def testCollect(self): """Tests the Collect function.""" file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() test_file_path = shared_test_lib.GetTestFilePath(['SOFTWARE']) file_system_builder.AddFileReadData( '/Windows/System32/config/SOFTWARE', test_file_path) test_file_path = shared_test_lib.GetTestFilePath(['SYSTEM']) file_system_builder.AddFileReadData('/Windows/System32/config/SYSTEM', test_file_path) session = sessions.Session() test_knowledge_base = knowledge_base.KnowledgeBase() storage_writer = fake_writer.FakeStorageWriter() test_mediator = mediator.PreprocessMediator(session, storage_writer, test_knowledge_base) mount_point = fake_path_spec.FakePathSpec(location='/') searcher = file_system_searcher.FileSystemSearcher( file_system_builder.file_system, mount_point) plugin = generic.DetermineOperatingSystemPlugin() storage_writer.Open() try: plugin.Collect(test_mediator, None, searcher, file_system_builder.file_system) finally: storage_writer.Close() operating_system = test_mediator.knowledge_base.GetValue( 'operating_system') self.assertEqual(operating_system, 'Windows NT')
def __init__(self): """Initialize a test engine object.""" file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() test_file_path = shared_test_lib.GetTestFilePath(['SOFTWARE']) file_system_builder.AddFileReadData( '/Windows/System32/config/SOFTWARE', test_file_path) test_file_path = shared_test_lib.GetTestFilePath(['SYSTEM']) file_system_builder.AddFileReadData('/Windows/System32/config/SYSTEM', test_file_path) super(TestEngine, self).__init__() self._file_system = file_system_builder.file_system self._mount_point = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_FAKE, location='/')
def testProcessSources(self): """Tests the PreprocessSources and ProcessSources function.""" registry = artifacts_registry.ArtifactDefinitionsRegistry() reader = artifacts_reader.YamlArtifactsReader() path = shared_test_lib.GetTestFilePath(['artifacts']) registry.ReadFromDirectory(reader, path) test_engine = task_engine.TaskMultiProcessEngine( maximum_number_of_tasks=100) source_path = self._GetTestFilePath(['ímynd.dd']) os_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_OS, location=source_path) source_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_TSK, location='/', parent=os_path_spec) test_engine.PreprocessSources(registry, [source_path_spec]) session = sessions.Session() configuration = configurations.ProcessingConfiguration() configuration.parser_filter_expression = 'filestat' with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, 'storage.plaso') storage_writer = storage_zip_file.ZIPStorageFileWriter( session, temp_file) test_engine.ProcessSources(session.identifier, [source_path_spec], storage_writer, configuration)
def testPreprocessSources(self): """Tests the PreprocessSources function.""" test_file_path = self._GetTestFilePath(['SOFTWARE']) self._SkipIfPathNotExists(test_file_path) test_file_path = self._GetTestFilePath(['SYSTEM']) self._SkipIfPathNotExists(test_file_path) test_artifacts_path = shared_test_lib.GetTestFilePath(['artifacts']) self._SkipIfPathNotExists(test_artifacts_path) registry = artifacts_registry.ArtifactDefinitionsRegistry() reader = artifacts_reader.YamlArtifactsReader() registry.ReadFromDirectory(reader, test_artifacts_path) test_engine = TestEngine() source_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_FAKE, location='/') test_engine.PreprocessSources(registry, [source_path_spec]) operating_system = test_engine.knowledge_base.GetValue( 'operating_system') self.assertEqual(operating_system, 'Windows NT') test_engine.PreprocessSources(registry, [None])
def testProcessSources(self): """Tests the ProcessSources function.""" registry = artifacts_registry.ArtifactDefinitionsRegistry() reader = artifacts_reader.YamlArtifactsReader() path = shared_test_lib.GetTestFilePath(['artifacts']) registry.ReadFromDirectory(reader, path) test_engine = single_process.SingleProcessEngine() resolver_context = context.Context() session = sessions.Session() source_path = self._GetTestFilePath(['ímynd.dd']) os_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_OS, location=source_path) source_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_TSK, location='/', parent=os_path_spec) test_engine.PreprocessSources(registry, [source_path_spec]) storage_writer = fake_writer.FakeStorageWriter(session) configuration = configurations.ProcessingConfiguration() configuration.parser_filter_expression = 'filestat' test_engine.ProcessSources([source_path_spec], storage_writer, resolver_context, configuration) self.assertEqual(storage_writer.number_of_events, 15)
def testPreprocessSources(self): """Tests the PreprocessSources function.""" test_file_path = self._GetTestFilePath(['SOFTWARE']) self._SkipIfPathNotExists(test_file_path) test_file_path = self._GetTestFilePath(['SYSTEM']) self._SkipIfPathNotExists(test_file_path) test_artifacts_path = shared_test_lib.GetTestFilePath(['artifacts']) self._SkipIfPathNotExists(test_artifacts_path) test_engine = TestEngine() source_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_FAKE, location='/') session = test_engine.CreateSession() storage_writer = fake_writer.FakeStorageWriter() storage_writer.Open() test_engine.PreprocessSources(test_artifacts_path, None, [source_path_spec], session, storage_writer) operating_system = test_engine.knowledge_base.GetValue( 'operating_system') self.assertEqual(operating_system, 'Windows NT') test_engine.PreprocessSources(test_artifacts_path, None, [None], session, storage_writer)
def setUpClass(cls): """Makes preparations before running any of the tests.""" artifacts_path = shared_test_lib.GetTestFilePath(['artifacts']) cls._artifacts_registry = artifacts_registry.ArtifactDefinitionsRegistry() reader = artifacts_reader.YamlArtifactsReader() cls._artifacts_registry.ReadFromDirectory(reader, artifacts_path)
def testPreprocessSources(self): """Tests the PreprocessSources function.""" registry = artifacts_registry.ArtifactDefinitionsRegistry() reader = artifacts_reader.YamlArtifactsReader() path = shared_test_lib.GetTestFilePath(['artifacts']) registry.ReadFromDirectory(reader, path) test_engine = TestEngine() source_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_FAKE, location='/') test_engine.PreprocessSources(registry, [source_path_spec]) self.assertEqual(test_engine.knowledge_base.platform, 'Windows') test_engine.PreprocessSources(registry, [None])
def _GetChromeWebStorePage(self, extension_identifier): """Retrieves the page for the extension from the Chrome store website. Args: extension_identifier (str): Chrome extension identifier. Returns: str: page content or None. """ chrome_web_store_file = shared_test_lib.GetTestFilePath([ 'chrome_extensions', extension_identifier]) if not os.path.exists(chrome_web_store_file): return with open(chrome_web_store_file, 'rb') as file_object: page_content = file_object.read() return page_content.decode('utf-8')
def testProcessSources(self): """Tests the PreprocessSources and ProcessSources function.""" artifacts_path = shared_test_lib.GetTestFilePath(['artifacts']) self._SkipIfPathNotExists(artifacts_path) test_engine = extraction_engine.ExtractionMultiProcessEngine( maximum_number_of_tasks=100) test_file_path = self._GetTestFilePath(['ímynd.dd']) self._SkipIfPathNotExists(test_file_path) os_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path) source_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_TSK, location='/', parent=os_path_spec) source_configuration = artifacts.SourceConfigurationArtifact( path_spec=source_path_spec) session = sessions.Session() configuration = configurations.ProcessingConfiguration() configuration.parser_filter_expression = 'filestat' configuration.task_storage_format = definitions.STORAGE_FORMAT_SQLITE with shared_test_lib.TempDirectory() as temp_directory: temp_file = os.path.join(temp_directory, 'storage.plaso') storage_writer = sqlite_writer.SQLiteStorageFileWriter() storage_writer.Open(path=temp_file) try: test_engine.PreprocessSources(artifacts_path, None, [source_path_spec], session, storage_writer) processing_status = test_engine.ProcessSources( [source_configuration], storage_writer, session.identifier, configuration, storage_file_path=temp_directory) number_of_events = storage_writer.GetNumberOfAttributeContainers( 'event') number_of_extraction_warnings = ( storage_writer.GetNumberOfAttributeContainers( 'extraction_warning')) number_of_recovery_warnings = ( storage_writer.GetNumberOfAttributeContainers( 'recovery_warning')) parsers_counter = collections.Counter({ parser_count.name: parser_count.number_of_events for parser_count in storage_writer.GetAttributeContainers( 'parser_count') }) finally: storage_writer.Close() self.assertFalse(processing_status.aborted) self.assertEqual(number_of_events, 15) self.assertEqual(number_of_extraction_warnings, 0) self.assertEqual(number_of_recovery_warnings, 0) expected_parsers_counter = collections.Counter({ 'filestat': 15, 'total': 15 }) self.assertEqual(parsers_counter, expected_parsers_counter)