Index: tests/preprocessors/test_lib.py |
diff --git a/tests/preprocessors/test_lib.py b/tests/preprocessors/test_lib.py |
index 662c0085f1e54ffed5e5b2d90ac48adf31211afc..62885ecd4fa9d313287e3584f4da0e63fe5e9bdb 100644 |
--- a/tests/preprocessors/test_lib.py |
+++ b/tests/preprocessors/test_lib.py |
@@ -1,11 +1,14 @@ |
# -*- coding: utf-8 -*- |
"""Preprocessing related functions and classes for testing.""" |
+from artifacts import reader as artifacts_reader |
+from artifacts import registry as artifacts_registry |
from dfvfs.helpers import fake_file_system_builder |
from dfvfs.helpers import file_system_searcher |
from dfvfs.lib import definitions as dfvfs_definitions |
from dfvfs.path import factory as path_spec_factory |
from dfwinreg import registry as dfwinreg_registry |
+from dfwinreg import registry_searcher |
from plaso.containers import artifacts |
from plaso.engine import knowledge_base |
@@ -14,40 +17,62 @@ from plaso.preprocessors import manager |
from tests import test_lib as shared_test_lib |
-class PreprocessPluginTestCase(shared_test_lib.BaseTestCase): |
- """Preprocess plugin test case.""" |
+@shared_test_lib.skipUnlessHasTestFile([u'artifacts']) |
+class ArtifactPreprocessorPluginTestCase(shared_test_lib.BaseTestCase): |
+ """Artifact preprocessor plugin test case.""" |
- def _RunFileSystemPlugin(self, file_system, mount_point, plugin): |
- """Runs a file system preprocess plugin. |
+ @classmethod |
+ def setUpClass(cls): |
+ """Makes preparations before running any of the tests.""" |
+ cls._artifacts_registry = artifacts_registry.ArtifactDefinitionsRegistry() |
+ |
+ reader = artifacts_reader.YamlArtifactsReader() |
+ path = shared_test_lib.GetTestFilePath([u'artifacts']) |
+ cls._artifacts_registry.ReadFromDirectory(reader, path) |
+ |
+ def _RunPreprocessorPluginOnFileSystem( |
+ self, file_system, mount_point, plugin): |
+ """Runs a preprocessor plugin on a file system. |
Args: |
file_system (dfvfs.FileSystem): file system to be preprocessed. |
mount_point (dfvfs.PathSpec): mount point path specification that refers |
to the base location of the file system. |
- plugin (PreprocessPlugin): preprocess plugin. |
+ plugin (ArtifactPreprocessorPlugin): preprocessor plugin. |
Return: |
KnowledgeBase: knowledge base filled with preprocessing information. |
""" |
- searcher = file_system_searcher.FileSystemSearcher(file_system, mount_point) |
+ artifact_definition = self._artifacts_registry.GetDefinitionByName( |
+ plugin.ARTIFACT_DEFINITION_NAME) |
+ self.assertIsNotNone(artifact_definition) |
knowledge_base_object = knowledge_base.KnowledgeBase() |
- plugin.Run(searcher, knowledge_base_object) |
+ |
+ searcher = file_system_searcher.FileSystemSearcher(file_system, mount_point) |
+ |
+ plugin.Collect( |
+ knowledge_base_object, artifact_definition, searcher, file_system) |
return knowledge_base_object |
- def _RunWindowsRegistryPlugin(self, file_system, mount_point, plugin): |
- """Runs a Windows Registry preprocess plugin. |
+ def _RunPreprocessorPluginOnWindowsRegistryValue( |
+ self, file_system, mount_point, plugin): |
+ """Runs a preprocessor plugin on a Windows Registry value. |
Args: |
file_system (dfvfs.FileSystem): file system to be preprocessed. |
mount_point (dfvfs.PathSpec): mount point path specification that refers |
to the base location of the file system. |
- plugin (PreprocessPlugin): preprocess plugin. |
+ plugin (ArtifactPreprocessorPlugin): preprocessor plugin. |
Return: |
KnowledgeBase: knowledge base filled with preprocessing information. |
""" |
+ artifact_definition = self._artifacts_registry.GetDefinitionByName( |
+ plugin.ARTIFACT_DEFINITION_NAME) |
+ self.assertIsNotNone(artifact_definition) |
+ |
environment_variable = artifacts.EnvironmentVariableArtifact( |
case_sensitive=False, name=u'SystemRoot', value=u'C:\\Windows') |
@@ -57,15 +82,18 @@ class PreprocessPluginTestCase(shared_test_lib.BaseTestCase): |
registry_file_reader=registry_file_reader) |
knowledge_base_object = knowledge_base.KnowledgeBase() |
- plugin.Run(win_registry, knowledge_base_object) |
+ |
+ searcher = registry_searcher.WinRegistrySearcher(win_registry) |
+ |
+ plugin.Collect(knowledge_base_object, artifact_definition, searcher) |
return knowledge_base_object |
- def _RunWindowsRegistryPluginOnSoftware(self, plugin): |
- """Runs a Windows Registry preprocess plugin on a SOFTWARE file. |
+ def _RunPreprocessorPluginOnWindowsRegistryValueSoftware(self, plugin): |
+ """Runs a preprocessor plugin on a Windows Registry value in SOFTWARE. |
Args: |
- plugin (PreprocessPlugin): preprocess plugin. |
+ plugin (ArtifactPreprocessorPlugin): preprocessor plugin. |
Return: |
KnowledgeBase: knowledge base filled with preprocessing information. |
@@ -78,14 +106,14 @@ class PreprocessPluginTestCase(shared_test_lib.BaseTestCase): |
mount_point = path_spec_factory.Factory.NewPathSpec( |
dfvfs_definitions.TYPE_INDICATOR_FAKE, location=u'/') |
- return self._RunWindowsRegistryPlugin( |
+ return self._RunPreprocessorPluginOnWindowsRegistryValue( |
file_system_builder.file_system, mount_point, plugin) |
- def _RunWindowsRegistryPluginOnSystem(self, plugin): |
- """Runs a Windows Registry preprocess plugin on a SYSTEM file. |
+ def _RunPreprocessorPluginOnWindowsRegistryValueSystem(self, plugin): |
+ """Runs a preprocessor plugin on a Windows Registry value in SYSTEM. |
Args: |
- plugin (PreprocessPlugin): preprocess plugin. |
+ plugin (ArtifactPreprocessorPlugin): preprocessor plugin. |
Return: |
KnowledgeBase: knowledge base filled with preprocessing information. |
@@ -98,5 +126,5 @@ class PreprocessPluginTestCase(shared_test_lib.BaseTestCase): |
mount_point = path_spec_factory.Factory.NewPathSpec( |
dfvfs_definitions.TYPE_INDICATOR_FAKE, location=u'/') |
- return self._RunWindowsRegistryPlugin( |
+ return self._RunPreprocessorPluginOnWindowsRegistryValue( |
file_system_builder.file_system, mount_point, plugin) |