def testPrintStorageInformationAsText(self):
"""Tests the PrintStorageInformation function with text output format."""
test_filename = 'pinfo_test.plaso'
format_version = '20210621'
plaso_version = '20210606'
session_identifier = '678d3612-feac-4de7-b929-0bd3260a9365'
session_start_time = '2021-06-23T07:42:30.094310Z'
session_completion_time = '2021-06-23T07:42:39.183687Z'
command_line_arguments = (
'./tools/log2timeline.py --partition=all --quiet '
'--storage-file pinfo_test.plaso test_data/tsk_volume_system.raw')
enabled_parser_names = ', '.join([
'android_app_usage', 'apache_access', 'apt_history', 'asl_log',
'bash_history', 'bencode', 'bencode/bencode_transmission',
'bencode/bencode_utorrent', 'binary_cookies', 'bsm_log',
'chrome_cache', 'chrome_preferences', 'cups_ipp',
'custom_destinations', 'czip', 'czip/oxml', 'dockerjson', 'dpkg',
'esedb', 'esedb/file_history', 'esedb/msie_webcache', 'esedb/srum',
'filestat', 'firefox_cache', 'firefox_cache2', 'fseventsd',
'gdrive_synclog', 'googlelog', 'java_idx', 'lnk',
'mac_appfirewall_log', 'mac_keychain', 'mac_securityd', 'mactime',
'macwifi', 'mcafee_protection', 'mft', 'msiecf',
'networkminer_fileinfo', 'olecf',
'olecf/olecf_automatic_destinations', 'olecf/olecf_default',
'olecf/olecf_document_summary', 'olecf/olecf_summary',
'opera_global', 'opera_typed_history', 'pe', 'plist',
'plist/airport', 'plist/apple_id', 'plist/ipod_device',
'plist/launchd_plist', 'plist/macos_software_update',
'plist/macosx_bluetooth', 'plist/macosx_install_history',
'plist/macuser', 'plist/plist_default', 'plist/safari_history',
'plist/spotlight', 'plist/spotlight_volume', 'plist/time_machine',
'pls_recall', 'popularity_contest', 'prefetch', 'recycle_bin',
'recycle_bin_info2', 'rplog', 'santa', 'sccm', 'selinux',
'setupapi', 'skydrive_log', 'skydrive_log_old', 'sophos_av',
'spotlight_storedb', 'sqlite', 'sqlite/android_calls',
'sqlite/android_sms', 'sqlite/android_webview',
'sqlite/android_webviewcache', 'sqlite/appusage',
'sqlite/chrome_17_cookies', 'sqlite/chrome_27_history',
'sqlite/chrome_66_cookies', 'sqlite/chrome_8_history',
'sqlite/chrome_autofill', 'sqlite/chrome_extension_activity',
'sqlite/firefox_cookies', 'sqlite/firefox_downloads',
'sqlite/firefox_history', 'sqlite/google_drive',
'sqlite/hangouts_messages', 'sqlite/imessage',
'sqlite/kik_messenger', 'sqlite/kodi', 'sqlite/ls_quarantine',
'sqlite/mac_document_versions', 'sqlite/mac_knowledgec',
'sqlite/mac_notes', 'sqlite/mac_notificationcenter',
'sqlite/mackeeper_cache', 'sqlite/macostcc',
'sqlite/safari_historydb', 'sqlite/skype',
'sqlite/tango_android_profile', 'sqlite/tango_android_tc',
'sqlite/twitter_android', 'sqlite/twitter_ios',
'sqlite/windows_timeline', 'sqlite/zeitgeist', 'symantec_scanlog',
'syslog', 'syslog/cron', 'syslog/ssh', 'systemd_journal',
'trendmicro_url', 'trendmicro_vd', 'usnjrnl', 'utmp', 'utmpx',
'vsftpd', 'winevt', 'winevtx', 'winfirewall', 'winiis', 'winjob',
'winreg', 'winreg/amcache', 'winreg/appcompatcache',
'winreg/bagmru', 'winreg/bam', 'winreg/ccleaner',
'winreg/explorer_mountpoints2', 'winreg/explorer_programscache',
'winreg/microsoft_office_mru', 'winreg/microsoft_outlook_mru',
'winreg/mrulist_shell_item_list', 'winreg/mrulist_string',
'winreg/mrulistex_shell_item_list', 'winreg/mrulistex_string',
'winreg/mrulistex_string_and_shell_item',
'winreg/mrulistex_string_and_shell_item_list', 'winreg/msie_zone',
'winreg/mstsc_rdp', 'winreg/mstsc_rdp_mru',
'winreg/network_drives', 'winreg/networks', 'winreg/userassist',
'winreg/windows_boot_execute', 'winreg/windows_boot_verify',
'winreg/windows_run', 'winreg/windows_sam_users',
'winreg/windows_services', 'winreg/windows_shutdown',
'winreg/windows_task_cache', 'winreg/windows_timezone',
'winreg/windows_typed_urls', 'winreg/windows_usb_devices',
'winreg/windows_usbstor_devices', 'winreg/windows_version',
'winreg/winlogon', 'winreg/winrar_mru', 'winreg/winreg_default',
'xchatlog', 'xchatscrollback', 'zsh_extended_history'
])
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI,
title='Plaso Storage Information')
table_view.AddRow(['Filename', test_filename])
table_view.AddRow(['Format version', format_version])
table_view.AddRow(['Storage type', 'session'])
table_view.AddRow(['Serialization format', 'json'])
table_view.Write(output_writer)
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI, title='Sessions')
table_view.AddRow([session_identifier, session_start_time])
table_view.Write(output_writer)
title = 'Session: {0!s}'.format(session_identifier)
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI, title=title)
table_view.AddRow(['Start time', session_start_time])
table_view.AddRow(['Completion time', session_completion_time])
table_view.AddRow(['Product name', 'plaso'])
table_view.AddRow(['Product version', plaso_version])
table_view.AddRow(['Command line arguments', command_line_arguments])
table_view.AddRow(['Parser filter expression', 'N/A'])
table_view.AddRow(['Enabled parser and plugins', enabled_parser_names])
table_view.AddRow(['Preferred encoding', 'UTF-8'])
table_view.AddRow(['Debug mode', 'False'])
table_view.AddRow(['Artifact filters', 'N/A'])
table_view.AddRow(['Filter file', 'N/A'])
table_view.Write(output_writer)
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI,
column_names=['Parser (plugin) name', 'Number of events'],
title='Events generated per parser')
table_view.AddRow(['filestat', '3'])
table_view.AddRow(['Total', '3'])
table_view.Write(output_writer)
expected_output = output_writer.ReadOutput()
expected_output = ('{0:s}'
'\n'
'No events labels stored.\n'
'\n'
'No warnings stored.\n'
'\n'
'No analysis reports stored.\n'
'\n').format(expected_output)
test_file_path = self._GetTestFilePath([test_filename])
self._SkipIfPathNotExists(test_file_path)
options = test_lib.TestOptions()
options.storage_file = test_file_path
options.output_format = 'text'
options.sections = 'events,reports,sessions,warnings'
test_tool = pinfo_tool.PinfoTool(output_writer=output_writer)
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
output = output_writer.ReadOutput()
# Compare the output as list of lines which makes it easier to spot
# differences.
self.assertEqual(output.split('\n'), expected_output.split('\n'))
def testOutput(self):
"""Testing if psort can output data."""
formatters_manager.FormattersManager.RegisterFormatter(
PsortTestEventFormatter)
event_objects = [
PsortTestEvent(5134324321),
PsortTestEvent(2134324321),
PsortTestEvent(9134324321),
PsortTestEvent(15134324321),
PsortTestEvent(5134324322),
PsortTestEvent(5134024321)
]
output_writer = cli_test_lib.TestOutputWriter()
with shared_test_lib.TempDirectory() as temp_directory:
temp_file = os.path.join(temp_directory, u'storage.plaso')
storage_file = storage_zip_file.StorageFile(temp_file)
for event_object in event_objects:
storage_file.AddEventObject(event_object)
storage_file.Close()
storage_file = storage_zip_file.StorageFile(temp_file,
read_only=True)
with storage_zip_file.ZIPStorageFileReader(
storage_file) as storage_reader:
output_mediator_object = output_mediator.OutputMediator(
self._formatter_mediator)
output_mediator_object.SetStorageFile(storage_file)
output_module = TestOutputModule(output_mediator_object)
output_module.SetOutputWriter(output_writer)
event_buffer = TestEventBuffer(output_module,
check_dedups=False,
store=storage_file)
self._front_end.ProcessEventsFromStorage(
storage_reader, event_buffer)
event_buffer.Flush()
lines = []
output = output_writer.ReadOutput()
for line in output.split(b'\n'):
if line == b'.':
continue
if line:
lines.append(line)
# One more line than events (header row).
self.assertEqual(len(lines), 7)
self.assertTrue(b'My text goes along: My text dude. lines' in lines[2])
self.assertTrue(b'LOG/' in lines[2])
self.assertTrue(b'None in Particular' in lines[2])
self.assertEqual(lines[0], (
b'date,time,timezone,MACB,source,sourcetype,type,user,host,short,desc,'
b'version,filename,inode,notes,format,extra'))
formatters_manager.FormattersManager.DeregisterFormatter(
PsortTestEventFormatter)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
self._test_tool = preg.PregTool(output_writer=self._output_writer)
def setUp(self): """Makes preparations before running an individual test.""" output_mediator = self._CreateOutputMediator() self._output_writer = cli_test_lib.TestOutputWriter() self._output_module = l2t_csv.L2TCSVOutputModule(output_mediator) self._output_module.SetOutputWriter(self._output_writer)
def testPrintExtractionStatusUpdateWindow(self):
"""Tests the _PrintExtractionStatusUpdateWindow function."""
output_writer = test_lib.TestOutputWriter()
test_view = status_view.StatusView(output_writer, u'test_tool')
test_view.SetSourceInformation(u'/test/source/path',
dfvfs_definitions.SOURCE_TYPE_DIRECTORY)
process_status = processing_status.ProcessingStatus()
process_status.UpdateForemanStatus(u'f_identifier', u'f_status', 123,
0, u'f_test_file', 1, 29, 3, 456, 5,
6, 7, 8, 9, 10)
test_view._PrintExtractionStatusUpdateWindow(process_status)
string = output_writer.ReadOutput()
table_header = (b'Identifier '
b'PID '
b'Status '
b'Memory '
b'Sources '
b'Events '
b'File')
if not sys.platform.startswith(u'win'):
table_header = b'\x1b[1m{0:s}\x1b[0m'.format(table_header)
expected_lines = [
b'plaso - test_tool version {0:s}'.format(plaso.__version__), b'',
b'Source path\t: /test/source/path', b'Source type\t: directory',
b'', table_header,
(b'f_identifier '
b'123 '
b'f_status '
b'0 B '
b'29 (29) '
b'456 (456) '
b'f_test_file'), b'', b''
]
self.assertEqual(string.split(b'\n'), expected_lines)
process_status.UpdateWorkerStatus(u'w_identifier', u'w_status', 123, 0,
u'w_test_file', 1, 2, 3, 4, 5, 6, 7,
8, 9, 10)
test_view._PrintExtractionStatusUpdateWindow(process_status)
string = output_writer.ReadOutput()
expected_lines = [
b'plaso - test_tool version {0:s}'.format(plaso.__version__), b'',
b'Source path\t: /test/source/path', b'Source type\t: directory',
b'', table_header,
(b'f_identifier '
b'123 '
b'f_status '
b'0 B '
b'29 (29) '
b'456 (456) '
b'f_test_file'),
(b'w_identifier '
b'123 '
b'w_status '
b'0 B '
b'2 (2) '
b'4 (4) '
b'w_test_file'), b'', b''
]
self.assertEqual(string.split(b'\n'), expected_lines)
def testPrintExtractionStatusUpdateWindow(self):
"""Tests the _PrintExtractionStatusUpdateWindow function."""
output_writer = test_lib.TestOutputWriter()
test_view = status_view.StatusView(output_writer, 'test_tool')
test_view.SetSourceInformation('/test/source/path',
dfvfs_definitions.SOURCE_TYPE_DIRECTORY)
process_status = processing_status.ProcessingStatus()
process_status.UpdateForemanStatus('f_identifier', 'f_status', 123, 0,
'f_test_file', 1, 29, 3, 456, 5, 6,
9, 10)
test_view._PrintExtractionStatusUpdateWindow(process_status)
table_header = ('Identifier '
'PID '
'Status '
'Memory '
'Sources '
'Events '
'File')
if not sys.platform.startswith('win'):
table_header = '\x1b[1m{0:s}\x1b[0m'.format(table_header)
expected_output = [
'plaso - test_tool version {0:s}'.format(plaso.__version__), '',
'Source path\t\t: /test/source/path', 'Source type\t\t: directory',
'Processing time\t\t: 00:00:00', '', table_header,
('f_identifier '
'123 '
'f_status '
'0 B '
'29 (29) '
'456 (456) '
'f_test_file'), '', ''
]
output = output_writer.ReadOutput()
self._CheckOutput(output, expected_output)
process_status.UpdateWorkerStatus('w_identifier', 'w_status', 123, 0,
'w_test_file', 1, 2, 3, 4, 5, 6, 9,
10)
test_view._PrintExtractionStatusUpdateWindow(process_status)
expected_output = [
'plaso - test_tool version {0:s}'.format(plaso.__version__), '',
'Source path\t\t: /test/source/path', 'Source type\t\t: directory',
'Processing time\t\t: 00:00:00', '', table_header,
('f_identifier '
'123 '
'f_status '
'0 B '
'29 (29) '
'456 (456) '
'f_test_file'),
('w_identifier '
'123 '
'w_status '
'0 B '
'2 (2) '
'4 (4) '
'w_test_file'), '', ''
]
output = output_writer.ReadOutput()
self._CheckOutput(output, expected_output)
def testPrintStorageInformation(self):
"""Tests the PrintStorageInformation function."""
output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
test_tool = pinfo.PinfoTool(output_writer=output_writer)
test_filename = u'pinfo_test.json.plaso'
format_version = u'20160715'
plaso_version = u'1.5.1_20161013'
session_identifier = u'3c552fe3-4e64-4871-8a7f-0f4c95dfc1fe'
session_start_time = u'2016-10-16T15:13:58.171984+00:00'
session_completion_time = u'2016-10-16T15:13:58.957462+00:00'
command_line_arguments = (
u'./tools/log2timeline.py --partition=all --quiet '
u'pinfo_test.json.plaso test_data/tsk_volume_system.raw')
enabled_parser_names = u', '.join([
u'android_app_usage', u'asl_log', u'bencode',
u'bencode/bencode_transmission', u'bencode/bencode_utorrent',
u'binary_cookies', u'bsm_log', u'chrome_cache',
u'chrome_preferences', u'cups_ipp', u'custom_destinations',
u'dockerjson', u'dpkg', u'esedb', u'esedb/esedb_file_history',
u'esedb/msie_webcache', u'filestat', u'firefox_cache',
u'firefox_cache2', u'hachoir', u'java_idx', u'lnk',
u'mac_appfirewall_log', u'mac_keychain', u'mac_securityd',
u'mactime', u'macwifi', u'mcafee_protection', u'mft', u'msiecf',
u'olecf', u'olecf/olecf_automatic_destinations',
u'olecf/olecf_default', u'olecf/olecf_document_summary',
u'olecf/olecf_summary', u'openxml', u'opera_global',
u'opera_typed_history', u'pe', u'plist', u'plist/airport',
u'plist/apple_id', u'plist/ipod_device', u'plist/macosx_bluetooth',
u'plist/macosx_install_history', u'plist/macuser',
u'plist/maxos_software_update', u'plist/plist_default',
u'plist/safari_history', u'plist/spotlight',
u'plist/spotlight_volume', u'plist/time_machine', u'pls_recall',
u'popularity_contest', u'prefetch', u'recycle_bin',
u'recycle_bin_info2', u'rplog', u'sccm', u'selinux',
u'skydrive_log', u'skydrive_log_old', u'sqlite',
u'sqlite/android_calls', u'sqlite/android_sms', u'sqlite/appusage',
u'sqlite/chrome_cookies', u'sqlite/chrome_extension_activity',
u'sqlite/chrome_history', u'sqlite/firefox_cookies',
u'sqlite/firefox_downloads', u'sqlite/firefox_history',
u'sqlite/google_drive', u'sqlite/imessage',
u'sqlite/kik_messenger', u'sqlite/ls_quarantine',
u'sqlite/mac_document_versions', u'sqlite/mackeeper_cache',
u'sqlite/skype', u'sqlite/twitter_ios', u'sqlite/zeitgeist',
u'symantec_scanlog', u'syslog', u'syslog/cron', u'syslog/ssh',
u'usnjrnl', u'utmp', u'utmpx', u'winevt', u'winevtx',
u'winfirewall', u'winiis', u'winjob', u'winreg',
u'winreg/appcompatcache', u'winreg/bagmru', u'winreg/ccleaner',
u'winreg/explorer_mountpoints2', u'winreg/explorer_programscache',
u'winreg/microsoft_office_mru', u'winreg/microsoft_outlook_mru',
u'winreg/mrulist_shell_item_list', u'winreg/mrulist_string',
u'winreg/mrulistex_shell_item_list', u'winreg/mrulistex_string',
u'winreg/mrulistex_string_and_shell_item',
u'winreg/mrulistex_string_and_shell_item_list',
u'winreg/msie_zone', u'winreg/mstsc_rdp', u'winreg/mstsc_rdp_mru',
u'winreg/network_drives', u'winreg/userassist',
u'winreg/windows_boot_execute', u'winreg/windows_boot_verify',
u'winreg/windows_run', u'winreg/windows_sam_users',
u'winreg/windows_services', u'winreg/windows_shutdown',
u'winreg/windows_task_cache', u'winreg/windows_timezone',
u'winreg/windows_typed_urls', u'winreg/windows_usb_devices',
u'winreg/windows_usbstor_devices', u'winreg/windows_version',
u'winreg/winlogon', u'winreg/winrar_mru', u'winreg/winreg_default',
u'xchatlog', u'xchatscrollback'
])
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI,
title=u'Plaso Storage Information')
table_view.AddRow([u'Filename', test_filename])
table_view.AddRow([u'Format version', format_version])
table_view.AddRow([u'Serialization format', u'json'])
table_view.Write(output_writer)
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI, title=u'Sessions')
table_view.AddRow([session_identifier, session_start_time])
table_view.Write(output_writer)
title = u'Session: {0!s}'.format(session_identifier)
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI, title=title)
table_view.AddRow([u'Start time', session_start_time])
table_view.AddRow([u'Completion time', session_completion_time])
table_view.AddRow([u'Product name', u'plaso'])
table_view.AddRow([u'Product version', plaso_version])
table_view.AddRow([u'Command line arguments', command_line_arguments])
table_view.AddRow([u'Parser filter expression', u'N/A'])
table_view.AddRow(
[u'Enabled parser and plugins', enabled_parser_names])
table_view.AddRow([u'Preferred encoding', u'UTF-8'])
table_view.AddRow([u'Debug mode', u'False'])
table_view.AddRow([u'Filter file', u'N/A'])
table_view.AddRow([u'Filter expression', u'N/A'])
table_view.Write(output_writer)
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI,
column_names=[u'Parser (plugin) name', u'Number of events'],
title=u'Events generated per parser')
table_view.AddRow([u'filestat', u'3'])
table_view.AddRow([u'Total', u'3'])
table_view.Write(output_writer)
expected_output = output_writer.ReadOutput()
expected_output = (b'{0:s}'
b'No errors stored.\n'
b'\n'
b'No analysis reports stored.\n'
b'\n').format(expected_output)
test_file = self._GetTestFilePath([test_filename])
options = cli_test_lib.TestOptions()
options.storage_file = test_file
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
output = output_writer.ReadOutput()
# Compare the output as list of lines which makes it easier to spot
# differences.
self.assertEqual(output.split(b'\n'), expected_output.split(b'\n'))
