def testParseLogWithTimeZone(self): """Tests the Parse function on apt_history.log with a time zone.""" parser = apt_history.APTHistoryLogParser() storage_writer = self._ParseFile(['apt_history.log'], parser, timezone='CET') number_of_events = storage_writer.GetNumberOfAttributeContainers( 'event') self.assertEqual(number_of_events, 10) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'extraction_warning') self.assertEqual(number_of_warnings, 0) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'recovery_warning') self.assertEqual(number_of_warnings, 0) events = list(storage_writer.GetEvents()) expected_event_values = { 'data_type': 'apt:history:line', 'date_time': '2019-07-10 16:38:08', 'timestamp': '2019-07-10 14:38:08.000000' } self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testParseLogWithTimeZone(self): """Tests the Parse function on apt_history.log with a time zone.""" parser = apt_history.APTHistoryLogParser() storage_writer = self._ParseFile(['apt_history.log'], parser, timezone='CET') self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 10) events = list(storage_writer.GetEvents()) expected_event_values = {'timestamp': '2019-07-10 14:38:08.000000'} self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testParseInvalidLog(self): """Tests the Parse function on a non APT History log.""" parser = apt_history.APTHistoryLogParser() with self.assertRaises(errors.UnableToParseFile): self._ParseFile(['setupapi.dev.log'], parser)
def testParseLog(self): """Tests the Parse function on apt_history.log.""" parser = apt_history.APTHistoryLogParser() storage_writer = self._ParseFile(['apt_history.log'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 10) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2019-07-10 16:38:08.000000') event = events[1] self.CheckTimestamp(event.timestamp, '2019-07-10 16:38:12.000000') event = events[2] event_data = self._GetEventDataOfEvent(storage_writer, event) self.CheckTimestamp(event.timestamp, '2019-07-11 12:20:55.000000') expected_message = ( 'Install: libmpc3:amd64 (1.0.3-1+b2, automatic), ' 'manpages:amd64 (4.10-2, automatic), ' 'libmpx2:amd64 (6.3.0-18+deb9u1, automatic), ' 'python3-dev:amd64 (3.5.3-1), ' 'python2.7-dev:amd64 (2.7.13-2+deb9u3, automatic), ' 'libdbus-1-3:amd64 (1.10.28-0+deb9u1, automatic), ' 'linux-libc-dev:amd64 (4.9.168-1+deb9u3, automatic), ' 'python-xdg:amd64 (0.25-4, automatic), ' 'libmpfr4:amd64 (3.1.5-1, automatic), ' 'sgml-base:amd64 (1.29, automatic), ' 'libgirepository-1.0-1:amd64 (1.50.0-1+b1, automatic), ' 'libfakeroot:amd64 (1.21-3.1, automatic), ' 'libc6-dev:amd64 (2.24-11+deb9u4, automatic), ' 'rename:amd64 (0.20-4, automatic), ' 'git-man:amd64 (1:2.11.0-3+deb9u4, automatic), ' 'xdg-user-dirs:amd64 (0.15-2+b1, automatic), ' 'libexpat1-dev:amd64 (2.2.0-2+deb9u2, automatic), ' 'cpp-6:amd64 (6.3.0-18+deb9u1, automatic), ' 'dbus:amd64 (1.10.28-0+deb9u1, automatic), ' 'libalgorithm-diff-perl:amd64 (1.19.03-1, automatic), ' 'python-gi:amd64 (3.22.0-2, automatic), ' 'libalgorithm-merge-perl:amd64 (0.08-3, automatic), ' 'libicu57:amd64 (57.1-6+deb9u2, automatic), ' 'binutils:amd64 (2.28-5, automatic), ' 'cpp:amd64 (4:6.3.0-4, automatic), ' 'python-dbus:amd64 (1.2.4-1+b1, automatic), ' 'libitm1:amd64 (6.3.0-18+deb9u1, automatic), ' 'libpython-all-dev:amd64 (2.7.13-2, automatic), ' 'g++:amd64 (4:6.3.0-4, automatic), ' 'perl-modules-5.24:amd64 (5.24.1-3+deb9u5, automatic), ' 'libpython2.7:amd64 (2.7.13-2+deb9u3, automatic), ' 'python3-pip:amd64 (9.0.1-2+deb9u1), ' 'python3-keyring:amd64 (10.1-1, automatic), ' 'python3-wheel:amd64 (0.29.0-2, automatic), ' 'libpython3.5:amd64 (3.5.3-1+deb9u1, automatic), ' 'gcc:amd64 (4:6.3.0-4, automatic), ' 'git:amd64 (1:2.11.0-3+deb9u4), ' 'python3-idna:amd64 (2.2-1, automatic), ' 'libpython2.7-dev:amd64 (2.7.13-2+deb9u3, automatic), ' 'libcilkrts5:amd64 (6.3.0-18+deb9u1, automatic), ' 'python3-six:amd64 (1.10.0-3, automatic), ' 'libasan3:amd64 (6.3.0-18+deb9u1, automatic), ' 'libquadmath0:amd64 (6.3.0-18+deb9u1, automatic), ' 'python3.5-dev:amd64 (3.5.3-1+deb9u1, automatic), ' 'joe:amd64 (4.4-1), ' 'libisl15:amd64 (0.18-1, automatic), ' 'python-enum34:amd64 (1.1.6-1, automatic), ' 'build-essential:amd64 (12.3, automatic), ' 'libfile-fcntllock-perl:amd64 (0.22-3+b2, automatic), ' 'python3-xdg:amd64 (0.25-4, automatic), ' 'libperl5.24:amd64 (5.24.1-3+deb9u5, automatic), ' 'python-cryptography:amd64 (1.7.1-3+deb9u1, automatic), ' 'python-crypto:amd64 (2.6.1-7, automatic), ' 'xml-core:amd64 (0.17, automatic), ' 'python-keyrings.alt:amd64 (1.3-1, automatic), ' 'python-cffi-backend:amd64 (1.9.1-2, automatic), ' 'python-ipaddress:amd64 (1.0.17-1, automatic), ' 'libtsan0:amd64 (6.3.0-18+deb9u1, automatic), ' 'libgcc-6-dev:amd64 (6.3.0-18+deb9u1, automatic), ' 'python3-cryptography:amd64 (1.7.1-3+deb9u1, automatic), ' 'libubsan0:amd64 (6.3.0-18+deb9u1, automatic), ' 'gir1.2-glib-2.0:amd64 (1.50.0-1+b1, automatic), ' 'g++-6:amd64 (6.3.0-18+deb9u1, automatic), ' 'libpython-dev:amd64 (2.7.13-2, automatic), ' 'python3-cffi-backend:amd64 (1.9.1-2, automatic), ' 'make:amd64 (4.1-9.1, automatic), ' 'fakeroot:amd64 (1.21-3.1, automatic), ' 'gcc-6:amd64 (6.3.0-18+deb9u1, automatic), ' 'python-all:amd64 (2.7.13-2, automatic), ' 'liblsan0:amd64 (6.3.0-18+deb9u1, automatic), ' 'shared-mime-info:amd64 (1.8-1+deb9u1, automatic), ' 'libgomp1:amd64 (6.3.0-18+deb9u1, automatic), ' 'libpython3.5-dev:amd64 (3.5.3-1+deb9u1, automatic), ' 'libdbus-glib-1-2:amd64 (0.108-2, automatic), ' 'libutempter0:amd64 (1.1.6-3, automatic), ' 'python-secretstorage:amd64 (2.3.1-2, automatic), ' 'python-dev:amd64 (2.7.13-2), ' 'python-pyasn1:amd64 (0.1.9-2, automatic), ' 'python-setuptools:amd64 (33.1.1-1, automatic), ' 'python-keyring:amd64 (10.1-1, automatic), ' 'manpages-dev:amd64 (4.10-2, automatic), ' 'bzip2:amd64 (1.0.6-8.1, automatic), ' 'python3-dbus:amd64 (1.2.4-1+b1, automatic), ' 'libevent-2.0-5:amd64 (2.0.21-stable-3, automatic), ' 'libglib2.0-data:amd64 (2.50.3-2, automatic), ' 'python3-keyrings.alt:amd64 (1.3-1, automatic), ' 'libc-dev-bin:amd64 (2.24-11+deb9u4, automatic), ' 'libxml2:amd64 (2.9.4+dfsg1-2.2+deb9u2, automatic), ' 'python3-gi:amd64 (3.22.0-2, automatic), ' 'python3-crypto:amd64 (2.6.1-7, automatic), ' 'perl:amd64 (5.24.1-3+deb9u5, automatic), ' 'rsync:amd64 (3.1.2-1+deb9u2, automatic), ' 'tmux:amd64 (2.3-4), ' 'python-idna:amd64 (2.2-1, automatic), ' 'python-wheel:amd64 (0.29.0-2, automatic), ' 'libpython3-dev:amd64 (3.5.3-1, automatic), ' 'libatomic1:amd64 (6.3.0-18+deb9u1, automatic), ' 'libcc1-0:amd64 (6.3.0-18+deb9u1, automatic), ' 'libdpkg-perl:amd64 (1.18.25, automatic), ' 'patch:amd64 (2.7.5-1+deb9u1, automatic), ' 'python3-secretstorage:amd64 (2.3.1-2, automatic), ' 'libalgorithm-diff-xs-perl:amd64 (0.04-4+b2, automatic), ' 'python-pip-whl:amd64 (9.0.1-2+deb9u1, automatic), ' 'libglib2.0-0:amd64 (2.50.3-2, automatic), ' 'python-pip:amd64 (9.0.1-2+deb9u1), ' 'libcurl3-gnutls:amd64 (7.52.1-5+deb9u9, automatic), ' 'less:amd64 (481-2.1, automatic), ' 'python3-setuptools:amd64 (33.1.1-1, automatic), ' 'dpkg-dev:amd64 (1.18.25, automatic), ' 'python-all-dev:amd64 (2.7.13-2, automatic), ' 'python3-pyasn1:amd64 (0.1.9-2, automatic), ' 'libstdc++-6-dev:amd64 (6.3.0-18+deb9u1, automatic), ' 'liberror-perl:amd64 (0.17024-1, automatic) ' '[Commandline: apt-get -y install python-pip python3-pip python-dev ' 'python3-dev git tmux screen joe]') expected_short_message = ( 'Install: libmpc3:amd64 (1.0.3-1+b2, automatic), ' 'manpages:amd64 (4.10-2, autom...') self._TestGetMessageStrings(event_data, expected_message, expected_short_message) event = events[4] event_data = self._GetEventDataOfEvent(storage_writer, event) expected_message = ( 'Install: containerd.io:amd64 (1.2.6-3), ' 'linux-headers-4.9.0-9-common:amd64 (4.9.168-1+deb9u3, automatic), ' 'aufs-tools:amd64 (1:4.1+20161219-1, automatic), ' 'aufs-dkms:amd64 (4.9+20161219-1, automatic), ' 'cgroupfs-mount:amd64 (1.3, automatic), ' 'linux-compiler-gcc-6-x86:amd64 (4.9.168-1+deb9u3, automatic), ' 'dkms:amd64 (2.3-2, automatic), libltdl7:amd64 (2.4.6-2, automatic), ' 'linux-headers-amd64:amd64 (4.9+80+deb9u7, automatic), ' 'linux-kbuild-4.9:amd64 (4.9.168-1+deb9u3, automatic), ' 'linux-headers-4.9.0-9-amd64:amd64 (4.9.168-1+deb9u3, automatic), ' 'pigz:amd64 (2.3.4-1, automatic), ' 'docker-ce:amd64 (5:18.09.7~3-0~debian-stretch), ' 'docker-ce-cli:amd64 (5:18.09.7~3-0~debian-stretch) ' '[Commandline: apt-get install -y docker-ce docker-ce-cli containerd.io' '] [Error: Sub-process /usr/bin/dpkg returned an error code (1)]') expected_short_message = ('Install: containerd.io:amd64 (1.2.6-3), ' 'linux-headers-4.9.0-9-common:amd64 (4...') self._TestGetMessageStrings(event_data, expected_message, expected_short_message) event = events[6] event_data = self._GetEventDataOfEvent(storage_writer, event) expected_message = ( 'Remove: volatility:amd64 (2.6-1), forensics-all:amd64 (1.5) ' '[Commandline: apt-get remove volatility] ' '[Requested-By: jxs (1005)]') expected_short_message = ( 'Remove: volatility:amd64 (2.6-1), forensics-all:amd64 (1.5)') self._TestGetMessageStrings(event_data, expected_message, expected_short_message) event = events[9] event_data = self._GetEventDataOfEvent(storage_writer, event) self.CheckTimestamp(event.timestamp, '2019-07-12 04:19:26.000000') expected_message = ( 'Remove: python-distorm3:amd64 (3.3.4-2), ' 'python-imaging:amd64 (4.0.0-4), python-py:amd64 (1.4.32-3), ' 'python-openpyxl:amd64 (2.3.0-3), libdistorm3-3:amd64 (3.3.4-2), ' 'python-jdcal:amd64 (1.0-1.2~deb9u1) [Commandline: apt-get autoremove] ' '[Requested-By: jxs (1005)]') expected_short_message = ('Remove: python-distorm3:amd64 (3.3.4-2), ' 'python-imaging:amd64 (4.0.0-4), pyth...') self._TestGetMessageStrings(event_data, expected_message, expected_short_message)