OLD | NEW |
1 #!/usr/bin/python | 1 #!/usr/bin/python |
2 # -*- coding: utf-8 -*- | 2 # -*- coding: utf-8 -*- |
3 """Tests for the LastShutdown value plugin.""" | 3 """Tests for the LastShutdown value plugin.""" |
4 | 4 |
5 from __future__ import unicode_literals | 5 from __future__ import unicode_literals |
6 | 6 |
7 import unittest | 7 import unittest |
8 | 8 |
9 from plaso.formatters import shutdown as _ # pylint: disable=unused-import | 9 from plaso.formatters import shutdown as _ # pylint: disable=unused-import |
10 from plaso.lib import definitions | 10 from plaso.lib import definitions |
11 from plaso.lib import timelib | 11 from plaso.lib import timelib |
12 from plaso.parsers.winreg_plugins import shutdown | 12 from plaso.parsers.winreg_plugins import shutdown |
13 | 13 |
14 from tests import test_lib as shared_test_lib | 14 from tests import test_lib as shared_test_lib |
15 from tests.parsers.winreg_plugins import test_lib | 15 from tests.parsers.winreg_plugins import test_lib |
16 | 16 |
17 | 17 |
18 class ShutdownPluginTest(test_lib.RegistryPluginTestCase): | 18 class ShutdownPluginTest(test_lib.RegistryPluginTestCase): |
19 """Tests for the LastShutdown value plugin.""" | 19 """Tests for the LastShutdown value plugin.""" |
20 | 20 |
| 21 def testFilters(self): |
| 22 """Tests the FILTERS class attribute.""" |
| 23 plugin = shutdown.ShutdownPlugin() |
| 24 |
| 25 key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\Windows' |
| 26 self._AssertFiltersOnKeyPath(plugin, key_path) |
| 27 |
| 28 self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus') |
| 29 |
21 @shared_test_lib.skipUnlessHasTestFile(['SYSTEM']) | 30 @shared_test_lib.skipUnlessHasTestFile(['SYSTEM']) |
22 def testProcess(self): | 31 def testProcess(self): |
23 """Tests the Process function.""" | 32 """Tests the Process function.""" |
24 test_file_entry = self._GetTestFileEntry(['SYSTEM']) | 33 test_file_entry = self._GetTestFileEntry(['SYSTEM']) |
25 key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\Windows' | 34 key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\Windows' |
26 | 35 |
27 win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) | 36 win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) |
28 registry_key = win_registry.GetKeyByPath(key_path) | 37 registry_key = win_registry.GetKeyByPath(key_path) |
29 | 38 |
30 plugin = shutdown.ShutdownPlugin() | 39 plugin = shutdown.ShutdownPlugin() |
31 storage_writer = self._ParseKeyWithPlugin( | 40 storage_writer = self._ParseKeyWithPlugin( |
32 registry_key, plugin, file_entry=test_file_entry) | 41 registry_key, plugin, file_entry=test_file_entry) |
33 | 42 |
34 self.assertEqual(storage_writer.number_of_events, 1) | 43 self.assertEqual(storage_writer.number_of_events, 1) |
35 | 44 |
36 events = list(storage_writer.GetEvents()) | 45 events = list(storage_writer.GetEvents()) |
37 | 46 |
38 event = events[0] | 47 event = events[0] |
39 | 48 |
40 self.assertEqual(event.pathspec, test_file_entry.path_spec) | 49 self.assertEqual(event.pathspec, test_file_entry.path_spec) |
41 # This should just be the plugin name, as we're invoking it directly, | 50 # This should just be the plugin name, as we're invoking it directly, |
42 # and not through the parser. | 51 # and not through the parser. |
43 self.assertEqual(event.parser, plugin.plugin_name) | 52 self.assertEqual(event.parser, plugin.plugin_name) |
44 | 53 |
45 self.assertEqual(event.value_name, 'ShutdownTime') | 54 self.assertEqual(event.value_name, 'ShutdownTime') |
46 | 55 |
47 # Match UTC timestamp. | |
48 expected_timestamp = timelib.Timestamp.CopyFromString( | 56 expected_timestamp = timelib.Timestamp.CopyFromString( |
49 '2012-04-04 01:58:40.839249') | 57 '2012-04-04 01:58:40.839249') |
50 self.assertEqual(event.timestamp, expected_timestamp) | 58 self.assertEqual(event.timestamp, expected_timestamp) |
51 self.assertEqual( | 59 self.assertEqual( |
52 event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_SHUTDOWN) | 60 event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_SHUTDOWN) |
53 | 61 |
54 expected_message = ( | 62 expected_message = ( |
55 '[{0:s}] ' | 63 '[{0:s}] ' |
56 'Description: ShutdownTime').format(key_path) | 64 'Description: ShutdownTime').format(key_path) |
57 expected_short_message = 'ShutdownTime' | 65 expected_short_message = 'ShutdownTime' |
58 | 66 |
59 self._TestGetMessageStrings(event, expected_message, expected_short_message) | 67 self._TestGetMessageStrings(event, expected_message, expected_short_message) |
60 | 68 |
61 | 69 |
62 if __name__ == '__main__': | 70 if __name__ == '__main__': |
63 unittest.main() | 71 unittest.main() |
OLD | NEW |