OLD | NEW |
1 # -*- coding: utf-8 -*- | 1 # -*- coding: utf-8 -*- |
2 """Preprocessing related functions and classes for testing.""" | 2 """Preprocessing related functions and classes for testing.""" |
3 | 3 |
| 4 from artifacts import reader as artifacts_reader |
| 5 from artifacts import registry as artifacts_registry |
4 from dfvfs.helpers import fake_file_system_builder | 6 from dfvfs.helpers import fake_file_system_builder |
5 from dfvfs.helpers import file_system_searcher | 7 from dfvfs.helpers import file_system_searcher |
6 from dfvfs.lib import definitions as dfvfs_definitions | 8 from dfvfs.lib import definitions as dfvfs_definitions |
7 from dfvfs.path import factory as path_spec_factory | 9 from dfvfs.path import factory as path_spec_factory |
8 from dfwinreg import registry as dfwinreg_registry | 10 from dfwinreg import registry as dfwinreg_registry |
| 11 from dfwinreg import registry_searcher |
9 | 12 |
10 from plaso.containers import artifacts | 13 from plaso.containers import artifacts |
11 from plaso.engine import knowledge_base | 14 from plaso.engine import knowledge_base |
12 from plaso.preprocessors import manager | 15 from plaso.preprocessors import manager |
13 | 16 |
14 from tests import test_lib as shared_test_lib | 17 from tests import test_lib as shared_test_lib |
15 | 18 |
16 | 19 |
17 class PreprocessPluginTestCase(shared_test_lib.BaseTestCase): | 20 @shared_test_lib.skipUnlessHasTestFile([u'artifacts']) |
18 """Preprocess plugin test case.""" | 21 class ArtifactPreprocessorPluginTestCase(shared_test_lib.BaseTestCase): |
| 22 """Artifact preprocessor plugin test case.""" |
19 | 23 |
20 def _RunFileSystemPlugin(self, file_system, mount_point, plugin): | 24 @classmethod |
21 """Runs a file system preprocess plugin. | 25 def setUpClass(cls): |
| 26 """Makes preparations before running any of the tests.""" |
| 27 cls._artifacts_registry = artifacts_registry.ArtifactDefinitionsRegistry() |
| 28 |
| 29 reader = artifacts_reader.YamlArtifactsReader() |
| 30 path = shared_test_lib.GetTestFilePath([u'artifacts']) |
| 31 cls._artifacts_registry.ReadFromDirectory(reader, path) |
| 32 |
| 33 def _RunPreprocessorPluginOnFileSystem( |
| 34 self, file_system, mount_point, plugin): |
| 35 """Runs a preprocessor plugin on a file system. |
22 | 36 |
23 Args: | 37 Args: |
24 file_system (dfvfs.FileSystem): file system to be preprocessed. | 38 file_system (dfvfs.FileSystem): file system to be preprocessed. |
25 mount_point (dfvfs.PathSpec): mount point path specification that refers | 39 mount_point (dfvfs.PathSpec): mount point path specification that refers |
26 to the base location of the file system. | 40 to the base location of the file system. |
27 plugin (PreprocessPlugin): preprocess plugin. | 41 plugin (ArtifactPreprocessorPlugin): preprocessor plugin. |
28 | 42 |
29 Return: | 43 Return: |
30 KnowledgeBase: knowledge base filled with preprocessing information. | 44 KnowledgeBase: knowledge base filled with preprocessing information. |
31 """ | 45 """ |
| 46 artifact_definition = self._artifacts_registry.GetDefinitionByName( |
| 47 plugin.ARTIFACT_DEFINITION_NAME) |
| 48 self.assertIsNotNone(artifact_definition) |
| 49 |
| 50 knowledge_base_object = knowledge_base.KnowledgeBase() |
| 51 |
32 searcher = file_system_searcher.FileSystemSearcher(file_system, mount_point) | 52 searcher = file_system_searcher.FileSystemSearcher(file_system, mount_point) |
33 | 53 |
34 knowledge_base_object = knowledge_base.KnowledgeBase() | 54 plugin.Collect( |
35 plugin.Run(searcher, knowledge_base_object) | 55 knowledge_base_object, artifact_definition, searcher, file_system) |
36 | 56 |
37 return knowledge_base_object | 57 return knowledge_base_object |
38 | 58 |
39 def _RunWindowsRegistryPlugin(self, file_system, mount_point, plugin): | 59 def _RunPreprocessorPluginOnWindowsRegistryValue( |
40 """Runs a Windows Registry preprocess plugin. | 60 self, file_system, mount_point, plugin): |
| 61 """Runs a preprocessor plugin on a Windows Registry value. |
41 | 62 |
42 Args: | 63 Args: |
43 file_system (dfvfs.FileSystem): file system to be preprocessed. | 64 file_system (dfvfs.FileSystem): file system to be preprocessed. |
44 mount_point (dfvfs.PathSpec): mount point path specification that refers | 65 mount_point (dfvfs.PathSpec): mount point path specification that refers |
45 to the base location of the file system. | 66 to the base location of the file system. |
46 plugin (PreprocessPlugin): preprocess plugin. | 67 plugin (ArtifactPreprocessorPlugin): preprocessor plugin. |
47 | 68 |
48 Return: | 69 Return: |
49 KnowledgeBase: knowledge base filled with preprocessing information. | 70 KnowledgeBase: knowledge base filled with preprocessing information. |
50 """ | 71 """ |
| 72 artifact_definition = self._artifacts_registry.GetDefinitionByName( |
| 73 plugin.ARTIFACT_DEFINITION_NAME) |
| 74 self.assertIsNotNone(artifact_definition) |
| 75 |
51 environment_variable = artifacts.EnvironmentVariableArtifact( | 76 environment_variable = artifacts.EnvironmentVariableArtifact( |
52 case_sensitive=False, name=u'SystemRoot', value=u'C:\\Windows') | 77 case_sensitive=False, name=u'SystemRoot', value=u'C:\\Windows') |
53 | 78 |
54 registry_file_reader = manager.FileSystemWinRegistryFileReader( | 79 registry_file_reader = manager.FileSystemWinRegistryFileReader( |
55 file_system, mount_point, environment_variables=[environment_variable]) | 80 file_system, mount_point, environment_variables=[environment_variable]) |
56 win_registry = dfwinreg_registry.WinRegistry( | 81 win_registry = dfwinreg_registry.WinRegistry( |
57 registry_file_reader=registry_file_reader) | 82 registry_file_reader=registry_file_reader) |
58 | 83 |
59 knowledge_base_object = knowledge_base.KnowledgeBase() | 84 knowledge_base_object = knowledge_base.KnowledgeBase() |
60 plugin.Run(win_registry, knowledge_base_object) | 85 |
| 86 searcher = registry_searcher.WinRegistrySearcher(win_registry) |
| 87 |
| 88 plugin.Collect(knowledge_base_object, artifact_definition, searcher) |
61 | 89 |
62 return knowledge_base_object | 90 return knowledge_base_object |
63 | 91 |
64 def _RunWindowsRegistryPluginOnSoftware(self, plugin): | 92 def _RunPreprocessorPluginOnWindowsRegistryValueSoftware(self, plugin): |
65 """Runs a Windows Registry preprocess plugin on a SOFTWARE file. | 93 """Runs a preprocessor plugin on a Windows Registry value in SOFTWARE. |
66 | 94 |
67 Args: | 95 Args: |
68 plugin (PreprocessPlugin): preprocess plugin. | 96 plugin (ArtifactPreprocessorPlugin): preprocessor plugin. |
69 | 97 |
70 Return: | 98 Return: |
71 KnowledgeBase: knowledge base filled with preprocessing information. | 99 KnowledgeBase: knowledge base filled with preprocessing information. |
72 """ | 100 """ |
73 file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() | 101 file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() |
74 test_file_path = self._GetTestFilePath([u'SOFTWARE']) | 102 test_file_path = self._GetTestFilePath([u'SOFTWARE']) |
75 file_system_builder.AddFileReadData( | 103 file_system_builder.AddFileReadData( |
76 u'/Windows/System32/config/SOFTWARE', test_file_path) | 104 u'/Windows/System32/config/SOFTWARE', test_file_path) |
77 | 105 |
78 mount_point = path_spec_factory.Factory.NewPathSpec( | 106 mount_point = path_spec_factory.Factory.NewPathSpec( |
79 dfvfs_definitions.TYPE_INDICATOR_FAKE, location=u'/') | 107 dfvfs_definitions.TYPE_INDICATOR_FAKE, location=u'/') |
80 | 108 |
81 return self._RunWindowsRegistryPlugin( | 109 return self._RunPreprocessorPluginOnWindowsRegistryValue( |
82 file_system_builder.file_system, mount_point, plugin) | 110 file_system_builder.file_system, mount_point, plugin) |
83 | 111 |
84 def _RunWindowsRegistryPluginOnSystem(self, plugin): | 112 def _RunPreprocessorPluginOnWindowsRegistryValueSystem(self, plugin): |
85 """Runs a Windows Registry preprocess plugin on a SYSTEM file. | 113 """Runs a preprocessor plugin on a Windows Registry value in SYSTEM. |
86 | 114 |
87 Args: | 115 Args: |
88 plugin (PreprocessPlugin): preprocess plugin. | 116 plugin (ArtifactPreprocessorPlugin): preprocessor plugin. |
89 | 117 |
90 Return: | 118 Return: |
91 KnowledgeBase: knowledge base filled with preprocessing information. | 119 KnowledgeBase: knowledge base filled with preprocessing information. |
92 """ | 120 """ |
93 file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() | 121 file_system_builder = fake_file_system_builder.FakeFileSystemBuilder() |
94 test_file_path = self._GetTestFilePath([u'SYSTEM']) | 122 test_file_path = self._GetTestFilePath([u'SYSTEM']) |
95 file_system_builder.AddFileReadData( | 123 file_system_builder.AddFileReadData( |
96 u'/Windows/System32/config/SYSTEM', test_file_path) | 124 u'/Windows/System32/config/SYSTEM', test_file_path) |
97 | 125 |
98 mount_point = path_spec_factory.Factory.NewPathSpec( | 126 mount_point = path_spec_factory.Factory.NewPathSpec( |
99 dfvfs_definitions.TYPE_INDICATOR_FAKE, location=u'/') | 127 dfvfs_definitions.TYPE_INDICATOR_FAKE, location=u'/') |
100 | 128 |
101 return self._RunWindowsRegistryPlugin( | 129 return self._RunPreprocessorPluginOnWindowsRegistryValue( |
102 file_system_builder.file_system, mount_point, plugin) | 130 file_system_builder.file_system, mount_point, plugin) |
OLD | NEW |