def testParse(self):
"""Tests the Parse function."""
parser = symantec.SymantecParser()
storage_writer = self._ParseFile(['Symantec.Log'], parser)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 8)
# The order in which DSVParser generates events is nondeterministic
# hence we sort the events.
events = list(storage_writer.GetSortedEvents())
expected_event_values = {
'action0': '14',
'action1': '5',
'action2': '3',
'cat': '1',
'data_type': 'av:symantec:scanlog',
'event': '5',
'event_data': '201\t4\t6\t1\t65542\t0\t0\t0\t0\t0\t0',
'file': 'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt',
'scanid': '0',
'timestamp': '2012-11-30 10:47:29.000000',
'user': '******',
'virus': 'W32.Changeup!gen33'
}
self.CheckEventValues(storage_writer, events[1], expected_event_values)
def testGetTimeElementsTuple(self):
"""Tests the _GetTimeElementsTuple function."""
parser = symantec.SymantecParser()
expected_time_elements_tuple = (2002, 11, 19, 8, 1, 34)
time_elements_tuple = parser._GetTimeElementsTuple('200A13080122')
self.assertEqual(time_elements_tuple, expected_time_elements_tuple)
expected_time_elements_tuple = (2012, 11, 30, 10, 47, 29)
time_elements_tuple = parser._GetTimeElementsTuple('2A0A1E0A2F1D')
self.assertEqual(time_elements_tuple, expected_time_elements_tuple)
def testConvertToTimestamp(self):
"""Tests the _ConvertToTimestamp function."""
parser_object = symantec.SymantecParser()
# pylint: disable=protected-access
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2002-11-19 08:01:34')
timestamp = parser_object._ConvertToTimestamp(
u'200A13080122', timezone=pytz.UTC)
self.assertEqual(timestamp, expected_timestamp)
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2012-11-30 10:47:29')
timestamp = parser_object._ConvertToTimestamp(
u'2A0A1E0A2F1D', timezone=pytz.UTC)
self.assertEqual(timestamp, expected_timestamp)
def testParse(self):
"""Tests the Parse function."""
parser = symantec.SymantecParser()
storage_writer = self._ParseFile(['Symantec.Log'], parser)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 8)
# The order in which DSVParser generates events is nondeterministic
# hence we sort the events.
events = list(storage_writer.GetSortedEvents())
# Test the second entry:
event = events[1]
self.CheckTimestamp(event.timestamp, '2012-11-30 10:47:29.000000')
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.user, 'davnads')
expected_file = (
'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt')
self.assertEqual(event_data.file, expected_file)
expected_message = (
'Event Name: GL_EVENT_INFECTION; '
'Category Name: GL_CAT_INFECTION; '
'Malware Name: W32.Changeup!gen33; '
'Malware Path: '
'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt; '
'Action0: Unknown; '
'Action1: Clean virus from file; '
'Action2: Delete infected file; '
'Scan ID: 0; '
'Event Data: 201\t4\t6\t1\t65542\t0\t0\t0\t0\t0\t0')
expected_short_message = (
'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt; '
'W32.Changeup!gen33; '
'Unknown; ...')
self._TestGetMessageStrings(
event_data, expected_message, expected_short_message)
def testParse(self):
"""Tests the Parse function."""
parser_object = symantec.SymantecParser()
test_file = self._GetTestFilePath([u'Symantec.Log'])
event_queue_consumer = self._ParseFile(parser_object, test_file)
event_objects = self._GetEventObjectsFromQueue(event_queue_consumer)
# The file contains 8 lines which should result in 8 event objects.
self.assertEqual(len(event_objects), 8)
# Test the second entry:
event_object = event_objects[1]
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2012-11-30 10:47:29')
self.assertEqual(event_object.timestamp, expected_timestamp)
self.assertEqual(event_object.user, u'davnads')
expected_file = (
u'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt')
self.assertEqual(event_object.file, expected_file)
expected_msg = (
u'Event Name: GL_EVENT_INFECTION; '
u'Category Name: GL_CAT_INFECTION; '
u'Malware Name: W32.Changeup!gen33; '
u'Malware Path: '
u'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt; '
u'Action0: Unknown; '
u'Action1: Clean virus from file; '
u'Action2: Delete infected file; '
u'Scan ID: 0; '
u'Event Data: 201\t4\t6\t1\t65542\t0\t0\t0\t0\t0\t0')
expected_msg_short = (
u'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt; '
u'W32.Changeup!gen33; '
u'Unknown; ...')
self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short)
def setUp(self): """Makes preparations before running an individual test.""" self._parser = symantec.SymantecParser()
def setUp(self):
"""Sets up the needed objects used throughout the test."""
pre_obj = event.PreprocessObject()
self._parser = symantec.SymantecParser(pre_obj, None)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._parser = symantec.SymantecParser()
