def testProcessStorage(self): """Test the AnalyzeEvents function""" output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8') test_tool = psteal.PstealTool(output_writer=output_writer) options = cli_test_lib.TestOptions() options.storage_file = self._GetTestFilePath( [u'psort_test.json.plaso']) options.source = u'unused_source' with shared_test_lib.TempDirectory() as temp_directory: result_file_name = os.path.join(temp_directory, u'output.txt') options.analysis_output_file = result_file_name test_tool.ParseOptions(options) test_tool.AnalyzeEvents() expected_output_file_name = self._GetTestFilePath( [u'end_to_end', u'dynamic.log']) with open(expected_output_file_name, 'r') as expected_output_file, open( result_file_name, 'r') as result_file: expected_output = expected_output_file.read() result = result_file.read() self.assertEqual(expected_output, result) output = output_writer.ReadOutput() self.assertIn(u'Events processed : 38', output)
def testExtractEventsFromSourceDirectory(self): """Tests the ExtractEventsFromSources function on a directory.""" output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8') test_tool = psteal.PstealTool(output_writer=output_writer) options = cli_test_lib.TestOptions() options.quiet = True options.status_view_mode = u'none' options.source = self._GetTestFilePath([u'testdir']) with shared_test_lib.TempDirectory() as temp_directory: options.analysis_output_file = os.path.join( temp_directory, u'unused_output.txt') options.storage_file = os.path.join(temp_directory, u'storage.plaso') test_tool.ParseOptions(options) test_tool.ExtractEventsFromSources() expected_output = [ b'', b'Source path\t: {0:s}'.format( options.source.encode(u'utf-8')), b'Source type\t: directory', b'', b'Processing started.', b'Processing completed.', b'', b'' ] output = output_writer.ReadOutput() self.assertEqual(output.split(b'\n'), expected_output)
def testParseOptions(self): """Tests the ParseOptions function.""" output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8') test_tool = psteal.PstealTool(output_writer=output_writer) # Test when no source nor output file specified. options = cli_test_lib.TestOptions() expected_error = u'Missing source path.' with self.assertRaisesRegexp(errors.BadConfigOption, expected_error): test_tool.ParseOptions(options) # Test when the output file is missing. options.source = self._GetTestFilePath([u'testdir']) expected_error = (u'Output format: dynamic requires an output file.') with self.assertRaisesRegexp(errors.BadConfigOption, expected_error): test_tool.ParseOptions(options) # Test when the source is missing. options = cli_test_lib.TestOptions() expected_error = u'Missing source path.' with shared_test_lib.TempDirectory() as temp_directory: options.analysis_output_file = os.path.join( temp_directory, u'unused_output.txt') with self.assertRaisesRegexp(errors.BadConfigOption, expected_error): test_tool.ParseOptions(options) # Test when both source and output are specified. options = cli_test_lib.TestOptions() options.source = self._GetTestFilePath([u'testdir']) with shared_test_lib.TempDirectory() as temp_directory: options.analysis_output_file = os.path.join( temp_directory, u'unused_output.txt') test_tool.ParseOptions(options)
def testExtractEventsFromSourceVSSImage(self): """Tests the ExtractEventsFromSources function on an image with VSS.""" output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8') test_tool = psteal.PstealTool(output_writer=output_writer) options = cli_test_lib.TestOptions() options.quiet = True options.single_process = True options.status_view_mode = u'none' options.source = self._GetTestFilePath([u'vsstest.qcow2']) options.vss_stores = u'all' with shared_test_lib.TempDirectory() as temp_directory: options.analysis_output_file = os.path.join( temp_directory, u'unused_output.txt') options.storage_file = os.path.join(temp_directory, u'storage.plaso') test_tool.ParseOptions(options) test_tool.ExtractEventsFromSources() expected_output = [ b'', b'Source path\t: {0:s}'.format( options.source.encode(u'utf-8')), b'Source type\t: storage media image', b'', b'Processing started.', b'Processing completed.', b'', b'Number of errors encountered while extracting events: 1.', b'', b'Use pinfo to inspect errors in more detail.', b'', b'' ] output = output_writer.ReadOutput() self.assertEqual(output.split(b'\n'), expected_output)
def testExtractEventsFromSourceBDEImage(self): """Tests the ExtractEventsFromSources function on an image with BDE.""" output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8') test_tool = psteal.PstealTool(output_writer=output_writer) options = cli_test_lib.TestOptions() options.credentials = [u'password:{0:s}'.format(self._BDE_PASSWORD)] options.quiet = True # TODO: remove work-around after fixing #1112 options.single_process = True options.source = self._GetTestFilePath([u'bdetogo.raw']) options.status_view_mode = u'none' with shared_test_lib.TempDirectory() as temp_directory: options.analysis_output_file = os.path.join( temp_directory, u'unused_output.txt') options.storage_file = os.path.join(temp_directory, u'storage.plaso') test_tool.ParseOptions(options) test_tool.ExtractEventsFromSources() expected_output = [ b'', b'Source path\t: {0:s}'.format( options.source.encode(u'utf-8')), b'Source type\t: storage media image', b'', b'Processing started.', b'Processing completed.', b'', b'' ] output = output_writer.ReadOutput() self.assertEqual(output.split(b'\n'), expected_output)
def testExtractEventsFromSourcePartitionedImage(self): """Tests the ExtractEventsFromSources function on a multi partition image.""" output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8') test_tool = psteal.PstealTool(output_writer=output_writer) options = cli_test_lib.TestOptions() # TODO: refactor to partitions. options.partitions = u'all' options.quiet = True options.status_view_mode = u'none' # Note that the source file is a RAW (VMDK flat) image. options.source = self._GetTestFilePath([u'multi_partition_image.vmdk']) with shared_test_lib.TempDirectory() as temp_directory: options.analysis_output_file = os.path.join(temp_directory, u'unused_output.txt') options.storage_file = os.path.join(temp_directory, u'storage.plaso') test_tool.ParseOptions(options) test_tool.ExtractEventsFromSources() expected_output = [ b'', b'Source path\t: {0:s}'.format(options.source.encode(u'utf-8')), b'Source type\t: storage media image', b'', b'Processing started.', b'Processing completed.', b'', b''] output = output_writer.ReadOutput() self.assertEqual(output.split(b'\n'), expected_output)
def testParseArguments(self): """Tests the ParseArguments function""" output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8') test_tool = psteal.PstealTool(output_writer=output_writer) # Test ParseArguments with no output file nor source. result = test_tool.ParseArguments() self.assertFalse(result) output = output_writer.ReadOutput() expected_error = u'ERROR: Missing source path' self.assertIn(expected_error, output)