def testProcess(self):
"""Tests the Process function."""
plugin = default.DefaultOLECFPlugin()
storage_writer = self._ParseOLECFFileWithPlugin(['Document.doc'],
plugin)
self.assertEqual(storage_writer.number_of_errors, 0)
self.assertEqual(storage_writer.number_of_events, 5)
events = list(storage_writer.GetEvents())
# Check the Root Entry event.
event = events[0]
self.CheckTimestamp(event.timestamp, '2013-05-16 02:29:49.795000')
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_MODIFICATION)
self.assertEqual(event.name, 'Root Entry')
expected_string = ('Name: Root Entry')
self._TestGetMessageStrings(event, expected_string, expected_string)
# Check one other entry.
event = events[1]
self.CheckTimestamp(event.timestamp, '2013-05-16 02:29:49.704000')
expected_string = 'Name: MsoDataStore'
self._TestGetMessageStrings(event, expected_string, expected_string)
def testProcess(self):
"""Tests the Process function."""
plugin = default.DefaultOLECFPlugin()
storage_writer = self._ParseOLECFFileWithPlugin(['Document.doc'],
plugin)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 5)
events = list(storage_writer.GetEvents())
# Check the Root Entry event.
expected_event_values = {
'data_type': 'olecf:item',
'name': 'Root Entry',
'timestamp': '2013-05-16 02:29:49.795000',
'timestamp_desc': definitions.TIME_DESCRIPTION_MODIFICATION
}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
# Check one other entry.
expected_event_values = {
'data_type': 'olecf:item',
'name': 'MsoDataStore',
'timestamp': '2013-05-16 02:29:49.704000'
}
self.CheckEventValues(storage_writer, events[1], expected_event_values)
def testProcess(self):
"""Tests the Process function."""
plugin_object = default.DefaultOLECFPlugin()
storage_writer = self._ParseOLECFFileWithPlugin([u'Document.doc'],
plugin_object)
self.assertEqual(len(storage_writer.events), 5)
# Check the Root Entry event.
event_object = storage_writer.events[0]
self.assertEqual(event_object.name, u'Root Entry')
self.assertEqual(event_object.timestamp_desc,
eventdata.EventTimestamp.MODIFICATION_TIME)
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2013-05-16 02:29:49.795')
self.assertEqual(event_object.timestamp, expected_timestamp)
expected_string = (u'Name: Root Entry')
self._TestGetMessageStrings(event_object, expected_string,
expected_string)
# Check one other entry.
event_object = storage_writer.events[1]
expected_string = u'Name: MsoDataStore'
self._TestGetMessageStrings(event_object, expected_string,
expected_string)
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2013-05-16 02:29:49.704')
self.assertEqual(event_object.timestamp, expected_timestamp)
