def testUserAccountsProperty(self): """Tests the user accounts property.""" knowledge_base_object = knowledge_base.KnowledgeBase() self.assertEqual(len(knowledge_base_object.user_accounts), 0) user_account = artifacts.UserAccountArtifact( identifier='1000', user_directory='/home/testuser', username='******') knowledge_base_object.AddUserAccount(user_account) self.assertEqual(len(knowledge_base_object.user_accounts), 1)
def testAnalyzeEvents(self): """Tests the AnalyzeEvents function.""" storage_file_path = self._GetTestFilePath(['psort_test.plaso']) session = sessions.Session() knowledge_base_object = knowledge_base.KnowledgeBase() formatter_mediator = formatters_mediator.FormatterMediator() formatter_mediator.SetPreferredLanguageIdentifier('en-US') output_mediator_object = output_mediator.OutputMediator( knowledge_base_object, formatter_mediator) output_module = null.NullOutputModule(output_mediator_object) data_location = '' analysis_plugin = tagging.TaggingAnalysisPlugin() analysis_plugins = {'tagging': analysis_plugin} # TODO: set tag file. configuration = configurations.ProcessingConfiguration() test_engine = psort.PsortMultiProcessEngine() with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, 'storage.plaso') shutil.copyfile(storage_file_path, temp_file) storage_writer = storage_factory.StorageFactory.CreateStorageWriter( definitions.DEFAULT_STORAGE_FORMAT, session, temp_file) counter = test_engine.AnalyzeEvents( knowledge_base_object, storage_writer, output_module, data_location, analysis_plugins, configuration) # TODO: assert if tests were successful. _ = counter test_filter = filters_test_lib.TestEventFilter() with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, 'storage.plaso') shutil.copyfile(storage_file_path, temp_file) storage_writer = storage_factory.StorageFactory.CreateStorageWriter( definitions.DEFAULT_STORAGE_FORMAT, session, temp_file) counter = test_engine.AnalyzeEvents( knowledge_base_object, storage_writer, data_location, analysis_plugins, configuration, event_filter=test_filter) # TODO: assert if tests were successful. _ = counter
def testHasUserAccounts(self): """Tests the HasUserAccounts function.""" knowledge_base_object = knowledge_base.KnowledgeBase() self.assertFalse(knowledge_base_object.HasUserAccounts()) user_account = artifacts.UserAccountArtifact( identifier='1000', user_directory='/home/testuser', username='******') knowledge_base_object.AddUserAccount(user_account) self.assertTrue(knowledge_base_object.HasUserAccounts())
def testAddUserAccount(self): """Tests the AddUserAccount function.""" knowledge_base_object = knowledge_base.KnowledgeBase() user_account = artifacts.UserAccountArtifact( identifier=u'1000', user_directory=u'/home/testuser', username=u'testuser') knowledge_base_object.AddUserAccount(user_account) with self.assertRaises(KeyError): knowledge_base_object.AddUserAccount(user_account)
def testCollectFromFileSystem(self): """Tests the CollectFromFileSystem function.""" artifacts_path = self._GetTestFilePath(['artifacts']) self._SkipIfPathNotExists(artifacts_path) registry = artifacts_registry.ArtifactDefinitionsRegistry() reader = artifacts_reader.YamlArtifactsReader() registry.ReadFromDirectory(reader, artifacts_path) knowledge_base_object = knowledge_base_library.KnowledgeBase() _ = knowledge_base_object
def testExportEvents(self): """Tests the ExportEvents function.""" test_file_path = self._GetTestFilePath(['psort_test.plaso']) self._SkipIfPathNotExists(test_file_path) knowledge_base_object = knowledge_base.KnowledgeBase() output_writer = cli_test_lib.TestBinaryOutputWriter() formatters_manager.FormattersManager.Reset() formatters_directory_path = self._GetDataFilePath(['formatters']) formatters_manager.FormattersManager.ReadFormattersFromDirectory( formatters_directory_path) formatter_mediator = formatters_mediator.FormatterMediator() formatter_mediator.SetPreferredLanguageIdentifier('en-US') output_mediator_object = output_mediator.OutputMediator( knowledge_base_object, formatter_mediator, data_location=shared_test_lib.TEST_DATA_PATH) output_module = dynamic.DynamicOutputModule(output_mediator_object) output_module.SetOutputWriter(output_writer) configuration = configurations.ProcessingConfiguration() storage_reader = storage_factory.StorageFactory.CreateStorageReaderForFile( test_file_path) test_engine = psort.PsortMultiProcessEngine() test_engine.ExportEvents(knowledge_base_object, storage_reader, output_module, configuration) lines = [] output = output_writer.ReadOutput() # TODO: add test output writer that produces strings also see: # https://github.com/log2timeline/plaso/issues/1963 output = codecs.decode(output, 'utf-8') for line in output.split('\n'): lines.append(line) self.assertEqual(len(lines), 22) expected_line = ('2014-11-18T01:15:43+00:00,' 'Content Modification Time,' 'LOG,' 'Log File,' '[---] last message repeated 5 times ---,' 'syslog,' 'OS:/tmp/test/test_data/syslog,' 'repeated') self.assertEqual(lines[14], expected_line)
def _TestProcessPathSpec( self, storage_writer, path_spec, expected_event_counters, extraction_worker=None, knowledge_base_values=None, process_archives=False): """Tests processing a path specification. Args: storage_writer (StorageWriter): storage writer. path_spec (dfvfs.PathSpec): path specification. expected_event_counters (dict[str, int|list[int]]): expected event counters per event data type. extraction_worker (Optional[EventExtractorWorker]): worker to process the path specification. If None, a new worker will be created. knowledge_base_values (Optional[dict]): knowledge base values. process_archives (Optional[bool]): whether archive files should be processed. """ knowledge_base_object = knowledge_base.KnowledgeBase() if knowledge_base_values: for identifier, value in knowledge_base_values.items(): knowledge_base_object.SetValue(identifier, value) resolver_context = context.Context() mediator = parsers_mediator.ParserMediator( storage_writer, knowledge_base_object, resolver_context=resolver_context) if not extraction_worker: configuration = configurations.ExtractionConfiguration() configuration.process_archives = process_archives extraction_worker = worker.EventExtractionWorker() extraction_worker.SetExtractionConfiguration(configuration) storage_writer.Open() try: storage_writer.WriteSessionStart() extraction_worker.ProcessPathSpec(mediator, path_spec) event_source = storage_writer.GetFirstWrittenEventSource() while event_source: extraction_worker.ProcessPathSpec(mediator, event_source.path_spec) event_source = storage_writer.GetNextWrittenEventSource() storage_writer.WriteSessionCompletion() if expected_event_counters: self.CheckEventCounters(storage_writer, expected_event_counters) finally: storage_writer.Close()
def testAnalyzeEventsWithEventFilter(self): """Tests the AnalyzeEvents function with an event filter.""" test_file_path = self._GetTestFilePath(['psort_test.plaso']) self._SkipIfPathNotExists(test_file_path) test_tagging_file_path = self._GetTestFilePath( ['tagging_file', 'valid.txt']) self._SkipIfPathNotExists(test_tagging_file_path) session = sessions.Session() knowledge_base_object = knowledge_base.KnowledgeBase() data_location = '' analysis_plugin = tagging.TaggingAnalysisPlugin() analysis_plugin.SetAndLoadTagFile(test_tagging_file_path) analysis_plugins = {'tagging': analysis_plugin} configuration = configurations.ProcessingConfiguration() test_engine = analysis_engine.AnalysisMultiProcessEngine() test_filter = filters_test_lib.TestEventFilter() with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, 'storage.plaso') shutil.copyfile(test_file_path, temp_file) storage_writer = storage_factory.StorageFactory.CreateStorageWriter( definitions.DEFAULT_STORAGE_FORMAT) storage_writer.Open(path=temp_file) try: number_of_reports = storage_writer.GetNumberOfAttributeContainers( 'analysis_report') self.assertEqual(number_of_reports, 2) test_engine.AnalyzeEvents(session, knowledge_base_object, storage_writer, data_location, analysis_plugins, configuration, event_filter=test_filter, storage_file_path=temp_directory) number_of_reports = storage_writer.GetNumberOfAttributeContainers( 'analysis_report') self.assertEqual(number_of_reports, 3) finally: storage_writer.Close()
def testGetValue(self): """Tests the GetValue function.""" knowledge_base_object = knowledge_base.KnowledgeBase() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath() plugin.Run(self._searcher, knowledge_base_object) plugin = windows.WindowsHostname() plugin.Run(self._searcher, knowledge_base_object) self.assertEqual(knowledge_base_object.hostname, u'WKS-WIN732BITA')
def testSetActiveSession(self): """Tests the SetActiveSession function.""" knowledge_base_object = knowledge_base.KnowledgeBase() knowledge_base_object.SetActiveSession( 'ddda05bedf324cbd99fa8c24b8a0037a') self.assertEqual(knowledge_base_object._active_session, 'ddda05bedf324cbd99fa8c24b8a0037a') knowledge_base_object.SetActiveSession( knowledge_base_object._DEFAULT_ACTIVE_SESSION) self.assertEqual(knowledge_base_object._active_session, knowledge_base_object._DEFAULT_ACTIVE_SESSION)
def testInternalAnalyzeEvents(self): """Tests the _AnalyzeEvents function.""" test_file_path = self._GetTestFilePath(['psort_test.plaso']) self._SkipIfPathNotExists(test_file_path) test_tagging_file_path = self._GetTestFilePath([ 'tagging_file', 'valid.txt']) self._SkipIfPathNotExists(test_tagging_file_path) session = sessions.Session() knowledge_base_object = knowledge_base.KnowledgeBase() analysis_plugin = tagging.TaggingAnalysisPlugin() analysis_plugin.SetAndLoadTagFile(test_tagging_file_path) analysis_plugins = {'tagging': analysis_plugin} configuration = configurations.ProcessingConfiguration() test_engine = analysis_engine.AnalysisMultiProcessEngine() with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, 'storage.plaso') shutil.copyfile(test_file_path, temp_file) self._ReadSessionConfiguration(temp_file, knowledge_base_object) storage_writer = storage_factory.StorageFactory.CreateStorageWriter( definitions.DEFAULT_STORAGE_FORMAT) test_engine._processing_configuration = configuration test_engine._session = session test_engine._storage_file_path = temp_directory test_engine._StartTaskStorage(definitions.STORAGE_FORMAT_SQLITE) test_engine._StartAnalysisProcesses(analysis_plugins) storage_writer.Open(path=temp_file) try: events_counter = test_engine._AnalyzeEvents( storage_writer, analysis_plugins) finally: storage_writer.Close() test_engine._StopAnalysisProcesses() self.assertIsNotNone(events_counter) self.assertEqual(events_counter['Events filtered'], 0) self.assertEqual(events_counter['Events processed'], 38)
def testGetValue(self): """Tests the GetValue function.""" plugin = windows.WindowsUsers() knowledge_base_object = knowledge_base.KnowledgeBase() plugin.Run(self._win_registry, knowledge_base_object) users = knowledge_base_object.GetValue(u'users') self.assertEqual(len(users), 11) expected_sid = u'S-1-5-21-2036804247-3058324640-2116585241-1114' self.assertEqual(users[9].get(u'sid', None), expected_sid) self.assertEqual(users[9].get(u'name', None), u'rsydow') self.assertEqual(users[9].get(u'path', None), u'C:\\Users\\rsydow')
def testAnalyzeEvents(self): """Tests the AnalyzeEvents function.""" storage_file_path = self._GetTestFilePath([u'psort_test.json.plaso']) session = sessions.Session() knowledge_base_object = knowledge_base.KnowledgeBase() formatter_mediator = formatters_mediator.FormatterMediator() formatter_mediator.SetPreferredLanguageIdentifier(u'en-US') output_mediator_object = output_mediator.OutputMediator( knowledge_base_object, formatter_mediator) output_module = null.NullOutputModule(output_mediator_object) data_location = u'' analysis_plugin = tagging.TaggingAnalysisPlugin() # TODO: set tag file. test_engine = psort.PsortMultiProcessEngine() with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'storage.plaso') shutil.copyfile(storage_file_path, temp_file) storage_writer = storage_zip_file.ZIPStorageFileWriter( session, temp_file) counter = test_engine.AnalyzeEvents( knowledge_base_object, storage_writer, output_module, data_location, [analysis_plugin]) # TODO: assert if tests were successful. _ = counter test_filter = filters_test_lib.TestEventFilter() with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'storage.plaso') shutil.copyfile(storage_file_path, temp_file) storage_writer = storage_zip_file.ZIPStorageFileWriter( session, temp_file) counter = test_engine.AnalyzeEvents( knowledge_base_object, storage_writer, data_location, [analysis_plugin], event_filter=test_filter) # TODO: assert if tests were successful. _ = counter
def testGetValue(self): """Tests the GetValue function.""" knowledge_base_object = knowledge_base.KnowledgeBase() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath() plugin.Run(self._searcher, knowledge_base_object) plugin = windows.WindowsTimeZone() plugin.Run(self._searcher, knowledge_base_object) time_zone_str = knowledge_base_object.GetValue('time_zone_str') self.assertEqual(time_zone_str, u'EST5EDT')
def testProduceRecoveryWarning(self): """Tests the ProduceRecoveryWarning method.""" knowledge_base_object = knowledge_base.KnowledgeBase() parser_mediator = mediator.ParserMediator(knowledge_base_object) storage_writer = fake_writer.FakeStorageWriter() parser_mediator.SetStorageWriter(storage_writer) storage_writer.Open() parser_mediator.ProduceRecoveryWarning('test') self.assertEqual(storage_writer.number_of_events, 0) self.assertEqual(storage_writer.number_of_extraction_warnings, 0) self.assertEqual(storage_writer.number_of_recovery_warnings, 1)
def testGetValue(self): """Tests the GetValue function.""" knowledge_base_object = knowledge_base.KnowledgeBase() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath() plugin.Run(self._searcher, knowledge_base_object) plugin = windows.WindowsProgramFilesPath() plugin.Run(self._searcher, knowledge_base_object) path = knowledge_base_object.GetValue('programfiles') self.assertEqual(path, u'Program Files')
def testGetEnvironmentVariables(self): """Tests the GetEnvironmentVariables function.""" knowledge_base_object = knowledge_base.KnowledgeBase() environment_variable = artifacts.EnvironmentVariableArtifact( case_sensitive=False, name='SystemRoot', value='C:\\Windows') knowledge_base_object.AddEnvironmentVariable(environment_variable) environment_variable = artifacts.EnvironmentVariableArtifact( case_sensitive=False, name='WinDir', value='C:\\Windows') knowledge_base_object.AddEnvironmentVariable(environment_variable) environment_variables = knowledge_base_object.GetEnvironmentVariables() self.assertEqual(len(environment_variables), 2)
def __init__(self): """Initializes an engine.""" super(BaseEngine, self).__init__() self._abort = False self._guppy_memory_profiler = None self._memory_profiler = None self._name = 'Main' self._processing_status = processing_status.ProcessingStatus() self._processing_profiler = None self._serializers_profiler = None self._storage_profiler = None self._task_queue_profiler = None self.knowledge_base = knowledge_base.KnowledgeBase()
def testGetValue(self): """Tests the GetValue function.""" knowledge_base_object = knowledge_base.KnowledgeBase() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath() plugin.Run(self._searcher, knowledge_base_object) plugin = windows.WindowsVersion() plugin.Run(self._searcher, knowledge_base_object) osversion = knowledge_base_object.GetValue('osversion') self.assertEqual(osversion, u'Windows 7 Ultimate')
def testAnalyzeFileObject(self): """Tests the _AnalyzeFileObject function.""" knowledge_base_values = {'year': 2016} session = sessions.Session() storage_writer = fake_writer.FakeStorageWriter(session) knowledge_base_object = knowledge_base.KnowledgeBase() if knowledge_base_values: for identifier, value in knowledge_base_values.items(): knowledge_base_object.SetValue(identifier, value) resolver_context = context.Context() mediator = parsers_mediator.ParserMediator( storage_writer, knowledge_base_object, preferred_year=2016, resolver_context=resolver_context) extraction_worker = worker.EventExtractionWorker() test_analyzer = analyzers_manager_test.TestAnalyzer() self.assertEqual(len(test_analyzer.GetResults()), 0) extraction_worker._analyzers = [test_analyzer] storage_writer.Open() storage_writer.WriteSessionStart() file_entry = self._GetTestFileEntry(['ímynd.dd']) mediator.SetFileEntry(file_entry) file_object = file_entry.GetFileObject() display_name = mediator.GetDisplayName() event_data_stream = events.EventDataStream() try: extraction_worker._AnalyzeFileObject(file_object, display_name, event_data_stream) finally: file_object.close() storage_writer.WriteSessionCompletion() storage_writer.Close() self.assertIsNotNone(event_data_stream) event_attribute = getattr(event_data_stream, 'test_result', None) self.assertEqual(event_attribute, 'is_vegetable')
def testGetValue(self): """Tests the GetValue function.""" knowledge_base_object = knowledge_base.KnowledgeBase() plugin = linux.LinuxUsernames() plugin.Run(self._searcher, knowledge_base_object) users = knowledge_base_object.GetValue('users') self.assertEqual(len(users), 13) self.assertEqual(users[11].get('uid', None), u'14') self.assertEqual(users[11].get('gid', None), u'50') self.assertEqual(users[11].get('name', None), u'ftp') self.assertEqual(users[11].get('path', None), u'/var/ftp') self.assertEqual(users[11].get('shell', None), u'/sbin/nologin')
def testGetSetValue(self): """Tests the GetValue and SetValue functions.""" knowledge_base_object = knowledge_base.KnowledgeBase() expected_value = u'test value' knowledge_base_object.SetValue(u'Test', expected_value) value = knowledge_base_object.GetValue(u'Test') self.assertEqual(value, expected_value) value = knowledge_base_object.GetValue(u'tEsT') self.assertEqual(value, expected_value) value = knowledge_base_object.GetValue(u'Bogus') self.assertEqual(value, None)
def testCheckKeyCompatibility(self): """Tests the CheckKeyCompatibility function""" knowledge_base = knowledge_base_engine.KnowledgeBase() test_filter_file = self._CreateTestArtifactDefinitionsFilterHelper( [], knowledge_base) # Compatible Key. key_path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control' compatible_key = test_filter_file.CheckKeyCompatibility(key_path) self.assertTrue(compatible_key) # NOT a Compatible Key. key_path = 'HKEY_USERS\\S-1-5-18' compatible_key = test_filter_file.CheckKeyCompatibility(key_path) self.assertFalse(compatible_key)
def _CreateOutputMediator(self, dynamic_time=True): """Creates a test output mediator. Args: dynamic_time (Optional[bool]): True if date and time values should be represented in their granularity or semantically. Returns: OutputMediator: output mediator. """ knowledge_base_object = knowledge_base.KnowledgeBase() return mediator.OutputMediator( knowledge_base_object, data_location=shared_test_lib.TEST_DATA_PATH, dynamic_time=dynamic_time)
def testAnalyzeDataStream(self): """Tests the _AnalyzeDataStream function.""" knowledge_base_values = {'year': 2016} session = sessions.Session() storage_writer = fake_writer.FakeStorageWriter() knowledge_base_object = knowledge_base.KnowledgeBase() if knowledge_base_values: for identifier, value in knowledge_base_values.items(): knowledge_base_object.SetValue(identifier, value) resolver_context = context.Context() parser_mediator = parsers_mediator.ParserMediator( knowledge_base_object, resolver_context=resolver_context) parser_mediator.SetPreferredYear(2016) parser_mediator.SetStorageWriter(storage_writer) extraction_worker = worker.EventExtractionWorker() test_analyzer = analyzers_manager_test.TestAnalyzer() self.assertEqual(len(test_analyzer.GetResults()), 0) extraction_worker._analyzers = [test_analyzer] storage_writer.Open() session_start = session.CreateSessionStart() storage_writer.AddAttributeContainer(session_start) file_entry = self._GetTestFileEntry(['syslog.tgz']) parser_mediator.SetFileEntry(file_entry) display_name = parser_mediator.GetDisplayName() event_data_stream = events.EventDataStream() extraction_worker._AnalyzeDataStream(file_entry, '', display_name, event_data_stream) session_completion = session.CreateSessionCompletion() storage_writer.AddAttributeContainer(session_completion) storage_writer.Close() self.assertIsNotNone(event_data_stream) event_attribute = getattr(event_data_stream, 'test_result', None) self.assertEqual(event_attribute, 'is_vegetable')
def _TagEvent(self, event, event_data, event_data_stream): """Tags an event. Args: event (Event): event. event_data (EventData): event data. event_data_stream (EventDataStream): event data stream. Returns: FakeStorageWriter: storage writer. Raises: SkipTest: if the tag file does not exist. """ tag_file_path = self._GetDataFilePath([self._TAG_FILE]) self._SkipIfPathNotExists(tag_file_path) session = sessions.Session() storage_writer = fake_writer.FakeStorageWriter() storage_writer.Open() if event_data_stream: storage_writer.AddAttributeContainer(event_data_stream) event_data_stream_identifier = event_data_stream.GetIdentifier() event_data.SetEventDataStreamIdentifier( event_data_stream_identifier) storage_writer.AddAttributeContainer(event_data) event_data_identifier = event_data.GetIdentifier() event.SetEventDataIdentifier(event_data_identifier) storage_writer.AddAttributeContainer(event) knowledge_base_object = knowledge_base.KnowledgeBase() mediator = analysis_mediator.AnalysisMediator(session, knowledge_base_object) mediator.SetStorageWriter(storage_writer) plugin = tagging.TaggingAnalysisPlugin() plugin.SetAndLoadTagFile(tag_file_path) plugin.ExamineEvent(mediator, event, event_data, event_data_stream) analysis_report = plugin.CompileReport(mediator) storage_writer.AddAttributeContainer(analysis_report) return storage_writer
def _SetUpKnowledgeBase(self, knowledge_base_values=None): """Sets up a knowledge base. Args: knowledge_base_values: optional dict containing the knowledge base values. The default is None. Returns: An knowledge base object (instance of KnowledgeBase). """ knowledge_base_object = knowledge_base.KnowledgeBase() if knowledge_base_values: for identifier, value in knowledge_base_values.iteritems(): knowledge_base_object.SetValue(identifier, value) return knowledge_base_object
def __init__(self): """Initializes the front-end object.""" super(PsortFrontend, self).__init__() self._abort = False self._debug_mode = False self._enable_profiling = False # Instance of EventObjectFilter. self._event_filter = None self._event_filter_expression = None self._knowledge_base = knowledge_base.KnowledgeBase() self._preferred_language = u'en-US' self._profiling_directory = None self._profiling_sample_rate = self._DEFAULT_PROFILING_SAMPLE_RATE self._profiling_type = u'all' self._quiet_mode = False self._use_zeromq = True
def testInternalExportEvents(self): """Tests the _ExportEvents function.""" knowledge_base_object = knowledge_base.KnowledgeBase() output_writer = cli_test_lib.TestOutputWriter() formatter_mediator = formatters_mediator.FormatterMediator() output_mediator_object = output_mediator.OutputMediator( knowledge_base_object, formatter_mediator) output_module = TestOutputModule(output_mediator_object) output_module.SetOutputWriter(output_writer) test_engine = psort.PsortMultiProcessEngine() formatters_manager.FormattersManager.RegisterFormatter( TestEventFormatter) with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'storage.plaso') self._CreateTestStorageFile(temp_file) storage_reader = storage_zip_file.ZIPStorageFileReader(temp_file) storage_reader.ReadPreprocessingInformation(knowledge_base_object) event_buffer = TestEventBuffer(output_module, check_dedups=False) test_engine._ExportEvents(storage_reader, event_buffer) event_buffer.Flush() formatters_manager.FormattersManager.DeregisterFormatter( TestEventFormatter) lines = [] output = output_writer.ReadOutput() for line in output.split(b'\n'): lines.append(line) self.assertEqual(len(lines), 8) self.assertTrue(b'My text goes along: My text dude. lines' in lines[2]) self.assertTrue(b'LOG/' in lines[2]) self.assertTrue(b'None in Particular' in lines[2]) self.assertEqual(lines[0], ( b'date,time,timezone,MACB,source,sourcetype,type,user,host,short,desc,' b'version,filename,inode,notes,format,extra'))
def testInternalAnalyzeEvents(self): """Tests the _AnalyzeEvents function.""" session = sessions.Session() knowledge_base_object = knowledge_base.KnowledgeBase() test_engine = psort.PsortMultiProcessEngine() test_plugin = TestAnalysisPlugin() with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'storage.plaso') self._CreateTestStorageFile(temp_file) storage_writer = storage_zip_file.ZIPStorageFileWriter( session, temp_file) storage_writer.StartTaskStorage() storage_writer.Open() storage_writer.ReadPreprocessingInformation(knowledge_base_object) # TODO: implement, this currently loops infinite. # test_engine._AnalyzeEvents(storage_writer, [test_plugin]) storage_writer.Close() test_filter = filters_test_lib.TestEventFilter() with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'storage.plaso') self._CreateTestStorageFile(temp_file) storage_writer = storage_zip_file.ZIPStorageFileWriter( session, temp_file) storage_writer.StartTaskStorage() storage_writer.Open() storage_writer.ReadPreprocessingInformation(knowledge_base_object) # TODO: implement, this currently loops infinite. _ = test_engine _ = test_plugin _ = test_filter # test_engine._AnalyzeEvents( # storage_writer, [test_plugin], event_filter=test_filter) storage_writer.Close()