def testPluginList(self): """Test the plugin list returns the right values.""" # pylint: disable=protected-access self._parser = sqlite.SQLiteParser(self._pre_obj, self._config) all_plugins = self._parser._plugins self.assertGreaterEqual(len(all_plugins), 10) all_plugin_names = all_plugins.keys() self.assertTrue('skype' in all_plugin_names) self.assertTrue('chrome_history' in all_plugin_names) self.assertTrue('firefox_history' in all_plugin_names) # Change the calculations of the parsers. self._config.parsers = 'chrome_history, firefox_history, -skype' self._parser = sqlite.SQLiteParser(self._pre_obj, self._config) plugins = self._parser._plugins self.assertEquals(len(plugins), 2) # Test with a different plugin selection. self._config.parsers = 'sqlite, -skype' self._parser = sqlite.SQLiteParser(self._pre_obj, self._config) plugins = self._parser._plugins # This should result in all plugins EXCEPT the skype one. self.assertEquals(len(plugins), len(all_plugins) - 1)
def testParseFileEntryOnDatabaseWithDotInTableName(self): """Tests ParseFileEntry on a database with a dot in a table name.""" parser = sqlite.SQLiteParser() storage_writer = self._ParseFile(['data.db'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 0)
def testExamineEventAndCompileReport(self): """Tests the ExamineEvent and CompileReport functions.""" parser = sqlite.SQLiteParser() plugin = browser_search.BrowserSearchPlugin() storage_writer = self._ParseAndAnalyzeFile(['History'], parser, plugin) self.assertEqual(storage_writer.number_of_events, 71) self.assertEqual(len(storage_writer.analysis_reports), 1) analysis_report = storage_writer.analysis_reports[0] # Due to the behavior of the join one additional empty string at the end # is needed to create the last empty line. expected_text = '\n'.join([ ' == ENGINE: Google Search ==', '1 really really funny cats', '1 java plugin', '1 funnycats.exe', '1 funny cats', '', '' ]) self.assertEqual(analysis_report.text, expected_text) self.assertEqual(analysis_report.plugin_name, 'browser_search') expected_keys = set(['Google Search']) self.assertEqual(set(analysis_report.report_dict.keys()), expected_keys)
def testFileParserChainMaintenance(self): """Tests that the parser chain is correctly maintained by the parser.""" parser = sqlite.SQLiteParser() storage_writer = self._ParseFile([u'contacts2.db'], parser) for event in storage_writer.GetEvents(): chain = event.parser self.assertEqual(1, chain.count(u'/'))
def testFileParserChainMaintenance(self): """Tests that the parser chain is correctly maintained by the parser.""" parser = sqlite.SQLiteParser() storage_writer = self._ParseFile(['contacts2.db'], parser) for event in storage_writer.GetEvents(): event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(1, event_data.parser.count('/'))
def testEnablePlugins(self): """Tests the EnablePlugins function.""" parser_object = sqlite.SQLiteParser() parser_object.EnablePlugins([u'chrome_history']) self.assertIsNotNone(parser_object) self.assertIsNone(parser_object._default_plugin) self.assertNotEqual(parser_object._plugin_objects, []) self.assertEqual(len(parser_object._plugin_objects), 1)
def testEnablePlugins(self): """Tests the EnablePlugins function.""" parser = sqlite.SQLiteParser() parser.EnablePlugins(['chrome_27_history']) self.assertIsNotNone(parser) self.assertIsNone(parser._default_plugin) self.assertNotEqual(parser._plugins, []) self.assertEqual(len(parser._plugins), 1)
def testFileParserChainMaintenance(self): """Tests that the parser chain is correctly maintained by the parser.""" parser_object = sqlite.SQLiteParser() test_file = self._GetTestFilePath([u'contacts2.db']) event_queue_consumer = self._ParseFile(parser_object, test_file) event_objects = self._GetEventObjectsFromQueue(event_queue_consumer) for event in event_objects: chain = event.parser self.assertEqual(1, chain.count(u'/'))
def testParseFileEntry(self): """Tests the ParseFileEntry function.""" parser = sqlite.SQLiteParser() storage_writer = self._ParseFile(['contacts2.db'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 5) for event in storage_writer.GetEvents(): event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(1, event_data.parser.count('/'))
def testEnablePlugins(self): """Tests the EnablePlugins function.""" parser = sqlite.SQLiteParser() number_of_plugins = len(parser._plugin_classes) parser.EnablePlugins([]) self.assertEqual(len(parser._plugins), 0) parser.EnablePlugins(parser.ALL_PLUGINS) self.assertEqual(len(parser._plugins), number_of_plugins) parser.EnablePlugins(['chrome_27_history']) self.assertEqual(len(parser._plugins), 1)
def testParseFileEntryOnDatabaseWithDotInTableName(self): """Tests ParseFileEntry on a database with a dot in a table name.""" parser = sqlite.SQLiteParser() storage_writer = self._ParseFile(['data.db'], parser) number_of_events = storage_writer.GetNumberOfAttributeContainers( 'event') self.assertEqual(number_of_events, 0) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'extraction_warning') self.assertEqual(number_of_warnings, 0) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'recovery_warning') self.assertEqual(number_of_warnings, 0)
def testParseFileEntry(self): """Tests the ParseFileEntry function.""" parser = sqlite.SQLiteParser() storage_writer = self._ParseFile(['contacts2.db'], parser) number_of_events = storage_writer.GetNumberOfAttributeContainers( 'event') self.assertEqual(number_of_events, 5) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'extraction_warning') self.assertEqual(number_of_warnings, 0) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'recovery_warning') self.assertEqual(number_of_warnings, 0) for event in storage_writer.GetEvents(): event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(1, event_data.parser.count('/'))
def testExamineEventAndCompileReport(self): """Tests the ExamineEvent and CompileReport functions.""" parser = sqlite.SQLiteParser() plugin = browser_search.BrowserSearchPlugin() storage_writer = self._ParseAndAnalyzeFile(['History'], parser, plugin) analysis_results = list( storage_writer.GetAttributeContainers( 'browser_search_analysis_result')) self.assertEqual(len(analysis_results), 4) analysis_result = analysis_results[2] self.assertEqual(analysis_result.search_engine, 'Google Search') self.assertEqual(analysis_result.search_term, 'really really funny cats') self.assertEqual(analysis_result.number_of_queries, 1) number_of_reports = storage_writer.GetNumberOfAttributeContainers( 'analysis_report') self.assertEqual(number_of_reports, 1) analysis_report = storage_writer.GetAttributeContainerByIndex( reports.AnalysisReport.CONTAINER_TYPE, 0) self.assertIsNotNone(analysis_report) self.assertEqual(analysis_report.plugin_name, 'browser_search') expected_analysis_counter = collections.Counter({ 'Google Search:funny cats': 1, 'Google Search:funnycats.exe': 1, 'Google Search:java plugin': 1, 'Google Search:really really funny cats': 1 }) self.assertEqual(analysis_report.analysis_counter, expected_analysis_counter)
def setUp(self): """Sets up the needed objects used throughout the test.""" self._pre_obj = event.PreprocessObject() self._parser = sqlite.SQLiteParser(self._pre_obj, None)
def setUp(self): """Sets up the needed objects used throughout the test.""" self._parser = sqlite.SQLiteParser()
def setUp(self): """Makes preparations before running an individual test.""" self._parser = sqlite.SQLiteParser()