Left: | ||
Right: |
LEFT | RIGHT |
---|---|
1 #!/usr/bin/python | 1 #!/usr/bin/python |
2 # -*- coding: utf-8 -*- | 2 # -*- coding: utf-8 -*- |
3 """Tests for the Trend Micro AV Log parser.""" | 3 """Tests for the Trend Micro AV Log parser.""" |
4 | 4 |
5 from __future__ import unicode_literals | 5 from __future__ import unicode_literals |
6 | 6 |
7 import unittest | 7 import unittest |
8 | 8 |
9 from plaso.formatters import trendmicroav as _ # pylint: disable=unused-import | 9 from plaso.formatters import trendmicroav as _ # pylint: disable=unused-import |
10 from plaso.lib import timelib | |
11 from plaso.parsers import trendmicroav | 10 from plaso.parsers import trendmicroav |
12 | 11 |
13 from tests import test_lib as shared_test_lib | 12 from tests import test_lib as shared_test_lib |
14 from tests.parsers import test_lib | 13 from tests.parsers import test_lib |
15 | 14 |
16 | 15 |
17 class TrendMicroUnitTest(test_lib.ParserTestCase): | 16 class TrendMicroUnitTest(test_lib.ParserTestCase): |
18 """Tests for the Trend Micro AV Log parser.""" | 17 """Tests for the Trend Micro AV Log parser.""" |
19 | 18 |
20 @shared_test_lib.skipUnlessHasTestFile(['pccnt35.log']) | 19 @shared_test_lib.skipUnlessHasTestFile(['pccnt35.log']) |
21 def testParse(self): | 20 def testParse(self): |
22 """Tests the Parse function.""" | 21 """Tests the Parse function.""" |
23 parser = trendmicroav.OfficeScanVirusDetectionParser() | 22 parser = trendmicroav.OfficeScanVirusDetectionParser() |
24 storage_writer = self._ParseFile(['pccnt35.log'], parser) | 23 storage_writer = self._ParseFile(['pccnt35.log'], parser) |
25 | 24 |
26 # The file contains 3 lines which results in 3 events. | 25 # The file contains 3 lines which results in 3 events. |
27 self.assertEqual(storage_writer.number_of_events, 3) | 26 self.assertEqual(storage_writer.number_of_events, 3) |
28 | 27 |
29 # The order in which DSVParser generates events is nondeterministic | 28 # The order in which DSVParser generates events is nondeterministic |
30 # hence we sort the events. | 29 # hence we sort the events. |
31 events = list(storage_writer.GetSortedEvents()) | 30 events = list(storage_writer.GetSortedEvents()) |
32 | 31 |
33 event = events[1] | 32 event = events[1] |
34 expected_timestamp = timelib.Timestamp.CopyFromString( | 33 self.CheckTimestamp(event.timestamp, '2018-01-30 14:45:32.000000') |
onager
2018/02/14 16:10:34
Please use the newer checktimestamp method.
ep
2018/03/05 16:14:00
Done.
| |
35 '2018-01-30 14:45:32') | |
36 self.assertEqual(event.timestamp, expected_timestamp) | |
37 | 34 |
38 # The third and last event has been edited to match the older, documented | 35 # The third and last event has been edited to match the older, documented |
39 # format for log lines (without a Unix timestamp). | 36 # format for log lines (without a Unix timestamp). |
40 event = events[2] | 37 event = events[2] |
41 expected_timestamp = timelib.Timestamp.CopyFromString( | 38 self.CheckTimestamp(event.timestamp, '2018-01-30 14:46:00.000000') |
42 '2018-01-30 14:46:00') | |
43 self.assertEqual(event.timestamp, expected_timestamp) | |
44 | 39 |
45 # Test the third event. | 40 # Test the third event. |
46 | 41 |
47 self.assertEqual(event.path, 'C:\\temp\\') | 42 self.assertEqual(event.path, 'C:\\temp\\') |
48 self.assertEqual(event.filename, 'eicar.com_.gstmp') | 43 self.assertEqual(event.filename, 'eicar.com_.gstmp') |
49 | 44 |
50 expected_message = ( | 45 expected_message = ( |
51 r'Path: C:\temp\ File name: eicar.com_.gstmp ' | 46 r'Path: C:\temp\ File name: eicar.com_.gstmp ' |
52 r'Eicar_test_1 -> Failure (clean), moved (Real-time scan)') | 47 r'Eicar_test_1 : Failure (clean), moved (Real-time scan)') |
53 expected_short_message = r'C:\temp\ eicar.com_.gstmp Failure (clean), moved' | 48 expected_short_message = r'C:\temp\ eicar.com_.gstmp Failure (clean), moved' |
54 | 49 |
55 self._TestGetMessageStrings(event, expected_message, expected_short_message) | 50 self._TestGetMessageStrings(event, expected_message, expected_short_message) |
56 | 51 |
57 | 52 |
58 if __name__ == '__main__': | 53 if __name__ == '__main__': |
59 unittest.main() | 54 unittest.main() |
LEFT | RIGHT |