Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(637)

Unified Diff: tests/preprocessors/test_lib.py

Issue 150170043: [plaso] Made preprocessing artifact driven #155 (Closed)
Patch Set: Changes after review and merge Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « tests/preprocessors/manager.py ('k') | tests/preprocessors/windows.py » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: tests/preprocessors/test_lib.py
diff --git a/tests/preprocessors/test_lib.py b/tests/preprocessors/test_lib.py
index 662c0085f1e54ffed5e5b2d90ac48adf31211afc..62885ecd4fa9d313287e3584f4da0e63fe5e9bdb 100644
--- a/tests/preprocessors/test_lib.py
+++ b/tests/preprocessors/test_lib.py
@@ -1,11 +1,14 @@
# -*- coding: utf-8 -*-
"""Preprocessing related functions and classes for testing."""
+from artifacts import reader as artifacts_reader
+from artifacts import registry as artifacts_registry
from dfvfs.helpers import fake_file_system_builder
from dfvfs.helpers import file_system_searcher
from dfvfs.lib import definitions as dfvfs_definitions
from dfvfs.path import factory as path_spec_factory
from dfwinreg import registry as dfwinreg_registry
+from dfwinreg import registry_searcher
from plaso.containers import artifacts
from plaso.engine import knowledge_base
@@ -14,40 +17,62 @@ from plaso.preprocessors import manager
from tests import test_lib as shared_test_lib
-class PreprocessPluginTestCase(shared_test_lib.BaseTestCase):
- """Preprocess plugin test case."""
+@shared_test_lib.skipUnlessHasTestFile([u'artifacts'])
+class ArtifactPreprocessorPluginTestCase(shared_test_lib.BaseTestCase):
+ """Artifact preprocessor plugin test case."""
- def _RunFileSystemPlugin(self, file_system, mount_point, plugin):
- """Runs a file system preprocess plugin.
+ @classmethod
+ def setUpClass(cls):
+ """Makes preparations before running any of the tests."""
+ cls._artifacts_registry = artifacts_registry.ArtifactDefinitionsRegistry()
+
+ reader = artifacts_reader.YamlArtifactsReader()
+ path = shared_test_lib.GetTestFilePath([u'artifacts'])
+ cls._artifacts_registry.ReadFromDirectory(reader, path)
+
+ def _RunPreprocessorPluginOnFileSystem(
+ self, file_system, mount_point, plugin):
+ """Runs a preprocessor plugin on a file system.
Args:
file_system (dfvfs.FileSystem): file system to be preprocessed.
mount_point (dfvfs.PathSpec): mount point path specification that refers
to the base location of the file system.
- plugin (PreprocessPlugin): preprocess plugin.
+ plugin (ArtifactPreprocessorPlugin): preprocessor plugin.
Return:
KnowledgeBase: knowledge base filled with preprocessing information.
"""
- searcher = file_system_searcher.FileSystemSearcher(file_system, mount_point)
+ artifact_definition = self._artifacts_registry.GetDefinitionByName(
+ plugin.ARTIFACT_DEFINITION_NAME)
+ self.assertIsNotNone(artifact_definition)
knowledge_base_object = knowledge_base.KnowledgeBase()
- plugin.Run(searcher, knowledge_base_object)
+
+ searcher = file_system_searcher.FileSystemSearcher(file_system, mount_point)
+
+ plugin.Collect(
+ knowledge_base_object, artifact_definition, searcher, file_system)
return knowledge_base_object
- def _RunWindowsRegistryPlugin(self, file_system, mount_point, plugin):
- """Runs a Windows Registry preprocess plugin.
+ def _RunPreprocessorPluginOnWindowsRegistryValue(
+ self, file_system, mount_point, plugin):
+ """Runs a preprocessor plugin on a Windows Registry value.
Args:
file_system (dfvfs.FileSystem): file system to be preprocessed.
mount_point (dfvfs.PathSpec): mount point path specification that refers
to the base location of the file system.
- plugin (PreprocessPlugin): preprocess plugin.
+ plugin (ArtifactPreprocessorPlugin): preprocessor plugin.
Return:
KnowledgeBase: knowledge base filled with preprocessing information.
"""
+ artifact_definition = self._artifacts_registry.GetDefinitionByName(
+ plugin.ARTIFACT_DEFINITION_NAME)
+ self.assertIsNotNone(artifact_definition)
+
environment_variable = artifacts.EnvironmentVariableArtifact(
case_sensitive=False, name=u'SystemRoot', value=u'C:\\Windows')
@@ -57,15 +82,18 @@ class PreprocessPluginTestCase(shared_test_lib.BaseTestCase):
registry_file_reader=registry_file_reader)
knowledge_base_object = knowledge_base.KnowledgeBase()
- plugin.Run(win_registry, knowledge_base_object)
+
+ searcher = registry_searcher.WinRegistrySearcher(win_registry)
+
+ plugin.Collect(knowledge_base_object, artifact_definition, searcher)
return knowledge_base_object
- def _RunWindowsRegistryPluginOnSoftware(self, plugin):
- """Runs a Windows Registry preprocess plugin on a SOFTWARE file.
+ def _RunPreprocessorPluginOnWindowsRegistryValueSoftware(self, plugin):
+ """Runs a preprocessor plugin on a Windows Registry value in SOFTWARE.
Args:
- plugin (PreprocessPlugin): preprocess plugin.
+ plugin (ArtifactPreprocessorPlugin): preprocessor plugin.
Return:
KnowledgeBase: knowledge base filled with preprocessing information.
@@ -78,14 +106,14 @@ class PreprocessPluginTestCase(shared_test_lib.BaseTestCase):
mount_point = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_FAKE, location=u'/')
- return self._RunWindowsRegistryPlugin(
+ return self._RunPreprocessorPluginOnWindowsRegistryValue(
file_system_builder.file_system, mount_point, plugin)
- def _RunWindowsRegistryPluginOnSystem(self, plugin):
- """Runs a Windows Registry preprocess plugin on a SYSTEM file.
+ def _RunPreprocessorPluginOnWindowsRegistryValueSystem(self, plugin):
+ """Runs a preprocessor plugin on a Windows Registry value in SYSTEM.
Args:
- plugin (PreprocessPlugin): preprocess plugin.
+ plugin (ArtifactPreprocessorPlugin): preprocessor plugin.
Return:
KnowledgeBase: knowledge base filled with preprocessing information.
@@ -98,5 +126,5 @@ class PreprocessPluginTestCase(shared_test_lib.BaseTestCase):
mount_point = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_FAKE, location=u'/')
- return self._RunWindowsRegistryPlugin(
+ return self._RunPreprocessorPluginOnWindowsRegistryValue(
file_system_builder.file_system, mount_point, plugin)
« no previous file with comments | « tests/preprocessors/manager.py ('k') | tests/preprocessors/windows.py » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b