def testParseArguments(self):
"""Tests the ParseArguments function."""
output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
test_tool = pinfo.PinfoTool(output_writer=output_writer)
result = test_tool.ParseArguments()
self.assertFalse(result)
def testCompareStorages(self):
"""Tests the CompareStorages function."""
output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
test_tool = pinfo.PinfoTool(output_writer=output_writer)
test_file1 = self._GetTestFilePath([u'psort_test.json.plaso'])
test_file2 = self._GetTestFilePath([u'pinfo_test.json.plaso'])
options = cli_test_lib.TestOptions()
options.compare_storage_file = test_file1
options.storage_file = test_file1
test_tool.ParseOptions(options)
self.assertTrue(test_tool.CompareStorages())
output = output_writer.ReadOutput()
self.assertEqual(output, b'Storages are identical.\n')
options = cli_test_lib.TestOptions()
options.compare_storage_file = test_file1
options.storage_file = test_file2
test_tool.ParseOptions(options)
self.assertFalse(test_tool.CompareStorages())
output = output_writer.ReadOutput()
self.assertEqual(output, b'Storages are different.\n')
def testPrintStorageInformationAsJSON(self):
"""Tests the _PrintStorageInformationAsJSON function."""
test_filename = u'pinfo_test.json.plaso'
session_identifier = u'3c552fe34e6448718a7f0f4c95dfc1fe'
session_start_time = timelib.Timestamp.CopyFromString(
u'2016-10-16 15:13:58.171984+00:00')
output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
test_tool = pinfo.PinfoTool(output_writer=output_writer)
test_file = self._GetTestFilePath([test_filename])
options = cli_test_lib.TestOptions()
options.storage_file = test_file
options.output_format = u'json'
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
output = output_writer.ReadOutput()
json_output = json.loads(output)
first_session = json_output[
u'session_3c552fe34e6448718a7f0f4c95dfc1fe']
self.assertEqual(first_session[u'identifier'], session_identifier)
self.assertEqual(first_session[u'start_time'], session_start_time)
parsers_counter = first_session[u'parsers_counter']
self.assertEqual(parsers_counter[u'total'], 3)
self.assertEqual(parsers_counter[u'filestat'], 3)
def testParseOptions(self):
"""Tests the ParseOptions function."""
output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
test_tool = pinfo.PinfoTool(output_writer=output_writer)
options = cli_test_lib.TestOptions()
options.storage_file = self._GetTestFilePath(
[u'pinfo_test.json.plaso'])
test_tool.ParseOptions(options)
options = cli_test_lib.TestOptions()
with self.assertRaises(errors.BadConfigOption):
test_tool.ParseOptions(options)
def testPrintStorageInformationAsText(self):
"""Tests the _PrintStorageInformationAsText function."""
output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
test_tool = pinfo.PinfoTool(output_writer=output_writer)
test_filename = u'pinfo_test.json.plaso'
format_version = u'20160715'
plaso_version = u'1.5.1_20161013'
session_identifier = u'3c552fe3-4e64-4871-8a7f-0f4c95dfc1fe'
session_start_time = u'2016-10-16T15:13:58.171984+00:00'
session_completion_time = u'2016-10-16T15:13:58.957462+00:00'
command_line_arguments = (
u'./tools/log2timeline.py --partition=all --quiet '
u'pinfo_test.json.plaso test_data/tsk_volume_system.raw')
enabled_parser_names = u', '.join([
u'android_app_usage', u'asl_log', u'bencode',
u'bencode/bencode_transmission', u'bencode/bencode_utorrent',
u'binary_cookies', u'bsm_log', u'chrome_cache',
u'chrome_preferences', u'cups_ipp', u'custom_destinations',
u'dockerjson', u'dpkg', u'esedb', u'esedb/esedb_file_history',
u'esedb/msie_webcache', u'filestat', u'firefox_cache',
u'firefox_cache2', u'hachoir', u'java_idx', u'lnk',
u'mac_appfirewall_log', u'mac_keychain', u'mac_securityd',
u'mactime', u'macwifi', u'mcafee_protection', u'mft', u'msiecf',
u'olecf', u'olecf/olecf_automatic_destinations',
u'olecf/olecf_default', u'olecf/olecf_document_summary',
u'olecf/olecf_summary', u'openxml', u'opera_global',
u'opera_typed_history', u'pe', u'plist', u'plist/airport',
u'plist/apple_id', u'plist/ipod_device', u'plist/macosx_bluetooth',
u'plist/macosx_install_history', u'plist/macuser',
u'plist/maxos_software_update', u'plist/plist_default',
u'plist/safari_history', u'plist/spotlight',
u'plist/spotlight_volume', u'plist/time_machine', u'pls_recall',
u'popularity_contest', u'prefetch', u'recycle_bin',
u'recycle_bin_info2', u'rplog', u'sccm', u'selinux',
u'skydrive_log', u'skydrive_log_old', u'sqlite',
u'sqlite/android_calls', u'sqlite/android_sms', u'sqlite/appusage',
u'sqlite/chrome_cookies', u'sqlite/chrome_extension_activity',
u'sqlite/chrome_history', u'sqlite/firefox_cookies',
u'sqlite/firefox_downloads', u'sqlite/firefox_history',
u'sqlite/google_drive', u'sqlite/imessage',
u'sqlite/kik_messenger', u'sqlite/ls_quarantine',
u'sqlite/mac_document_versions', u'sqlite/mackeeper_cache',
u'sqlite/skype', u'sqlite/twitter_ios', u'sqlite/zeitgeist',
u'symantec_scanlog', u'syslog', u'syslog/cron', u'syslog/ssh',
u'usnjrnl', u'utmp', u'utmpx', u'winevt', u'winevtx',
u'winfirewall', u'winiis', u'winjob', u'winreg',
u'winreg/appcompatcache', u'winreg/bagmru', u'winreg/ccleaner',
u'winreg/explorer_mountpoints2', u'winreg/explorer_programscache',
u'winreg/microsoft_office_mru', u'winreg/microsoft_outlook_mru',
u'winreg/mrulist_shell_item_list', u'winreg/mrulist_string',
u'winreg/mrulistex_shell_item_list', u'winreg/mrulistex_string',
u'winreg/mrulistex_string_and_shell_item',
u'winreg/mrulistex_string_and_shell_item_list',
u'winreg/msie_zone', u'winreg/mstsc_rdp', u'winreg/mstsc_rdp_mru',
u'winreg/network_drives', u'winreg/userassist',
u'winreg/windows_boot_execute', u'winreg/windows_boot_verify',
u'winreg/windows_run', u'winreg/windows_sam_users',
u'winreg/windows_services', u'winreg/windows_shutdown',
u'winreg/windows_task_cache', u'winreg/windows_timezone',
u'winreg/windows_typed_urls', u'winreg/windows_usb_devices',
u'winreg/windows_usbstor_devices', u'winreg/windows_version',
u'winreg/winlogon', u'winreg/winrar_mru', u'winreg/winreg_default',
u'xchatlog', u'xchatscrollback'
])
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI,
title=u'Plaso Storage Information')
table_view.AddRow([u'Filename', test_filename])
table_view.AddRow([u'Format version', format_version])
table_view.AddRow([u'Serialization format', u'json'])
table_view.Write(output_writer)
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI, title=u'Sessions')
table_view.AddRow([session_identifier, session_start_time])
table_view.Write(output_writer)
title = u'Session: {0!s}'.format(session_identifier)
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI, title=title)
table_view.AddRow([u'Start time', session_start_time])
table_view.AddRow([u'Completion time', session_completion_time])
table_view.AddRow([u'Product name', u'plaso'])
table_view.AddRow([u'Product version', plaso_version])
table_view.AddRow([u'Command line arguments', command_line_arguments])
table_view.AddRow([u'Parser filter expression', u'N/A'])
table_view.AddRow(
[u'Enabled parser and plugins', enabled_parser_names])
table_view.AddRow([u'Preferred encoding', u'UTF-8'])
table_view.AddRow([u'Debug mode', u'False'])
table_view.AddRow([u'Filter file', u'N/A'])
table_view.AddRow([u'Filter expression', u'N/A'])
table_view.Write(output_writer)
table_view = cli_views.ViewsFactory.GetTableView(
cli_views.ViewsFactory.FORMAT_TYPE_CLI,
column_names=[u'Parser (plugin) name', u'Number of events'],
title=u'Events generated per parser')
table_view.AddRow([u'filestat', u'3'])
table_view.AddRow([u'Total', u'3'])
table_view.Write(output_writer)
expected_output = output_writer.ReadOutput()
expected_output = (b'{0:s}'
b'No errors stored.\n'
b'\n'
b'No analysis reports stored.\n'
b'\n').format(expected_output)
test_file = self._GetTestFilePath([test_filename])
options = cli_test_lib.TestOptions()
options.storage_file = test_file
options.output_format = u'text'
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
output = output_writer.ReadOutput()
# Compare the output as list of lines which makes it easier to spot
# differences.
self.assertEqual(output.split(b'\n'), expected_output.split(b'\n'))
def testPrintStorageInformation(self):
"""Tests the PrintStorageInformation function."""
# Make sure the test outputs UTF-8.
output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
test_tool = pinfo.PinfoTool(output_writer=output_writer)
options = frontend.Options()
options.storage_file = self._GetTestFilePath([u'psort_test.out'])
test_tool.ParseOptions(options)
test_tool.PrintStorageInformation()
# TODO: clean up output so that u'...' is not generated.
expected_output = (
b'---------------------------------------------------------------------'
b'-----------\n'
b'\t\tPlaso Storage Information\n'
b'---------------------------------------------------------------------'
b'-----------\n'
b'Storage file:\t\t{0:s}\n'
b'Source processed:\tsyslog\nTime of processing:\t'
b'2014-02-15T04:33:16+00:00\n'
b'\n'
b'Collection information:\n'
b'\tparser_selection = \n'
b'\tos_detected = N/A\n'
b'\tconfigured_zone = UTC\n'
b'\tdebug = False\n'
b'\tparsers = [u\'sqlite\', u\'winfirewall\', u\'selinux\', '
b'u\'recycle_bin\', u\'filestat\', u\'syslog\', u\'lnk\', '
b'u\'xchatscrollback\', u\'symantec_scanlog\', u\'recycle_bin_info2\', '
b'u\'winevtx\', u\'plist\', u\'bsm_log\', u\'mac_keychain\', '
b'u\'mac_securityd\', u\'utmp\', u\'asl_log\', u\'opera_global\', '
b'u\'winjob\', u\'prefetch\', u\'winreg\', u\'msiecf\', u\'bencode\', '
b'u\'skydrive_log\', u\'openxml\', u\'utmpx\', u\'winevt\', '
b'u\'hachoir\', u\'opera_typed_history\', u\'mac_appfirewall_log\', '
b'u\'olecf\', u\'xchatlog\', u\'macwifi\', u\'mactime\', '
b'u\'java_idx\', u\'mcafee_protection\', u\'skydrive_log_error\']\n'
b'\tprotobuf_size = 300\n'
b'\tvss parsing = False\n'
b'\trecursive = False\n'
b'\tpreferred_encoding = UTF-8\n'
b'\tworkers = 12\n'
b'\toutput_file = psort_test.out\n'
b'\tversion = 1.1.0-dev_20140213\n'
b'\tcmd_line = /usr/local/bin/log2timeline.py psort_test.out syslog '
b'--buffer_size=300\n'
b'\tpreprocess = False\n'
b'\truntime = multi threaded\n'
b'\tmethod = OS collection\n'
b'\n'
b'Parser counter information:\n'
b'\tCounter: total = 15\n'
b'\tCounter: syslog = 12\n'
b'\tCounter: filestat = 3\n'
b'\n'
b'Store information:\n'
b'\tNumber of available stores: 7\n'
b'\tStore information details omitted (to see use: --verbose)\n'
b'\n'
b'Preprocessing information omitted (to see use: --verbose).\n'
b'\n'
b'No reports stored.\n'
b'-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+'
b'-+-+-+-+-+-+').format(options.storage_file.encode(u'utf-8'))
output = output_writer.ReadOutput()
self.assertEqual(output, expected_output)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._output_writer = cli_test_lib.TestOutputWriter(encoding=u'utf-8')
self._test_tool = pinfo.PinfoTool(output_writer=self._output_writer)