def testPrintStorageInformationAsJSON(self):
"""Tests the _PrintStorageInformationAsJSON function."""
test_filename = 'pinfo_test.plaso'
session_identifier = 'd280b33c845b4e8bb3d0b33da11b180b'
session_start_time = timelib.Timestamp.CopyFromString(
'2017-12-28 20:06:34.578880')
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
test_file = self._GetTestFilePath([test_filename])
options = test_lib.TestOptions()
options.storage_file = test_file
options.output_format = 'json'
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
output = output_writer.ReadOutput()
json_output = json.loads(output)
first_session_identifier = 'session_{0:s}'.format(session_identifier)
first_session = json_output.get(first_session_identifier, None)
self.assertIsNotNone(first_session)
self.assertEqual(first_session['identifier'], session_identifier)
self.assertEqual(first_session['start_time'], session_start_time)
parsers_counter = first_session['parsers_counter']
self.assertEqual(parsers_counter['total'], 3)
self.assertEqual(parsers_counter['filestat'], 3)
def Main():
"""The main function."""
tool = pinfo_tool.PinfoTool()
if not tool.ParseArguments():
return False
if tool.show_troubleshooting:
print('Using Python version {0!s}'.format(sys.version))
print()
print('Path: {0:s}'.format(os.path.abspath(__file__)))
print()
print(tool.GetVersionInformation())
print()
dependencies.CheckDependencies(verbose_output=True)
print('Also see: https://plaso.readthedocs.io/en/latest/sources/user/'
'Troubleshooting.html')
return True
result = True
try:
if tool.compare_storage_information:
result = tool.CompareStores()
else:
tool.PrintStorageInformation()
except errors.BadConfigOption as exception:
logging.warning(exception)
return False
return result
def testParseArguments(self):
"""Tests the ParseArguments function."""
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
result = test_tool.ParseArguments()
self.assertFalse(result)
def testCompareStores(self):
"""Tests the CompareStores function."""
test_file_path1 = self._GetTestFilePath(['psort_test.plaso'])
self._SkipIfPathNotExists(test_file_path1)
test_file_path2 = self._GetTestFilePath(['pinfo_test.plaso'])
self._SkipIfPathNotExists(test_file_path2)
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
options = test_lib.TestOptions()
options.compare_storage_file = test_file_path1
options.storage_file = test_file_path1
test_tool.ParseOptions(options)
self.assertTrue(test_tool.CompareStores())
output = output_writer.ReadOutput()
self.assertEqual(output, 'Storage files are identical.\n')
options = test_lib.TestOptions()
options.compare_storage_file = test_file_path1
options.storage_file = test_file_path2
test_tool.ParseOptions(options)
self.assertFalse(test_tool.CompareStores())
output = output_writer.ReadOutput()
self.assertEqual(output, self._EXPECTED_OUTPUT_COMPARE_STORES)
def testCompareStores(self):
"""Tests the CompareStores function."""
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
test_file1 = self._GetTestFilePath(['psort_test.json.plaso'])
test_file2 = self._GetTestFilePath(['pinfo_test.json.plaso'])
options = test_lib.TestOptions()
options.compare_storage_file = test_file1
options.storage_file = test_file1
test_tool.ParseOptions(options)
self.assertTrue(test_tool.CompareStores())
output = output_writer.ReadOutput()
self.assertEqual(output, b'Storage files are identical.\n')
options = test_lib.TestOptions()
options.compare_storage_file = test_file1
options.storage_file = test_file2
test_tool.ParseOptions(options)
self.assertFalse(test_tool.CompareStores())
output = output_writer.ReadOutput()
self.assertEqual(output, b'Storage files are different.\n')
def Main():
"""The main function."""
tool = pinfo_tool.PinfoTool()
if not tool.ParseArguments(sys.argv[1:]):
return False
if tool.show_troubleshooting:
print('Using Python version {0!s}'.format(sys.version))
print()
print('Path: {0:s}'.format(os.path.abspath(__file__)))
print()
print(tool.GetVersionInformation())
print()
dependencies.CheckDependencies(verbose_output=True)
print('Also see: https://plaso.readthedocs.io/en/latest/sources/user/'
'Troubleshooting.html')
return True
try:
tool.CheckOutDated()
except KeyboardInterrupt:
return False
have_list_option = False
if tool.list_reports:
tool.ListReports()
have_list_option = True
if tool.list_sections:
tool.ListSections()
have_list_option = True
if have_list_option:
return True
result = True
try:
if tool.compare_storage_information:
result = tool.CompareStores()
elif tool.generate_report:
tool.GenerateReport()
else:
tool.PrintStorageInformation()
# Writing to stdout and stderr will raise BrokenPipeError if it
# receives a SIGPIPE.
except BrokenPipeError:
pass
except (KeyboardInterrupt, errors.UserAbort):
logging.warning('Aborted by user.')
return False
except errors.BadConfigOption as exception:
logging.warning(exception)
return False
return result
def testPrintStorageInformationAsJSON(self):
"""Tests the _PrintStorageInformationAsJSON function."""
test_filename = 'pinfo_test.plaso'
session_identifier = '3ffec3920c054b47b10329a22e423342'
session_start_time = timelib.Timestamp.CopyFromString(
'2019-03-31 18:30:15.844335')
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
test_file = self._GetTestFilePath([test_filename])
options = test_lib.TestOptions()
options.storage_file = test_file
options.output_format = 'json'
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
output = output_writer.ReadOutput()
json_output = json.loads(output)
first_session_identifier = 'session_{0:s}'.format(session_identifier)
first_session = json_output.get(first_session_identifier, None)
self.assertIsNotNone(first_session)
self.assertEqual(first_session['identifier'], session_identifier)
self.assertEqual(first_session['start_time'], session_start_time)
parsers_counter = first_session['parsers_counter']
self.assertEqual(parsers_counter['total'], 3)
self.assertEqual(parsers_counter['filestat'], 3)
def testPrintStorageInformationAsJSON(self):
"""Tests the _PrintStorageInformationAsJSON function."""
test_filename = 'pinfo_test.plaso'
session_identifier = '35242873b9394a86a6ff08c2fdadb946'
session_start_time = timelib.Timestamp.CopyFromString(
'2019-05-05 11:52:23.388630')
test_file_path = self._GetTestFilePath([test_filename])
self._SkipIfPathNotExists(test_file_path)
options = test_lib.TestOptions()
options.storage_file = test_file_path
options.output_format = 'json'
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
output = output_writer.ReadOutput()
json_output = json.loads(output)
sessions = json_output.get('sessions')
first_session_identifier = 'session_{0:s}'.format(session_identifier)
first_session = sessions.get(first_session_identifier)
self.assertIsNotNone(first_session)
self.assertEqual(first_session['identifier'], session_identifier)
self.assertEqual(first_session['start_time'], session_start_time)
parsers_counter = first_session['parsers_counter']
self.assertEqual(parsers_counter['total'], 3)
self.assertEqual(parsers_counter['filestat'], 3)
def testPrintStorageInformationAsJSON(self):
"""Tests the _PrintStorageInformationAsJSON function."""
test_filename = u'pinfo_test.json.plaso'
session_identifier = u'81ca8bf6285d4bacbb7cd339f07d7728'
session_start_time = timelib.Timestamp.CopyFromString(
u'2017-07-15 07:55:31.382324')
output_writer = test_lib.TestOutputWriter(encoding=u'utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
test_file = self._GetTestFilePath([test_filename])
options = test_lib.TestOptions()
options.storage_file = test_file
options.output_format = u'json'
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
output = output_writer.ReadOutput()
json_output = json.loads(output)
first_session_identifier = u'session_{0:s}'.format(session_identifier)
first_session = json_output.get(first_session_identifier, None)
self.assertIsNotNone(first_session)
self.assertEqual(first_session[u'identifier'], session_identifier)
self.assertEqual(first_session[u'start_time'], session_start_time)
parsers_counter = first_session[u'parsers_counter']
self.assertEqual(parsers_counter[u'total'], 3)
self.assertEqual(parsers_counter[u'filestat'], 3)
def testPrintStorageInformationAsJSON(self):
"""Tests the _PrintStorageInformationAsJSON function."""
test_filename = 'pinfo_test.json.plaso'
session_identifier = 'ec42c87f79ce4b8bbd5c686d78ef0486'
session_start_time = timelib.Timestamp.CopyFromString(
'2017-08-20 10:35:30.291759')
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
test_file = self._GetTestFilePath([test_filename])
options = test_lib.TestOptions()
options.storage_file = test_file
options.output_format = 'json'
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
output = output_writer.ReadOutput()
json_output = json.loads(output)
first_session_identifier = 'session_{0:s}'.format(session_identifier)
first_session = json_output.get(first_session_identifier, None)
self.assertIsNotNone(first_session)
self.assertEqual(first_session['identifier'], session_identifier)
self.assertEqual(first_session['start_time'], session_start_time)
parsers_counter = first_session['parsers_counter']
self.assertEqual(parsers_counter['total'], 3)
self.assertEqual(parsers_counter['filestat'], 3)
def testPrintStorageInformationAsJSON(self):
"""Tests the _PrintStorageInformationAsJSON function."""
test_filename = 'pinfo_test.plaso'
session_identifier = '1f390c911b184086a3b926bb5af2620f'
session_start_time = timelib.Timestamp.CopyFromString(
'2018-08-31 14:12:41.882914')
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
test_file = self._GetTestFilePath([test_filename])
options = test_lib.TestOptions()
options.storage_file = test_file
options.output_format = 'json'
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
output = output_writer.ReadOutput()
json_output = json.loads(output)
first_session_identifier = 'session_{0:s}'.format(session_identifier)
first_session = json_output.get(first_session_identifier, None)
self.assertIsNotNone(first_session)
self.assertEqual(first_session['identifier'], session_identifier)
self.assertEqual(first_session['start_time'], session_start_time)
parsers_counter = first_session['parsers_counter']
self.assertEqual(parsers_counter['total'], 3)
self.assertEqual(parsers_counter['filestat'], 3)
def testParseOptions(self):
"""Tests the ParseOptions function."""
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
options = test_lib.TestOptions()
options.storage_file = self._GetTestFilePath(['pinfo_test.json.plaso'])
test_tool.ParseOptions(options)
options = test_lib.TestOptions()
with self.assertRaises(errors.BadConfigOption):
test_tool.ParseOptions(options)
def testGetStorageReader(self):
"""Tests the _GetStorageReader function."""
test_file_path = self._GetTestFilePath(['psort_test.plaso'])
self._SkipIfPathNotExists(test_file_path)
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
storage_reader = test_tool._GetStorageReader(test_file_path)
try:
self.assertIsNotNone(storage_reader)
finally:
storage_reader.Close()
with self.assertRaises(errors.BadConfigOption):
test_tool._GetStorageReader('bogus.plaso')
def testCompareStores(self):
"""Tests the CompareStores function."""
test_file_path1 = self._GetTestFilePath(['psort_test.plaso'])
self._SkipIfPathNotExists(test_file_path1)
test_file_path2 = self._GetTestFilePath(['pinfo_test.plaso'])
self._SkipIfPathNotExists(test_file_path2)
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
options = test_lib.TestOptions()
options.compare_storage_file = test_file_path1
options.storage_file = test_file_path1
test_tool.ParseOptions(options)
self.assertTrue(test_tool.CompareStores())
output = output_writer.ReadOutput()
self.assertEqual(output, 'Storage files are identical.\n')
options = test_lib.TestOptions()
options.compare_storage_file = test_file_path1
options.storage_file = test_file_path2
test_tool.ParseOptions(options)
self.assertFalse(test_tool.CompareStores())
expected_output = '\n'.join([
'',
('************************* Events generated per parser ***************'
'***********'),
'Parser (plugin) name : Number of events',
('---------------------------------------------------------------------'
'-----------'),
' filestat : 3 (6)',
' total : 3 (38)',
('---------------------------------------------------------------------'
'-----------'),
'',
'Storage files are different.',
''])
output = output_writer.ReadOutput()
self.assertEqual(output, expected_output)
def Main():
"""The main function."""
tool = pinfo_tool.PinfoTool()
if not tool.ParseArguments():
return False
result = True
try:
if tool.compare_storage_information:
result = tool.CompareStores()
else:
tool.PrintStorageInformation()
except errors.BadConfigOption as exception:
logging.warning(exception)
return False
return result
def testPrintStorageInformationAsJSON(self):
"""Tests the PrintStorageInformation function with JSON output format."""
test_filename = 'pinfo_test.plaso'
session_identifier = '17c2f64c-ff4c-493d-b79d-18f31deaf7d5'
session_start_time = '2021-11-21 16:57:49.936026'
test_file_path = self._GetTestFilePath([test_filename])
self._SkipIfPathNotExists(test_file_path)
options = test_lib.TestOptions()
options.storage_file = test_file_path
options.output_format = 'json'
options.sections = 'events,reports,sessions,warnings'
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
output = output_writer.ReadOutput()
json_output = json.loads(output)
sessions = json_output.get('sessions')
self.assertIsNotNone(sessions)
first_session = sessions.get('session')
self.assertIsNotNone(first_session)
self.assertEqual(first_session['identifier'],
session_identifier.replace('-', ''))
expected_start_time = shared_test_lib.CopyTimestampFromString(
session_start_time)
self.assertEqual(first_session['start_time'], expected_start_time)
storage_counters = json_output.get('storage_counters')
self.assertIsNotNone(storage_counters)
parsers_counter = storage_counters['parsers']
self.assertIsNotNone(parsers_counter)
self.assertEqual(parsers_counter['total'], 3)
self.assertEqual(parsers_counter['filestat'], 3)
def testGenerateFileHashesReport(self):
"""Tests the _GenerateFileHashesReport function."""
test_file_path = self._GetTestFilePath(['psort_test.plaso'])
self._SkipIfPathNotExists(test_file_path)
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
storage_reader = test_tool._GetStorageReader(test_file_path)
try:
test_tool._GenerateFileHashesReport(storage_reader)
finally:
storage_reader.Close()
output = output_writer.ReadOutput()
lines_of_output = output.split('\n')
self.assertEqual(len(lines_of_output), 4)
expected_line_of_output = (
'1f0105612f6ad2d225d6bd9ba631148740e312598878adcd2b74098a3dab50c4'
'\tOS:/tmp/test/test_data/syslog')
self.assertEqual(lines_of_output[1], expected_line_of_output)
def testPrintStorageInformationAsJSON(self):
"""Tests the PrintStorageInformation function with JSON output format."""
test_filename = 'pinfo_test.plaso'
session_identifier = 'c1ce225e-7eec-49a6-9f5c-35907e518ff8'
session_start_time = '2020-04-04 06:40:08.695055'
test_file_path = self._GetTestFilePath([test_filename])
self._SkipIfPathNotExists(test_file_path)
options = test_lib.TestOptions()
options.storage_file = test_file_path
options.output_format = 'json'
options.sections = 'events,reports,sessions,warnings'
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
output = output_writer.ReadOutput()
json_output = json.loads(output)
sessions = json_output.get('sessions')
self.assertIsNotNone(sessions)
first_session = sessions.get('session')
self.assertIsNotNone(first_session)
self.assertEqual(
first_session['identifier'], session_identifier.replace('-', ''))
expected_start_time = shared_test_lib.CopyTimestampFromSring(
session_start_time)
self.assertEqual(first_session['start_time'], expected_start_time)
parsers_counter = first_session['parsers_counter']
self.assertEqual(parsers_counter['total'], 3)
self.assertEqual(parsers_counter['filestat'], 3)
def testPrintStorageInformationAsJSON(self):
"""Tests the PrintStorageInformation function with JSON output format."""
test_filename = 'pinfo_test.plaso'
session_identifier = '678d3612-feac-4de7-b929-0bd3260a9365'
session_start_time = '2021-06-23 07:42:30.094310'
test_file_path = self._GetTestFilePath([test_filename])
self._SkipIfPathNotExists(test_file_path)
options = test_lib.TestOptions()
options.storage_file = test_file_path
options.output_format = 'json'
options.sections = 'events,reports,sessions,warnings'
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
output = output_writer.ReadOutput()
json_output = json.loads(output)
sessions = json_output.get('sessions')
self.assertIsNotNone(sessions)
first_session = sessions.get('session')
self.assertIsNotNone(first_session)
self.assertEqual(first_session['identifier'],
session_identifier.replace('-', ''))
expected_start_time = shared_test_lib.CopyTimestampFromString(
session_start_time)
self.assertEqual(first_session['start_time'], expected_start_time)
parsers_counter = first_session['parsers_counter']
self.assertEqual(parsers_counter['total'], 3)
self.assertEqual(parsers_counter['filestat'], 3)
def testPrintStorageInformationAsText(self):
"""Tests the _PrintStorageInformationAsText function."""
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
test_filename = 'pinfo_test.json.plaso'
format_version = '20170707'
plaso_version = '20170819'
session_identifier = 'ec42c87f-79ce-4b8b-bd5c-686d78ef0486'
session_start_time = '2017-08-20T10:35:30.291759+00:00'
session_completion_time = '2017-08-20T10:35:31.088995+00:00'
command_line_arguments = (
'./tools/log2timeline.py --partition=all --quiet '
'pinfo_test.json.plaso test_data/tsk_volume_system.raw')
enabled_parser_names = ', '.join([
'android_app_usage', 'asl_log', 'bash', 'bencode',
'bencode/bencode_transmission', 'bencode/bencode_utorrent',
'binary_cookies', 'bsm_log', 'chrome_cache', 'chrome_preferences',
'cups_ipp', 'custom_destinations', 'dockerjson', 'dpkg', 'esedb',
'esedb/esedb_file_history', 'esedb/msie_webcache', 'filestat',
'firefox_cache', 'firefox_cache2', 'hachoir', 'java_idx', 'lnk',
'mac_appfirewall_log', 'mac_keychain', 'mac_securityd', 'mactime',
'macwifi', 'mcafee_protection', 'mft', 'msiecf', 'olecf',
'olecf/olecf_automatic_destinations', 'olecf/olecf_default',
'olecf/olecf_document_summary', 'olecf/olecf_summary', 'openxml',
'opera_global', 'opera_typed_history', 'pe', 'plist',
'plist/airport', 'plist/apple_id', 'plist/ipod_device',
'plist/macosx_bluetooth', 'plist/macosx_install_history',
'plist/macuser', 'plist/maxos_software_update',
'plist/plist_default', 'plist/safari_history', 'plist/spotlight',
'plist/spotlight_volume', 'plist/time_machine', 'pls_recall',
'popularity_contest', 'prefetch', 'recycle_bin',
'recycle_bin_info2', 'rplog', 'sccm', 'selinux', 'skydrive_log',
'skydrive_log_old', 'sqlite', 'sqlite/android_calls',
'sqlite/android_sms', 'sqlite/android_webview',
'sqlite/android_webviewcache', 'sqlite/appusage',
'sqlite/chrome_cookies', 'sqlite/chrome_extension_activity',
'sqlite/chrome_history', 'sqlite/firefox_cookies',
'sqlite/firefox_downloads', 'sqlite/firefox_history',
'sqlite/google_drive', 'sqlite/imessage', 'sqlite/kik_messenger',
'sqlite/ls_quarantine', 'sqlite/mac_document_versions',
'sqlite/mackeeper_cache', 'sqlite/skype', 'sqlite/twitter_ios',
'sqlite/zeitgeist', 'symantec_scanlog', 'syslog', 'syslog/cron',
'syslog/ssh', 'systemd_journal', 'usnjrnl', 'utmp', 'utmpx',
'winevt', 'winevtx', 'winfirewall', 'winiis', 'winjob', 'winreg',
'winreg/appcompatcache', 'winreg/bagmru', 'winreg/ccleaner',
'winreg/explorer_mountpoints2', 'winreg/explorer_programscache',
'winreg/microsoft_office_mru', 'winreg/microsoft_outlook_mru',
'winreg/mrulist_shell_item_list', 'winreg/mrulist_string',
'winreg/mrulistex_shell_item_list', 'winreg/mrulistex_string',
'winreg/mrulistex_string_and_shell_item',
'winreg/mrulistex_string_and_shell_item_list', 'winreg/msie_zone',
'winreg/mstsc_rdp', 'winreg/mstsc_rdp_mru',
'winreg/network_drives', 'winreg/userassist',
'winreg/windows_boot_execute', 'winreg/windows_boot_verify',
'winreg/windows_run', 'winreg/windows_sam_users',
'winreg/windows_services', 'winreg/windows_shutdown',
'winreg/windows_task_cache', 'winreg/windows_timezone',
'winreg/windows_typed_urls', 'winreg/windows_usb_devices',
'winreg/windows_usbstor_devices', 'winreg/windows_version',
'winreg/winlogon', 'winreg/winrar_mru', 'winreg/winreg_default',
'xchatlog', 'xchatscrollback', 'zsh_extended_history'
])
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI,
title='Plaso Storage Information')
table_view.AddRow(['Filename', test_filename])
table_view.AddRow(['Format version', format_version])
table_view.AddRow(['Serialization format', 'json'])
table_view.Write(output_writer)
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI, title='Sessions')
table_view.AddRow([session_identifier, session_start_time])
table_view.Write(output_writer)
title = 'Session: {0!s}'.format(session_identifier)
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI, title=title)
table_view.AddRow(['Start time', session_start_time])
table_view.AddRow(['Completion time', session_completion_time])
table_view.AddRow(['Product name', 'plaso'])
table_view.AddRow(['Product version', plaso_version])
table_view.AddRow(['Command line arguments', command_line_arguments])
table_view.AddRow(['Parser filter expression', 'N/A'])
table_view.AddRow(['Enabled parser and plugins', enabled_parser_names])
table_view.AddRow(['Preferred encoding', 'UTF-8'])
table_view.AddRow(['Debug mode', 'False'])
table_view.AddRow(['Filter file', 'N/A'])
table_view.Write(output_writer)
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI,
column_names=['Parser (plugin) name', 'Number of events'],
title='Events generated per parser')
table_view.AddRow(['filestat', '3'])
table_view.AddRow(['Total', '3'])
table_view.Write(output_writer)
expected_output = output_writer.ReadOutput()
expected_output = (b'{0:s}'
b'No errors stored.\n'
b'\n'
b'No analysis reports stored.\n'
b'\n').format(expected_output)
test_file = self._GetTestFilePath([test_filename])
options = test_lib.TestOptions()
options.storage_file = test_file
options.output_format = 'text'
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
output = output_writer.ReadOutput()
# Compare the output as list of lines which makes it easier to spot
# differences.
self.assertEqual(output.split(b'\n'), expected_output.split(b'\n'))
def testPrintStorageInformationAsText(self):
"""Tests the PrintStorageInformation function with text output format."""
test_filename = 'pinfo_test.plaso'
format_version = '20211121'
plaso_version = '20211106'
session_identifier = '17c2f64c-ff4c-493d-b79d-18f31deaf7d5'
session_start_time = '2021-11-21T16:57:49.936026+00:00'
session_completion_time = '2021-11-21T16:57:58.645043+00:00'
command_line_arguments = (
'./tools/log2timeline.py --partition=all --quiet '
'--storage-file pinfo_test.plaso test_data/tsk_volume_system.raw')
enabled_parser_names = ', '.join([
'android_app_usage', 'apache_access', 'apt_history', 'asl_log',
'bash_history', 'bencode', 'bencode/bencode_transmission',
'bencode/bencode_utorrent', 'binary_cookies', 'bsm_log',
'chrome_cache', 'chrome_preferences', 'cups_ipp',
'custom_destinations', 'czip', 'czip/oxml', 'dockerjson', 'dpkg',
'esedb', 'esedb/file_history', 'esedb/msie_webcache', 'esedb/srum',
'filestat', 'firefox_cache', 'firefox_cache2', 'fish_history',
'fseventsd', 'gdrive_synclog', 'googlelog', 'java_idx', 'lnk',
'locate_database', 'mac_appfirewall_log', 'mac_keychain',
'mac_securityd', 'mactime', 'macwifi', 'mcafee_protection', 'mft',
'msiecf', 'networkminer_fileinfo', 'olecf',
'olecf/olecf_automatic_destinations', 'olecf/olecf_default',
'olecf/olecf_document_summary', 'olecf/olecf_summary',
'opera_global', 'opera_typed_history', 'pe', 'plist',
'plist/airport', 'plist/apple_id', 'plist/ipod_device',
'plist/launchd_plist', 'plist/macos_software_update',
'plist/macosx_bluetooth', 'plist/macosx_install_history',
'plist/macuser', 'plist/plist_default', 'plist/safari_history',
'plist/spotlight', 'plist/spotlight_volume', 'plist/time_machine',
'pls_recall', 'popularity_contest', 'prefetch', 'recycle_bin',
'recycle_bin_info2', 'rplog', 'santa', 'sccm', 'selinux',
'setupapi', 'skydrive_log', 'skydrive_log_old', 'sophos_av',
'spotlight_storedb', 'sqlite', 'sqlite/android_calls',
'sqlite/android_sms', 'sqlite/android_webview',
'sqlite/android_webviewcache', 'sqlite/appusage',
'sqlite/chrome_17_cookies', 'sqlite/chrome_27_history',
'sqlite/chrome_66_cookies', 'sqlite/chrome_8_history',
'sqlite/chrome_autofill', 'sqlite/chrome_extension_activity',
'sqlite/firefox_cookies', 'sqlite/firefox_downloads',
'sqlite/firefox_history', 'sqlite/google_drive',
'sqlite/hangouts_messages', 'sqlite/imessage',
'sqlite/kik_messenger', 'sqlite/kodi', 'sqlite/ls_quarantine',
'sqlite/mac_document_versions', 'sqlite/mac_knowledgec',
'sqlite/mac_notes', 'sqlite/mac_notificationcenter',
'sqlite/mackeeper_cache', 'sqlite/macostcc',
'sqlite/safari_historydb', 'sqlite/skype',
'sqlite/tango_android_profile', 'sqlite/tango_android_tc',
'sqlite/twitter_android', 'sqlite/twitter_ios',
'sqlite/windows_eventtranscript', 'sqlite/windows_timeline',
'sqlite/zeitgeist', 'symantec_scanlog', 'syslog', 'syslog/cron',
'syslog/ssh', 'systemd_journal', 'trendmicro_url', 'trendmicro_vd',
'usnjrnl', 'utmp', 'utmpx', 'vsftpd', 'winevt', 'winevtx',
'winfirewall', 'winiis', 'winjob', 'winreg', 'winreg/amcache',
'winreg/appcompatcache', 'winreg/bagmru', 'winreg/bam',
'winreg/ccleaner', 'winreg/explorer_mountpoints2',
'winreg/explorer_programscache', 'winreg/microsoft_office_mru',
'winreg/microsoft_outlook_mru', 'winreg/mrulist_shell_item_list',
'winreg/mrulist_string', 'winreg/mrulistex_shell_item_list',
'winreg/mrulistex_string',
'winreg/mrulistex_string_and_shell_item',
'winreg/mrulistex_string_and_shell_item_list', 'winreg/msie_zone',
'winreg/mstsc_rdp', 'winreg/mstsc_rdp_mru',
'winreg/network_drives', 'winreg/networks', 'winreg/userassist',
'winreg/windows_boot_execute', 'winreg/windows_boot_verify',
'winreg/windows_run', 'winreg/windows_sam_users',
'winreg/windows_services', 'winreg/windows_shutdown',
'winreg/windows_task_cache', 'winreg/windows_timezone',
'winreg/windows_typed_urls', 'winreg/windows_usb_devices',
'winreg/windows_usbstor_devices', 'winreg/windows_version',
'winreg/winlogon', 'winreg/winrar_mru', 'winreg/winreg_default',
'xchatlog', 'xchatscrollback', 'zsh_extended_history'
])
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI,
title='Plaso Storage Information')
table_view.AddRow(['Filename', test_filename])
table_view.AddRow(['Format version', format_version])
table_view.AddRow(['Storage type', 'session'])
table_view.AddRow(['Serialization format', 'json'])
table_view.Write(output_writer)
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI, title='Sessions')
table_view.AddRow([session_identifier, session_start_time])
table_view.Write(output_writer)
title = 'Session: {0!s}'.format(session_identifier)
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI, title=title)
table_view.AddRow(['Start time', session_start_time])
table_view.AddRow(['Completion time', session_completion_time])
table_view.AddRow(['Product name', 'plaso'])
table_view.AddRow(['Product version', plaso_version])
table_view.AddRow(['Command line arguments', command_line_arguments])
table_view.AddRow(['Parser filter expression', 'N/A'])
table_view.AddRow(['Enabled parser and plugins', enabled_parser_names])
table_view.AddRow(['Preferred encoding', 'UTF-8'])
table_view.AddRow(['Debug mode', 'False'])
table_view.AddRow(['Artifact filters', 'N/A'])
table_view.AddRow(['Filter file', 'N/A'])
table_view.Write(output_writer)
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI,
column_names=['Parser (plugin) name', 'Number of events'],
title='Events generated per parser')
table_view.AddRow(['filestat', '3'])
table_view.AddRow(['Total', '3'])
table_view.Write(output_writer)
expected_output = output_writer.ReadOutput()
expected_output = ('{0:s}'
'\n'
'No events labels stored.\n'
'\n'
'No warnings stored.\n'
'\n'
'No analysis reports stored.\n'
'\n').format(expected_output)
test_file_path = self._GetTestFilePath([test_filename])
self._SkipIfPathNotExists(test_file_path)
options = test_lib.TestOptions()
options.storage_file = test_file_path
options.output_format = 'text'
options.sections = 'events,reports,sessions,warnings'
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
output = output_writer.ReadOutput()
# Compare the output as list of lines which makes it easier to spot
# differences.
self.assertEqual(output.split('\n'), expected_output.split('\n'))
