def testWriteMessageFilesPerEventLogProvider(self):
"""Tests the WriteMessageFilesPerEventLogProvider function."""
event_log_provider = resources.EventLogProvider(
'Application', 'Microsoft-Windows-RPC-Events',
'{f4aed7c7-a898-4627-b053-44a7caa12fcd}')
database_writer = database.EventProvidersSqlite3DatabaseWriter()
with shared_test_lib.TempDirectory() as temporary_directory:
test_file_path = os.path.join(temporary_directory, 'winevt-kb.db')
database_writer.Open(test_file_path)
database_writer.WriteEventLogProvider(event_log_provider)
database_writer.WriteMessageFile(
'%SystemRoot%\\system32\\rpcrt4.dll', 'rpcrt4.dll.db')
database_writer.WriteMessageFilesPerEventLogProvider(
event_log_provider, '%SystemRoot%\\system32\\rpcrt4.dll',
'event')
database_writer.WriteMessageFilesPerEventLogProvider(
event_log_provider, '%SystemRoot%\\system32\\rpcrt4.dll',
'event')
database_writer.Close()
def _CollectEventLogProvidersFromKey(self, eventlog_key):
"""Retrieves the Event Log providers from a specific key.
Args:
eventlog_key: the Event Log key object (instance of
dfwinreg.WinRegistryKey).
Yields:
An Event Log provider object (instance of EventLogProvider).
"""
if not eventlog_key:
return
for log_type_key in eventlog_key.GetSubkeys():
log_type = log_type_key.name
for log_source_key in log_type_key.GetSubkeys():
log_source = log_source_key.name
provider_guid_value = log_source_key.GetValueByName(
u'ProviderGuid')
if provider_guid_value:
provider_guid = provider_guid_value.GetDataAsObject()
else:
provider_guid = None
event_log_provider = resources.EventLogProvider(
log_type, log_source, provider_guid)
category_message_file_value = log_source_key.GetValueByName(
u'CategoryMessageFile')
if category_message_file_value:
event_log_provider.SetCategoryMessageFilenames(
category_message_file_value.GetDataAsObject())
event_message_file_value = log_source_key.GetValueByName(
u'EventMessageFile')
if event_message_file_value:
event_log_provider.SetEventMessageFilenames(
event_message_file_value.GetDataAsObject())
parameter_message_file_value = log_source_key.GetValueByName(
u'ParameterMessageFile')
if parameter_message_file_value:
event_log_provider.SetParameterMessageFilenames(
parameter_message_file_value.GetDataAsObject())
yield event_log_provider
def testSetParameterMessageFilenames(self):
"""Tests the SetParameterMessageFilenames function."""
event_log_provider = resources.EventLogProvider(
'log_type', 'log_source', 'provider_guid')
expected_parameter_message_files = ['test1', 'test2', 'test3']
event_log_provider.SetParameterMessageFilenames(
expected_parameter_message_files)
self.assertEqual(event_log_provider.parameter_message_files,
expected_parameter_message_files)
event_log_provider.SetParameterMessageFilenames('test1;test2;test3')
self.assertEqual(event_log_provider.parameter_message_files,
expected_parameter_message_files)
def testSetEventMessageFilenames(self):
"""Tests the SetEventMessageFilenames function."""
event_log_provider = resources.EventLogProvider(
u'log_type', u'log_source', u'provider_guid')
expected_event_message_files = [u'test1', u'test2', u'test3']
event_log_provider.SetEventMessageFilenames(
expected_event_message_files)
self.assertEqual(
event_log_provider.event_message_files,
expected_event_message_files)
event_log_provider.SetEventMessageFilenames(u'test1;test2;test3')
self.assertEqual(
event_log_provider.event_message_files,
expected_event_message_files)
def testExtractMessageFile(self):
"""Tests the _ExtractMessageFile function."""
extractor_object = self._CreateTestEventMessageStringExtractor()
# TODO: improve test.
output_writer = TestOutputWriter()
processed_message_filenames = []
event_log_provider = resources.EventLogProvider(
'log_type', 'log_source', 'provider_guid')
message_filename = ''
message_file_type = ''
extractor_object._ExtractMessageFile(
output_writer, processed_message_filenames, event_log_provider,
message_filename, message_file_type)
self.assertEqual(len(output_writer.event_log_providers), 0)
self.assertEqual(len(output_writer.message_files), 0)
