def testParseOptions(self):
"""Tests the ParseOptions function."""
options = cli_test_lib.TestOptions()
output_mediator = self._CreateOutputMediator()
output_module = sqlite_4n6time.SQLite4n6TimeOutputModule(output_mediator)
with self.assertRaises(errors.BadConfigOption):
sqlite_4n6time_output.SQLite4n6TimeOutputArgumentsHelper.ParseOptions(
options, output_module)
options.write = '4n6time.sqlite'
sqlite_4n6time_output.SQLite4n6TimeOutputArgumentsHelper.ParseOptions(
options, output_module)
with self.assertRaises(errors.BadConfigObject):
sqlite_4n6time_output.SQLite4n6TimeOutputArgumentsHelper.ParseOptions(
options, None)
def testOutput(self):
"""Tests for the sqlite output."""
def dict_from_row(row):
return dict(zip(row.keys(), row))
expected_dict = {
u'type':
u'Content Modification Time',
u'host':
u'ubuntu',
u'filename':
u'log/syslog.1',
u'source':
u'LOG',
u'description':
u'[',
u'datetime':
u'2012-06-27 18:17:01',
u'inreport':
u'',
u'source_name':
u'-',
u'extra': (u'my_number: 123 some_additional_foo: True text: '
u'Reporter <CRON> PID: 8442 (pam_unix(cron:session): '
u'session closed for user root) '),
u'color':
u'',
u'tag':
u'',
u'timezone':
u'UTC',
u'inode':
u'-',
u'reportnotes':
u'',
u'sourcetype':
u'Log File',
u'event_identifier':
u'-',
u'store_number':
1,
u'format':
u'-',
u'url':
u'-',
u'store_index':
1,
u'record_number':
u'0',
u'MACB':
u'M...',
u'computer_name':
u'-',
u'offset':
0,
u'evidence':
u'-',
u'user_sid':
u'-',
u'notes':
u'-',
u'vss_store_number':
-1,
u'user':
u'-'
}
with shared_test_lib.TempDirectory() as temp_directory:
output_mediator = self._CreateOutputMediator()
self._sqlite_output = sqlite_4n6time.SQLite4n6TimeOutputModule(
output_mediator)
sqlite_file = os.path.join(temp_directory, u'4n6time.db')
self._sqlite_output.SetFilename(sqlite_file)
self._sqlite_output.Open()
self._sqlite_output.WriteEventBody(self._event_object)
self._sqlite_output.Close()
self.conn = sqlite3.connect(sqlite_file)
self.conn.row_factory = sqlite3.Row
res = self.conn.execute(u'SELECT * from log2timeline')
row_dict = dict_from_row(res.fetchone())
self.assertDictContainsSubset(expected_dict, row_dict)
def testOutput(self):
"""Tests the 4n6time SQLite output module."""
event_data = TestEventData()
timestamp = timelib.Timestamp.CopyFromString(
u'2012-06-27 18:17:01+00:00')
event = time_events.TimestampEvent(
timestamp, definitions.TIME_DESCRIPTION_WRITTEN)
self._MergeEventAndEventData(event, event_data)
expected_dict = {
u'type':
u'Content Modification Time',
u'host':
u'ubuntu',
u'filename':
u'log/syslog.1',
u'source':
u'LOG',
u'description':
u'[',
u'datetime':
u'2012-06-27 18:17:01',
u'inreport':
u'',
u'source_name':
u'-',
u'extra': (u'my_number: 123 some_additional_foo: True text: '
u'Reporter <CRON> PID: 8442 (pam_unix(cron:session): '
u'session closed for user root) '),
u'tag':
u'',
u'timezone':
u'UTC',
u'inode':
u'-',
u'reportnotes':
u'',
u'sourcetype':
u'Log File',
u'event_identifier':
u'-',
u'format':
u'-',
u'url':
u'-',
u'record_number':
u'0',
u'MACB':
u'M...',
u'computer_name':
u'-',
u'offset':
0,
u'evidence':
u'-',
u'user_sid':
u'-',
u'notes':
u'-',
u'vss_store_number':
-1,
u'user':
u'-'
}
with shared_test_lib.TempDirectory() as temp_directory:
output_mediator = self._CreateOutputMediator()
sqlite_output = sqlite_4n6time.SQLite4n6TimeOutputModule(
output_mediator)
sqlite_file = os.path.join(temp_directory, u'4n6time.db')
sqlite_output.SetFilename(sqlite_file)
sqlite_output.Open()
sqlite_output.WriteEventBody(event)
sqlite_output.Close()
sqlite_connection = sqlite3.connect(sqlite_file)
sqlite_connection.row_factory = sqlite3.Row
cursor = sqlite_connection.execute(u'SELECT * from log2timeline')
row = cursor.fetchone()
row_dict = dict(zip(row.keys(), row))
self.assertDictContainsSubset(expected_dict, row_dict)
def testOutput(self):
"""Tests the 4n6time SQLite output module."""
with shared_test_lib.TempDirectory() as temp_directory:
output_mediator = self._CreateOutputMediator()
sqlite_output = sqlite_4n6time.SQLite4n6TimeOutputModule(
output_mediator)
sqlite_file = os.path.join(temp_directory, '4n6time.db')
sqlite_output.SetFilename(sqlite_file)
sqlite_output.Open()
event, event_data = containers_test_lib.CreateEventFromValues(
self._TEST_EVENTS[0])
sqlite_output.WriteEventBody(event, event_data, None)
sqlite_output.Close()
sqlite_connection = sqlite3.connect(sqlite_file)
sqlite_connection.row_factory = sqlite3.Row
cursor = sqlite_connection.execute('SELECT * from log2timeline')
row = cursor.fetchone()
row_dict = dict(zip(row.keys(), row))
expected_dict = {
'type':
'Content Modification Time',
'host':
'ubuntu',
'filename':
'log/syslog.1',
'source':
'LOG',
'description':
'[',
'datetime':
'2012-06-27 18:17:01',
'inreport':
'',
'source_name':
'-',
'extra': ('my_number: 123 some_additional_foo: True text: '
'Reporter <CRON> PID: 8442 (pam_unix(cron:session): '
'session closed for user root) '),
'tag':
'',
'timezone':
'UTC',
'inode':
'-',
'reportnotes':
'',
'sourcetype':
'Log File',
'event_identifier':
'-',
'format':
'-',
'url':
'-',
'record_number':
'0',
'MACB':
'M...',
'computer_name':
'-',
'offset':
0,
'evidence':
'-',
'user_sid':
'-',
'notes':
'-',
'vss_store_number':
-1,
'user':
'******'
}
self.assertDictContainsSubset(expected_dict, row_dict)
