LEFT | RIGHT |
(no file at all) | |
1 #!/usr/bin/python | 1 #!/usr/bin/python |
2 # -*- coding: utf-8 -*- | 2 # -*- coding: utf-8 -*- |
3 """Tests for the log2timeline CLI tool.""" | 3 """Tests for the log2timeline CLI tool.""" |
4 | 4 |
5 import argparse | 5 import argparse |
6 import os | 6 import os |
7 import unittest | 7 import unittest |
8 | 8 |
9 from plaso.cli import log2timeline_tool | 9 from plaso.cli import log2timeline_tool |
10 from plaso.lib import errors | 10 from plaso.lib import errors |
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
161 # TODO: check output. | 161 # TODO: check output. |
162 # TODO: improve test coverage. | 162 # TODO: improve test coverage. |
163 | 163 |
164 @shared_test_lib.skipUnlessHasTestFile([u'testdir']) | 164 @shared_test_lib.skipUnlessHasTestFile([u'testdir']) |
165 def testParseOptions(self): | 165 def testParseOptions(self): |
166 """Tests the ParseOptions function.""" | 166 """Tests the ParseOptions function.""" |
167 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') | 167 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') |
168 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) | 168 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) |
169 | 169 |
170 options = test_lib.TestOptions() | 170 options = test_lib.TestOptions() |
| 171 options.artifact_definitions_path = self._GetTestFilePath([u'artifacts']) |
171 options.source = self._GetTestFilePath([u'testdir']) | 172 options.source = self._GetTestFilePath([u'testdir']) |
172 options.storage_file = u'storage.plaso' | 173 options.storage_file = u'storage.plaso' |
173 | 174 |
174 test_tool.ParseOptions(options) | 175 test_tool.ParseOptions(options) |
175 | 176 |
176 options = test_lib.TestOptions() | 177 options = test_lib.TestOptions() |
| 178 options.artifact_definitions_path = self._GetTestFilePath([u'artifacts']) |
177 | 179 |
178 # ParseOptions will raise if source is not set. | 180 # ParseOptions will raise if source is not set. |
179 with self.assertRaises(errors.BadConfigOption): | 181 with self.assertRaises(errors.BadConfigOption): |
180 test_tool.ParseOptions(options) | 182 test_tool.ParseOptions(options) |
181 | 183 |
182 options = test_lib.TestOptions() | 184 options = test_lib.TestOptions() |
| 185 options.artifact_definitions_path = self._GetTestFilePath([u'artifacts']) |
183 options.source = self._GetTestFilePath([u'testdir']) | 186 options.source = self._GetTestFilePath([u'testdir']) |
184 | 187 |
185 with self.assertRaises(errors.BadConfigOption): | 188 with self.assertRaises(errors.BadConfigOption): |
186 test_tool.ParseOptions(options) | 189 test_tool.ParseOptions(options) |
187 | 190 |
188 # TODO: improve test coverage. | 191 # TODO: improve test coverage. |
189 | 192 |
190 def testExtractEventsFromSourcesOnDirectory(self): | 193 def testExtractEventsFromSourcesOnDirectory(self): |
191 """Tests the ExtractEventsFromSources function on a directory.""" | 194 """Tests the ExtractEventsFromSources function on a directory.""" |
192 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') | 195 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') |
193 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) | 196 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) |
194 | 197 |
195 options = test_lib.TestOptions() | 198 options = test_lib.TestOptions() |
| 199 options.artifact_definitions_path = self._GetTestFilePath([u'artifacts']) |
196 options.quiet = True | 200 options.quiet = True |
197 options.single_process = True | 201 options.single_process = True |
198 options.status_view_mode = u'none' | 202 options.status_view_mode = u'none' |
199 options.source = self._GetTestFilePath([u'testdir']) | 203 options.source = self._GetTestFilePath([u'testdir']) |
200 | 204 |
201 with shared_test_lib.TempDirectory() as temp_directory: | 205 with shared_test_lib.TempDirectory() as temp_directory: |
202 options.storage_file = os.path.join(temp_directory, u'storage.plaso') | 206 options.storage_file = os.path.join(temp_directory, u'storage.plaso') |
203 | 207 |
204 test_tool.ParseOptions(options) | 208 test_tool.ParseOptions(options) |
205 | 209 |
(...skipping 11 matching lines...) Expand all Loading... |
217 | 221 |
218 output = output_writer.ReadOutput() | 222 output = output_writer.ReadOutput() |
219 self.assertEqual(output.split(b'\n'), expected_output) | 223 self.assertEqual(output.split(b'\n'), expected_output) |
220 | 224 |
221 def testExtractEventsFromSourcesOnBDEImage(self): | 225 def testExtractEventsFromSourcesOnBDEImage(self): |
222 """Tests the ExtractEventsFromSources function on BDE image.""" | 226 """Tests the ExtractEventsFromSources function on BDE image.""" |
223 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') | 227 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') |
224 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) | 228 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) |
225 | 229 |
226 options = test_lib.TestOptions() | 230 options = test_lib.TestOptions() |
| 231 options.artifact_definitions_path = self._GetTestFilePath([u'artifacts']) |
227 options.credentials = [u'password:{0:s}'.format(self._BDE_PASSWORD)] | 232 options.credentials = [u'password:{0:s}'.format(self._BDE_PASSWORD)] |
228 options.quiet = True | 233 options.quiet = True |
229 options.single_process = True | 234 options.single_process = True |
230 options.status_view_mode = u'none' | 235 options.status_view_mode = u'none' |
231 options.source = self._GetTestFilePath([u'bdetogo.raw']) | 236 options.source = self._GetTestFilePath([u'bdetogo.raw']) |
232 | 237 |
233 with shared_test_lib.TempDirectory() as temp_directory: | 238 with shared_test_lib.TempDirectory() as temp_directory: |
234 options.storage_file = os.path.join(temp_directory, u'storage.plaso') | 239 options.storage_file = os.path.join(temp_directory, u'storage.plaso') |
235 | 240 |
236 test_tool.ParseOptions(options) | 241 test_tool.ParseOptions(options) |
(...skipping 12 matching lines...) Expand all Loading... |
249 | 254 |
250 output = output_writer.ReadOutput() | 255 output = output_writer.ReadOutput() |
251 self.assertEqual(output.split(b'\n'), expected_output) | 256 self.assertEqual(output.split(b'\n'), expected_output) |
252 | 257 |
253 def testExtractEventsFromSourcesImage(self): | 258 def testExtractEventsFromSourcesImage(self): |
254 """Tests the ExtractEventsFromSources function on single partition image.""" | 259 """Tests the ExtractEventsFromSources function on single partition image.""" |
255 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') | 260 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') |
256 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) | 261 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) |
257 | 262 |
258 options = test_lib.TestOptions() | 263 options = test_lib.TestOptions() |
| 264 options.artifact_definitions_path = self._GetTestFilePath([u'artifacts']) |
259 options.quiet = True | 265 options.quiet = True |
260 options.single_process = True | 266 options.single_process = True |
261 options.status_view_mode = u'none' | 267 options.status_view_mode = u'none' |
262 options.source = self._GetTestFilePath([u'ímynd.dd']) | 268 options.source = self._GetTestFilePath([u'ímynd.dd']) |
263 | 269 |
264 with shared_test_lib.TempDirectory() as temp_directory: | 270 with shared_test_lib.TempDirectory() as temp_directory: |
265 options.storage_file = os.path.join(temp_directory, u'storage.plaso') | 271 options.storage_file = os.path.join(temp_directory, u'storage.plaso') |
266 | 272 |
267 test_tool.ParseOptions(options) | 273 test_tool.ParseOptions(options) |
268 | 274 |
(...skipping 11 matching lines...) Expand all Loading... |
280 | 286 |
281 output = output_writer.ReadOutput() | 287 output = output_writer.ReadOutput() |
282 self.assertEqual(output.split(b'\n'), expected_output) | 288 self.assertEqual(output.split(b'\n'), expected_output) |
283 | 289 |
284 def testExtractEventsFromSourcesPartitionedImage(self): | 290 def testExtractEventsFromSourcesPartitionedImage(self): |
285 """Tests the ExtractEventsFromSources function on multi partition image.""" | 291 """Tests the ExtractEventsFromSources function on multi partition image.""" |
286 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') | 292 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') |
287 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) | 293 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) |
288 | 294 |
289 options = test_lib.TestOptions() | 295 options = test_lib.TestOptions() |
| 296 options.artifact_definitions_path = self._GetTestFilePath([u'artifacts']) |
290 options.partitions = u'all' | 297 options.partitions = u'all' |
291 options.quiet = True | 298 options.quiet = True |
292 options.single_process = True | 299 options.single_process = True |
293 options.status_view_mode = u'none' | 300 options.status_view_mode = u'none' |
294 # Note that the source file is a RAW (VMDK flat) image. | 301 # Note that the source file is a RAW (VMDK flat) image. |
295 options.source = self._GetTestFilePath([u'multi_partition_image.vmdk']) | 302 options.source = self._GetTestFilePath([u'multi_partition_image.vmdk']) |
296 | 303 |
297 with shared_test_lib.TempDirectory() as temp_directory: | 304 with shared_test_lib.TempDirectory() as temp_directory: |
298 options.storage_file = os.path.join(temp_directory, u'storage.plaso') | 305 options.storage_file = os.path.join(temp_directory, u'storage.plaso') |
299 | 306 |
(...skipping 13 matching lines...) Expand all Loading... |
313 | 320 |
314 output = output_writer.ReadOutput() | 321 output = output_writer.ReadOutput() |
315 self.assertEqual(output.split(b'\n'), expected_output) | 322 self.assertEqual(output.split(b'\n'), expected_output) |
316 | 323 |
317 def testExtractEventsFromSourcesOnVSSImage(self): | 324 def testExtractEventsFromSourcesOnVSSImage(self): |
318 """Tests the ExtractEventsFromSources function on VSS image.""" | 325 """Tests the ExtractEventsFromSources function on VSS image.""" |
319 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') | 326 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') |
320 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) | 327 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) |
321 | 328 |
322 options = test_lib.TestOptions() | 329 options = test_lib.TestOptions() |
| 330 options.artifact_definitions_path = self._GetTestFilePath([u'artifacts']) |
323 options.quiet = True | 331 options.quiet = True |
324 options.single_process = True | 332 options.single_process = True |
325 options.status_view_mode = u'none' | 333 options.status_view_mode = u'none' |
326 options.source = self._GetTestFilePath([u'vsstest.qcow2']) | 334 options.source = self._GetTestFilePath([u'vsstest.qcow2']) |
327 options.vss_stores = u'all' | 335 options.vss_stores = u'all' |
328 | 336 |
329 with shared_test_lib.TempDirectory() as temp_directory: | 337 with shared_test_lib.TempDirectory() as temp_directory: |
330 options.storage_file = os.path.join(temp_directory, u'storage.plaso') | 338 options.storage_file = os.path.join(temp_directory, u'storage.plaso') |
331 | 339 |
332 test_tool.ParseOptions(options) | 340 test_tool.ParseOptions(options) |
(...skipping 16 matching lines...) Expand all Loading... |
349 | 357 |
350 output = output_writer.ReadOutput() | 358 output = output_writer.ReadOutput() |
351 self.assertEqual(output.split(b'\n'), expected_output) | 359 self.assertEqual(output.split(b'\n'), expected_output) |
352 | 360 |
353 def testExtractEventsFromSourcesOnFile(self): | 361 def testExtractEventsFromSourcesOnFile(self): |
354 """Tests the ExtractEventsFromSources function on a file.""" | 362 """Tests the ExtractEventsFromSources function on a file.""" |
355 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') | 363 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') |
356 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) | 364 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) |
357 | 365 |
358 options = test_lib.TestOptions() | 366 options = test_lib.TestOptions() |
| 367 options.artifact_definitions_path = self._GetTestFilePath([u'artifacts']) |
359 options.quiet = True | 368 options.quiet = True |
360 options.single_process = True | 369 options.single_process = True |
361 options.status_view_mode = u'none' | 370 options.status_view_mode = u'none' |
362 options.source = self._GetTestFilePath([u'System.evtx']) | 371 options.source = self._GetTestFilePath([u'System.evtx']) |
363 | 372 |
364 with shared_test_lib.TempDirectory() as temp_directory: | 373 with shared_test_lib.TempDirectory() as temp_directory: |
365 options.storage_file = os.path.join(temp_directory, u'storage.plaso') | 374 options.storage_file = os.path.join(temp_directory, u'storage.plaso') |
366 | 375 |
367 test_tool.ParseOptions(options) | 376 test_tool.ParseOptions(options) |
368 | 377 |
(...skipping 11 matching lines...) Expand all Loading... |
380 | 389 |
381 output = output_writer.ReadOutput() | 390 output = output_writer.ReadOutput() |
382 self.assertEqual(output.split(b'\n'), expected_output) | 391 self.assertEqual(output.split(b'\n'), expected_output) |
383 | 392 |
384 def testExtractEventsFromSourcesWithFilestat(self): | 393 def testExtractEventsFromSourcesWithFilestat(self): |
385 """Tests the ExtractEventsFromSources function with filestat parser.""" | 394 """Tests the ExtractEventsFromSources function with filestat parser.""" |
386 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') | 395 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') |
387 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) | 396 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) |
388 | 397 |
389 options = test_lib.TestOptions() | 398 options = test_lib.TestOptions() |
| 399 options.artifact_definitions_path = self._GetTestFilePath([u'artifacts']) |
390 options.quiet = True | 400 options.quiet = True |
391 options.parsers = u'filestat,pe' | 401 options.parsers = u'filestat,pe' |
392 options.single_process = True | 402 options.single_process = True |
393 options.status_view_mode = u'none' | 403 options.status_view_mode = u'none' |
394 options.source = self._GetTestFilePath([u'test_pe.exe']) | 404 options.source = self._GetTestFilePath([u'test_pe.exe']) |
395 | 405 |
396 with shared_test_lib.TempDirectory() as temp_directory: | 406 with shared_test_lib.TempDirectory() as temp_directory: |
397 options.storage_file = os.path.join(temp_directory, u'storage.plaso') | 407 options.storage_file = os.path.join(temp_directory, u'storage.plaso') |
398 | 408 |
399 test_tool.ParseOptions(options) | 409 test_tool.ParseOptions(options) |
(...skipping 11 matching lines...) Expand all Loading... |
411 # There should be 3 filestat and 3 pe parser generated events. | 421 # There should be 3 filestat and 3 pe parser generated events. |
412 events = list(storage_file.GetSortedEvents()) | 422 events = list(storage_file.GetSortedEvents()) |
413 self.assertEqual(len(events), 6) | 423 self.assertEqual(len(events), 6) |
414 | 424 |
415 def testShowInfo(self): | 425 def testShowInfo(self): |
416 """Tests the output of the tool in info mode.""" | 426 """Tests the output of the tool in info mode.""" |
417 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') | 427 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') |
418 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) | 428 test_tool = log2timeline_tool.Log2TimelineTool(output_writer=output_writer) |
419 | 429 |
420 options = test_lib.TestOptions() | 430 options = test_lib.TestOptions() |
| 431 options.artifact_definitions_path = self._GetTestFilePath([u'artifacts']) |
421 options.show_info = True | 432 options.show_info = True |
| 433 |
422 test_tool.ParseOptions(options) | 434 test_tool.ParseOptions(options) |
423 test_tool.ShowInfo() | 435 test_tool.ShowInfo() |
| 436 |
424 output = output_writer.ReadOutput() | 437 output = output_writer.ReadOutput() |
425 | 438 |
426 section_headings = [ | 439 section_headings = [ |
427 u'Parser Presets', u'Hashers', u'Parser Plugins', u'Versions', | 440 u'Parser Presets', u'Hashers', u'Parser Plugins', u'Versions', |
428 u'Parsers', u'Output Modules'] | 441 u'Parsers', u'Output Modules'] |
429 for heading in section_headings: | 442 for heading in section_headings: |
430 self.assertIn(heading, output) | 443 self.assertIn(heading, output) |
431 | 444 |
432 self.assertNotIn(u'<class', output) | 445 self.assertNotIn(u'<class', output) |
433 | 446 |
434 | 447 |
435 if __name__ == '__main__': | 448 if __name__ == '__main__': |
436 unittest.main() | 449 unittest.main() |
LEFT | RIGHT |