def testParseLayerConfig(self):
"""Tests the _ParseLayerConfigJSON function."""
layer_identifier = (
'3c9a9d7cc6a235eb2de58ca9ef3551c67ae42a991933ba4958d207b29142902b')
parser = docker.DockerJSONParser()
path_segments = ['docker', 'graph', layer_identifier, 'json']
storage_writer = self._ParseFile(path_segments, parser)
self.assertEqual(storage_writer.number_of_events, 1)
self.assertEqual(storage_writer.number_of_extraction_warnings, 0)
self.assertEqual(storage_writer.number_of_recovery_warnings, 0)
events = list(storage_writer.GetEvents())
expected_event_values = {
'command':
('/bin/sh -c sed -i \'s/^#\\s*\\(deb.*universe\\)$/\\1/g\' '
'/etc/apt/sources.list'),
'data_type':
'docker:json:layer',
'date_time':
'2015-10-12 17:27:03.079273',
'layer_id':
layer_identifier,
'timestamp_desc':
definitions.TIME_DESCRIPTION_ADDED
}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testParseLayerConfig(self):
"""Tests the _ParseLayerConfigJSON function."""
layer_identifier = (
'3c9a9d7cc6a235eb2de58ca9ef3551c67ae42a991933ba4958d207b29142902b')
parser = docker.DockerJSONParser()
path_segments = ['docker', 'graph', layer_identifier, 'json']
storage_writer = self._ParseFile(path_segments, parser)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 1)
events = list(storage_writer.GetEvents())
event = events[0]
self.CheckTimestamp(event.timestamp, '2015-10-12 17:27:03.079273')
self.assertEqual(
event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION)
event_data = self._GetEventDataOfEvent(storage_writer, event)
expected_command = (
'/bin/sh -c sed -i \'s/^#\\s*\\(deb.*universe\\)$/\\1/g\' '
'/etc/apt/sources.list')
self.assertEqual(event_data.command, expected_command)
self.assertEqual(event_data.layer_id, layer_identifier)
def testParseContainerConfig(self):
"""Tests the _ParseContainerConfigJSON function."""
container_identifier = (
'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c')
parser = docker.DockerJSONParser()
path_segments = [
'docker', 'containers', container_identifier, 'config.json']
storage_writer = self._ParseFile(path_segments, parser)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 2)
events = list(storage_writer.GetEvents())
event = events[0]
self.CheckTimestamp(event.timestamp, '2016-01-07 16:49:08.674873')
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.action, 'Container Started')
self.assertEqual(event_data.container_id, container_identifier)
self.assertEqual(event_data.container_name, 'e7d0b7ea5ccf')
event = events[1]
self.CheckTimestamp(event.timestamp, '2016-01-07 16:49:08.507979')
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.action, 'Container Created')
self.assertEqual(event_data.container_id, container_identifier)
self.assertEqual(event_data.container_name, 'e7d0b7ea5ccf')
def testParseContainerConfig(self):
"""Tests the _ParseContainerConfigJSON function."""
container_identifier = (
'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c')
parser = docker.DockerJSONParser()
path_segments = [
'docker', 'containers', container_identifier, 'config.json'
]
storage_writer = self._ParseFile(path_segments, parser)
self.assertEqual(storage_writer.number_of_events, 2)
events = list(storage_writer.GetEvents())
event = events[0]
expected_timestamp = timelib.Timestamp.CopyFromString(
'2016-01-07 16:49:08.674873')
self.assertEqual(event.timestamp, expected_timestamp)
self.assertEqual(event.action, 'Container Started')
self.assertEqual(event.container_id, container_identifier)
self.assertEqual(event.container_name, 'e7d0b7ea5ccf')
event = events[1]
expected_timestamp = timelib.Timestamp.CopyFromString(
'2016-01-07 16:49:08.507979')
self.assertEqual(event.timestamp, expected_timestamp)
self.assertEqual(event.action, 'Container Created')
self.assertEqual(event.container_id, container_identifier)
self.assertEqual(event.container_name, 'e7d0b7ea5ccf')
def testParseContainerConfig(self):
"""Tests the _ParseContainerConfigJSON function."""
container_identifier = (
'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c')
parser = docker.DockerJSONParser()
path_segments = [
'docker', 'containers', container_identifier, 'config.json'
]
storage_writer = self._ParseFile(path_segments, parser)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 2)
events = list(storage_writer.GetEvents())
expected_event_values = {
'action': 'Container Started',
'container_id': container_identifier,
'container_name': 'e7d0b7ea5ccf',
'data_type': 'docker:json:container',
'timestamp': '2016-01-07 16:49:08.674873'
}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
expected_event_values = {
'action': 'Container Created',
'container_id': container_identifier,
'container_name': 'e7d0b7ea5ccf',
'data_type': 'docker:json:container',
'timestamp': '2016-01-07 16:49:08.507979'
}
self.CheckEventValues(storage_writer, events[1], expected_event_values)
def testParseContainerConfig(self):
"""Tests the _ParseContainerConfigJSON function."""
parser_object = docker.DockerJSONParser()
container_id = (u'e7d0b7ea5ccf08366e2b0c8afa231867'
u'4e8aefe802315378125d2bb83fe3110c')
test_file = self._GetTestFilePath(
[u'docker', u'containers', container_id, u'config.json'])
event_queue_consumer = self._ParseFile(parser_object, test_file)
event_objects = self._GetEventObjectsFromQueue(event_queue_consumer)
self.assertEqual(len(event_objects), 2)
event_object = event_objects[0]
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2016-01-07 16:49:08.674873')
self.assertEqual(event_object.timestamp, expected_timestamp)
self.assertEqual(event_object.action, u'Container Started')
self.assertEqual(event_object.container_id, container_id)
self.assertEqual(event_object.container_name, u'e7d0b7ea5ccf')
event_object = event_objects[1]
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2016-01-07 16:49:08.507979')
self.assertEqual(event_object.timestamp, expected_timestamp)
self.assertEqual(event_object.action, u'Container Created')
self.assertEqual(event_object.container_id, container_id)
self.assertEqual(event_object.container_name, u'e7d0b7ea5ccf')
def testParseContainerLog(self):
"""Tests the _ParseContainerLogJSON function."""
container_identifier = (
u'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c'
)
parser = docker.DockerJSONParser()
path_segments = [
u'docker', u'containers', container_identifier,
u'container-json.log'
]
storage_writer = self._ParseFile(path_segments, parser)
self.assertEqual(storage_writer.number_of_events, 10)
events = list(storage_writer.GetEvents())
expected_times = [
u'2016-01-07 16:49:10.000000',
u'2016-01-07 16:49:10.200000',
u'2016-01-07 16:49:10.230000',
u'2016-01-07 16:49:10.237000',
u'2016-01-07 16:49:10.237200',
u'2016-01-07 16:49:10.237220',
u'2016-01-07 16:49:10.237222',
u'2016-01-07 16:49:10.237222', # losing sub microsec info
u'2016-01-07 16:49:10.237222',
u'2016-01-07 16:49:10.237222'
]
expected_log = (
u'\x1b]0;root@e7d0b7ea5ccf: '
u'/home/plaso\x07root@e7d0b7ea5ccf:/home/plaso# ls\r\n')
expected_message = (
u'Text: '
u'\x1b]0;root@e7d0b7ea5ccf: /home/plaso\x07root@e7d0b7ea5ccf:'
u'/home/plaso# ls, Container ID: {0:s}, '
u'Source: stdout').format(container_identifier)
expected_short_message = (
u'Text: '
u'\x1b]0;root@e7d0b7ea5ccf: /home/plaso\x07root@e7d0b7ea5ccf:'
u'/home/plaso# ls, C...')
for index, event in enumerate(events):
expected_timestamp = timelib.Timestamp.CopyFromString(
expected_times[index])
self.assertEqual(event.timestamp, expected_timestamp)
self.assertEqual(event.container_id, container_identifier)
self.assertEqual(event.log_line, expected_log)
self.assertEqual(event.log_source, u'stdout')
self._TestGetMessageStrings(event, expected_message,
expected_short_message)
def testParseContainerLog(self):
"""Tests the _ParseContainerLogJSON function."""
container_identifier = (
'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c')
parser = docker.DockerJSONParser()
path_segments = [
'docker', 'containers', container_identifier, 'container-json.log'
]
storage_writer = self._ParseFile(path_segments, parser)
number_of_events = storage_writer.GetNumberOfAttributeContainers(
'event')
self.assertEqual(number_of_events, 10)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'extraction_warning')
self.assertEqual(number_of_warnings, 0)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'recovery_warning')
self.assertEqual(number_of_warnings, 0)
events = list(storage_writer.GetEvents())
expected_timestamps = [
'2016-01-07 16:49:10.000000',
'2016-01-07 16:49:10.200000',
'2016-01-07 16:49:10.230000',
'2016-01-07 16:49:10.237000',
'2016-01-07 16:49:10.237200',
'2016-01-07 16:49:10.237220',
'2016-01-07 16:49:10.237222',
'2016-01-07 16:49:10.237222', # losing sub microsec info
'2016-01-07 16:49:10.237222',
'2016-01-07 16:49:10.237222'
]
expected_event_values = {
'container_id':
container_identifier,
'data_type':
'docker:json:container:log',
'log_line':
('\x1b]0;root@e7d0b7ea5ccf: '
'/home/plaso\x07root@e7d0b7ea5ccf:/home/plaso# ls\r\n'),
'log_source':
'stdout'
}
for index, event in enumerate(events):
self.CheckTimestamp(event.timestamp, expected_timestamps[index])
self.CheckEventValues(storage_writer, event, expected_event_values)
def testParseContainerLog(self):
"""Tests the _ParseContainerLogJSON function."""
parser_object = docker.DockerJSONParser()
container_id = (u'e7d0b7ea5ccf08366e2b0c8afa231867'
u'4e8aefe802315378125d2bb83fe3110c')
test_file = self._GetTestFilePath(
[u'docker', u'containers', container_id, u'container-json.log'])
event_queue_consumer = self._ParseFile(parser_object, test_file)
event_objects = self._GetEventObjectsFromQueue(event_queue_consumer)
self.assertEqual(len(event_objects), 10)
expected_times = [
u'2016-01-07 16:49:10.000000',
u'2016-01-07 16:49:10.200000',
u'2016-01-07 16:49:10.230000',
u'2016-01-07 16:49:10.237000',
u'2016-01-07 16:49:10.237200',
u'2016-01-07 16:49:10.237220',
u'2016-01-07 16:49:10.237222',
u'2016-01-07 16:49:10.237222', # losing sub microsec info
u'2016-01-07 16:49:10.237222',
u'2016-01-07 16:49:10.237222'
]
expected_log = (
u'\x1b]0;root@e7d0b7ea5ccf: '
u'/home/plaso\x07root@e7d0b7ea5ccf:/home/plaso# ls\r\n')
expected_msg = (
u'Text: '
u'\x1b]0;root@e7d0b7ea5ccf: /home/plaso\x07root@e7d0b7ea5ccf:'
u'/home/plaso# ls, Container ID: %s, '
u'Source: stdout' % container_id)
expected_msg_short = (
u'Text: '
u'\x1b]0;root@e7d0b7ea5ccf: /home/plaso\x07root@e7d0b7ea5ccf:'
u'/home/plaso# ls, C...')
for index, event_object in enumerate(event_objects):
self.assertEqual(
event_objects[index].timestamp,
timelib.Timestamp.CopyFromString(expected_times[index]))
self.assertEqual(event_objects[index].container_id, container_id)
self.assertEqual(event_objects[index].log_line, expected_log)
self.assertEqual(event_objects[index].log_source, u'stdout')
self._TestGetMessageStrings(event_object, expected_msg,
expected_msg_short)
def testParseLayerConfig(self):
"""Tests the _ParseLayerConfigJSON function."""
layer_identifier = (
u'3c9a9d7cc6a235eb2de58ca9ef3551c67ae42a991933ba4958d207b29142902b'
)
parser_object = docker.DockerJSONParser()
path_segments = [u'docker', u'graph', layer_identifier, u'json']
storage_writer = self._ParseFile(path_segments, parser_object)
self.assertEqual(len(storage_writer.events), 1)
event = storage_writer.events[0]
expected_command = (
u'/bin/sh -c sed -i \'s/^#\\s*\\(deb.*universe\\)$/\\1/g\' '
u'/etc/apt/sources.list')
self.assertEqual(event.command, expected_command)
self.assertEqual(event.layer_id, layer_identifier)
self.assertEqual(event.timestamp, 1444670823079273)
self.assertEqual(event.timestamp_desc, u'Creation Time')
def testParseLayerConfig(self):
"""Tests the _ParseLayerConfigJSON function."""
parser_object = docker.DockerJSONParser()
layer_id = (u'3c9a9d7cc6a235eb2de58ca9ef3551c6'
u'7ae42a991933ba4958d207b29142902b')
test_file = self._GetTestFilePath(
['docker', u'graph', layer_id, u'json'])
event_queue_consumer = self._ParseFile(parser_object, test_file)
event_objects = self._GetEventObjectsFromQueue(event_queue_consumer)
self.assertEqual(len(event_objects), 1)
event_object = event_objects[0]
expected_command = (
u'/bin/sh -c sed -i \'s/^#\\s*\\(deb.*universe\\)$/\\1/g\' '
u'/etc/apt/sources.list')
self.assertEqual(event_object.command, expected_command)
self.assertEqual(event_object.layer_id, layer_id)
self.assertEqual(event_object.timestamp, 1444670823079273)
self.assertEqual(event_object.timestamp_desc, 'Creation Time')
def setUp(self): """Makes preparations before running an individual test.""" self._parser = docker.DockerJSONParser()