def testOutput(self): """Tests the Output function.""" test_filename = os.path.join(u'test_data', u'psort_test.json.plaso') with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'pstorage.plaso') storage_file = storage_zip_file.StorageFile(test_filename, read_only=True) with storage_zip_file.ZIPStorageFileReader( storage_file) as storage_reader: output_mediator = self._CreateOutputMediator( storage_file=storage_file) output_module = pstorage.PlasoStorageOutputModule( output_mediator) output_module.SetFilePath(temp_file) with event_buffer.EventBuffer( output_module, check_dedups=False) as output_buffer: for event_object in storage_reader.GetEvents(): output_buffer.Append(event_object) original_zip_file = storage_zip_file.StorageFile(test_filename, read_only=True) pstorage_zip_file = storage_zip_file.StorageFile(temp_file, read_only=True) original_list = [] pstorage_list = [] event_object_original = original_zip_file.GetSortedEntry() event_object_pstorage = pstorage_zip_file.GetSortedEntry() while event_object_original: original_equality_string = event_object_original.EqualityString( ) pstorage_equality_string = event_object_pstorage.EqualityString( ) # Remove the UUID for comparision. original_equality_string, _, _ = original_equality_string.rpartition( u'|') pstorage_equality_string, _, _ = pstorage_equality_string.rpartition( u'|') original_list.append(original_equality_string) pstorage_list.append(pstorage_equality_string) event_object_original = original_zip_file.GetSortedEntry() event_object_pstorage = pstorage_zip_file.GetSortedEntry() self.assertFalse(event_object_pstorage) for original_str, dump_str in zip(sorted(original_list), sorted(pstorage_list)): self.assertEqual(original_str, dump_str)
def testOutput(self): """Testing if psort can output data.""" formatters_manager.FormattersManager.RegisterFormatter( PsortTestEventFormatter) events = [ PsortTestEvent(5134324321), PsortTestEvent(2134324321), PsortTestEvent(9134324321), PsortTestEvent(15134324321), PsortTestEvent(5134324322), PsortTestEvent(5134024321)] output_writer = cli_test_lib.TestOutputWriter() with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'plaso.db') storage_file = storage_zip_file.StorageFile(temp_file) storage_file.AddEventObjects(events) storage_file.Close() with storage_zip_file.StorageFile( temp_file, read_only=True) as storage_file: output_mediator_object = output_mediator.OutputMediator( self._formatter_mediator) output_mediator_object.SetStorageFile(storage_file) output_module = TestOutputModule(output_mediator_object) output_module.SetOutputWriter(output_writer) event_buffer = TestEventBuffer( output_module, check_dedups=False, store=storage_file) self._front_end.ProcessEventsFromStorage(storage_file, event_buffer) event_buffer.Flush() lines = [] output = output_writer.ReadOutput() for line in output.split(b'\n'): if line == b'.': continue if line: lines.append(line) # One more line than events (header row). self.assertEqual(len(lines), 7) self.assertTrue(b'My text goes along: My text dude. lines' in lines[2]) self.assertTrue(b'LOG/' in lines[2]) self.assertTrue(b'None in Particular' in lines[2]) self.assertEqual(lines[0], ( b'date,time,timezone,MACB,source,sourcetype,type,user,host,short,desc,' b'version,filename,inode,notes,format,extra')) formatters_manager.FormattersManager.DeregisterFormatter( PsortTestEventFormatter)
def testWriteStream(self): """Tests the _WriteStream function.""" with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'storage.plaso') storage_file = zip_file.StorageFile(temp_file) storage_file._WriteStream(u'bogus', b'test') storage_file.Close() storage_file = zip_file.StorageFile(temp_file, read_only=True) stream_data = storage_file._ReadStream(u'bogus') self.assertEqual(stream_data, b'test') storage_file.Close()
def testProcessSources(self): """Tests the ProcessSources function.""" test_front_end = extraction_frontend.ExtractionFrontend() test_file = self._GetTestFilePath([u'ímynd.dd']) volume_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file) path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_TSK, location=u'/', parent=volume_path_spec) source_type = dfvfs_definitions.SOURCE_TYPE_STORAGE_MEDIA_IMAGE with shared_test_lib.TempDirectory() as temp_directory: storage_file_path = os.path.join(temp_directory, u'plaso.db') test_front_end.SetStorageFile(storage_file_path=storage_file_path) test_front_end.ProcessSources([path_spec], source_type) try: storage_file = storage_zip_file.StorageFile( storage_file_path, read_only=True) except IOError: self.fail(u'Unable to open storage file after processing.') # Make sure we can read events from the storage. event_object = storage_file.GetSortedEntry() self.assertIsNotNone(event_object) self.assertGreaterEqual(event_object.data_type, u'fs:stat') self.assertGreaterEqual(event_object.filename, u'/lost+found')
def testProcessSourcesFilestat(self): """Test if the filestat and other parsers ran.""" options = cli_test_lib.TestOptions() options.quiet = True options.parsers = u'filestat,pe' options.single_process = True options.status_view_mode = u'none' options.source = self._GetTestFilePath([u'test_pe.exe']) with shared_test_lib.TempDirectory() as temp_directory: options.output = os.path.join(temp_directory, u'storage.plaso') self._test_tool.ParseOptions(options) self._test_tool.ProcessSources() try: storage_file = storage_zip_file.StorageFile(options.output, read_only=True) except IOError as exception: self.fail(( u'Unable to open storage file after processing with error: ' u'{0:s}.').format(exception)) event_objects = [] event_object = storage_file.GetSortedEntry() while event_object: event_objects.append(event_objects) event_object = storage_file.GetSortedEntry() # There should be 3 filestat and 3 pe parser generated events. self.assertEquals(len(event_objects), 6)
def testRun(self): """Tests the Run function.""" test_file = self._GetTestFilePath([u'storage.json.plaso']) storage_object = storage_zip_file.StorageFile( test_file, read_only=True) test_path_spec_queue = single_process.SingleProcessQueue() test_collector = engine.PathSpecQueueProducer( test_path_spec_queue, storage_object) test_collector.Run() test_collector_queue_consumer = TestPathSpecQueueConsumer( test_path_spec_queue) test_collector_queue_consumer.ConsumeItems() self.assertEqual(test_collector_queue_consumer.number_of_path_specs, 2) expected_path_specs = [ u'type: OS, location: /tmp/test/test_data/syslog\n', u'type: OS, location: /tmp/test/test_data/syslog\n'] path_specs = [] for path_spec_object in test_collector_queue_consumer.path_specs: path_specs.append(path_spec_object.comparable) self.assertEqual(sorted(path_specs), sorted(expected_path_specs))
def testHasAnalysisReports(self): """Tests the HasAnalysisReports function.""" test_file = self._GetTestFilePath([u'psort_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) has_reports = storage_file.HasAnalysisReports() self.assertTrue(has_reports) storage_file.Close() test_file = self._GetTestFilePath([u'pinfo_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) has_reports = storage_file.HasAnalysisReports() self.assertFalse(has_reports) storage_file.Close()
def testHasReports(self): """Tests the HasReports function.""" test_file = self._GetTestFilePath([u'psort_test.proto.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) self.assertFalse(storage_file.HasReports()) storage_file.Close()
def testGetSerializedEventObjectStream(self): """Tests the _GetSerializedEventObjectStream function.""" test_file = self._GetTestFilePath([u'psort_test.proto.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) data_stream = storage_file._GetSerializedEventObjectStream(3) self.assertIsNotNone(data_stream) storage_file.Close()
def testGetSerializedEventObjectOffsetTable(self): """Tests the _GetSerializedEventObjectOffsetTable function.""" test_file = self._GetTestFilePath([u'psort_test.proto.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) offset_table = storage_file._GetSerializedEventObjectOffsetTable(3) self.assertIsNotNone(offset_table) storage_file.Close()
def testHasStream(self): """Tests the _HasStream function.""" test_file = self._GetTestFilePath([u'psort_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) self.assertTrue(storage_file._HasStream(u'plaso_timestamps.000002')) self.assertFalse(storage_file._HasStream(u'bogus')) storage_file.Close()
def testHasEventTags(self): """Tests the HasEventTags function.""" test_file = self._GetTestFilePath([u'psort_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) self.assertFalse(storage_file.HasEventTags()) storage_file.Close() with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'storage.plaso') self._CreateTestStorageFileWithTags(temp_file) storage_file = zip_file.StorageFile(temp_file, read_only=True) self.assertTrue(storage_file.HasEventTags()) storage_file.Close()
def testGetStorageInformation(self): """Tests the GetStorageInformation function.""" test_file = self._GetTestFilePath([u'psort_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) storage_information = storage_file.GetStorageInformation() self.assertEqual(len(storage_information), 2) storage_file.Close()
def testGetStreamNames(self): """Tests the _GetStreamNames function.""" test_file = self._GetTestFilePath([u'psort_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) stream_names = list(storage_file._GetStreamNames()) self.assertEqual(len(stream_names), 11) storage_file.Close()
def testGetSerializedEventTimestampTable(self): """Tests the _GetSerializedEventTimestampTable function.""" test_file = self._GetTestFilePath([u'psort_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) timestamp_table = storage_file._GetSerializedEventTimestampTable(2) self.assertIsNotNone(timestamp_table) storage_file.Close()
def testGetSerializedEventStreamNumbers(self): """Tests the _GetSerializedEventStreamNumbers function.""" test_file = self._GetTestFilePath([u'psort_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) stream_numbers = storage_file._GetSerializedEventStreamNumbers() self.assertEqual(len(stream_numbers), 2) storage_file.Close()
def testOutput(self): """Tests the Output function.""" with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'pstorage.plaso') # Copy events to pstorage dump. storage_file = storage_zip_file.StorageFile(self._test_filename, read_only=True) with storage_zip_file.ZIPStorageFileReader( storage_file) as storage_reader: output_mediator = self._CreateOutputMediator( storage_file=storage_file) output_module = pstorage.PlasoStorageOutputModule( output_mediator) output_module.SetFilePath(temp_file) with event_buffer.EventBuffer( output_module, check_dedups=False) as output_buffer: for event_object in storage_reader.GetEvents(): output_buffer.Append(event_object) # Make sure original and dump have the same events. original = storage_zip_file.StorageFile(self._test_filename, read_only=True) dump = storage_zip_file.StorageFile(temp_file, read_only=True) event_object_original = original.GetSortedEntry() event_object_dump = dump.GetSortedEntry() original_list = [] dump_list = [] while event_object_original: original_list.append(event_object_original.EqualityString()) dump_list.append(event_object_dump.EqualityString()) event_object_original = original.GetSortedEntry() event_object_dump = dump.GetSortedEntry() self.assertFalse(event_object_dump) for original_str, dump_str in zip(sorted(original_list), sorted(dump_list)): self.assertEqual(original_str, dump_str)
def testGetAnalysisReports(self): """Tests the GetAnalysisReports function.""" test_file = self._GetTestFilePath([u'psort_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) analysis_reports = list(storage_file.GetAnalysisReports()) self.assertEqual(len(analysis_reports), 2) storage_file.Close() test_file = self._GetTestFilePath([u'pinfo_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) analysis_reports = list(storage_file.GetAnalysisReports()) self.assertEqual(len(analysis_reports), 0) storage_file.Close()
def _Open(self): """Opens the storage writer.""" self._storage_file = storage_zip_file.StorageFile( self._output_file, buffer_size=self._buffer_size, pre_obj=self._pre_obj, serializer_format=self._serializer_format) self._storage_file.SetEnableProfiling( self._enable_profiling, profiling_type=self._profiling_type)
def testGetEventSources(self): """Tests the GetEventSources function.""" test_file = self._GetTestFilePath([u'psort_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) event_sources = list(storage_file.GetEventSources()) self.assertEqual(len(event_sources), 0) storage_file.Close() test_file = self._GetTestFilePath([u'pinfo_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) event_sources = list(storage_file.GetEventSources()) self.assertEqual(len(event_sources), 0) storage_file.Close()
def testAddEventObjects(self): """Tests the AddEventObjects function.""" test_event_objects = test_lib.CreateTestEventObjects() with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'plaso.db') storage_file = zip_file.StorageFile(temp_file) storage_file.AddEventObjects(test_event_objects) storage_file.Close()
def testWritePreprocessObject(self): """Tests the WritePreprocessObject function.""" preprocessing_object = event.PreprocessObject() with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'storage.plaso') storage_file = zip_file.StorageFile(temp_file) storage_file.WritePreprocessObject(preprocessing_object) storage_file.Close()
def testGetSerializedEventSourceStream(self): """Tests the _GetSerializedEventSourceStream function.""" test_file = self._GetTestFilePath([u'psort_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) # TODO: add positive test. with self.assertRaises(IOError): storage_file._GetSerializedEventSourceStream(99) storage_file.Close()
def testGetSerializedEventStream(self): """Tests the _GetSerializedEventStream function.""" test_file = self._GetTestFilePath([u'psort_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) data_stream = storage_file._GetSerializedEventStream(2) self.assertIsNotNone(data_stream) with self.assertRaises(IOError): storage_file._GetSerializedEventStream(99) storage_file.Close()
def testStoreReport(self): """Tests the StoreReport function.""" analysis_report = reports.AnalysisReport( plugin_name=u'test', text=u'test report') with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'storage.plaso') storage_file = zip_file.StorageFile(temp_file) storage_file.StoreReport(analysis_report) storage_file.Close()
def testOpenStream(self): """Tests the _OpenStream function.""" test_file = self._GetTestFilePath([u'psort_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) file_object = storage_file._OpenStream(u'plaso_timestamps.000002') self.assertIsNotNone(file_object) file_object = storage_file._OpenStream(u'bogus') self.assertIsNone(file_object) storage_file.Close()
def testReadStream(self): """Tests the _ReadStream function.""" test_file = self._GetTestFilePath([u'psort_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) stream_data = storage_file._ReadStream(u'plaso_timestamps.000002') self.assertNotEqual(stream_data, b'') stream_data = storage_file._ReadStream(u'bogus') self.assertEqual(stream_data, b'') storage_file.Close()
def testGetSerializedEventOffsetTable(self): """Tests the _GetSerializedEventOffsetTable function.""" test_file = self._GetTestFilePath([u'psort_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) offset_table = storage_file._GetSerializedEventOffsetTable(2) self.assertIsNotNone(offset_table) with self.assertRaises(IOError): storage_file._GetSerializedEventOffsetTable(99) storage_file.Close()
def testAddEventObject(self): """Tests the AddEventObject function.""" event_objects = test_lib.CreateTestEventObjects() with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'storage.plaso') storage_file = zip_file.StorageFile(temp_file) for event_object in event_objects: storage_file.AddEventObject(event_object) storage_file.Close()
def testGetSortedEntry(self): """Tests the GetSortedEntry function.""" test_file = self._GetTestFilePath([u'psort_test.json.plaso']) storage_file = zip_file.StorageFile(test_file, read_only=True) expected_timestamp = 1453449153000000 event_object = storage_file.GetSortedEntry() self.assertEqual(event_object.timestamp, expected_timestamp) # Test lower bound time range filter. test_time_range = time_range.TimeRange( timelib.Timestamp.CopyFromString(u'2016-04-30 06:41:49'), timelib.Timestamp.CopyFromString(u'2030-12-31 23:59:59')) storage_file.Close() storage_file = zip_file.StorageFile(test_file, read_only=True) expected_timestamp = 1462105168000000 event_object = storage_file.GetSortedEntry(time_range=test_time_range) self.assertEqual(event_object.timestamp, expected_timestamp) # Test upper bound time range filter. test_time_range = time_range.TimeRange( timelib.Timestamp.CopyFromString(u'2000-01-01 00:00:00'), timelib.Timestamp.CopyFromString(u'2016-04-30 06:41:49')) storage_file.Close() storage_file = zip_file.StorageFile(test_file, read_only=True) expected_timestamp = 1453449153000000 event_object = storage_file.GetSortedEntry(time_range=test_time_range) self.assertEqual(event_object.timestamp, expected_timestamp) storage_file.Close()