Exemplo n.º 1
0
  def testProcess57(self):
    """Tests the Process function on a Google Chrome 57 History database."""
    plugin = chrome_history.GoogleChrome27HistoryPlugin()
    storage_writer = self._ParseDatabaseFileWithPlugin(
        ['History-57.0.2987.133'], plugin)

    self.assertEqual(storage_writer.number_of_warnings, 0)
    # The History file contains 2 events (1 page visits, 1 file downloads).
    self.assertEqual(storage_writer.number_of_events, 2)

    events = list(storage_writer.GetEvents())

    # Check the page visit event.
    event = events[0]

    self.CheckTimestamp(event.timestamp, '2018-01-21 14:09:53.885478')
    self.assertEqual(
        event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_VISITED)

    event_data = self._GetEventDataOfEvent(storage_writer, event)
    expected_url = (
        'https://raw.githubusercontent.com/dfirlabs/chrome-specimens/master/'
        'generate-specimens.sh')
    self.assertEqual(event_data.url, expected_url)
    self.assertEqual(event_data.title, '')

    expected_message = (
        '{0:s} '
        '[count: 0] '
        'Type: [START_PAGE - The start page of the browser] '
        '(URL not typed directly - no typed count)').format(expected_url)
    expected_short_message = '{0:s}...'.format(expected_url[:77])

    self._TestGetMessageStrings(
        event_data, expected_message, expected_short_message)

    # Check the file downloaded event.
    event = events[1]

    self.CheckTimestamp(event.timestamp, '2018-01-21 14:09:53.900399')
    self.assertEqual(
        event.timestamp_desc, definitions.TIME_DESCRIPTION_FILE_DOWNLOADED)

    event_data = self._GetEventDataOfEvent(storage_writer, event)
    expected_url = (
        'https://raw.githubusercontent.com/log2timeline/l2tbinaries/master/'
        'win32/plaso-20171231.1.win32.msi')
    self.assertEqual(event_data.url, expected_url)

    expected_full_path = '/home/ubuntu/Downloads/plaso-20171231.1.win32.msi'
    self.assertEqual(event_data.full_path, expected_full_path)

    expected_message = (
        '{0:s} ({1:s}). '
        'Received: 3080192 bytes out of: 3080192 bytes.').format(
            expected_url, expected_full_path)
    expected_short_message = '{0:s} downloaded (3080192 bytes)'.format(
        expected_full_path)
    self._TestGetMessageStrings(
        event_data, expected_message, expected_short_message)
Exemplo n.º 2
0
    def testProcess59ExtraColumn(self):
        """Tests the Process function on a Google Chrome 59 History database,
    manually modified to have an unexpected column.
    """
        plugin = chrome_history.GoogleChrome27HistoryPlugin()
        storage_writer = self._ParseDatabaseFileWithPlugin(
            ['History-59_added-fake-column'], plugin)

        # The History file contains 3 events (1 page visit, 2 file downloads).
        number_of_events = storage_writer.GetNumberOfAttributeContainers(
            'event')
        self.assertEqual(number_of_events, 3)

        number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
            'extraction_warning')
        self.assertEqual(number_of_warnings, 0)

        number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
            'recovery_warning')
        self.assertEqual(number_of_warnings, 0)

        events = list(storage_writer.GetEvents())

        # Check the page visit event.
        expected_url = (
            'https://raw.githubusercontent.com/dfirlabs/chrome-specimens/master/'
            'generate-specimens.sh')

        expected_event_values = {
            'data_type': 'chrome:history:page_visited',
            'date_time': '2018-01-21 14:08:52.037692',
            'timestamp_desc': definitions.TIME_DESCRIPTION_LAST_VISITED,
            'title': '',
            'typed_count': 0,
            'url': expected_url
        }

        self.CheckEventValues(storage_writer, events[0], expected_event_values)

        # Check the file downloaded event.
        expected_event_values = {
            'data_type':
            'chrome:history:file_downloaded',
            'date_time':
            '2018-01-21 14:08:51.811123',
            'full_path':
            '/home/ubuntu/Downloads/plaso-20171231.1.win32.msi',
            'received_bytes':
            3080192,
            'timestamp_desc':
            definitions.TIME_DESCRIPTION_START,
            'total_bytes':
            3080192,
            'url':
            ('https://raw.githubusercontent.com/log2timeline/l2tbinaries/master/'
             'win32/plaso-20171231.1.win32.msi')
        }

        self.CheckEventValues(storage_writer, events[1], expected_event_values)
Exemplo n.º 3
0
    def testProcess57(self):
        """Tests the Process function on a Google Chrome 57 History database."""
        plugin = chrome_history.GoogleChrome27HistoryPlugin()
        storage_writer = self._ParseDatabaseFileWithPlugin(
            ['History-57.0.2987.133'], plugin)

        # The History file contains 3 events (1 page visit, 2 file downloads).
        self.assertEqual(storage_writer.number_of_events, 3)
        self.assertEqual(storage_writer.number_of_extraction_warnings, 0)
        self.assertEqual(storage_writer.number_of_recovery_warnings, 0)

        events = list(storage_writer.GetEvents())

        # Check the page visit event.
        expected_url = (
            'https://raw.githubusercontent.com/dfirlabs/chrome-specimens/master/'
            'generate-specimens.sh')

        expected_event_values = {
            'data_type': 'chrome:history:page_visited',
            'date_time': '2018-01-21 14:09:53.885478',
            'timestamp_desc': definitions.TIME_DESCRIPTION_LAST_VISITED,
            'title': '',
            'typed_count': 0,
            'url': expected_url
        }

        self.CheckEventValues(storage_writer, events[0], expected_event_values)

        # Check the file downloaded event.
        expected_event_values = {
            'data_type':
            'chrome:history:file_downloaded',
            'date_time':
            '2018-01-21 14:09:53.900399',
            'full_path':
            '/home/ubuntu/Downloads/plaso-20171231.1.win32.msi',
            'received_bytes':
            3080192,
            'timestamp_desc':
            definitions.TIME_DESCRIPTION_START,
            'total_bytes':
            3080192,
            'url':
            ('https://raw.githubusercontent.com/log2timeline/l2tbinaries/master/'
             'win32/plaso-20171231.1.win32.msi')
        }

        self.CheckEventValues(storage_writer, events[1], expected_event_values)