def testReadRecord(self):
"""Tests the _ReadRecord function."""
output_writer = test_lib.TestOutputWriter()
test_file = bsm.BSMEventAuditingFile(output_writer=output_writer)
test_file_path = self._GetTestFilePath(['openbsm.bsm'])
with open(test_file_path, 'rb') as file_object:
test_file._ReadRecord(file_object, 0)
def testReadFileObjectWithAppleBSM(self):
"""Tests the ReadFileObject function with an Apple BSM file."""
output_writer = test_lib.TestOutputWriter()
test_file = bsm.BSMEventAuditingFile(debug=True,
output_writer=output_writer)
test_file_path = self._GetTestFilePath(['apple.bsm'])
test_file.Open(test_file_path)
def Main():
"""The main program function.
Returns:
bool: True if successful or False if not.
"""
argument_parser = argparse.ArgumentParser(
description=('Extracts information from BSM event auditing files.'))
argument_parser.add_argument('-d',
'--debug',
dest='debug',
action='store_true',
default=False,
help='enable debug output.')
argument_parser.add_argument('source',
nargs='?',
action='store',
metavar='PATH',
default=None,
help='path of the BSM event auditing file.')
options = argument_parser.parse_args()
if not options.source:
print('Source file missing.')
print('')
argument_parser.print_help()
print('')
return False
logging.basicConfig(level=logging.INFO,
format='[%(levelname)s] %(message)s')
output_writer = output_writers.StdoutWriter()
try:
output_writer.Open()
except IOError as exception:
print(
'Unable to open output writer with error: {0!s}'.format(exception))
print('')
return False
log_file = bsm.BSMEventAuditingFile(debug=options.debug,
output_writer=output_writer)
log_file.Open(options.source)
print('BSM event auditing information:')
print('')
log_file.Close()
output_writer.Close()
return True
def testFormatIntegerAsNetType(self):
"""Tests the _FormatIntegerAsNetType function."""
test_file = bsm.BSMEventAuditingFile()
formatted_net_type = test_file._FormatIntegerAsNetType(4)
self.assertEqual(formatted_net_type, '4')
with self.assertRaises(errors.ParseError):
test_file._FormatIntegerAsNetType(0)
def testReadToken(self):
"""Tests the _ReadToken function."""
output_writer = test_lib.TestOutputWriter()
test_file = bsm.BSMEventAuditingFile(output_writer=output_writer)
test_file_path = self._GetTestFilePath(['openbsm.bsm'])
with open(test_file_path, 'rb') as file_object:
token_type, token_data = test_file._ReadToken(file_object, 0)
self.assertEqual(token_type, 20)
self.assertIsNotNone(token_data)
def testFormatArrayOfIntegersAsIPAddress(self):
"""Tests the _FormatArrayOfIntegersAsIPAddress function."""
test_file = bsm.BSMEventAuditingFile()
ip_address = [127, 0, 0, 1]
formatted_ip_address = test_file._FormatArrayOfIntegersAsIPAddress(
ip_address)
self.assertEqual(formatted_ip_address, '127.0.0.1')
ip_address = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1]
formatted_ip_address = test_file._FormatArrayOfIntegersAsIPAddress(
ip_address)
self.assertEqual(formatted_ip_address,
'0000:0000:0000:0000:0000:0000:0000:0001')
ip_address = []
formatted_ip_address = test_file._FormatArrayOfIntegersAsIPAddress(
ip_address)
self.assertIsNone(formatted_ip_address)
def testFormatString(self):
"""Tests the _FormatString function."""
test_file = bsm.BSMEventAuditingFile()
formatted_string = test_file._FormatString('string\x00')
self.assertEqual(formatted_string, 'string')
def testFormatIntegerAsEventType(self):
"""Tests the _FormatIntegerAsEventType function."""
test_file = bsm.BSMEventAuditingFile()
formatted_event_type = test_file._FormatIntegerAsEventType(1)
self.assertEqual(formatted_event_type, '0x0001 (exit(2))')