def testProcessSources(self):
"""Tests the ProcessSources function."""
test_front_end = extraction_frontend.ExtractionFrontend()
test_file = self._GetTestFilePath([u'ímynd.dd'])
volume_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file)
path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK, location=u'/',
parent=volume_path_spec)
source_type = dfvfs_definitions.SOURCE_TYPE_STORAGE_MEDIA_IMAGE
with shared_test_lib.TempDirectory() as temp_directory:
storage_file_path = os.path.join(temp_directory, u'plaso.db')
test_front_end.SetStorageFile(storage_file_path=storage_file_path)
test_front_end.ProcessSources([path_spec], source_type)
try:
storage_file = storage_zip_file.StorageFile(
storage_file_path, read_only=True)
except IOError:
self.fail(u'Unable to open storage file after processing.')
# Make sure we can read events from the storage.
event_object = storage_file.GetSortedEntry()
self.assertIsNotNone(event_object)
self.assertGreaterEqual(event_object.data_type, u'fs:stat')
self.assertGreaterEqual(event_object.filename, u'/lost+found')
def testProcessSources(self):
"""Tests the ProcessSources function."""
test_front_end = extraction_frontend.ExtractionFrontend()
storage_file_path = os.path.join(self._temp_directory, u'plaso.db')
test_front_end.SetStorageFile(storage_file_path=storage_file_path)
test_file = self._GetTestFilePath([u'ímynd.dd'])
volume_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file)
path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK,
location=u'/',
parent=volume_path_spec)
# TODO: move source_scanner.SourceScannerContext.SOURCE_TYPE_
# to definitions.SOURCE_TYPE_.
source_type = (source_scanner.SourceScannerContext.
SOURCE_TYPE_STORAGE_MEDIA_IMAGE)
test_front_end.ProcessSources([path_spec], source_type)
try:
storage_file = storage.StorageFile(storage_file_path,
read_only=True)
except IOError:
self.fail(u'Not a storage file.')
# Make sure we can read an event out of the storage.
event_object = storage_file.GetSortedEntry()
self.assertIsNotNone(event_object)
def testGetNamesOfParsersWithPlugins(self):
"""Tests the GetNamesOfParsersWithPlugins function."""
test_front_end = extraction_frontend.ExtractionFrontend()
parsers_names = test_front_end.GetNamesOfParsersWithPlugins()
self.assertGreaterEqual(len(parsers_names), 1)
self.assertIn(u'winreg', parsers_names)
def testGetParsersInformation(self):
"""Tests the GetParsersInformation function."""
test_front_end = extraction_frontend.ExtractionFrontend()
parsers_information = test_front_end.GetParsersInformation()
self.assertGreaterEqual(len(parsers_information), 1)
available_parser_names = [name for name, _ in parsers_information]
self.assertIn(u'filestat', available_parser_names)
def testGetHashersInformation(self):
"""Tests the GetHashersInformation function."""
test_front_end = extraction_frontend.ExtractionFrontend()
hashers_information = test_front_end.GetHashersInformation()
self.assertGreaterEqual(len(hashers_information), 3)
available_hasher_names = [name for name, _ in hashers_information]
self.assertIn(u'sha1', available_hasher_names)
self.assertIn(u'sha256', available_hasher_names)
def testEnableAndDisableProfiling(self):
"""Tests the EnableProfiling and DisableProfiling functions."""
test_front_end = extraction_frontend.ExtractionFrontend()
self.assertFalse(test_front_end._enable_profiling)
test_front_end.EnableProfiling()
self.assertTrue(test_front_end._enable_profiling)
test_front_end.DisableProfiling()
self.assertFalse(test_front_end._enable_profiling)
def testGetParserPresetsInformation(self):
"""Tests the GetParserPresetsInformation function."""
test_front_end = extraction_frontend.ExtractionFrontend()
parser_presets_information = test_front_end.GetParserPresetsInformation(
)
self.assertGreaterEqual(len(parser_presets_information), 1)
available_parser_names = []
for name, _ in parser_presets_information:
available_parser_names.append(name)
self.assertIn(u'linux', available_parser_names)
def _TestScanSourceVssImage(self, test_file):
"""Tests the ScanSource function on the VSS test image.
Args:
test_file: the path of the test file.
"""
test_front_end = extraction_frontend.ExtractionFrontend(
self._input_reader, self._output_writer)
options = frontend.Options()
options.source = test_file
options.vss_stores = '1,2'
test_front_end.ParseOptions(options)
test_front_end.ScanSource(options)
path_spec = test_front_end.GetSourcePathSpec()
self.assertNotEqual(path_spec, None)
self.assertEqual(path_spec.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_TSK)
# pylint: disable=protected-access
self.assertEqual(test_front_end._partition_offset, 0)
self.assertEqual(test_front_end._vss_stores, [1, 2])
options = frontend.Options()
options.source = test_file
options.vss_stores = '1'
test_front_end.ParseOptions(options)
test_front_end.ScanSource(options)
path_spec = test_front_end.GetSourcePathSpec()
self.assertNotEqual(path_spec, None)
self.assertEqual(path_spec.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_TSK)
# pylint: disable=protected-access
self.assertEqual(test_front_end._partition_offset, 0)
self.assertEqual(test_front_end._vss_stores, [1])
options = frontend.Options()
options.source = test_file
options.vss_stores = 'all'
test_front_end.ParseOptions(options)
test_front_end.ScanSource(options)
path_spec = test_front_end.GetSourcePathSpec()
self.assertNotEqual(path_spec, None)
self.assertEqual(path_spec.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_TSK)
# pylint: disable=protected-access
self.assertEqual(test_front_end._partition_offset, 0)
self.assertEqual(test_front_end._vss_stores, [1, 2])
def testParseOptions(self):
"""Tests the parse options function."""
test_front_end = extraction_frontend.ExtractionFrontend(
self._input_reader, self._output_writer)
options = frontend.Options()
with self.assertRaises(errors.BadConfigOption):
test_front_end.ParseOptions(options)
options.source = self._GetTestFilePath([u'ímynd.dd'])
test_front_end.ParseOptions(options)
def _TestScanSourcePartitionedImage(self, test_file):
"""Tests the ScanSource function on the partitioned test image.
Args:
test_file: the path of the test file.
"""
test_front_end = extraction_frontend.ExtractionFrontend(
self._input_reader, self._output_writer)
options = frontend.Options()
options.source = test_file
options.image_offset_bytes = 0x0002c000
test_front_end.ParseOptions(options)
test_front_end.ScanSource(options)
path_spec = test_front_end.GetSourcePathSpec()
self.assertNotEqual(path_spec, None)
self.assertEqual(path_spec.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_TSK)
# pylint: disable=protected-access
self.assertEqual(test_front_end._partition_offset, 180224)
options = frontend.Options()
options.source = test_file
options.image_offset = 352
options.bytes_per_sector = 512
test_front_end.ParseOptions(options)
test_front_end.ScanSource(options)
path_spec = test_front_end.GetSourcePathSpec()
self.assertNotEqual(path_spec, None)
self.assertEqual(path_spec.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_TSK)
# pylint: disable=protected-access
self.assertEqual(test_front_end._partition_offset, 180224)
options = frontend.Options()
options.source = test_file
options.partition_number = 2
test_front_end.ParseOptions(options)
test_front_end.ScanSource(options)
path_spec = test_front_end.GetSourcePathSpec()
self.assertNotEqual(path_spec, None)
self.assertEqual(path_spec.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_TSK)
# pylint: disable=protected-access
self.assertEqual(test_front_end._partition_offset, 180224)
def testProcessSource(self):
"""Tests the ProcessSource function."""
test_front_end = extraction_frontend.ExtractionFrontend()
source_file = self._GetTestFilePath([u'ímynd.dd'])
storage_file_path = os.path.join(self._temp_directory, u'plaso.db')
test_front_end.SetStorageFile(storage_file_path=storage_file_path)
test_front_end.ScanSource(source_file)
test_front_end.ProcessSource()
try:
storage_file = storage.StorageFile(storage_file_path, read_only=True)
except IOError:
self.fail(u'Not a storage file.')
# Make sure we can read an event out of the storage.
event_object = storage_file.GetSortedEntry()
self.assertIsNotNone(event_object)
def _TestScanSourceDirectory(self, test_file):
"""Tests the ScanSource function on a directory.
Args:
test_file: the path of the test file.
"""
test_front_end = extraction_frontend.ExtractionFrontend(
self._input_reader, self._output_writer)
options = frontend.Options()
options.source = test_file
test_front_end.ParseOptions(options)
test_front_end.ScanSource(options)
path_spec = test_front_end.GetSourcePathSpec()
self.assertNotEqual(path_spec, None)
self.assertEqual(path_spec.location, os.path.abspath(test_file))
self.assertEqual(path_spec.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_OS)
# pylint: disable=protected-access
self.assertEqual(test_front_end._partition_offset, None)
def testProcessSources(self):
"""Tests the ProcessSources function."""
session = sessions.Session()
test_front_end = extraction_frontend.ExtractionFrontend()
test_file = self._GetTestFilePath([u'ímynd.dd'])
volume_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file)
path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK,
location=u'/',
parent=volume_path_spec)
source_type = dfvfs_definitions.SOURCE_TYPE_STORAGE_MEDIA_IMAGE
with shared_test_lib.TempDirectory() as temp_directory:
storage_file_path = os.path.join(temp_directory, u'storage.plaso')
storage_writer = storage_zip_file.ZIPStorageFileWriter(
session, storage_file_path)
test_front_end.ProcessSources(session, storage_writer, [path_spec],
source_type)
storage_file = storage_zip_file.ZIPStorageFile()
try:
storage_file.Open(path=storage_file_path)
except IOError:
self.fail(u'Unable to open storage file after processing.')
# Make sure we can read events from the storage.
event_objects = list(storage_file.GetEvents())
self.assertNotEqual(len(event_objects), 0)
event_object = event_objects[0]
self.assertEqual(event_object.data_type, u'fs:stat')
self.assertEqual(event_object.filename, u'/lost+found')
def testSetEnableProfiling(self):
"""Tests the SetEnableProfiling function."""
test_front_end = extraction_frontend.ExtractionFrontend()
test_front_end.SetEnableProfiling(
True, profiling_sample_rate=5000, profiling_type=u'all')
def testSetDebugMode(self): """Tests the SetDebugMode function.""" test_front_end = extraction_frontend.ExtractionFrontend() test_front_end.SetDebugMode(enable_debug=True)
def testSetEnablePreprocessing(self): """Tests the SetEnablePreprocessing function.""" test_front_end = extraction_frontend.ExtractionFrontend() test_front_end.SetEnablePreprocessing(True)
def testSetUseZeroMQ(self): """Tests the SetUseZeroMQ function.""" test_front_end = extraction_frontend.ExtractionFrontend() test_front_end.SetUseZeroMQ(use_zeromq=True)
def testSetUseOldPreprocess(self): """Tests the SetUseOldPreprocess function.""" test_front_end = extraction_frontend.ExtractionFrontend() test_front_end.SetUseOldPreprocess(True)
def testSetTextPrepend(self): """Tests the SetTextPrepend function.""" test_front_end = extraction_frontend.ExtractionFrontend() test_front_end.SetTextPrepend(u'prepended text')
def testSetStorageFile(self): """Tests the SetStorageFile function.""" test_front_end = extraction_frontend.ExtractionFrontend() test_front_end.SetStorageFile(u'/tmp/test.plaso')
def testSetShowMemoryInformation(self): """Tests the SetShowMemoryInformation function.""" test_front_end = extraction_frontend.ExtractionFrontend() test_front_end.SetShowMemoryInformation(show_memory=False)
