def testParsingChromeCookieDatabase(self):
"""Test the process function on a Chrome cookie database."""
plugin = chrome_cookies.Chrome17CookiePlugin()
storage_writer = self._ParseDatabaseFileWithPlugin(['cookies.db'],
plugin)
events = self._GetAnalyticsCookieEvents(storage_writer)
# The cookie database contains 560 entries in total. Out of them
# there are 75 events created by the Google Analytics plugin.
self.assertEqual(len(events), 75)
self.assertEqual(storage_writer.number_of_extraction_warnings, 0)
self.assertEqual(storage_writer.number_of_recovery_warnings, 0)
# Check few "random" events to verify.
# Check an UTMZ Google Analytics event.
expected_event_values = {
'cookie_name': '__utmz',
'data_type': 'cookie:google:analytics:utmz',
'domain_hash': '68898382',
'sessions': 1,
'sources': 1,
'url': 'http://imdb.com/',
'utmccn': '(organic)',
'utmctr': 'enders game',
'utmcmd': 'organic',
'utmcsr': 'google'
}
self.CheckEventValues(storage_writer, events[39],
expected_event_values)
# Check the UTMA Google Analytics event.
expected_event_values = {
'cookie_name': '__utma',
'data_type': 'cookie:google:analytics:utma',
'date_time': '2012-03-22 01:55:29',
'domain_hash': '151488169',
'sessions': 2,
'timestamp_desc': 'Analytics Previous Time',
'url': 'http://assets.tumblr.com/',
'visitor_id': '1827102436'
}
self.CheckEventValues(storage_writer, events[41],
expected_event_values)
# Check the UTMB Google Analytics event.
expected_event_values = {
'cookie_name': '__utmb',
'data_type': 'cookie:google:analytics:utmb',
'date_time': '2012-03-22 01:48:30',
'domain_hash': '154523900',
'pages_viewed': 1,
'timestamp_desc': definitions.TIME_DESCRIPTION_LAST_VISITED,
'url': 'http://upressonline.com/'
}
self.CheckEventValues(storage_writer, events[34],
expected_event_values)
def testParsingChromeCookieDatabase(self):
"""Test the process function on a Chrome cookie database."""
plugin = chrome_cookies.Chrome17CookiePlugin()
storage_writer = self._ParseDatabaseFileWithPlugin(['cookies.db'],
plugin)
events = self._GetAnalyticsCookieEvents(storage_writer)
self.assertEqual(storage_writer.number_of_warnings, 0)
# The cookie database contains 560 entries in total. Out of them
# there are 75 events created by the Google Analytics plugin.
self.assertEqual(len(events), 75)
# Check few "random" events to verify.
# Check an UTMZ Google Analytics event.
event = events[39]
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.utmctr, 'enders game')
self.assertEqual(event_data.domain_hash, '68898382')
self.assertEqual(event_data.sessions, 1)
expected_message = (
'http://imdb.com/ (__utmz) Sessions: 1 Domain Hash: 68898382 '
'Sources: 1 Last source used to access: google Ad campaign '
'information: (organic) Last type of visit: organic Keywords '
'used to find site: enders game')
expected_short_message = 'http://imdb.com/ (__utmz)'
self._TestGetMessageStrings(event_data, expected_message,
expected_short_message)
# Check the UTMA Google Analytics event.
event = events[41]
self.CheckTimestamp(event.timestamp, '2012-03-22 01:55:29.000000')
self.assertEqual(event.timestamp_desc, 'Analytics Previous Time')
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.cookie_name, '__utma')
self.assertEqual(event_data.visitor_id, '1827102436')
self.assertEqual(event_data.sessions, 2)
expected_message = ('http://assets.tumblr.com/ (__utma) '
'Sessions: 2 '
'Domain Hash: 151488169 '
'Visitor ID: 1827102436')
expected_short_message = 'http://assets.tumblr.com/ (__utma)'
self._TestGetMessageStrings(event_data, expected_message,
expected_short_message)
# Check the UTMB Google Analytics event.
event = events[34]
self.CheckTimestamp(event.timestamp, '2012-03-22 01:48:30.000000')
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_LAST_VISITED)
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.cookie_name, '__utmb')
self.assertEqual(event_data.domain_hash, '154523900')
self.assertEqual(event_data.pages_viewed, 1)
expected_message = (
'http://upressonline.com/ (__utmb) Pages Viewed: 1 Domain Hash: '
'154523900')
expected_short_message = 'http://upressonline.com/ (__utmb)'
self._TestGetMessageStrings(event_data, expected_message,
expected_short_message)
def testProcess(self):
"""Tests the Process function on a Chrome cookie database file."""
plugin = chrome_cookies.Chrome17CookiePlugin()
storage_writer = self._ParseDatabaseFileWithPlugin(['cookies.db'],
plugin)
# Since we've got both events generated by cookie plugins and the Chrome
# cookie plugin we need to separate them.
events = []
extra_objects = []
for event in storage_writer.GetEvents():
event_data = self._GetEventDataOfEvent(storage_writer, event)
if event_data.data_type == 'chrome:cookie:entry':
events.append(event)
else:
extra_objects.append(event)
# The cookie database contains 560 entries:
# 560 creation timestamps.
# 560 last access timestamps.
# 560 expired timestamps.
# Then there are extra events created by plugins:
# 75 events created by Google Analytics cookies.
# In total: 1755 events.
self.assertEqual(len(events), 3 * 560)
self.assertEqual(len(extra_objects), 75)
# Check few "random" events to verify.
# Check one linkedin cookie.
event = events[124]
self.CheckTimestamp(event.timestamp, '2011-08-25 21:50:27.292367')
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_LAST_ACCESS)
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.host, 'www.linkedin.com')
self.assertEqual(event_data.cookie_name, 'leo_auth_token')
self.assertFalse(event_data.httponly)
self.assertEqual(event_data.url, 'http://www.linkedin.com/')
expected_message = (
'http://www.linkedin.com/ (leo_auth_token) Flags: [HTTP only] = False '
'[Persistent] = True')
expected_short_message = 'www.linkedin.com (leo_auth_token)'
self._TestGetMessageStrings(event_data, expected_message,
expected_short_message)
# Check one of the visits to rubiconproject.com.
event = events[379]
self.CheckTimestamp(event.timestamp, '2012-04-01 13:54:34.949210')
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_LAST_ACCESS)
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.url, 'http://rubiconproject.com/')
self.assertEqual(event_data.path, '/')
self.assertFalse(event_data.secure)
self.assertTrue(event_data.persistent)
expected_message = (
'http://rubiconproject.com/ (put_2249) Flags: [HTTP only] = False '
'[Persistent] = True')
self._TestGetMessageStrings(event_data, expected_message,
'rubiconproject.com (put_2249)')
# Examine an event for a visit to a political blog site.
event = events[444]
self.CheckTimestamp(event.timestamp, '2012-03-22 01:47:21.012022')
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(
event_data.path,
'/2012/03/21/romney-tries-to-clean-up-etch-a-sketch-mess/')
self.assertEqual(event_data.host, 'politicalticker.blogs.cnn.com')
# Examine a cookie that has an autologin entry.
event = events[1425]
self.CheckTimestamp(event.timestamp, '2012-04-01 13:52:56.189444')
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_CREATION)
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.host, 'marvel.com')
self.assertEqual(event_data.cookie_name, 'autologin[timeout]')
# This particular cookie value represents a timeout value that corresponds
# to the expiration date of the cookie.
self.assertEqual(event_data.data, '1364824322')
# Examine a cookie expiry event.
event = events[2]
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_EXPIRATION)
self.CheckTimestamp(event.timestamp, '2013-08-14 14:19:42.000000')
def testProcess(self):
"""Tests the Process function on a Chrome cookie database file."""
plugin = chrome_cookies.Chrome17CookiePlugin()
storage_writer = self._ParseDatabaseFileWithPlugin(['cookies.db'], plugin)
# Since we've got both events generated by cookie plugins and the Chrome
# cookie plugin we need to separate them.
events = []
extra_objects = []
for event in storage_writer.GetEvents():
event_data = self._GetEventDataOfEvent(storage_writer, event)
if event_data.data_type == 'chrome:cookie:entry':
events.append(event)
else:
extra_objects.append(event)
# The cookie database contains 560 entries:
# 560 creation timestamps.
# 560 last access timestamps.
# 560 expired timestamps.
# Then there are extra events created by plugins:
# 75 events created by Google Analytics cookies.
# In total: 1755 events.
self.assertEqual(len(events), 3 * 560)
self.assertEqual(len(extra_objects), 75)
# Check one www.linkedin.com cookie.
expected_event_values = {
'cookie_name': 'leo_auth_token',
'data_type': 'chrome:cookie:entry',
'host': 'www.linkedin.com',
'httponly': False,
'persistent': True,
'timestamp': '2011-08-25 21:50:27.292367',
'timestamp_desc': definitions.TIME_DESCRIPTION_LAST_ACCESS,
'url': 'http://www.linkedin.com/'}
self.CheckEventValues(storage_writer, events[124], expected_event_values)
# Check one of the visits to rubiconproject.com.
expected_event_values = {
'cookie_name': 'put_2249',
'data_type': 'chrome:cookie:entry',
'httponly': False,
'path': '/',
'persistent': True,
'secure': False,
'timestamp': '2012-04-01 13:54:34.949210',
'timestamp_desc': definitions.TIME_DESCRIPTION_LAST_ACCESS,
'url': 'http://rubiconproject.com/'}
self.CheckEventValues(storage_writer, events[379], expected_event_values)
# Examine an event for a visit to a political blog site.
expected_event_values = {
'data_type': 'chrome:cookie:entry',
'host': 'politicalticker.blogs.cnn.com',
'path': '/2012/03/21/romney-tries-to-clean-up-etch-a-sketch-mess/',
'timestamp': '2012-03-22 01:47:21.012022'}
self.CheckEventValues(storage_writer, events[444], expected_event_values)
# Examine a cookie that has an autologin entry.
expected_event_values = {
'cookie_name': 'autologin[timeout]',
'data_type': 'chrome:cookie:entry',
# This particular cookie value represents a timeout value that
# corresponds to the expiration date of the cookie.
'data': '1364824322',
'host': 'marvel.com',
'timestamp': '2012-04-01 13:52:56.189444',
'timestamp_desc': definitions.TIME_DESCRIPTION_CREATION}
self.CheckEventValues(storage_writer, events[1425], expected_event_values)
# Examine a cookie expiry event.
expected_event_values = {
'data_type': 'chrome:cookie:entry',
'timestamp': '2013-08-14 14:19:42.000000',
'timestamp_desc': definitions.TIME_DESCRIPTION_EXPIRATION}
self.CheckEventValues(storage_writer, events[2], expected_event_values)
