Python OSXInstallHistoryPlistParser Examples

Programming Language: Python

Namespace/Package Name: grr_response_core.lib.parsers.osx_file_parser

Method/Function: OSXInstallHistoryPlistParser

Examples at hotexamples.com: 3

Python OSXInstallHistoryPlistParser - 3 examples found. These are the top rated real world Python examples of grr_response_core.lib.parsers.osx_file_parser.OSXInstallHistoryPlistParser extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

  def testOSXInstallHistoryPlistParser(self):
    parser = osx_file_parser.OSXInstallHistoryPlistParser()

    path = os.path.join(self.base_path, "parser_test", "InstallHistory.plist")
    with io.open(path, "rb") as plist_file:
      stat = rdf_client_fs.StatEntry(
          pathspec=rdf_paths.PathSpec(
              path=path, pathtype=rdf_paths.PathSpec.PathType.OS),
          st_mode=16887)
      results = list(parser.Parse(stat, plist_file, None))

    self.assertEqual(len(results), 4)
    self.assertTrue(isinstance(results[0], rdf_client.SoftwarePackage))

    # ESET AV
    self.assertEqual(results[0].name, "ESET NOD32 Antivirus")
    self.assertEqual(results[0].version, "")
    self.assertEqual(
        results[0].description,
        "com.eset.esetNod32Antivirus.ESETNOD32Antivirus.pkg,"
        "com.eset.esetNod32Antivirus.GUI_startup.pkg,"
        "com.eset.esetNod32Antivirus.pkgid.pkg,"
        "com.eset.esetNod32Antivirus.com.eset.esets_daemon.pkg,"
        "com.eset.esetNod32Antivirus.esetsbkp.pkg,"
        "com.eset.esetNod32Antivirus.esets_kac_64_106.pkg")
    # echo $(( $(date --date="2017-07-20T18:40:22Z" +"%s") * 1000000))
    self.assertEqual(results[0].installed_on, 1500576022000000)
    self.assertEqual(results[0].install_state,
                     rdf_client.SoftwarePackage.InstallState.INSTALLED)

    # old grr agent
    self.assertEqual(results[1].name, "grr")
    self.assertEqual(results[1].version, "")
    self.assertEqual(results[1].description, "com.google.code.grr.grr_3.2.1.0")
    # echo $(( $(date --date="2018-03-13T05:39:17Z" +"%s") * 1000000))
    self.assertEqual(results[1].installed_on, 1520919557000000)
    self.assertEqual(results[1].install_state,
                     rdf_client.SoftwarePackage.InstallState.INSTALLED)

    # new grr agent
    self.assertEqual(results[2].name, "grr")
    self.assertEqual(results[2].version, "")
    self.assertEqual(results[2].description, "com.google.code.grr.grr_3.2.3.2")
    # echo $(( $(date --date="2018-08-07T16:07:10Z" +"%s") * 1000000))
    self.assertEqual(results[2].installed_on, 1533658030000000)
    self.assertEqual(results[2].install_state,
                     rdf_client.SoftwarePackage.InstallState.INSTALLED)

    # Sierra
    self.assertEqual(results[3].name, "macOS Sierra Update")
    self.assertEqual(results[3].version, "10.12.6")
    self.assertEqual(
        results[3].description, "com.apple.pkg.update.os.10.12.6Patch.16G29,"
        "com.apple.pkg.FirmwareUpdate,"
        "com.apple.update.fullbundleupdate.16G29,"
        "com.apple.pkg.EmbeddedOSFirmware")
    # echo $(( $(date --date="2017-07-25T04:26:10Z" +"%s") * 1000000))
    self.assertEqual(results[3].installed_on, 1500956770000000)
    self.assertEqual(results[3].install_state,
                     rdf_client.SoftwarePackage.InstallState.INSTALLED)

Example #2

Show file

File: osx_file_parser_test.py Project: khanhgithead/grr

  def testOSXInstallHistoryPlistParserInvalidInput(self):
    parser = osx_file_parser.OSXInstallHistoryPlistParser()

    pathspec = rdf_paths.PathSpec.OS(path=os.path.join("foo", "bar", "baz"))
    contents = io.BytesIO("zażółć gęślą jaźń".encode("utf-8"))

    with self.assertRaises(parsers.ParseError) as context:
      list(parser.ParseFile(None, pathspec, contents))

    exception = context.exception
    self.assertIsInstance(exception.cause, plistlib.InvalidFileException)

Example #3

Show file

File: osx_file_parser_test.py Project: khanhgithead/grr

  def testOSXInstallHistoryPlistParser(self):
    parser = osx_file_parser.OSXInstallHistoryPlistParser()

    path = os.path.join(self.base_path, "parser_test", "InstallHistory.plist")
    pathspec = rdf_paths.PathSpec.OS(path=path)
    with io.open(path, "rb") as plist_file:
      results = list(parser.ParseFile(None, pathspec, plist_file))

    self.assertLen(results, 1)
    self.assertIsInstance(results[0], rdf_client.SoftwarePackages)
    packages = results[0].packages

    # ESET AV
    self.assertEqual(packages[0].name, "ESET NOD32 Antivirus")
    self.assertEqual(packages[0].version, "")
    self.assertEqual(
        packages[0].description,
        "com.eset.esetNod32Antivirus.ESETNOD32Antivirus.pkg,"
        "com.eset.esetNod32Antivirus.GUI_startup.pkg,"
        "com.eset.esetNod32Antivirus.pkgid.pkg,"
        "com.eset.esetNod32Antivirus.com.eset.esets_daemon.pkg,"
        "com.eset.esetNod32Antivirus.esetsbkp.pkg,"
        "com.eset.esetNod32Antivirus.esets_kac_64_106.pkg")
    self.assertEqual(
        packages[0].installed_on,
        time.HumanReadableToMicrosecondsSinceEpoch("2017-07-20T18:40:22Z"))
    self.assertEqual(packages[0].install_state,
                     rdf_client.SoftwarePackage.InstallState.INSTALLED)

    # old grr agent
    self.assertEqual(packages[1].name, "grr")
    self.assertEqual(packages[1].version, "")
    self.assertEqual(packages[1].description, "com.google.code.grr.grr_3.2.1.0")
    self.assertEqual(
        packages[1].installed_on,
        time.HumanReadableToMicrosecondsSinceEpoch("2018-03-13T05:39:17Z"))
    self.assertEqual(packages[1].install_state,
                     rdf_client.SoftwarePackage.InstallState.INSTALLED)

    # new grr agent
    self.assertEqual(packages[2].name, "grr")
    self.assertEqual(packages[2].version, "")
    self.assertEqual(packages[2].description, "com.google.code.grr.grr_3.2.3.2")
    self.assertEqual(
        packages[2].installed_on,
        time.HumanReadableToMicrosecondsSinceEpoch("2018-08-07T16:07:10Z"))
    self.assertEqual(packages[2].install_state,
                     rdf_client.SoftwarePackage.InstallState.INSTALLED)

    # Sierra
    self.assertEqual(packages[3].name, "macOS Sierra Update")
    self.assertEqual(packages[3].version, "10.12.6")
    self.assertEqual(
        packages[3].description, "com.apple.pkg.update.os.10.12.6Patch.16G29,"
        "com.apple.pkg.FirmwareUpdate,"
        "com.apple.update.fullbundleupdate.16G29,"
        "com.apple.pkg.EmbeddedOSFirmware")
    # echo $(( $(date --date="2017-07-25T04:26:10Z" +"%s") * 1000000))
    self.assertEqual(
        packages[3].installed_on,
        time.HumanReadableToMicrosecondsSinceEpoch("2017-07-25T04:26:10Z"))
    self.assertEqual(packages[3].install_state,
                     rdf_client.SoftwarePackage.InstallState.INSTALLED)

    # MacOS 11.2
    self.assertEqual(packages[4].name, "macOS 11.2")
    self.assertEqual(packages[4].version, "11.2")
    self.assertEqual(packages[4].description, "")
    self.assertEqual(
        packages[4].installed_on,
        time.HumanReadableToMicrosecondsSinceEpoch("2021-02-09T22:34:52Z"))
    self.assertEqual(packages[4].install_state,
                     rdf_client.SoftwarePackage.InstallState.INSTALLED)