'psort_test.out'])
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
# TODO: clean up output so that u'...' is not generated.
expected_output = (
b'---------------------------------------------------------------------'
b'-----------\n'
b'\t\tPlaso Storage Information\n'
b'---------------------------------------------------------------------'
b'-----------\n'
b'Storage file:\t\t{0:s}\n'
b'Source processed:\tsyslog\nTime of processing:\t'
b'2014-02-15T04:33:16+00:00\n'
b'\n'
b'Collection information:\n'
b'\tparser_selection = \n'
b'\tos_detected = N/A\n'
b'\tconfigured_zone = UTC\n'
b'\tdebug = False\n'
b'\tparsers = [u\'sqlite\', u\'winfirewall\', u\'selinux\', '
b'u\'recycle_bin\', u\'filestat\', u\'syslog\', u\'lnk\', '
b'u\'xchatscrollback\', u\'symantec_scanlog\', u\'recycle_bin_info2\', '
b'u\'winevtx\', u\'plist\', u\'bsm_log\', u\'mac_keychain\', '
b'u\'mac_securityd\', u\'utmp\', u\'asl_log\', u\'opera_global\', '
b'u\'winjob\', u\'prefetch\', u\'winreg\', u\'msiecf\', u\'bencode\', '
b'u\'skydrive_log\', u\'openxml\', u\'utmpx\', u\'winevt\', '
b'u\'hachoir\', u\'opera_typed_history\', u\'mac_appfirewall_log\', '
b'u\'olecf\', u\'xchatlog\', u\'macwifi\', u\'mactime\', '
b'u\'java_idx\', u\'mcafee_protection\', u\'skydrive_log_error\']\n'
b'\tprotobuf_size = 300\n'
b'\tvss parsing = False\n'
b'\trecursive = False\n'
b'\tpreferred_encoding = UTF-8\n'
b'\tworkers = 12\n'
b'\toutput_file = psort_test.out\n'
b'\tversion = 1.1.0-dev_20140213\n'
b'\tcmd_line = /usr/local/bin/log2timeline.py psort_test.out syslog '
b'--buffer_size=300\n'
b'\tpreprocess = False\n'
b'\truntime = multi threaded\n'
b'\tmethod = OS collection\n'
b'\n'
b'Parser counter information:\n'
b'\tCounter: total = 15\n'
b'\tCounter: syslog = 12\n'
b'\tCounter: filestat = 3\n'
b'\n'
b'Store information:\n'
b'\tNumber of available stores: 7\n'
b'\tStore information details omitted (to see use: --verbose)\n'
b'\n'
b'Preprocessing information omitted (to see use: --verbose).\n'
b'\n'
b'No reports stored.\n'
b'-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+'
b'-+-+-+-+-+-+').format(options.storage_file.encode(u'utf-8'))
output = output_writer.ReadOutput()
self.assertEqual(output, expected_output)