def testParsingChromeCookieDatabase(self):
"""Test the process function on a Chrome cookie database."""
plugin = chrome_cookies.ChromeCookiePlugin()
test_file = self._GetTestFilePath([u'cookies.db'])
event_queue_consumer = self._ParseDatabaseFileWithPlugin(
plugin, test_file)
event_objects = self._GetAnalyticsCookies(event_queue_consumer)
# The cookie database contains 560 entries in total. Out of them
# there are 75 events created by the Google Analytics plugin.
self.assertEqual(len(event_objects), 75)
# Check few "random" events to verify.
# Check an UTMZ Google Analytics event.
event_object = event_objects[39]
self.assertEqual(event_object.utmctr, u'enders game')
self.assertEqual(event_object.domain_hash, u'68898382')
self.assertEqual(event_object.sessions, 1)
expected_msg = (
u'http://imdb.com/ (__utmz) Sessions: 1 Domain Hash: 68898382 '
u'Sources: 1 Last source used to access: google Ad campaign '
u'information: (organic) Last type of visit: organic Keywords '
u'used to find site: enders game')
self._TestGetMessageStrings(event_object, expected_msg,
u'http://imdb.com/ (__utmz)')
# Check the UTMA Google Analytics event.
event_object = event_objects[41]
self.assertEqual(event_object.timestamp_desc,
u'Analytics Previous Time')
self.assertEqual(event_object.cookie_name, u'__utma')
self.assertEqual(event_object.visitor_id, u'1827102436')
self.assertEqual(event_object.sessions, 2)
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2012-03-22 01:55:29')
self.assertEqual(event_object.timestamp, expected_timestamp)
expected_msg = (u'http://assets.tumblr.com/ (__utma) '
u'Sessions: 2 '
u'Domain Hash: 151488169 '
u'Visitor ID: 1827102436')
self._TestGetMessageStrings(event_object, expected_msg,
u'http://assets.tumblr.com/ (__utma)')
# Check the UTMB Google Analytics event.
event_object = event_objects[34]
self.assertEqual(event_object.timestamp_desc,
eventdata.EventTimestamp.LAST_VISITED_TIME)
self.assertEqual(event_object.cookie_name, u'__utmb')
self.assertEqual(event_object.domain_hash, u'154523900')
self.assertEqual(event_object.pages_viewed, 1)
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2012-03-22 01:48:30')
self.assertEqual(event_object.timestamp, expected_timestamp)
expected_msg = (
u'http://upressonline.com/ (__utmb) Pages Viewed: 1 Domain Hash: '
u'154523900')
self._TestGetMessageStrings(event_object, expected_msg,
u'http://upressonline.com/ (__utmb)')
def testParsingChromeCookieDatabase(self):
"""Test the process function on a Chrome cookie database."""
plugin = chrome_cookies.ChromeCookiePlugin()
storage_writer = self._ParseDatabaseFileWithPlugin(['cookies.db'],
plugin)
events = self._GetAnalyticsCookieEvents(storage_writer)
self.assertEqual(storage_writer.number_of_warnings, 1)
# The cookie database contains 560 entries in total. Out of them
# there are 75 events created by the Google Analytics plugin.
self.assertEqual(len(events), 75)
# Check few "random" events to verify.
# Check an UTMZ Google Analytics event.
event = events[39]
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.utmctr, 'enders game')
self.assertEqual(event_data.domain_hash, '68898382')
self.assertEqual(event_data.sessions, 1)
expected_message = (
'http://imdb.com/ (__utmz) Sessions: 1 Domain Hash: 68898382 '
'Sources: 1 Last source used to access: google Ad campaign '
'information: (organic) Last type of visit: organic Keywords '
'used to find site: enders game')
expected_short_message = 'http://imdb.com/ (__utmz)'
self._TestGetMessageStrings(event, expected_message,
expected_short_message)
# Check the UTMA Google Analytics event.
event = events[41]
self.CheckTimestamp(event.timestamp, '2012-03-22 01:55:29.000000')
self.assertEqual(event.timestamp_desc, 'Analytics Previous Time')
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.cookie_name, '__utma')
self.assertEqual(event_data.visitor_id, '1827102436')
self.assertEqual(event_data.sessions, 2)
expected_message = ('http://assets.tumblr.com/ (__utma) '
'Sessions: 2 '
'Domain Hash: 151488169 '
'Visitor ID: 1827102436')
expected_short_message = 'http://assets.tumblr.com/ (__utma)'
self._TestGetMessageStrings(event, expected_message,
expected_short_message)
# Check the UTMB Google Analytics event.
event = events[34]
self.CheckTimestamp(event.timestamp, '2012-03-22 01:48:30.000000')
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_LAST_VISITED)
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.cookie_name, '__utmb')
self.assertEqual(event_data.domain_hash, '154523900')
self.assertEqual(event_data.pages_viewed, 1)
expected_message = (
'http://upressonline.com/ (__utmb) Pages Viewed: 1 Domain Hash: '
'154523900')
expected_short_message = 'http://upressonline.com/ (__utmb)'
self._TestGetMessageStrings(event, expected_message,
expected_short_message)
def testProcess(self):
"""Tests the Process function on a Chrome cookie database file."""
plugin = chrome_cookies.ChromeCookiePlugin()
storage_writer = self._ParseDatabaseFileWithPlugin(['cookies.db'],
plugin)
# There should be one warning due to the parser attempting the Chrome 66+
# query as well.
self.assertEqual(storage_writer.number_of_warnings, 1)
# Since we've got both events generated by cookie plugins and the Chrome
# cookie plugin we need to separate them.
events = []
extra_objects = []
for event in storage_writer.GetEvents():
event_data = self._GetEventDataOfEvent(storage_writer, event)
if event_data.data_type == 'chrome:cookie:entry':
events.append(event)
else:
extra_objects.append(event)
# The cookie database contains 560 entries:
# 560 creation timestamps.
# 560 last access timestamps.
# 560 expired timestamps.
# Then there are extra events created by plugins:
# 75 events created by Google Analytics cookies.
# In total: 1755 events.
self.assertEqual(len(events), 3 * 560)
self.assertEqual(len(extra_objects), 75)
# Check few "random" events to verify.
# Check one linkedin cookie.
event = events[124]
self.CheckTimestamp(event.timestamp, '2011-08-25 21:50:27.292367')
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_LAST_ACCESS)
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.host, 'www.linkedin.com')
self.assertEqual(event_data.cookie_name, 'leo_auth_token')
self.assertFalse(event_data.httponly)
self.assertEqual(event_data.url, 'http://www.linkedin.com/')
expected_message = (
'http://www.linkedin.com/ (leo_auth_token) Flags: [HTTP only] = False '
'[Persistent] = True')
expected_short_message = 'www.linkedin.com (leo_auth_token)'
self._TestGetMessageStrings(event_data, expected_message,
expected_short_message)
# Check one of the visits to rubiconproject.com.
event = events[379]
self.CheckTimestamp(event.timestamp, '2012-04-01 13:54:34.949210')
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_LAST_ACCESS)
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.url, 'http://rubiconproject.com/')
self.assertEqual(event_data.path, '/')
self.assertFalse(event_data.secure)
self.assertTrue(event_data.persistent)
expected_message = (
'http://rubiconproject.com/ (put_2249) Flags: [HTTP only] = False '
'[Persistent] = True')
self._TestGetMessageStrings(event, expected_message,
'rubiconproject.com (put_2249)')
# Examine an event for a visit to a political blog site.
event = events[444]
self.CheckTimestamp(event.timestamp, '2012-03-22 01:47:21.012022')
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(
event_data.path,
'/2012/03/21/romney-tries-to-clean-up-etch-a-sketch-mess/')
self.assertEqual(event_data.host, 'politicalticker.blogs.cnn.com')
# Examine a cookie that has an autologin entry.
event = events[1425]
self.CheckTimestamp(event.timestamp, '2012-04-01 13:52:56.189444')
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_CREATION)
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.host, 'marvel.com')
self.assertEqual(event_data.cookie_name, 'autologin[timeout]')
# This particular cookie value represents a timeout value that corresponds
# to the expiration date of the cookie.
self.assertEqual(event_data.data, '1364824322')
# Examine a cookie expiry event.
event = events[2]
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_EXPIRATION)
self.CheckTimestamp(event.timestamp, '2013-08-14 14:19:42.000000')
def testProcess(self):
"""Tests the Process function on a Chrome cookie database file."""
plugin = chrome_cookies.ChromeCookiePlugin()
storage_writer = self._ParseDatabaseFileWithPlugin(
['Cookies-68.0.3440.106'], plugin)
# There should be one warning due to the parser attempting the Chrome 17-65
# query as well.
self.assertEqual(storage_writer.number_of_warnings, 1)
# Since we've got both events generated by cookie plugins and the Chrome
# cookie plugin we need to separate them.
events = []
extra_objects = []
for event in storage_writer.GetEvents():
event_data = self._GetEventDataOfEvent(storage_writer, event)
if event_data.data_type == 'chrome:cookie:entry':
events.append(event)
else:
extra_objects.append(event)
# The cookie database contains 5 entries:
# 5 creation timestamps.
# 5 last access timestamps.
# 5 expired timestamps.
# Then there are extra events created by plugins:
# 1 event created by Google Analytics cookies.
# In total: 16 events.
self.assertEqual(len(events), 3 * 5)
self.assertEqual(len(extra_objects), 1)
# Test some cookies
# Check a GA cookie creation event with a path.
event = events[0]
self.CheckTimestamp(event.timestamp, '2018-08-14 15:03:43.650324')
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_CREATION)
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.host, 'google.com')
self.assertEqual(event_data.cookie_name, '__utma')
self.assertFalse(event_data.httponly)
self.assertEqual(event_data.url, 'http://google.com/gmail/about/')
expected_message = ('http://google.com/gmail/about/ (__utma) '
'Flags: [HTTP only] = False [Persistent] = True')
expected_short_message = 'google.com (__utma)'
self._TestGetMessageStrings(event_data, expected_message,
expected_short_message)
# Check one of the visits to fbi.gov for last accessed time.
event = events[10]
self.CheckTimestamp(event.timestamp, '2018-08-20 17:19:53.134291')
self.assertEqual(event.timestamp_desc,
definitions.TIME_DESCRIPTION_LAST_ACCESS)
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.url, 'http://fbi.gov/')
self.assertEqual(event_data.path, '/')
self.assertFalse(event_data.secure)
self.assertTrue(event_data.persistent)
expected_message = ('http://fbi.gov/ (__cfduid) '
'Flags: [HTTP only] = True [Persistent] = True')
self._TestGetMessageStrings(event, expected_message,
'fbi.gov (__cfduid)')
# Examine an event for a cookie with a very large expire time.
event = events[8]
self.CheckTimestamp(event.timestamp, '9999-08-17 12:26:28.000000')
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.host, 'projects.fivethirtyeight.com')
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._plugin = chrome_cookies.ChromeCookiePlugin()
def setUp(self):
"""Sets up the needed objects used throughout the test."""
pre_obj = event.PreprocessObject()
self._plugin = chrome_cookies.ChromeCookiePlugin(pre_obj)
def setUp(self):
"""Makes preparations before running an individual test."""
self._plugin = chrome_cookies.ChromeCookiePlugin()
