def testExtractEventsFromSourceSingleFile(self): """Tests the ExtractEventsFromSources function on a single file.""" test_artifacts_path = self._GetTestFilePath(['artifacts']) self._SkipIfPathNotExists(test_artifacts_path) test_file_path = self._GetTestFilePath(['System.evtx']) self._SkipIfPathNotExists(test_file_path) output_writer = test_lib.TestOutputWriter(encoding='utf-8') test_tool = psteal_tool.PstealTool(output_writer=output_writer) options = test_lib.TestOptions() options.artifact_definitions_path = test_artifacts_path options.quiet = True options.status_view_mode = 'none' options.source = test_file_path with shared_test_lib.TempDirectory() as temp_directory: options.log_file = os.path.join(temp_directory, 'output.log') options.storage_file = os.path.join(temp_directory, 'storage.plaso') options.write = os.path.join(temp_directory, 'output.txt') test_tool.ParseOptions(options) test_tool.ExtractEventsFromSources() expected_output = [ '', 'Source path\t\t: {0:s}'.format(options.source), 'Source type\t\t: single file', 'Processing time\t\t: 00:00:00', '', 'Processing started.', 'Processing completed.', '', '' ] output = output_writer.ReadOutput() self._CheckOutput(output, expected_output)
def Main(): """The main function.""" tool = psteal_tool.PstealTool() if not tool.ParseArguments(sys.argv[1:]): return False if tool.show_troubleshooting: print('Using Python version {0!s}'.format(sys.version)) print() print('Path: {0:s}'.format(os.path.abspath(__file__))) print() print(tool.GetVersionInformation()) print() dependencies.CheckDependencies(verbose_output=True) print('Also see: https://plaso.readthedocs.io/en/latest/sources/user/' 'Troubleshooting.html') return True try: tool.CheckOutDated() except KeyboardInterrupt: return False have_list_option = False if tool.list_timezones: tool.ListTimeZones() have_list_option = True if tool.list_output_modules: tool.ListOutputModules() have_list_option = True if tool.list_timezones: tool.ListTimeZones() have_list_option = True if tool.list_parsers_and_plugins: tool.ListParsersAndPlugins() have_list_option = True if tool.list_hashers: tool.ListHashers() have_list_option = True if tool.list_language_identifiers: tool.ListLanguageIdentifiers() have_list_option = True if have_list_option: return True if tool.dependencies_check and not dependencies.CheckDependencies( verbose_output=False): return False try: tool.ExtractEventsFromSources() tool.AnalyzeEvents() # Writing to stdout and stderr will raise BrokenPipeError if it # receives a SIGPIPE. except BrokenPipeError: pass except (KeyboardInterrupt, errors.UserAbort): logging.warning('Aborted by user.') return False except errors.SourceScannerError as exception: logging.warning(exception) return False return True