def testParseLayerConfig(self): """Tests the _ParseLayerConfigJSON function.""" layer_identifier = ( '3c9a9d7cc6a235eb2de58ca9ef3551c67ae42a991933ba4958d207b29142902b') parser = docker.DockerJSONParser() path_segments = ['docker', 'graph', layer_identifier, 'json'] storage_writer = self._ParseFile(path_segments, parser) self.assertEqual(storage_writer.number_of_events, 1) self.assertEqual(storage_writer.number_of_extraction_warnings, 0) self.assertEqual(storage_writer.number_of_recovery_warnings, 0) events = list(storage_writer.GetEvents()) expected_event_values = { 'command': ('/bin/sh -c sed -i \'s/^#\\s*\\(deb.*universe\\)$/\\1/g\' ' '/etc/apt/sources.list'), 'data_type': 'docker:json:layer', 'date_time': '2015-10-12 17:27:03.079273', 'layer_id': layer_identifier, 'timestamp_desc': definitions.TIME_DESCRIPTION_ADDED } self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testParseLayerConfig(self): """Tests the _ParseLayerConfigJSON function.""" layer_identifier = ( '3c9a9d7cc6a235eb2de58ca9ef3551c67ae42a991933ba4958d207b29142902b') parser = docker.DockerJSONParser() path_segments = ['docker', 'graph', layer_identifier, 'json'] storage_writer = self._ParseFile(path_segments, parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 1) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2015-10-12 17:27:03.079273') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) event_data = self._GetEventDataOfEvent(storage_writer, event) expected_command = ( '/bin/sh -c sed -i \'s/^#\\s*\\(deb.*universe\\)$/\\1/g\' ' '/etc/apt/sources.list') self.assertEqual(event_data.command, expected_command) self.assertEqual(event_data.layer_id, layer_identifier)
def testParseContainerConfig(self): """Tests the _ParseContainerConfigJSON function.""" container_identifier = ( 'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c') parser = docker.DockerJSONParser() path_segments = [ 'docker', 'containers', container_identifier, 'config.json'] storage_writer = self._ParseFile(path_segments, parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 2) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2016-01-07 16:49:08.674873') event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.action, 'Container Started') self.assertEqual(event_data.container_id, container_identifier) self.assertEqual(event_data.container_name, 'e7d0b7ea5ccf') event = events[1] self.CheckTimestamp(event.timestamp, '2016-01-07 16:49:08.507979') event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.action, 'Container Created') self.assertEqual(event_data.container_id, container_identifier) self.assertEqual(event_data.container_name, 'e7d0b7ea5ccf')
def testParseContainerConfig(self): """Tests the _ParseContainerConfigJSON function.""" container_identifier = ( 'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c') parser = docker.DockerJSONParser() path_segments = [ 'docker', 'containers', container_identifier, 'config.json' ] storage_writer = self._ParseFile(path_segments, parser) self.assertEqual(storage_writer.number_of_events, 2) events = list(storage_writer.GetEvents()) event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( '2016-01-07 16:49:08.674873') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.action, 'Container Started') self.assertEqual(event.container_id, container_identifier) self.assertEqual(event.container_name, 'e7d0b7ea5ccf') event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( '2016-01-07 16:49:08.507979') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.action, 'Container Created') self.assertEqual(event.container_id, container_identifier) self.assertEqual(event.container_name, 'e7d0b7ea5ccf')
def testParseContainerConfig(self): """Tests the _ParseContainerConfigJSON function.""" container_identifier = ( 'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c') parser = docker.DockerJSONParser() path_segments = [ 'docker', 'containers', container_identifier, 'config.json' ] storage_writer = self._ParseFile(path_segments, parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 2) events = list(storage_writer.GetEvents()) expected_event_values = { 'action': 'Container Started', 'container_id': container_identifier, 'container_name': 'e7d0b7ea5ccf', 'data_type': 'docker:json:container', 'timestamp': '2016-01-07 16:49:08.674873' } self.CheckEventValues(storage_writer, events[0], expected_event_values) expected_event_values = { 'action': 'Container Created', 'container_id': container_identifier, 'container_name': 'e7d0b7ea5ccf', 'data_type': 'docker:json:container', 'timestamp': '2016-01-07 16:49:08.507979' } self.CheckEventValues(storage_writer, events[1], expected_event_values)
def testParseContainerConfig(self): """Tests the _ParseContainerConfigJSON function.""" parser_object = docker.DockerJSONParser() container_id = (u'e7d0b7ea5ccf08366e2b0c8afa231867' u'4e8aefe802315378125d2bb83fe3110c') test_file = self._GetTestFilePath( [u'docker', u'containers', container_id, u'config.json']) event_queue_consumer = self._ParseFile(parser_object, test_file) event_objects = self._GetEventObjectsFromQueue(event_queue_consumer) self.assertEqual(len(event_objects), 2) event_object = event_objects[0] expected_timestamp = timelib.Timestamp.CopyFromString( u'2016-01-07 16:49:08.674873') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual(event_object.action, u'Container Started') self.assertEqual(event_object.container_id, container_id) self.assertEqual(event_object.container_name, u'e7d0b7ea5ccf') event_object = event_objects[1] expected_timestamp = timelib.Timestamp.CopyFromString( u'2016-01-07 16:49:08.507979') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual(event_object.action, u'Container Created') self.assertEqual(event_object.container_id, container_id) self.assertEqual(event_object.container_name, u'e7d0b7ea5ccf')
def testParseContainerLog(self): """Tests the _ParseContainerLogJSON function.""" container_identifier = ( u'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c' ) parser = docker.DockerJSONParser() path_segments = [ u'docker', u'containers', container_identifier, u'container-json.log' ] storage_writer = self._ParseFile(path_segments, parser) self.assertEqual(storage_writer.number_of_events, 10) events = list(storage_writer.GetEvents()) expected_times = [ u'2016-01-07 16:49:10.000000', u'2016-01-07 16:49:10.200000', u'2016-01-07 16:49:10.230000', u'2016-01-07 16:49:10.237000', u'2016-01-07 16:49:10.237200', u'2016-01-07 16:49:10.237220', u'2016-01-07 16:49:10.237222', u'2016-01-07 16:49:10.237222', # losing sub microsec info u'2016-01-07 16:49:10.237222', u'2016-01-07 16:49:10.237222' ] expected_log = ( u'\x1b]0;root@e7d0b7ea5ccf: ' u'/home/plaso\x07root@e7d0b7ea5ccf:/home/plaso# ls\r\n') expected_message = ( u'Text: ' u'\x1b]0;root@e7d0b7ea5ccf: /home/plaso\x07root@e7d0b7ea5ccf:' u'/home/plaso# ls, Container ID: {0:s}, ' u'Source: stdout').format(container_identifier) expected_short_message = ( u'Text: ' u'\x1b]0;root@e7d0b7ea5ccf: /home/plaso\x07root@e7d0b7ea5ccf:' u'/home/plaso# ls, C...') for index, event in enumerate(events): expected_timestamp = timelib.Timestamp.CopyFromString( expected_times[index]) self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.container_id, container_identifier) self.assertEqual(event.log_line, expected_log) self.assertEqual(event.log_source, u'stdout') self._TestGetMessageStrings(event, expected_message, expected_short_message)
def testParseContainerLog(self): """Tests the _ParseContainerLogJSON function.""" container_identifier = ( 'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c') parser = docker.DockerJSONParser() path_segments = [ 'docker', 'containers', container_identifier, 'container-json.log' ] storage_writer = self._ParseFile(path_segments, parser) number_of_events = storage_writer.GetNumberOfAttributeContainers( 'event') self.assertEqual(number_of_events, 10) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'extraction_warning') self.assertEqual(number_of_warnings, 0) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'recovery_warning') self.assertEqual(number_of_warnings, 0) events = list(storage_writer.GetEvents()) expected_timestamps = [ '2016-01-07 16:49:10.000000', '2016-01-07 16:49:10.200000', '2016-01-07 16:49:10.230000', '2016-01-07 16:49:10.237000', '2016-01-07 16:49:10.237200', '2016-01-07 16:49:10.237220', '2016-01-07 16:49:10.237222', '2016-01-07 16:49:10.237222', # losing sub microsec info '2016-01-07 16:49:10.237222', '2016-01-07 16:49:10.237222' ] expected_event_values = { 'container_id': container_identifier, 'data_type': 'docker:json:container:log', 'log_line': ('\x1b]0;root@e7d0b7ea5ccf: ' '/home/plaso\x07root@e7d0b7ea5ccf:/home/plaso# ls\r\n'), 'log_source': 'stdout' } for index, event in enumerate(events): self.CheckTimestamp(event.timestamp, expected_timestamps[index]) self.CheckEventValues(storage_writer, event, expected_event_values)
def testParseContainerLog(self): """Tests the _ParseContainerLogJSON function.""" parser_object = docker.DockerJSONParser() container_id = (u'e7d0b7ea5ccf08366e2b0c8afa231867' u'4e8aefe802315378125d2bb83fe3110c') test_file = self._GetTestFilePath( [u'docker', u'containers', container_id, u'container-json.log']) event_queue_consumer = self._ParseFile(parser_object, test_file) event_objects = self._GetEventObjectsFromQueue(event_queue_consumer) self.assertEqual(len(event_objects), 10) expected_times = [ u'2016-01-07 16:49:10.000000', u'2016-01-07 16:49:10.200000', u'2016-01-07 16:49:10.230000', u'2016-01-07 16:49:10.237000', u'2016-01-07 16:49:10.237200', u'2016-01-07 16:49:10.237220', u'2016-01-07 16:49:10.237222', u'2016-01-07 16:49:10.237222', # losing sub microsec info u'2016-01-07 16:49:10.237222', u'2016-01-07 16:49:10.237222' ] expected_log = ( u'\x1b]0;root@e7d0b7ea5ccf: ' u'/home/plaso\x07root@e7d0b7ea5ccf:/home/plaso# ls\r\n') expected_msg = ( u'Text: ' u'\x1b]0;root@e7d0b7ea5ccf: /home/plaso\x07root@e7d0b7ea5ccf:' u'/home/plaso# ls, Container ID: %s, ' u'Source: stdout' % container_id) expected_msg_short = ( u'Text: ' u'\x1b]0;root@e7d0b7ea5ccf: /home/plaso\x07root@e7d0b7ea5ccf:' u'/home/plaso# ls, C...') for index, event_object in enumerate(event_objects): self.assertEqual( event_objects[index].timestamp, timelib.Timestamp.CopyFromString(expected_times[index])) self.assertEqual(event_objects[index].container_id, container_id) self.assertEqual(event_objects[index].log_line, expected_log) self.assertEqual(event_objects[index].log_source, u'stdout') self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short)
def testParseLayerConfig(self): """Tests the _ParseLayerConfigJSON function.""" layer_identifier = ( u'3c9a9d7cc6a235eb2de58ca9ef3551c67ae42a991933ba4958d207b29142902b' ) parser_object = docker.DockerJSONParser() path_segments = [u'docker', u'graph', layer_identifier, u'json'] storage_writer = self._ParseFile(path_segments, parser_object) self.assertEqual(len(storage_writer.events), 1) event = storage_writer.events[0] expected_command = ( u'/bin/sh -c sed -i \'s/^#\\s*\\(deb.*universe\\)$/\\1/g\' ' u'/etc/apt/sources.list') self.assertEqual(event.command, expected_command) self.assertEqual(event.layer_id, layer_identifier) self.assertEqual(event.timestamp, 1444670823079273) self.assertEqual(event.timestamp_desc, u'Creation Time')
def testParseLayerConfig(self): """Tests the _ParseLayerConfigJSON function.""" parser_object = docker.DockerJSONParser() layer_id = (u'3c9a9d7cc6a235eb2de58ca9ef3551c6' u'7ae42a991933ba4958d207b29142902b') test_file = self._GetTestFilePath( ['docker', u'graph', layer_id, u'json']) event_queue_consumer = self._ParseFile(parser_object, test_file) event_objects = self._GetEventObjectsFromQueue(event_queue_consumer) self.assertEqual(len(event_objects), 1) event_object = event_objects[0] expected_command = ( u'/bin/sh -c sed -i \'s/^#\\s*\\(deb.*universe\\)$/\\1/g\' ' u'/etc/apt/sources.list') self.assertEqual(event_object.command, expected_command) self.assertEqual(event_object.layer_id, layer_id) self.assertEqual(event_object.timestamp, 1444670823079273) self.assertEqual(event_object.timestamp_desc, 'Creation Time')
def setUp(self): """Makes preparations before running an individual test.""" self._parser = docker.DockerJSONParser()