def _ParseDistributedTrackingIdentifier(self, parser_mediator, uuid_data,
origin):
"""Extracts data from a Distributed Tracking identifier.
Args:
parser_mediator (ParserMediator): mediates interactions between parsers
and other components, such as storage and dfvfs.
uuid_data (bytes): UUID data of the Distributed Tracking identifier.
origin (str): origin of the event (event source).
Returns:
str: UUID string of the Distributed Tracking identifier.
"""
uuid_object = uuid.UUID(bytes_le=uuid_data)
if uuid_object.version == 1:
event_data = windows_events.WindowsDistributedLinkTrackingEventData(
uuid_object, origin)
date_time = dfdatetime_uuid_time.UUIDTime(
timestamp=uuid_object.time)
event = time_events.DateTimeValuesEvent(
date_time, definitions.TIME_DESCRIPTION_CREATION)
parser_mediator.ProduceEventWithEventData(event, event_data)
return u'{{{0!s}}}'.format(uuid_object)
def testGetAttributeNames(self):
"""Tests the GetAttributeNames function."""
test_uuid = uuid.UUID(uuid.uuid1().hex)
attribute_container = (
windows_events.WindowsDistributedLinkTrackingEventData(test_uuid, None))
expected_attribute_names = [
'_event_data_stream_row_identifier', 'data_type', 'mac_address',
'origin', 'parser', 'uuid']
attribute_names = sorted(attribute_container.GetAttributeNames())
self.assertEqual(attribute_names, expected_attribute_names)
def testGetAttributeNames(self):
"""Tests the GetAttributeNames function."""
test_uuid = uuid.UUID(uuid.uuid1().get_hex())
attribute_container = (
windows_events.WindowsDistributedLinkTrackingEventData(
test_uuid, None))
expected_attribute_names = [
u'data_type', u'mac_address', u'offset', u'origin', u'query',
u'uuid'
]
attribute_names = sorted(attribute_container.GetAttributeNames())
self.assertEqual(attribute_names, expected_attribute_names)
def _ParseDistributedTrackingIdentifier(self, parser_mediator, uuid_string,
origin):
"""Extracts data from a Distributed Tracking identifier.
Args:
parser_mediator (ParserMediator): mediates interactions between parsers
and other components, such as storage and dfvfs.
uuid_string (str): UUID string of the Distributed Tracking identifier.
origin (str): origin of the event (event source).
"""
uuid_object = uuid.UUID(uuid_string)
if uuid_object.version == 1:
event_data = windows_events.WindowsDistributedLinkTrackingEventData(
uuid_object, origin)
date_time = dfdatetime_uuid_time.UUIDTime(
timestamp=uuid_object.time)
event = time_events.DateTimeValuesEvent(
date_time, eventdata.EventTimestamp.CREATION_TIME)
parser_mediator.ProduceEventWithEventData(event, event_data)
