def testProcess(self):
"""Tests the Process function on a MacOS Notification Center db."""
plugin = mac_notificationcenter.MacNotificationCenterPlugin()
storage_writer = self._ParseDatabaseFileWithPlugin(
['mac_notificationcenter.db'], plugin)
self.assertEqual(6, storage_writer.number_of_events)
events = list(storage_writer.GetEvents())
event = events[0]
self.CheckTimestamp(event.timestamp, '2018-05-02 10:59:18.930156')
self.assertEqual(
event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION)
self.assertEqual(event.body, "KeePassXC can now be run")
self.assertEqual(event.bundle_name, "com.google.santagui")
expected_message = (
'Title: Santa'
' '
'registered by: com.google.santagui. '
'Presented: Yes, '
'Content: KeePassXC can now be run')
expected_short_message = (
'Title: Santa, Content: KeePassXC can now be run')
self._TestGetMessageStrings(event, expected_message, expected_short_message)
event = events[2]
self.CheckTimestamp(event.timestamp, '2018-05-02 11:13:21.531085')
self.assertEqual(
event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION)
self.assertEqual(event.title, "Drive File Stream")
self.assertEqual(event.bundle_name, "com.google.drivefs")
expected_message = (
'Title: Drive File Stream'
' '
'registered by: com.google.drivefs. '
'Presented: Yes, '
'Content: Drive File Stream is loading your'
' files…')
expected_short_message = (
'Title: Drive File Stream, Content: Drive File Stream is loading your '
'files…')
self._TestGetMessageStrings(event, expected_message, expected_short_message)
event = events[5]
self.CheckTimestamp(event.timestamp, '2018-05-16 16:38:04.686080')
self.assertEqual(
event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION)
self.assertEqual(event.body, "PyCharm can now be run")
self.assertEqual(event.bundle_name, "com.google.santagui")
expected_message = (
'Title: Santa'
' '
'registered by: com.google.santagui. '
'Presented: Yes, '
'Content: PyCharm can now be run')
expected_short_message = (
'Title: Santa, Content: PyCharm can now be run')
self._TestGetMessageStrings(event, expected_message, expected_short_message)
def testProcess(self):
"""Tests the Process function on a MacOS Notification Center db."""
plugin = mac_notificationcenter.MacNotificationCenterPlugin()
storage_writer = self._ParseDatabaseFileWithPlugin(
['mac_notificationcenter.db'], plugin)
number_of_events = storage_writer.GetNumberOfAttributeContainers('event')
self.assertEqual(number_of_events, 6)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'extraction_warning')
self.assertEqual(number_of_warnings, 0)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'recovery_warning')
self.assertEqual(number_of_warnings, 0)
events = list(storage_writer.GetEvents())
# TODO: look into rounding differences between date_time and timestamp
expected_event_values = {
'body': 'KeePassXC can now be run',
'bundle_name': 'com.google.santagui',
'data_type': 'mac:notificationcenter:db',
'date_time': '2018-05-02 10:59:18.930155',
'presented': 1,
'timestamp': '2018-05-02 10:59:18.930156',
'timestamp_desc': definitions.TIME_DESCRIPTION_CREATION,
'title': 'Santa'}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
expected_event_values = {
'body': 'Drive File Stream is loading your files…',
'bundle_name': 'com.google.drivefs',
'data_type': 'mac:notificationcenter:db',
'date_time': '2018-05-02 11:13:21.531085',
'presented': 1,
'timestamp': '2018-05-02 11:13:21.531085',
'timestamp_desc': definitions.TIME_DESCRIPTION_CREATION,
'title': 'Drive File Stream'}
self.CheckEventValues(storage_writer, events[2], expected_event_values)
expected_event_values = {
'body': 'PyCharm can now be run',
'bundle_name': 'com.google.santagui',
'data_type': 'mac:notificationcenter:db',
'date_time': '2018-05-16 16:38:04.686079',
'presented': 1,
'timestamp': '2018-05-16 16:38:04.686080',
'timestamp_desc': definitions.TIME_DESCRIPTION_CREATION,
'title': 'Santa'}
self.CheckEventValues(storage_writer, events[5], expected_event_values)
def testProcess(self):
"""Tests the Process function on a MacOS Notification Center db."""
plugin = mac_notificationcenter.MacNotificationCenterPlugin()
storage_writer = self._ParseDatabaseFileWithPlugin(
['mac_notificationcenter.db'], plugin)
self.assertEqual(6, storage_writer.number_of_events)
events = list(storage_writer.GetEvents())
expected_event_values = {
'body': 'KeePassXC can now be run',
'bundle_name': 'com.google.santagui',
'data_type': 'mac:notificationcenter:db',
'presented': 1,
'timestamp': '2018-05-02 10:59:18.930156',
'timestamp_desc': definitions.TIME_DESCRIPTION_CREATION,
'title': 'Santa'
}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
expected_event_values = {
'body': 'Drive File Stream is loading your files…',
'bundle_name': 'com.google.drivefs',
'data_type': 'mac:notificationcenter:db',
'presented': 1,
'timestamp': '2018-05-02 11:13:21.531085',
'timestamp_desc': definitions.TIME_DESCRIPTION_CREATION,
'title': 'Drive File Stream'
}
self.CheckEventValues(storage_writer, events[2], expected_event_values)
expected_event_values = {
'body': 'PyCharm can now be run',
'bundle_name': 'com.google.santagui',
'data_type': 'mac:notificationcenter:db',
'presented': 1,
'timestamp': '2018-05-16 16:38:04.686080',
'timestamp_desc': definitions.TIME_DESCRIPTION_CREATION,
'title': 'Santa'
}
self.CheckEventValues(storage_writer, events[5], expected_event_values)