Exemplos de PinfoTool em Python, exemplos de tools.pinfo.PinfoTool em Python

Exemplo n.º 1

0

Exibir arquivo

    def testParseArguments(self):
        """Tests the ParseArguments function."""
        output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
        test_tool = pinfo.PinfoTool(output_writer=output_writer)

        result = test_tool.ParseArguments()
        self.assertFalse(result)

Exemplo n.º 2

0

Exibir arquivo

    def testCompareStorages(self):
        """Tests the CompareStorages function."""
        output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
        test_tool = pinfo.PinfoTool(output_writer=output_writer)

        test_file1 = self._GetTestFilePath([u'psort_test.json.plaso'])
        test_file2 = self._GetTestFilePath([u'pinfo_test.json.plaso'])

        options = cli_test_lib.TestOptions()
        options.compare_storage_file = test_file1
        options.storage_file = test_file1

        test_tool.ParseOptions(options)

        self.assertTrue(test_tool.CompareStorages())

        output = output_writer.ReadOutput()
        self.assertEqual(output, b'Storages are identical.\n')

        options = cli_test_lib.TestOptions()
        options.compare_storage_file = test_file1
        options.storage_file = test_file2

        test_tool.ParseOptions(options)

        self.assertFalse(test_tool.CompareStorages())

        output = output_writer.ReadOutput()
        self.assertEqual(output, b'Storages are different.\n')

Exemplo n.º 3

0

Exibir arquivo

    def testPrintStorageInformationAsJSON(self):
        """Tests the _PrintStorageInformationAsJSON function."""
        test_filename = u'pinfo_test.json.plaso'
        session_identifier = u'3c552fe34e6448718a7f0f4c95dfc1fe'
        session_start_time = timelib.Timestamp.CopyFromString(
            u'2016-10-16 15:13:58.171984+00:00')
        output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
        test_tool = pinfo.PinfoTool(output_writer=output_writer)
        test_file = self._GetTestFilePath([test_filename])

        options = cli_test_lib.TestOptions()
        options.storage_file = test_file
        options.output_format = u'json'

        test_tool.ParseOptions(options)

        test_tool.PrintStorageInformation()
        output = output_writer.ReadOutput()
        json_output = json.loads(output)
        first_session = json_output[
            u'session_3c552fe34e6448718a7f0f4c95dfc1fe']
        self.assertEqual(first_session[u'identifier'], session_identifier)
        self.assertEqual(first_session[u'start_time'], session_start_time)

        parsers_counter = first_session[u'parsers_counter']
        self.assertEqual(parsers_counter[u'total'], 3)
        self.assertEqual(parsers_counter[u'filestat'], 3)

Exemplo n.º 4

0

Exibir arquivo

    def testParseOptions(self):
        """Tests the ParseOptions function."""
        output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
        test_tool = pinfo.PinfoTool(output_writer=output_writer)

        options = cli_test_lib.TestOptions()
        options.storage_file = self._GetTestFilePath(
            [u'pinfo_test.json.plaso'])

        test_tool.ParseOptions(options)

        options = cli_test_lib.TestOptions()

        with self.assertRaises(errors.BadConfigOption):
            test_tool.ParseOptions(options)

Exemplo n.º 5

0

Exibir arquivo

    def testPrintStorageInformationAsText(self):
        """Tests the _PrintStorageInformationAsText function."""
        output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
        test_tool = pinfo.PinfoTool(output_writer=output_writer)

        test_filename = u'pinfo_test.json.plaso'
        format_version = u'20160715'
        plaso_version = u'1.5.1_20161013'
        session_identifier = u'3c552fe3-4e64-4871-8a7f-0f4c95dfc1fe'
        session_start_time = u'2016-10-16T15:13:58.171984+00:00'
        session_completion_time = u'2016-10-16T15:13:58.957462+00:00'

        command_line_arguments = (
            u'./tools/log2timeline.py --partition=all --quiet '
            u'pinfo_test.json.plaso test_data/tsk_volume_system.raw')

        enabled_parser_names = u', '.join([
            u'android_app_usage', u'asl_log', u'bencode',
            u'bencode/bencode_transmission', u'bencode/bencode_utorrent',
            u'binary_cookies', u'bsm_log', u'chrome_cache',
            u'chrome_preferences', u'cups_ipp', u'custom_destinations',
            u'dockerjson', u'dpkg', u'esedb', u'esedb/esedb_file_history',
            u'esedb/msie_webcache', u'filestat', u'firefox_cache',
            u'firefox_cache2', u'hachoir', u'java_idx', u'lnk',
            u'mac_appfirewall_log', u'mac_keychain', u'mac_securityd',
            u'mactime', u'macwifi', u'mcafee_protection', u'mft', u'msiecf',
            u'olecf', u'olecf/olecf_automatic_destinations',
            u'olecf/olecf_default', u'olecf/olecf_document_summary',
            u'olecf/olecf_summary', u'openxml', u'opera_global',
            u'opera_typed_history', u'pe', u'plist', u'plist/airport',
            u'plist/apple_id', u'plist/ipod_device', u'plist/macosx_bluetooth',
            u'plist/macosx_install_history', u'plist/macuser',
            u'plist/maxos_software_update', u'plist/plist_default',
            u'plist/safari_history', u'plist/spotlight',
            u'plist/spotlight_volume', u'plist/time_machine', u'pls_recall',
            u'popularity_contest', u'prefetch', u'recycle_bin',
            u'recycle_bin_info2', u'rplog', u'sccm', u'selinux',
            u'skydrive_log', u'skydrive_log_old', u'sqlite',
            u'sqlite/android_calls', u'sqlite/android_sms', u'sqlite/appusage',
            u'sqlite/chrome_cookies', u'sqlite/chrome_extension_activity',
            u'sqlite/chrome_history', u'sqlite/firefox_cookies',
            u'sqlite/firefox_downloads', u'sqlite/firefox_history',
            u'sqlite/google_drive', u'sqlite/imessage',
            u'sqlite/kik_messenger', u'sqlite/ls_quarantine',
            u'sqlite/mac_document_versions', u'sqlite/mackeeper_cache',
            u'sqlite/skype', u'sqlite/twitter_ios', u'sqlite/zeitgeist',
            u'symantec_scanlog', u'syslog', u'syslog/cron', u'syslog/ssh',
            u'usnjrnl', u'utmp', u'utmpx', u'winevt', u'winevtx',
            u'winfirewall', u'winiis', u'winjob', u'winreg',
            u'winreg/appcompatcache', u'winreg/bagmru', u'winreg/ccleaner',
            u'winreg/explorer_mountpoints2', u'winreg/explorer_programscache',
            u'winreg/microsoft_office_mru', u'winreg/microsoft_outlook_mru',
            u'winreg/mrulist_shell_item_list', u'winreg/mrulist_string',
            u'winreg/mrulistex_shell_item_list', u'winreg/mrulistex_string',
            u'winreg/mrulistex_string_and_shell_item',
            u'winreg/mrulistex_string_and_shell_item_list',
            u'winreg/msie_zone', u'winreg/mstsc_rdp', u'winreg/mstsc_rdp_mru',
            u'winreg/network_drives', u'winreg/userassist',
            u'winreg/windows_boot_execute', u'winreg/windows_boot_verify',
            u'winreg/windows_run', u'winreg/windows_sam_users',
            u'winreg/windows_services', u'winreg/windows_shutdown',
            u'winreg/windows_task_cache', u'winreg/windows_timezone',
            u'winreg/windows_typed_urls', u'winreg/windows_usb_devices',
            u'winreg/windows_usbstor_devices', u'winreg/windows_version',
            u'winreg/winlogon', u'winreg/winrar_mru', u'winreg/winreg_default',
            u'xchatlog', u'xchatscrollback'
        ])

        table_view = cli_views.ViewsFactory.GetTableView(
            cli_views.ViewsFactory.FORMAT_TYPE_CLI,
            title=u'Plaso Storage Information')
        table_view.AddRow([u'Filename', test_filename])
        table_view.AddRow([u'Format version', format_version])
        table_view.AddRow([u'Serialization format', u'json'])
        table_view.Write(output_writer)

        table_view = cli_views.ViewsFactory.GetTableView(
            cli_views.ViewsFactory.FORMAT_TYPE_CLI, title=u'Sessions')
        table_view.AddRow([session_identifier, session_start_time])
        table_view.Write(output_writer)

        title = u'Session: {0!s}'.format(session_identifier)
        table_view = cli_views.ViewsFactory.GetTableView(
            cli_views.ViewsFactory.FORMAT_TYPE_CLI, title=title)
        table_view.AddRow([u'Start time', session_start_time])
        table_view.AddRow([u'Completion time', session_completion_time])
        table_view.AddRow([u'Product name', u'plaso'])
        table_view.AddRow([u'Product version', plaso_version])
        table_view.AddRow([u'Command line arguments', command_line_arguments])
        table_view.AddRow([u'Parser filter expression', u'N/A'])
        table_view.AddRow(
            [u'Enabled parser and plugins', enabled_parser_names])
        table_view.AddRow([u'Preferred encoding', u'UTF-8'])
        table_view.AddRow([u'Debug mode', u'False'])
        table_view.AddRow([u'Filter file', u'N/A'])
        table_view.AddRow([u'Filter expression', u'N/A'])
        table_view.Write(output_writer)

        table_view = cli_views.ViewsFactory.GetTableView(
            cli_views.ViewsFactory.FORMAT_TYPE_CLI,
            column_names=[u'Parser (plugin) name', u'Number of events'],
            title=u'Events generated per parser')
        table_view.AddRow([u'filestat', u'3'])
        table_view.AddRow([u'Total', u'3'])
        table_view.Write(output_writer)

        expected_output = output_writer.ReadOutput()

        expected_output = (b'{0:s}'
                           b'No errors stored.\n'
                           b'\n'
                           b'No analysis reports stored.\n'
                           b'\n').format(expected_output)

        test_file = self._GetTestFilePath([test_filename])

        options = cli_test_lib.TestOptions()
        options.storage_file = test_file
        options.output_format = u'text'

        test_tool.ParseOptions(options)

        test_tool.PrintStorageInformation()

        output = output_writer.ReadOutput()

        # Compare the output as list of lines which makes it easier to spot
        # differences.
        self.assertEqual(output.split(b'\n'), expected_output.split(b'\n'))

Exemplo n.º 6

0

Exibir arquivo

Arquivo: pinfo_test.py Projeto: cnbird1999/plaso

    def testPrintStorageInformation(self):
        """Tests the PrintStorageInformation function."""
        # Make sure the test outputs UTF-8.
        output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
        test_tool = pinfo.PinfoTool(output_writer=output_writer)

        options = frontend.Options()
        options.storage_file = self._GetTestFilePath([u'psort_test.out'])

        test_tool.ParseOptions(options)

        test_tool.PrintStorageInformation()

        # TODO: clean up output so that u'...' is not generated.
        expected_output = (
            b'---------------------------------------------------------------------'
            b'-----------\n'
            b'\t\tPlaso Storage Information\n'
            b'---------------------------------------------------------------------'
            b'-----------\n'
            b'Storage file:\t\t{0:s}\n'
            b'Source processed:\tsyslog\nTime of processing:\t'
            b'2014-02-15T04:33:16+00:00\n'
            b'\n'
            b'Collection information:\n'
            b'\tparser_selection = \n'
            b'\tos_detected = N/A\n'
            b'\tconfigured_zone = UTC\n'
            b'\tdebug = False\n'
            b'\tparsers = [u\'sqlite\', u\'winfirewall\', u\'selinux\', '
            b'u\'recycle_bin\', u\'filestat\', u\'syslog\', u\'lnk\', '
            b'u\'xchatscrollback\', u\'symantec_scanlog\', u\'recycle_bin_info2\', '
            b'u\'winevtx\', u\'plist\', u\'bsm_log\', u\'mac_keychain\', '
            b'u\'mac_securityd\', u\'utmp\', u\'asl_log\', u\'opera_global\', '
            b'u\'winjob\', u\'prefetch\', u\'winreg\', u\'msiecf\', u\'bencode\', '
            b'u\'skydrive_log\', u\'openxml\', u\'utmpx\', u\'winevt\', '
            b'u\'hachoir\', u\'opera_typed_history\', u\'mac_appfirewall_log\', '
            b'u\'olecf\', u\'xchatlog\', u\'macwifi\', u\'mactime\', '
            b'u\'java_idx\', u\'mcafee_protection\', u\'skydrive_log_error\']\n'
            b'\tprotobuf_size = 300\n'
            b'\tvss parsing = False\n'
            b'\trecursive = False\n'
            b'\tpreferred_encoding = UTF-8\n'
            b'\tworkers = 12\n'
            b'\toutput_file = psort_test.out\n'
            b'\tversion = 1.1.0-dev_20140213\n'
            b'\tcmd_line = /usr/local/bin/log2timeline.py psort_test.out syslog '
            b'--buffer_size=300\n'
            b'\tpreprocess = False\n'
            b'\truntime = multi threaded\n'
            b'\tmethod = OS collection\n'
            b'\n'
            b'Parser counter information:\n'
            b'\tCounter: total = 15\n'
            b'\tCounter: syslog = 12\n'
            b'\tCounter: filestat = 3\n'
            b'\n'
            b'Store information:\n'
            b'\tNumber of available stores: 7\n'
            b'\tStore information details omitted (to see use: --verbose)\n'
            b'\n'
            b'Preprocessing information omitted (to see use: --verbose).\n'
            b'\n'
            b'No reports stored.\n'
            b'-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+'
            b'-+-+-+-+-+-+').format(options.storage_file.encode(u'utf-8'))

        output = output_writer.ReadOutput()

        self.assertEqual(output, expected_output)

Exemplo n.º 7

0

Exibir arquivo

 def setUp(self):
     """Sets up the needed objects used throughout the test."""
     self._output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
     self._test_tool = pinfo.PinfoTool(output_writer=self._output_writer)