Python USBStorPlugin示例，plaso.parsers.winreg_plugins.usbstor.USBStorPlugin Python示例

示例#1

0

显示文件

文件： usbstor.py 项目： dfjxs/plaso

  def testProcess(self):
    """Tests the Process function."""
    test_file_entry = self._GetTestFileEntry(['SYSTEM'])
    key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum\\USBSTOR'

    win_registry = self._GetWinRegistryFromFileEntry(test_file_entry)
    registry_key = win_registry.GetKeyByPath(key_path)

    plugin = usbstor.USBStorPlugin()
    storage_writer = self._ParseKeyWithPlugin(
        registry_key, plugin, file_entry=test_file_entry)

    self.assertEqual(storage_writer.number_of_events, 5)
    self.assertEqual(storage_writer.number_of_extraction_warnings, 0)
    self.assertEqual(storage_writer.number_of_recovery_warnings, 0)

    events = list(storage_writer.GetEvents())

    expected_event_values = {
        'date_time': '2012-04-07 10:31:37.6408714',
        'data_type': 'windows:registry:usbstor',
        'device_type': 'Disk',
        'display_name': 'HP v100w USB Device',
        'key_path': key_path,
        # This should just be the plugin name, as we're invoking it directly,
        # and not through the parser.
        'parser': plugin.NAME,
        'product': 'Prod_v100w',
        'revision': 'Rev_1024',
        'serial': 'AA951D0000007252&0',
        'subkey_name': 'Disk&Ven_HP&Prod_v100w&Rev_1024',
        'timestamp_desc': definitions.TIME_DESCRIPTION_WRITTEN,
        'vendor': 'Ven_HP'}

    self.CheckEventValues(storage_writer, events[0], expected_event_values)

示例#2

0

显示文件

    def testFilters(self):
        """Tests the FILTERS class attribute."""
        plugin = usbstor.USBStorPlugin()

        key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum\\USBSTOR'
        self._AssertFiltersOnKeyPath(plugin, key_path)

        self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus')

示例#3

0

显示文件

    def testProcess(self):
        """Tests the Process function."""
        test_file_entry = self._GetTestFileEntry(['SYSTEM'])
        key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum\\USBSTOR'

        win_registry = self._GetWinRegistryFromFileEntry(test_file_entry)
        registry_key = win_registry.GetKeyByPath(key_path)

        plugin = usbstor.USBStorPlugin()
        storage_writer = self._ParseKeyWithPlugin(registry_key,
                                                  plugin,
                                                  file_entry=test_file_entry)

        self.assertEqual(storage_writer.number_of_warnings, 0)
        self.assertEqual(storage_writer.number_of_events, 5)

        events = list(storage_writer.GetEvents())

        event = events[0]

        self.CheckTimestamp(event.timestamp, '2012-04-07 10:31:37.640871')
        self.assertEqual(event.timestamp_desc,
                         definitions.TIME_DESCRIPTION_WRITTEN)

        event_data = self._GetEventDataOfEvent(storage_writer, event)

        # This should just be the plugin name, as we're invoking it directly,
        # and not through the parser.
        self.assertEqual(event_data.parser, plugin.plugin_name)
        self.assertEqual(event_data.data_type, 'windows:registry:usbstor')
        self.assertEqual(event_data.pathspec, test_file_entry.path_spec)
        self.assertEqual(event_data.subkey_name,
                         'Disk&Ven_HP&Prod_v100w&Rev_1024')
        self.assertEqual(event_data.device_type, 'Disk')
        self.assertEqual(event_data.vendor, 'Ven_HP')
        self.assertEqual(event_data.product, 'Prod_v100w')
        self.assertEqual(event_data.revision, 'Rev_1024')

        expected_message = ('[{0:s}] '
                            'Device type: Disk '
                            'Display name: HP v100w USB Device '
                            'Product: Prod_v100w '
                            'Revision: Rev_1024 '
                            'Serial: AA951D0000007252&0 '
                            'Subkey name: Disk&Ven_HP&Prod_v100w&Rev_1024 '
                            'Vendor: Ven_HP').format(key_path)
        expected_short_message = '{0:s}...'.format(expected_message[:77])

        self._TestGetMessageStrings(event_data, expected_message,
                                    expected_short_message)

示例#4

0

显示文件

    def testProcess(self):
        """Tests the Process function."""
        test_file_entry = self._GetTestFileEntry([u'SYSTEM'])
        key_path = u'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum\\USBSTOR'

        win_registry = self._GetWinRegistryFromFileEntry(test_file_entry)
        registry_key = win_registry.GetKeyByPath(key_path)

        plugin = usbstor.USBStorPlugin()
        storage_writer = self._ParseKeyWithPlugin(registry_key,
                                                  plugin,
                                                  file_entry=test_file_entry)

        self.assertEqual(storage_writer.number_of_events, 5)

        events = list(storage_writer.GetEvents())

        event = events[0]

        self.assertEqual(event.pathspec, test_file_entry.path_spec)
        # This should just be the plugin name, as we're invoking it directly,
        # and not through the parser.
        self.assertEqual(event.parser, plugin.plugin_name)

        expected_timestamp = timelib.Timestamp.CopyFromString(
            u'2012-04-07 10:31:37.640871')
        self.assertEqual(event.timestamp, expected_timestamp)
        self.assertEqual(event.timestamp_desc,
                         definitions.TIME_DESCRIPTION_WRITTEN)

        expected_value = u'Disk&Ven_HP&Prod_v100w&Rev_1024'
        self._TestRegvalue(event, u'subkey_name', expected_value)

        self._TestRegvalue(event, u'device_type', u'Disk')
        self._TestRegvalue(event, u'vendor', u'Ven_HP')
        self._TestRegvalue(event, u'product', u'Prod_v100w')
        self._TestRegvalue(event, u'revision', u'Rev_1024')

        expected_message = (u'[{0:s}] '
                            u'device_type: Disk '
                            u'friendly_name: HP v100w USB Device '
                            u'product: Prod_v100w '
                            u'revision: Rev_1024 '
                            u'serial: AA951D0000007252&0 '
                            u'subkey_name: Disk&Ven_HP&Prod_v100w&Rev_1024 '
                            u'vendor: Ven_HP').format(key_path)
        expected_short_message = u'{0:s}...'.format(expected_message[:77])

        self._TestGetMessageStrings(event, expected_message,
                                    expected_short_message)

示例#5

0

显示文件

文件： usbstor.py 项目： vonnopsled/plaso

 def setUp(self):
     """Makes preparations before running an individual test."""
     self._plugin = usbstor.USBStorPlugin()

示例#6

0

显示文件

文件： usbstor.py 项目： vertigo0001/plaso

 def setUp(self):
     """Sets up the needed objects used throughout the test."""
     self._plugin = usbstor.USBStorPlugin()

示例#7

0

显示文件

文件： usbstor_test.py 项目： iwm911/plaso

 def setUp(self):
   """Sets up the needed objects used throughout the test."""
   pre_obj = event.PreprocessObject()
   pre_obj.current_control_set = 'ControlSet001'
   self._plugin = usbstor.USBStorPlugin(pre_obj=pre_obj)