def _TestScanSourcePartitionedImage(self, test_file):
"""Tests the ScanSource function on the partitioned test image.
Args:
test_file: the path of the test file.
"""
test_front_end = frontend.ExtractionFrontend(self._input_reader,
self._output_writer)
options = test_lib.Options()
options.source = test_file
options.image_offset_bytes = 0x0002c000
test_front_end.ParseOptions(options)
test_front_end.ScanSource(options)
path_spec = test_front_end.GetSourcePathSpec()
self.assertNotEquals(path_spec, None)
self.assertEquals(path_spec.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_TSK)
# pylint: disable=protected-access
self.assertEquals(test_front_end._partition_offset, 180224)
options = test_lib.Options()
options.source = test_file
options.image_offset = 352
options.bytes_per_sector = 512
test_front_end.ParseOptions(options)
test_front_end.ScanSource(options)
path_spec = test_front_end.GetSourcePathSpec()
self.assertNotEquals(path_spec, None)
self.assertEquals(path_spec.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_TSK)
# pylint: disable=protected-access
self.assertEquals(test_front_end._partition_offset, 180224)
options = test_lib.Options()
options.source = test_file
options.partition_number = 2
test_front_end.ParseOptions(options)
test_front_end.ScanSource(options)
path_spec = test_front_end.GetSourcePathSpec()
self.assertNotEquals(path_spec, None)
self.assertEquals(path_spec.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_TSK)
# pylint: disable=protected-access
self.assertEquals(test_front_end._partition_offset, 180224)
def testGetStorageInformation(self):
"""Tests the get storage information function."""
test_front_end = log2timeline.Log2TimelineFrontend()
options = test_lib.Options()
options.source = self._GetTestFilePath(['image.dd'])
storage_file_path = os.path.join(self._temp_directory, 'plaso.db')
test_front_end.ParseOptions(options)
test_front_end.SetStorageFile(storage_file_path=storage_file_path)
test_front_end.SetRunForeman(run_foreman=False)
test_front_end.ProcessSource(options)
try:
storage_file = storage.StorageFile(storage_file_path,
read_only=True)
except IOError:
# This is not a storage file, we should fail.
self.assertTrue(False)
# Make sure we can read an event out of the storage.
event_object = storage_file.GetSortedEntry()
self.assertIsNotNone(event_object)
def testGetStorageInformation(self):
"""Tests the get storage information function."""
test_front_end = pinfo.PinfoFrontend()
options = test_lib.Options()
options.storage_file = os.path.join(self._TEST_DATA_PATH, 'psort_test.out')
test_front_end.ParseOptions(options)
storage_information_list = list(test_front_end.GetStorageInformation())
self.assertEquals(len(storage_information_list), 1)
lines_of_text = storage_information_list[0].split(u'\n')
expected_line_of_text = u'-' * 80
self.assertEquals(lines_of_text[0], expected_line_of_text)
self.assertEquals(lines_of_text[2], expected_line_of_text)
self.assertEquals(lines_of_text[1], u'\t\tPlaso Storage Information')
expected_line_of_text = u'Storage file:\t\t{0:s}'.format(
options.storage_file)
self.assertEquals(lines_of_text[3], expected_line_of_text)
self.assertEquals(lines_of_text[4], u'Source processed:\tsyslog')
expected_line_of_text = u'Time of processing:\t2014-02-15T04:33:16+00:00'
self.assertEquals(lines_of_text[5], expected_line_of_text)
self.assertEquals(lines_of_text[6], u'')
self.assertEquals(lines_of_text[7], u'Collection information:')
def testParseOptions(self):
"""Tests the parse options function."""
test_front_end = frontend.ExtractionFrontend(self._input_reader,
self._output_writer)
options = test_lib.Options()
with self.assertRaises(errors.BadConfigOption):
test_front_end.ParseOptions(options)
options.source = self._GetTestFilePath(['image.dd'])
test_front_end.ParseOptions(options)
def _TestScanSourceVssImage(self, test_file):
"""Tests the ScanSource function on the VSS test image.
Args:
test_file: the path of the test file.
"""
test_front_end = frontend.ExtractionFrontend(self._input_reader,
self._output_writer)
options = test_lib.Options()
options.source = test_file
options.vss_stores = '1,2'
test_front_end.ParseOptions(options)
test_front_end.ScanSource(options)
path_spec = test_front_end.GetSourcePathSpec()
self.assertNotEquals(path_spec, None)
self.assertEquals(path_spec.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_TSK)
# pylint: disable=protected-access
self.assertEquals(test_front_end._partition_offset, 0)
self.assertEquals(test_front_end._vss_stores, [1, 2])
options = test_lib.Options()
options.source = test_file
options.vss_stores = '1'
test_front_end.ParseOptions(options)
test_front_end.ScanSource(options)
path_spec = test_front_end.GetSourcePathSpec()
self.assertNotEquals(path_spec, None)
self.assertEquals(path_spec.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_TSK)
# pylint: disable=protected-access
self.assertEquals(test_front_end._partition_offset, 0)
self.assertEquals(test_front_end._vss_stores, [1])
def testOpenStorageFile(self):
"""Tests the open storage file function."""
test_front_end = frontend.AnalysisFrontend(self._input_reader,
self._output_writer)
options = test_lib.Options()
options.storage_file = self._GetTestFilePath(['psort_test.out'])
test_front_end.ParseOptions(options)
storage_file = test_front_end.OpenStorageFile()
self.assertIsInstance(storage_file, storage.StorageFile)
storage_file.Close()
def testRunAgainstKey(self):
"""Tests running the preg frontend against a Registry key."""
output_writer = StringIOOutputWriter()
test_front_end = preg.PregFrontend(output_writer)
options = test_lib.Options()
options.key = u'\\Microsoft\\Windows NT\\CurrentVersion'
options.regfile = self._GetTestFilePath(['SOFTWARE'])
options.verbose = False
test_front_end.ParseOptions(options, source_option='image')
test_front_end.RunModeRegistryKey(options, u'')
self.assertTrue(
u'Product name : Windows 7 Ultimate' in output_writer.GetValue())
def testRunPlugin(self):
"""Tests running the preg frontend against a plugin."""
output_writer = StringIOOutputWriter()
test_front_end = preg.PregFrontend(output_writer)
options = test_lib.Options()
options.regfile = self._GetTestFilePath(['NTUSER.DAT'])
options.verbose = False
test_front_end.ParseOptions(options, source_option='image')
test_front_end.RunModeRegistryPlugin(options, u'userassist')
self.assertTrue((
u'UEME_RUNPATH:C:\\Program Files\\Internet Explorer\\iexplore.exe : '
u'[Count: 1]') in output_writer.GetValue())
def testParseOptions(self):
"""Tests the parse options function."""
test_front_end = frontend.AnalysisFrontend(self._input_reader,
self._output_writer)
options = test_lib.Options()
with self.assertRaises(errors.BadConfigOption):
test_front_end.ParseOptions(options)
options.storage_file = self._GetTestFilePath(['no_such_file.out'])
with self.assertRaises(errors.BadConfigOption):
test_front_end.ParseOptions(options)
options.storage_file = self._GetTestFilePath(['psort_test.out'])
test_front_end.ParseOptions(options)
def testProcessSourceExtractWithExtensions(self):
"""Tests extract with extensions process source functionality."""
test_front_end = image_export.ImageExportFrontend()
options = test_lib.Options()
options.image = self._GetTestFilePath([u'image.qcow2'])
options.path = self._temp_directory
options.extension_string = u'txt'
test_front_end.ParseOptions(options, source_option='image')
test_front_end.ProcessSource(options)
expected_text_files = sorted([
os.path.join(self._temp_directory, u'passwords.txt')])
text_files = glob.glob(os.path.join(self._temp_directory, u'*'))
self.assertEquals(sorted(text_files), expected_text_files)
def _TestScanSourceDirectory(self, test_file):
"""Tests the ScanSource function on a directory.
Args:
test_file: the path of the test file.
"""
test_front_end = frontend.ExtractionFrontend(self._input_reader,
self._output_writer)
options = test_lib.Options()
options.source = test_file
test_front_end.ParseOptions(options)
test_front_end.ScanSource(options)
path_spec = test_front_end.GetSourcePathSpec()
self.assertNotEquals(path_spec, None)
self.assertEquals(path_spec.location, os.path.abspath(test_file))
self.assertEquals(path_spec.type_indicator,
dfvfs_definitions.TYPE_INDICATOR_OS)
# pylint: disable=protected-access
self.assertEquals(test_front_end._partition_offset, None)
def testProcessSourceExtractWithDateFilter(self):
"""Tests extract with file filter and date filter functionality."""
test_front_end = image_export.ImageExportFrontend()
options = test_lib.Options()
options.image = self._GetTestFilePath([u'image.qcow2'])
options.path = self._temp_directory
options.include_duplicates = True
options.filter = os.path.join(self._temp_directory, u'filter.txt')
with open(options.filter, 'wb') as file_object:
file_object.write('/a_directory/.+_file\n')
test_front_end.ParseOptions(options, source_option='image')
# Set the date filter.
filter_start = '2012-05-25 15:59:00'
filter_end = '2012-05-25 15:59:20'
date_filter_object = image_export.DateFilter()
date_filter_object.Add(
filter_start=filter_start, filter_end=filter_end,
filter_type='ctime')
image_export.FileSaver.SetDateFilter(date_filter_object)
test_front_end.ProcessSource(options)
expected_text_files = sorted([
os.path.join(self._temp_directory, u'a_directory', u'a_file')])
text_files = glob.glob(os.path.join(
self._temp_directory, u'a_directory', u'*'))
self.assertEquals(sorted(text_files), expected_text_files)
# We need to reset the date filter to not affect other tests.
# pylint: disable-msg=protected-access
# TODO: Remove this once filtering has been moved to the front end object.
image_export.FileSaver._date_filter = None
def testProcessSourceExtractWithFilter(self):
"""Tests extract with filter process source functionality."""
test_front_end = image_export.ImageExportFrontend()
options = test_lib.Options()
options.image = self._GetTestFilePath([u'image.qcow2'])
options.path = self._temp_directory
options.filter = os.path.join(self._temp_directory, u'filter.txt')
with open(options.filter, 'wb') as file_object:
file_object.write('/a_directory/.+_file\n')
test_front_end.ParseOptions(options, source_option='image')
test_front_end.ProcessSource(options)
expected_text_files = sorted([
os.path.join(self._temp_directory, u'a_directory', u'another_file'),
os.path.join(self._temp_directory, u'a_directory', u'a_file')])
text_files = glob.glob(os.path.join(
self._temp_directory, u'a_directory', u'*'))
self.assertEquals(sorted(text_files), expected_text_files)
