def _create_mock_event(event_id, quantity, time_diffs=None, source_attrs=None):
"""
Returns an instance of Event, based on the MockDataStore event_dict
example.
Args:
event_id: Desired ID for the Event.
quantity: The number of Events to be generated.
time_diffs: A list of time differences between the generated
Events.
source_attrs: Dictionary of attributes to add to the source of the
generated events.
Returns:
A generator of Event objects.
"""
if not time_diffs:
time_diffs = [0]
if quantity < 0:
quantity = abs(quantity)
# If the list of time differences is too small to be compatible
# with the quantity of events, then extend the list with the last
# value for as many items as necessary.
if quantity - len(time_diffs) > 0:
time_diffs.extend([time_diffs[len(time_diffs) - 1]] *
(quantity - len(time_diffs)))
# Setup for Event object initialisation
ds = MockDataStore('test', 0)
user = User('test_user')
sketch = Sketch('test_sketch', 'description', user)
label = sketch.Label(label='Test label', user=user)
sketch.labels.append(label)
event_timestamp = 1410895419859714
event_template = ds.get_event('test', 'test')
for i in range(quantity):
eventObj = _create_eventObj(ds, sketch, event_template, event_id,
event_timestamp, source_attrs)
yield eventObj
# adding extra events after every requested event for better
# simulation of real timeline data i.e. working with a larger
# dataset
for _ in range(100):
event_timestamp += 1
event_id += 1
eventObj = _create_eventObj(ds, sketch, event_template, event_id,
event_timestamp, source_attrs)
yield eventObj
event_timestamp += abs(time_diffs[i])
event_id += 1
def _create_sketch(self, name, user, acl=False):
"""Create a sketch in the database.
Args:
name: Name of the sketch (string)
user: A user (instance of timesketch.models.user.User)
acl: Boolean value to decide if ACL permissions should be set
Returns:
A sketch (instance of timesketch.models.sketch.Sketch)
"""
sketch = Sketch(name=name, description=name, user=user)
if acl:
for permission in [u'read', u'write', u'delete']:
sketch.grant_permission(permission=permission, user=user)
label = sketch.Label(label=u'Test label', user=user)
status = sketch.Status(status=u'Test status', user=user)
sketch.labels.append(label)
sketch.status.append(status)
self._commit_to_database(sketch)
return sketch
def test_get_event_data(self):
"""Test getEventData returns the correct values."""
user = User("test_user")
sketch = Sketch("test_sketch", "description", user)
label = sketch.Label(label="Test label", user=user)
sketch.labels.append(label)
index = "test_index"
sketch_id = 1
for analyzer_class in self.analyzer_classes:
analyzer = analyzer_class["class"](index, sketch_id)
datastore = analyzer.datastore
event_dict = copy.deepcopy(MockDataStore.event_dict)
event_dict["_source"].update({"xml_string": xml_string1})
event_obj = Event(event_dict, datastore, sketch)
username = analyzer.getEventData(event_obj, "TargetUserName")
logon_id = analyzer.getEventData(event_obj, "TargetLogonId")
self.assertEqual(username, "USER_1")
self.assertEqual(logon_id, "0x0000000000000001")
def test_get_event_data(self):
"""Test getEventData returns the correct values."""
user = User('test_user')
sketch = Sketch('test_sketch', 'description', user)
label = sketch.Label(label='Test label', user=user)
sketch.labels.append(label)
index = 'test_index'
sketch_id = 1
for analyzer_class in self.analyzer_classes:
analyzer = analyzer_class['class'](index, sketch_id)
datastore = analyzer.datastore
event_dict = copy.deepcopy(MockDataStore.event_dict)
event_dict['_source'].update({'xml_string': xml_string1})
event_obj = Event(event_dict, datastore, sketch)
username = analyzer.getEventData(event_obj, 'TargetUserName')
logon_id = analyzer.getEventData(event_obj, 'TargetLogonId')
self.assertEqual(username, 'USER_1')
self.assertEqual(logon_id, '0x0000000000000001')
