def testProcessSourcesFilestat(self): """Test if the filestat and other parsers ran.""" output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8') test_tool = log2timeline.Log2TimelineTool(output_writer=output_writer) options = cli_test_lib.TestOptions() options.quiet = True options.parsers = u'filestat,pe' options.single_process = True options.status_view_mode = u'none' options.source = self._GetTestFilePath([u'test_pe.exe']) with shared_test_lib.TempDirectory() as temp_directory: options.output = os.path.join(temp_directory, u'storage.plaso') test_tool.ParseOptions(options) test_tool.ProcessSources() storage_file = storage_zip_file.ZIPStorageFile() try: storage_file.Open(path=options.output, read_only=True) except IOError as exception: self.fail(( u'Unable to open storage file after processing with error: ' u'{0:s}.').format(exception)) # There should be 3 filestat and 3 pe parser generated events. event_objects = list(storage_file.GetEvents()) self.assertEquals(len(event_objects), 6)
def testExtractEventsFromSourcesWithFilestat(self): """Tests the ExtractEventsFromSources function with filestat parser.""" output_writer = test_lib.TestOutputWriter(encoding='utf-8') test_tool = log2timeline_tool.Log2TimelineTool( output_writer=output_writer) options = test_lib.TestOptions() options.artifact_definitions_path = self._GetTestFilePath( ['artifacts']) options.quiet = True options.parsers = 'filestat,pe' options.single_process = True options.status_view_mode = 'none' options.source = self._GetTestFilePath(['test_pe.exe']) with shared_test_lib.TempDirectory() as temp_directory: options.storage_file = os.path.join(temp_directory, 'storage.plaso') options.storage_format = definitions.STORAGE_FORMAT_ZIP test_tool.ParseOptions(options) test_tool.ExtractEventsFromSources() storage_file = storage_zip_file.ZIPStorageFile() try: storage_file.Open(path=options.storage_file, read_only=True) except IOError as exception: self.fail(( 'Unable to open storage file after processing with error: ' '{0:s}.').format(exception)) # There should be 3 filestat and 3 pe parser generated events. events = list(storage_file.GetSortedEvents()) self.assertEqual(len(events), 6)
def testPopEvent(self): """Tests the PopEvent function.""" event_heap = event_heaps.SerializedStreamEventHeap() test_event = event_heap.PopEvent() self.assertEqual(test_event, (None, None)) with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'storage.plaso') storage_file = zip_file.ZIPStorageFile() storage_file.Open(path=temp_file, read_only=False) test_events = self._CreateTestEvents() for event in test_events: storage_file.AddEvent(event) event_heap.PushEvent(event) test_event, stream_number = event_heap.PopEvent() self.assertEqual(test_event, test_events[3]) self.assertEqual(stream_number, 1) test_event, _ = event_heap.PopEvent() self.assertEqual(test_event, test_events[2]) test_event, _ = event_heap.PopEvent() self.assertEqual(test_event, test_events[0]) test_event, _ = event_heap.PopEvent() self.assertEqual(test_event, test_events[1])
def CompareStorages(self): """Compares the contents of two storages. Returns: bool: True if the content of the storages is identical. """ storage_file = storage_zip_file.ZIPStorageFile() try: storage_file.Open(path=self._storage_file_path, read_only=True) except IOError as exception: logging.error( u'Unable to open storage file: {0:s} with error: {1:s}'.format( self._storage_file_path, exception)) return compare_storage_file = storage_zip_file.ZIPStorageFile() try: compare_storage_file.Open(path=self._compare_storage_file_path, read_only=True) except IOError as exception: logging.error( u'Unable to open storage file: {0:s} with error: {1:s}'.format( self._compare_storage_file_path, exception)) storage_file.Close() return try: result = self._CompareStorages(storage_file, compare_storage_file) finally: compare_storage_file.Close() storage_file.Close() if result: self._output_writer.Write(u'Storages are identical.\n') else: self._output_writer.Write(u'Storages are different.\n') return result
def CreateStorageFileForFile(cls, path): """Creates a storage file based on the file. Args: path (str): path to the storage file. Returns: StorageFile: a storage file or None if the storage file cannot be opened or the storage format is not supported. """ if storage_sqlite_file.SQLiteStorageFile.CheckSupportedFormat(path): return storage_sqlite_file.SQLiteStorageFile() elif storage_zip_file.ZIPStorageFile.CheckSupportedFormat(path): return storage_zip_file.ZIPStorageFile()
def testPushEvent(self): """Tests the PushEvent function.""" event_heap = event_heaps.SerializedStreamEventHeap() with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'storage.plaso') storage_file = zip_file.ZIPStorageFile() storage_file.Open(path=temp_file, read_only=False) test_events = self._CreateTestEvents() for event in test_events: storage_file.AddEvent(event) event_heap.PushEvent(event) self.assertEqual(event_heap.number_of_events, 4)
def PrintStorageInformation(self): """Prints the storage information.""" storage_file = storage_zip_file.ZIPStorageFile() try: storage_file.Open(path=self._storage_file_path, read_only=True) except IOError as exception: logging.error( u'Unable to open storage file: {0:s} with error: {1:s}'.format( self._storage_file_path, exception)) return try: self._PrintStorageInformation(storage_file) finally: storage_file.Close()
def _CreateTestStorageFile(self, path): """Creates a storage file for testing. Args: path (str): path. """ storage_file = storage_zip_file.ZIPStorageFile() storage_file.Open(path=path, read_only=False) # TODO: add preprocessing information. for timestamp, kwargs in self._TEST_EVENTS: event = TestEvent(timestamp, **kwargs) storage_file.AddEvent(event) storage_file.Close()
def _CreateTestStorageFile(self, path): """Creates a storage file for testing. Args: path (str): path. """ storage_file = storage_zip_file.ZIPStorageFile() storage_file.Open(path=path, read_only=False) # TODO: add preprocessing information. storage_file.AddEvent(TestEvent(5134324321)) storage_file.AddEvent(TestEvent(2134324321)) storage_file.AddEvent(TestEvent(9134324321)) storage_file.AddEvent(TestEvent(15134324321)) storage_file.AddEvent(TestEvent(5134324322)) storage_file.AddEvent(TestEvent(5134024321)) storage_file.Close()
def testProcessSources(self): """Tests the ProcessSources function.""" session = sessions.Session() test_front_end = extraction_frontend.ExtractionFrontend() test_file = self._GetTestFilePath([u'ímynd.dd']) volume_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file) path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_TSK, location=u'/', parent=volume_path_spec) source_type = dfvfs_definitions.SOURCE_TYPE_STORAGE_MEDIA_IMAGE with shared_test_lib.TempDirectory() as temp_directory: storage_file_path = os.path.join(temp_directory, u'storage.plaso') storage_writer = storage_zip_file.ZIPStorageFileWriter( session, storage_file_path) test_front_end.ProcessSources(session, storage_writer, [path_spec], source_type) storage_file = storage_zip_file.ZIPStorageFile() try: storage_file.Open(path=storage_file_path) except IOError: self.fail(u'Unable to open storage file after processing.') # Make sure we can read events from the storage. event_objects = list(storage_file.GetEvents()) self.assertNotEqual(len(event_objects), 0) event_object = event_objects[0] self.assertEqual(event_object.data_type, u'fs:stat') self.assertEqual(event_object.filename, u'/lost+found')