From 4d9c775fff1cbbf793e32acf5475f40f76e661e6 Mon Sep 17 00:00:00 2001 From: Joachim Metz Date: Mon, 2 Nov 2015 21:02:29 +0100 Subject: [PATCH] Code review: 273060043: Merged skydrive parsers into a single source file #388 --- config/dpkg/changelog | 2 +- docs/plaso.formatters.rst | 8 - docs/plaso.parsers.rst | 8 - plaso/formatters/__init__.py | 1 - plaso/formatters/skydrivelog.py | 19 ++- plaso/formatters/skydrivelog_old.py | 24 --- plaso/parsers/__init__.py | 1 - plaso/parsers/skydrivelog.py | 206 +++++++++++++++++++++++++- plaso/parsers/skydrivelog_old.py | 217 ---------------------------- tests/formatters/skydrivelog.py | 23 +++ tests/formatters/skydrivelog_old.py | 36 ----- tests/parsers/skydrivelog.py | 54 ++++++- tests/parsers/skydrivelog_old.py | 70 --------- 13 files changed, 298 insertions(+), 371 deletions(-) delete mode 100644 plaso/formatters/skydrivelog_old.py delete mode 100644 plaso/parsers/skydrivelog_old.py delete mode 100644 tests/formatters/skydrivelog_old.py delete mode 100644 tests/parsers/skydrivelog_old.py diff --git a/config/dpkg/changelog b/config/dpkg/changelog index 1c5d13143c..aff29e8a95 100644 --- a/config/dpkg/changelog +++ b/config/dpkg/changelog @@ -2,4 +2,4 @@ python-plaso (1.3.1-1) unstable; urgency=low * Auto-generated - -- Log2Timeline Mon, 02 Nov 2015 08:03:19 +0100 + -- Log2Timeline Mon, 02 Nov 2015 21:02:29 +0100 diff --git a/docs/plaso.formatters.rst b/docs/plaso.formatters.rst index 812684f7a6..7721371fe7 100644 --- a/docs/plaso.formatters.rst +++ b/docs/plaso.formatters.rst @@ -452,14 +452,6 @@ plaso.formatters.skydrivelog module :undoc-members: :show-inheritance: -plaso.formatters.skydrivelog_old module ---------------------------------------- - -.. automodule:: plaso.formatters.skydrivelog_old - :members: - :undoc-members: - :show-inheritance: - plaso.formatters.skype module ----------------------------- diff --git a/docs/plaso.parsers.rst b/docs/plaso.parsers.rst index 6670e56eee..08bf61df89 100644 --- a/docs/plaso.parsers.rst +++ b/docs/plaso.parsers.rst @@ -330,14 +330,6 @@ plaso.parsers.skydrivelog module :undoc-members: :show-inheritance: -plaso.parsers.skydrivelog_old module ------------------------------------- - -.. automodule:: plaso.parsers.skydrivelog_old - :members: - :undoc-members: - :show-inheritance: - plaso.parsers.sqlite module --------------------------- diff --git a/plaso/formatters/__init__.py b/plaso/formatters/__init__.py index 874d9f3e59..27c542e0a6 100644 --- a/plaso/formatters/__init__.py +++ b/plaso/formatters/__init__.py @@ -53,7 +53,6 @@ from plaso.formatters import selinux from plaso.formatters import shell_items from plaso.formatters import skydrivelog -from plaso.formatters import skydrivelog_old from plaso.formatters import skype from plaso.formatters import symantec from plaso.formatters import syslog diff --git a/plaso/formatters/skydrivelog.py b/plaso/formatters/skydrivelog.py index b263c0ff0f..95d93eccce 100644 --- a/plaso/formatters/skydrivelog.py +++ b/plaso/formatters/skydrivelog.py @@ -22,4 +22,21 @@ class SkyDriveLogFormatter(interface.ConditionalEventFormatter): SOURCE_SHORT = u'LOG' -manager.FormattersManager.RegisterFormatter(SkyDriveLogFormatter) +class SkyDriveOldLogFormatter(interface.ConditionalEventFormatter): + """Formatter for a SkyDrive old log file event.""" + + DATA_TYPE = u'skydrive:log:old:line' + + FORMAT_STRING_PIECES = [ + u'[{source_code}]', + u'({log_level})', + u'{text}'] + + FORMAT_STRING_SHORT_PIECES = [u'{text}'] + + SOURCE_LONG = u'SkyDrive Log File' + SOURCE_SHORT = u'LOG' + + +manager.FormattersManager.RegisterFormatters([ + SkyDriveLogFormatter, SkyDriveOldLogFormatter]) diff --git a/plaso/formatters/skydrivelog_old.py b/plaso/formatters/skydrivelog_old.py deleted file mode 100644 index 24ae588fca..0000000000 --- a/plaso/formatters/skydrivelog_old.py +++ /dev/null @@ -1,24 +0,0 @@ -# -*- coding: utf-8 -*- -"""The SkyDrive old log event formatter.""" - -from plaso.formatters import interface -from plaso.formatters import manager - - -class SkyDriveOldLogFormatter(interface.ConditionalEventFormatter): - """Formatter for a SkyDrive old log file event.""" - - DATA_TYPE = u'skydrive:log:old:line' - - FORMAT_STRING_PIECES = [ - u'[{source_code}]', - u'({log_level})', - u'{text}'] - - FORMAT_STRING_SHORT_PIECES = [u'{text}'] - - SOURCE_LONG = u'SkyDrive Log File' - SOURCE_SHORT = u'LOG' - - -manager.FormattersManager.RegisterFormatter(SkyDriveOldLogFormatter) diff --git a/plaso/parsers/__init__.py b/plaso/parsers/__init__.py index bd5ade6052..fce8381afe 100644 --- a/plaso/parsers/__init__.py +++ b/plaso/parsers/__init__.py @@ -36,7 +36,6 @@ from plaso.parsers import sccm from plaso.parsers import selinux from plaso.parsers import skydrivelog -from plaso.parsers import skydrivelog_old from plaso.parsers import sqlite from plaso.parsers import symantec from plaso.parsers import syslog diff --git a/plaso/parsers/skydrivelog.py b/plaso/parsers/skydrivelog.py index 5ae99a6686..19171fe962 100644 --- a/plaso/parsers/skydrivelog.py +++ b/plaso/parsers/skydrivelog.py @@ -20,9 +20,9 @@ class SkyDriveLogEvent(time_events.TimestampEvent): Attributes: detail: The log line details. + log_level: Optional, the SkyDrive log level short name. module: Optional, the module name that generated the log line. source_code: Optional, logging source file and line number. - log_level: Optional, the SkyDrive log level short name. """ DATA_TYPE = u'skydrive:log:line' @@ -46,8 +46,36 @@ def __init__( self.source_code = source_code +class SkyDriveOldLogEvent(time_events.TimestampEvent): + """Convenience class for a SkyDrive old log line event. + + Attributes: + log_level: The log level used for the event. + source_code: Details of the source code file generating the event. + text: The log message. + """ + DATA_TYPE = u'skydrive:log:old:line' + + def __init__(self, timestamp, offset, source_code, log_level, text): + """Initializes the event object. + + Args: + timestamp: The timestamp which is an integer containing the number + of micro seconds since January 1, 1970, 00:00:00 UTC. + source_code: Details of the source code file generating the event. + log_level: The log level used for the event. + text: The log message. + """ + super(SkyDriveOldLogEvent, self).__init__( + timestamp, eventdata.EventTimestamp.ADDED_TIME) + self.log_level = log_level + self.offset = offset + self.source_code = source_code + self.text = text + + class SkyDriveLogParser(text_parser.PyparsingMultiLineTextParser): - """Parse SkyDrive log files.""" + """Parses SkyDrive log files.""" NAME = u'skydrive_log' DESCRIPTION = u'Parser for OneDrive (or SkyDrive) log files.' @@ -266,4 +294,176 @@ def VerifyStructure(self, parser_mediator, line): return True -manager.ParsersManager.RegisterParser(SkyDriveLogParser) +class SkyDriveOldLogParser(text_parser.PyparsingSingleLineTextParser): + """Parse SkyDrive old log files.""" + + NAME = u'skydrive_log_old' + DESCRIPTION = u'Parser for OneDrive (or SkyDrive) old log files.' + + _ENCODING = u'UTF-8-SIG' + + # Common SDOL (SkyDriveOldLog) pyparsing objects. + SDOL_COLON = pyparsing.Literal(u':') + SDOL_EXCLAMATION = pyparsing.Literal(u'!') + + # Timestamp (08-01-2013 21:22:28.999). + SDOL_TIMESTAMP = ( + text_parser.PyparsingConstants.DATE_REV + + text_parser.PyparsingConstants.TIME_MSEC).setResultsName( + u'sdol_timestamp') + + # SkyDrive source code pyparsing structures. + SDOL_SOURCE_CODE = pyparsing.Combine( + pyparsing.CharsNotIn(u':') + + SDOL_COLON + + text_parser.PyparsingConstants.INTEGER + + SDOL_EXCLAMATION + + pyparsing.Word(pyparsing.printables)).setResultsName(u'source_code') + + # SkyDriveOldLogLevel pyparsing structures. + SDOL_LOG_LEVEL = ( + pyparsing.Literal(u'(').suppress() + + pyparsing.SkipTo(u')').setResultsName(u'log_level') + + pyparsing.Literal(u')').suppress()) + + # SkyDrive line pyparsing structure. + SDOL_LINE = ( + SDOL_TIMESTAMP + SDOL_SOURCE_CODE + SDOL_LOG_LEVEL + + SDOL_COLON + pyparsing.SkipTo(pyparsing.lineEnd).setResultsName(u'text')) + + # Sometimes the timestamped log line is followed by an empy line, + # then by a file name plus other data and finally by another empty + # line. It could happen that a logline is split in two parts. + # These lines will not be discarded and an event will be generated + # ad-hoc (see source), based on the last one if available. + SDOL_NO_HEADER_SINGLE_LINE = ( + pyparsing.Optional(pyparsing.Literal(u'->').suppress()) + + pyparsing.SkipTo(pyparsing.lineEnd).setResultsName(u'text')) + + # Define the available log line structures. + LINE_STRUCTURES = [ + (u'logline', SDOL_LINE), + (u'no_header_single_line', SDOL_NO_HEADER_SINGLE_LINE), + ] + + def __init__(self): + """Initializes a parser object.""" + super(SkyDriveOldLogParser, self).__init__() + self.last_event_object = None + self.offset = 0 + + def _GetTimestamp(self, sdol_timestamp): + """Gets a timestamp from a pyparsing ParseResults SkyDriveOld timestamp. + + This is a sdol_timestamp object as returned by using + text_parser.PyparsingConstants structures: + [[month, day, year], [hours, minutes, seconds], milliseconds], for example + [[8, 1, 2013], [21, 22, 28], 999]. + + Args: + sdol_timestamp: The pyparsing ParseResults object. + + Returns: + timestamp: A plaso timelib timestamp or None. + """ + try: + month, day, year = sdol_timestamp[0] + hour, minute, second = sdol_timestamp[1] + millisecond = sdol_timestamp[2] + return timelib.Timestamp.FromTimeParts( + year, month, day, hour, minute, second, + microseconds=millisecond * 1000) + except ValueError: + pass + + def _ParseLogline(self, structure): + """Parse a logline and store appropriate attributes. + + Args: + structure: A pyparsing.ParseResults object from a line in the log file. + + Returns: + An event object (instance of SkyDriveOldLogEvent) or None. + """ + timestamp = self._GetTimestamp(structure.sdol_timestamp) + if not timestamp: + logging.debug(u'Invalid timestamp {0:s}'.format( + structure.sdol_timestamp)) + return + + event_object = SkyDriveOldLogEvent( + timestamp, self.offset, structure.source_code, structure.log_level, + structure.text) + self.last_event_object = event_object + return event_object + + def _ParseNoHeaderSingleLine(self, structure): + """Parse an isolated header line and store appropriate attributes. + + Args: + structure: A pyparsing.ParseResults object from an header line in the + log file. + + Returns: + An event object (instance of SkyDriveOldLogEvent) or None. + """ + if not self.last_event_object: + logging.debug(u'SkyDrive, found isolated line with no previous events') + return + + event_object = SkyDriveOldLogEvent( + self.last_event_object.timestamp, self.last_event_object.offset, None, + None, structure.text) + # TODO think to a possible refactoring for the non-header lines. + self.last_event_object = None + return event_object + + def ParseRecord(self, parser_mediator, key, structure): + """Parse each record structure and return an EventObject if applicable. + + Args: + parser_mediator: A parser mediator object (instance of ParserMediator). + key: An identification string indicating the name of the parsed + structure. + structure: A pyparsing.ParseResults object from a line in the + log file. + + Returns: + An event object (instance of EventObject) or None. + """ + if key == u'logline': + return self._ParseLogline(structure) + elif key == u'no_header_single_line': + return self._ParseNoHeaderSingleLine(structure) + else: + logging.warning( + u'Unable to parse record, unknown structure: {0:s}'.format(key)) + + def VerifyStructure(self, parser_mediator, line): + """Verify that this file is a SkyDrive old log file. + + Args: + parser_mediator: A parser mediator object (instance of ParserMediator). + line: A single line from the text file. + + Returns: + True if this is the correct parser, False otherwise. + """ + try: + parsed_structure = self.SDOL_LINE.parseString(line) + except pyparsing.ParseException: + logging.debug(u'Not a SkyDrive old log file') + return False + + timestamp = self._GetTimestamp(parsed_structure.sdol_timestamp) + if not timestamp: + logging.debug( + u'Not a SkyDrive old log file, invalid timestamp {0:s}'.format( + parsed_structure.sdol_timestamp)) + return False + + return True + + +manager.ParsersManager.RegisterParsers([ + SkyDriveLogParser, SkyDriveOldLogParser]) diff --git a/plaso/parsers/skydrivelog_old.py b/plaso/parsers/skydrivelog_old.py deleted file mode 100644 index 0bb60eba2d..0000000000 --- a/plaso/parsers/skydrivelog_old.py +++ /dev/null @@ -1,217 +0,0 @@ -# -*- coding: utf-8 -*- -"""This file contains SkyDrive old log file parser in plaso.""" - -import logging - -import pyparsing - -from plaso.events import time_events -from plaso.lib import eventdata -from plaso.lib import timelib -from plaso.parsers import manager -from plaso.parsers import text_parser - - -__author__ = 'Francesco Picasso (francesco.picasso@gmail.com)' - - -class SkyDriveOldLogEvent(time_events.TimestampEvent): - """Convenience class for a SkyDrive old log line event. - - Attributes: - source_code: Details of the source code file generating the event. - log_level: The log level used for the event. - text: The log message. - """ - DATA_TYPE = u'skydrive:log:old:line' - - def __init__(self, timestamp, offset, source_code, log_level, text): - """Initializes the event object. - - Args: - timestamp: The timestamp which is an integer containing the number - of micro seconds since January 1, 1970, 00:00:00 UTC. - source_code: Details of the source code file generating the event. - log_level: The log level used for the event. - text: The log message. - """ - super(SkyDriveOldLogEvent, self).__init__( - timestamp, eventdata.EventTimestamp.ADDED_TIME) - self.log_level = log_level - self.offset = offset - self.source_code = source_code - self.text = text - - -class SkyDriveOldLogParser(text_parser.PyparsingSingleLineTextParser): - """Parse SkyDrive old log files.""" - - NAME = u'skydrive_log_old' - DESCRIPTION = u'Parser for OneDrive (or SkyDrive) old log files.' - - _ENCODING = u'UTF-8-SIG' - - # Common SDOL (SkyDriveOldLog) pyparsing objects. - SDOL_COLON = pyparsing.Literal(u':') - SDOL_EXCLAMATION = pyparsing.Literal(u'!') - - # Timestamp (08-01-2013 21:22:28.999). - SDOL_TIMESTAMP = ( - text_parser.PyparsingConstants.DATE_REV + - text_parser.PyparsingConstants.TIME_MSEC).setResultsName( - u'sdol_timestamp') - - # SkyDrive source code pyparsing structures. - SDOL_SOURCE_CODE = pyparsing.Combine( - pyparsing.CharsNotIn(u':') + - SDOL_COLON + - text_parser.PyparsingConstants.INTEGER + - SDOL_EXCLAMATION + - pyparsing.Word(pyparsing.printables)).setResultsName(u'source_code') - - # SkyDriveOldLogLevel pyparsing structures. - SDOL_LOG_LEVEL = ( - pyparsing.Literal(u'(').suppress() + - pyparsing.SkipTo(u')').setResultsName(u'log_level') + - pyparsing.Literal(u')').suppress()) - - # SkyDrive line pyparsing structure. - SDOL_LINE = ( - SDOL_TIMESTAMP + SDOL_SOURCE_CODE + SDOL_LOG_LEVEL + - SDOL_COLON + pyparsing.SkipTo(pyparsing.lineEnd).setResultsName(u'text')) - - # Sometimes the timestamped log line is followed by an empy line, - # then by a file name plus other data and finally by another empty - # line. It could happen that a logline is split in two parts. - # These lines will not be discarded and an event will be generated - # ad-hoc (see source), based on the last one if available. - SDOL_NO_HEADER_SINGLE_LINE = ( - pyparsing.Optional(pyparsing.Literal(u'->').suppress()) + - pyparsing.SkipTo(pyparsing.lineEnd).setResultsName(u'text')) - - # Define the available log line structures. - LINE_STRUCTURES = [ - (u'logline', SDOL_LINE), - (u'no_header_single_line', SDOL_NO_HEADER_SINGLE_LINE), - ] - - def __init__(self): - """Initializes a parser object.""" - super(SkyDriveOldLogParser, self).__init__() - self.last_event_object = None - self.offset = 0 - - def _GetTimestamp(self, sdol_timestamp): - """Gets a timestamp from a pyparsing ParseResults SkyDriveOld timestamp. - - This is a sdol_timestamp object as returned by using - text_parser.PyparsingConstants structures: - [[month, day, year], [hours, minutes, seconds], milliseconds], for example - [[8, 1, 2013], [21, 22, 28], 999]. - - Args: - sdol_timestamp: The pyparsing ParseResults object. - - Returns: - timestamp: A plaso timelib timestamp or None. - """ - try: - month, day, year = sdol_timestamp[0] - hour, minute, second = sdol_timestamp[1] - millisecond = sdol_timestamp[2] - return timelib.Timestamp.FromTimeParts( - year, month, day, hour, minute, second, - microseconds=millisecond * 1000) - except ValueError: - pass - - def _ParseLogline(self, structure): - """Parse a logline and store appropriate attributes. - - Args: - structure: A pyparsing.ParseResults object from a line in the log file. - - Returns: - An event object (instance of SkyDriveOldLogEvent) or None. - """ - timestamp = self._GetTimestamp(structure.sdol_timestamp) - if not timestamp: - logging.debug(u'Invalid timestamp {0:s}'.format( - structure.sdol_timestamp)) - return - - event_object = SkyDriveOldLogEvent( - timestamp, self.offset, structure.source_code, structure.log_level, - structure.text) - self.last_event_object = event_object - return event_object - - def _ParseNoHeaderSingleLine(self, structure): - """Parse an isolated header line and store appropriate attributes. - - Args: - structure: A pyparsing.ParseResults object from an header line in the - log file. - - Returns: - An event object (instance of SkyDriveOldLogEvent) or None. - """ - if not self.last_event_object: - logging.debug(u'SkyDrive, found isolated line with no previous events') - return - - event_object = SkyDriveOldLogEvent( - self.last_event_object.timestamp, self.last_event_object.offset, None, - None, structure.text) - # TODO think to a possible refactoring for the non-header lines. - self.last_event_object = None - return event_object - - def ParseRecord(self, parser_mediator, key, structure): - """Parse each record structure and return an EventObject if applicable. - - Args: - parser_mediator: A parser mediator object (instance of ParserMediator). - key: An identification string indicating the name of the parsed - structure. - structure: A pyparsing.ParseResults object from a line in the - log file. - - Returns: - An event object (instance of EventObject) or None. - """ - if key == u'logline': - return self._ParseLogline(structure) - elif key == u'no_header_single_line': - return self._ParseNoHeaderSingleLine(structure) - else: - logging.warning( - u'Unable to parse record, unknown structure: {0:s}'.format(key)) - - def VerifyStructure(self, parser_mediator, line): - """Verify that this file is a SkyDrive old log file. - - Args: - parser_mediator: A parser mediator object (instance of ParserMediator). - line: A single line from the text file. - - Returns: - True if this is the correct parser, False otherwise. - """ - try: - parsed_structure = self.SDOL_LINE.parseString(line) - except pyparsing.ParseException: - logging.debug(u'Not a SkyDrive old log file') - return False - - timestamp = self._GetTimestamp(parsed_structure.sdol_timestamp) - if not timestamp: - logging.debug( - u'Not a SkyDrive old log file, invalid timestamp {0:s}'.format( - parsed_structure.sdol_timestamp)) - return False - - return True - - -manager.ParsersManager.RegisterParser(SkyDriveOldLogParser) diff --git a/tests/formatters/skydrivelog.py b/tests/formatters/skydrivelog.py index 06ae84fc2f..3fc9432b79 100644 --- a/tests/formatters/skydrivelog.py +++ b/tests/formatters/skydrivelog.py @@ -33,5 +33,28 @@ def testGetFormatStringAttributeNames(self): # TODO: add test for GetMessages. +class SkyDriveOldLogFormatterTest(test_lib.EventFormatterTestCase): + """Tests for the SkyDrive old log event formatter.""" + + def testInitialization(self): + """Tests the initialization.""" + event_formatter = skydrivelog.SkyDriveOldLogFormatter() + self.assertNotEqual(event_formatter, None) + + def testGetFormatStringAttributeNames(self): + """Tests the GetFormatStringAttributeNames function.""" + event_formatter = skydrivelog.SkyDriveOldLogFormatter() + + expected_attribute_names = [ + u'source_code', + u'log_level', + u'text'] + + self._TestGetFormatStringAttributeNames( + event_formatter, expected_attribute_names) + + # TODO: add test for GetMessages. + + if __name__ == '__main__': unittest.main() diff --git a/tests/formatters/skydrivelog_old.py b/tests/formatters/skydrivelog_old.py deleted file mode 100644 index 40825142a9..0000000000 --- a/tests/formatters/skydrivelog_old.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -"""Tests for the SkyDrive old log event formatter.""" - -import unittest - -from plaso.formatters import skydrivelog_old - -from tests.formatters import test_lib - - -class SkyDriveOldLogFormatterTest(test_lib.EventFormatterTestCase): - """Tests for the SkyDrive old log event formatter.""" - - def testInitialization(self): - """Tests the initialization.""" - event_formatter = skydrivelog_old.SkyDriveOldLogFormatter() - self.assertNotEqual(event_formatter, None) - - def testGetFormatStringAttributeNames(self): - """Tests the GetFormatStringAttributeNames function.""" - event_formatter = skydrivelog_old.SkyDriveOldLogFormatter() - - expected_attribute_names = [ - u'source_code', - u'log_level', - u'text'] - - self._TestGetFormatStringAttributeNames( - event_formatter, expected_attribute_names) - - # TODO: add test for GetMessages. - - -if __name__ == '__main__': - unittest.main() diff --git a/tests/parsers/skydrivelog.py b/tests/parsers/skydrivelog.py index e00a5779fe..0f64f6fa85 100644 --- a/tests/parsers/skydrivelog.py +++ b/tests/parsers/skydrivelog.py @@ -16,7 +16,7 @@ class SkyDriveLogUnitTest(test_lib.ParserTestCase): - """A unit test for the SkyDriveLog parser.""" + """Tests for the SkyDrive log parser.""" def setUp(self): """Sets up the needed objects used throughout the test.""" @@ -147,5 +147,57 @@ def testParseLog(self): event_objects[15], expected_string, expected_string_short) +class SkyDriveOldLogUnitTest(test_lib.ParserTestCase): + """Tests for the SkyDrive old log parser.""" + + def setUp(self): + """Sets up the needed objects used throughout the test.""" + self._parser = skydrivelog.SkyDriveOldLogParser() + + def testParse(self): + """Tests the Parse function.""" + test_file = self._GetTestFilePath([u'skydrive_old.log']) + event_queue_consumer = self._ParseFile(self._parser, test_file) + event_objects = self._GetEventObjectsFromQueue(event_queue_consumer) + + self.assertEqual(len(event_objects), 18) + + expected_timestamp = timelib.Timestamp.CopyFromString( + u'2013-08-01 21:22:28.999') + self.assertEqual(event_objects[0].timestamp, expected_timestamp) + + expected_timestamp = timelib.Timestamp.CopyFromString( + u'2013-08-01 21:22:29.702') + self.assertEqual(event_objects[1].timestamp, expected_timestamp) + self.assertEqual(event_objects[2].timestamp, expected_timestamp) + self.assertEqual(event_objects[3].timestamp, expected_timestamp) + + expected_timestamp = timelib.Timestamp.CopyFromString( + u'2013-08-01 21:22:58.344') + self.assertEqual(event_objects[4].timestamp, expected_timestamp) + self.assertEqual(event_objects[5].timestamp, expected_timestamp) + + expected_msg = ( + u'[global.cpp:626!logVersionInfo] (DETAIL) 17.0.2011.0627 (Ship)') + expected_msg_short = ( + u'17.0.2011.0627 (Ship)') + self._TestGetMessageStrings( + event_objects[0], expected_msg, expected_msg_short) + + expected_msg = ( + u'SyncToken = LM%3d12345678905670%3bID%3d1234567890E059C0!' + u'103%3bLR%3d12345678905623%3aEP%3d2') + expected_msg_short = ( + u'SyncToken = LM%3d12345678905670%3bID%3d1234567890E059C0!' + u'103%3bLR%3d1234567890...') + self._TestGetMessageStrings( + event_objects[3], expected_msg, expected_msg_short) + + expected_string = ( + u'SyncToken = Not a sync token (\xe0\xe8\xec\xf2\xf9)!') + self._TestGetMessageStrings( + event_objects[17], expected_string, expected_string) + + if __name__ == '__main__': unittest.main() diff --git a/tests/parsers/skydrivelog_old.py b/tests/parsers/skydrivelog_old.py deleted file mode 100644 index 7409a2180a..0000000000 --- a/tests/parsers/skydrivelog_old.py +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -"""Tests for the skydrivelog_old parser.""" - -import unittest - -from plaso.formatters import skydrivelog_old # pylint: disable=unused-import -from plaso.lib import timelib -from plaso.parsers import skydrivelog_old as skydrivelog_old_parser - -from tests.parsers import test_lib - - -__author__ = 'Francesco Picasso (francesco.picasso@gmail.com)' - - -class SkyDriveOldLogUnitTest(test_lib.ParserTestCase): - """Tests for the skydrivelog_old parser.""" - - def setUp(self): - """Sets up the needed objects used throughout the test.""" - self._parser = skydrivelog_old_parser.SkyDriveOldLogParser() - - def testParse(self): - """Tests the Parse function.""" - test_file = self._GetTestFilePath([u'skydrive_old.log']) - event_queue_consumer = self._ParseFile(self._parser, test_file) - event_objects = self._GetEventObjectsFromQueue(event_queue_consumer) - - self.assertEqual(len(event_objects), 18) - - expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-08-01 21:22:28.999') - self.assertEqual(event_objects[0].timestamp, expected_timestamp) - - expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-08-01 21:22:29.702') - self.assertEqual(event_objects[1].timestamp, expected_timestamp) - self.assertEqual(event_objects[2].timestamp, expected_timestamp) - self.assertEqual(event_objects[3].timestamp, expected_timestamp) - - expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-08-01 21:22:58.344') - self.assertEqual(event_objects[4].timestamp, expected_timestamp) - self.assertEqual(event_objects[5].timestamp, expected_timestamp) - - expected_msg = ( - u'[global.cpp:626!logVersionInfo] (DETAIL) 17.0.2011.0627 (Ship)') - expected_msg_short = ( - u'17.0.2011.0627 (Ship)') - self._TestGetMessageStrings( - event_objects[0], expected_msg, expected_msg_short) - - expected_msg = ( - u'SyncToken = LM%3d12345678905670%3bID%3d1234567890E059C0!' - u'103%3bLR%3d12345678905623%3aEP%3d2') - expected_msg_short = ( - u'SyncToken = LM%3d12345678905670%3bID%3d1234567890E059C0!' - u'103%3bLR%3d1234567890...') - self._TestGetMessageStrings( - event_objects[3], expected_msg, expected_msg_short) - - expected_string = ( - u'SyncToken = Not a sync token (\xe0\xe8\xec\xf2\xf9)!') - self._TestGetMessageStrings( - event_objects[17], expected_string, expected_string) - - -if __name__ == '__main__': - unittest.main()