OLD | NEW |
1 #!/usr/bin/python | 1 #!/usr/bin/python |
2 # -*- coding: utf-8 -*- | 2 # -*- coding: utf-8 -*- |
3 """Tests for the extraction tool object.""" | 3 """Tests for the extraction tool object.""" |
4 | 4 |
5 import argparse | 5 import argparse |
6 import unittest | 6 import unittest |
7 | 7 |
8 from plaso.cli import extraction_tool | 8 from plaso.cli import extraction_tool |
9 from plaso.lib import errors | 9 from plaso.lib import errors |
10 | 10 |
11 from tests import test_lib as shared_test_lib | 11 from tests import test_lib as shared_test_lib |
12 from tests.cli import test_lib | 12 from tests.cli import test_lib |
13 | 13 |
14 | 14 |
15 class ExtractionToolTest(test_lib.CLIToolTestCase): | 15 class ExtractionToolTest(test_lib.CLIToolTestCase): |
16 """Tests for the extraction tool object.""" | 16 """Tests for the extraction tool object.""" |
17 | 17 |
| 18 # pylint: disable=protected-access |
| 19 |
18 _EXPECTED_OUTPUT_EXTRACTION_OPTIONS = u'\n'.join([ | 20 _EXPECTED_OUTPUT_EXTRACTION_OPTIONS = u'\n'.join([ |
19 (u'usage: extraction_tool_test.py [--hashers HASHER_LIST]' | 21 u'usage: extraction_tool_test.py [--artifact_definitions PATH]', |
20 u' [--yara_rules PATH]'), | 22 (u' [--hashers HASHER_LIST] ' |
21 (u' [--parsers PARSER_LIST]' | 23 u'[--parsers PARSER_LIST]'), |
22 u' [--preferred_year YEAR]'), | 24 u' [--preferred_year YEAR] [-p]', |
23 u' [-p] [--process_archives]', | 25 u' [--process_archives]', |
24 u' [--skip_compressed_streams]', | 26 (u' [--skip_compressed_streams] ' |
| 27 u'[--yara_rules PATH]'), |
25 u'', | 28 u'', |
26 u'Test argument parser.', | 29 u'Test argument parser.', |
27 u'', | 30 u'', |
28 u'optional arguments:', | 31 u'optional arguments:', |
| 32 u' --artifact_definitions PATH, --artifact-definitions PATH', |
| 33 (u' Path to a directory containing artifact ' |
| 34 u'definitions.'), |
| 35 (u' Artifact definitions can be used to ' |
| 36 u'describe and'), |
| 37 u' quickly collect data data of interest, such as', |
| 38 u' specific files or Windows Registry keys.', |
29 u' --hashers HASHER_LIST', | 39 u' --hashers HASHER_LIST', |
30 (u' Define a list of hashers to use by the tool. ' | 40 (u' Define a list of hashers to use by the tool. ' |
31 u'This is a'), | 41 u'This is a'), |
32 (u' comma separated list where each entry is the ' | 42 (u' comma separated list where each entry is the ' |
33 u'name of a'), | 43 u'name of a'), |
34 (u' hasher, such as "md5,sha256". "all" ' | 44 (u' hasher, such as "md5,sha256". "all" ' |
35 u'indicates that all'), | 45 u'indicates that all'), |
36 (u' hashers should be enabled. "none" ' | 46 (u' hashers should be enabled. "none" ' |
37 u'disables all'), | 47 u'disables all'), |
38 (u' hashers. Use "--hashers list" or ' | 48 (u' hashers. Use "--hashers list" or ' |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
100 u'optional arguments:', | 110 u'optional arguments:', |
101 (u' --buffer_size BUFFER_SIZE, --buffer-size BUFFER_SIZE, ' | 111 (u' --buffer_size BUFFER_SIZE, --buffer-size BUFFER_SIZE, ' |
102 u'--bs BUFFER_SIZE'), | 112 u'--bs BUFFER_SIZE'), |
103 (u' The buffer size for the output (defaults to ' | 113 (u' The buffer size for the output (defaults to ' |
104 u'196MiB).'), | 114 u'196MiB).'), |
105 u' --queue_size QUEUE_SIZE, --queue-size QUEUE_SIZE', | 115 u' --queue_size QUEUE_SIZE, --queue-size QUEUE_SIZE', |
106 u' The maximum number of queued items per worker', | 116 u' The maximum number of queued items per worker', |
107 u' (defaults to 125000)', | 117 u' (defaults to 125000)', |
108 u'']) | 118 u'']) |
109 | 119 |
| 120 def testGetParserPresetsInformation(self): |
| 121 """Tests the _GetParserPresetsInformation function.""" |
| 122 test_tool = extraction_tool.ExtractionTool() |
| 123 |
| 124 parser_presets_information = test_tool._GetParserPresetsInformation() |
| 125 self.assertGreaterEqual(len(parser_presets_information), 1) |
| 126 |
| 127 available_parser_names = [name for name, _ in parser_presets_information] |
| 128 self.assertIn(u'linux', available_parser_names) |
| 129 |
| 130 @shared_test_lib.skipUnlessHasTestFile([u'artifacts']) |
| 131 def testParseArtifactDefinitionsOption(self): |
| 132 """Tests the _ParseArtifactDefinitionsOption function.""" |
| 133 test_tool = extraction_tool.ExtractionTool() |
| 134 |
| 135 options = test_lib.TestOptions() |
| 136 |
| 137 options.artifact_definitions_path = self._GetTestFilePath([u'artifacts']) |
| 138 |
| 139 test_tool._ParseArtifactDefinitionsOption(options) |
| 140 |
| 141 def testParseExtractionOptions(self): |
| 142 """Tests the _ParseExtractionOptions function.""" |
| 143 test_tool = extraction_tool.ExtractionTool() |
| 144 |
| 145 options = test_lib.TestOptions() |
| 146 |
| 147 test_tool._ParseExtractionOptions(options) |
| 148 |
| 149 def testParsePerformanceOptions(self): |
| 150 """Tests the _ParsePerformanceOptions function.""" |
| 151 test_tool = extraction_tool.ExtractionTool() |
| 152 |
| 153 options = test_lib.TestOptions() |
| 154 |
| 155 test_tool._ParsePerformanceOptions(options) |
| 156 |
| 157 def testParseStorageOptions(self): |
| 158 """Tests the _ParseStorageOptions function.""" |
| 159 test_tool = extraction_tool.ExtractionTool() |
| 160 |
| 161 options = test_lib.TestOptions() |
| 162 |
| 163 test_tool._ParseStorageOptions(options) |
| 164 |
| 165 @shared_test_lib.skipUnlessHasTestFile([u'yara.rules']) |
| 166 def testParseYaraRulesOption(self): |
| 167 """Tests the _ParseYaraRulesOption function.""" |
| 168 test_tool = extraction_tool.ExtractionTool() |
| 169 |
| 170 options = test_lib.TestOptions() |
| 171 |
| 172 options.yara_rules_path = self._GetTestFilePath([u'yara.rules']) |
| 173 |
| 174 test_tool._ParseYaraRulesOption(options) |
| 175 |
110 def testAddExtractionOptions(self): | 176 def testAddExtractionOptions(self): |
111 """Tests the AddExtractionOptions function.""" | 177 """Tests the AddExtractionOptions function.""" |
112 argument_parser = argparse.ArgumentParser( | 178 argument_parser = argparse.ArgumentParser( |
113 prog=u'extraction_tool_test.py', description=u'Test argument parser.', | 179 prog=u'extraction_tool_test.py', description=u'Test argument parser.', |
114 add_help=False, formatter_class=test_lib.SortedArgumentsHelpFormatter) | 180 add_help=False, formatter_class=test_lib.SortedArgumentsHelpFormatter) |
115 | 181 |
116 test_tool = extraction_tool.ExtractionTool() | 182 test_tool = extraction_tool.ExtractionTool() |
117 test_tool.AddExtractionOptions(argument_parser) | 183 test_tool.AddExtractionOptions(argument_parser) |
118 | 184 |
119 output = self._RunArgparseFormatHelp(argument_parser) | 185 output = self._RunArgparseFormatHelp(argument_parser) |
120 self.assertEqual(output, self._EXPECTED_OUTPUT_EXTRACTION_OPTIONS) | 186 self.assertEqual(output, self._EXPECTED_OUTPUT_EXTRACTION_OPTIONS) |
121 | 187 |
122 def testAddPerformanceOptions(self): | 188 def testAddPerformanceOptions(self): |
123 """Tests the AddPerformanceOptions function.""" | 189 """Tests the AddPerformanceOptions function.""" |
124 argument_parser = argparse.ArgumentParser( | 190 argument_parser = argparse.ArgumentParser( |
125 prog=u'extraction_tool_test.py', description=u'Test argument parser.', | 191 prog=u'extraction_tool_test.py', description=u'Test argument parser.', |
126 add_help=False, formatter_class=test_lib.SortedArgumentsHelpFormatter) | 192 add_help=False, formatter_class=test_lib.SortedArgumentsHelpFormatter) |
127 | 193 |
128 test_tool = extraction_tool.ExtractionTool() | 194 test_tool = extraction_tool.ExtractionTool() |
129 test_tool.AddPerformanceOptions(argument_parser) | 195 test_tool.AddPerformanceOptions(argument_parser) |
130 | 196 |
131 output = self._RunArgparseFormatHelp(argument_parser) | 197 output = self._RunArgparseFormatHelp(argument_parser) |
132 self.assertEqual(output, self._EXPECTED_PERFORMANCE_OPTIONS) | 198 self.assertEqual(output, self._EXPECTED_PERFORMANCE_OPTIONS) |
133 | 199 |
| 200 def testListHashers(self): |
| 201 """Tests the ListHashers function.""" |
| 202 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') |
| 203 test_tool = extraction_tool.ExtractionTool(output_writer=output_writer) |
| 204 |
| 205 test_tool.ListHashers() |
| 206 |
| 207 output = output_writer.ReadOutput() |
| 208 |
| 209 number_of_tables = 0 |
| 210 lines = [] |
| 211 for line in output.split(b'\n'): |
| 212 line = line.strip() |
| 213 lines.append(line) |
| 214 |
| 215 if line.startswith(b'*****') and line.endswith(b'*****'): |
| 216 number_of_tables += 1 |
| 217 |
| 218 self.assertIn(u'Hashers', lines[1]) |
| 219 |
| 220 lines = frozenset(lines) |
| 221 |
| 222 self.assertEqual(number_of_tables, 1) |
| 223 |
| 224 expected_line = b'md5 : Calculates an MD5 digest hash over input data.' |
| 225 self.assertIn(expected_line, lines) |
| 226 |
| 227 def testListParsersAndPlugins(self): |
| 228 """Tests the ListParsersAndPlugins function.""" |
| 229 output_writer = test_lib.TestOutputWriter(encoding=u'utf-8') |
| 230 test_tool = extraction_tool.ExtractionTool(output_writer=output_writer) |
| 231 |
| 232 test_tool.ListParsersAndPlugins() |
| 233 |
| 234 output = output_writer.ReadOutput() |
| 235 |
| 236 number_of_tables = 0 |
| 237 lines = [] |
| 238 for line in output.split(b'\n'): |
| 239 line = line.strip() |
| 240 lines.append(line) |
| 241 |
| 242 if line.startswith(b'*****') and line.endswith(b'*****'): |
| 243 number_of_tables += 1 |
| 244 |
| 245 self.assertIn(u'Parsers', lines[1]) |
| 246 |
| 247 lines = frozenset(lines) |
| 248 |
| 249 self.assertEqual(number_of_tables, 9) |
| 250 |
| 251 expected_line = b'filestat : Parser for file system stat information.' |
| 252 self.assertIn(expected_line, lines) |
| 253 |
| 254 expected_line = b'bencode_utorrent : Parser for uTorrent bencoded files.' |
| 255 self.assertIn(expected_line, lines) |
| 256 |
| 257 expected_line = ( |
| 258 b'msie_webcache : Parser for MSIE WebCache ESE database files.') |
| 259 self.assertIn(expected_line, lines) |
| 260 |
| 261 expected_line = b'olecf_default : Parser for a generic OLECF item.' |
| 262 self.assertIn(expected_line, lines) |
| 263 |
| 264 expected_line = b'plist_default : Parser for plist files.' |
| 265 self.assertIn(expected_line, lines) |
| 266 |
| 267 expected_line = ( |
| 268 b'chrome_history : Parser for Chrome history SQLite database files.') |
| 269 self.assertIn(expected_line, lines) |
| 270 |
| 271 expected_line = b'ssh : Parser for SSH syslog entries.' |
| 272 self.assertIn(expected_line, lines) |
| 273 |
| 274 expected_line = b'winreg_default : Parser for Registry data.' |
| 275 self.assertIn(expected_line, lines) |
| 276 |
134 @shared_test_lib.skipUnlessHasTestFile([u'ímynd.dd']) | 277 @shared_test_lib.skipUnlessHasTestFile([u'ímynd.dd']) |
135 def testParseOptions(self): | 278 def testParseOptions(self): |
136 """Tests the ParseOptions function.""" | 279 """Tests the ParseOptions function.""" |
137 test_tool = extraction_tool.ExtractionTool() | 280 test_tool = extraction_tool.ExtractionTool() |
138 | 281 |
139 options = test_lib.TestOptions() | 282 options = test_lib.TestOptions() |
140 | 283 |
141 # ParseOptions will raise if source is not set. | 284 # ParseOptions will raise if source is not set. |
142 with self.assertRaises(errors.BadConfigOption): | 285 with self.assertRaises(errors.BadConfigOption): |
143 test_tool.ParseOptions(options) | 286 test_tool.ParseOptions(options) |
144 | 287 |
145 options.source = self._GetTestFilePath([u'ímynd.dd']) | 288 options.source = self._GetTestFilePath([u'ímynd.dd']) |
146 | 289 |
147 test_tool.ParseOptions(options) | 290 test_tool.ParseOptions(options) |
148 | 291 |
149 # TODO: improve this test. | |
150 | |
151 | 292 |
152 if __name__ == '__main__': | 293 if __name__ == '__main__': |
153 unittest.main() | 294 unittest.main() |
OLD | NEW |