def testParseWithTimeZone(self): """Tests the Parse function with a time zone.""" parser = winjob.WinJobParser() storage_writer = self._ParseFile(['wintask.job'], parser, timezone='CET') self.assertEqual(storage_writer.number_of_events, 2) self.assertEqual(storage_writer.number_of_extraction_warnings, 0) self.assertEqual(storage_writer.number_of_recovery_warnings, 0) events = list(storage_writer.GetEvents()) expected_event_values = { 'application': ('C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe'), 'date_time': '2013-07-12 15:42:00', 'data_type': 'windows:tasks:job', 'parameters': '/ua /installsource scheduler', 'timestamp': '2013-07-12 13:42:00.000000', 'timestamp_desc': 'Scheduled to start', 'trigger_type': 1, 'username': '******' } self.CheckEventValues(storage_writer, events[1], expected_event_values)
def testParse(self): """Tests the Parse function.""" parser = winjob.WinJobParser() storage_writer = self._ParseFile(['wintask.job'], parser) self.assertEqual(storage_writer.number_of_events, 2) self.assertEqual(storage_writer.number_of_extraction_warnings, 0) self.assertEqual(storage_writer.number_of_recovery_warnings, 0) events = list(storage_writer.GetEvents()) expected_comment = ( 'Keeps your Google software up to date. If this task is disabled or ' 'stopped, your Google software will not be kept up to date, meaning ' 'security vulnerabilities that may arise cannot be fixed and features ' 'may not work. This task uninstalls itself when there is no Google ' 'software using it.') expected_event_values = { 'application': ('C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe'), 'date_time': '2013-08-24 12:42:00.112', 'data_type': 'windows:tasks:job', 'comment': expected_comment, 'parameters': '/ua /installsource scheduler', 'timestamp_desc': definitions.TIME_DESCRIPTION_LAST_RUN, 'username': '******' } self.CheckEventValues(storage_writer, events[0], expected_event_values) expected_event_values = { 'application': ('C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe'), 'date_time': '2013-07-12 15:42:00', 'data_type': 'windows:tasks:job', 'parameters': '/ua /installsource scheduler', 'timestamp_desc': 'Scheduled to start', 'trigger_type': 1, 'username': '******' } self.CheckEventValues(storage_writer, events[1], expected_event_values)
def testParse(self): """Tests the Parse function.""" parser_object = winjob.WinJobParser() test_file = self._GetTestFilePath([u'wintask.job']) event_queue_consumer = self._ParseFile(parser_object, test_file) event_objects = self._GetEventObjectsFromQueue(event_queue_consumer) self.assertEqual(len(event_objects), 2) event_object = event_objects[0] expected_application = ( u'C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe') self.assertEqual(event_object.application, expected_application) self.assertEqual(event_object.username, u'Brian') self.assertEqual(event_object.timestamp_desc, eventdata.EventTimestamp.LAST_RUNTIME) self.assertEqual(event_object.trigger, 1) expected_comment = ( u'Keeps your Google software up to date. If this task is disabled or ' u'stopped, your Google software will not be kept up to date, meaning ' u'security vulnerabilities that may arise cannot be fixed and ' u'features may not work. This task uninstalls itself when there is ' u'no Google software using it.') self.assertEqual(event_object.comment, expected_comment) expected_timestamp = timelib.Timestamp.CopyFromString( u'2013-08-24 12:42:00.112') self.assertEqual(event_object.timestamp, expected_timestamp) # Parse second event. Same metadata; different timestamp event. event_object = event_objects[1] self.assertEqual(event_object.timestamp_desc, u'Scheduled To Start') expected_timestamp = timelib.Timestamp.CopyFromString( u'2013-07-12 15:42:00') self.assertEqual(event_object.timestamp, expected_timestamp) expected_message = ( u'Application: {0:s} /ua /installsource scheduler ' u'Scheduled by: Brian ' u'Run Iteration: DAILY').format(expected_application) expected_short_message = ( u'Application: {0:s} /ua /insta...').format(expected_application) self._TestGetMessageStrings(event_object, expected_message, expected_short_message)
def testParse(self): """Tests the Parse function.""" parser = winjob.WinJobParser() storage_writer = self._ParseFile(['wintask.job'], parser) self.assertEqual(storage_writer.number_of_events, 2) events = list(storage_writer.GetEvents()) event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( '2013-08-24 12:42:00.112') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_RUN) expected_application = ( 'C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe') self.assertEqual(event.application, expected_application) self.assertEqual(event.username, 'Brian') expected_comment = ( 'Keeps your Google software up to date. If this task is disabled or ' 'stopped, your Google software will not be kept up to date, meaning ' 'security vulnerabilities that may arise cannot be fixed and ' 'features may not work. This task uninstalls itself when there is ' 'no Google software using it.') self.assertEqual(event.comment, expected_comment) # Parse second event. Same metadata; different timestamp event. event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( '2013-07-12 15:42:00') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.timestamp_desc, 'Scheduled to start') self.assertEqual(event.trigger_type, 1) expected_message = ('Application: {0:s} /ua /installsource scheduler ' 'Scheduled by: Brian ' 'Trigger type: DAILY').format(expected_application) expected_short_message = ( 'Application: {0:s} /ua /insta...').format(expected_application) self._TestGetMessageStrings(event, expected_message, expected_short_message)
def setUp(self): """Sets up the needed objects used throughout the test.""" self._parser = winjob.WinJobParser()
def setUp(self): """Sets up the needed objects used throughout the test.""" pre_obj = event.PreprocessObject() self._parser = winjob.WinJobParser(pre_obj)
def setUp(self): """Makes preparations before running an individual test.""" self._parser = winjob.WinJobParser()