def testPrintStorageInformationAsText(self): """Tests the PrintStorageInformation function with text output format.""" test_filename = 'pinfo_test.plaso' format_version = '20210621' plaso_version = '20210606' session_identifier = '678d3612-feac-4de7-b929-0bd3260a9365' session_start_time = '2021-06-23T07:42:30.094310Z' session_completion_time = '2021-06-23T07:42:39.183687Z' command_line_arguments = ( './tools/log2timeline.py --partition=all --quiet ' '--storage-file pinfo_test.plaso test_data/tsk_volume_system.raw') enabled_parser_names = ', '.join([ 'android_app_usage', 'apache_access', 'apt_history', 'asl_log', 'bash_history', 'bencode', 'bencode/bencode_transmission', 'bencode/bencode_utorrent', 'binary_cookies', 'bsm_log', 'chrome_cache', 'chrome_preferences', 'cups_ipp', 'custom_destinations', 'czip', 'czip/oxml', 'dockerjson', 'dpkg', 'esedb', 'esedb/file_history', 'esedb/msie_webcache', 'esedb/srum', 'filestat', 'firefox_cache', 'firefox_cache2', 'fseventsd', 'gdrive_synclog', 'googlelog', 'java_idx', 'lnk', 'mac_appfirewall_log', 'mac_keychain', 'mac_securityd', 'mactime', 'macwifi', 'mcafee_protection', 'mft', 'msiecf', 'networkminer_fileinfo', 'olecf', 'olecf/olecf_automatic_destinations', 'olecf/olecf_default', 'olecf/olecf_document_summary', 'olecf/olecf_summary', 'opera_global', 'opera_typed_history', 'pe', 'plist', 'plist/airport', 'plist/apple_id', 'plist/ipod_device', 'plist/launchd_plist', 'plist/macos_software_update', 'plist/macosx_bluetooth', 'plist/macosx_install_history', 'plist/macuser', 'plist/plist_default', 'plist/safari_history', 'plist/spotlight', 'plist/spotlight_volume', 'plist/time_machine', 'pls_recall', 'popularity_contest', 'prefetch', 'recycle_bin', 'recycle_bin_info2', 'rplog', 'santa', 'sccm', 'selinux', 'setupapi', 'skydrive_log', 'skydrive_log_old', 'sophos_av', 'spotlight_storedb', 'sqlite', 'sqlite/android_calls', 'sqlite/android_sms', 'sqlite/android_webview', 'sqlite/android_webviewcache', 'sqlite/appusage', 'sqlite/chrome_17_cookies', 'sqlite/chrome_27_history', 'sqlite/chrome_66_cookies', 'sqlite/chrome_8_history', 'sqlite/chrome_autofill', 'sqlite/chrome_extension_activity', 'sqlite/firefox_cookies', 'sqlite/firefox_downloads', 'sqlite/firefox_history', 'sqlite/google_drive', 'sqlite/hangouts_messages', 'sqlite/imessage', 'sqlite/kik_messenger', 'sqlite/kodi', 'sqlite/ls_quarantine', 'sqlite/mac_document_versions', 'sqlite/mac_knowledgec', 'sqlite/mac_notes', 'sqlite/mac_notificationcenter', 'sqlite/mackeeper_cache', 'sqlite/macostcc', 'sqlite/safari_historydb', 'sqlite/skype', 'sqlite/tango_android_profile', 'sqlite/tango_android_tc', 'sqlite/twitter_android', 'sqlite/twitter_ios', 'sqlite/windows_timeline', 'sqlite/zeitgeist', 'symantec_scanlog', 'syslog', 'syslog/cron', 'syslog/ssh', 'systemd_journal', 'trendmicro_url', 'trendmicro_vd', 'usnjrnl', 'utmp', 'utmpx', 'vsftpd', 'winevt', 'winevtx', 'winfirewall', 'winiis', 'winjob', 'winreg', 'winreg/amcache', 'winreg/appcompatcache', 'winreg/bagmru', 'winreg/bam', 'winreg/ccleaner', 'winreg/explorer_mountpoints2', 'winreg/explorer_programscache', 'winreg/microsoft_office_mru', 'winreg/microsoft_outlook_mru', 'winreg/mrulist_shell_item_list', 'winreg/mrulist_string', 'winreg/mrulistex_shell_item_list', 'winreg/mrulistex_string', 'winreg/mrulistex_string_and_shell_item', 'winreg/mrulistex_string_and_shell_item_list', 'winreg/msie_zone', 'winreg/mstsc_rdp', 'winreg/mstsc_rdp_mru', 'winreg/network_drives', 'winreg/networks', 'winreg/userassist', 'winreg/windows_boot_execute', 'winreg/windows_boot_verify', 'winreg/windows_run', 'winreg/windows_sam_users', 'winreg/windows_services', 'winreg/windows_shutdown', 'winreg/windows_task_cache', 'winreg/windows_timezone', 'winreg/windows_typed_urls', 'winreg/windows_usb_devices', 'winreg/windows_usbstor_devices', 'winreg/windows_version', 'winreg/winlogon', 'winreg/winrar_mru', 'winreg/winreg_default', 'xchatlog', 'xchatscrollback', 'zsh_extended_history' ]) output_writer = test_lib.TestOutputWriter(encoding='utf-8') table_view = cli_views.ViewsFactory.GetTableView( cli_views.ViewsFactory.FORMAT_TYPE_CLI, title='Plaso Storage Information') table_view.AddRow(['Filename', test_filename]) table_view.AddRow(['Format version', format_version]) table_view.AddRow(['Storage type', 'session']) table_view.AddRow(['Serialization format', 'json']) table_view.Write(output_writer) table_view = cli_views.ViewsFactory.GetTableView( cli_views.ViewsFactory.FORMAT_TYPE_CLI, title='Sessions') table_view.AddRow([session_identifier, session_start_time]) table_view.Write(output_writer) title = 'Session: {0!s}'.format(session_identifier) table_view = cli_views.ViewsFactory.GetTableView( cli_views.ViewsFactory.FORMAT_TYPE_CLI, title=title) table_view.AddRow(['Start time', session_start_time]) table_view.AddRow(['Completion time', session_completion_time]) table_view.AddRow(['Product name', 'plaso']) table_view.AddRow(['Product version', plaso_version]) table_view.AddRow(['Command line arguments', command_line_arguments]) table_view.AddRow(['Parser filter expression', 'N/A']) table_view.AddRow(['Enabled parser and plugins', enabled_parser_names]) table_view.AddRow(['Preferred encoding', 'UTF-8']) table_view.AddRow(['Debug mode', 'False']) table_view.AddRow(['Artifact filters', 'N/A']) table_view.AddRow(['Filter file', 'N/A']) table_view.Write(output_writer) table_view = cli_views.ViewsFactory.GetTableView( cli_views.ViewsFactory.FORMAT_TYPE_CLI, column_names=['Parser (plugin) name', 'Number of events'], title='Events generated per parser') table_view.AddRow(['filestat', '3']) table_view.AddRow(['Total', '3']) table_view.Write(output_writer) expected_output = output_writer.ReadOutput() expected_output = ('{0:s}' '\n' 'No events labels stored.\n' '\n' 'No warnings stored.\n' '\n' 'No analysis reports stored.\n' '\n').format(expected_output) test_file_path = self._GetTestFilePath([test_filename]) self._SkipIfPathNotExists(test_file_path) options = test_lib.TestOptions() options.storage_file = test_file_path options.output_format = 'text' options.sections = 'events,reports,sessions,warnings' test_tool = pinfo_tool.PinfoTool(output_writer=output_writer) test_tool.ParseOptions(options) test_tool.PrintStorageInformation() output = output_writer.ReadOutput() # Compare the output as list of lines which makes it easier to spot # differences. self.assertEqual(output.split('\n'), expected_output.split('\n'))
def testOutput(self): """Testing if psort can output data.""" formatters_manager.FormattersManager.RegisterFormatter( PsortTestEventFormatter) event_objects = [ PsortTestEvent(5134324321), PsortTestEvent(2134324321), PsortTestEvent(9134324321), PsortTestEvent(15134324321), PsortTestEvent(5134324322), PsortTestEvent(5134024321) ] output_writer = cli_test_lib.TestOutputWriter() with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, u'storage.plaso') storage_file = storage_zip_file.StorageFile(temp_file) for event_object in event_objects: storage_file.AddEventObject(event_object) storage_file.Close() storage_file = storage_zip_file.StorageFile(temp_file, read_only=True) with storage_zip_file.ZIPStorageFileReader( storage_file) as storage_reader: output_mediator_object = output_mediator.OutputMediator( self._formatter_mediator) output_mediator_object.SetStorageFile(storage_file) output_module = TestOutputModule(output_mediator_object) output_module.SetOutputWriter(output_writer) event_buffer = TestEventBuffer(output_module, check_dedups=False, store=storage_file) self._front_end.ProcessEventsFromStorage( storage_reader, event_buffer) event_buffer.Flush() lines = [] output = output_writer.ReadOutput() for line in output.split(b'\n'): if line == b'.': continue if line: lines.append(line) # One more line than events (header row). self.assertEqual(len(lines), 7) self.assertTrue(b'My text goes along: My text dude. lines' in lines[2]) self.assertTrue(b'LOG/' in lines[2]) self.assertTrue(b'None in Particular' in lines[2]) self.assertEqual(lines[0], ( b'date,time,timezone,MACB,source,sourcetype,type,user,host,short,desc,' b'version,filename,inode,notes,format,extra')) formatters_manager.FormattersManager.DeregisterFormatter( PsortTestEventFormatter)
def setUp(self): """Sets up the needed objects used throughout the test.""" self._output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8') self._test_tool = preg.PregTool(output_writer=self._output_writer)
def setUp(self): """Makes preparations before running an individual test.""" output_mediator = self._CreateOutputMediator() self._output_writer = cli_test_lib.TestOutputWriter() self._output_module = l2t_csv.L2TCSVOutputModule(output_mediator) self._output_module.SetOutputWriter(self._output_writer)
def testPrintExtractionStatusUpdateWindow(self): """Tests the _PrintExtractionStatusUpdateWindow function.""" output_writer = test_lib.TestOutputWriter() test_view = status_view.StatusView(output_writer, u'test_tool') test_view.SetSourceInformation(u'/test/source/path', dfvfs_definitions.SOURCE_TYPE_DIRECTORY) process_status = processing_status.ProcessingStatus() process_status.UpdateForemanStatus(u'f_identifier', u'f_status', 123, 0, u'f_test_file', 1, 29, 3, 456, 5, 6, 7, 8, 9, 10) test_view._PrintExtractionStatusUpdateWindow(process_status) string = output_writer.ReadOutput() table_header = (b'Identifier ' b'PID ' b'Status ' b'Memory ' b'Sources ' b'Events ' b'File') if not sys.platform.startswith(u'win'): table_header = b'\x1b[1m{0:s}\x1b[0m'.format(table_header) expected_lines = [ b'plaso - test_tool version {0:s}'.format(plaso.__version__), b'', b'Source path\t: /test/source/path', b'Source type\t: directory', b'', table_header, (b'f_identifier ' b'123 ' b'f_status ' b'0 B ' b'29 (29) ' b'456 (456) ' b'f_test_file'), b'', b'' ] self.assertEqual(string.split(b'\n'), expected_lines) process_status.UpdateWorkerStatus(u'w_identifier', u'w_status', 123, 0, u'w_test_file', 1, 2, 3, 4, 5, 6, 7, 8, 9, 10) test_view._PrintExtractionStatusUpdateWindow(process_status) string = output_writer.ReadOutput() expected_lines = [ b'plaso - test_tool version {0:s}'.format(plaso.__version__), b'', b'Source path\t: /test/source/path', b'Source type\t: directory', b'', table_header, (b'f_identifier ' b'123 ' b'f_status ' b'0 B ' b'29 (29) ' b'456 (456) ' b'f_test_file'), (b'w_identifier ' b'123 ' b'w_status ' b'0 B ' b'2 (2) ' b'4 (4) ' b'w_test_file'), b'', b'' ] self.assertEqual(string.split(b'\n'), expected_lines)
def testPrintExtractionStatusUpdateWindow(self): """Tests the _PrintExtractionStatusUpdateWindow function.""" output_writer = test_lib.TestOutputWriter() test_view = status_view.StatusView(output_writer, 'test_tool') test_view.SetSourceInformation('/test/source/path', dfvfs_definitions.SOURCE_TYPE_DIRECTORY) process_status = processing_status.ProcessingStatus() process_status.UpdateForemanStatus('f_identifier', 'f_status', 123, 0, 'f_test_file', 1, 29, 3, 456, 5, 6, 9, 10) test_view._PrintExtractionStatusUpdateWindow(process_status) table_header = ('Identifier ' 'PID ' 'Status ' 'Memory ' 'Sources ' 'Events ' 'File') if not sys.platform.startswith('win'): table_header = '\x1b[1m{0:s}\x1b[0m'.format(table_header) expected_output = [ 'plaso - test_tool version {0:s}'.format(plaso.__version__), '', 'Source path\t\t: /test/source/path', 'Source type\t\t: directory', 'Processing time\t\t: 00:00:00', '', table_header, ('f_identifier ' '123 ' 'f_status ' '0 B ' '29 (29) ' '456 (456) ' 'f_test_file'), '', '' ] output = output_writer.ReadOutput() self._CheckOutput(output, expected_output) process_status.UpdateWorkerStatus('w_identifier', 'w_status', 123, 0, 'w_test_file', 1, 2, 3, 4, 5, 6, 9, 10) test_view._PrintExtractionStatusUpdateWindow(process_status) expected_output = [ 'plaso - test_tool version {0:s}'.format(plaso.__version__), '', 'Source path\t\t: /test/source/path', 'Source type\t\t: directory', 'Processing time\t\t: 00:00:00', '', table_header, ('f_identifier ' '123 ' 'f_status ' '0 B ' '29 (29) ' '456 (456) ' 'f_test_file'), ('w_identifier ' '123 ' 'w_status ' '0 B ' '2 (2) ' '4 (4) ' 'w_test_file'), '', '' ] output = output_writer.ReadOutput() self._CheckOutput(output, expected_output)
def testPrintStorageInformation(self): """Tests the PrintStorageInformation function.""" output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8') test_tool = pinfo.PinfoTool(output_writer=output_writer) test_filename = u'pinfo_test.json.plaso' format_version = u'20160715' plaso_version = u'1.5.1_20161013' session_identifier = u'3c552fe3-4e64-4871-8a7f-0f4c95dfc1fe' session_start_time = u'2016-10-16T15:13:58.171984+00:00' session_completion_time = u'2016-10-16T15:13:58.957462+00:00' command_line_arguments = ( u'./tools/log2timeline.py --partition=all --quiet ' u'pinfo_test.json.plaso test_data/tsk_volume_system.raw') enabled_parser_names = u', '.join([ u'android_app_usage', u'asl_log', u'bencode', u'bencode/bencode_transmission', u'bencode/bencode_utorrent', u'binary_cookies', u'bsm_log', u'chrome_cache', u'chrome_preferences', u'cups_ipp', u'custom_destinations', u'dockerjson', u'dpkg', u'esedb', u'esedb/esedb_file_history', u'esedb/msie_webcache', u'filestat', u'firefox_cache', u'firefox_cache2', u'hachoir', u'java_idx', u'lnk', u'mac_appfirewall_log', u'mac_keychain', u'mac_securityd', u'mactime', u'macwifi', u'mcafee_protection', u'mft', u'msiecf', u'olecf', u'olecf/olecf_automatic_destinations', u'olecf/olecf_default', u'olecf/olecf_document_summary', u'olecf/olecf_summary', u'openxml', u'opera_global', u'opera_typed_history', u'pe', u'plist', u'plist/airport', u'plist/apple_id', u'plist/ipod_device', u'plist/macosx_bluetooth', u'plist/macosx_install_history', u'plist/macuser', u'plist/maxos_software_update', u'plist/plist_default', u'plist/safari_history', u'plist/spotlight', u'plist/spotlight_volume', u'plist/time_machine', u'pls_recall', u'popularity_contest', u'prefetch', u'recycle_bin', u'recycle_bin_info2', u'rplog', u'sccm', u'selinux', u'skydrive_log', u'skydrive_log_old', u'sqlite', u'sqlite/android_calls', u'sqlite/android_sms', u'sqlite/appusage', u'sqlite/chrome_cookies', u'sqlite/chrome_extension_activity', u'sqlite/chrome_history', u'sqlite/firefox_cookies', u'sqlite/firefox_downloads', u'sqlite/firefox_history', u'sqlite/google_drive', u'sqlite/imessage', u'sqlite/kik_messenger', u'sqlite/ls_quarantine', u'sqlite/mac_document_versions', u'sqlite/mackeeper_cache', u'sqlite/skype', u'sqlite/twitter_ios', u'sqlite/zeitgeist', u'symantec_scanlog', u'syslog', u'syslog/cron', u'syslog/ssh', u'usnjrnl', u'utmp', u'utmpx', u'winevt', u'winevtx', u'winfirewall', u'winiis', u'winjob', u'winreg', u'winreg/appcompatcache', u'winreg/bagmru', u'winreg/ccleaner', u'winreg/explorer_mountpoints2', u'winreg/explorer_programscache', u'winreg/microsoft_office_mru', u'winreg/microsoft_outlook_mru', u'winreg/mrulist_shell_item_list', u'winreg/mrulist_string', u'winreg/mrulistex_shell_item_list', u'winreg/mrulistex_string', u'winreg/mrulistex_string_and_shell_item', u'winreg/mrulistex_string_and_shell_item_list', u'winreg/msie_zone', u'winreg/mstsc_rdp', u'winreg/mstsc_rdp_mru', u'winreg/network_drives', u'winreg/userassist', u'winreg/windows_boot_execute', u'winreg/windows_boot_verify', u'winreg/windows_run', u'winreg/windows_sam_users', u'winreg/windows_services', u'winreg/windows_shutdown', u'winreg/windows_task_cache', u'winreg/windows_timezone', u'winreg/windows_typed_urls', u'winreg/windows_usb_devices', u'winreg/windows_usbstor_devices', u'winreg/windows_version', u'winreg/winlogon', u'winreg/winrar_mru', u'winreg/winreg_default', u'xchatlog', u'xchatscrollback' ]) table_view = cli_views.ViewsFactory.GetTableView( cli_views.ViewsFactory.FORMAT_TYPE_CLI, title=u'Plaso Storage Information') table_view.AddRow([u'Filename', test_filename]) table_view.AddRow([u'Format version', format_version]) table_view.AddRow([u'Serialization format', u'json']) table_view.Write(output_writer) table_view = cli_views.ViewsFactory.GetTableView( cli_views.ViewsFactory.FORMAT_TYPE_CLI, title=u'Sessions') table_view.AddRow([session_identifier, session_start_time]) table_view.Write(output_writer) title = u'Session: {0!s}'.format(session_identifier) table_view = cli_views.ViewsFactory.GetTableView( cli_views.ViewsFactory.FORMAT_TYPE_CLI, title=title) table_view.AddRow([u'Start time', session_start_time]) table_view.AddRow([u'Completion time', session_completion_time]) table_view.AddRow([u'Product name', u'plaso']) table_view.AddRow([u'Product version', plaso_version]) table_view.AddRow([u'Command line arguments', command_line_arguments]) table_view.AddRow([u'Parser filter expression', u'N/A']) table_view.AddRow( [u'Enabled parser and plugins', enabled_parser_names]) table_view.AddRow([u'Preferred encoding', u'UTF-8']) table_view.AddRow([u'Debug mode', u'False']) table_view.AddRow([u'Filter file', u'N/A']) table_view.AddRow([u'Filter expression', u'N/A']) table_view.Write(output_writer) table_view = cli_views.ViewsFactory.GetTableView( cli_views.ViewsFactory.FORMAT_TYPE_CLI, column_names=[u'Parser (plugin) name', u'Number of events'], title=u'Events generated per parser') table_view.AddRow([u'filestat', u'3']) table_view.AddRow([u'Total', u'3']) table_view.Write(output_writer) expected_output = output_writer.ReadOutput() expected_output = (b'{0:s}' b'No errors stored.\n' b'\n' b'No analysis reports stored.\n' b'\n').format(expected_output) test_file = self._GetTestFilePath([test_filename]) options = cli_test_lib.TestOptions() options.storage_file = test_file test_tool.ParseOptions(options) test_tool.PrintStorageInformation() output = output_writer.ReadOutput() # Compare the output as list of lines which makes it easier to spot # differences. self.assertEqual(output.split(b'\n'), expected_output.split(b'\n'))