def _ParseDistributedTrackingIdentifier(self, parser_mediator, uuid_data, origin): """Extracts data from a Distributed Tracking identifier. Args: parser_mediator (ParserMediator): mediates interactions between parsers and other components, such as storage and dfvfs. uuid_data (bytes): UUID data of the Distributed Tracking identifier. origin (str): origin of the event (event source). Returns: str: UUID string of the Distributed Tracking identifier. """ uuid_object = uuid.UUID(bytes_le=uuid_data) if uuid_object.version == 1: event_data = windows_events.WindowsDistributedLinkTrackingEventData( uuid_object, origin) date_time = dfdatetime_uuid_time.UUIDTime( timestamp=uuid_object.time) event = time_events.DateTimeValuesEvent( date_time, definitions.TIME_DESCRIPTION_CREATION) parser_mediator.ProduceEventWithEventData(event, event_data) return u'{{{0!s}}}'.format(uuid_object)
def testGetAttributeNames(self): """Tests the GetAttributeNames function.""" test_uuid = uuid.UUID(uuid.uuid1().hex) attribute_container = ( windows_events.WindowsDistributedLinkTrackingEventData(test_uuid, None)) expected_attribute_names = [ '_event_data_stream_row_identifier', 'data_type', 'mac_address', 'origin', 'parser', 'uuid'] attribute_names = sorted(attribute_container.GetAttributeNames()) self.assertEqual(attribute_names, expected_attribute_names)
def testGetAttributeNames(self): """Tests the GetAttributeNames function.""" test_uuid = uuid.UUID(uuid.uuid1().get_hex()) attribute_container = ( windows_events.WindowsDistributedLinkTrackingEventData( test_uuid, None)) expected_attribute_names = [ u'data_type', u'mac_address', u'offset', u'origin', u'query', u'uuid' ] attribute_names = sorted(attribute_container.GetAttributeNames()) self.assertEqual(attribute_names, expected_attribute_names)
def _ParseDistributedTrackingIdentifier(self, parser_mediator, uuid_string, origin): """Extracts data from a Distributed Tracking identifier. Args: parser_mediator (ParserMediator): mediates interactions between parsers and other components, such as storage and dfvfs. uuid_string (str): UUID string of the Distributed Tracking identifier. origin (str): origin of the event (event source). """ uuid_object = uuid.UUID(uuid_string) if uuid_object.version == 1: event_data = windows_events.WindowsDistributedLinkTrackingEventData( uuid_object, origin) date_time = dfdatetime_uuid_time.UUIDTime( timestamp=uuid_object.time) event = time_events.DateTimeValuesEvent( date_time, eventdata.EventTimestamp.CREATION_TIME) parser_mediator.ProduceEventWithEventData(event, event_data)