def testGetNormalizedTimestamp(self): """Tests the _GetNormalizedTimestamp function.""" ole_automation_date_object = ole_automation_date.OLEAutomationDate( timestamp=43044.480556) expected_normalized_timestamp = decimal.Decimal( '1509881520.038400194607675076') normalized_timestamp = ole_automation_date_object._GetNormalizedTimestamp( ) self.assertEqual(normalized_timestamp, expected_normalized_timestamp) ole_automation_date_object = ole_automation_date.OLEAutomationDate( time_zone_offset=60, timestamp=43044.480556) expected_normalized_timestamp = decimal.Decimal( '1509877920.038400194607675076') normalized_timestamp = ole_automation_date_object._GetNormalizedTimestamp( ) self.assertEqual(normalized_timestamp, expected_normalized_timestamp) ole_automation_date_object = ole_automation_date.OLEAutomationDate() normalized_timestamp = ole_automation_date_object._GetNormalizedTimestamp( ) self.assertIsNone(normalized_timestamp)
def testProperties(self): """Tests the properties.""" ole_automation_date_object = ole_automation_date.OLEAutomationDate( timestamp=43044.480556) self.assertEqual(ole_automation_date_object.timestamp, 43044.480556) ole_automation_date_object = ole_automation_date.OLEAutomationDate() self.assertIsNone(ole_automation_date_object.timestamp)
def testCopyToDateTimeString(self): """Tests the CopyToDateTimeString function.""" ole_automation_date_object = ole_automation_date.OLEAutomationDate( timestamp=43044.480556) date_time_string = ole_automation_date_object.CopyToDateTimeString() self.assertEqual(date_time_string, '2017-11-05 11:32:00.038400') ole_automation_date_object = ole_automation_date.OLEAutomationDate() date_time_string = ole_automation_date_object.CopyToDateTimeString() self.assertIsNone(date_time_string)
def testGetTimeOfDay(self): """Tests the GetTimeOfDay function.""" ole_automation_date_object = ole_automation_date.OLEAutomationDate( timestamp=43044.480556) time_of_day_tuple = ole_automation_date_object.GetTimeOfDay() self.assertEqual(time_of_day_tuple, (11, 32, 0)) ole_automation_date_object = ole_automation_date.OLEAutomationDate() time_of_day_tuple = ole_automation_date_object.GetTimeOfDay() self.assertEqual(time_of_day_tuple, (None, None, None))
def testGetDate(self): """Tests the GetDate function.""" ole_automation_date_object = ole_automation_date.OLEAutomationDate( timestamp=43044.480556) date_tuple = ole_automation_date_object.GetDate() self.assertEqual(date_tuple, (2017, 11, 5)) ole_automation_date_object = ole_automation_date.OLEAutomationDate() date_tuple = ole_automation_date_object.GetDate() self.assertEqual(date_tuple, (None, None, None))
def testGetDateWithTimeOfDay(self): """Tests the GetDateWithTimeOfDay function.""" ole_automation_date_object = ole_automation_date.OLEAutomationDate( timestamp=43044.480556) date_with_time_of_day_tuple = ( ole_automation_date_object.GetDateWithTimeOfDay()) self.assertEqual(date_with_time_of_day_tuple, (2017, 11, 5, 11, 32, 0)) ole_automation_date_object = ole_automation_date.OLEAutomationDate() date_with_time_of_day_tuple = ( ole_automation_date_object.GetDateWithTimeOfDay()) self.assertEqual(date_with_time_of_day_tuple, (None, None, None, None, None, None))
def testCopyFromDateTimeString(self): """Tests the CopyFromDateTimeString function.""" ole_automation_date_object = ole_automation_date.OLEAutomationDate() expected_timestamp = 43044.0 ole_automation_date_object.CopyFromDateTimeString('2017-11-05') self.assertEqual(ole_automation_date_object.timestamp, expected_timestamp) expected_timestamp = 43044.48055555555 ole_automation_date_object.CopyFromDateTimeString('2017-11-05 11:32:00') self.assertEqual(ole_automation_date_object.timestamp, expected_timestamp) expected_timestamp = 43044.480561885124 ole_automation_date_object.CopyFromDateTimeString( '2017-11-05 11:32:00.546875') self.assertEqual(ole_automation_date_object.timestamp, expected_timestamp) expected_timestamp = 43044.522228551796 ole_automation_date_object.CopyFromDateTimeString( '2017-11-05 11:32:00.546875-01:00') self.assertEqual(ole_automation_date_object.timestamp, expected_timestamp) expected_timestamp = 43044.43889521846 ole_automation_date_object.CopyFromDateTimeString( '2017-11-05 11:32:00.546875+01:00') self.assertEqual(ole_automation_date_object.timestamp, expected_timestamp) expected_timestamp = 2.0 ole_automation_date_object.CopyFromDateTimeString('1900-01-01 00:00:00') self.assertEqual(ole_automation_date_object.timestamp, expected_timestamp)
def testCopyFromDateTimeString(self): """Tests the CopyFromDateTimeString function.""" ole_automation_date_object = ole_automation_date.OLEAutomationDate() ole_automation_date_object.CopyFromDateTimeString('2017-11-05') self.assertEqual(ole_automation_date_object._timestamp, 43044.0) self.assertEqual(ole_automation_date_object._time_zone_offset, 0) ole_automation_date_object.CopyFromDateTimeString( '2017-11-05 11:32:00') self.assertEqual(ole_automation_date_object._timestamp, 43044.48055555555) self.assertEqual(ole_automation_date_object._time_zone_offset, 0) ole_automation_date_object.CopyFromDateTimeString( '2017-11-05 11:32:00.546875') self.assertEqual(ole_automation_date_object._timestamp, 43044.480561885124) self.assertEqual(ole_automation_date_object._time_zone_offset, 0) ole_automation_date_object.CopyFromDateTimeString( '2017-11-05 11:32:00.546875-01:00') self.assertEqual(ole_automation_date_object._timestamp, 43044.480561885124) self.assertEqual(ole_automation_date_object._time_zone_offset, -60) ole_automation_date_object.CopyFromDateTimeString( '2017-11-05 11:32:00.546875+01:00') self.assertEqual(ole_automation_date_object._timestamp, 43044.480561885124) self.assertEqual(ole_automation_date_object._time_zone_offset, 60) ole_automation_date_object.CopyFromDateTimeString( '1900-01-01 00:00:00') self.assertEqual(ole_automation_date_object._timestamp, 2.0) self.assertEqual(ole_automation_date_object._time_zone_offset, 0)
def _ParseGUIDTable(self, parser_mediator, cache, database, esedb_table, values_map, event_data_class): """Parses a table with a GUID as name. Args: parser_mediator (ParserMediator): mediates interactions between parsers and other components, such as storage and dfvfs. cache (ESEDBCache): cache, which contains information about the identifiers stored in the SruDbIdMapTable table. database (pyesedb.file): ESE database. esedb_table (pyesedb.table): table. values_map (dict[str, str]): mapping of table columns to event data attribute names. event_data_class (type): event data class. Raises: ValueError: if the cache, database or table value is missing. """ if cache is None: raise ValueError('Missing cache value.') if database is None: raise ValueError('Missing database value.') if esedb_table is None: raise ValueError('Missing table value.') identifier_mappings = self._GetIdentifierMappings( parser_mediator, cache, database) for esedb_record in esedb_table.records: if parser_mediator.abort: break record_values = self._GetRecordValues( parser_mediator, esedb_table.name, esedb_record, value_mappings=self._GUID_TABLE_VALUE_MAPPINGS) event_data = event_data_class() for attribute_name, column_name in values_map.items(): record_value = record_values.get(column_name, None) if attribute_name in ('application', 'user_identifier'): # Human readable versions of AppId and UserId values are stored # in the SruDbIdMapTable table; also referred to as identifier # mapping. Here we look up the numeric identifier stored in the GUID # table in SruDbIdMapTable. record_value = identifier_mappings.get( record_value, record_value) setattr(event_data, attribute_name, record_value) timestamp = record_values.get('TimeStamp') if timestamp: date_time = dfdatetime_ole_automation_date.OLEAutomationDate( timestamp=timestamp) timestamp_description = definitions.TIME_DESCRIPTION_SAMPLE else: date_time = dfdatetime_semantic_time.SemanticTime('Not set') timestamp_description = definitions.TIME_DESCRIPTION_NOT_A_TIME event = time_events.DateTimeValuesEvent(date_time, timestamp_description) parser_mediator.ProduceEventWithEventData(event, event_data) timestamp = record_values.get('ConnectStartTime') if timestamp: date_time = dfdatetime_filetime.Filetime(timestamp=timestamp) event = time_events.DateTimeValuesEvent( date_time, definitions.TIME_DESCRIPTION_FIRST_CONNECTED) parser_mediator.ProduceEventWithEventData(event, event_data)