def setUp(self): """Sets up the needed objects used throughout the test.""" pre_obj = event.PreprocessObject() self._parser = msiecf.MsiecfParser(pre_obj)
def setUp(self): """Sets up the needed objects used throughout the test.""" self._parser = msiecf.MsiecfParser()
def testParse(self): """Tests the Parse function.""" parser_object = msiecf.MsiecfParser() test_file = self._GetTestFilePath([u'index.dat']) event_queue_consumer = self._ParseFile(parser_object, test_file) event_objects = self._GetEventObjectsFromQueue(event_queue_consumer) # MSIE Cache File information: # Version : 5.2 # File size : 32768 bytes # Number of items : 7 # Number of recovered items : 11 # 7 + 11 records, each with 4 records. self.assertEqual(len(event_objects), (7 + 11) * 4) # Record type : URL # Offset range : 21376 - 21632 (256) # Location : Visited: testing@http://www.trafficfusionx.com # /download/tfscrn2/funnycats.exe # Primary time : Jun 23, 2011 18:02:10.066000000 # Secondary time : Jun 23, 2011 18:02:10.066000000 # Expiration time : Jun 29, 2011 17:55:02 # Last checked time : Jun 23, 2011 18:02:12 # Cache directory index : -2 (0xfe) event_object = event_objects[8] expected_url = ( u'Visited: testing@http://www.trafficfusionx.com/download/tfscrn2' u'/funnycats.exe') self.assertEqual(event_object.data_type, u'msiecf:url') self.assertEqual(event_object.offset, 21376) self.assertEqual(event_object.url, expected_url) self.assertEqual(event_object.cache_directory_index, -2) expected_timestamp = timelib.Timestamp.CopyFromString( u'2011-06-23 18:02:10.066') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual(event_object.timestamp_desc, eventdata.EventTimestamp.LAST_VISITED_TIME) event_object = event_objects[9] expected_timestamp = timelib.Timestamp.CopyFromString( u'2011-06-23 18:02:10.066') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual(event_object.timestamp_desc, eventdata.EventTimestamp.LAST_VISITED_TIME) event_object = event_objects[10] expected_timestamp = timelib.Timestamp.CopyFromString( u'2011-06-29 17:55:02') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual(event_object.timestamp_desc, eventdata.EventTimestamp.EXPIRATION_TIME) event_object = event_objects[11] expected_timestamp = timelib.Timestamp.CopyFromString( u'2011-06-23 18:02:12') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual(event_object.timestamp_desc, eventdata.EventTimestamp.LAST_CHECKED_TIME) expected_msg = ( u'Location: Visited: testing@http://www.trafficfusionx.com/download' u'/tfscrn2/funnycats.exe ' u'Number of hits: 6 ' u'Cached file size: 0') expected_msg_short = ( u'Location: Visited: testing@http://www.trafficfusionx.com/download' u'/tfscrn2/fun...') self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short) # Test file with leak and redirected records. test_file = self._GetTestFilePath([u'nfury_index.dat']) event_queue_consumer = self._ParseFile(parser_object, test_file) event_objects = self._GetEventObjectsFromQueue(event_queue_consumer) # MSIE Cache File information: # Version : 5.2 # File size : 491520 bytes # Number of items : 1027 # Number of recovered items : 8 self.assertEqual(len(event_objects), 2898) event_object = event_objects[3] # Test cached file path. self.assertEqual(event_object.data_type, u'msiecf:url') expected_msg = ( u'Location: http://col.stc.s-msn.com/br/gbl/lg/csl/favicon.ico ' u'Number of hits: 1 ' u'Cached file: R6QWCVX4\\favicon[1].ico ' u'Cached file size: 4286 ' u'HTTP headers: HTTP/1.1 200 OK - ' u'Content-Type: image/x-icon - ' u'ETag: "0922651f38cb1:0", - ' u'X-Powered-By: ASP.NET - P3P: ' u'CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - ' u'Content-Length: 4286 - ' u' - ~U:nfury - ') expected_msg_short = ( u'Location: http://col.stc.s-msn.com/br/gbl/lg/csl/favicon.ico ' u'Cached file: R6Q...') self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short) event_object = event_objects[21] expected_url = ( u'http://ad.doubleclick.net/ad/N2724.Meebo/B5343067.13;sz=1x1;' u'pc=[TPAS_ID];ord=2642102') event_object = event_objects[16] self.assertEqual(event_object.data_type, u'msiecf:leak') self.assertEqual(event_object.timestamp, 0) self.assertEqual(event_object.timestamp_desc, eventdata.EventTimestamp.NOT_A_TIME) self.assertEqual(event_object.cache_directory_index, 1) self.assertEqual(event_object.cache_directory_name, u'VUQHQA73') self.assertEqual(event_object.cached_file_size, 1966) self.assertEqual(event_object.cached_filename, u'ADSAdClient31[1].htm') self.assertEqual(event_object.recovered, False) expected_msg = (u'Cached file: VUQHQA73\\ADSAdClient31[1].htm ' u'Cached file size: 1966') expected_msg_short = (u'Cached file: VUQHQA73\\ADSAdClient31[1].htm') self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short) event_object = event_objects[21] expected_url = ( u'http://ad.doubleclick.net/ad/N2724.Meebo/B5343067.13;sz=1x1;' u'pc=[TPAS_ID];ord=2642102') self.assertEqual(event_object.data_type, u'msiecf:redirected') self.assertEqual(event_object.timestamp, 0) self.assertEqual(event_object.timestamp_desc, eventdata.EventTimestamp.NOT_A_TIME) self.assertEqual(event_object.url, expected_url) self.assertEqual(event_object.recovered, False) expected_msg = u'Location: {0:s}'.format(expected_url) expected_msg_short = ( u'Location: http://ad.doubleclick.net/ad/N2724.Meebo/B5343067.13;' u'sz=1x1;pc=[TPA...') self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short)
def setUp(self): """Makes preparations before running an individual test.""" self._parser = msiecf.MsiecfParser()