def testParse(self): """Tests the Parse function.""" parser = symantec.SymantecParser() storage_writer = self._ParseFile(['Symantec.Log'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 8) # The order in which DSVParser generates events is nondeterministic # hence we sort the events. events = list(storage_writer.GetSortedEvents()) expected_event_values = { 'action0': '14', 'action1': '5', 'action2': '3', 'cat': '1', 'data_type': 'av:symantec:scanlog', 'event': '5', 'event_data': '201\t4\t6\t1\t65542\t0\t0\t0\t0\t0\t0', 'file': 'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt', 'scanid': '0', 'timestamp': '2012-11-30 10:47:29.000000', 'user': '******', 'virus': 'W32.Changeup!gen33' } self.CheckEventValues(storage_writer, events[1], expected_event_values)
def testGetTimeElementsTuple(self): """Tests the _GetTimeElementsTuple function.""" parser = symantec.SymantecParser() expected_time_elements_tuple = (2002, 11, 19, 8, 1, 34) time_elements_tuple = parser._GetTimeElementsTuple('200A13080122') self.assertEqual(time_elements_tuple, expected_time_elements_tuple) expected_time_elements_tuple = (2012, 11, 30, 10, 47, 29) time_elements_tuple = parser._GetTimeElementsTuple('2A0A1E0A2F1D') self.assertEqual(time_elements_tuple, expected_time_elements_tuple)
def testConvertToTimestamp(self): """Tests the _ConvertToTimestamp function.""" parser_object = symantec.SymantecParser() # pylint: disable=protected-access expected_timestamp = timelib.Timestamp.CopyFromString( u'2002-11-19 08:01:34') timestamp = parser_object._ConvertToTimestamp( u'200A13080122', timezone=pytz.UTC) self.assertEqual(timestamp, expected_timestamp) expected_timestamp = timelib.Timestamp.CopyFromString( u'2012-11-30 10:47:29') timestamp = parser_object._ConvertToTimestamp( u'2A0A1E0A2F1D', timezone=pytz.UTC) self.assertEqual(timestamp, expected_timestamp)
def testParse(self): """Tests the Parse function.""" parser = symantec.SymantecParser() storage_writer = self._ParseFile(['Symantec.Log'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 8) # The order in which DSVParser generates events is nondeterministic # hence we sort the events. events = list(storage_writer.GetSortedEvents()) # Test the second entry: event = events[1] self.CheckTimestamp(event.timestamp, '2012-11-30 10:47:29.000000') event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.user, 'davnads') expected_file = ( 'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt') self.assertEqual(event_data.file, expected_file) expected_message = ( 'Event Name: GL_EVENT_INFECTION; ' 'Category Name: GL_CAT_INFECTION; ' 'Malware Name: W32.Changeup!gen33; ' 'Malware Path: ' 'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt; ' 'Action0: Unknown; ' 'Action1: Clean virus from file; ' 'Action2: Delete infected file; ' 'Scan ID: 0; ' 'Event Data: 201\t4\t6\t1\t65542\t0\t0\t0\t0\t0\t0') expected_short_message = ( 'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt; ' 'W32.Changeup!gen33; ' 'Unknown; ...') self._TestGetMessageStrings( event_data, expected_message, expected_short_message)
def testParse(self): """Tests the Parse function.""" parser_object = symantec.SymantecParser() test_file = self._GetTestFilePath([u'Symantec.Log']) event_queue_consumer = self._ParseFile(parser_object, test_file) event_objects = self._GetEventObjectsFromQueue(event_queue_consumer) # The file contains 8 lines which should result in 8 event objects. self.assertEqual(len(event_objects), 8) # Test the second entry: event_object = event_objects[1] expected_timestamp = timelib.Timestamp.CopyFromString( u'2012-11-30 10:47:29') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual(event_object.user, u'davnads') expected_file = ( u'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt') self.assertEqual(event_object.file, expected_file) expected_msg = ( u'Event Name: GL_EVENT_INFECTION; ' u'Category Name: GL_CAT_INFECTION; ' u'Malware Name: W32.Changeup!gen33; ' u'Malware Path: ' u'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt; ' u'Action0: Unknown; ' u'Action1: Clean virus from file; ' u'Action2: Delete infected file; ' u'Scan ID: 0; ' u'Event Data: 201\t4\t6\t1\t65542\t0\t0\t0\t0\t0\t0') expected_msg_short = ( u'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt; ' u'W32.Changeup!gen33; ' u'Unknown; ...') self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short)
def setUp(self): """Makes preparations before running an individual test.""" self._parser = symantec.SymantecParser()
def setUp(self): """Sets up the needed objects used throughout the test.""" pre_obj = event.PreprocessObject() self._parser = symantec.SymantecParser(pre_obj, None)
def setUp(self): """Sets up the needed objects used throughout the test.""" self._parser = symantec.SymantecParser()