def setUp(self): """Sets up the needed objects used throughout the test.""" pre_obj = event.PreprocessObject() self._parser = mac_keychain.KeychainParser(pre_obj, None)
def testParse(self): """Tests the Parse function.""" parser = mac_keychain.KeychainParser() storage_writer = self._ParseFile(['login.keychain'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 8) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2014-01-26 14:51:48.000000') self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.entry_name, 'Secret Application') self.assertEqual(event_data.account_name, 'moxilo') expected_ssgp = ( 'b8e44863af1cb0785b89681d22e2721997ccfb8adb8853e726aff94c8830b05a') self.assertEqual(event_data.ssgp_hash, expected_ssgp) expected_message = 'Name: Secret Application Account: moxilo' expected_short_message = 'Secret Application' self._TestGetMessageStrings(event_data, expected_message, expected_short_message) event = events[1] self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_MODIFICATION) self.CheckTimestamp(event.timestamp, '2014-01-26 14:52:29.000000') event = events[2] self.CheckTimestamp(event.timestamp, '2014-01-26 14:53:29.000000') event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.entry_name, 'Secret Note') self.assertEqual(event_data.text_description, 'secure note') self.assertEqual(len(event_data.ssgp_hash), 1696) expected_message = 'Name: Secret Note' expected_short_message = 'Secret Note' self._TestGetMessageStrings(event_data, expected_message, expected_short_message) event = events[4] self.CheckTimestamp(event.timestamp, '2014-01-26 14:54:33.000000') event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.entry_name, 'plaso.kiddaland.net') self.assertEqual(event_data.account_name, 'MrMoreno') expected_ssgp = ( '83ccacf55a8cb656d340ec405e9d8b308fac54bb79c5c9b0219bd0d700c3c521') self.assertEqual(event_data.ssgp_hash, expected_ssgp) self.assertEqual(event_data.where, 'plaso.kiddaland.net') self.assertEqual(event_data.protocol, 'http') self.assertEqual(event.type_protocol, 'dflt') expected_message = ('Name: plaso.kiddaland.net ' 'Account: MrMoreno ' 'Where: plaso.kiddaland.net ' 'Protocol: http (dflt)') expected_short_message = 'plaso.kiddaland.net' self._TestGetMessageStrings(event_data, expected_message, expected_short_message)
def testParse(self): """Tests the Parse function.""" parser = mac_keychain.KeychainParser() storage_writer = self._ParseFile(['login.keychain'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 8) events = list(storage_writer.GetEvents()) expected_ssgp = ( 'b8e44863af1cb0785b89681d22e2721997ccfb8adb8853e726aff94c8830b05a') expected_event_values = { 'account_name': 'moxilo', 'data_type': 'mac:keychain:application', 'entry_name': 'Secret Application', 'ssgp_hash': expected_ssgp, 'timestamp': '2014-01-26 14:51:48.000000', 'timestamp_desc': definitions.TIME_DESCRIPTION_CREATION } self.CheckEventValues(storage_writer, events[0], expected_event_values) expected_event_values = { 'data_type': 'mac:keychain:application', 'timestamp': '2014-01-26 14:52:29.000000', 'timestamp_desc': definitions.TIME_DESCRIPTION_MODIFICATION } self.CheckEventValues(storage_writer, events[1], expected_event_values) expected_ssgp = ( '72bd40987413638e081b8d1497573343f193ab4574c08f08cb618ca729488a68' '2fd9f179c2134ab89c2096a3f335eb61bf4377ca15209197c5ead3a775149db3' 'c5a306d1a2db4f9c3c20949280892c994049a55e8323a7d51b9c51826057d743' 'ced5f6fb23a2fea5de833fe49fbd92bf7a4d536d64cca1abf9ee09f92025e48e' '41331fbd7801d81f953a39b1d8c523cd0575834240e5e566b1aaf31b960dfd77' '4a180958f6c06e372ea0a8b211d3f9a1c207984b6e51c55904ddaf9ac12bc4bf' '255356178b07bfaa70de9ece90420f0a289b4a73f63c624d9e6a138b6dbb0559' '64641e7526167712f205b7333dec36063127c66fc1633c3c0aac6833b3487894' '8b2d45270ce754a07c8f06beb18d98ca9565fa7c57cca083804b8a96dfbf7d5f' '5c24c1c391f1a38ecf8d6919b21a398ce89bdffd0aa99eb60a3c4ad9c1d0d074' '143ad0e71d5986bf8bf13f166c61cff3bc384e3a79f6f6c57ed52fef2c66d267' 'bab006e6e2495afb55162bf0b88111b2429c83bb7b59a54df745aa23055d7b0f' 'd6c0543203397640b46109e1382441945447457461aa01edc75169f2b462d508' '7519957ab587e07203ad1377ad76255a5a64398fe329760951bd8bca7bbe8c2b' '4d8b987370a6c7eb05613051d19a4d0f588e05a1a51e43831a2b07b7d50a6379' '130f6fb2bbeab2b016899fca2e9d8e60429da995da9de0f326eb498212a6671f' '0125402cc387371f61775008fa049b446df792704880f45869dd4b7c89b77f58' '06fe61faf7e790e59ba02d5e8b8dd880313fc5921bee4d5e9d0a67c1c16f898d' 'cc99cd403f63e652109ee4be4c28bbbf98cfe59047145f9fbface4ebf4f1ce1e' '4d7d108a689e2744b464ed539a305f3b40fe8248b93556d14810d70469457651' 'c507af61bd692622f30996bfa8ac8aa29f712b6d035883ae37855e223de43a85' '9264ecea0f2b5b87396cb030edc79d1943eb53267137d1e5fbbe2fb74756ecb1' '58d8e81008453a537085d67feeddb155a8c3f76deecb02d003d8d16c487111c4' 'b43518ec66902876aab00a5dcfd3cc6fc713a1b9bdba533d84bd7b4a3d9f778e' 'd7ee477a53df012a778b2d833d2a18cb88b23ca69b0806bb38bd38fbbc78e261' '15a8b465ceaa8bfa8ecb97a446bc12434da6d2dd7355ec3c7297960f4b996e5b' '22e8f256c6094d7f2ed4f7c89c060faf') expected_event_values = { 'data_type': 'mac:keychain:application', 'entry_name': 'Secret Note', 'ssgp_hash': expected_ssgp, 'text_description': 'secure note', 'timestamp': '2014-01-26 14:53:29.000000' } self.CheckEventValues(storage_writer, events[2], expected_event_values) expected_ssgp = ( '83ccacf55a8cb656d340ec405e9d8b308fac54bb79c5c9b0219bd0d700c3c521') expected_event_values = { 'account_name': 'MrMoreno', 'data_type': 'mac:keychain:internet', 'entry_name': 'plaso.kiddaland.net', 'protocol': 'http', 'ssgp_hash': expected_ssgp, 'timestamp': '2014-01-26 14:54:33.000000', 'type_protocol': 'dflt', 'where': 'plaso.kiddaland.net' } self.CheckEventValues(storage_writer, events[4], expected_event_values)
def setUp(self): """Makes preparations before running an individual test.""" self._parser = mac_keychain.KeychainParser()
def setUp(self): """Sets up the needed objects used throughout the test.""" self._parser = mac_keychain.KeychainParser()
def testParse(self): """Tests the Parse function.""" parser_object = mac_keychain.KeychainParser() test_file = self._GetTestFilePath([u'login.keychain']) event_queue_consumer = self._ParseFile(parser_object, test_file) event_objects = self._GetEventObjectsFromQueue(event_queue_consumer) self.assertEqual(len(event_objects), 5) event_object = event_objects[0] expected_timestamp = timelib.Timestamp.CopyFromString( u'2014-01-26 14:51:48') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual( event_object.timestamp_desc, eventdata.EventTimestamp.CREATION_TIME) self.assertEqual(event_object.entry_name, u'Secret Application') self.assertEqual(event_object.account_name, u'moxilo') expected_ssgp = ( u'b8e44863af1cb0785b89681d22e2721997ccfb8adb8853e726aff94c8830b05a') self.assertEqual(event_object.ssgp_hash, expected_ssgp) self.assertEqual(event_object.text_description, u'N/A') expected_msg = u'Name: Secret Application Account: moxilo' expected_msg_short = u'Secret Application' self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short) event_object = event_objects[1] self.assertEqual( event_object.timestamp_desc, eventdata.EventTimestamp.MODIFICATION_TIME) expected_timestamp = timelib.Timestamp.CopyFromString( u'2014-01-26 14:52:29') self.assertEqual(event_object.timestamp, expected_timestamp) event_object = event_objects[2] expected_timestamp = timelib.Timestamp.CopyFromString( u'2014-01-26 14:53:29') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual(event_object.entry_name, u'Secret Note') self.assertEqual(event_object.text_description, u'secure note') self.assertEqual(len(event_object.ssgp_hash), 1696) expected_msg = u'Name: Secret Note' expected_msg_short = u'Secret Note' self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short) event_object = event_objects[3] expected_timestamp = timelib.Timestamp.CopyFromString( u'2014-01-26 14:54:33') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual(event_object.entry_name, u'plaso.kiddaland.net') self.assertEqual(event_object.account_name, u'MrMoreno') expected_ssgp = ( u'83ccacf55a8cb656d340ec405e9d8b308fac54bb79c5c9b0219bd0d700c3c521') self.assertEqual(event_object.ssgp_hash, expected_ssgp) self.assertEqual(event_object.where, u'plaso.kiddaland.net') self.assertEqual(event_object.protocol, u'http') self.assertEqual(event_object.type_protocol, u'dflt') self.assertEqual(event_object.text_description, u'N/A') expected_msg = ( u'Name: plaso.kiddaland.net ' u'Account: MrMoreno ' u'Where: plaso.kiddaland.net ' u'Protocol: http (dflt)') expected_msg_short = u'plaso.kiddaland.net' self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short)