def testProcess(self):
"""Tests the Process function on a Chrome cookie database file."""
plugin = chrome_cookies.Chrome66CookiePlugin()
storage_writer = self._ParseDatabaseFileWithPlugin(
['Cookies-68.0.3440.106'], plugin)
# Since we've got both events generated by cookie plugins and the Chrome
# cookie plugin we need to separate them.
events = []
extra_objects = []
for event in storage_writer.GetEvents():
event_data = self._GetEventDataOfEvent(storage_writer, event)
if event_data.data_type == 'chrome:cookie:entry':
events.append(event)
else:
extra_objects.append(event)
# The cookie database contains 5 entries:
# 5 creation timestamps.
# 5 last access timestamps.
# 5 expired timestamps.
# Then there are extra events created by plugins:
# 1 event created by Google Analytics cookies.
# In total: 16 events.
self.assertEqual(len(events), 3 * 5)
self.assertEqual(len(extra_objects), 1)
# Test some cookies
# Check a GA cookie creation event with a path.
event = events[0]
self.CheckTimestamp(event.timestamp, '2018-08-14 15:03:43.650324')
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_CREATION)
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.host, 'google.com')
self.assertEqual(event_data.cookie_name, '__utma')
self.assertFalse(event_data.httponly)
self.assertEqual(event_data.url, 'http://google.com/gmail/about/')
expected_message = ('http://google.com/gmail/about/ (__utma) '
'Flags: [HTTP only] = False [Persistent] = True')
expected_short_message = 'google.com (__utma)'
self._TestGetMessageStrings(event_data, expected_message,
expected_short_message)
# Check one of the visits to fbi.gov for last accessed time.
event = events[10]
self.CheckTimestamp(event.timestamp, '2018-08-20 17:19:53.134291')
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_LAST_ACCESS)
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.url, 'http://fbi.gov/')
self.assertEqual(event_data.path, '/')
self.assertFalse(event_data.secure)
self.assertTrue(event_data.persistent)
expected_message = ('http://fbi.gov/ (__cfduid) '
'Flags: [HTTP only] = True [Persistent] = True')
self._TestGetMessageStrings(event_data, expected_message,
'fbi.gov (__cfduid)')
# Examine an event for a cookie with a very large expire time.
event = events[8]
self.CheckTimestamp(event.timestamp, '9999-08-17 12:26:28.000000')
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.host, 'projects.fivethirtyeight.com')
def testProcess(self):
"""Tests the Process function on a Chrome cookie database file."""
plugin = chrome_cookies.Chrome66CookiePlugin()
storage_writer = self._ParseDatabaseFileWithPlugin(
['Cookies-68.0.3440.106'], plugin)
# Since we've got both events generated by cookie plugins and the Chrome
# cookie plugin we need to separate them.
events = []
extra_objects = []
for event in storage_writer.GetEvents():
event_data = self._GetEventDataOfEvent(storage_writer, event)
if event_data.data_type == 'chrome:cookie:entry':
events.append(event)
else:
extra_objects.append(event)
# The cookie database contains 5 entries:
# 5 creation timestamps.
# 5 last access timestamps.
# 5 expired timestamps.
# Then there are extra events created by plugins:
# 1 event created by Google Analytics cookies.
# In total: 16 events.
self.assertEqual(len(events), 3 * 5)
self.assertEqual(len(extra_objects), 1)
# Test some cookies
# Check a GA cookie creation event with a path.
expected_event_values = {
'cookie_name': '__utma',
'data_type': 'chrome:cookie:entry',
'host': 'google.com',
'httponly': False,
'persistent': True,
'timestamp': '2018-08-14 15:03:43.650324',
'timestamp_desc': definitions.TIME_DESCRIPTION_CREATION,
'url': 'http://google.com/gmail/about/'}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
# Check one of the visits to fbi.gov for last accessed time.
expected_event_values = {
'cookie_name': '__cfduid',
'data_type': 'chrome:cookie:entry',
'httponly': True,
'path': '/',
'persistent': True,
'secure': False,
'timestamp': '2018-08-20 17:19:53.134291',
'timestamp_desc': definitions.TIME_DESCRIPTION_LAST_ACCESS,
'url': 'http://fbi.gov/'}
self.CheckEventValues(storage_writer, events[10], expected_event_values)
# Examine an event for a cookie with a very large expire time.
expected_event_values = {
'data_type': 'chrome:cookie:entry',
'host': 'projects.fivethirtyeight.com',
'timestamp': '9999-08-17 12:26:28.000000'}
self.CheckEventValues(storage_writer, events[8], expected_event_values)