Code review: 275060043: Fix bug where MFT parser was putting methods …

…into events. Fixes log2timeline#402.
fabionitto · Dec 31, 2015 · c6a2af6 · c6a2af6
1 parent 4d9c775
commit c6a2af6
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 6 deletions.
diff --git a/config/dpkg/changelog b/config/dpkg/changelog
@@ -2,4 +2,4 @@ python-plaso (1.3.1-1) unstable; urgency=low
 
   * Auto-generated
 
- -- Log2Timeline <[email protected]>  Mon, 02 Nov 2015 21:02:29 +0100
+ -- Log2Timeline <[email protected]>  Tue, 03 Nov 2015 22:20:37 +0100
diff --git a/plaso/__init__.py b/plaso/__init__.py
@@ -3,7 +3,7 @@
 __version__ = '1.3.1'
 
 VERSION_DEV = True
-VERSION_DATE = '20151102'
+VERSION_DATE = '20151103'
 
 
 def GetVersion():

diff --git a/plaso/parsers/ntfs.py b/plaso/parsers/ntfs.py
@@ -72,7 +72,7 @@ def _ParseMFTAttribute(self, parser_mediator, mft_entry, mft_attribute):
             creation_time, eventdata.EventTimestamp.CREATION_TIME,
             mft_entry.file_reference, mft_attribute.attribute_type,
             file_attribute_flags=file_attribute_flags,
-            is_allocated=mft_entry.is_allocated, name=name,
+            is_allocated=mft_entry.is_allocated(), name=name,
             parent_file_reference=parent_file_reference)
         parser_mediator.ProduceEvent(event_object)
 
@@ -90,7 +90,7 @@ def _ParseMFTAttribute(self, parser_mediator, mft_entry, mft_attribute):
             modification_time, eventdata.EventTimestamp.MODIFICATION_TIME,
             mft_entry.file_reference, mft_attribute.attribute_type,
             file_attribute_flags=file_attribute_flags,
-            is_allocated=mft_entry.is_allocated, name=name,
+            is_allocated=mft_entry.is_allocated(), name=name,
             parent_file_reference=parent_file_reference)
         parser_mediator.ProduceEvent(event_object)
 
@@ -108,7 +108,7 @@ def _ParseMFTAttribute(self, parser_mediator, mft_entry, mft_attribute):
             access_time, eventdata.EventTimestamp.ACCESS_TIME,
             mft_entry.file_reference, mft_attribute.attribute_type,
             file_attribute_flags=file_attribute_flags,
-            is_allocated=mft_entry.is_allocated, name=name,
+            is_allocated=mft_entry.is_allocated(), name=name,
             parent_file_reference=parent_file_reference)
         parser_mediator.ProduceEvent(event_object)
 
@@ -128,7 +128,7 @@ def _ParseMFTAttribute(self, parser_mediator, mft_entry, mft_attribute):
             eventdata.EventTimestamp.ENTRY_MODIFICATION_TIME,
             mft_entry.file_reference, mft_attribute.attribute_type,
             file_attribute_flags=file_attribute_flags,
-            is_allocated=mft_entry.is_allocated, name=name,
+            is_allocated=mft_entry.is_allocated(), name=name,
             parent_file_reference=parent_file_reference)
         parser_mediator.ProduceEvent(event_object)
 

diff --git a/tests/parsers/ntfs.py b/tests/parsers/ntfs.py
@@ -76,6 +76,10 @@ def testParseImage(self):
     # The creation timestamp.
     event_object = event_objects[0]
 
+    # Check that the allocation status is set correctly.
+    self.assertIsInstance(event_object.is_allocated, bool)
+    self.assertTrue(event_object.is_allocated)
+
     expected_timestamp = timelib.Timestamp.CopyFromString(
         u'2013-12-03 06:30:41.807907')
     self.assertEqual(
@@ -85,6 +89,10 @@ def testParseImage(self):
     # The last modification timestamp.
     event_object = event_objects[1]
 
+    # Check that the allocation status is set correctly.
+    self.assertIsInstance(event_object.is_allocated, bool)
+    self.assertTrue(event_object.is_allocated)
+
     expected_timestamp = timelib.Timestamp.CopyFromString(
         u'2013-12-03 06:30:41.807907')
     self.assertEqual(
@@ -94,6 +102,10 @@ def testParseImage(self):
     # The last accessed timestamp.
     event_object = event_objects[2]
 
+    # Check that the allocation status is set correctly.
+    self.assertIsInstance(event_object.is_allocated, bool)
+    self.assertTrue(event_object.is_allocated)
+
     expected_timestamp = timelib.Timestamp.CopyFromString(
         u'2013-12-03 06:30:41.807907')
     self.assertEqual(
@@ -103,6 +115,10 @@ def testParseImage(self):
     # The entry modification timestamp.
     event_object = event_objects[3]
 
+    # Check that the allocation status is set correctly.
+    self.assertIsInstance(event_object.is_allocated, bool)
+    self.assertTrue(event_object.is_allocated)
+
     expected_timestamp = timelib.Timestamp.CopyFromString(
         u'2013-12-03 06:30:41.807907')
     self.assertEqual(
@@ -124,6 +140,10 @@ def testParseImage(self):
     # The creation timestamp.
     event_object = event_objects[4]
 
+    # Check that the allocation status is set correctly.
+    self.assertIsInstance(event_object.is_allocated, bool)
+    self.assertTrue(event_object.is_allocated)
+
     expected_timestamp = timelib.Timestamp.CopyFromString(
         u'2013-12-03 06:30:41.807907')
     self.assertEqual(
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,4 +2,4 @@ python-plaso (1.3.1-1) unstable; urgency=low

		* Auto-generated

		-- Log2Timeline <[email protected]> Mon, 02 Nov 2015 21:02:29 +0100
		-- Log2Timeline <[email protected]> Tue, 03 Nov 2015 22:20:37 +0100