def testCollect(self):
"""Tests the Collect function."""
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
test_file_path = shared_test_lib.GetTestFilePath(['SOFTWARE'])
file_system_builder.AddFileReadData(
'/Windows/System32/config/SOFTWARE', test_file_path)
test_file_path = shared_test_lib.GetTestFilePath(['SYSTEM'])
file_system_builder.AddFileReadData('/Windows/System32/config/SYSTEM',
test_file_path)
session = sessions.Session()
test_knowledge_base = knowledge_base.KnowledgeBase()
storage_writer = fake_writer.FakeStorageWriter()
test_mediator = mediator.PreprocessMediator(session, storage_writer,
test_knowledge_base)
mount_point = fake_path_spec.FakePathSpec(location='/')
searcher = file_system_searcher.FileSystemSearcher(
file_system_builder.file_system, mount_point)
plugin = generic.DetermineOperatingSystemPlugin()
storage_writer.Open()
try:
plugin.Collect(test_mediator, None, searcher,
file_system_builder.file_system)
finally:
storage_writer.Close()
operating_system = test_mediator.knowledge_base.GetValue(
'operating_system')
self.assertEqual(operating_system, 'Windows NT')
def __init__(self):
"""Initialize a test engine object."""
file_system_builder = fake_file_system_builder.FakeFileSystemBuilder()
test_file_path = shared_test_lib.GetTestFilePath(['SOFTWARE'])
file_system_builder.AddFileReadData(
'/Windows/System32/config/SOFTWARE', test_file_path)
test_file_path = shared_test_lib.GetTestFilePath(['SYSTEM'])
file_system_builder.AddFileReadData('/Windows/System32/config/SYSTEM',
test_file_path)
super(TestEngine, self).__init__()
self._file_system = file_system_builder.file_system
self._mount_point = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_FAKE, location='/')
def testProcessSources(self):
"""Tests the PreprocessSources and ProcessSources function."""
registry = artifacts_registry.ArtifactDefinitionsRegistry()
reader = artifacts_reader.YamlArtifactsReader()
path = shared_test_lib.GetTestFilePath(['artifacts'])
registry.ReadFromDirectory(reader, path)
test_engine = task_engine.TaskMultiProcessEngine(
maximum_number_of_tasks=100)
source_path = self._GetTestFilePath(['ímynd.dd'])
os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=source_path)
source_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK,
location='/',
parent=os_path_spec)
test_engine.PreprocessSources(registry, [source_path_spec])
session = sessions.Session()
configuration = configurations.ProcessingConfiguration()
configuration.parser_filter_expression = 'filestat'
with shared_test_lib.TempDirectory() as temp_directory:
temp_file = os.path.join(temp_directory, 'storage.plaso')
storage_writer = storage_zip_file.ZIPStorageFileWriter(
session, temp_file)
test_engine.ProcessSources(session.identifier, [source_path_spec],
storage_writer, configuration)
def testPreprocessSources(self):
"""Tests the PreprocessSources function."""
test_file_path = self._GetTestFilePath(['SOFTWARE'])
self._SkipIfPathNotExists(test_file_path)
test_file_path = self._GetTestFilePath(['SYSTEM'])
self._SkipIfPathNotExists(test_file_path)
test_artifacts_path = shared_test_lib.GetTestFilePath(['artifacts'])
self._SkipIfPathNotExists(test_artifacts_path)
registry = artifacts_registry.ArtifactDefinitionsRegistry()
reader = artifacts_reader.YamlArtifactsReader()
registry.ReadFromDirectory(reader, test_artifacts_path)
test_engine = TestEngine()
source_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_FAKE, location='/')
test_engine.PreprocessSources(registry, [source_path_spec])
operating_system = test_engine.knowledge_base.GetValue(
'operating_system')
self.assertEqual(operating_system, 'Windows NT')
test_engine.PreprocessSources(registry, [None])
def testProcessSources(self):
"""Tests the ProcessSources function."""
registry = artifacts_registry.ArtifactDefinitionsRegistry()
reader = artifacts_reader.YamlArtifactsReader()
path = shared_test_lib.GetTestFilePath(['artifacts'])
registry.ReadFromDirectory(reader, path)
test_engine = single_process.SingleProcessEngine()
resolver_context = context.Context()
session = sessions.Session()
source_path = self._GetTestFilePath(['ímynd.dd'])
os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=source_path)
source_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK,
location='/',
parent=os_path_spec)
test_engine.PreprocessSources(registry, [source_path_spec])
storage_writer = fake_writer.FakeStorageWriter(session)
configuration = configurations.ProcessingConfiguration()
configuration.parser_filter_expression = 'filestat'
test_engine.ProcessSources([source_path_spec], storage_writer,
resolver_context, configuration)
self.assertEqual(storage_writer.number_of_events, 15)
def testPreprocessSources(self):
"""Tests the PreprocessSources function."""
test_file_path = self._GetTestFilePath(['SOFTWARE'])
self._SkipIfPathNotExists(test_file_path)
test_file_path = self._GetTestFilePath(['SYSTEM'])
self._SkipIfPathNotExists(test_file_path)
test_artifacts_path = shared_test_lib.GetTestFilePath(['artifacts'])
self._SkipIfPathNotExists(test_artifacts_path)
test_engine = TestEngine()
source_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_FAKE, location='/')
session = test_engine.CreateSession()
storage_writer = fake_writer.FakeStorageWriter()
storage_writer.Open()
test_engine.PreprocessSources(test_artifacts_path, None,
[source_path_spec], session,
storage_writer)
operating_system = test_engine.knowledge_base.GetValue(
'operating_system')
self.assertEqual(operating_system, 'Windows NT')
test_engine.PreprocessSources(test_artifacts_path, None, [None],
session, storage_writer)
def setUpClass(cls):
"""Makes preparations before running any of the tests."""
artifacts_path = shared_test_lib.GetTestFilePath(['artifacts'])
cls._artifacts_registry = artifacts_registry.ArtifactDefinitionsRegistry()
reader = artifacts_reader.YamlArtifactsReader()
cls._artifacts_registry.ReadFromDirectory(reader, artifacts_path)
def testPreprocessSources(self):
"""Tests the PreprocessSources function."""
registry = artifacts_registry.ArtifactDefinitionsRegistry()
reader = artifacts_reader.YamlArtifactsReader()
path = shared_test_lib.GetTestFilePath(['artifacts'])
registry.ReadFromDirectory(reader, path)
test_engine = TestEngine()
source_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_FAKE, location='/')
test_engine.PreprocessSources(registry, [source_path_spec])
self.assertEqual(test_engine.knowledge_base.platform, 'Windows')
test_engine.PreprocessSources(registry, [None])
def _GetChromeWebStorePage(self, extension_identifier):
"""Retrieves the page for the extension from the Chrome store website.
Args:
extension_identifier (str): Chrome extension identifier.
Returns:
str: page content or None.
"""
chrome_web_store_file = shared_test_lib.GetTestFilePath([
'chrome_extensions', extension_identifier])
if not os.path.exists(chrome_web_store_file):
return
with open(chrome_web_store_file, 'rb') as file_object:
page_content = file_object.read()
return page_content.decode('utf-8')
def testProcessSources(self):
"""Tests the PreprocessSources and ProcessSources function."""
artifacts_path = shared_test_lib.GetTestFilePath(['artifacts'])
self._SkipIfPathNotExists(artifacts_path)
test_engine = extraction_engine.ExtractionMultiProcessEngine(
maximum_number_of_tasks=100)
test_file_path = self._GetTestFilePath(['ímynd.dd'])
self._SkipIfPathNotExists(test_file_path)
os_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path)
source_path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK,
location='/',
parent=os_path_spec)
source_configuration = artifacts.SourceConfigurationArtifact(
path_spec=source_path_spec)
session = sessions.Session()
configuration = configurations.ProcessingConfiguration()
configuration.parser_filter_expression = 'filestat'
configuration.task_storage_format = definitions.STORAGE_FORMAT_SQLITE
with shared_test_lib.TempDirectory() as temp_directory:
temp_file = os.path.join(temp_directory, 'storage.plaso')
storage_writer = sqlite_writer.SQLiteStorageFileWriter()
storage_writer.Open(path=temp_file)
try:
test_engine.PreprocessSources(artifacts_path, None,
[source_path_spec], session,
storage_writer)
processing_status = test_engine.ProcessSources(
[source_configuration],
storage_writer,
session.identifier,
configuration,
storage_file_path=temp_directory)
number_of_events = storage_writer.GetNumberOfAttributeContainers(
'event')
number_of_extraction_warnings = (
storage_writer.GetNumberOfAttributeContainers(
'extraction_warning'))
number_of_recovery_warnings = (
storage_writer.GetNumberOfAttributeContainers(
'recovery_warning'))
parsers_counter = collections.Counter({
parser_count.name: parser_count.number_of_events
for parser_count in storage_writer.GetAttributeContainers(
'parser_count')
})
finally:
storage_writer.Close()
self.assertFalse(processing_status.aborted)
self.assertEqual(number_of_events, 15)
self.assertEqual(number_of_extraction_warnings, 0)
self.assertEqual(number_of_recovery_warnings, 0)
expected_parsers_counter = collections.Counter({
'filestat': 15,
'total': 15
})
self.assertEqual(parsers_counter, expected_parsers_counter)
