Пример #1
0
    def testWaitForTimeline(self, mock_GetApiClient, unused_streamer,
                            unused_sleep):
        """Tests the SetUp function."""
        mock_sketch = mock.Mock()
        mock_sketch.id = 1234
        mock_sketch.my_acl = ['write']
        mock_sketch.api.api_root = 'timesketch.com/api/v1'

        mock_api_client = mock.Mock()
        mock_api_client.get_sketch.return_value = mock_sketch
        mock_api_client.create_sketch.return_value = mock_sketch
        # We also mock the attributes for the underlying .client object
        mock_api_client.client.get_sketch.return_value = mock_sketch
        mock_api_client.client.create_sketch.return_value = mock_sketch
        mock_GetApiClient.return_value = mock_api_client

        mock_timeline = mock.Mock()
        mock_timeline.status = 'ready'

        mock_sketch.list_timelines.return_value = [mock_timeline]

        test_state = state.DFTimewolfState(config.Config)
        test_state.recipe = {'name': 'test_recipe'}
        timesketch_exporter = timesketch.TimesketchExporter(test_state)
        timesketch_exporter.SetUp(incident_id=None,
                                  sketch_id=None,
                                  analyzers=None,
                                  wait_for_timelines=True)
        timesketch_exporter.Process()
        mock_sketch.list_timelines.assert_called_once()
Пример #2
0
 def testNewSketchCreation(self, mock_GetApiClient, _):
     """Tests the SetUp function."""
     mock_sketch = mock.Mock()
     mock_sketch.id = 1234
     mock_sketch.my_acl = ['write']
     mock_sketch.api.api_root = 'timesketch.com/api/v1'
     mock_api_client = mock.Mock()
     mock_api_client.get_sketch.return_value = None
     mock_api_client.create_sketch.return_value = mock_sketch
     mock_GetApiClient.return_value = mock_api_client
     test_state = state.DFTimewolfState(config.Config)
     test_state.recipe = {'name': 'test_recipe'}
     timesketch_exporter = timesketch.TimesketchExporter(test_state)
     timesketch_exporter.SetUp(incident_id=None,
                               sketch_id=None,
                               analyzers=None)
     timesketch_exporter.Process()
     self.assertEqual(timesketch_exporter.sketch_id, 1234)
     mock_api_client.create_sketch.assert_called_with(
         'Untitled sketch', 'Sketch generated by dfTimewolf')
     report = timesketch_exporter.state.GetContainers(containers.Report)[0]
     self.assertEqual(report.module_name, 'TimesketchExporter')
     self.assertEqual(
         report.text,
         'Your Timesketch URL is: timesketch.com/sketches/1234/')
     self.assertEqual(report.text_format, 'markdown')
Пример #3
0
 def testSetupForceSketchId(self, mock_GetApiClient):
   """Tests the SetUp function when an incident ID is passed."""
   mock_sketch = mock.Mock()
   mock_api_client = mock.Mock()
   mock_api_client.get_sketch.return_value = mock_sketch
   mock_GetApiClient.return_value = mock_api_client
   test_state = state.DFTimewolfState(config.Config)
   timesketch_exporter = timesketch.TimesketchExporter(test_state)
   timesketch_exporter.SetUp(
       incident_id='9999',
       sketch_id='6666',
       analyzers=None
   )
   self.assertEqual(timesketch_exporter.sketch_id, 6666)
   mock_api_client.get_sketch.assert_called_with(6666)
Пример #4
0
 def testSetupWithSketchId(self, mock_GetApiClient):
     """Tests the SetUp function."""
     mock_sketch = mock.Mock()
     mock_sketch.id = 1234
     mock_sketch.my_acl = ['write']
     mock_api_client = mock.Mock()
     mock_api_client.get_sketch.return_value = mock_sketch
     mock_GetApiClient.return_value = mock_api_client
     test_state = state.DFTimewolfState(config.Config)
     timesketch_exporter = timesketch.TimesketchExporter(test_state)
     timesketch_exporter.SetUp(incident_id=None,
                               sketch_id=1234,
                               analyzers=None)
     self.assertEqual(timesketch_exporter.sketch_id, 1234)
     mock_api_client.get_sketch.assert_called_with(1234)
Пример #5
0
 def testSetupForceIncidentId(self, mock_GetApiClient):
   """Tests the SetUp function when an incident ID is passed."""
   mock_sketch = mock.Mock()
   mock_sketch.id = 1234
   mock_api_client = mock.Mock()
   mock_api_client.create_sketch.return_value = mock_sketch
   mock_GetApiClient.return_value = mock_api_client
   test_state = state.DFTimewolfState(config.Config)
   timesketch_exporter = timesketch.TimesketchExporter(test_state)
   timesketch_exporter.SetUp(
       incident_id='9999',
       sketch_id=None,
       analyzers=None
   )
   self.assertEqual(timesketch_exporter.sketch_id, 1234)
   mock_api_client.create_sketch.assert_called_with(
       'Sketch for incident ID: 9999', 'Sketch generated by dfTimewolf')
Пример #6
0
    def testSetupWithReadonlySketchId(self, mock_GetApiClient):
        """Tests the SetUp function."""
        mock_sketch = mock.Mock()
        mock_sketch.id = 1234
        mock_sketch.my_acl = ['read']
        mock_api_client = mock.Mock()
        mock_api_client.get_sketch.return_value = mock_sketch
        mock_GetApiClient.return_value = mock_api_client
        test_state = state.DFTimewolfState(config.Config)
        timesketch_exporter = timesketch.TimesketchExporter(test_state)
        with self.assertRaises(errors.DFTimewolfError) as error:
            timesketch_exporter.SetUp(incident_id=None,
                                      sketch_id=1234,
                                      analyzers=None)

        self.assertEqual(error.exception.message,
                         'No write access to sketch ID 1234, aborting')
Пример #7
0
 def testInitialization(self):
     """Tests that the processor can be initialized."""
     test_state = state.DFTimewolfState()
     timesketch_exporter = timesketch.TimesketchExporter(test_state)
     self.assertIsNotNone(timesketch_exporter)