def _TestScanSourcePartitionedImage(self, test_file): """Tests the ScanSource function on the partitioned test image. Args: test_file: the path of the test file. """ test_front_end = frontend.ExtractionFrontend(self._input_reader, self._output_writer) options = test_lib.Options() options.source = test_file options.image_offset_bytes = 0x0002c000 test_front_end.ParseOptions(options) test_front_end.ScanSource(options) path_spec = test_front_end.GetSourcePathSpec() self.assertNotEquals(path_spec, None) self.assertEquals(path_spec.type_indicator, dfvfs_definitions.TYPE_INDICATOR_TSK) # pylint: disable=protected-access self.assertEquals(test_front_end._partition_offset, 180224) options = test_lib.Options() options.source = test_file options.image_offset = 352 options.bytes_per_sector = 512 test_front_end.ParseOptions(options) test_front_end.ScanSource(options) path_spec = test_front_end.GetSourcePathSpec() self.assertNotEquals(path_spec, None) self.assertEquals(path_spec.type_indicator, dfvfs_definitions.TYPE_INDICATOR_TSK) # pylint: disable=protected-access self.assertEquals(test_front_end._partition_offset, 180224) options = test_lib.Options() options.source = test_file options.partition_number = 2 test_front_end.ParseOptions(options) test_front_end.ScanSource(options) path_spec = test_front_end.GetSourcePathSpec() self.assertNotEquals(path_spec, None) self.assertEquals(path_spec.type_indicator, dfvfs_definitions.TYPE_INDICATOR_TSK) # pylint: disable=protected-access self.assertEquals(test_front_end._partition_offset, 180224)
def testGetStorageInformation(self): """Tests the get storage information function.""" test_front_end = log2timeline.Log2TimelineFrontend() options = test_lib.Options() options.source = self._GetTestFilePath(['image.dd']) storage_file_path = os.path.join(self._temp_directory, 'plaso.db') test_front_end.ParseOptions(options) test_front_end.SetStorageFile(storage_file_path=storage_file_path) test_front_end.SetRunForeman(run_foreman=False) test_front_end.ProcessSource(options) try: storage_file = storage.StorageFile(storage_file_path, read_only=True) except IOError: # This is not a storage file, we should fail. self.assertTrue(False) # Make sure we can read an event out of the storage. event_object = storage_file.GetSortedEntry() self.assertIsNotNone(event_object)
def testGetStorageInformation(self): """Tests the get storage information function.""" test_front_end = pinfo.PinfoFrontend() options = test_lib.Options() options.storage_file = os.path.join(self._TEST_DATA_PATH, 'psort_test.out') test_front_end.ParseOptions(options) storage_information_list = list(test_front_end.GetStorageInformation()) self.assertEquals(len(storage_information_list), 1) lines_of_text = storage_information_list[0].split(u'\n') expected_line_of_text = u'-' * 80 self.assertEquals(lines_of_text[0], expected_line_of_text) self.assertEquals(lines_of_text[2], expected_line_of_text) self.assertEquals(lines_of_text[1], u'\t\tPlaso Storage Information') expected_line_of_text = u'Storage file:\t\t{0:s}'.format( options.storage_file) self.assertEquals(lines_of_text[3], expected_line_of_text) self.assertEquals(lines_of_text[4], u'Source processed:\tsyslog') expected_line_of_text = u'Time of processing:\t2014-02-15T04:33:16+00:00' self.assertEquals(lines_of_text[5], expected_line_of_text) self.assertEquals(lines_of_text[6], u'') self.assertEquals(lines_of_text[7], u'Collection information:')
def testParseOptions(self): """Tests the parse options function.""" test_front_end = frontend.ExtractionFrontend(self._input_reader, self._output_writer) options = test_lib.Options() with self.assertRaises(errors.BadConfigOption): test_front_end.ParseOptions(options) options.source = self._GetTestFilePath(['image.dd']) test_front_end.ParseOptions(options)
def _TestScanSourceVssImage(self, test_file): """Tests the ScanSource function on the VSS test image. Args: test_file: the path of the test file. """ test_front_end = frontend.ExtractionFrontend(self._input_reader, self._output_writer) options = test_lib.Options() options.source = test_file options.vss_stores = '1,2' test_front_end.ParseOptions(options) test_front_end.ScanSource(options) path_spec = test_front_end.GetSourcePathSpec() self.assertNotEquals(path_spec, None) self.assertEquals(path_spec.type_indicator, dfvfs_definitions.TYPE_INDICATOR_TSK) # pylint: disable=protected-access self.assertEquals(test_front_end._partition_offset, 0) self.assertEquals(test_front_end._vss_stores, [1, 2]) options = test_lib.Options() options.source = test_file options.vss_stores = '1' test_front_end.ParseOptions(options) test_front_end.ScanSource(options) path_spec = test_front_end.GetSourcePathSpec() self.assertNotEquals(path_spec, None) self.assertEquals(path_spec.type_indicator, dfvfs_definitions.TYPE_INDICATOR_TSK) # pylint: disable=protected-access self.assertEquals(test_front_end._partition_offset, 0) self.assertEquals(test_front_end._vss_stores, [1])
def testOpenStorageFile(self): """Tests the open storage file function.""" test_front_end = frontend.AnalysisFrontend(self._input_reader, self._output_writer) options = test_lib.Options() options.storage_file = self._GetTestFilePath(['psort_test.out']) test_front_end.ParseOptions(options) storage_file = test_front_end.OpenStorageFile() self.assertIsInstance(storage_file, storage.StorageFile) storage_file.Close()
def testRunAgainstKey(self): """Tests running the preg frontend against a Registry key.""" output_writer = StringIOOutputWriter() test_front_end = preg.PregFrontend(output_writer) options = test_lib.Options() options.key = u'\\Microsoft\\Windows NT\\CurrentVersion' options.regfile = self._GetTestFilePath(['SOFTWARE']) options.verbose = False test_front_end.ParseOptions(options, source_option='image') test_front_end.RunModeRegistryKey(options, u'') self.assertTrue( u'Product name : Windows 7 Ultimate' in output_writer.GetValue())
def testRunPlugin(self): """Tests running the preg frontend against a plugin.""" output_writer = StringIOOutputWriter() test_front_end = preg.PregFrontend(output_writer) options = test_lib.Options() options.regfile = self._GetTestFilePath(['NTUSER.DAT']) options.verbose = False test_front_end.ParseOptions(options, source_option='image') test_front_end.RunModeRegistryPlugin(options, u'userassist') self.assertTrue(( u'UEME_RUNPATH:C:\\Program Files\\Internet Explorer\\iexplore.exe : ' u'[Count: 1]') in output_writer.GetValue())
def testParseOptions(self): """Tests the parse options function.""" test_front_end = frontend.AnalysisFrontend(self._input_reader, self._output_writer) options = test_lib.Options() with self.assertRaises(errors.BadConfigOption): test_front_end.ParseOptions(options) options.storage_file = self._GetTestFilePath(['no_such_file.out']) with self.assertRaises(errors.BadConfigOption): test_front_end.ParseOptions(options) options.storage_file = self._GetTestFilePath(['psort_test.out']) test_front_end.ParseOptions(options)
def testProcessSourceExtractWithExtensions(self): """Tests extract with extensions process source functionality.""" test_front_end = image_export.ImageExportFrontend() options = test_lib.Options() options.image = self._GetTestFilePath([u'image.qcow2']) options.path = self._temp_directory options.extension_string = u'txt' test_front_end.ParseOptions(options, source_option='image') test_front_end.ProcessSource(options) expected_text_files = sorted([ os.path.join(self._temp_directory, u'passwords.txt')]) text_files = glob.glob(os.path.join(self._temp_directory, u'*')) self.assertEquals(sorted(text_files), expected_text_files)
def _TestScanSourceDirectory(self, test_file): """Tests the ScanSource function on a directory. Args: test_file: the path of the test file. """ test_front_end = frontend.ExtractionFrontend(self._input_reader, self._output_writer) options = test_lib.Options() options.source = test_file test_front_end.ParseOptions(options) test_front_end.ScanSource(options) path_spec = test_front_end.GetSourcePathSpec() self.assertNotEquals(path_spec, None) self.assertEquals(path_spec.location, os.path.abspath(test_file)) self.assertEquals(path_spec.type_indicator, dfvfs_definitions.TYPE_INDICATOR_OS) # pylint: disable=protected-access self.assertEquals(test_front_end._partition_offset, None)
def testProcessSourceExtractWithDateFilter(self): """Tests extract with file filter and date filter functionality.""" test_front_end = image_export.ImageExportFrontend() options = test_lib.Options() options.image = self._GetTestFilePath([u'image.qcow2']) options.path = self._temp_directory options.include_duplicates = True options.filter = os.path.join(self._temp_directory, u'filter.txt') with open(options.filter, 'wb') as file_object: file_object.write('/a_directory/.+_file\n') test_front_end.ParseOptions(options, source_option='image') # Set the date filter. filter_start = '2012-05-25 15:59:00' filter_end = '2012-05-25 15:59:20' date_filter_object = image_export.DateFilter() date_filter_object.Add( filter_start=filter_start, filter_end=filter_end, filter_type='ctime') image_export.FileSaver.SetDateFilter(date_filter_object) test_front_end.ProcessSource(options) expected_text_files = sorted([ os.path.join(self._temp_directory, u'a_directory', u'a_file')]) text_files = glob.glob(os.path.join( self._temp_directory, u'a_directory', u'*')) self.assertEquals(sorted(text_files), expected_text_files) # We need to reset the date filter to not affect other tests. # pylint: disable-msg=protected-access # TODO: Remove this once filtering has been moved to the front end object. image_export.FileSaver._date_filter = None
def testProcessSourceExtractWithFilter(self): """Tests extract with filter process source functionality.""" test_front_end = image_export.ImageExportFrontend() options = test_lib.Options() options.image = self._GetTestFilePath([u'image.qcow2']) options.path = self._temp_directory options.filter = os.path.join(self._temp_directory, u'filter.txt') with open(options.filter, 'wb') as file_object: file_object.write('/a_directory/.+_file\n') test_front_end.ParseOptions(options, source_option='image') test_front_end.ProcessSource(options) expected_text_files = sorted([ os.path.join(self._temp_directory, u'a_directory', u'another_file'), os.path.join(self._temp_directory, u'a_directory', u'a_file')]) text_files = glob.glob(os.path.join( self._temp_directory, u'a_directory', u'*')) self.assertEquals(sorted(text_files), expected_text_files)