diff --git a/config/dpkg/changelog b/config/dpkg/changelog index 1b9dd39299..7fb8b79c1b 100644 --- a/config/dpkg/changelog +++ b/config/dpkg/changelog @@ -1,5 +1,5 @@ -plaso (20171019-1) unstable; urgency=low +plaso (20171020-1) unstable; urgency=low * Auto-generated - -- Log2Timeline Thu, 19 Oct 2017 16:16:06 -0700 \ No newline at end of file + -- Log2Timeline Fri, 20 Oct 2017 06:34:17 +0200 \ No newline at end of file diff --git a/plaso/__init__.py b/plaso/__init__.py index 8f24d3f69a..aedb01bd57 100644 --- a/plaso/__init__.py +++ b/plaso/__init__.py @@ -6,4 +6,4 @@ of log2timeline. """ -__version__ = '20171019' +__version__ = '20171020' diff --git a/tests/parsers/amcache.py b/tests/parsers/amcache.py index db6ba2a85a..432fd97a0e 100644 --- a/tests/parsers/amcache.py +++ b/tests/parsers/amcache.py @@ -3,6 +3,7 @@ """Tests for the Amcache Registry plugin.""" from __future__ import unicode_literals + import unittest from plaso.lib import timelib @@ -12,6 +13,7 @@ __author__ = 'Ramses de Beer, rbdebeer@google.com' + class AmcacheParserTest(test_lib.ParserTestCase): """Tests for the Amcache Registry plugin.""" @@ -53,5 +55,6 @@ def testParse(self): expected_publisher = ('McAfee Inc.') self.assertEqual(event.publisher, expected_publisher) + if __name__ == '__main__': unittest.main() diff --git a/tests/parsers/android_app_usage.py b/tests/parsers/android_app_usage.py index 6fe5f60408..322ec6eb70 100644 --- a/tests/parsers/android_app_usage.py +++ b/tests/parsers/android_app_usage.py @@ -2,9 +2,12 @@ # -*- coding: utf-8 -*- """Tests for the Android Application Usage history parsers.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import android_app_usage # pylint: disable=unused-import +# pylint: disable=unused-import +from plaso.formatters import android_app_usage as _ from plaso.lib import timelib from plaso.parsers import android_app_usage @@ -15,12 +18,12 @@ class AndroidAppUsageParserTest(test_lib.ParserTestCase): """Tests for the Android Application Usage History parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'usage-history.xml']) + @shared_test_lib.skipUnlessHasTestFile(['usage-history.xml']) def testParse(self): """Tests the Parse function.""" parser = android_app_usage.AndroidAppUsageParser() storage_writer = self._ParseFile( - [u'usage-history.xml'], parser) + ['usage-history.xml'], parser) self.assertEqual(storage_writer.number_of_events, 28) @@ -29,38 +32,38 @@ def testParse(self): event = events[22] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-09 19:28:33.047000') + '2013-12-09 19:28:33.047000') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.component, - u'com.sec.android.widgetapp.ap.hero.accuweather.menu.MenuAdd') + 'com.sec.android.widgetapp.ap.hero.accuweather.menu.MenuAdd') expected_message = ( - u'Package: ' - u'com.sec.android.widgetapp.ap.hero.accuweather ' - u'Component: ' - u'com.sec.android.widgetapp.ap.hero.accuweather.menu.MenuAdd') + 'Package: ' + 'com.sec.android.widgetapp.ap.hero.accuweather ' + 'Component: ' + 'com.sec.android.widgetapp.ap.hero.accuweather.menu.MenuAdd') expected_short_message = ( - u'Package: com.sec.android.widgetapp.ap.hero.accuweather ' - u'Component: com.sec.and...') + 'Package: com.sec.android.widgetapp.ap.hero.accuweather ' + 'Component: com.sec.and...') self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[17] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-09-27 19:45:55.675000') + '2013-09-27 19:45:55.675000') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.package, u'com.google.android.gsf.login') + self.assertEqual(event.package, 'com.google.android.gsf.login') expected_message = ( - u'Package: ' - u'com.google.android.gsf.login ' - u'Component: ' - u'com.google.android.gsf.login.NameActivity') + 'Package: ' + 'com.google.android.gsf.login ' + 'Component: ' + 'com.google.android.gsf.login.NameActivity') expected_short_message = ( - u'Package: com.google.android.gsf.login ' - u'Component: com.google.android.gsf.login...') + 'Package: com.google.android.gsf.login ' + 'Component: com.google.android.gsf.login...') self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/asl.py b/tests/parsers/asl.py index d403c5844a..e3de3b4000 100644 --- a/tests/parsers/asl.py +++ b/tests/parsers/asl.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for Apple System Log file parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import asl # pylint: disable=unused-import +from plaso.formatters import asl as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import asl @@ -15,12 +17,12 @@ class ASLParserTest(test_lib.ParserTestCase): """Tests for Apple System Log file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'applesystemlog.asl']) + @shared_test_lib.skipUnlessHasTestFile(['applesystemlog.asl']) def testParse(self): """Tests the Parse function.""" parser = asl.ASLParser() storage_writer = self._ParseFile( - [u'applesystemlog.asl'], parser) + ['applesystemlog.asl'], parser) self.assertEqual(storage_writer.number_of_events, 2) @@ -29,16 +31,16 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-25 09:45:35.705481') + '2013-11-25 09:45:35.705481') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.record_position, 442) self.assertEqual(event.message_id, 101406) - self.assertEqual(event.computer_name, u'DarkTemplar-2.local') - self.assertEqual(event.sender, u'locationd') - self.assertEqual(event.facility, u'com.apple.locationd') + self.assertEqual(event.computer_name, 'DarkTemplar-2.local') + self.assertEqual(event.sender, 'locationd') + self.assertEqual(event.facility, 'com.apple.locationd') self.assertEqual(event.pid, 69) - self.assertEqual(event.user_sid, u'205') + self.assertEqual(event.user_sid, '205') self.assertEqual(event.group_id, 205) self.assertEqual(event.read_uid, 205) self.assertEqual(event.read_gid, 0xffffffff) @@ -47,34 +49,34 @@ def testParse(self): # Note that "compatiblity" is spelt incorrectly in the actual message being # tested here. expected_message = ( - u'Incorrect NSStringEncoding value 0x8000100 detected. ' - u'Assuming NSASCIIStringEncoding. Will stop this compatiblity ' - u'mapping behavior in the near future.') + 'Incorrect NSStringEncoding value 0x8000100 detected. ' + 'Assuming NSASCIIStringEncoding. Will stop this compatiblity ' + 'mapping behavior in the near future.') self.assertEqual(event.message, expected_message) expected_extra = ( - u'CFLog Local Time: 2013-11-25 09:45:35.701, ' - u'CFLog Thread: 1007, ' - u'Sender_Mach_UUID: 50E1F76A-60FF-368C-B74E-EB48F6D98C51') + 'CFLog Local Time: 2013-11-25 09:45:35.701, ' + 'CFLog Thread: 1007, ' + 'Sender_Mach_UUID: 50E1F76A-60FF-368C-B74E-EB48F6D98C51') self.assertEqual(event.extra_information, expected_extra) expected_message = ( - u'MessageID: 101406 ' - u'Level: WARNING (4) ' - u'User ID: 205 ' - u'Group ID: 205 ' - u'Read User: 205 ' - u'Read Group: ALL ' - u'Host: DarkTemplar-2.local ' - u'Sender: locationd ' - u'Facility: com.apple.locationd ' - u'Message: {0:s} {1:s}').format(expected_message, expected_extra) + 'MessageID: 101406 ' + 'Level: WARNING (4) ' + 'User ID: 205 ' + 'Group ID: 205 ' + 'Read User: 205 ' + 'Read Group: ALL ' + 'Host: DarkTemplar-2.local ' + 'Sender: locationd ' + 'Facility: com.apple.locationd ' + 'Message: {0:s} {1:s}').format(expected_message, expected_extra) expected_short_message = ( - u'Sender: locationd ' - u'Facility: com.apple.locationd') + 'Sender: locationd ' + 'Facility: com.apple.locationd') self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/bash_history.py b/tests/parsers/bash_history.py index 95994a7fb2..3213b12597 100644 --- a/tests/parsers/bash_history.py +++ b/tests/parsers/bash_history.py @@ -1,5 +1,8 @@ # -*- coding: utf-8 -*- # """Tests for the bash history parser.""" + +from __future__ import unicode_literals + import unittest from plaso.lib import timelib @@ -23,24 +26,24 @@ def _TestEventsFromFile(self, storage_writer): events = list(storage_writer.GetEvents()) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-10-01 12:36:17') - expected_command = u'/usr/lib/plaso' + '2013-10-01 12:36:17') + expected_command = '/usr/lib/plaso' self.assertEqual(events[0].timestamp, expected_timestamp) self.assertEqual(events[0].command, expected_command) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-10-01 12:36:18') - expected_command = u'/bin/bash' + '2013-10-01 12:36:18') + expected_command = '/bin/bash' self.assertEqual(events[1].timestamp, expected_timestamp) self.assertEqual(events[1].command, expected_command) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-10-01 12:36:19') - expected_command = u'/usr/local/bin/splunk -p 8080' + '2013-10-01 12:36:19') + expected_command = '/usr/local/bin/splunk -p 8080' self.assertEqual(events[2].timestamp, expected_timestamp) self.assertEqual(events[2].command, expected_command) - @shared_test_lib.skipUnlessHasTestFile([u'bash_history_desync']) + @shared_test_lib.skipUnlessHasTestFile(['bash_history_desync']) def testParsingExtractionDesync(self): """Tests that the parser correctly handles a desynchronized file. @@ -48,17 +51,17 @@ def testParsingExtractionDesync(self): starts with a command line instead of a timestamp. """ parser = bash_history.BashHistoryParser() - storage_writer = self._ParseFile([u'bash_history_desync'], parser) + storage_writer = self._ParseFile(['bash_history_desync'], parser) self._TestEventsFromFile(storage_writer) - @shared_test_lib.skipUnlessHasTestFile([u'bash_history']) + @shared_test_lib.skipUnlessHasTestFile(['bash_history']) def testParsingExtractionSync(self): """Tests that the parser correctly handles a synchronized file. A synchronized file is one that starts with a timestamp line. """ parser = bash_history.BashHistoryParser() - storage_writer = self._ParseFile([u'bash_history'], parser) + storage_writer = self._ParseFile(['bash_history'], parser) self._TestEventsFromFile(storage_writer) diff --git a/tests/parsers/bencode_parser.py b/tests/parsers/bencode_parser.py index 01652055eb..845bcc8a5a 100644 --- a/tests/parsers/bencode_parser.py +++ b/tests/parsers/bencode_parser.py @@ -2,6 +2,8 @@ # -*- coding: utf-8 -*- """Tests for the Bencode file parser.""" +from __future__ import unicode_literals + import unittest from plaso.parsers import bencode_parser @@ -19,7 +21,7 @@ class BencodeTest(test_lib.ParserTestCase): def testEnablePlugins(self): """Tests the EnablePlugins function.""" parser = bencode_parser.BencodeParser() - parser.EnablePlugins([u'bencode_transmission']) + parser.EnablePlugins(['bencode_transmission']) self.assertIsNotNone(parser) self.assertIsNone(parser._default_plugin) diff --git a/tests/parsers/bsm.py b/tests/parsers/bsm.py index 392d207640..4591b5b51d 100644 --- a/tests/parsers/bsm.py +++ b/tests/parsers/bsm.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for Basic Security Module (BSM) file parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import bsm # pylint: disable=unused-import +from plaso.formatters import bsm as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import bsm @@ -15,13 +17,13 @@ class MacOSXBSMParserTest(test_lib.ParserTestCase): """Tests for Basic Security Module (BSM) file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'apple.bsm']) + @shared_test_lib.skipUnlessHasTestFile(['apple.bsm']) def testParse(self): """Tests the Parse function on a Mac OS X BSM file.""" parser = bsm.BSMParser() - knowledge_base_values = {u'guessed_os': u'MacOSX'} + knowledge_base_values = {'guessed_os': 'MacOSX'} storage_writer = self._ParseFile( - [u'apple.bsm'], parser, + ['apple.bsm'], parser, knowledge_base_values=knowledge_base_values) self.assertEqual(storage_writer.number_of_events, 54) @@ -30,144 +32,145 @@ def testParse(self): event = events[0] - self.assertEqual(event.data_type, u'mac:bsm:event') + self.assertEqual(event.data_type, 'mac:bsm:event') expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-04 18:36:20.000381') + '2013-11-04 18:36:20.000381') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.event_type, u'audit crash recovery (45029)') + self.assertEqual(event.event_type, 'audit crash recovery (45029)') expected_extra_tokens = { - u'BSM_TOKEN_PATH': u'/var/audit/20131104171720.crash_recovery', - u'BSM_TOKEN_RETURN32': { - u'call_status': 0, - u'error': u'Success', - u'token_status': 0}, - u'BSM_TOKEN_TEXT': u'launchctl::Audit recovery', - u'BSM_TOKEN_TRAILER': 104 + 'BSM_TOKEN_PATH': '/var/audit/20131104171720.crash_recovery', + 'BSM_TOKEN_RETURN32': { + 'call_status': 0, + 'error': 'Success', + 'token_status': 0}, + 'BSM_TOKEN_TEXT': 'launchctl::Audit recovery', + 'BSM_TOKEN_TRAILER': 104 } self.assertEqual(event.extra_tokens, expected_extra_tokens) expected_return_value = { - u'call_status': 0, - u'error': u'Success', - u'token_status': 0 + 'call_status': 0, + 'error': 'Success', + 'token_status': 0 } self.assertEqual(event.return_value, expected_return_value) event = events[15] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-04 18:36:26.000171') + '2013-11-04 18:36:26.000171') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.event_type, u'user authentication (45023)') + self.assertEqual(event.event_type, 'user authentication (45023)') expected_extra_tokens = { - u'BSM_TOKEN_RETURN32': { - u'call_status': 5000, - u'error': u'Unknown', - u'token_status': 255}, - - u'BSM_TOKEN_SUBJECT32': { - u'aid': 4294967295, - u'egid': 92, - u'euid': 92, - u'gid': 92, - u'pid': 143, - u'session_id': 100004, - u'terminal_ip': '0.0.0.0', - u'terminal_port': 143, - u'uid': 92}, - - u'BSM_TOKEN_TEXT': (u'Verify password for record type Users ' - u'\'moxilo\' node \'/Local/Default\''), - - u'BSM_TOKEN_TRAILER': 140 + 'BSM_TOKEN_RETURN32': { + 'call_status': 5000, + 'error': 'Unknown', + 'token_status': 255}, + + 'BSM_TOKEN_SUBJECT32': { + 'aid': 4294967295, + 'egid': 92, + 'euid': 92, + 'gid': 92, + 'pid': 143, + 'session_id': 100004, + 'terminal_ip': '0.0.0.0', + 'terminal_port': 143, + 'uid': 92}, + + 'BSM_TOKEN_TEXT': ( + 'Verify password for record type Users \'moxilo\' node ' + '\'/Local/Default\''), + + 'BSM_TOKEN_TRAILER': 140 } self.assertEqual(event.extra_tokens, expected_extra_tokens) expected_return_value = { - u'call_status': 5000, - u'error': u'Unknown', - u'token_status': 255 + 'call_status': 5000, + 'error': 'Unknown', + 'token_status': 255 } self.assertEqual(event.return_value, expected_return_value) event = events[31] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-04 18:36:26.000530') + '2013-11-04 18:36:26.000530') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.event_type, u'SecSrvr AuthEngine (45025)') + self.assertEqual(event.event_type, 'SecSrvr AuthEngine (45025)') expected_extra_tokens = { - u'BSM_TOKEN_RETURN32': { - u'call_status': 0, - u'error': u'Success', - u'token_status': 0}, - u'BSM_TOKEN_SUBJECT32': { - u'aid': 4294967295, - u'egid': 0, - u'euid': 0, - u'gid': 0, - u'pid': 67, - u'session_id': 100004, - u'terminal_ip': '0.0.0.0', - u'terminal_port': 67, - u'uid': 0}, - u'BSM_TOKEN_TEXT': u'system.login.done', - u'BSM_TOKEN_TRAILER': 110 + 'BSM_TOKEN_RETURN32': { + 'call_status': 0, + 'error': 'Success', + 'token_status': 0}, + 'BSM_TOKEN_SUBJECT32': { + 'aid': 4294967295, + 'egid': 0, + 'euid': 0, + 'gid': 0, + 'pid': 67, + 'session_id': 100004, + 'terminal_ip': '0.0.0.0', + 'terminal_port': 67, + 'uid': 0}, + 'BSM_TOKEN_TEXT': 'system.login.done', + 'BSM_TOKEN_TRAILER': 110 } self.assertEqual(event.extra_tokens, expected_extra_tokens) expected_return_value = { - u'call_status': 0, - u'error': u'Success', - u'token_status': 0 + 'call_status': 0, + 'error': 'Success', + 'token_status': 0 } self.assertEqual(event.return_value, expected_return_value) event = events[50] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-04 18:37:36.000399') + '2013-11-04 18:37:36.000399') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.event_type, u'session end (44903)') + self.assertEqual(event.event_type, 'session end (44903)') expected_extra_tokens = { - u'BSM_TOKEN_ARGUMENT32': { - u'is': 12288, - u'num_arg': 3, - u'string': u'am_failure'}, - u'BSM_TOKEN_ARGUMENT64': { - u'is': 0, - u'num_arg': 1, - u'string': u'sflags'}, - u'BSM_TOKEN_RETURN32': { - u'call_status': 0, - u'error': u'Success', - u'token_status': 0}, - u'BSM_TOKEN_SUBJECT32': { - u'aid': 4294967295, - u'egid': 0, - u'euid': 0, - u'gid': 0, - u'pid': 0, - u'session_id': 100015, - u'terminal_ip': '0.0.0.0', - u'terminal_port': 0, - u'uid': 0}, - u'BSM_TOKEN_TRAILER': 125 + 'BSM_TOKEN_ARGUMENT32': { + 'is': 12288, + 'num_arg': 3, + 'string': 'am_failure'}, + 'BSM_TOKEN_ARGUMENT64': { + 'is': 0, + 'num_arg': 1, + 'string': 'sflags'}, + 'BSM_TOKEN_RETURN32': { + 'call_status': 0, + 'error': 'Success', + 'token_status': 0}, + 'BSM_TOKEN_SUBJECT32': { + 'aid': 4294967295, + 'egid': 0, + 'euid': 0, + 'gid': 0, + 'pid': 0, + 'session_id': 100015, + 'terminal_ip': '0.0.0.0', + 'terminal_port': 0, + 'uid': 0}, + 'BSM_TOKEN_TRAILER': 125 } self.assertEqual(event.extra_tokens, expected_extra_tokens) expected_return_value = { - u'call_status': 0, - u'error': u'Success', - u'token_status': 0 + 'call_status': 0, + 'error': 'Success', + 'token_status': 0 } self.assertEqual(event.return_value, expected_return_value) @@ -175,13 +178,13 @@ def testParse(self): class OpenBSMParserTest(test_lib.ParserTestCase): """Tests for Basic Security Module (BSM) file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'openbsm.bsm']) + @shared_test_lib.skipUnlessHasTestFile(['openbsm.bsm']) def testParse(self): """Tests the Parse function on a "generic" BSM file.""" parser = bsm.BSMParser() - knowledge_base_values = {u'guessed_os': u'openbsm'} + knowledge_base_values = {'guessed_os': 'openbsm'} storage_writer = self._ParseFile( - [u'openbsm.bsm'], + ['openbsm.bsm'], parser, knowledge_base_values=knowledge_base_values) @@ -190,106 +193,106 @@ def testParse(self): events = list(storage_writer.GetEvents()) expected_extra_tokens = [ - {u'BSM_TOKEN_ARGUMENT32': { - u'is': 2882400000, - u'num_arg': 3, - u'string': u'test_arg32_token'}, - u'BSM_TOKEN_TRAILER': 50}, - {u'BSM_TOKEN_DATA':{ - u'data': u'SomeData', - u'format': u'String'}, - u'BSM_TOKEN_TRAILER': 39}, - {u'BSM_TOKEN_FILE': { - u'string': u'test', - u'timestamp': '1970-01-01 20:42:45'}, - u'BSM_TOKEN_TRAILER': 41}, - {u'BSM_TOKEN_ADDR': '192.168.100.15', - u'BSM_TOKEN_TRAILER': 30}, - {u'BSM_TOKEN_TRAILER': 46, - u'IPv4_Header': u'0x400000145478000040010000c0a8649bc0a86e30]'}, - {u'BSM_TOKEN_IPC': { - u'object_id': 305419896, - u'object_type': 1}, - u'BSM_TOKEN_TRAILER': 31}, - {u'BSM_TOKEN_PORT': 20480, - u'BSM_TOKEN_TRAILER': 28}, - {u'BSM_TOKEN_OPAQUE': u'aabbccdd', - u'BSM_TOKEN_TRAILER': 32}, - {u'BSM_TOKEN_PATH': u'/test/this/is/a/test', - u'BSM_TOKEN_TRAILER': 49}, - {u'BSM_TOKEN_PROCESS32': { - u'aid': 305419896, - u'egid': 591751049, - u'euid': 19088743, - u'gid': 159868227, - u'pid': 321140038, - u'session_id': 2542171492, - u'terminal_ip': '127.0.0.1', - u'terminal_port': 374945606, - u'uid': 2557891634}, - u'BSM_TOKEN_TRAILER': 62}, - {u'BSM_TOKEN_PROCESS64': { - u'aid': 305419896, - u'egid': 591751049, - u'euid': 19088743, - u'gid': 159868227, - u'pid': 321140038, - u'session_id': 2542171492, - u'terminal_ip': '127.0.0.1', - u'terminal_port': 374945606, - u'uid': 2557891634}, - u'BSM_TOKEN_TRAILER': 66}, - {u'BSM_TOKEN_RETURN32': { - u'call_status': 305419896, - u'error': u'Invalid argument', - u'token_status': 22}, - u'BSM_TOKEN_TRAILER': 31}, - {u'BSM_TOKEN_SEQUENCE': 305419896, - u'BSM_TOKEN_TRAILER': 30}, - {u'BSM_TOKEN_AUT_SOCKINET32_EX':{ - u'from': '127.0.0.1', - u'from_port': 0, - u'to': '127.0.0.1', - u'to_port': 0}, - u'BSM_TOKEN_TRAILER': 44}, - {u'BSM_TOKEN_SUBJECT32': { - u'aid': 305419896, - u'egid': 591751049, - u'euid': 19088743, - u'gid': 159868227, - u'pid': 321140038, - u'session_id': 2542171492, - u'terminal_ip': '127.0.0.1', - u'terminal_port': 374945606, - u'uid': 2557891634}, - u'BSM_TOKEN_TRAILER': 62}, - {u'BSM_TOKEN_SUBJECT32_EX': { - u'aid': 305419896, - u'egid': 591751049, - u'euid': 19088743, - u'gid': 159868227, - u'pid': 321140038, - u'session_id': 2542171492, - u'terminal_ip': 'fe80::1', - u'terminal_port': 374945606, - u'uid': 2557891634}, - u'BSM_TOKEN_TRAILER': 78}, - {u'BSM_TOKEN_TEXT': u'This is a test.', - u'BSM_TOKEN_TRAILER': 44}, - {u'BSM_TOKEN_TRAILER': 37, - u'BSM_TOKEN_ZONENAME': u'testzone'}, - {u'BSM_TOKEN_RETURN32': { - u'call_status': 4294967295, - u'error': - u'Argument list too long', - u'token_status': 7}, - u'BSM_TOKEN_TRAILER': 31} + {'BSM_TOKEN_ARGUMENT32': { + 'is': 2882400000, + 'num_arg': 3, + 'string': 'test_arg32_token'}, + 'BSM_TOKEN_TRAILER': 50}, + {'BSM_TOKEN_DATA':{ + 'data': 'SomeData', + 'format': 'String'}, + 'BSM_TOKEN_TRAILER': 39}, + {'BSM_TOKEN_FILE': { + 'string': 'test', + 'timestamp': '1970-01-01 20:42:45'}, + 'BSM_TOKEN_TRAILER': 41}, + {'BSM_TOKEN_ADDR': '192.168.100.15', + 'BSM_TOKEN_TRAILER': 30}, + {'BSM_TOKEN_TRAILER': 46, + 'IPv4_Header': '0x400000145478000040010000c0a8649bc0a86e30]'}, + {'BSM_TOKEN_IPC': { + 'object_id': 305419896, + 'object_type': 1}, + 'BSM_TOKEN_TRAILER': 31}, + {'BSM_TOKEN_PORT': 20480, + 'BSM_TOKEN_TRAILER': 28}, + {'BSM_TOKEN_OPAQUE': 'aabbccdd', + 'BSM_TOKEN_TRAILER': 32}, + {'BSM_TOKEN_PATH': '/test/this/is/a/test', + 'BSM_TOKEN_TRAILER': 49}, + {'BSM_TOKEN_PROCESS32': { + 'aid': 305419896, + 'egid': 591751049, + 'euid': 19088743, + 'gid': 159868227, + 'pid': 321140038, + 'session_id': 2542171492, + 'terminal_ip': '127.0.0.1', + 'terminal_port': 374945606, + 'uid': 2557891634}, + 'BSM_TOKEN_TRAILER': 62}, + {'BSM_TOKEN_PROCESS64': { + 'aid': 305419896, + 'egid': 591751049, + 'euid': 19088743, + 'gid': 159868227, + 'pid': 321140038, + 'session_id': 2542171492, + 'terminal_ip': '127.0.0.1', + 'terminal_port': 374945606, + 'uid': 2557891634}, + 'BSM_TOKEN_TRAILER': 66}, + {'BSM_TOKEN_RETURN32': { + 'call_status': 305419896, + 'error': 'Invalid argument', + 'token_status': 22}, + 'BSM_TOKEN_TRAILER': 31}, + {'BSM_TOKEN_SEQUENCE': 305419896, + 'BSM_TOKEN_TRAILER': 30}, + {'BSM_TOKEN_AUT_SOCKINET32_EX':{ + 'from': '127.0.0.1', + 'from_port': 0, + 'to': '127.0.0.1', + 'to_port': 0}, + 'BSM_TOKEN_TRAILER': 44}, + {'BSM_TOKEN_SUBJECT32': { + 'aid': 305419896, + 'egid': 591751049, + 'euid': 19088743, + 'gid': 159868227, + 'pid': 321140038, + 'session_id': 2542171492, + 'terminal_ip': '127.0.0.1', + 'terminal_port': 374945606, + 'uid': 2557891634}, + 'BSM_TOKEN_TRAILER': 62}, + {'BSM_TOKEN_SUBJECT32_EX': { + 'aid': 305419896, + 'egid': 591751049, + 'euid': 19088743, + 'gid': 159868227, + 'pid': 321140038, + 'session_id': 2542171492, + 'terminal_ip': 'fe80::1', + 'terminal_port': 374945606, + 'uid': 2557891634}, + 'BSM_TOKEN_TRAILER': 78}, + {'BSM_TOKEN_TEXT': 'This is a test.', + 'BSM_TOKEN_TRAILER': 44}, + {'BSM_TOKEN_TRAILER': 37, + 'BSM_TOKEN_ZONENAME': 'testzone'}, + {'BSM_TOKEN_RETURN32': { + 'call_status': 4294967295, + 'error': + 'Argument list too long', + 'token_status': 7}, + 'BSM_TOKEN_TRAILER': 31} ] for event_index in range(0, 19): event = events[event_index] expected_extra_tokens_dict = expected_extra_tokens[event_index] - extra_tokens_dict = getattr(event, u'extra_tokens', {}) + extra_tokens_dict = getattr(event, 'extra_tokens', {}) self.assertDictContains(extra_tokens_dict, expected_extra_tokens_dict) diff --git a/tests/parsers/chrome_cache.py b/tests/parsers/chrome_cache.py index 90dd581691..270925fefb 100644 --- a/tests/parsers/chrome_cache.py +++ b/tests/parsers/chrome_cache.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the Chrome Cache files parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import chrome_cache # pylint: disable=unused-import +from plaso.formatters import chrome_cache as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import chrome_cache @@ -15,12 +17,12 @@ class ChromeCacheParserTest(test_lib.ParserTestCase): """Tests for the Chrome Cache files parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'chrome_cache', u'index']) + @shared_test_lib.skipUnlessHasTestFile(['chrome_cache', 'index']) def testParse(self): """Tests the Parse function.""" parser = chrome_cache.ChromeCacheParser() storage_writer = self._ParseFile( - [u'chrome_cache', u'index'], parser) + ['chrome_cache', 'index'], parser) self.assertEqual(storage_writer.number_of_events, 217) @@ -29,14 +31,14 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-04-30 16:44:36.226091') + '2014-04-30 16:44:36.226091') self.assertEqual(event.timestamp, expected_timestamp) expected_original_url = ( - u'https://s.ytimg.com/yts/imgbin/player-common-vfliLfqPT.webp') + 'https://s.ytimg.com/yts/imgbin/player-common-vfliLfqPT.webp') self.assertEqual(event.original_url, expected_original_url) - expected_message = u'Original URL: {0:s}'.format(expected_original_url) + expected_message = 'Original URL: {0:s}'.format(expected_original_url) self._TestGetMessageStrings(event, expected_message, expected_message) diff --git a/tests/parsers/chrome_preferences.py b/tests/parsers/chrome_preferences.py index 9696f41cc7..d9c2580700 100644 --- a/tests/parsers/chrome_preferences.py +++ b/tests/parsers/chrome_preferences.py @@ -2,9 +2,12 @@ # -*- coding: utf-8 -*- """Tests for the Chrome Preferences file parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import chrome_preferences # pylint: disable=unused-import +# pylint: disable=unused-import +from plaso.formatters import chrome_preferences as _ from plaso.lib import timelib from plaso.parsers import chrome_preferences @@ -15,12 +18,12 @@ class ChromePreferencesParserTest(test_lib.ParserTestCase): """Tests for the Google Chrome Preferences file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'Preferences']) + @shared_test_lib.skipUnlessHasTestFile(['Preferences']) def testParseFile(self): """Tests parsing a default profile Preferences file.""" parser = chrome_preferences.ChromePreferencesParser() storage_writer = self._ParseFile( - [u'Preferences'], parser) + ['Preferences'], parser) self.assertEqual(storage_writer.number_of_events, 30) @@ -28,116 +31,116 @@ def testParseFile(self): event = events[17] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-11-12 13:01:43.926143') + '2014-11-12 13:01:43.926143') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'Chrome extensions autoupdater last run' - expected_short_message = u'Chrome extensions autoupdater last run' + expected_message = 'Chrome extensions autoupdater last run' + expected_short_message = 'Chrome extensions autoupdater last run' self._TestGetMessageStrings( event, expected_message, expected_short_message) event = events[18] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-11-12 18:20:21.519200') + '2014-11-12 18:20:21.519200') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'Chrome extensions autoupdater next run' - expected_short_message = u'Chrome extensions autoupdater next run' + expected_message = 'Chrome extensions autoupdater next run' + expected_short_message = 'Chrome extensions autoupdater next run' self._TestGetMessageStrings( event, expected_message, expected_short_message) event = events[22] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-06-08 16:17:47.453766') + '2016-06-08 16:17:47.453766') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'Chrome history was cleared by user' - expected_short_message = u'Chrome history was cleared by user' + expected_message = 'Chrome history was cleared by user' + expected_short_message = 'Chrome history was cleared by user' self._TestGetMessageStrings( event, expected_message, expected_short_message) event = events[6] self.assertEqual( - event.data_type, u'chrome:preferences:extension_installation') + event.data_type, 'chrome:preferences:extension_installation') expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-11-05 18:31:24.154837') + '2014-11-05 18:31:24.154837') self.assertEqual(event.timestamp, expected_timestamp) - expected_id = u'mgndgikekgjfcpckkfioiadnlibdjbkf' + expected_id = 'mgndgikekgjfcpckkfioiadnlibdjbkf' self.assertEqual(event.extension_id, expected_id) - expected_name = u'Chrome' + expected_name = 'Chrome' self.assertEqual(event.extension_name, expected_name) expected_path = ( - u'C:\\Program Files\\Google\\Chrome\\Application\\38.0.2125.111\\' - u'resources\\chrome_app') + 'C:\\Program Files\\Google\\Chrome\\Application\\38.0.2125.111\\' + 'resources\\chrome_app') self.assertEqual(event.path, expected_path) expected_message = ( - u'CRX ID: {0:s} CRX Name: {1:s} Path: {2:s}'.format( + 'CRX ID: {0:s} CRX Name: {1:s} Path: {2:s}'.format( expected_id, expected_name, expected_path)) expected_short_message = ( - u'{0:s} ' - u'C:\\Program Files\\Google\\Chrome\\Application\\3...').format( + '{0:s} ' + 'C:\\Program Files\\Google\\Chrome\\Application\\3...').format( expected_id) self._TestGetMessageStrings( event, expected_message, expected_short_message) event = events[25] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-11-14 14:12:50.588974') + '2016-11-14 14:12:50.588974') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'Permission geolocation used by local file' + expected_message = 'Permission geolocation used by local file' self._TestGetMessageStrings( event, expected_message, expected_message) event = events[23] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-11-11 16:20:09.866137') + '2016-11-11 16:20:09.866137') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'Permission midi_sysex used by https://rawgit.com:443') + 'Permission midi_sysex used by https://rawgit.com:443') expected_short_message = expected_message self._TestGetMessageStrings( event, expected_message, expected_short_message) event = events[29] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-11-14 14:13:00.639332') + '2016-11-14 14:13:00.639332') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'Permission notifications used by https://rawgit.com:443') + 'Permission notifications used by https://rawgit.com:443') expected_short_message = ( - u'Permission notifications used by https://rawgit.com:443') + 'Permission notifications used by https://rawgit.com:443') self._TestGetMessageStrings( event, expected_message, expected_short_message) event = events[28] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-11-14 14:13:00.627093') + '2016-11-14 14:13:00.627093') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'Permission notifications used by https://rawgit.com:443') + 'Permission notifications used by https://rawgit.com:443') expected_short_message = expected_message self._TestGetMessageStrings( event, expected_message, expected_short_message) event = events[27] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-11-14 14:12:54.899474') + '2016-11-14 14:12:54.899474') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'Permission media_stream_mic used by local file') + 'Permission media_stream_mic used by local file') expected_short_message = expected_message self._TestGetMessageStrings( event, expected_message, expected_short_message) event = events[26] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-11-14 14:12:53.667838') + '2016-11-14 14:12:53.667838') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'Permission media_stream_mic used by https://rawgit.com:443') + 'Permission media_stream_mic used by https://rawgit.com:443') expected_short_message = expected_message self._TestGetMessageStrings( event, expected_message, expected_short_message) diff --git a/tests/parsers/cups_ipp.py b/tests/parsers/cups_ipp.py index 98841e16f4..59e9d14da1 100644 --- a/tests/parsers/cups_ipp.py +++ b/tests/parsers/cups_ipp.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Parser test for Mac Cups IPP Log files.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import cups_ipp # pylint: disable=unused-import +from plaso.formatters import cups_ipp as _ # pylint: disable=unused-import from plaso.lib import definitions from plaso.lib import timelib from plaso.parsers import cups_ipp @@ -16,12 +18,12 @@ class CupsIppParserTest(test_lib.ParserTestCase): """The unit test for Mac Cups IPP parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'mac_cups_ipp']) + @shared_test_lib.skipUnlessHasTestFile(['mac_cups_ipp']) def testParse(self): """Tests the Parse function.""" # TODO: only tested against Mac OS X Cups IPP (Version 2.0) parser = cups_ipp.CupsIppParser() - storage_writer = self._ParseFile([u'mac_cups_ipp'], parser) + storage_writer = self._ParseFile(['mac_cups_ipp'], parser) self.assertEqual(storage_writer.number_of_events, 3) @@ -30,37 +32,37 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-03 18:07:21') + '2013-11-03 18:07:21') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) - self.assertEqual(event.application, u'LibreOffice') - self.assertEqual(event.job_name, u'Assignament 1') - self.assertEqual(event.computer_name, u'localhost') + self.assertEqual(event.application, 'LibreOffice') + self.assertEqual(event.job_name, 'Assignament 1') + self.assertEqual(event.computer_name, 'localhost') self.assertEqual(event.copies, 1) - self.assertEqual(event.doc_type, u'application/pdf') - expected_job = u'urn:uuid:d51116d9-143c-3863-62aa-6ef0202de49a' + self.assertEqual(event.doc_type, 'application/pdf') + expected_job = 'urn:uuid:d51116d9-143c-3863-62aa-6ef0202de49a' self.assertEqual(event.job_id, expected_job) - self.assertEqual(event.owner, u'Joaquin Moreno Garijo') - self.assertEqual(event.user, u'moxilo') - self.assertEqual(event.printer_id, u'RHULBW') - expected_uri = u'ipp://localhost:631/printers/RHULBW' + self.assertEqual(event.owner, 'Joaquin Moreno Garijo') + self.assertEqual(event.user, 'moxilo') + self.assertEqual(event.printer_id, 'RHULBW') + expected_uri = 'ipp://localhost:631/printers/RHULBW' self.assertEqual(event.uri, expected_uri) expected_message = ( - u'User: moxilo ' - u'Owner: Joaquin Moreno Garijo ' - u'Job Name: Assignament 1 ' - u'Application: LibreOffice ' - u'Printer: RHULBW') - expected_short_message = u'Job Name: Assignament 1' + 'User: moxilo ' + 'Owner: Joaquin Moreno Garijo ' + 'Job Name: Assignament 1 ' + 'Application: LibreOffice ' + 'Printer: RHULBW') + expected_short_message = 'Job Name: Assignament 1' self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-03 18:07:21') + '2013-11-03 18:07:21') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_START) @@ -68,7 +70,7 @@ def testParse(self): event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-03 18:07:32') + '2013-11-03 18:07:32') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_END) diff --git a/tests/parsers/custom_destinations.py b/tests/parsers/custom_destinations.py index df596be641..24bda3fa3d 100644 --- a/tests/parsers/custom_destinations.py +++ b/tests/parsers/custom_destinations.py @@ -2,6 +2,8 @@ # -*- coding: utf-8 -*- """Tests for the .customDestinations-ms file parser.""" +from __future__ import unicode_literals + import unittest from plaso.formatters import winlnk # pylint: disable=unused-import @@ -17,12 +19,12 @@ class CustomDestinationsParserTest(test_lib.ParserTestCase): """Tests for the .customDestinations-ms file parser.""" @shared_test_lib.skipUnlessHasTestFile([ - u'5afe4de1b92fc382.customDestinations-ms']) + '5afe4de1b92fc382.customDestinations-ms']) def testParse(self): """Tests the Parse function.""" parser = custom_destinations.CustomDestinationsParser() storage_writer = self._ParseFile( - [u'5afe4de1b92fc382.customDestinations-ms'], parser) + ['5afe4de1b92fc382.customDestinations-ms'], parser) self.assertEqual(storage_writer.number_of_events, 126) @@ -33,7 +35,7 @@ def testParse(self): event = events[121] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-07-13 23:55:56.248103') + '2009-07-13 23:55:56.248103') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_ACCESS) self.assertEqual(event.timestamp, expected_timestamp) @@ -42,7 +44,7 @@ def testParse(self): event = events[122] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-07-13 23:55:56.248103') + '2009-07-13 23:55:56.248103') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) self.assertEqual(event.timestamp, expected_timestamp) @@ -51,27 +53,27 @@ def testParse(self): event = events[123] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-07-14 01:39:11.388000') + '2009-07-14 01:39:11.388000') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_MODIFICATION) self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'[@%systemroot%\\system32\\oobefldr.dll,-1262] ' - u'File size: 11776 ' - u'File attribute flags: 0x00000020 ' - u'Drive type: 3 ' - u'Drive serial number: 0x24ba718b ' - u'Local path: C:\\Windows\\System32\\GettingStarted.exe ' - u'cmd arguments: {DE3895CB-077B-4C38-B6E3-F3DE1E0D84FC} ' - u'%systemroot%\\system32\\control.exe /name Microsoft.Display ' - u'env location: %SystemRoot%\\system32\\GettingStarted.exe ' - u'Icon location: %systemroot%\\system32\\display.dll ' - u'Link target: C:\\Windows\\System32\\GettingStarted.exe') + '[@%systemroot%\\system32\\oobefldr.dll,-1262] ' + 'File size: 11776 ' + 'File attribute flags: 0x00000020 ' + 'Drive type: 3 ' + 'Drive serial number: 0x24ba718b ' + 'Local path: C:\\Windows\\System32\\GettingStarted.exe ' + 'cmd arguments: {DE3895CB-077B-4C38-B6E3-F3DE1E0D84FC} ' + '%systemroot%\\system32\\control.exe /name Microsoft.Display ' + 'env location: %SystemRoot%\\system32\\GettingStarted.exe ' + 'Icon location: %systemroot%\\system32\\display.dll ' + 'Link target: C:\\Windows\\System32\\GettingStarted.exe') expected_short_message = ( - u'[@%systemroot%\\system32\\oobefldr.dll,-1262] ' - u'C:\\Windows\\System32\\GettingStarte...') + '[@%systemroot%\\system32\\oobefldr.dll,-1262] ' + 'C:\\Windows\\System32\\GettingStarte...') self._TestGetMessageStrings(event, expected_message, expected_short_message) @@ -79,20 +81,20 @@ def testParse(self): event = events[18] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-11-10 07:41:04') + '2010-11-10 07:41:04') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'Name: System32 ' - u'Long name: System32 ' - u'NTFS file reference: 2331-1 ' - u'Shell item path: C:\\Windows\\System32 ' - u'Origin: 5afe4de1b92fc382.customDestinations-ms') + 'Name: System32 ' + 'Long name: System32 ' + 'NTFS file reference: 2331-1 ' + 'Shell item path: C:\\Windows\\System32 ' + 'Origin: 5afe4de1b92fc382.customDestinations-ms') expected_short_message = ( - u'Name: System32 ' - u'NTFS file reference: 2331-1 ' - u'Origin: 5afe4de1b92fc382.customDes...') + 'Name: System32 ' + 'NTFS file reference: 2331-1 ' + 'Origin: 5afe4de1b92fc382.customDes...') self._TestGetMessageStrings(event, expected_message, expected_short_message) @@ -100,17 +102,17 @@ def testParse(self): event = events[12] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-11-10 19:08:32.656259') + '2010-11-10 19:08:32.656259') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'e9215b24-ecfd-11df-a81c-000c29031e1e ' - u'MAC address: 00:0c:29:03:1e:1e ' - u'Origin: 5afe4de1b92fc382.customDestinations-ms') + 'e9215b24-ecfd-11df-a81c-000c29031e1e ' + 'MAC address: 00:0c:29:03:1e:1e ' + 'Origin: 5afe4de1b92fc382.customDestinations-ms') expected_short_message = ( - u'e9215b24-ecfd-11df-a81c-000c29031e1e ' - u'Origin: 5afe4de1b92fc382.customDestinati...') + 'e9215b24-ecfd-11df-a81c-000c29031e1e ' + 'Origin: 5afe4de1b92fc382.customDestinati...') self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/docker.py b/tests/parsers/docker.py index 873cdc97ea..ad44357e9c 100644 --- a/tests/parsers/docker.py +++ b/tests/parsers/docker.py @@ -2,6 +2,8 @@ # -*- coding: utf-8 -*- """Tests for the Docker JSON parser.""" +from __future__ import unicode_literals + import unittest from plaso.lib import timelib @@ -15,17 +17,17 @@ class DockerJSONUnitTest(test_lib.ParserTestCase): """Tests for the Docker JSON parser.""" @shared_test_lib.skipUnlessHasTestFile([ - u'docker', u'containers', - u'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c', - u'container-json.log']) + 'docker', 'containers', + 'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c', + 'container-json.log']) def testParseContainerLog(self): """Tests the _ParseContainerLogJSON function.""" container_identifier = ( - u'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c') + 'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c') parser = docker.DockerJSONParser() path_segments = [ - u'docker', u'containers', container_identifier, u'container-json.log'] + 'docker', 'containers', container_identifier, 'container-json.log'] storage_writer = self._ParseFile(path_segments, parser) self.assertEqual(storage_writer.number_of_events, 10) @@ -33,30 +35,30 @@ def testParseContainerLog(self): events = list(storage_writer.GetEvents()) expected_times = [ - u'2016-01-07 16:49:10.000000', - u'2016-01-07 16:49:10.200000', - u'2016-01-07 16:49:10.230000', - u'2016-01-07 16:49:10.237000', - u'2016-01-07 16:49:10.237200', - u'2016-01-07 16:49:10.237220', - u'2016-01-07 16:49:10.237222', - u'2016-01-07 16:49:10.237222', # losing sub microsec info - u'2016-01-07 16:49:10.237222', - u'2016-01-07 16:49:10.237222'] + '2016-01-07 16:49:10.000000', + '2016-01-07 16:49:10.200000', + '2016-01-07 16:49:10.230000', + '2016-01-07 16:49:10.237000', + '2016-01-07 16:49:10.237200', + '2016-01-07 16:49:10.237220', + '2016-01-07 16:49:10.237222', + '2016-01-07 16:49:10.237222', # losing sub microsec info + '2016-01-07 16:49:10.237222', + '2016-01-07 16:49:10.237222'] expected_log = ( - u'\x1b]0;root@e7d0b7ea5ccf: ' - u'/home/plaso\x07root@e7d0b7ea5ccf:/home/plaso# ls\r\n') + '\x1b]0;root@e7d0b7ea5ccf: ' + '/home/plaso\x07root@e7d0b7ea5ccf:/home/plaso# ls\r\n') expected_message = ( - u'Text: ' - u'\x1b]0;root@e7d0b7ea5ccf: /home/plaso\x07root@e7d0b7ea5ccf:' - u'/home/plaso# ls, Container ID: {0:s}, ' - u'Source: stdout').format(container_identifier) + 'Text: ' + '\x1b]0;root@e7d0b7ea5ccf: /home/plaso\x07root@e7d0b7ea5ccf:' + '/home/plaso# ls, Container ID: {0:s}, ' + 'Source: stdout').format(container_identifier) expected_short_message = ( - u'Text: ' - u'\x1b]0;root@e7d0b7ea5ccf: /home/plaso\x07root@e7d0b7ea5ccf:' - u'/home/plaso# ls, C...' + 'Text: ' + '\x1b]0;root@e7d0b7ea5ccf: /home/plaso\x07root@e7d0b7ea5ccf:' + '/home/plaso# ls, C...' ) for index, event in enumerate(events): @@ -65,22 +67,22 @@ def testParseContainerLog(self): self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.container_id, container_identifier) self.assertEqual(event.log_line, expected_log) - self.assertEqual(event.log_source, u'stdout') + self.assertEqual(event.log_source, 'stdout') self._TestGetMessageStrings( event, expected_message, expected_short_message) @shared_test_lib.skipUnlessHasTestFile([ - u'docker', u'containers', - u'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c', - u'container-json.log']) + 'docker', 'containers', + 'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c', + 'container-json.log']) def testParseContainerConfig(self): """Tests the _ParseContainerConfigJSON function.""" container_identifier = ( - u'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c') + 'e7d0b7ea5ccf08366e2b0c8afa2318674e8aefe802315378125d2bb83fe3110c') parser = docker.DockerJSONParser() path_segments = [ - u'docker', u'containers', container_identifier, u'config.json'] + 'docker', 'containers', container_identifier, 'config.json'] storage_writer = self._ParseFile(path_segments, parser) self.assertEqual(storage_writer.number_of_events, 2) @@ -89,31 +91,31 @@ def testParseContainerConfig(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-01-07 16:49:08.674873') + '2016-01-07 16:49:08.674873') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.action, u'Container Started') + self.assertEqual(event.action, 'Container Started') self.assertEqual(event.container_id, container_identifier) - self.assertEqual(event.container_name, u'e7d0b7ea5ccf') + self.assertEqual(event.container_name, 'e7d0b7ea5ccf') event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-01-07 16:49:08.507979') + '2016-01-07 16:49:08.507979') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.action, u'Container Created') + self.assertEqual(event.action, 'Container Created') self.assertEqual(event.container_id, container_identifier) - self.assertEqual(event.container_name, u'e7d0b7ea5ccf') + self.assertEqual(event.container_name, 'e7d0b7ea5ccf') @shared_test_lib.skipUnlessHasTestFile([ - u'docker', u'graph', - u'3c9a9d7cc6a235eb2de58ca9ef3551c67ae42a991933ba4958d207b29142902b', - u'json']) + 'docker', 'graph', + '3c9a9d7cc6a235eb2de58ca9ef3551c67ae42a991933ba4958d207b29142902b', + 'json']) def testParseLayerConfig(self): """Tests the _ParseLayerConfigJSON function.""" layer_identifier = ( - u'3c9a9d7cc6a235eb2de58ca9ef3551c67ae42a991933ba4958d207b29142902b') + '3c9a9d7cc6a235eb2de58ca9ef3551c67ae42a991933ba4958d207b29142902b') parser = docker.DockerJSONParser() - path_segments = [u'docker', u'graph', layer_identifier, u'json'] + path_segments = ['docker', 'graph', layer_identifier, 'json'] storage_writer = self._ParseFile(path_segments, parser) self.assertEqual(storage_writer.number_of_events, 1) @@ -123,12 +125,12 @@ def testParseLayerConfig(self): event = events[0] expected_command = ( - u'/bin/sh -c sed -i \'s/^#\\s*\\(deb.*universe\\)$/\\1/g\' ' - u'/etc/apt/sources.list') + '/bin/sh -c sed -i \'s/^#\\s*\\(deb.*universe\\)$/\\1/g\' ' + '/etc/apt/sources.list') self.assertEqual(event.command, expected_command) self.assertEqual(event.layer_id, layer_identifier) self.assertEqual(event.timestamp, 1444670823079273) - self.assertEqual(event.timestamp_desc, u'Creation Time') + self.assertEqual(event.timestamp_desc, 'Creation Time') if __name__ == '__main__': diff --git a/tests/parsers/dpkg.py b/tests/parsers/dpkg.py index 15779a8160..8466fb57d1 100644 --- a/tests/parsers/dpkg.py +++ b/tests/parsers/dpkg.py @@ -1,6 +1,9 @@ #!/usr/bin/python # -*_ coding: utf-8 -*- """Tests for the dpkg.Log parser.""" + +from __future__ import unicode_literals + import unittest from plaso.lib import timelib @@ -13,11 +16,11 @@ class DpkgParserTest(test_lib.ParserTestCase): """Tests for the Dpkg Log parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'dpkg.log']) + @shared_test_lib.skipUnlessHasTestFile(['dpkg.log']) def testParse(self): """Tests for the Parse method.""" parser = dpkg.DpkgParser() - storage_writer = self._ParseFile([u'dpkg.log'], parser) + storage_writer = self._ParseFile(['dpkg.log'], parser) self.assertEqual(storage_writer.number_of_events, 4) @@ -25,29 +28,29 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-02-25 11:45:23') - expected_body = u'conffile /etc/X11/Xsession keep' + '2009-02-25 11:45:23') + expected_body = 'conffile /etc/X11/Xsession keep' self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.body, expected_body) event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-08-03 15:25:53') - expected_body = u'startup archives install' + '2016-08-03 15:25:53') + expected_body = 'startup archives install' self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.body, expected_body) event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-08-06 17:35:39') - expected_body = u'install base-passwd:amd64 3.5.33' + '2016-08-06 17:35:39') + expected_body = 'install base-passwd:amd64 3.5.33' self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.body, expected_body) event = events[3] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-08-09 04:57:14') - expected_body = u'status half-installed base-passwd:amd64 3.5.33' + '2016-08-09 04:57:14') + expected_body = 'status half-installed base-passwd:amd64 3.5.33' self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.body, expected_body) @@ -57,11 +60,11 @@ def testVerification(self): mediator = None valid_lines = ( - u'2016-08-09 04:57:14 status half-installed base-passwd:amd64 3.5.33') + '2016-08-09 04:57:14 status half-installed base-passwd:amd64 3.5.33') self.assertTrue(parser.VerifyStructure(mediator, valid_lines)) invalid_lines = ( - u'2016-08-09 04:57:14 X status half-installed base-passwd:amd64 3.5.33') + '2016-08-09 04:57:14 X status half-installed base-passwd:amd64 3.5.33') self.assertFalse(parser.VerifyStructure(mediator, invalid_lines)) diff --git a/tests/parsers/esedb.py b/tests/parsers/esedb.py index 5598ecc7dc..de1a2593f0 100644 --- a/tests/parsers/esedb.py +++ b/tests/parsers/esedb.py @@ -2,6 +2,8 @@ # -*- coding: utf-8 -*- """Tests for the Extensible Storage Engine (ESE) database files (EDB) parser.""" +from __future__ import unicode_literals + import unittest from plaso.parsers import esedb @@ -14,11 +16,11 @@ class ESEDBParserTest(test_lib.ParserTestCase): """Tests for the Extensible Storage Engine database (ESEDB) file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'Windows.edb']) + @shared_test_lib.skipUnlessHasTestFile(['Windows.edb']) def testParse(self): """Tests the Parse function.""" parser = esedb.ESEDBParser() - storage_writer = self._ParseFile([u'Windows.edb'], parser) + storage_writer = self._ParseFile(['Windows.edb'], parser) # Extensible Storage Engine Database information: # File type: Database @@ -43,7 +45,7 @@ def testParse(self): self.assertIsNotNone(error) self.assertTrue(error.message.startswith( - u'unable to open file with error: pyesedb_file_open_file_object: ')) + 'unable to open file with error: pyesedb_file_open_file_object: ')) if __name__ == '__main__': diff --git a/tests/parsers/filestat.py b/tests/parsers/filestat.py index 152d5f2b01..1a8a33bd2b 100644 --- a/tests/parsers/filestat.py +++ b/tests/parsers/filestat.py @@ -2,6 +2,8 @@ # -*- coding: utf-8 -*- """Tests for filestat parser.""" +from __future__ import unicode_literals + import os import unittest @@ -18,16 +20,16 @@ class FileStatTest(test_lib.ParserTestCase): """Tests for filestat parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'ímynd.dd']) + @shared_test_lib.skipUnlessHasTestFile(['ímynd.dd']) def testTSKFile(self): """Read a file within an image file and make few tests.""" parser = filestat.FileStatParser() - test_file = self._GetTestFilePath([u'ímynd.dd']) + test_file = self._GetTestFilePath(['ímynd.dd']) os_path_spec = path_spec_factory.Factory.NewPathSpec( definitions.TYPE_INDICATOR_OS, location=test_file) tsk_path_spec = path_spec_factory.Factory.NewPathSpec( - definitions.TYPE_INDICATOR_TSK, inode=15, location=u'/passwords.txt', + definitions.TYPE_INDICATOR_TSK, inode=15, location='/passwords.txt', parent=os_path_spec) storage_writer = self._ParseFileByPathSpec(tsk_path_spec, parser) @@ -42,22 +44,22 @@ def testTSKFile(self): self.assertEqual(event.file_size, 116) expected_message = ( - u'TSK:/passwords.txt ' - u'Type: file') - expected_short_message = u'/passwords.txt' + 'TSK:/passwords.txt ' + 'Type: file') + expected_short_message = '/passwords.txt' self._TestGetMessageStrings( event, expected_message, expected_short_message) - @shared_test_lib.skipUnlessHasTestFile([u'syslog.zip']) + @shared_test_lib.skipUnlessHasTestFile(['syslog.zip']) def testZipFile(self): """Test a ZIP file.""" parser = filestat.FileStatParser() - test_file = self._GetTestFilePath([u'syslog.zip']) + test_file = self._GetTestFilePath(['syslog.zip']) os_path_spec = path_spec_factory.Factory.NewPathSpec( definitions.TYPE_INDICATOR_OS, location=test_file) zip_path_spec = path_spec_factory.Factory.NewPathSpec( - definitions.TYPE_INDICATOR_ZIP, location=u'/syslog', + definitions.TYPE_INDICATOR_ZIP, location='/syslog', parent=os_path_spec) storage_writer = self._ParseFileByPathSpec(zip_path_spec, parser) @@ -72,18 +74,18 @@ def testZipFile(self): self.assertEqual(event.file_size, 1247) expected_message = ( - u'ZIP:/syslog ' - u'Type: file') - expected_short_message = u'/syslog' + 'ZIP:/syslog ' + 'Type: file') + expected_short_message = '/syslog' self._TestGetMessageStrings( event, expected_message, expected_short_message) - @shared_test_lib.skipUnlessHasTestFile([u'syslog.gz']) + @shared_test_lib.skipUnlessHasTestFile(['syslog.gz']) def testGzipFile(self): """Test a GZIP file.""" parser = filestat.FileStatParser() - test_file = self._GetTestFilePath([u'syslog.gz']) + test_file = self._GetTestFilePath(['syslog.gz']) os_path_spec = path_spec_factory.Factory.NewPathSpec( definitions.TYPE_INDICATOR_OS, location=test_file) gzip_path_spec = path_spec_factory.Factory.NewPathSpec( @@ -100,24 +102,24 @@ def testGzipFile(self): self.assertEqual(event.file_size, 1247) - test_path = os.path.join(os.getcwd(), u'test_data', u'syslog.gz') + test_path = os.path.join(os.getcwd(), 'test_data', 'syslog.gz') expected_message = ( - u'GZIP:{0:s} ' - u'Type: file').format(test_path) + 'GZIP:{0:s} ' + 'Type: file').format(test_path) expected_short_message = self._GetShortMessage(test_path) self._TestGetMessageStrings( event, expected_message, expected_short_message) - @shared_test_lib.skipUnlessHasTestFile([u'syslog.tar']) + @shared_test_lib.skipUnlessHasTestFile(['syslog.tar']) def testTarFile(self): """Test a TAR file.""" parser = filestat.FileStatParser() - test_file = self._GetTestFilePath([u'syslog.tar']) + test_file = self._GetTestFilePath(['syslog.tar']) os_path_spec = path_spec_factory.Factory.NewPathSpec( definitions.TYPE_INDICATOR_OS, location=test_file) tar_path_spec = path_spec_factory.Factory.NewPathSpec( - definitions.TYPE_INDICATOR_TAR, location=u'/syslog', + definitions.TYPE_INDICATOR_TAR, location='/syslog', parent=os_path_spec) storage_writer = self._ParseFileByPathSpec(tar_path_spec, parser) @@ -132,24 +134,24 @@ def testTarFile(self): self.assertEqual(event.file_size, 1247) expected_message = ( - u'TAR:/syslog ' - u'Type: file') - expected_short_message = u'/syslog' + 'TAR:/syslog ' + 'Type: file') + expected_short_message = '/syslog' self._TestGetMessageStrings( event, expected_message, expected_short_message) - @shared_test_lib.skipUnlessHasTestFile([u'syslog.tgz']) + @shared_test_lib.skipUnlessHasTestFile(['syslog.tgz']) def testNestedFile(self): """Test a nested file.""" parser = filestat.FileStatParser() - test_file = self._GetTestFilePath([u'syslog.tgz']) + test_file = self._GetTestFilePath(['syslog.tgz']) os_path_spec = path_spec_factory.Factory.NewPathSpec( definitions.TYPE_INDICATOR_OS, location=test_file) gzip_path_spec = path_spec_factory.Factory.NewPathSpec( definitions.TYPE_INDICATOR_GZIP, parent=os_path_spec) tar_path_spec = path_spec_factory.Factory.NewPathSpec( - definitions.TYPE_INDICATOR_TAR, location=u'/syslog', + definitions.TYPE_INDICATOR_TAR, location='/syslog', parent=gzip_path_spec) storage_writer = self._ParseFileByPathSpec(tar_path_spec, parser) @@ -164,13 +166,13 @@ def testNestedFile(self): self.assertEqual(event.file_size, 1247) expected_message = ( - u'TAR:/syslog ' - u'Type: file') - expected_short_message = u'/syslog' + 'TAR:/syslog ' + 'Type: file') + expected_short_message = '/syslog' self._TestGetMessageStrings( event, expected_message, expected_short_message) - test_file = self._GetTestFilePath([u'syslog.tgz']) + test_file = self._GetTestFilePath(['syslog.tgz']) os_path_spec = path_spec_factory.Factory.NewPathSpec( definitions.TYPE_INDICATOR_OS, location=test_file) gzip_path_spec = path_spec_factory.Factory.NewPathSpec( @@ -187,27 +189,27 @@ def testNestedFile(self): self.assertEqual(event.file_size, 10240) - test_path = os.path.join(os.getcwd(), u'test_data', u'syslog.tgz') + test_path = os.path.join(os.getcwd(), 'test_data', 'syslog.tgz') expected_message = ( - u'GZIP:{0:s} ' - u'Type: file').format(test_path) + 'GZIP:{0:s} ' + 'Type: file').format(test_path) expected_short_message = self._GetShortMessage(test_path) self._TestGetMessageStrings( event, expected_message, expected_short_message) - @shared_test_lib.skipUnlessHasTestFile([u'syslog_image.dd']) + @shared_test_lib.skipUnlessHasTestFile(['syslog_image.dd']) def testNestedTSK(self): """Test a nested TSK file.""" parser = filestat.FileStatParser() - test_file = self._GetTestFilePath([u'syslog_image.dd']) + test_file = self._GetTestFilePath(['syslog_image.dd']) os_path_spec = path_spec_factory.Factory.NewPathSpec( definitions.TYPE_INDICATOR_OS, location=test_file) tsk_path_spec = path_spec_factory.Factory.NewPathSpec( - definitions.TYPE_INDICATOR_TSK, inode=11, location=u'/logs/hidden.zip', + definitions.TYPE_INDICATOR_TSK, inode=11, location='/logs/hidden.zip', parent=os_path_spec) zip_path_spec = path_spec_factory.Factory.NewPathSpec( - definitions.TYPE_INDICATOR_ZIP, location=u'/syslog', + definitions.TYPE_INDICATOR_ZIP, location='/syslog', parent=tsk_path_spec) storage_writer = self._ParseFileByPathSpec(zip_path_spec, parser) @@ -222,9 +224,9 @@ def testNestedTSK(self): self.assertEqual(event.file_size, 1247) expected_message = ( - u'ZIP:/syslog ' - u'Type: file') - expected_short_message = u'/syslog' + 'ZIP:/syslog ' + 'Type: file') + expected_short_message = '/syslog' self._TestGetMessageStrings( event, expected_message, expected_short_message) diff --git a/tests/parsers/firefox_cache.py b/tests/parsers/firefox_cache.py index 458dbc57f5..f5aa33a08d 100644 --- a/tests/parsers/firefox_cache.py +++ b/tests/parsers/firefox_cache.py @@ -1,9 +1,11 @@ # -*- coding: utf-8 -*- """Tests for Firefox cache files parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import firefox_cache # pylint: disable=unused-import +from plaso.formatters import firefox_cache as _ # pylint: disable=unused-import from plaso.lib import errors from plaso.lib import timelib from plaso.parsers import firefox_cache @@ -24,22 +26,22 @@ def _VerifyMajorMinor(self, events): self.assertEqual(event.major, 1) self.assertEqual(event.minor, 19) - @shared_test_lib.skipUnlessHasTestFile([u'firefox_cache', u'invalid_file']) + @shared_test_lib.skipUnlessHasTestFile(['firefox_cache', 'invalid_file']) def testParseCache_InvalidFile(self): """Verify that parser do not accept small, invalid files.""" parser = firefox_cache.FirefoxCacheParser() - path_segments = [u'firefox_cache', u'invalid_file'] + path_segments = ['firefox_cache', 'invalid_file'] with self.assertRaises(errors.UnableToParseFile): self._ParseFile(path_segments, parser) @shared_test_lib.skipUnlessHasTestFile([ - u'firefox_cache', u'firefox28', u'_CACHE_001_']) + 'firefox_cache', 'firefox28', '_CACHE_001_']) def testParseCache_001(self): """Test Firefox 28 cache file _CACHE_001_ parsing.""" parser = firefox_cache.FirefoxCacheParser() storage_writer = self._ParseFile( - [u'firefox_cache', u'firefox28', u'_CACHE_001_'], parser) + ['firefox_cache', 'firefox28', '_CACHE_001_'], parser) self.assertEqual(storage_writer.number_of_events, 1665) @@ -47,19 +49,19 @@ def testParseCache_001(self): event = events[3] self.assertEqual( - event.url, u'HTTP:http://start.ubuntu.com/12.04/sprite.png') + event.url, 'HTTP:http://start.ubuntu.com/12.04/sprite.png') expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-04-21 14:13:35') + '2014-04-21 14:13:35') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'Fetched 2 time(s) ' - u'[HTTP/1.0 200 OK] GET ' - u'"HTTP:http://start.ubuntu.com/12.04/sprite.png"') + 'Fetched 2 time(s) ' + '[HTTP/1.0 200 OK] GET ' + '"HTTP:http://start.ubuntu.com/12.04/sprite.png"') expected_short_message = ( - u'[HTTP/1.0 200 OK] GET ' - u'"HTTP:http://start.ubuntu.com/12.04/sprite.png"') + '[HTTP/1.0 200 OK] GET ' + '"HTTP:http://start.ubuntu.com/12.04/sprite.png"') self._TestGetMessageStrings( event, expected_message, expected_short_message) @@ -67,22 +69,22 @@ def testParseCache_001(self): self._VerifyMajorMinor(events) @shared_test_lib.skipUnlessHasTestFile([ - u'firefox_cache', u'firefox28', u'_CACHE_002_']) + 'firefox_cache', 'firefox28', '_CACHE_002_']) def testParseCache_002(self): """Test Firefox 28 cache file _CACHE_002_ parsing.""" parser = firefox_cache.FirefoxCacheParser() storage_writer = self._ParseFile( - [u'firefox_cache', u'firefox28', u'_CACHE_002_'], parser) + ['firefox_cache', 'firefox28', '_CACHE_002_'], parser) expected_url = ( - u'HTTP:http://www.google-analytics.com/__utm.gif?utmwv=5.5.0&utms=' - u'1&utmn=1106893631&utmhn=www.dagbladet.no&utmcs=windows-1252&ut' - u'msr=1920x1080&utmvp=1430x669&utmsc=24-bit&utmul=en-us&utmje=0&' - u'utmfl=-&utmdt=Dagbladet.no%20-%20forsiden&utmhid=460894302&utm' - u'r=-&utmp=%2F&utmht=1398089458997&utmac=UA-3072159-1&utmcc=__ut' - u'ma%3D68537988.718312608.1398089459.1398089459.1398089459.1%3B%' - u'2B__utmz%3D68537988.1398089459.1.1.utmcsr%3D(direct)%7Cutmccn' - u'%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmu=qBQ~') + 'HTTP:http://www.google-analytics.com/__utm.gif?utmwv=5.5.0&utms=' + '1&utmn=1106893631&utmhn=www.dagbladet.no&utmcs=windows-1252&ut' + 'msr=1920x1080&utmvp=1430x669&utmsc=24-bit&utmul=en-us&utmje=0&' + 'utmfl=-&utmdt=Dagbladet.no%20-%20forsiden&utmhid=460894302&utm' + 'r=-&utmp=%2F&utmht=1398089458997&utmac=UA-3072159-1&utmcc=__ut' + 'ma%3D68537988.718312608.1398089459.1398089459.1398089459.1%3B%' + '2B__utmz%3D68537988.1398089459.1.1.utmcsr%3D(direct)%7Cutmccn' + '%3D(direct)%7Cutmcmd%3D(none)%3B&aip=1&utmu=qBQ~') self.assertEqual(storage_writer.number_of_events, 141) @@ -93,18 +95,18 @@ def testParseCache_002(self): event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-04-21 14:10:58') + '2014-04-21 14:10:58') self.assertEqual(event.timestamp, expected_timestamp) self._VerifyMajorMinor(events) @shared_test_lib.skipUnlessHasTestFile([ - u'firefox_cache', u'firefox28', u'_CACHE_003_']) + 'firefox_cache', 'firefox28', '_CACHE_003_']) def testParseCache_003(self): """Test Firefox 28 cache file _CACHE_003_ parsing.""" parser = firefox_cache.FirefoxCacheParser() storage_writer = self._ParseFile( - [u'firefox_cache', u'firefox28', u'_CACHE_003_'], parser) + ['firefox_cache', 'firefox28', '_CACHE_003_'], parser) self.assertEqual(storage_writer.number_of_events, 9) @@ -112,33 +114,33 @@ def testParseCache_003(self): event = events[7] expected_url = ( - u'HTTP:https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/' - u'jquery.min.js') + 'HTTP:https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/' + 'jquery.min.js') self.assertEqual(event.url, expected_url) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-04-21 14:11:07') + '2014-04-21 14:11:07') self.assertEqual(event.timestamp, expected_timestamp) self._VerifyMajorMinor(events) @shared_test_lib.skipUnlessHasTestFile([ - u'firefox_cache', u'firefox28', u'E8D65m01']) + 'firefox_cache', 'firefox28', 'E8D65m01']) def testParseAlternativeFilename(self): """Test Firefox 28 cache 003 file with alternative filename.""" parser = firefox_cache.FirefoxCacheParser() storage_writer = self._ParseFile( - [u'firefox_cache', u'firefox28', u'E8D65m01'], parser) + ['firefox_cache', 'firefox28', 'E8D65m01'], parser) self.assertEqual(storage_writer.number_of_events, 9) @shared_test_lib.skipUnlessHasTestFile([ - u'firefox_cache', u'firefox3', u'_CACHE_001_']) + 'firefox_cache', 'firefox3', '_CACHE_001_']) def testParseLegacyCache_001(self): """Test Firefox 3 cache file _CACHE_001_ parsing.""" parser = firefox_cache.FirefoxCacheParser() storage_writer = self._ParseFile( - [u'firefox_cache', u'firefox3', u'_CACHE_001_'], parser) + ['firefox_cache', 'firefox3', '_CACHE_001_'], parser) self.assertEqual(storage_writer.number_of_events, 73) @@ -147,27 +149,27 @@ def testParseLegacyCache_001(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-05-02 14:15:03') + '2014-05-02 14:15:03') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'Fetched 1 time(s) ' - u'[HTTP/1.1 200 OK] GET ' - u'"HTTP:http://start.mozilla.org/en-US/"') + 'Fetched 1 time(s) ' + '[HTTP/1.1 200 OK] GET ' + '"HTTP:http://start.mozilla.org/en-US/"') expected_short_message = ( - u'[HTTP/1.1 200 OK] GET ' - u'"HTTP:http://start.mozilla.org/en-US/"') + '[HTTP/1.1 200 OK] GET ' + '"HTTP:http://start.mozilla.org/en-US/"') self._TestGetMessageStrings( event, expected_message, expected_short_message) @shared_test_lib.skipUnlessHasTestFile([ - u'firefox_cache', u'firefox3', u'_CACHE_002_']) + 'firefox_cache', 'firefox3', '_CACHE_002_']) def testParseLegacyCache_002(self): """Test Firefox 3 cache file _CACHE_002_ parsing.""" parser = firefox_cache.FirefoxCacheParser() storage_writer = self._ParseFile( - [u'firefox_cache', u'firefox3', u'_CACHE_002_'], parser) + ['firefox_cache', 'firefox3', '_CACHE_002_'], parser) self.assertEqual(storage_writer.number_of_events, 6) @@ -176,16 +178,16 @@ def testParseLegacyCache_002(self): event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-05-02 14:25:55') + '2014-05-02 14:25:55') self.assertEqual(event.timestamp, expected_timestamp) @shared_test_lib.skipUnlessHasTestFile([ - u'firefox_cache', u'firefox3', u'_CACHE_003_']) + 'firefox_cache', 'firefox3', '_CACHE_003_']) def testParseLegacyCache_003(self): """Test Firefox 3 cache file _CACHE_003_ parsing.""" parser = firefox_cache.FirefoxCacheParser() storage_writer = self._ParseFile( - [u'firefox_cache', u'firefox3', u'_CACHE_003_'], parser) + ['firefox_cache', 'firefox3', '_CACHE_003_'], parser) self.assertEqual(storage_writer.number_of_events, 6) @@ -194,7 +196,7 @@ def testParseLegacyCache_003(self): event = events[3] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-05-02 14:15:07') + '2014-05-02 14:15:07') self.assertEqual(event.timestamp, expected_timestamp) @@ -202,13 +204,13 @@ class FirefoxCache2ParserTest(test_lib.ParserTestCase): """A unit test for the FirefoxCache2Parser.""" @shared_test_lib.skipUnlessHasTestFile([ - u'firefox_cache', u'cache2', u'1F4B3A4FC81FB19C530758231FA54313BE8F6FA2']) + 'firefox_cache', 'cache2', '1F4B3A4FC81FB19C530758231FA54313BE8F6FA2']) def testParseCache2Entry(self): """Test Firefox cache2 file parsing.""" parser = firefox_cache.FirefoxCache2Parser() path_segments = [ - u'firefox_cache', u'cache2', - u'1F4B3A4FC81FB19C530758231FA54313BE8F6FA2'] + 'firefox_cache', 'cache2', + '1F4B3A4FC81FB19C530758231FA54313BE8F6FA2'] storage_writer = self._ParseFile(path_segments, parser) self.assertEqual(storage_writer.number_of_events, 3) @@ -218,38 +220,38 @@ def testParseCache2Entry(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2015-05-02 15:35:31') + '2015-05-02 15:35:31') self.assertEqual(event.timestamp, expected_timestamp) expected_url = ( - u':https://tiles.cdn.mozilla.net/images/' - u'8acf9436e1b315f5f04b9435a518bcd1aef131f8.5663.png') + ':https://tiles.cdn.mozilla.net/images/' + '8acf9436e1b315f5f04b9435a518bcd1aef131f8.5663.png') self.assertEqual(event.url, expected_url) - self.assertEqual(event.request_method, u'GET') - self.assertEqual(event.response_code, u'HTTP/1.1 200 OK') + self.assertEqual(event.request_method, 'GET') + self.assertEqual(event.response_code, 'HTTP/1.1 200 OK') self.assertEqual(event.fetch_count, 2) event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2015-05-02 15:35:31') + '2015-05-02 15:35:31') self.assertEqual(event.timestamp, expected_timestamp) event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-05-01 15:35:31') + '2016-05-01 15:35:31') self.assertEqual(event.timestamp, expected_timestamp) @shared_test_lib.skipUnlessHasTestFile([ - u'firefox_cache', u'cache2', u'C966EB70794E44E7E3E8A260106D0C72439AF65B']) + 'firefox_cache', 'cache2', 'C966EB70794E44E7E3E8A260106D0C72439AF65B']) def testParseInvalidCache2Entry(self): """Test file with valid filename and invalid content.""" parser = firefox_cache.FirefoxCache2Parser() path_segments = [ - u'firefox_cache', u'cache2', - u'C966EB70794E44E7E3E8A260106D0C72439AF65B'] + 'firefox_cache', 'cache2', + 'C966EB70794E44E7E3E8A260106D0C72439AF65B'] with self.assertRaises(errors.UnableToParseFile): self._ParseFile(path_segments, parser) diff --git a/tests/parsers/iis.py b/tests/parsers/iis.py index 7111955025..a71fa115eb 100644 --- a/tests/parsers/iis.py +++ b/tests/parsers/iis.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the Windows IIS log parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import iis # pylint: disable=unused-import +from plaso.formatters import iis as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import iis @@ -18,11 +20,11 @@ class WinIISUnitTest(test_lib.ParserTestCase): """Tests for the Windows IIS parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'iis.log']) + @shared_test_lib.skipUnlessHasTestFile(['iis.log']) def testParse(self): """Tests the Parse function.""" parser = iis.WinIISParser() - storage_writer = self._ParseFile([u'iis.log'], parser) + storage_writer = self._ParseFile(['iis.log'], parser) self.assertEqual(storage_writer.number_of_events, 11) @@ -31,56 +33,56 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-07-30 00:00:00') + '2013-07-30 00:00:00') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.source_ip, u'10.10.10.100') - self.assertEqual(event.dest_ip, u'10.10.10.100') + self.assertEqual(event.source_ip, '10.10.10.100') + self.assertEqual(event.dest_ip, '10.10.10.100') self.assertEqual(event.dest_port, 80) expected_message = ( - u'GET /some/image/path/something.jpg ' - u'[ 10.10.10.100 > 10.10.10.100 : 80 ] ' - u'HTTP Status: 200 ' - u'User Agent: Mozilla/4.0+(compatible;+Win32;' - u'+WinHttp.WinHttpRequest.5)') + 'GET /some/image/path/something.jpg ' + '[ 10.10.10.100 > 10.10.10.100 : 80 ] ' + 'HTTP Status: 200 ' + 'User Agent: Mozilla/4.0+(compatible;+Win32;' + '+WinHttp.WinHttpRequest.5)') expected_short_message = ( - u'GET /some/image/path/something.jpg ' - u'[ 10.10.10.100 > 10.10.10.100 : 80 ]') + 'GET /some/image/path/something.jpg ' + '[ 10.10.10.100 > 10.10.10.100 : 80 ]') self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[5] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-07-30 00:00:05') + '2013-07-30 00:00:05') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.http_method, u'GET') + self.assertEqual(event.http_method, 'GET') self.assertEqual(event.http_status, 200) self.assertEqual( - event.requested_uri_stem, u'/some/image/path/something.jpg') + event.requested_uri_stem, '/some/image/path/something.jpg') event = events[1] expected_message = ( - u'GET /some/image/path/something.htm ' - u'[ 22.22.22.200 > 10.10.10.100 : 80 ] ' - u'HTTP Status: 404 ' - u'User Agent: Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_6_8)' - u'+AppleWebKit/534.57.2+(KHTML,+like+Gecko)+Version/5.1.7' - u'+Safari/534.57.2') + 'GET /some/image/path/something.htm ' + '[ 22.22.22.200 > 10.10.10.100 : 80 ] ' + 'HTTP Status: 404 ' + 'User Agent: Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_6_8)' + '+AppleWebKit/534.57.2+(KHTML,+like+Gecko)+Version/5.1.7' + '+Safari/534.57.2') expected_short_message = ( - u'GET /some/image/path/something.htm ' - u'[ 22.22.22.200 > 10.10.10.100 : 80 ]') + 'GET /some/image/path/something.htm ' + '[ 22.22.22.200 > 10.10.10.100 : 80 ]') self._TestGetMessageStrings(event, expected_message, expected_short_message) - @shared_test_lib.skipUnlessHasTestFile([u'iis_without_date.log']) + @shared_test_lib.skipUnlessHasTestFile(['iis_without_date.log']) def testParseWithoutDate(self): """Tests the Parse function with logs without a date column.""" parser = iis.WinIISParser() - storage_writer = self._ParseFile([u'iis_without_date.log'], parser) + storage_writer = self._ParseFile(['iis_without_date.log'], parser) self.assertEqual(storage_writer.number_of_events, 11) @@ -89,10 +91,10 @@ def testParseWithoutDate(self): event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-07-30 00:00:03') + '2013-07-30 00:00:03') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.protocol_version, u'HTTP/1.1') + self.assertEqual(event.protocol_version, 'HTTP/1.1') if __name__ == '__main__': diff --git a/tests/parsers/interface.py b/tests/parsers/interface.py index 44577532f4..b196888c3e 100644 --- a/tests/parsers/interface.py +++ b/tests/parsers/interface.py @@ -2,6 +2,8 @@ # -*- coding: utf-8 -*- """Tests for the parsers and plugins interface classes.""" +from __future__ import unicode_literals + import unittest from plaso.parsers import interface diff --git a/tests/parsers/java_idx.py b/tests/parsers/java_idx.py index 340e6589fe..1b8bb7388c 100644 --- a/tests/parsers/java_idx.py +++ b/tests/parsers/java_idx.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for Java Cache IDX file parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import java_idx # pylint: disable=unused-import +from plaso.formatters import java_idx as _ # pylint: disable=unused-import from plaso.lib import definitions from plaso.lib import timelib from plaso.parsers import java_idx @@ -16,11 +18,11 @@ class IDXTest(test_lib.ParserTestCase): """Tests for Java Cache IDX file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'java_602.idx']) + @shared_test_lib.skipUnlessHasTestFile(['java_602.idx']) def testParse602(self): """Tests the Parse function on a version 602 IDX file.""" parser = java_idx.JavaIDXParser() - storage_writer = self._ParseFile([u'java_602.idx'], parser) + storage_writer = self._ParseFile(['java_602.idx'], parser) self.assertEqual(storage_writer.number_of_events, 2) @@ -31,17 +33,17 @@ def testParse602(self): idx_version_expected = 602 self.assertEqual(event.idx_version, idx_version_expected) - ip_address_expected = u'Unknown' + ip_address_expected = 'Unknown' self.assertEqual(event.ip_address, ip_address_expected) - url_expected = u'http://www.gxxxxx.com/a/java/xxz.jar' + url_expected = 'http://www.gxxxxx.com/a/java/xxz.jar' self.assertEqual(event.url, url_expected) - description_expected = u'File Hosted Date' + description_expected = 'File Hosted Date' self.assertEqual(event.timestamp_desc, description_expected) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-05-05 01:34:19.720') + '2010-05-05 01:34:19.720') self.assertEqual(event.timestamp, expected_timestamp) # Parse second event. Same metadata; different timestamp event. @@ -55,14 +57,14 @@ def testParse602(self): self.assertEqual(event.timestamp_desc, description_expected) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-05-05 03:52:31') + '2010-05-05 03:52:31') self.assertEqual(event.timestamp, expected_timestamp) - @shared_test_lib.skipUnlessHasTestFile([u'java.idx']) + @shared_test_lib.skipUnlessHasTestFile(['java.idx']) def testParse605(self): """Tests the Parse function on a version 605 IDX file.""" parser = java_idx.JavaIDXParser() - storage_writer = self._ParseFile([u'java.idx'], parser) + storage_writer = self._ParseFile(['java.idx'], parser) self.assertEqual(storage_writer.number_of_events, 2) @@ -73,19 +75,19 @@ def testParse605(self): idx_version_expected = 605 self.assertEqual(event.idx_version, idx_version_expected) - ip_address_expected = u'10.7.119.10' + ip_address_expected = '10.7.119.10' self.assertEqual(event.ip_address, ip_address_expected) url_expected = ( - u'http://xxxxc146d3.gxhjxxwsf.xx:82/forum/dare.php?' - u'hsh=6&key=b30xxxx1c597xxxx15d593d3f0xxx1ab') + 'http://xxxxc146d3.gxhjxxwsf.xx:82/forum/dare.php?' + 'hsh=6&key=b30xxxx1c597xxxx15d593d3f0xxx1ab') self.assertEqual(event.url, url_expected) - description_expected = u'File Hosted Date' + description_expected = 'File Hosted Date' self.assertEqual(event.timestamp_desc, description_expected) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2001-07-26 05:00:00') + '2001-07-26 05:00:00') self.assertEqual(event.timestamp, expected_timestamp) # Parse second event. Same metadata; different timestamp event. @@ -99,7 +101,7 @@ def testParse605(self): self.assertEqual(event.timestamp_desc, description_expected) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-01-13 16:22:01') + '2013-01-13 16:22:01') self.assertEqual(event.timestamp, expected_timestamp) diff --git a/tests/parsers/mac_appfirewall.py b/tests/parsers/mac_appfirewall.py index b9bdc5a85f..6a567c53a3 100644 --- a/tests/parsers/mac_appfirewall.py +++ b/tests/parsers/mac_appfirewall.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for Mac AppFirewall log file parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import mac_appfirewall # pylint: disable=unused-import +from plaso.formatters import mac_appfirewall as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import mac_appfirewall @@ -15,13 +17,13 @@ class MacAppFirewallUnitTest(test_lib.ParserTestCase): """Tests for Mac AppFirewall log file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'appfirewall.log']) + @shared_test_lib.skipUnlessHasTestFile(['appfirewall.log']) def testParseFile(self): """Test parsing of a Mac Wifi log file.""" parser = mac_appfirewall.MacAppFirewallParser() - knowledge_base_values = {u'year': 2013} + knowledge_base_values = {'year': 2013} storage_writer = self._ParseFile( - [u'appfirewall.log'], parser, + ['appfirewall.log'], parser, knowledge_base_values=knowledge_base_values) self.assertEqual(storage_writer.number_of_events, 47) @@ -31,48 +33,48 @@ def testParseFile(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-02 04:07:35') + '2013-11-02 04:07:35') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.agent, u'socketfilterfw[112]') - self.assertEqual(event.computer_name, u'DarkTemplar-2.local') - self.assertEqual(event.status, u'Error') - self.assertEqual(event.process_name, u'Logging') - self.assertEqual(event.action, u'creating /var/log/appfirewall.log') + self.assertEqual(event.agent, 'socketfilterfw[112]') + self.assertEqual(event.computer_name, 'DarkTemplar-2.local') + self.assertEqual(event.status, 'Error') + self.assertEqual(event.process_name, 'Logging') + self.assertEqual(event.action, 'creating /var/log/appfirewall.log') expected_message = ( - u'Computer: DarkTemplar-2.local ' - u'Agent: socketfilterfw[112] ' - u'Status: Error ' - u'Process name: Logging ' - u'Log: creating /var/log/appfirewall.log') + 'Computer: DarkTemplar-2.local ' + 'Agent: socketfilterfw[112] ' + 'Status: Error ' + 'Process name: Logging ' + 'Log: creating /var/log/appfirewall.log') expected_short_message = ( - u'Process name: Logging ' - u'Status: Error') + 'Process name: Logging ' + 'Status: Error') self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[9] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-03 13:25:15') + '2013-11-03 13:25:15') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.agent, u'socketfilterfw[87]') - self.assertEqual(event.computer_name, u'DarkTemplar-2.local') - self.assertEqual(event.status, u'Info') - self.assertEqual(event.process_name, u'Dropbox') - self.assertEqual(event.action, u'Allow TCP LISTEN (in:0 out:1)') + self.assertEqual(event.agent, 'socketfilterfw[87]') + self.assertEqual(event.computer_name, 'DarkTemplar-2.local') + self.assertEqual(event.status, 'Info') + self.assertEqual(event.process_name, 'Dropbox') + self.assertEqual(event.action, 'Allow TCP LISTEN (in:0 out:1)') expected_message = ( - u'Computer: DarkTemplar-2.local ' - u'Agent: socketfilterfw[87] ' - u'Status: Info ' - u'Process name: Dropbox ' - u'Log: Allow TCP LISTEN (in:0 out:1)') + 'Computer: DarkTemplar-2.local ' + 'Agent: socketfilterfw[87] ' + 'Status: Info ' + 'Process name: Dropbox ' + 'Log: Allow TCP LISTEN (in:0 out:1)') expected_short_message = ( - u'Process name: Dropbox ' - u'Status: Info') + 'Process name: Dropbox ' + 'Status: Info') self._TestGetMessageStrings(event, expected_message, expected_short_message) @@ -90,12 +92,12 @@ def testParseFile(self): # Year changes. event = events[45] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-31 23:59:23') + '2013-12-31 23:59:23') self.assertEqual(event.timestamp, expected_timestamp) event = events[46] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-01-01 01:13:23') + '2014-01-01 01:13:23') self.assertEqual(event.timestamp, expected_timestamp) diff --git a/tests/parsers/mac_keychain.py b/tests/parsers/mac_keychain.py index cf807c09c9..aa0f448585 100644 --- a/tests/parsers/mac_keychain.py +++ b/tests/parsers/mac_keychain.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for Keychain password database parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import mac_keychain # pylint: disable=unused-import +from plaso.formatters import mac_keychain as _ # pylint: disable=unused-import from plaso.lib import definitions from plaso.lib import timelib from plaso.parsers import mac_keychain @@ -16,11 +18,11 @@ class MacKeychainParserTest(test_lib.ParserTestCase): """Tests for keychain file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'login.keychain']) + @shared_test_lib.skipUnlessHasTestFile(['login.keychain']) def testParse(self): """Tests the Parse function.""" parser = mac_keychain.KeychainParser() - storage_writer = self._ParseFile([u'login.keychain'], parser) + storage_writer = self._ParseFile(['login.keychain'], parser) self.assertEqual(storage_writer.number_of_events, 8) @@ -29,19 +31,19 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-01-26 14:51:48') + '2014-01-26 14:51:48') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) - self.assertEqual(event.entry_name, u'Secret Application') - self.assertEqual(event.account_name, u'moxilo') + self.assertEqual(event.entry_name, 'Secret Application') + self.assertEqual(event.account_name, 'moxilo') expected_ssgp = ( - u'b8e44863af1cb0785b89681d22e2721997ccfb8adb8853e726aff94c8830b05a') + 'b8e44863af1cb0785b89681d22e2721997ccfb8adb8853e726aff94c8830b05a') self.assertEqual(event.ssgp_hash, expected_ssgp) - self.assertEqual(event.text_description, u'N/A') - expected_message = u'Name: Secret Application Account: moxilo' - expected_short_message = u'Secret Application' + self.assertEqual(event.text_description, 'N/A') + expected_message = 'Name: Secret Application Account: moxilo' + expected_short_message = 'Secret Application' self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[1] @@ -51,44 +53,44 @@ def testParse(self): definitions.TIME_DESCRIPTION_MODIFICATION) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-01-26 14:52:29') + '2014-01-26 14:52:29') self.assertEqual(event.timestamp, expected_timestamp) event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-01-26 14:53:29') + '2014-01-26 14:53:29') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.entry_name, u'Secret Note') - self.assertEqual(event.text_description, u'secure note') + self.assertEqual(event.entry_name, 'Secret Note') + self.assertEqual(event.text_description, 'secure note') self.assertEqual(len(event.ssgp_hash), 1696) - expected_message = u'Name: Secret Note' - expected_short_message = u'Secret Note' + expected_message = 'Name: Secret Note' + expected_short_message = 'Secret Note' self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[4] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-01-26 14:54:33') + '2014-01-26 14:54:33') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.entry_name, u'plaso.kiddaland.net') - self.assertEqual(event.account_name, u'MrMoreno') + self.assertEqual(event.entry_name, 'plaso.kiddaland.net') + self.assertEqual(event.account_name, 'MrMoreno') expected_ssgp = ( - u'83ccacf55a8cb656d340ec405e9d8b308fac54bb79c5c9b0219bd0d700c3c521') + '83ccacf55a8cb656d340ec405e9d8b308fac54bb79c5c9b0219bd0d700c3c521') self.assertEqual(event.ssgp_hash, expected_ssgp) - self.assertEqual(event.where, u'plaso.kiddaland.net') - self.assertEqual(event.protocol, u'http') - self.assertEqual(event.type_protocol, u'dflt') - self.assertEqual(event.text_description, u'N/A') + self.assertEqual(event.where, 'plaso.kiddaland.net') + self.assertEqual(event.protocol, 'http') + self.assertEqual(event.type_protocol, 'dflt') + self.assertEqual(event.text_description, 'N/A') expected_message = ( - u'Name: plaso.kiddaland.net ' - u'Account: MrMoreno ' - u'Where: plaso.kiddaland.net ' - u'Protocol: http (dflt)') - expected_short_message = u'plaso.kiddaland.net' + 'Name: plaso.kiddaland.net ' + 'Account: MrMoreno ' + 'Where: plaso.kiddaland.net ' + 'Protocol: http (dflt)') + expected_short_message = 'plaso.kiddaland.net' self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/mac_securityd.py b/tests/parsers/mac_securityd.py index d784dbf5d7..587f79d79a 100644 --- a/tests/parsers/mac_securityd.py +++ b/tests/parsers/mac_securityd.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """This file contains a unit test for ASL securityd log parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import mac_securityd # pylint: disable=unused-import +from plaso.formatters import mac_securityd as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import mac_securityd @@ -15,13 +17,13 @@ class MacSecurityUnitTest(test_lib.ParserTestCase): """A unit test for the ASL securityd log parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'security.log']) + @shared_test_lib.skipUnlessHasTestFile(['security.log']) def testParseFile(self): """Test parsing of a ASL securityd log file.""" parser = mac_securityd.MacSecuritydLogParser() - knowledge_base_values = {u'year': 2013} + knowledge_base_values = {'year': 2013} storage_writer = self._ParseFile( - [u'security.log'], parser, + ['security.log'], parser, knowledge_base_values=knowledge_base_values) self.assertEqual(storage_writer.number_of_events, 9) @@ -30,113 +32,113 @@ def testParseFile(self): event = events[0] expected_message = ( - u'Sender: secd (1) Level: Error Facility: user ' - u'Text: securityd_xpc_dictionary_handler EscrowSecurityAl' - u'[3273] DeviceInCircle \xdeetta \xe6tti a\xf0 ' - u'virka l\xedka, setja \xedslensku inn.') + 'Sender: secd (1) Level: Error Facility: user ' + 'Text: securityd_xpc_dictionary_handler EscrowSecurityAl' + '[3273] DeviceInCircle \xdeetta \xe6tti a\xf0 ' + 'virka l\xedka, setja \xedslensku inn.') expected_short_message = ( - u'Text: securityd_xpc_dictionary_handler ' - u'EscrowSecurityAl[3273] DeviceInCircle ...') + 'Text: securityd_xpc_dictionary_handler ' + 'EscrowSecurityAl[3273] DeviceInCircle ...') self._TestGetMessageStrings(event, expected_message, expected_short_message) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-02-26 19:11:56') + '2013-02-26 19:11:56') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.sender, u'secd') + self.assertEqual(event.sender, 'secd') self.assertEqual(event.sender_pid, 1) - self.assertEqual(event.facility, u'user') - self.assertEqual(event.security_api, u'unknown') - self.assertEqual(event.caller, u'unknown') - self.assertEqual(event.level, u'Error') + self.assertEqual(event.facility, 'user') + self.assertEqual(event.security_api, 'unknown') + self.assertEqual(event.caller, 'unknown') + self.assertEqual(event.level, 'Error') expected_message = ( - u'securityd_xpc_dictionary_handler EscrowSecurityAl' - u'[3273] DeviceInCircle \xdeetta \xe6tti a\xf0 virka ' - u'l\xedka, setja \xedslensku inn.') + 'securityd_xpc_dictionary_handler EscrowSecurityAl' + '[3273] DeviceInCircle \xdeetta \xe6tti a\xf0 virka ' + 'l\xedka, setja \xedslensku inn.') self.assertEqual(event.message, expected_message) event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-26 19:11:57') + '2013-12-26 19:11:57') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.sender, u'secd') + self.assertEqual(event.sender, 'secd') self.assertEqual(event.sender_pid, 11) - self.assertEqual(event.facility, u'serverxpc') - self.assertEqual(event.security_api, u'SOSCCThisDeviceIsInCircle') - self.assertEqual(event.caller, u'unknown') - self.assertEqual(event.level, u'Notice') + self.assertEqual(event.facility, 'serverxpc') + self.assertEqual(event.security_api, 'SOSCCThisDeviceIsInCircle') + self.assertEqual(event.caller, 'unknown') + self.assertEqual(event.level, 'Notice') event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-26 19:11:58') + '2013-12-26 19:11:58') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.sender, u'secd') + self.assertEqual(event.sender, 'secd') self.assertEqual(event.sender_pid, 111) - self.assertEqual(event.facility, u'user') - self.assertEqual(event.security_api, u'unknown') - self.assertEqual(event.caller, u'unknown') - self.assertEqual(event.level, u'Debug') + self.assertEqual(event.facility, 'user') + self.assertEqual(event.security_api, 'unknown') + self.assertEqual(event.caller, 'unknown') + self.assertEqual(event.level, 'Debug') event = events[3] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-26 19:11:59') + '2013-12-26 19:11:59') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.sender, u'secd') + self.assertEqual(event.sender, 'secd') self.assertEqual(event.sender_pid, 1111) - self.assertEqual(event.facility, u'user') - self.assertEqual(event.security_api, u'SOSCCThisDeviceIsInCircle') - self.assertEqual(event.caller, u'C0x7fff872fa482') - self.assertEqual(event.level, u'Error') + self.assertEqual(event.facility, 'user') + self.assertEqual(event.security_api, 'SOSCCThisDeviceIsInCircle') + self.assertEqual(event.caller, 'C0x7fff872fa482') + self.assertEqual(event.level, 'Error') event = events[4] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-06 19:11:01') + '2013-12-06 19:11:01') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.sender, u'secd') + self.assertEqual(event.sender, 'secd') self.assertEqual(event.sender_pid, 1) - self.assertEqual(event.facility, u'user') - self.assertEqual(event.security_api, u'unknown') - self.assertEqual(event.caller, u'unknown') - self.assertEqual(event.level, u'Error') - self.assertEqual(event.message, u'') + self.assertEqual(event.facility, 'user') + self.assertEqual(event.security_api, 'unknown') + self.assertEqual(event.caller, 'unknown') + self.assertEqual(event.level, 'Error') + self.assertEqual(event.message, '') event = events[5] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-06 19:11:02') + '2013-12-06 19:11:02') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.sender, u'secd') + self.assertEqual(event.sender, 'secd') self.assertEqual(event.sender_pid, 11111) - self.assertEqual(event.facility, u'user') - self.assertEqual(event.security_api, u'SOSCCThisDeviceIsInCircle') - self.assertEqual(event.caller, u'C0x7fff872fa482 F0x106080db0') - self.assertEqual(event.level, u'Error') - self.assertEqual(event.message, u'') + self.assertEqual(event.facility, 'user') + self.assertEqual(event.security_api, 'SOSCCThisDeviceIsInCircle') + self.assertEqual(event.caller, 'C0x7fff872fa482 F0x106080db0') + self.assertEqual(event.level, 'Error') + self.assertEqual(event.message, '') event = events[6] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-31 23:59:59') + '2013-12-31 23:59:59') self.assertEqual(event.timestamp, expected_timestamp) event = events[7] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-03-01 00:00:01') + '2014-03-01 00:00:01') self.assertEqual(event.timestamp, expected_timestamp) # Repeated line. event = events[8] - expected_message = u'Repeated 3 times: Happy new year!' + expected_message = 'Repeated 3 times: Happy new year!' self.assertEqual(event.message, expected_message) diff --git a/tests/parsers/mac_wifi.py b/tests/parsers/mac_wifi.py index f5a1e1994f..b6f3a39b8c 100644 --- a/tests/parsers/mac_wifi.py +++ b/tests/parsers/mac_wifi.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the Mac wifi.log parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import mac_wifi # pylint: disable=unused-import +from plaso.formatters import mac_wifi as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import mac_wifi @@ -15,13 +17,13 @@ class MacWifiUnitTest(test_lib.ParserTestCase): """Tests for the Mac wifi.log parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'wifi_turned_over.log']) + @shared_test_lib.skipUnlessHasTestFile(['wifi_turned_over.log']) def testParseTurnedOver(self): """Tests the Parse function.""" parser = mac_wifi.MacWifiLogParser() - knowledge_base_values = {u'year': 2017} + knowledge_base_values = {'year': 2017} storage_writer = self._ParseFile( - [u'wifi_turned_over.log'], parser, + ['wifi_turned_over.log'], parser, knowledge_base_values=knowledge_base_values) self.assertEqual(storage_writer.number_of_events, 6) @@ -31,53 +33,53 @@ def testParseTurnedOver(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2017-01-02 00:10:15') + '2017-01-02 00:10:15') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.text, - u'test-macbookpro newsyslog[50498]: logfile turned over') + 'test-macbookpro newsyslog[50498]: logfile turned over') event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2017-01-02 00:11:02.378') + '2017-01-02 00:11:02.378') self.assertEqual(event.timestamp, expected_timestamp) expected_text = ( - u' wl0: powerChange: *** ' - u'BONJOUR/MDNS OFFLOADS ARE NOT RUNNING.') + ' wl0: powerChange: *** ' + 'BONJOUR/MDNS OFFLOADS ARE NOT RUNNING.') self.assertEqual(event.text, expected_text) event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2017-01-02 07:41:01.371') + '2017-01-02 07:41:01.371') self.assertEqual(event.timestamp, expected_timestamp) expected_string = ( - u' wl0: leaveModulePoweredForOffloads: Wi-Fi will stay on.') + ' wl0: leaveModulePoweredForOffloads: Wi-Fi will stay on.') self.assertEqual(event.text, expected_string) event = events[5] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2017-01-02 07:41:02.207') + '2017-01-02 07:41:02.207') self.assertEqual(event.timestamp, expected_timestamp) expected_text = ( - u' Setting BTCoex Config: enable_2G:1, profile_2g:0, ' - u'enable_5G:1, profile_5G:0') + ' Setting BTCoex Config: enable_2G:1, profile_2g:0, ' + 'enable_5G:1, profile_5G:0') self.assertEqual(event.text, expected_text) - @shared_test_lib.skipUnlessHasTestFile([u'wifi.log']) + @shared_test_lib.skipUnlessHasTestFile(['wifi.log']) def testParse(self): """Tests the Parse function.""" parser = mac_wifi.MacWifiLogParser() - knowledge_base_values = {u'year': 2013} + knowledge_base_values = {'year': 2013} storage_writer = self._ParseFile( - [u'wifi.log'], parser, + ['wifi.log'], parser, knowledge_base_values=knowledge_base_values) self.assertEqual(storage_writer.number_of_events, 10) @@ -87,84 +89,84 @@ def testParse(self): event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-14 20:36:37.222') + '2013-11-14 20:36:37.222') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.agent, u'airportd[88]') - self.assertEqual(event.function, u'airportdProcessDLILEvent') - self.assertEqual(event.action, u'Interface en0 turn up.') - self.assertEqual(event.text, u'en0 attached (up)') + self.assertEqual(event.agent, 'airportd[88]') + self.assertEqual(event.function, 'airportdProcessDLILEvent') + self.assertEqual(event.action, 'Interface en0 turn up.') + self.assertEqual(event.text, 'en0 attached (up)') expected_message = ( - u'Action: Interface en0 turn up. ' - u'Agent: airportd[88] ' - u'(airportdProcessDLILEvent) ' - u'Log: en0 attached (up)') + 'Action: Interface en0 turn up. ' + 'Agent: airportd[88] ' + '(airportdProcessDLILEvent) ' + 'Log: en0 attached (up)') expected_short_message = ( - u'Action: Interface en0 turn up.') + 'Action: Interface en0 turn up.') self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-14 20:36:43.818') + '2013-11-14 20:36:43.818') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.agent, u'airportd[88]') - self.assertEqual(event.function, u'_doAutoJoin') - self.assertEqual(event.action, u'Wifi connected to SSID CampusNet') + self.assertEqual(event.agent, 'airportd[88]') + self.assertEqual(event.function, '_doAutoJoin') + self.assertEqual(event.action, 'Wifi connected to SSID CampusNet') expected_text = ( - u'Already associated to \u201cCampusNet\u201d. Bailing on auto-join.') + 'Already associated to \u201cCampusNet\u201d. Bailing on auto-join.') self.assertEqual(event.text, expected_text) event = events[3] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-14 21:50:52.395') + '2013-11-14 21:50:52.395') self.assertEqual(event.timestamp, expected_timestamp) expected_string = ( - u' _handleLinkEvent: Unable to process link event, ' - u'op mode request returned -3903 (Operation not supported)') + ' _handleLinkEvent: Unable to process link event, ' + 'op mode request returned -3903 (Operation not supported)') self.assertEqual(event.text, expected_string) event = events[6] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-14 21:52:09.883') + '2013-11-14 21:52:09.883') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(u'airportd[88]', event.agent) - self.assertEqual(u'_processSystemPSKAssoc', event.function) + self.assertEqual('airportd[88]', event.agent) + self.assertEqual('_processSystemPSKAssoc', event.function) expected_action = ( - u'New wifi configured. BSSID: 88:30:8a:7a:61:88, SSID: AndroidAP, ' - u'Security: WPA2 Personal.') + 'New wifi configured. BSSID: 88:30:8a:7a:61:88, SSID: AndroidAP, ' + 'Security: WPA2 Personal.') self.assertEqual(event.action, expected_action) expected_text = ( - u'No password for network ' - u'[ssid=AndroidAP, bssid=88:30:8a:7a:61:88, security=WPA2 ' - u'Personal, rssi=-21, channel= ' - u'[channelNumber=11(2GHz), channelWidth={20MHz}], ibss=0] ' - u'in the system keychain') + 'No password for network ' + '[ssid=AndroidAP, bssid=88:30:8a:7a:61:88, security=WPA2 ' + 'Personal, rssi=-21, channel= ' + '[channelNumber=11(2GHz), channelWidth={20MHz}], ibss=0] ' + 'in the system keychain') self.assertEqual(event.text, expected_text) event = events[8] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-31 23:59:38.165') + '2013-12-31 23:59:38.165') self.assertEqual(event.timestamp, expected_timestamp) event = events[9] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-01-01 01:12:17.311') + '2014-01-01 01:12:17.311') self.assertEqual(event.timestamp, expected_timestamp) if __name__ == '__main__': diff --git a/tests/parsers/mactime.py b/tests/parsers/mactime.py index 03e3e91649..eb6be8b4f0 100644 --- a/tests/parsers/mactime.py +++ b/tests/parsers/mactime.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests the for mactime parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import mactime # pylint: disable=unused-import +from plaso.formatters import mactime as _ # pylint: disable=unused-import from plaso.lib import definitions from plaso.lib import timelib from plaso.parsers import mactime @@ -16,11 +18,11 @@ class MactimeTest(test_lib.ParserTestCase): """Tests the for mactime parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'mactime.body']) + @shared_test_lib.skipUnlessHasTestFile(['mactime.body']) def testParse(self): """Tests the Parse function.""" parser = mactime.MactimeParser() - storage_writer = self._ParseFile([u'mactime.body'], parser) + storage_writer = self._ParseFile(['mactime.body'], parser) # The file contains 13 lines x 4 timestamps per line, which should be # 52 events in total. However several of these events have an empty @@ -39,7 +41,7 @@ def testParse(self): event = events[21] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2012-05-25 15:59:43') + '2012-05-25 15:59:43') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_ACCESS) @@ -48,7 +50,7 @@ def testParse(self): event = events[22] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2012-05-25 15:59:44') + '2012-05-25 15:59:44') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_MODIFICATION) @@ -56,13 +58,13 @@ def testParse(self): event = events[23] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2012-05-25 15:59:45') + '2012-05-25 15:59:45') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_CHANGE) - expected_filename = u'/a_directory/another_file' + expected_filename = '/a_directory/another_file' self.assertEqual(event.filename, expected_filename) - self.assertEqual(event.mode_as_string, u'r/rrw-------') + self.assertEqual(event.mode_as_string, 'r/rrw-------') self._TestGetMessageStrings(event, expected_filename, expected_filename) diff --git a/tests/parsers/mcafeeav.py b/tests/parsers/mcafeeav.py index 2f91f4064d..702bc0cc4f 100644 --- a/tests/parsers/mcafeeav.py +++ b/tests/parsers/mcafeeav.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the McAfee AV Log parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import mcafeeav # pylint: disable=unused-import +from plaso.formatters import mcafeeav as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import mcafeeav @@ -15,12 +17,12 @@ class McafeeAccessProtectionUnitTest(test_lib.ParserTestCase): """Tests for the McAfee AV Log parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'AccessProtectionLog.txt']) + @shared_test_lib.skipUnlessHasTestFile(['AccessProtectionLog.txt']) def testParse(self): """Tests the Parse function.""" parser = mcafeeav.McafeeAccessProtectionParser() storage_writer = self._ParseFile( - [u'AccessProtectionLog.txt'], parser) + ['AccessProtectionLog.txt'], parser) # The file contains 14 lines which results in 14 events. self.assertEqual(storage_writer.number_of_events, 14) @@ -30,7 +32,7 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-09-27 14:42:26') + '2013-09-27 14:42:26') self.assertEqual(event.timestamp, expected_timestamp) # TODO: Test that the UTF-8 byte order mark gets removed from @@ -46,24 +48,24 @@ def testParse(self): event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-09-27 14:42:39') + '2013-09-27 14:42:39') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.username, u'SOMEDOMAIN\\someUser') + self.assertEqual(event.username, 'SOMEDOMAIN\\someUser') self.assertEqual( - event.filename, u'C:\\Windows\\System32\\procexp64.exe') + event.filename, 'C:\\Windows\\System32\\procexp64.exe') expected_message = ( - u'File Name: C:\\Windows\\System32\\procexp64.exe ' - u'User: SOMEDOMAIN\\someUser ' - u'C:\\Program Files (x86)\\McAfee\\Common Framework\\Frame' - u'workService.exe ' - u'Blocked by Access Protection rule ' - u'Common Standard Protection:Prevent termination of McAfee processes ' - u'Action blocked : Terminate') + 'File Name: C:\\Windows\\System32\\procexp64.exe ' + 'User: SOMEDOMAIN\\someUser ' + 'C:\\Program Files (x86)\\McAfee\\Common Framework\\Frame' + 'workService.exe ' + 'Blocked by Access Protection rule ' + 'Common Standard Protection:Prevent termination of McAfee processes ' + 'Action blocked : Terminate') expected_short_message = ( - u'C:\\Windows\\System32\\procexp64.exe ' - u'Action blocked : Terminate') + 'C:\\Windows\\System32\\procexp64.exe ' + 'Action blocked : Terminate') self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/mediator.py b/tests/parsers/mediator.py index 5633c43a01..cd78509624 100644 --- a/tests/parsers/mediator.py +++ b/tests/parsers/mediator.py @@ -2,6 +2,8 @@ # -*- coding: utf-8 -*- """Tests for the parsers mediator.""" +from __future__ import unicode_literals + import unittest from dfvfs.lib import definitions as dfvfs_definitions @@ -51,8 +53,8 @@ def testGetLatestYearFromFileEntry(self): # TODO: add tests for ClearEventAttributes. # TODO: add tests for ClearParserChain. - @shared_test_lib.skipUnlessHasTestFile([u'syslog.gz']) - @shared_test_lib.skipUnlessHasTestFile([u'vsstest.qcow2']) + @shared_test_lib.skipUnlessHasTestFile(['syslog.gz']) + @shared_test_lib.skipUnlessHasTestFile(['vsstest.qcow2']) def testGetDisplayName(self): """Tests the GetDisplayName function.""" session = sessions.Session() @@ -62,14 +64,14 @@ def testGetDisplayName(self): with self.assertRaises(ValueError): parsers_mediator.GetDisplayName(file_entry=None) - test_path = self._GetTestFilePath([u'syslog.gz']) + test_path = self._GetTestFilePath(['syslog.gz']) os_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path) file_entry = path_spec_resolver.Resolver.OpenFileEntry(os_path_spec) display_name = parsers_mediator.GetDisplayName(file_entry=file_entry) - expected_display_name = u'OS:{0:s}'.format(test_path) + expected_display_name = 'OS:{0:s}'.format(test_path) self.assertEqual(display_name, expected_display_name) gzip_path_spec = path_spec_factory.Factory.NewPathSpec( @@ -78,34 +80,34 @@ def testGetDisplayName(self): display_name = parsers_mediator.GetDisplayName(file_entry=file_entry) - expected_display_name = u'GZIP:{0:s}'.format(test_path) + expected_display_name = 'GZIP:{0:s}'.format(test_path) self.assertEqual(display_name, expected_display_name) - test_path = self._GetTestFilePath([u'vsstest.qcow2']) + test_path = self._GetTestFilePath(['vsstest.qcow2']) os_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path) qcow_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_QCOW, parent=os_path_spec) vshadow_path_spec = path_spec_factory.Factory.NewPathSpec( - dfvfs_definitions.TYPE_INDICATOR_VSHADOW, location=u'/vss2', + dfvfs_definitions.TYPE_INDICATOR_VSHADOW, location='/vss2', store_index=1, parent=qcow_path_spec) tsk_path_spec = path_spec_factory.Factory.NewPathSpec( - dfvfs_definitions.TYPE_INDICATOR_TSK, inode=35, location=u'/syslog.gz', + dfvfs_definitions.TYPE_INDICATOR_TSK, inode=35, location='/syslog.gz', parent=vshadow_path_spec) file_entry = path_spec_resolver.Resolver.OpenFileEntry(tsk_path_spec) display_name = parsers_mediator.GetDisplayName(file_entry=file_entry) - expected_display_name = u'VSS2:TSK:/syslog.gz' + expected_display_name = 'VSS2:TSK:/syslog.gz' self.assertEqual(display_name, expected_display_name) configuration = configurations.EventExtractionConfiguration() - configuration.text_prepend = u'C:' + configuration.text_prepend = 'C:' parsers_mediator.SetEventExtractionConfiguration(configuration) display_name = parsers_mediator.GetDisplayName(file_entry=file_entry) - expected_display_name = u'VSS2:TSK:C:/syslog.gz' + expected_display_name = 'VSS2:TSK:C:/syslog.gz' self.assertEqual(display_name, expected_display_name) # TODO: add test with relative path. @@ -116,11 +118,11 @@ def testGetDisplayNameForPathSpec(self): storage_writer = fake_storage.FakeStorageWriter(session) parsers_mediator = self._CreateParserMediator(storage_writer) - test_path = self._GetTestFilePath([u'syslog.gz']) + test_path = self._GetTestFilePath(['syslog.gz']) os_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path) - expected_display_name = u'OS:{0:s}'.format(test_path) + expected_display_name = 'OS:{0:s}'.format(test_path) display_name = parsers_mediator.GetDisplayNameForPathSpec(os_path_spec) self.assertEqual(display_name, expected_display_name) diff --git a/tests/parsers/msiecf.py b/tests/parsers/msiecf.py index 048b1a32c3..e69cb9e1a8 100644 --- a/tests/parsers/msiecf.py +++ b/tests/parsers/msiecf.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the Microsoft Internet Explorer (MSIE) Cache Files (CF) parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import msiecf # pylint: disable=unused-import +from plaso.formatters import msiecf as _ # pylint: disable=unused-import from plaso.lib import definitions from plaso.lib import timelib from plaso.parsers import msiecf @@ -16,11 +18,11 @@ class MSIECFParserTest(test_lib.ParserTestCase): """Tests for the MSIE Cache Files (MSIECF) parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'index.dat']) + @shared_test_lib.skipUnlessHasTestFile(['index.dat']) def testParse(self): """Tests the Parse function.""" parser = msiecf.MSIECFParser() - storage_writer = self._ParseFile([u'index.dat'], parser) + storage_writer = self._ParseFile(['index.dat'], parser) # MSIE Cache File information: # Version : 5.2 @@ -45,16 +47,16 @@ def testParse(self): event = events[8] expected_url = ( - u'Visited: testing@http://www.trafficfusionx.com/download/tfscrn2' - u'/funnycats.exe') + 'Visited: testing@http://www.trafficfusionx.com/download/tfscrn2' + '/funnycats.exe') - self.assertEqual(event.data_type, u'msiecf:url') + self.assertEqual(event.data_type, 'msiecf:url') self.assertEqual(event.offset, 21376) self.assertEqual(event.url, expected_url) self.assertEqual(event.cache_directory_index, -2) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2011-06-23 18:02:10.066') + '2011-06-23 18:02:10.066') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_VISITED) @@ -62,7 +64,7 @@ def testParse(self): event = events[9] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2011-06-23 18:02:10.066') + '2011-06-23 18:02:10.066') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_VISITED) @@ -70,7 +72,7 @@ def testParse(self): event = events[10] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2011-06-29 17:55:02') + '2011-06-29 17:55:02') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_EXPIRATION) @@ -78,27 +80,27 @@ def testParse(self): event = events[11] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2011-06-23 18:02:12') + '2011-06-23 18:02:12') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_CHECKED) expected_message = ( - u'Location: Visited: testing@http://www.trafficfusionx.com/download' - u'/tfscrn2/funnycats.exe ' - u'Number of hits: 6 ' - u'Cached file size: 0') + 'Location: Visited: testing@http://www.trafficfusionx.com/download' + '/tfscrn2/funnycats.exe ' + 'Number of hits: 6 ' + 'Cached file size: 0') expected_short_message = ( - u'Location: Visited: testing@http://www.trafficfusionx.com/download' - u'/tfscrn2/fun...') + 'Location: Visited: testing@http://www.trafficfusionx.com/download' + '/tfscrn2/fun...') self._TestGetMessageStrings(event, expected_message, expected_short_message) - @shared_test_lib.skipUnlessHasTestFile([u'nfury_index.dat']) + @shared_test_lib.skipUnlessHasTestFile(['nfury_index.dat']) def testParseLeakAndRedirect(self): """Tests the Parse function with leak and redirected records.""" parser = msiecf.MSIECFParser() - storage_writer = self._ParseFile([u'nfury_index.dat'], parser) + storage_writer = self._ParseFile(['nfury_index.dat'], parser) # MSIE Cache File information: # Version : 5.2 @@ -113,67 +115,67 @@ def testParseLeakAndRedirect(self): event = events[3] # Test cached file path. - self.assertEqual(event.data_type, u'msiecf:url') + self.assertEqual(event.data_type, 'msiecf:url') expected_message = ( - u'Location: http://col.stc.s-msn.com/br/gbl/lg/csl/favicon.ico ' - u'Number of hits: 1 ' - u'Cached file: R6QWCVX4\\favicon[1].ico ' - u'Cached file size: 4286 ' - u'HTTP headers: HTTP/1.1 200 OK - ' - u'Content-Type: image/x-icon - ' - u'ETag: "0922651f38cb1:0", - ' - u'X-Powered-By: ASP.NET - P3P: ' - u'CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - ' - u'Content-Length: 4286 - ' - u' - ~U:nfury - ') + 'Location: http://col.stc.s-msn.com/br/gbl/lg/csl/favicon.ico ' + 'Number of hits: 1 ' + 'Cached file: R6QWCVX4\\favicon[1].ico ' + 'Cached file size: 4286 ' + 'HTTP headers: HTTP/1.1 200 OK - ' + 'Content-Type: image/x-icon - ' + 'ETag: "0922651f38cb1:0", - ' + 'X-Powered-By: ASP.NET - P3P: ' + 'CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" - ' + 'Content-Length: 4286 - ' + ' - ~U:nfury - ') expected_short_message = ( - u'Location: http://col.stc.s-msn.com/br/gbl/lg/csl/favicon.ico ' - u'Cached file: R6Q...') + 'Location: http://col.stc.s-msn.com/br/gbl/lg/csl/favicon.ico ' + 'Cached file: R6Q...') self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[21] expected_url = ( - u'http://ad.doubleclick.net/ad/N2724.Meebo/B5343067.13;sz=1x1;' - u'pc=[TPAS_ID];ord=2642102') + 'http://ad.doubleclick.net/ad/N2724.Meebo/B5343067.13;sz=1x1;' + 'pc=[TPAS_ID];ord=2642102') event = events[16] - self.assertEqual(event.data_type, u'msiecf:leak') + self.assertEqual(event.data_type, 'msiecf:leak') self.assertEqual(event.timestamp, 0) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_NOT_A_TIME) self.assertEqual(event.cache_directory_index, 1) - self.assertEqual(event.cache_directory_name, u'VUQHQA73') + self.assertEqual(event.cache_directory_name, 'VUQHQA73') self.assertEqual(event.cached_file_size, 1966) - self.assertEqual(event.cached_filename, u'ADSAdClient31[1].htm') + self.assertEqual(event.cached_filename, 'ADSAdClient31[1].htm') self.assertEqual(event.recovered, False) expected_message = ( - u'Cached file: VUQHQA73\\ADSAdClient31[1].htm ' - u'Cached file size: 1966') + 'Cached file: VUQHQA73\\ADSAdClient31[1].htm ' + 'Cached file size: 1966') expected_short_message = ( - u'Cached file: VUQHQA73\\ADSAdClient31[1].htm') + 'Cached file: VUQHQA73\\ADSAdClient31[1].htm') self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[21] expected_url = ( - u'http://ad.doubleclick.net/ad/N2724.Meebo/B5343067.13;sz=1x1;' - u'pc=[TPAS_ID];ord=2642102') + 'http://ad.doubleclick.net/ad/N2724.Meebo/B5343067.13;sz=1x1;' + 'pc=[TPAS_ID];ord=2642102') - self.assertEqual(event.data_type, u'msiecf:redirected') + self.assertEqual(event.data_type, 'msiecf:redirected') self.assertEqual(event.timestamp, 0) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_NOT_A_TIME) self.assertEqual(event.url, expected_url) self.assertEqual(event.recovered, False) - expected_message = u'Location: {0:s}'.format(expected_url) + expected_message = 'Location: {0:s}'.format(expected_url) expected_short_message = ( - u'Location: http://ad.doubleclick.net/ad/N2724.Meebo/B5343067.13;' - u'sz=1x1;pc=[TPA...') + 'Location: http://ad.doubleclick.net/ad/N2724.Meebo/B5343067.13;' + 'sz=1x1;pc=[TPA...') self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/ntfs.py b/tests/parsers/ntfs.py index 0ae09e4373..a68461d036 100644 --- a/tests/parsers/ntfs.py +++ b/tests/parsers/ntfs.py @@ -2,6 +2,8 @@ # -*- coding: utf-8 -*- """Tests for the NTFS metadata file parser.""" +from __future__ import unicode_literals + import unittest from dfvfs.lib import definitions as dfvfs_definitions @@ -19,12 +21,12 @@ class NTFSMFTParserTest(test_lib.ParserTestCase): """Tests for NTFS $MFT metadata file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'MFT']) + @shared_test_lib.skipUnlessHasTestFile(['MFT']) def testParseFile(self): """Tests the Parse function on a stand-alone $MFT file.""" parser = ntfs.NTFSMFTParser() - test_path = self._GetTestFilePath([u'MFT']) + test_path = self._GetTestFilePath(['MFT']) os_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path) @@ -38,35 +40,35 @@ def testParseFile(self): event = events[3684] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2007-06-30 12:58:40.500004') + '2007-06-30 12:58:40.500004') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'9fe44b69-2709-11dc-a06b-db3099beae3c ' - u'MAC address: db:30:99:be:ae:3c ' - u'Origin: $MFT: 462-1') + '9fe44b69-2709-11dc-a06b-db3099beae3c ' + 'MAC address: db:30:99:be:ae:3c ' + 'Origin: $MFT: 462-1') expected_short_message = ( - u'9fe44b69-2709-11dc-a06b-db3099beae3c ' - u'Origin: $MFT: 462-1') + '9fe44b69-2709-11dc-a06b-db3099beae3c ' + 'Origin: $MFT: 462-1') self._TestGetMessageStrings(event, expected_message, expected_short_message) - @shared_test_lib.skipUnlessHasTestFile([u'vsstest.qcow2']) - @shared_test_lib.skipUnlessHasTestFile([u'multi_partition_image.vmdk']) + @shared_test_lib.skipUnlessHasTestFile(['vsstest.qcow2']) + @shared_test_lib.skipUnlessHasTestFile(['multi_partition_image.vmdk']) def testParseImage(self): """Tests the Parse function on a storage media image.""" parser = ntfs.NTFSMFTParser() - test_path = self._GetTestFilePath([u'vsstest.qcow2']) + test_path = self._GetTestFilePath(['vsstest.qcow2']) os_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path) qcow_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_QCOW, parent=os_path_spec) tsk_path_spec = path_spec_factory.Factory.NewPathSpec( - dfvfs_definitions.TYPE_INDICATOR_TSK, inode=0, location=u'/$MFT', + dfvfs_definitions.TYPE_INDICATOR_TSK, inode=0, location='/$MFT', parent=qcow_path_spec) storage_writer = self._ParseFileByPathSpec(tsk_path_spec, parser) @@ -83,7 +85,7 @@ def testParseImage(self): self.assertTrue(event.is_allocated) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-03 06:30:41.807907') + '2013-12-03 06:30:41.807907') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) self.assertEqual(event.timestamp, expected_timestamp) @@ -96,7 +98,7 @@ def testParseImage(self): self.assertTrue(event.is_allocated) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-03 06:30:41.807907') + '2013-12-03 06:30:41.807907') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_MODIFICATION) self.assertEqual(event.timestamp, expected_timestamp) @@ -109,7 +111,7 @@ def testParseImage(self): self.assertTrue(event.is_allocated) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-03 06:30:41.807907') + '2013-12-03 06:30:41.807907') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_ACCESS) self.assertEqual(event.timestamp, expected_timestamp) @@ -122,19 +124,19 @@ def testParseImage(self): self.assertTrue(event.is_allocated) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-03 06:30:41.807907') + '2013-12-03 06:30:41.807907') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_ENTRY_MODIFICATION) self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'TSK:/$MFT ' - u'File reference: 0-1 ' - u'Attribute name: $STANDARD_INFORMATION') + 'TSK:/$MFT ' + 'File reference: 0-1 ' + 'Attribute name: $STANDARD_INFORMATION') expected_short_message = ( - u'/$MFT 0-1 $STANDARD_INFORMATION') + '/$MFT 0-1 $STANDARD_INFORMATION') self._TestGetMessageStrings(event, expected_message, expected_short_message) @@ -146,32 +148,32 @@ def testParseImage(self): self.assertTrue(event.is_allocated) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-03 06:30:41.807907') + '2013-12-03 06:30:41.807907') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'TSK:/$MFT ' - u'File reference: 0-1 ' - u'Attribute name: $FILE_NAME ' - u'Name: $MFT ' - u'Parent file reference: 5-5') + 'TSK:/$MFT ' + 'File reference: 0-1 ' + 'Attribute name: $FILE_NAME ' + 'Name: $MFT ' + 'Parent file reference: 5-5') expected_short_message = ( - u'/$MFT 0-1 $FILE_NAME') + '/$MFT 0-1 $FILE_NAME') self._TestGetMessageStrings(event, expected_message, expected_short_message) # Note that the source file is a RAW (VMDK flat) image. - test_path = self._GetTestFilePath([u'multi_partition_image.vmdk']) + test_path = self._GetTestFilePath(['multi_partition_image.vmdk']) os_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path) p2_path_spec = path_spec_factory.Factory.NewPathSpec( - dfvfs_definitions.TYPE_INDICATOR_TSK_PARTITION, location=u'/p2', + dfvfs_definitions.TYPE_INDICATOR_TSK_PARTITION, location='/p2', part_index=3, start_offset=0x00510000, parent=os_path_spec) tsk_path_spec = path_spec_factory.Factory.NewPathSpec( - dfvfs_definitions.TYPE_INDICATOR_TSK, inode=0, location=u'/$MFT', + dfvfs_definitions.TYPE_INDICATOR_TSK, inode=0, location='/$MFT', parent=p2_path_spec) storage_writer = self._ParseFileByPathSpec(tsk_path_spec, parser) @@ -182,18 +184,18 @@ def testParseImage(self): class NTFSUsnJrnlParser(test_lib.ParserTestCase): """Tests for NTFS $UsnJrnl metadata file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'usnjrnl.qcow2']) + @shared_test_lib.skipUnlessHasTestFile(['usnjrnl.qcow2']) def testParseImage(self): """Tests the Parse function on a storage media image.""" parser = ntfs.NTFSUsnJrnlParser() - test_path = self._GetTestFilePath([u'usnjrnl.qcow2']) + test_path = self._GetTestFilePath(['usnjrnl.qcow2']) os_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_OS, location=test_path) qcow_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_QCOW, parent=os_path_spec) volume_path_spec = path_spec_factory.Factory.NewPathSpec( - dfvfs_definitions.TYPE_INDICATOR_TSK_PARTITION, location=u'/p1', + dfvfs_definitions.TYPE_INDICATOR_TSK_PARTITION, location='/p1', part_index=2, start_offset=0x00007e00, parent=qcow_path_spec) # To be able to ignore the sparse data ranges the UsnJrnl parser @@ -207,20 +209,20 @@ def testParseImage(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2015-11-30 21:15:27.203125') + '2015-11-30 21:15:27.203125') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_ENTRY_MODIFICATION) self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'Nieuw - Tekstdocument.txt ' - u'File reference: 30-1 ' - u'Parent file reference: 5-5 ' - u'Update reason: USN_REASON_FILE_CREATE') + 'Nieuw - Tekstdocument.txt ' + 'File reference: 30-1 ' + 'Parent file reference: 5-5 ' + 'Update reason: USN_REASON_FILE_CREATE') expected_short_message = ( - u'Nieuw - Tekstdocument.txt 30-1 USN_REASON_FILE_CREATE') + 'Nieuw - Tekstdocument.txt 30-1 USN_REASON_FILE_CREATE') self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/olecf.py b/tests/parsers/olecf.py index cb8ffed087..d83977451d 100644 --- a/tests/parsers/olecf.py +++ b/tests/parsers/olecf.py @@ -2,6 +2,8 @@ # -*- coding: utf-8 -*- """Tests for the OLE Compound Files (OLECF) parser.""" +from __future__ import unicode_literals + import unittest from plaso.lib import definitions @@ -16,11 +18,11 @@ class OLECFParserTest(test_lib.ParserTestCase): """Tests for the OLE Compound Files (OLECF) parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'Document.doc']) + @shared_test_lib.skipUnlessHasTestFile(['Document.doc']) def testParse(self): """Tests the Parse function.""" parser = olecf.OLECFParser() - storage_writer = self._ParseFile([u'Document.doc'], parser) + storage_writer = self._ParseFile(['Document.doc'], parser) # OLE Compound File information: # Version : 3.62 @@ -35,13 +37,13 @@ def testParse(self): event = events[8] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-05-16 02:29:49.785') + '2013-05-16 02:29:49.785') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_MODIFICATION) - self.assertEqual(event.data_type, u'olecf:item') + self.assertEqual(event.data_type, 'olecf:item') self.assertEqual(event.offset, 0) storage_writer = self._CreateStorageWriter() @@ -58,7 +60,7 @@ def testParse(self): self.assertIsNotNone(error) self.assertTrue(error.message.startswith( - u'unable to open file with error: pyolecf_file_open_file_object: ')) + 'unable to open file with error: pyolecf_file_open_file_object: ')) if __name__ == '__main__': diff --git a/tests/parsers/opera.py b/tests/parsers/opera.py index ab14294f2b..7d64d87639 100644 --- a/tests/parsers/opera.py +++ b/tests/parsers/opera.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the Opera browser history parsers.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import opera # pylint: disable=unused-import +from plaso.formatters import opera as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import opera @@ -15,11 +17,11 @@ class OperaTypedParserTest(test_lib.ParserTestCase): """Tests for the Opera Typed History parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'typed_history.xml']) + @shared_test_lib.skipUnlessHasTestFile(['typed_history.xml']) def testParse(self): """Tests the Parse function.""" parser = opera.OperaTypedHistoryParser() - storage_writer = self._ParseFile([u'typed_history.xml'], parser) + storage_writer = self._ParseFile(['typed_history.xml'], parser) self.assertEqual(storage_writer.number_of_events, 4) @@ -28,22 +30,22 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-11 23:45:27') + '2013-11-11 23:45:27') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.entry_selection, u'Filled from autocomplete.') + self.assertEqual(event.entry_selection, 'Filled from autocomplete.') - expected_string = u'plaso.kiddaland.net (Filled from autocomplete.)' + expected_string = 'plaso.kiddaland.net (Filled from autocomplete.)' self._TestGetMessageStrings(event, expected_string, expected_string) event = events[3] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-11 22:46:07') + '2013-11-11 22:46:07') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.entry_selection, u'Manually typed.') + self.assertEqual(event.entry_selection, 'Manually typed.') - expected_string = u'theonion.com (Manually typed.)' + expected_string = 'theonion.com (Manually typed.)' self._TestGetMessageStrings(event, expected_string, expected_string) @@ -51,11 +53,11 @@ def testParse(self): class OperaGlobalParserTest(test_lib.ParserTestCase): """Tests for the Opera Global History parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'global_history.dat']) + @shared_test_lib.skipUnlessHasTestFile(['global_history.dat']) def testParseFile(self): """Read a history file and run a few tests.""" parser = opera.OperaGlobalHistoryParser() - storage_writer = self._ParseFile([u'global_history.dat'], parser) + storage_writer = self._ParseFile(['global_history.dat'], parser) self.assertEqual(storage_writer.number_of_events, 37) @@ -64,34 +66,34 @@ def testParseFile(self): event = events[4] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-11 22:45:46') + '2013-11-11 22:45:46') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'http://www.mbl.is/frettir/erlent/2013/11/11/' - u'karl_bretaprins_faer_ellilifeyri/ (Karl Bretaprins fær ellilífeyri' - u' - mbl.is) [First and Only Visit]') + 'http://www.mbl.is/frettir/erlent/2013/11/11/' + 'karl_bretaprins_faer_ellilifeyri/ (Karl Bretaprins fær ellilífeyri' + ' - mbl.is) [First and Only Visit]') expected_short_message = ( - u'http://www.mbl.is/frettir/erlent/2013/11/11/' - u'karl_bretaprins_faer_ellilifeyri/...') + 'http://www.mbl.is/frettir/erlent/2013/11/11/' + 'karl_bretaprins_faer_ellilifeyri/...') self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[10] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-11 22:45:55') + '2013-11-11 22:45:55') self.assertEqual(event.timestamp, expected_timestamp) event = events[16] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-11 22:46:16') + '2013-11-11 22:46:16') self.assertEqual(event.timestamp, expected_timestamp) expected_title = ( - u'10 Celebrities You Never Knew Were Abducted And Murdered ' - u'By Andie MacDowell | The Onion - America\'s Finest News Source') + '10 Celebrities You Never Knew Were Abducted And Murdered ' + 'By Andie MacDowell | The Onion - America\'s Finest News Source') self.assertEqual(event.title, expected_title) diff --git a/tests/parsers/oxml.py b/tests/parsers/oxml.py index 83a9b295e1..31da8faa64 100644 --- a/tests/parsers/oxml.py +++ b/tests/parsers/oxml.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the OXML parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import oxml # pylint: disable=unused-import +from plaso.formatters import oxml as _ # pylint: disable=unused-import from plaso.lib import definitions from plaso.lib import timelib from plaso.parsers import oxml @@ -16,11 +18,11 @@ class OXMLTest(test_lib.ParserTestCase): """Tests for the OXML parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'Document.docx']) + @shared_test_lib.skipUnlessHasTestFile(['Document.docx']) def testParse(self): """Tests the Parse function.""" parser = oxml.OpenXMLParser() - storage_writer = self._ParseFile([u'Document.docx'], parser) + storage_writer = self._ParseFile(['Document.docx'], parser) self.assertEqual(storage_writer.number_of_events, 2) @@ -29,50 +31,50 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2012-11-07 23:29:00') + '2012-11-07 23:29:00') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) event = events[1] - self.assertEqual(event.number_of_characters, u'13') - self.assertEqual(event.total_time, u'1385') - self.assertEqual(event.number_of_characters_with_spaces, u'14') - self.assertEqual(event.i4, u'1') - self.assertEqual(event.app_version, u'14.0000') - self.assertEqual(event.number_of_lines, u'1') - self.assertEqual(event.scale_crop, u'false') - self.assertEqual(event.number_of_pages, u'1') - self.assertEqual(event.number_of_words, u'2') - self.assertEqual(event.links_up_to_date, u'false') - self.assertEqual(event.number_of_paragraphs, u'1') - self.assertEqual(event.doc_security, u'0') - self.assertEqual(event.hyperlinks_changed, u'false') - self.assertEqual(event.revision_number, u'3') - self.assertEqual(event.last_saved_by, u'Nides') - self.assertEqual(event.author, u'Nides') + self.assertEqual(event.number_of_characters, '13') + self.assertEqual(event.total_time, '1385') + self.assertEqual(event.number_of_characters_with_spaces, '14') + self.assertEqual(event.i4, '1') + self.assertEqual(event.app_version, '14.0000') + self.assertEqual(event.number_of_lines, '1') + self.assertEqual(event.scale_crop, 'false') + self.assertEqual(event.number_of_pages, '1') + self.assertEqual(event.number_of_words, '2') + self.assertEqual(event.links_up_to_date, 'false') + self.assertEqual(event.number_of_paragraphs, '1') + self.assertEqual(event.doc_security, '0') + self.assertEqual(event.hyperlinks_changed, 'false') + self.assertEqual(event.revision_number, '3') + self.assertEqual(event.last_saved_by, 'Nides') + self.assertEqual(event.author, 'Nides') self.assertEqual( - event.creating_app, u'Microsoft Office Word') - self.assertEqual(event.template, u'Normal.dotm') + event.creating_app, 'Microsoft Office Word') + self.assertEqual(event.template, 'Normal.dotm') expected_message = ( - u'Creating App: Microsoft Office Word ' - u'App version: 14.0000 ' - u'Last saved by: Nides ' - u'Author: Nides ' - u'Revision number: 3 ' - u'Template: Normal.dotm ' - u'Number of pages: 1 ' - u'Number of words: 2 ' - u'Number of characters: 13 ' - u'Number of characters with spaces: 14 ' - u'Number of lines: 1 ' - u'Hyperlinks changed: false ' - u'Links up to date: false ' - u'Scale crop: false') + 'Creating App: Microsoft Office Word ' + 'App version: 14.0000 ' + 'Last saved by: Nides ' + 'Author: Nides ' + 'Revision number: 3 ' + 'Template: Normal.dotm ' + 'Number of pages: 1 ' + 'Number of words: 2 ' + 'Number of characters: 13 ' + 'Number of characters with spaces: 14 ' + 'Number of lines: 1 ' + 'Hyperlinks changed: false ' + 'Links up to date: false ' + 'Scale crop: false') expected_short_message = ( - u'Author: Nides') + 'Author: Nides') self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/pcap.py b/tests/parsers/pcap.py index 01b8c51ca0..aee412c297 100644 --- a/tests/parsers/pcap.py +++ b/tests/parsers/pcap.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the PCAP parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import pcap # pylint: disable=unused-import +from plaso.formatters import pcap as _ # pylint: disable=unused-import from plaso.parsers import pcap from tests import test_lib as shared_test_lib @@ -14,11 +16,11 @@ class PcapParserTest(test_lib.ParserTestCase): """Tests for the PCAP parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'test.pcap']) + @shared_test_lib.skipUnlessHasTestFile(['test.pcap']) def testParse(self): """Tests the Parse function.""" parser = pcap.PcapParser() - storage_writer = self._ParseFile([u'test.pcap'], parser) + storage_writer = self._ParseFile(['test.pcap'], parser) # PCAP information: # Number of streams: 96 (TCP: 47, UDP: 39, ICMP: 0, Other: 10) @@ -42,12 +44,12 @@ def testParse(self): event = events[6] self.assertEqual(event.packet_count, 3) - self.assertEqual(event.protocol, u'TCP') - self.assertEqual(event.source_ip, u'192.168.195.130') - self.assertEqual(event.dest_ip, u'63.245.217.43') + self.assertEqual(event.protocol, 'TCP') + self.assertEqual(event.source_ip, '192.168.195.130') + self.assertEqual(event.dest_ip, '63.245.217.43') self.assertEqual(event.dest_port, 443) self.assertEqual(event.source_port, 1038) - self.assertEqual(event.stream_type, u'SSL') + self.assertEqual(event.stream_type, 'SSL') self.assertEqual(event.first_packet_id, 4) self.assertEqual(event.last_packet_id, 6) @@ -64,35 +66,35 @@ def testParse(self): event = events[12] self.assertEqual(event.packet_count, 5) - self.assertEqual(event.protocol, u'UDP') - self.assertEqual(event.source_ip, u'192.168.195.130') - self.assertEqual(event.dest_ip, u'192.168.195.2') + self.assertEqual(event.protocol, 'UDP') + self.assertEqual(event.source_ip, '192.168.195.130') + self.assertEqual(event.dest_ip, '192.168.195.2') self.assertEqual(event.dest_port, 53) self.assertEqual(event.source_port, 55679) - self.assertEqual(event.stream_type, u'DNS') + self.assertEqual(event.stream_type, 'DNS') self.assertEqual(event.first_packet_id, 11) self.assertEqual(event.last_packet_id, 1307) self.assertEqual( - event.protocol_data, u'DNS Query for wpad.localdomain') + event.protocol_data, 'DNS Query for wpad.localdomain') expected_message = ( - u'Source IP: 192.168.195.130 ' - u'Destination IP: 192.168.195.2 ' - u'Source Port: 55679 ' - u'Destination Port: 53 ' - u'Protocol: UDP ' - u'Type: DNS ' - u'Size: 380 ' - u'Protocol Data: DNS Query for wpad.localdomain ' - u'Stream Data: \'\\xb8\\x9c\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00' - u'\\x00\\x00\\x04wpad\\x0blocaldomain\\x00\\x00\\x01\\x00\\x01\\xb8' - u'\\x9c\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x04wpa\' ' - u'First Packet ID: 11 ' - u'Last Packet ID: 1307 ' - u'Packet Count: 5') + 'Source IP: 192.168.195.130 ' + 'Destination IP: 192.168.195.2 ' + 'Source Port: 55679 ' + 'Destination Port: 53 ' + 'Protocol: UDP ' + 'Type: DNS ' + 'Size: 380 ' + 'Protocol Data: DNS Query for wpad.localdomain ' + 'Stream Data: \'\\xb8\\x9c\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00' + '\\x00\\x00\\x04wpad\\x0blocaldomain\\x00\\x00\\x01\\x00\\x01\\xb8' + '\\x9c\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x04wpa\' ' + 'First Packet ID: 11 ' + 'Last Packet ID: 1307 ' + 'Packet Count: 5') expected_short_message = ( - u'Type: DNS ' - u'First Packet ID: 11') + 'Type: DNS ' + 'First Packet ID: 11') self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/pe.py b/tests/parsers/pe.py index 78eca4d87d..a9037c4c86 100644 --- a/tests/parsers/pe.py +++ b/tests/parsers/pe.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the PE file parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import pe # pylint: disable=unused-import +from plaso.formatters import pe as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import pe @@ -15,11 +17,11 @@ class PECOFFTest(test_lib.ParserTestCase): """Tests for the PE file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'test_pe.exe']) + @shared_test_lib.skipUnlessHasTestFile(['test_pe.exe']) def testParseFileObjectOnExecutable(self): """Tests the ParseFileObject on a PE executable (EXE) file.""" parser = pe.PEParser() - storage_writer = self._ParseFile([u'test_pe.exe'], parser) + storage_writer = self._ParseFile(['test_pe.exe'], parser) self.assertEqual(storage_writer.number_of_events, 3) @@ -27,28 +29,28 @@ def testParseFileObjectOnExecutable(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2015-04-21 14:53:56') - self.assertEqual(event.pe_type, u'Executable (EXE)') + '2015-04-21 14:53:56') + self.assertEqual(event.pe_type, 'Executable (EXE)') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.data_type, u'pe:compilation:compilation_time') + self.assertEqual(event.data_type, 'pe:compilation:compilation_time') event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2015-04-21 14:53:55') + '2015-04-21 14:53:55') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.data_type, u'pe:import:import_time') + self.assertEqual(event.data_type, 'pe:import:import_time') event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2015-04-21 14:53:54') + '2015-04-21 14:53:54') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.data_type, u'pe:delay_import:import_time') + self.assertEqual(event.data_type, 'pe:delay_import:import_time') - @shared_test_lib.skipUnlessHasTestFile([u'test_driver.sys']) + @shared_test_lib.skipUnlessHasTestFile(['test_driver.sys']) def testParseFileObjectOnDriver(self): """Tests the ParseFileObject on a PE driver (SYS) file.""" parser = pe.PEParser() - storage_writer = self._ParseFile([u'test_driver.sys'], parser) + storage_writer = self._ParseFile(['test_driver.sys'], parser) self.assertEqual(storage_writer.number_of_events, 1) @@ -56,8 +58,8 @@ def testParseFileObjectOnDriver(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2015-04-21 14:53:54') - self.assertEqual(event.pe_type, u'Driver (SYS)') + '2015-04-21 14:53:54') + self.assertEqual(event.pe_type, 'Driver (SYS)') self.assertEqual(event.timestamp, expected_timestamp) diff --git a/tests/parsers/plist.py b/tests/parsers/plist.py index 4725deabdc..7ba8f67754 100644 --- a/tests/parsers/plist.py +++ b/tests/parsers/plist.py @@ -2,6 +2,8 @@ # -*- coding: utf-8 -*- """Tests the plist parser.""" +from __future__ import unicode_literals + import unittest from plaso.parsers import plist @@ -20,18 +22,18 @@ class PlistParserTest(test_lib.ParserTestCase): def testEnablePlugins(self): """Tests the EnablePlugins function.""" parser = plist.PlistParser() - parser.EnablePlugins([u'airport']) + parser.EnablePlugins(['airport']) self.assertIsNotNone(parser) self.assertIsNotNone(parser._default_plugin) self.assertNotEqual(parser._plugins, []) self.assertEqual(len(parser._plugins), 1) - @shared_test_lib.skipUnlessHasTestFile([u'plist_binary']) + @shared_test_lib.skipUnlessHasTestFile(['plist_binary']) def testParse(self): """Tests the Parse function.""" parser = plist.PlistParser() - storage_writer = self._ParseFile([u'plist_binary'], parser) + storage_writer = self._ParseFile(['plist_binary'], parser) self.assertEqual(storage_writer.number_of_events, 12) @@ -49,19 +51,19 @@ def testParse(self): self.assertEqual(12, len(set(timestamps))) expected_roots = frozenset([ - u'/DeviceCache/00-0d-fd-00-00-00', - u'/DeviceCache/44-00-00-00-00-00', - u'/DeviceCache/44-00-00-00-00-01', - u'/DeviceCache/44-00-00-00-00-02', - u'/DeviceCache/44-00-00-00-00-03', - u'/DeviceCache/44-00-00-00-00-04']) + '/DeviceCache/00-0d-fd-00-00-00', + '/DeviceCache/44-00-00-00-00-00', + '/DeviceCache/44-00-00-00-00-01', + '/DeviceCache/44-00-00-00-00-02', + '/DeviceCache/44-00-00-00-00-03', + '/DeviceCache/44-00-00-00-00-04']) self.assertTrue(expected_roots == set(roots)) self.assertEqual(6, len(set(roots))) expected_keys = frozenset([ - u'LastInquiryUpdate', - u'LastServicesUpdate', - u'LastNameUpdate']) + 'LastInquiryUpdate', + 'LastServicesUpdate', + 'LastNameUpdate']) self.assertTrue(expected_keys == set(keys)) self.assertEqual(3, len(set(keys))) diff --git a/tests/parsers/pls_recall.py b/tests/parsers/pls_recall.py index b5725c331f..90e9a18f4a 100644 --- a/tests/parsers/pls_recall.py +++ b/tests/parsers/pls_recall.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for PL-SQL recall file parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import pls_recall # pylint: disable=unused-import +from plaso.formatters import pls_recall as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import pls_recall @@ -15,11 +17,11 @@ class PlsRecallTest(test_lib.ParserTestCase): """Tests for PL-SQL recall file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'PLSRecall_Test.dat']) + @shared_test_lib.skipUnlessHasTestFile(['PLSRecall_Test.dat']) def testParse(self): """Tests the Parse function.""" parser = pls_recall.PlsRecallParser() - storage_writer = self._ParseFile([u'PLSRecall_Test.dat'], parser) + storage_writer = self._ParseFile(['PLSRecall_Test.dat'], parser) # There are two events in test file. self.assertEqual(storage_writer.number_of_events, 2) @@ -29,24 +31,24 @@ def testParse(self): event = events[0] timestamp_expected = timelib.Timestamp.CopyFromString( - u'2013-06-18 19:50:00.550') + '2013-06-18 19:50:00.550') self.assertEqual(event.timestamp, timestamp_expected) self.assertEqual(event.sequence_number, 206) - self.assertEqual(event.username, u'tsltmp') - self.assertEqual(event.database_name, u'DB11') + self.assertEqual(event.username, 'tsltmp') + self.assertEqual(event.database_name, 'DB11') # The test file actually has 'test_databae' in the SQL string. - expected_query = u'SELECT * from test_databae where date > \'01/01/2012\'' + expected_query = 'SELECT * from test_databae where date > \'01/01/2012\'' self.assertEqual(event.query, expected_query) expected_message = ( - u'Sequence number: 206 ' - u'Username: tsltmp ' - u'Database name: DB11 ' - u'Query: {0:s}').format(expected_query) + 'Sequence number: 206 ' + 'Username: tsltmp ' + 'Database name: DB11 ' + 'Query: {0:s}').format(expected_query) - expected_short_message = u'206 tsltmp DB11 {0:s}'.format(expected_query) + expected_short_message = '206 tsltmp DB11 {0:s}'.format(expected_query) self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/popcontest.py b/tests/parsers/popcontest.py index 74dee8f7ec..60a8cd12ce 100644 --- a/tests/parsers/popcontest.py +++ b/tests/parsers/popcontest.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the Popularity Contest (popcontest) parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import popcontest # pylint: disable=unused-import +from plaso.formatters import popcontest as _ # pylint: disable=unused-import from plaso.lib import definitions from plaso.lib import timelib from plaso.parsers import popcontest @@ -19,11 +21,11 @@ class PopularityContestUnitTest(test_lib.ParserTestCase): """Tests for the popcontest parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'popcontest1.log']) + @shared_test_lib.skipUnlessHasTestFile(['popcontest1.log']) def testParse(self): """Tests the Parse function.""" parser = popcontest.PopularityContestParser() - storage_writer = self._ParseFile([u'popcontest1.log'], parser) + storage_writer = self._ParseFile(['popcontest1.log'], parser) self.assertEqual(storage_writer.number_of_events, 22) @@ -34,13 +36,13 @@ def testParse(self): self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_ADDED) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-06-22 05:41:41') + '2010-06-22 05:41:41') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'Session 0 start ' - u'ID 12345678901234567890123456789012 [ARCH:i386 POPCONVER:1.38]') - expected_short_message = u'Session 0 start' + 'Session 0 start ' + 'ID 12345678901234567890123456789012 [ARCH:i386 POPCONVER:1.38]') + expected_short_message = 'Session 0 start' self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[1] @@ -48,11 +50,11 @@ def testParse(self): self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_ACCESS) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-06-22 07:34:42') + '2010-06-22 07:34:42') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'mru [/usr/sbin/atd] package [at]' - expected_short_message = u'/usr/sbin/atd' + expected_message = 'mru [/usr/sbin/atd] package [at]' + expected_short_message = '/usr/sbin/atd' self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[3] @@ -60,13 +62,13 @@ def testParse(self): self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_ACCESS) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-06-22 07:34:43') + '2010-06-22 07:34:43') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'mru [/usr/lib/python2.5/lib-dynload/_struct.so] ' - u'package [python2.5-minimal]') - expected_short_message = u'/usr/lib/python2.5/lib-dynload/_struct.so' + 'mru [/usr/lib/python2.5/lib-dynload/_struct.so] ' + 'package [python2.5-minimal]') + expected_short_message = '/usr/lib/python2.5/lib-dynload/_struct.so' self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[5] @@ -74,12 +76,12 @@ def testParse(self): self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_ACCESS) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-05-30 05:26:20') + '2010-05-30 05:26:20') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'mru [/usr/bin/empathy] package [empathy] tag [RECENT-CTIME]') - expected_short_message = u'/usr/bin/empathy' + 'mru [/usr/bin/empathy] package [empathy] tag [RECENT-CTIME]') + expected_short_message = '/usr/bin/empathy' self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[6] @@ -88,12 +90,12 @@ def testParse(self): event.timestamp_desc, definitions.TIME_DESCRIPTION_ENTRY_MODIFICATION) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-05-30 05:27:43') + '2010-05-30 05:27:43') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'mru [/usr/bin/empathy] package [empathy] tag [RECENT-CTIME]') - expected_short_message = u'/usr/bin/empathy' + 'mru [/usr/bin/empathy] package [empathy] tag [RECENT-CTIME]') + expected_short_message = '/usr/bin/empathy' self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[11] @@ -101,11 +103,11 @@ def testParse(self): self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_ACCESS) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-05-12 07:58:33') + '2010-05-12 07:58:33') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'mru [/usr/bin/orca] package [gnome-orca] tag [OLD]' - expected_short_message = u'/usr/bin/orca' + expected_message = 'mru [/usr/bin/orca] package [gnome-orca] tag [OLD]' + expected_short_message = '/usr/bin/orca' self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[13] @@ -113,10 +115,10 @@ def testParse(self): self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_ADDED) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-06-22 05:41:41') + '2010-06-22 05:41:41') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'Session 0 end' + expected_message = 'Session 0 end' expected_short_message = expected_message self._TestGetMessageStrings(event, expected_message, expected_short_message) @@ -125,13 +127,13 @@ def testParse(self): self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_ADDED) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-06-22 05:41:41') + '2010-06-22 05:41:41') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'Session 1 start ' - u'ID 12345678901234567890123456789012 [ARCH:i386 POPCONVER:1.38]') - expected_short_message = u'Session 1 start' + 'Session 1 start ' + 'ID 12345678901234567890123456789012 [ARCH:i386 POPCONVER:1.38]') + expected_short_message = 'Session 1 start' self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[15] @@ -139,11 +141,11 @@ def testParse(self): self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_ACCESS) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-06-22 07:34:42') + '2010-06-22 07:34:42') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'mru [/super/cool/plasuz] package [plaso]' - expected_short_message = u'/super/cool/plasuz' + expected_message = 'mru [/super/cool/plasuz] package [plaso]' + expected_short_message = '/super/cool/plasuz' self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[18] @@ -151,11 +153,11 @@ def testParse(self): self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_ACCESS) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-04-06 12:25:42') + '2010-04-06 12:25:42') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'mru [/super/cool/plasuz] package [miss_ctime]' - expected_short_message = u'/super/cool/plasuz' + expected_message = 'mru [/super/cool/plasuz] package [miss_ctime]' + expected_short_message = '/super/cool/plasuz' self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[19] @@ -163,11 +165,11 @@ def testParse(self): self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_ACCESS) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-05-12 07:58:33') + '2010-05-12 07:58:33') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'mru [/super/cóól] package [plaso] tag [WRONG_TAG]' - expected_short_message = u'/super/cóól' + expected_message = 'mru [/super/cóól] package [plaso] tag [WRONG_TAG]' + expected_short_message = '/super/cóól' self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[21] @@ -175,10 +177,10 @@ def testParse(self): self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_ADDED) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-06-22 05:41:41') + '2010-06-22 05:41:41') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'Session 1 end' + expected_message = 'Session 1 end' expected_short_message = expected_message self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/recycler.py b/tests/parsers/recycler.py index 32c7722f04..611c162a36 100644 --- a/tests/parsers/recycler.py +++ b/tests/parsers/recycler.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the Windows recycler parsers.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import recycler # pylint: disable=unused-import +from plaso.formatters import recycler as _ # pylint: disable=unused-import from plaso.lib import definitions from plaso.lib import timelib from plaso.parsers import recycler @@ -16,11 +18,11 @@ class WinRecycleBinParserTest(test_lib.ParserTestCase): """Tests for the Windows Recycle Bin parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'$II3DF3L.zip']) + @shared_test_lib.skipUnlessHasTestFile(['$II3DF3L.zip']) def testParseVista(self): """Tests the Parse function on a Windows Vista RecycleBin file.""" parser = recycler.WinRecycleBinParser() - storage_writer = self._ParseFile([u'$II3DF3L.zip'], parser) + storage_writer = self._ParseFile(['$II3DF3L.zip'], parser) self.assertEqual(storage_writer.number_of_events, 1) @@ -29,23 +31,23 @@ def testParseVista(self): event = events[0] expected_filename = ( - u'C:\\Users\\nfury\\Documents\\Alloy Research\\StarFury.zip') + 'C:\\Users\\nfury\\Documents\\Alloy Research\\StarFury.zip') self.assertEqual(event.original_filename, expected_filename) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2012-03-12 20:49:58.633') + '2012-03-12 20:49:58.633') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.file_size, 724919) - expected_message = u'{0:s} (from drive: UNKNOWN)'.format(expected_filename) - expected_short_message = u'Deleted file: {0:s}'.format(expected_filename) + expected_message = '{0:s} (from drive: UNKNOWN)'.format(expected_filename) + expected_short_message = 'Deleted file: {0:s}'.format(expected_filename) self._TestGetMessageStrings(event, expected_message, expected_short_message) - @shared_test_lib.skipUnlessHasTestFile([u'$I103S5F.jpg']) + @shared_test_lib.skipUnlessHasTestFile(['$I103S5F.jpg']) def testParseWindows10(self): """Tests the Parse function on a Windows 10 RecycleBin file.""" parser = recycler.WinRecycleBinParser() - storage_writer = self._ParseFile([u'$I103S5F.jpg'], parser) + storage_writer = self._ParseFile(['$I103S5F.jpg'], parser) self.assertEqual(storage_writer.number_of_events, 1) @@ -54,27 +56,27 @@ def testParseWindows10(self): event = events[0] expected_filename = ( - u'C:\\Users\\random\\Downloads\\bunnies.jpg') + 'C:\\Users\\random\\Downloads\\bunnies.jpg') self.assertEqual(event.original_filename, expected_filename) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-06-29 21:37:45.618') + '2016-06-29 21:37:45.618') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.file_size, 222255) - expected_message = u'{0:s} (from drive: UNKNOWN)'.format(expected_filename) - expected_short_message = u'Deleted file: {0:s}'.format(expected_filename) + expected_message = '{0:s} (from drive: UNKNOWN)'.format(expected_filename) + expected_short_message = 'Deleted file: {0:s}'.format(expected_filename) self._TestGetMessageStrings(event, expected_message, expected_short_message) class WinRecyclerInfo2ParserTest(test_lib.ParserTestCase): """Tests for the Windows Recycler INFO2 parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'INFO2']) + @shared_test_lib.skipUnlessHasTestFile(['INFO2']) def testParse(self): """Reads an INFO2 file and run a few tests.""" parser = recycler.WinRecyclerInfo2Parser() - storage_writer = self._ParseFile([u'INFO2'], parser) + storage_writer = self._ParseFile(['INFO2'], parser) self.assertEqual(storage_writer.number_of_events, 4) @@ -83,7 +85,7 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2004-08-25 16:18:25.237') + '2004-08-25 16:18:25.237') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_DELETED) @@ -91,23 +93,23 @@ def testParse(self): self.assertEqual(event.record_index, 1) expected_filename = ( - u'C:\\Documents and Settings\\Mr. Evil\\Desktop\\lalsetup250.exe') + 'C:\\Documents and Settings\\Mr. Evil\\Desktop\\lalsetup250.exe') self.assertEqual(event.original_filename, expected_filename) event = events[1] expected_message = ( - u'DC2 -> C:\\Documents and Settings\\Mr. Evil\\Desktop' - u'\\netstumblerinstaller_0_4_0.exe (from drive: C)') + 'DC2 -> C:\\Documents and Settings\\Mr. Evil\\Desktop' + '\\netstumblerinstaller_0_4_0.exe (from drive: C)') expected_short_message = ( - u'Deleted file: C:\\Documents and Settings\\Mr. Evil\\Desktop' - u'\\netstumblerinstaller...') + 'Deleted file: C:\\Documents and Settings\\Mr. Evil\\Desktop' + '\\netstumblerinstaller...') self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[2] - self._TestGetSourceStrings(event, u'Recycle Bin', u'RECBIN') + self._TestGetSourceStrings(event, 'Recycle Bin', 'RECBIN') if __name__ == '__main__': diff --git a/tests/parsers/safari_cookies.py b/tests/parsers/safari_cookies.py index 7ac4c74bd4..ebca88d622 100644 --- a/tests/parsers/safari_cookies.py +++ b/tests/parsers/safari_cookies.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the Safari cookie parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import safari_cookies # pylint: disable=unused-import +from plaso.formatters import safari_cookies as _ # pylint: disable=unused-import from plaso.lib import definitions from plaso.lib import timelib from plaso.parsers import safari_cookies @@ -16,16 +18,16 @@ class SafariCookieParserTest(test_lib.ParserTestCase): """Tests for the Safari cookie parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'Cookies.binarycookies']) + @shared_test_lib.skipUnlessHasTestFile(['Cookies.binarycookies']) def testParseFile(self): """Tests the Parse function on a Safari binary cookies file.""" parser = safari_cookies.BinaryCookieParser() storage_writer = self._ParseFile( - [u'Cookies.binarycookies'], parser) + ['Cookies.binarycookies'], parser) cookie_events = [] for event in storage_writer.GetEvents(): - if event.data_type == u'safari:cookie:entry': + if event.data_type == 'safari:cookie:entry': cookie_events.append(event) # There should be: @@ -37,37 +39,37 @@ def testParseFile(self): event = cookie_events[3] self.assertEqual(event.flags, 5) - self.assertEqual(event.url, u'accounts.google.com') - self.assertEqual(event.cookie_name, u'GAPS') + self.assertEqual(event.url, 'accounts.google.com') + self.assertEqual(event.cookie_name, 'GAPS') event = cookie_events[48] self.assertEqual(event.flags, 0) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-07-08 20:54:50') + '2013-07-08 20:54:50') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) - self.assertEqual(event.cookie_name, u'nonsession') - self.assertEqual(event.path, u'/') + self.assertEqual(event.cookie_name, 'nonsession') + self.assertEqual(event.path, '/') - expected_message = u'.ebay.com (nonsession)' - expected_short_message = u'.ebay.com (nonsession)' + expected_message = '.ebay.com (nonsession)' + expected_short_message = '.ebay.com (nonsession)' self._TestGetMessageStrings( event, expected_message, expected_short_message) event = cookie_events[52] - self.assertEqual(event.cookie_name, u'fpc') + self.assertEqual(event.cookie_name, 'fpc') value = ( - u'd=0dTg3Ou32s3MrAJ2iHjFph100Tw3E1HTfDOTly0GfJ2g4W.mXpy54F9fjBFfXMw4YyW' - u'AG2cT2FVSqOvGGi_Y1OPrngmNvpKPPyz5gIUP6x_EQeM7bR3jsrg_F1UXVOgu6JgkFwqO' - u'5uHrv4HiL05qb.85Bl.V__HZI5wpAGOGPz1XHhY5mOMH.g.pkVDLli36W2iuYwA-&v=2') + 'd=0dTg3Ou32s3MrAJ2iHjFph100Tw3E1HTfDOTly0GfJ2g4W.mXpy54F9fjBFfXMw4YyW' + 'AG2cT2FVSqOvGGi_Y1OPrngmNvpKPPyz5gIUP6x_EQeM7bR3jsrg_F1UXVOgu6JgkFwqO' + '5uHrv4HiL05qb.85Bl.V__HZI5wpAGOGPz1XHhY5mOMH.g.pkVDLli36W2iuYwA-&v=2') self.assertEqual(event.cookie_value, value) - self.assertEqual(event.path, u'/') - self.assertEqual(event.url, u'.www.yahoo.com') + self.assertEqual(event.path, '/') + self.assertEqual(event.url, '.www.yahoo.com') if __name__ == '__main__': diff --git a/tests/parsers/sccm.py b/tests/parsers/sccm.py index 01c88ac011..95279d9c82 100644 --- a/tests/parsers/sccm.py +++ b/tests/parsers/sccm.py @@ -2,9 +2,11 @@ # -*_ coding: utf-8 -*- """Tests for the SCCM Logs Parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import sccm # pylint: disable=unused-import +from plaso.formatters import sccm as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import sccm @@ -15,11 +17,11 @@ class SCCMLogsUnitTest(test_lib.ParserTestCase): """Tests for the SCCM Logs Parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'sccm_various.log']) + @shared_test_lib.skipUnlessHasTestFile(['sccm_various.log']) def testParse(self): """Tests for the Parse function.""" parser = sccm.SCCMParser() - storage_writer = self._ParseFile([u'sccm_various.log'], parser) + storage_writer = self._ParseFile(['sccm_various.log'], parser) self.assertEqual(storage_writer.number_of_events, 10) @@ -27,36 +29,36 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-11-28 14:03:19.766') + '2014-11-28 14:03:19.766') self.assertEqual(event.timestamp, expected_timestamp) # Test timestamps with seven digits after seconds. event = events[3] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2015-01-02 10:22:50.873496') + '2015-01-02 10:22:50.873496') self.assertEqual(event.timestamp, expected_timestamp) # Test timestamps with '-' in microseconds. event = events[7] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-12-28 07:59:43.373') + '2014-12-28 07:59:43.373') self.assertEqual(event.timestamp, expected_timestamp) # Test timestamps with '+' in microseconds. event = events[9] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2014-11-24 09:52:13.827') + '2014-11-24 09:52:13.827') self.assertEqual(event.timestamp, expected_timestamp) # Test full and short message formats. event = events[4] expected_message = ( - u'ContentAccess Releasing content request ' - u'{4EA97AD6-E7E2-4583-92B9-21F532501337}') + 'ContentAccess Releasing content request ' + '{4EA97AD6-E7E2-4583-92B9-21F532501337}') expected_short_message = ( - u'Releasing content request ' - u'{4EA97AD6-E7E2-4583-92B9-21F532501337}') + 'Releasing content request ' + '{4EA97AD6-E7E2-4583-92B9-21F532501337}') self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/selinux.py b/tests/parsers/selinux.py index 3fc0bab0ea..aaf80f12ae 100644 --- a/tests/parsers/selinux.py +++ b/tests/parsers/selinux.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the selinux log file parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import selinux # pylint: disable=unused-import +from plaso.formatters import selinux as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import selinux @@ -18,13 +20,13 @@ class SELinuxUnitTest(test_lib.ParserTestCase): """Tests for the selinux log file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'selinux.log']) + @shared_test_lib.skipUnlessHasTestFile(['selinux.log']) def testParse(self): """Tests the Parse function.""" parser = selinux.SELinuxParser() - knowledge_base_values = {u'year': 2013} + knowledge_base_values = {'year': 2013} storage_writer = self._ParseFile( - [u'selinux.log'], parser, + ['selinux.log'], parser, knowledge_base_values=knowledge_base_values) self.assertEqual(storage_writer.number_of_events, 7) @@ -35,15 +37,15 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2012-05-24 07:40:01.174') + '2012-05-24 07:40:01.174') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'[audit_type: LOGIN, pid: 25443] pid=25443 uid=0 old ' - u'auid=4294967295 new auid=0 old ses=4294967295 new ses=1165') + '[audit_type: LOGIN, pid: 25443] pid=25443 uid=0 old ' + 'auid=4294967295 new auid=0 old ses=4294967295 new ses=1165') expected_short_message = ( - u'[audit_type: LOGIN, pid: 25443] pid=25443 uid=0 old ' - u'auid=4294967295 new auid=...') + '[audit_type: LOGIN, pid: 25443] pid=25443 uid=0 old ' + 'auid=4294967295 new auid=...') self._TestGetMessageStrings(event, expected_message, expected_short_message) @@ -51,10 +53,10 @@ def testParse(self): event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2012-05-24 07:40:01') + '2012-05-24 07:40:01') self.assertEqual(event.timestamp, expected_timestamp) - expected_string = u'[audit_type: SHORTDATE] check rounding' + expected_string = '[audit_type: SHORTDATE] check rounding' self._TestGetMessageStrings(event, expected_string, expected_string) @@ -62,10 +64,10 @@ def testParse(self): event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2012-05-24 07:40:22.174') + '2012-05-24 07:40:22.174') self.assertEqual(event.timestamp, expected_timestamp) - expected_string = u'[audit_type: NOMSG]' + expected_string = '[audit_type: NOMSG]' self._TestGetMessageStrings(event, expected_string, expected_string) @@ -73,15 +75,15 @@ def testParse(self): event = events[3] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2012-05-24 07:47:46.174') + '2012-05-24 07:47:46.174') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'[audit_type: UNDER_SCORE, pid: 25444] pid=25444 uid=0 old ' - u'auid=4294967295 new auid=54321 old ses=4294967295 new ses=1166') + '[audit_type: UNDER_SCORE, pid: 25444] pid=25444 uid=0 old ' + 'auid=4294967295 new auid=54321 old ses=4294967295 new ses=1166') expected_short_message = ( - u'[audit_type: UNDER_SCORE, pid: 25444] pid=25444 uid=0 old ' - u'auid=4294967295 new...') + '[audit_type: UNDER_SCORE, pid: 25444] pid=25444 uid=0 old ' + 'auid=4294967295 new...') self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/skydrivelog.py b/tests/parsers/skydrivelog.py index c07fbd90f6..4aa1e18f9c 100644 --- a/tests/parsers/skydrivelog.py +++ b/tests/parsers/skydrivelog.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the SkyDriveLog log parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import skydrivelog # pylint: disable=unused-import +from plaso.formatters import skydrivelog as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import skydrivelog @@ -18,11 +20,11 @@ class SkyDriveLogUnitTest(test_lib.ParserTestCase): """Tests for the SkyDrive log parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'skydriveerr.log']) + @shared_test_lib.skipUnlessHasTestFile(['skydriveerr.log']) def testParseErrorLog(self): """Tests the Parse function or error log.""" parser = skydrivelog.SkyDriveLogParser() - storage_writer = self._ParseFile([u'skydriveerr.log'], parser) + storage_writer = self._ParseFile(['skydriveerr.log'], parser) self.assertEqual(storage_writer.number_of_events, 19) @@ -31,51 +33,51 @@ def testParseErrorLog(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-07-25 16:03:23.291') + '2013-07-25 16:03:23.291') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'Logging started. Version= 17.0.2011.0627 StartLocalTime: ' - u'2013-07-25-180323.291 PID=0x8f4 TID=0x718 ContinuedFrom=') + 'Logging started. Version= 17.0.2011.0627 StartLocalTime: ' + '2013-07-25-180323.291 PID=0x8f4 TID=0x718 ContinuedFrom=') expected_short_message = ( - u'Logging started. Version= 17.0.2011.0627 StartLocalTime: ' - u'2013-07-25-180323.29...') + 'Logging started. Version= 17.0.2011.0627 StartLocalTime: ' + '2013-07-25-180323.29...') self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-07-25 16:03:24.649') + '2013-07-25 16:03:24.649') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'[AUTH authapi.cpp(280) ERR] Sign in failed : ' - u'DRX_E_AUTH_NO_VALID_CREDENTIALS,') + '[AUTH authapi.cpp(280) ERR] Sign in failed : ' + 'DRX_E_AUTH_NO_VALID_CREDENTIALS,') expected_short_message = ( - u'Sign in failed : DRX_E_AUTH_NO_VALID_CREDENTIALS,') + 'Sign in failed : DRX_E_AUTH_NO_VALID_CREDENTIALS,') self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[18] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-08-01 21:27:44.124') + '2013-08-01 21:27:44.124') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'[WNS absconn.cpp(177) VRB] Received data from server,' - u'dwID=0x0;dwSize=0x3e;pbData=PNG 9 CON 48 ' - u'44') + '[WNS absconn.cpp(177) VRB] Received data from server,' + 'dwID=0x0;dwSize=0x3e;pbData=PNG 9 CON 48 ' + '44') expected_short_message = ( - u'Received data from server,dwID=0x0;dwSize=0x3e;pbData=PNG 9 CON 48 ' - u'' - u'1;137143672585392572822013-09-11T02:52:37Z' - u'https://bn1.notify.windows.com/?token=AgYAAAAdkHjSxiNH1mbF0Rp5TIv0K' - u'z317BKYIAfBNO6szULCOEE2393owBINnPC5xoika5SJlNtXZ%2bwzaRVsPRcP1p64XF' - u'n90vGwr07DGZxfna%2bxBpBBplzZhLV9y%2fNV%2bBPxNmTI5sRgaZ%2foGvYCIj6Md' - u'eU1') + '[WNS absconn.cpp(177) VRB] Received data from server,dwID=0x0;' + 'dwSize=0x15a;pbData=GET 5 WNS 331 Context: 2891 ' + '1;137143672585392572822013-09-11T02:52:37Z' + 'https://bn1.notify.windows.com/?token=AgYAAAAdkHjSxiNH1mbF0Rp5TIv0K' + 'z317BKYIAfBNO6szULCOEE2393owBINnPC5xoika5SJlNtXZ%2bwzaRVsPRcP1p64XF' + 'n90vGwr07DGZxfna%2bxBpBBplzZhLV9y%2fNV%2bBPxNmTI5sRgaZ%2foGvYCIj6Md' + 'eU1') expected_short_message = ( - u'Received data from server,dwID=0x0;dwSize=0x15a;pbData=GET 5 WNS ' - u'331 Context:...') + 'Received data from server,dwID=0x0;dwSize=0x15a;pbData=GET 5 WNS ' + '331 Context:...') self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[13] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-08-12 03:18:57.232') + '2013-08-12 03:18:57.232') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'Logging started. Version= 17.0.2011.0627 StartLocalTime: ' - u'2013-08-11-231857.232 PID=0x1ef0 TID=0x1ef4 ContinuedFrom=') + 'Logging started. Version= 17.0.2011.0627 StartLocalTime: ' + '2013-08-11-231857.232 PID=0x1ef0 TID=0x1ef4 ContinuedFrom=') expected_short_message = ( - u'Logging started. Version= 17.0.2011.0627 StartLocalTime: ' - u'2013-08-11-231857.23...') + 'Logging started. Version= 17.0.2011.0627 StartLocalTime: ' + '2013-08-11-231857.23...') self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[15] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-08-31 03:45:37.940') + '2013-08-31 03:45:37.940') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'[PAL cwinhttp.cpp(1581) VRB] ,output=GET <- /MyData/LiveFolders?' - u'Filter=changes&InlineBlobs=false&MaxItemCount=50&SyncToken=LM%3d6351' - u'1875645970%3bID%3d7F095149027848ED!103%3bLR%3d63513517536493%3bEP%3d' - u'2%3bTD%3dTrue&View=SkyDriveSync;m_httpStatus=0x130;hr=8004db30;' - u'm_pSink=null;cb=0x0;msec=0x4e') + '[PAL cwinhttp.cpp(1581) VRB] ,output=GET <- /MyData/LiveFolders?' + 'Filter=changes&InlineBlobs=false&MaxItemCount=50&SyncToken=LM%3d6351' + '1875645970%3bID%3d7F095149027848ED!103%3bLR%3d63513517536493%3bEP%3d' + '2%3bTD%3dTrue&View=SkyDriveSync;m_httpStatus=0x130;hr=8004db30;' + 'm_pSink=null;cb=0x0;msec=0x4e') expected_short_message = ( - u',output=GET <- /MyData/LiveFolders?Filter=changes&InlineBlobs=' - u'false&MaxItemCo...') + ',output=GET <- /MyData/LiveFolders?Filter=changes&InlineBlobs=' + 'false&MaxItemCo...') self._TestGetMessageStrings(event, expected_message, expected_short_message) class SkyDriveOldLogUnitTest(test_lib.ParserTestCase): """Tests for the SkyDrive old log parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'skydrive_old.log']) + @shared_test_lib.skipUnlessHasTestFile(['skydrive_old.log']) def testParse(self): """Tests the Parse function.""" parser = skydrivelog.SkyDriveOldLogParser() - storage_writer = self._ParseFile([u'skydrive_old.log'], parser) + storage_writer = self._ParseFile(['skydrive_old.log'], parser) self.assertEqual(storage_writer.number_of_events, 18) @@ -178,17 +180,17 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-08-01 21:22:28.999') + '2013-08-01 21:22:28.999') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'[global.cpp:626!logVersionInfo] (DETAIL) 17.0.2011.0627 (Ship)') + '[global.cpp:626!logVersionInfo] (DETAIL) 17.0.2011.0627 (Ship)') expected_short_message = ( - u'17.0.2011.0627 (Ship)') + '17.0.2011.0627 (Ship)') self._TestGetMessageStrings(event, expected_message, expected_short_message) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-08-01 21:22:29.702') + '2013-08-01 21:22:29.702') event = events[1] self.assertEqual(event.timestamp, expected_timestamp) @@ -200,15 +202,15 @@ def testParse(self): self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'SyncToken = LM%3d12345678905670%3bID%3d1234567890E059C0!' - u'103%3bLR%3d12345678905623%3aEP%3d2') + 'SyncToken = LM%3d12345678905670%3bID%3d1234567890E059C0!' + '103%3bLR%3d12345678905623%3aEP%3d2') expected_short_message = ( - u'SyncToken = LM%3d12345678905670%3bID%3d1234567890E059C0!' - u'103%3bLR%3d1234567890...') + 'SyncToken = LM%3d12345678905670%3bID%3d1234567890E059C0!' + '103%3bLR%3d1234567890...') self._TestGetMessageStrings(event, expected_message, expected_short_message) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-08-01 21:22:58.344') + '2013-08-01 21:22:58.344') event = events[4] self.assertEqual(event.timestamp, expected_timestamp) @@ -218,7 +220,7 @@ def testParse(self): event = events[17] expected_message = ( - u'SyncToken = Not a sync token (\xe0\xe8\xec\xf2\xf9)!') + 'SyncToken = Not a sync token (\xe0\xe8\xec\xf2\xf9)!') self._TestGetMessageStrings(event, expected_message, expected_message) diff --git a/tests/parsers/symantec.py b/tests/parsers/symantec.py index bcea5dc67f..2f4367aa37 100644 --- a/tests/parsers/symantec.py +++ b/tests/parsers/symantec.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the Symantec AV Log parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import symantec # pylint: disable=unused-import +from plaso.formatters import symantec as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import symantec @@ -23,22 +25,22 @@ def testConvertToTimestamp(self): # pylint: disable=protected-access expected_timestamp = timelib.Timestamp.CopyFromString( - u'2002-11-19 08:01:34') + '2002-11-19 08:01:34') timestamp = parser._ConvertToTimestamp( - u'200A13080122', timezone=pytz.UTC) + '200A13080122', timezone=pytz.UTC) self.assertEqual(timestamp, expected_timestamp) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2012-11-30 10:47:29') + '2012-11-30 10:47:29') timestamp = parser._ConvertToTimestamp( - u'2A0A1E0A2F1D', timezone=pytz.UTC) + '2A0A1E0A2F1D', timezone=pytz.UTC) self.assertEqual(timestamp, expected_timestamp) - @shared_test_lib.skipUnlessHasTestFile([u'Symantec.Log']) + @shared_test_lib.skipUnlessHasTestFile(['Symantec.Log']) def testParse(self): """Tests the Parse function.""" parser = symantec.SymantecParser() - storage_writer = self._ParseFile([u'Symantec.Log'], parser) + storage_writer = self._ParseFile(['Symantec.Log'], parser) # The file contains 8 lines which should result in 8 events. self.assertEqual(storage_writer.number_of_events, 8) @@ -49,28 +51,28 @@ def testParse(self): event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2012-11-30 10:47:29') + '2012-11-30 10:47:29') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.user, u'davnads') + self.assertEqual(event.user, 'davnads') expected_file = ( - u'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt') + 'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt') self.assertEqual(event.file, expected_file) expected_message = ( - u'Event Name: GL_EVENT_INFECTION; ' - u'Category Name: GL_CAT_INFECTION; ' - u'Malware Name: W32.Changeup!gen33; ' - u'Malware Path: ' - u'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt; ' - u'Action0: Unknown; ' - u'Action1: Clean virus from file; ' - u'Action2: Delete infected file; ' - u'Scan ID: 0; ' - u'Event Data: 201\t4\t6\t1\t65542\t0\t0\t0\t0\t0\t0') + 'Event Name: GL_EVENT_INFECTION; ' + 'Category Name: GL_CAT_INFECTION; ' + 'Malware Name: W32.Changeup!gen33; ' + 'Malware Path: ' + 'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt; ' + 'Action0: Unknown; ' + 'Action1: Clean virus from file; ' + 'Action2: Delete infected file; ' + 'Scan ID: 0; ' + 'Event Data: 201\t4\t6\t1\t65542\t0\t0\t0\t0\t0\t0') expected_short_message = ( - u'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt; ' - u'W32.Changeup!gen33; ' - u'Unknown; ...') + 'D:\\Twinkle_Prod$\\VM11 XXX\\outside\\test.exe.txt; ' + 'W32.Changeup!gen33; ' + 'Unknown; ...') self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/syslog.py b/tests/parsers/syslog.py index edb1aab734..7900fc6213 100644 --- a/tests/parsers/syslog.py +++ b/tests/parsers/syslog.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the syslog parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import syslog # pylint: disable=unused-import +from plaso.formatters import syslog as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import syslog @@ -15,35 +17,35 @@ class SyslogParserTest(test_lib.ParserTestCase): """Tests for the syslog parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'syslog_rsyslog']) + @shared_test_lib.skipUnlessHasTestFile(['syslog_rsyslog']) def testParseRsyslog(self): """Tests the Parse function on an Ubuntu-style syslog file""" parser = syslog.SyslogParser() - knowledge_base_values = {u'year': 2016} + knowledge_base_values = {'year': 2016} storage_writer = self._ParseFile( - [u'syslog_rsyslog'], parser, + ['syslog_rsyslog'], parser, knowledge_base_values=knowledge_base_values) self.assertEqual(storage_writer.number_of_events, 8) - @shared_test_lib.skipUnlessHasTestFile([u'syslog_osx']) + @shared_test_lib.skipUnlessHasTestFile(['syslog_osx']) def testParseDarwin(self): """Tests the Parse function on an Darwin-style syslog file""" parser = syslog.SyslogParser() - knowledge_base_values = {u'year': 2016} + knowledge_base_values = {'year': 2016} storage_writer = self._ParseFile( - [u'syslog_osx'], parser, + ['syslog_osx'], parser, knowledge_base_values=knowledge_base_values) self.assertEqual(storage_writer.number_of_events, 2) - @shared_test_lib.skipUnlessHasTestFile([u'syslog_chromeos']) + @shared_test_lib.skipUnlessHasTestFile(['syslog_chromeos']) def testParseChromeOS(self): """Tests the Parse function.""" parser = syslog.SyslogParser() - knowledge_base_values = {u'year': 2016} + knowledge_base_values = {'year': 2016} storage_writer = self._ParseFile( - [u'syslog_chromeos'], parser, + ['syslog_chromeos'], parser, knowledge_base_values=knowledge_base_values) self.assertEqual(storage_writer.number_of_events, 8) @@ -53,43 +55,43 @@ def testParseChromeOS(self): event = events[0] event_timestamp = timelib.Timestamp.CopyToIsoFormat( event.timestamp) - self.assertEqual(event_timestamp, u'2016-10-25T19:37:23.297265+00:00') + self.assertEqual(event_timestamp, '2016-10-25T19:37:23.297265+00:00') expected_message = ( - u'INFO [periodic_scheduler, pid: 13707] cleanup_logs: job completed') + 'INFO [periodic_scheduler, pid: 13707] cleanup_logs: job completed') self._TestGetMessageStrings(event, expected_message, expected_message) event = events[2] event_timestamp = timelib.Timestamp.CopyToIsoFormat( event.timestamp) - self.assertEqual(event_timestamp, u'2016-10-25T19:37:24.987014+00:00') + self.assertEqual(event_timestamp, '2016-10-25T19:37:24.987014+00:00') # Testing year increment. event = events[4] event_timestamp = timelib.Timestamp.CopyToIsoFormat( event.timestamp) - self.assertEqual(event_timestamp, u'2016-10-25T19:37:24.993079+00:00') + self.assertEqual(event_timestamp, '2016-10-25T19:37:24.993079+00:00') event = events[6] - expected_reporter = u'kernel' + expected_reporter = 'kernel' self.assertEqual(event.reporter, expected_reporter) event = events[7] expected_message = ( - u'INFO [aprocess] [ 316.587330] cfg80211: This is a multi-line\t' - u'message that screws up many syslog parsers.') + 'INFO [aprocess] [ 316.587330] cfg80211: This is a multi-line\t' + 'message that screws up many syslog parsers.') expected_short_message = ( - u'INFO [aprocess] [ 316.587330] cfg80211: This is a multi-line\t' - u'message that sc...') + 'INFO [aprocess] [ 316.587330] cfg80211: This is a multi-line\t' + 'message that sc...') self._TestGetMessageStrings(event, expected_message, expected_short_message) - @shared_test_lib.skipUnlessHasTestFile([u'syslog']) + @shared_test_lib.skipUnlessHasTestFile(['syslog']) def testParse(self): """Tests the Parse function.""" parser = syslog.SyslogParser() - knowledge_base_values = {u'year': 2012} + knowledge_base_values = {'year': 2012} storage_writer = self._ParseFile( - [u'syslog'], parser, + ['syslog'], parser, knowledge_base_values=knowledge_base_values) self.assertEqual(storage_writer.number_of_events, 16) @@ -99,51 +101,51 @@ def testParse(self): event = events[0] event_timestamp = timelib.Timestamp.CopyToIsoFormat( event.timestamp) - self.assertEqual(event_timestamp, u'2012-01-22T07:52:33+00:00') - self.assertEqual(event.hostname, u'myhostname.myhost.com') + self.assertEqual(event_timestamp, '2012-01-22T07:52:33+00:00') + self.assertEqual(event.hostname, 'myhostname.myhost.com') expected_message = ( - u'[client, pid: 30840] INFO No new content in ímynd.dd.') + '[client, pid: 30840] INFO No new content in ímynd.dd.') self._TestGetMessageStrings(event, expected_message, expected_message) event = events[6] event_timestamp = timelib.Timestamp.CopyToIsoFormat( event.timestamp) - self.assertEqual(event_timestamp, u'2012-02-29T01:15:43+00:00') + self.assertEqual(event_timestamp, '2012-02-29T01:15:43+00:00') # Testing year increment. event = events[8] event_timestamp = timelib.Timestamp.CopyToIsoFormat( event.timestamp) - self.assertEqual(event_timestamp, u'2013-03-23T23:01:18+00:00') + self.assertEqual(event_timestamp, '2013-03-23T23:01:18+00:00') event = events[10] - expected_reporter = u'/sbin/anacron' + expected_reporter = '/sbin/anacron' self.assertEqual(event.reporter, expected_reporter) event = events[11] expected_message = ( - u'[aprocess, pid: 10100] This is a multi-line message that screws up' - u'\tmany syslog parsers.') + '[aprocess, pid: 10100] This is a multi-line message that screws up' + '\tmany syslog parsers.') expected_short_message = ( - u'[aprocess, pid: 10100] This is a multi-line message that screws up' - u'\tmany syslo...') + '[aprocess, pid: 10100] This is a multi-line message that screws up' + '\tmany syslo...') self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[14] - self.assertEqual(event.reporter, u'kernel') + self.assertEqual(event.reporter, 'kernel') self.assertIsNone(event.hostname) expected_message = ( - u'[kernel] [997.390602] sda2: rw=0, want=65, limit=2') + '[kernel] [997.390602] sda2: rw=0, want=65, limit=2') expected_short_message = ( - u'[kernel] [997.390602] sda2: rw=0, want=65, limit=2') + '[kernel] [997.390602] sda2: rw=0, want=65, limit=2') self._TestGetMessageStrings(event, expected_message, expected_short_message) # Testing non-leap year. parser = syslog.SyslogParser() - knowledge_base_values = {u'year': 2013} + knowledge_base_values = {'year': 2013} storage_writer = self._ParseFile( - [u'syslog'], parser, + ['syslog'], parser, knowledge_base_values=knowledge_base_values) self.assertEqual(storage_writer.number_of_events, 15) diff --git a/tests/parsers/systemd_journal.py b/tests/parsers/systemd_journal.py index 3770d3e4de..2e63b57d1d 100644 --- a/tests/parsers/systemd_journal.py +++ b/tests/parsers/systemd_journal.py @@ -2,6 +2,8 @@ # -*- coding: utf-8 -*- """Tests for the Systemd Journal parser.""" +from __future__ import unicode_literals + import unittest try: @@ -23,7 +25,7 @@ def testParse(self): """Tests the Parse function.""" parser = systemd_journal.SystemdJournalParser() storage_writer = self._ParseFile([ - u'systemd', u'journal', u'system.journal'], parser) + 'systemd', 'journal', 'system.journal'], parser) self.assertEqual(storage_writer.number_of_events, 2101) @@ -32,26 +34,26 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2017-01-27 09:40:55.913258') + '2017-01-27 09:40:55.913258') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'test-VirtualBox [systemd, pid: 1] Started User Manager for ' - u'UID 1000.') + 'test-VirtualBox [systemd, pid: 1] Started User Manager for ' + 'UID 1000.') self._TestGetMessageStrings(event, expected_message, expected_message) # This event uses XZ compressed data event = events[2098] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2017-02-06 16:24:32.564585') + '2017-02-06 16:24:32.564585') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'test-VirtualBox [root, pid: 22921] {0:s}'.format( - u'a' * 692) - expected_short_message = u'{0:s}...'.format(expected_message[:77]) + expected_message = 'test-VirtualBox [root, pid: 22921] {0:s}'.format( + 'a' * 692) + expected_short_message = '{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings(event, expected_message, expected_short_message) def testParseDirty(self): @@ -60,8 +62,8 @@ def testParseDirty(self): parser_mediator = self._CreateParserMediator(storage_writer) parser = systemd_journal.SystemdJournalParser() path_segments = [ - u'systemd', u'journal', - u'system@00053f9c9a4c1e0e-2e18a70e8b327fed.journalTILDE' + 'systemd', 'journal', + 'system@00053f9c9a4c1e0e-2e18a70e8b327fed.journalTILDE' ] file_entry = self._GetTestFileEntry(path_segments) file_object = file_entry.GetFileObject() @@ -75,14 +77,14 @@ def testParseDirty(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-10-24 13:20:01.063423') + '2016-10-24 13:20:01.063423') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'test-VirtualBox [systemd-journald, pid: 569] Runtime journal ' - u'(/run/log/journal/) is 1.2M, max 9.9M, 8.6M free.') - expected_short_message = u'{0:s}...'.format(expected_message[:77]) + 'test-VirtualBox [systemd-journald, pid: 569] Runtime journal ' + '(/run/log/journal/) is 1.2M, max 9.9M, 8.6M free.') + expected_short_message = '{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings(event, expected_message, expected_short_message) self.assertEqual(storage_writer.number_of_errors, 1) @@ -90,9 +92,9 @@ def testParseDirty(self): errors = list(storage_writer.GetErrors()) error = errors[0] expected_error_message = ( - u'Unable to complete parsing journal file: ' - u'object offset should be after hash tables (4308912 < 2527472) at ' - u'offset 0x0041bfb0') + 'Unable to complete parsing journal file: ' + 'object offset should be after hash tables (4308912 < 2527472) at ' + 'offset 0x0041bfb0') self.assertEqual(error.message, expected_error_message) if __name__ == '__main__': diff --git a/tests/parsers/test_lib.py b/tests/parsers/test_lib.py index 19efa6ee1e..d287887fbb 100644 --- a/tests/parsers/test_lib.py +++ b/tests/parsers/test_lib.py @@ -1,6 +1,8 @@ # -*- coding: utf-8 -*- """Parser related functions and classes for testing.""" +from __future__ import unicode_literals + from dfvfs.lib import definitions as dfvfs_definitions from dfvfs.path import factory as path_spec_factory from dfvfs.resolver import resolver as path_spec_resolver @@ -21,7 +23,7 @@ class ParserTestCase(shared_test_lib.BaseTestCase): def _CreateParserMediator( self, storage_writer, file_entry=None, knowledge_base_values=None, - parser_chain=None, timezone=u'UTC'): + parser_chain=None, timezone='UTC'): """Creates a parser mediator. Args: @@ -74,13 +76,13 @@ def _GetShortMessage(self, message_string): be shortened to it's first 77 characters followed by a "...". """ if len(message_string) > 80: - return u'{0:s}...'.format(message_string[:77]) + return '{0:s}...'.format(message_string[:77]) return message_string def _ParseFile( self, path_segments, parser, knowledge_base_values=None, - timezone=u'UTC'): + timezone='UTC'): """Parses a file with a parser and writes results to a storage writer. Args: @@ -100,7 +102,7 @@ def _ParseFile( timezone=timezone) def _ParseFileByPathSpec( - self, path_spec, parser, knowledge_base_values=None, timezone=u'UTC'): + self, path_spec, parser, knowledge_base_values=None, timezone='UTC'): """Parses a file with a parser and writes results to a storage writer. Args: @@ -131,7 +133,7 @@ def _ParseFileByPathSpec( file_object.close() else: - self.fail(u'Got unsupported parser type: {0:s}'.format(type(parser))) + self.fail('Got unsupported parser type: {0:s}'.format(type(parser))) return storage_writer diff --git a/tests/parsers/text_parser.py b/tests/parsers/text_parser.py index 7efa92b993..abb3c5bc6c 100644 --- a/tests/parsers/text_parser.py +++ b/tests/parsers/text_parser.py @@ -2,6 +2,8 @@ # -*- coding: utf-8 -*- """This file contains the tests for the generic text parser.""" +from __future__ import unicode_literals + import unittest import pyparsing @@ -17,67 +19,67 @@ class PyparsingConstantsTest(test_lib.ParserTestCase): def testConstants(self): """Tests parsing with constants.""" with self.assertRaises(pyparsing.ParseException): - text_parser.PyparsingConstants.MONTH.parseString(u'MMo') + text_parser.PyparsingConstants.MONTH.parseString('MMo') with self.assertRaises(pyparsing.ParseException): - text_parser.PyparsingConstants.MONTH.parseString(u'M') + text_parser.PyparsingConstants.MONTH.parseString('M') with self.assertRaises(pyparsing.ParseException): - text_parser.PyparsingConstants.MONTH.parseString(u'March', parseAll=True) + text_parser.PyparsingConstants.MONTH.parseString('March', parseAll=True) - self.assertTrue(text_parser.PyparsingConstants.MONTH.parseString(u'Jan')) + self.assertTrue(text_parser.PyparsingConstants.MONTH.parseString('Jan')) - line = u'# This is a comment.' + line = '# This is a comment.' parsed_line = text_parser.PyparsingConstants.COMMENT_LINE_HASH.parseString( line) - self.assertEqual(parsed_line[-1], u'This is a comment.') + self.assertEqual(parsed_line[-1], 'This is a comment.') self.assertEqual(len(parsed_line), 2) def testConstantIPv4(self): """Tests parsing with the IPV4_ADDRESS constant.""" self.assertTrue( text_parser.PyparsingConstants.IPV4_ADDRESS.parseString( - u'123.51.234.52')) + '123.51.234.52')) self.assertTrue( text_parser.PyparsingConstants.IPV4_ADDRESS.parseString( - u'255.254.23.1')) + '255.254.23.1')) self.assertTrue( - text_parser.PyparsingConstants.IPV4_ADDRESS.parseString(u'1.1.34.2')) + text_parser.PyparsingConstants.IPV4_ADDRESS.parseString('1.1.34.2')) with self.assertRaises(pyparsing.ParseException): - text_parser.PyparsingConstants.IPV4_ADDRESS.parseString(u'1.1.34.258') + text_parser.PyparsingConstants.IPV4_ADDRESS.parseString('1.1.34.258') with self.assertRaises(pyparsing.ParseException): - text_parser.PyparsingConstants.IPV4_ADDRESS.parseString(u'a.1.34.258') + text_parser.PyparsingConstants.IPV4_ADDRESS.parseString('a.1.34.258') with self.assertRaises(pyparsing.ParseException): - text_parser.PyparsingConstants.IPV4_ADDRESS.parseString(u'.34.258') + text_parser.PyparsingConstants.IPV4_ADDRESS.parseString('.34.258') with self.assertRaises(pyparsing.ParseException): - text_parser.PyparsingConstants.IPV4_ADDRESS.parseString(u'34.258') + text_parser.PyparsingConstants.IPV4_ADDRESS.parseString('34.258') with self.assertRaises(pyparsing.ParseException): - text_parser.PyparsingConstants.IPV4_ADDRESS.parseString(u'10.52.34.258') + text_parser.PyparsingConstants.IPV4_ADDRESS.parseString('10.52.34.258') def testConstantOctet(self): """Tests parsing with the IPV4_OCTET constant.""" self.assertTrue( - text_parser.PyparsingConstants.IPV4_OCTET.parseString(u'0')) + text_parser.PyparsingConstants.IPV4_OCTET.parseString('0')) self.assertTrue( - text_parser.PyparsingConstants.IPV4_OCTET.parseString(u'123')) + text_parser.PyparsingConstants.IPV4_OCTET.parseString('123')) self.assertTrue( - text_parser.PyparsingConstants.IPV4_OCTET.parseString(u'255')) + text_parser.PyparsingConstants.IPV4_OCTET.parseString('255')) with self.assertRaises(pyparsing.ParseException): - text_parser.PyparsingConstants.IPV4_OCTET.parseString(u'526') + text_parser.PyparsingConstants.IPV4_OCTET.parseString('526') with self.assertRaises(pyparsing.ParseException): - text_parser.PyparsingConstants.IPV4_OCTET.parseString(u'1026') + text_parser.PyparsingConstants.IPV4_OCTET.parseString('1026') with self.assertRaises(pyparsing.ParseException): text_parser.PyparsingConstants.IPV4_OCTET.parseString( - u'a9', parseAll=True) + 'a9', parseAll=True) -if __name__ == u'__main__': +if __name__ == '__main__': unittest.main() diff --git a/tests/parsers/utmp.py b/tests/parsers/utmp.py index 25c5d0b65a..740effd688 100644 --- a/tests/parsers/utmp.py +++ b/tests/parsers/utmp.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Parser test for utmp files.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import utmp # pylint: disable=unused-import +from plaso.formatters import utmp as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import utmp @@ -15,80 +17,80 @@ class UtmpParserTest(test_lib.ParserTestCase): """The unit test for UTMP parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'utmp']) + @shared_test_lib.skipUnlessHasTestFile(['utmp']) def testParseUtmpFile(self): """Tests the Parse function for an UTMP file.""" parser = utmp.UtmpParser() - storage_writer = self._ParseFile([u'utmp'], parser) + storage_writer = self._ParseFile(['utmp'], parser) self.assertEqual(storage_writer.number_of_events, 14) events = list(storage_writer.GetEvents()) event = events[0] - self.assertEqual(event.terminal, u'system boot') - self.assertEqual(event.status, u'BOOT_TIME') + self.assertEqual(event.terminal, 'system boot') + self.assertEqual(event.status, 'BOOT_TIME') event = events[1] - self.assertEqual(event.status, u'RUN_LVL') + self.assertEqual(event.status, 'RUN_LVL') event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-13 14:45:09') + '2013-12-13 14:45:09') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.user, u'LOGIN') - self.assertEqual(event.computer_name, u'localhost') - self.assertEqual(event.terminal, u'tty4') - self.assertEqual(event.status, u'LOGIN_PROCESS') + self.assertEqual(event.user, 'LOGIN') + self.assertEqual(event.computer_name, 'localhost') + self.assertEqual(event.terminal, 'tty4') + self.assertEqual(event.status, 'LOGIN_PROCESS') self.assertEqual(event.exit, 0) self.assertEqual(event.pid, 1115) self.assertEqual(event.terminal_id, 52) expected_message = ( - u'User: LOGIN ' - u'Computer Name: localhost ' - u'Terminal: tty4 ' - u'PID: 1115 ' - u'Terminal_ID: 52 ' - u'Status: LOGIN_PROCESS ' - u'IP Address: localhost ' - u'Exit: 0') + 'User: LOGIN ' + 'Computer Name: localhost ' + 'Terminal: tty4 ' + 'PID: 1115 ' + 'Terminal_ID: 52 ' + 'Status: LOGIN_PROCESS ' + 'IP Address: localhost ' + 'Exit: 0') expected_short_message = ( - u'User: LOGIN') + 'User: LOGIN') self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[12] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-12-18 22:46:56.305504') + '2013-12-18 22:46:56.305504') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.user, u'moxilo') - self.assertEqual(event.computer_name, u'localhost') - self.assertEqual(event.terminal, u'pts/4') - self.assertEqual(event.status, u'USER_PROCESS') + self.assertEqual(event.user, 'moxilo') + self.assertEqual(event.computer_name, 'localhost') + self.assertEqual(event.terminal, 'pts/4') + self.assertEqual(event.status, 'USER_PROCESS') self.assertEqual(event.exit, 0) self.assertEqual(event.pid, 2684) self.assertEqual(event.terminal_id, 13359) expected_message = ( - u'User: moxilo ' - u'Computer Name: localhost ' - u'Terminal: pts/4 ' - u'PID: 2684 ' - u'Terminal_ID: 13359 ' - u'Status: USER_PROCESS ' - u'IP Address: localhost ' - u'Exit: 0') + 'User: moxilo ' + 'Computer Name: localhost ' + 'Terminal: pts/4 ' + 'PID: 2684 ' + 'Terminal_ID: 13359 ' + 'Status: USER_PROCESS ' + 'IP Address: localhost ' + 'Exit: 0') expected_short_message = ( - u'User: moxilo') + 'User: moxilo') self._TestGetMessageStrings(event, expected_message, expected_short_message) - @shared_test_lib.skipUnlessHasTestFile([u'wtmp.1']) + @shared_test_lib.skipUnlessHasTestFile(['wtmp.1']) def testParseWtmpFile(self): """Tests the Parse function for an WTMP file.""" parser = utmp.UtmpParser() - storage_writer = self._ParseFile([u'wtmp.1'], parser) + storage_writer = self._ParseFile(['wtmp.1'], parser) self.assertEqual(storage_writer.number_of_events, 4) @@ -97,28 +99,28 @@ def testParseWtmpFile(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2011-12-01 17:36:38.432935') + '2011-12-01 17:36:38.432935') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.user, u'userA') - self.assertEqual(event.computer_name, u'10.10.122.1') - self.assertEqual(event.terminal, u'pts/32') - self.assertEqual(event.status, u'USER_PROCESS') - self.assertEqual(event.ip_address, u'10.10.122.1') + self.assertEqual(event.user, 'userA') + self.assertEqual(event.computer_name, '10.10.122.1') + self.assertEqual(event.terminal, 'pts/32') + self.assertEqual(event.status, 'USER_PROCESS') + self.assertEqual(event.ip_address, '10.10.122.1') self.assertEqual(event.exit, 0) self.assertEqual(event.pid, 20060) self.assertEqual(event.terminal_id, 842084211) expected_message = ( - u'User: userA ' - u'Computer Name: 10.10.122.1 ' - u'Terminal: pts/32 ' - u'PID: 20060 ' - u'Terminal_ID: 842084211 ' - u'Status: USER_PROCESS ' - u'IP Address: 10.10.122.1 ' - u'Exit: 0') + 'User: userA ' + 'Computer Name: 10.10.122.1 ' + 'Terminal: pts/32 ' + 'PID: 20060 ' + 'Terminal_ID: 842084211 ' + 'Status: USER_PROCESS ' + 'IP Address: 10.10.122.1 ' + 'Exit: 0') expected_short_message = ( - u'User: userA') + 'User: userA') self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/utmpx.py b/tests/parsers/utmpx.py index 28777032c3..f9e36c8b83 100644 --- a/tests/parsers/utmpx.py +++ b/tests/parsers/utmpx.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for UTMPX file parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import utmpx # pylint: disable=unused-import +from plaso.formatters import utmpx as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import utmpx @@ -15,11 +17,11 @@ class UtmpxParserTest(test_lib.ParserTestCase): """Tests for utmpx file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'utmpx_mac']) + @shared_test_lib.skipUnlessHasTestFile(['utmpx_mac']) def testParse(self): """Tests the Parse function.""" parser = utmpx.UtmpxParser() - storage_writer = self._ParseFile([u'utmpx_mac'], parser) + storage_writer = self._ParseFile(['utmpx_mac'], parser) self.assertEqual(storage_writer.number_of_events, 6) @@ -27,52 +29,52 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-13 17:52:34') + '2013-11-13 17:52:34') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'User: N/A Status: BOOT_TIME ' - u'Computer Name: localhost Terminal: N/A') - expected_short_message = u'User: N/A' + 'User: N/A Status: BOOT_TIME ' + 'Computer Name: localhost Terminal: N/A') + expected_short_message = 'User: N/A' self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-13 17:52:41.736713') + '2013-11-13 17:52:41.736713') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.user, u'moxilo') - self.assertEqual(event.terminal, u'console', ) + self.assertEqual(event.user, 'moxilo') + self.assertEqual(event.terminal, 'console', ) self.assertEqual(event.status_type, 7) - self.assertEqual(event.computer_name, u'localhost') + self.assertEqual(event.computer_name, 'localhost') expected_message = ( - u'User: moxilo Status: ' - u'USER_PROCESS ' - u'Computer Name: localhost ' - u'Terminal: console') - expected_short_message = u'User: moxilo' + 'User: moxilo Status: ' + 'USER_PROCESS ' + 'Computer Name: localhost ' + 'Terminal: console') + expected_short_message = 'User: moxilo' self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[4] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-11-14 04:32:56.641464') + '2013-11-14 04:32:56.641464') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.user, u'moxilo') - self.assertEqual(event.terminal, u'ttys002') + self.assertEqual(event.user, 'moxilo') + self.assertEqual(event.terminal, 'ttys002') self.assertEqual(event.status_type, 8) expected_message = ( - u'User: moxilo Status: ' - u'DEAD_PROCESS ' - u'Computer Name: localhost ' - u'Terminal: ttys002') - expected_short_message = u'User: moxilo' + 'User: moxilo Status: ' + 'DEAD_PROCESS ' + 'Computer Name: localhost ' + 'Terminal: ttys002') + expected_short_message = 'User: moxilo' self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/winevt.py b/tests/parsers/winevt.py index 1f4af30034..0f9fbc0d64 100644 --- a/tests/parsers/winevt.py +++ b/tests/parsers/winevt.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the Windows EventLog (EVT) parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import winevt # pylint: disable=unused-import +from plaso.formatters import winevt as _ # pylint: disable=unused-import from plaso.lib import definitions from plaso.lib import timelib from plaso.parsers import winevt @@ -16,11 +18,11 @@ class WinEvtParserTest(test_lib.ParserTestCase): """Tests for the Windows EventLog (EVT) parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'SysEvent.Evt']) + @shared_test_lib.skipUnlessHasTestFile(['SysEvent.Evt']) def testParse(self): """Tests the Parse function.""" parser = winevt.WinEvtParser() - storage_writer = self._ParseFile([u'SysEvent.Evt'], parser) + storage_writer = self._ParseFile(['SysEvent.Evt'], parser) # Windows Event Log (EVT) information: # Version : 1.1 @@ -35,7 +37,7 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2011-07-27 06:41:47') + '2011-07-27 06:41:47') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) @@ -58,43 +60,43 @@ def testParse(self): self.assertEqual(event.record_number, 1392) self.assertEqual(event.event_type, 2) - self.assertEqual(event.computer_name, u'WKS-WINXP32BIT') - self.assertEqual(event.source_name, u'LSASRV') + self.assertEqual(event.computer_name, 'WKS-WINXP32BIT') + self.assertEqual(event.source_name, 'LSASRV') self.assertEqual(event.event_category, 3) self.assertEqual(event.event_identifier, 40961) - self.assertEqual(event.strings[0], u'cifs/CONTROLLER') + self.assertEqual(event.strings[0], 'cifs/CONTROLLER') expected_string = ( - u'"The system detected a possible attempt to compromise security. ' - u'Please ensure that you can contact the server that authenticated you.' - u'\r\n (0xc0000388)"') + '"The system detected a possible attempt to compromise security. ' + 'Please ensure that you can contact the server that authenticated you.' + '\r\n (0xc0000388)"') self.assertEqual(event.strings[1], expected_string) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2011-07-27 06:41:47') + '2011-07-27 06:41:47') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_WRITTEN) expected_message = ( - u'[40961 / 0xa001] ' - u'Severity: Warning ' - u'Record Number: 1392 ' - u'Event Type: Information event ' - u'Event Category: 3 ' - u'Source Name: LSASRV ' - u'Computer Name: WKS-WINXP32BIT ' - u'Strings: [\'cifs/CONTROLLER\', ' - u'\'"The system detected a possible attempt to ' - u'compromise security. Please ensure that you can ' - u'contact the server that authenticated you. (0xc0000388)"\']') + '[40961 / 0xa001] ' + 'Severity: Warning ' + 'Record Number: 1392 ' + 'Event Type: Information event ' + 'Event Category: 3 ' + 'Source Name: LSASRV ' + 'Computer Name: WKS-WINXP32BIT ' + 'Strings: [\'cifs/CONTROLLER\', ' + '\'"The system detected a possible attempt to ' + 'compromise security. Please ensure that you can ' + 'contact the server that authenticated you. (0xc0000388)"\']') expected_short_message = ( - u'[40961 / 0xa001] ' - u'Strings: [\'cifs/CONTROLLER\', ' - u'\'"The system detected a possibl...') + '[40961 / 0xa001] ' + 'Strings: [\'cifs/CONTROLLER\', ' + '\'"The system detected a possibl...') self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/winevtx.py b/tests/parsers/winevtx.py index 17e240df90..4d2f21e5c4 100644 --- a/tests/parsers/winevtx.py +++ b/tests/parsers/winevtx.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the Windows XML EventLog (EVTX) parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import winevtx # pylint: disable=unused-import +from plaso.formatters import winevtx as _ # pylint: disable=unused-import from plaso.lib import definitions from plaso.lib import timelib from plaso.parsers import winevtx @@ -16,11 +18,11 @@ class WinEvtxParserTest(test_lib.ParserTestCase): """Tests for the Windows XML EventLog (EVTX) parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'System.evtx']) + @shared_test_lib.skipUnlessHasTestFile(['System.evtx']) def testParse(self): """Tests the Parse function.""" parser = winevtx.WinEvtxParser() - storage_writer = self._ParseFile([u'System.evtx'], parser) + storage_writer = self._ParseFile(['System.evtx'], parser) # Windows Event Viewer Log (EVTX) information: # Version : 3.1 @@ -47,85 +49,85 @@ def testParse(self): event = events[0] self.assertEqual(event.record_number, 12049) - expected_computer_name = u'WKS-WIN764BITB.shieldbase.local' + expected_computer_name = 'WKS-WIN764BITB.shieldbase.local' self.assertEqual(event.computer_name, expected_computer_name) - self.assertEqual(event.source_name, u'Microsoft-Windows-Eventlog') + self.assertEqual(event.source_name, 'Microsoft-Windows-Eventlog') self.assertEqual(event.event_level, 4) self.assertEqual(event.event_identifier, 105) - self.assertEqual(event.strings[0], u'System') + self.assertEqual(event.strings[0], 'System') expected_string = ( - u'C:\\Windows\\System32\\Winevt\\Logs\\' - u'Archive-System-2012-03-14-04-17-39-932.evtx') + 'C:\\Windows\\System32\\Winevt\\Logs\\' + 'Archive-System-2012-03-14-04-17-39-932.evtx') self.assertEqual(event.strings[1], expected_string) event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2012-03-14 04:17:38.276340') + '2012-03-14 04:17:38.276340') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_WRITTEN) expected_xml_string = ( - u'\n' - u' \n' - u' \n' - u' 7036\n' - u' 0\n' - u' 4\n' - u' 0\n' - u' 0\n' - u' 0x8080000000000000\n' - u' \n' - u' 12050\n' - u' \n' - u' \n' - u' System\n' - u' WKS-WIN764BITB.shieldbase.local\n' - u' \n' - u' \n' - u' \n' - u' Windows Modules Installer\n' - u' stopped\n' - u' 540072007500730074006500640049006E007300740061006C006C00' - u'650072002F0031000000\n' - u' \n' - u'\n') + '\n' + ' \n' + ' \n' + ' 7036\n' + ' 0\n' + ' 4\n' + ' 0\n' + ' 0\n' + ' 0x8080000000000000\n' + ' \n' + ' 12050\n' + ' \n' + ' \n' + ' System\n' + ' WKS-WIN764BITB.shieldbase.local\n' + ' \n' + ' \n' + ' \n' + ' Windows Modules Installer\n' + ' stopped\n' + ' 540072007500730074006500640049006E007300740061006C006C00' + '650072002F0031000000\n' + ' \n' + '\n') self.assertEqual(event.xml_string, expected_xml_string) expected_message = ( - u'[7036 / 0x1b7c] ' - u'Record Number: 12050 ' - u'Event Level: 4 ' - u'Source Name: Service Control Manager ' - u'Computer Name: WKS-WIN764BITB.shieldbase.local ' - u'Message string: The Windows Modules Installer service entered ' - u'the stopped state. ' - u'Strings: [\'Windows Modules Installer\', \'stopped\', ' - u'\'540072007500730074006500640049006E00' - u'7300740061006C006C00650072002F0031000000\']') + '[7036 / 0x1b7c] ' + 'Record Number: 12050 ' + 'Event Level: 4 ' + 'Source Name: Service Control Manager ' + 'Computer Name: WKS-WIN764BITB.shieldbase.local ' + 'Message string: The Windows Modules Installer service entered ' + 'the stopped state. ' + 'Strings: [\'Windows Modules Installer\', \'stopped\', ' + '\'540072007500730074006500640049006E00' + '7300740061006C006C00650072002F0031000000\']') expected_short_message = ( - u'[7036 / 0x1b7c] ' - u'Strings: [\'Windows Modules Installer\', \'stopped\', ' - u'\'5400720075...') + '[7036 / 0x1b7c] ' + 'Strings: [\'Windows Modules Installer\', \'stopped\', ' + '\'5400720075...') self._TestGetMessageStrings(event, expected_message, expected_short_message) - @shared_test_lib.skipUnlessHasTestFile([u'System2.evtx']) + @shared_test_lib.skipUnlessHasTestFile(['System2.evtx']) def testParseTruncated(self): """Tests the Parse function on a truncated file.""" parser = winevtx.WinEvtxParser() # Be aware of System2.evtx file, it was manually shortened so it probably # contains invalid log at the end. - storage_writer = self._ParseFile([u'System2.evtx'], parser) + storage_writer = self._ParseFile(['System2.evtx'], parser) self.assertEqual(storage_writer.number_of_events, 194) @@ -134,12 +136,12 @@ def testParseTruncated(self): event = events[178] expected_strings_parsed = [ - (u'source_user_id', u'S-1-5-18'), - (u'source_user_name', u'GREENDALEGOLD$'), - (u'target_machine_ip', u'-'), - (u'target_machine_name', None), - (u'target_user_id', u'S-1-5-18'), - (u'target_user_name', u'SYSTEM')] + ('source_user_id', 'S-1-5-18'), + ('source_user_name', 'GREENDALEGOLD$'), + ('target_machine_ip', '-'), + ('target_machine_name', None), + ('target_user_id', 'S-1-5-18'), + ('target_user_name', 'SYSTEM')] strings_parsed = sorted(event.strings_parsed.items()) self.assertEqual(strings_parsed, expected_strings_parsed) @@ -149,11 +151,11 @@ def testParseTruncated(self): event = events[180] expected_strings_parsed = [ - (u'source_user_id', u'S-1-5-21-1539974973-2753941131-3212641383-1000'), - (u'source_user_name', u'gold_administrator'), - (u'target_machine_ip', u'-'), - (u'target_machine_name', u'DC1.internal.greendale.edu'), - (u'target_user_name', u'administrator')] + ('source_user_id', 'S-1-5-21-1539974973-2753941131-3212641383-1000'), + ('source_user_name', 'gold_administrator'), + ('target_machine_ip', '-'), + ('target_machine_name', 'DC1.internal.greendale.edu'), + ('target_user_name', 'administrator')] strings_parsed = sorted(event.strings_parsed.items()) self.assertEqual(strings_parsed, expected_strings_parsed) diff --git a/tests/parsers/winjob.py b/tests/parsers/winjob.py index a6729a2cbc..2ee354d54c 100644 --- a/tests/parsers/winjob.py +++ b/tests/parsers/winjob.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the Windows Scheduled Task job file parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import winjob # pylint: disable=unused-import +from plaso.formatters import winjob as _ # pylint: disable=unused-import from plaso.lib import definitions from plaso.lib import timelib from plaso.parsers import winjob @@ -16,11 +18,11 @@ class WinJobTest(test_lib.ParserTestCase): """Tests for the Windows Scheduled Task job file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'wintask.job']) + @shared_test_lib.skipUnlessHasTestFile(['wintask.job']) def testParse(self): """Tests the Parse function.""" parser = winjob.WinJobParser() - storage_writer = self._ParseFile([u'wintask.job'], parser) + storage_writer = self._ParseFile(['wintask.job'], parser) self.assertEqual(storage_writer.number_of_events, 2) @@ -29,42 +31,42 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-08-24 12:42:00.112') + '2013-08-24 12:42:00.112') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_RUN) expected_application = ( - u'C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe') + 'C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe') self.assertEqual(event.application, expected_application) - self.assertEqual(event.username, u'Brian') + self.assertEqual(event.username, 'Brian') expected_comment = ( - u'Keeps your Google software up to date. If this task is disabled or ' - u'stopped, your Google software will not be kept up to date, meaning ' - u'security vulnerabilities that may arise cannot be fixed and ' - u'features may not work. This task uninstalls itself when there is ' - u'no Google software using it.') + 'Keeps your Google software up to date. If this task is disabled or ' + 'stopped, your Google software will not be kept up to date, meaning ' + 'security vulnerabilities that may arise cannot be fixed and ' + 'features may not work. This task uninstalls itself when there is ' + 'no Google software using it.') self.assertEqual(event.comment, expected_comment) # Parse second event. Same metadata; different timestamp event. event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-07-12 15:42:00') + '2013-07-12 15:42:00') self.assertEqual(event.timestamp, expected_timestamp) - self.assertEqual(event.timestamp_desc, u'Scheduled to start') + self.assertEqual(event.timestamp_desc, 'Scheduled to start') self.assertEqual(event.trigger_type, 1) expected_message = ( - u'Application: {0:s} /ua /installsource scheduler ' - u'Scheduled by: Brian ' - u'Trigger type: DAILY').format(expected_application) + 'Application: {0:s} /ua /installsource scheduler ' + 'Scheduled by: Brian ' + 'Trigger type: DAILY').format(expected_application) expected_short_message = ( - u'Application: {0:s} /ua /insta...').format(expected_application) + 'Application: {0:s} /ua /insta...').format(expected_application) self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/winlnk.py b/tests/parsers/winlnk.py index b23745d97f..307192972c 100644 --- a/tests/parsers/winlnk.py +++ b/tests/parsers/winlnk.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the Windows Shortcut (LNK) parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import winlnk # pylint: disable=unused-import +from plaso.formatters import winlnk as _ # pylint: disable=unused-import from plaso.lib import definitions from plaso.lib import timelib from plaso.parsers import winlnk @@ -16,11 +18,11 @@ class WinLnkParserTest(test_lib.ParserTestCase): """Tests for the Windows Shortcut (LNK) parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'example.lnk']) + @shared_test_lib.skipUnlessHasTestFile(['example.lnk']) def testParse(self): """Tests the Parse function.""" parser = winlnk.WinLnkParser() - storage_writer = self._ParseFile([u'example.lnk'], parser) + storage_writer = self._ParseFile(['example.lnk'], parser) # Link information: # Creation time : Jul 13, 2009 23:29:02.849131000 UTC @@ -39,22 +41,22 @@ def testParse(self): # A shortcut event. event = events[0] - expected_string = u'@%windir%\\system32\\migwiz\\wet.dll,-590' + expected_string = '@%windir%\\system32\\migwiz\\wet.dll,-590' self.assertEqual(event.description, expected_string) - expected_string = u'.\\migwiz\\migwiz.exe' + expected_string = '.\\migwiz\\migwiz.exe' self.assertEqual(event.relative_path, expected_string) - expected_string = u'%windir%\\system32\\migwiz' + expected_string = '%windir%\\system32\\migwiz' self.assertEqual(event.working_directory, expected_string) - expected_string = u'%windir%\\system32\\migwiz\\migwiz.exe' + expected_string = '%windir%\\system32\\migwiz\\migwiz.exe' self.assertEqual(event.icon_location, expected_string) self.assertEqual(event.env_var_location, expected_string) # The last accessed timestamp. expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-07-13 23:29:02.849131') + '2009-07-13 23:29:02.849131') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_ACCESS) self.assertEqual(event.timestamp, expected_timestamp) @@ -63,7 +65,7 @@ def testParse(self): event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-07-13 23:29:02.849131') + '2009-07-13 23:29:02.849131') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) self.assertEqual(event.timestamp, expected_timestamp) @@ -72,22 +74,22 @@ def testParse(self): event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-07-14 01:39:18.220000') + '2009-07-14 01:39:18.220000') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_MODIFICATION) self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'[@%windir%\\system32\\migwiz\\wet.dll,-590] ' - u'File size: 544768 ' - u'File attribute flags: 0x00000020 ' - u'env location: %windir%\\system32\\migwiz\\migwiz.exe ' - u'Relative path: .\\migwiz\\migwiz.exe ' - u'Working dir: %windir%\\system32\\migwiz ' - u'Icon location: %windir%\\system32\\migwiz\\migwiz.exe') + '[@%windir%\\system32\\migwiz\\wet.dll,-590] ' + 'File size: 544768 ' + 'File attribute flags: 0x00000020 ' + 'env location: %windir%\\system32\\migwiz\\migwiz.exe ' + 'Relative path: .\\migwiz\\migwiz.exe ' + 'Working dir: %windir%\\system32\\migwiz ' + 'Icon location: %windir%\\system32\\migwiz\\migwiz.exe') expected_short_message = ( - u'[@%windir%\\system32\\migwiz\\wet.dll,-590]') + '[@%windir%\\system32\\migwiz\\wet.dll,-590]') self._TestGetMessageStrings(event, expected_message, expected_short_message) @@ -95,20 +97,20 @@ def testParse(self): event = events[4] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-07-14 05:45:20.500012') + '2009-07-14 05:45:20.500012') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) self.assertEqual(event.timestamp, expected_timestamp) - expected_uuid = u'846ee3bb-7039-11de-9d20-001d09fa5a1c' + expected_uuid = '846ee3bb-7039-11de-9d20-001d09fa5a1c' self.assertEqual(event.uuid, expected_uuid) - self.assertEqual(event.mac_address, u'00:1d:09:fa:5a:1c') + self.assertEqual(event.mac_address, '00:1d:09:fa:5a:1c') - @shared_test_lib.skipUnlessHasTestFile([u'NeroInfoTool.lnk']) + @shared_test_lib.skipUnlessHasTestFile(['NeroInfoTool.lnk']) def testParseLinkTargetIdentifier(self): """Tests the Parse function on an LNK with a link target identifier.""" parser = winlnk.WinLnkParser() - storage_writer = self._ParseFile([u'NeroInfoTool.lnk'], parser) + storage_writer = self._ParseFile(['NeroInfoTool.lnk'], parser) self.assertEqual(storage_writer.number_of_events, 20) @@ -118,29 +120,29 @@ def testParseLinkTargetIdentifier(self): event = events[16] expected_message = ( - u'[Nero InfoTool provides you with information about the most ' - u'important features of installed drives, inserted discs, installed ' - u'software and much more. With Nero InfoTool you can find out all ' - u'about your drive and your system configuration.] ' - u'File size: 4635160 ' - u'File attribute flags: 0x00000020 ' - u'Drive type: 3 ' - u'Drive serial number: 0x70ecfa33 ' - u'Volume label: OS ' - u'Local path: C:\\Program Files (x86)\\Nero\\Nero 9\\Nero InfoTool\\' - u'InfoTool.exe ' - u'cmd arguments: -ScParameter=30002 ' - u'Relative path: ..\\..\\..\\..\\..\\..\\..\\..\\Program Files (x86)\\' - u'Nero\\Nero 9\\Nero InfoTool\\InfoTool.exe ' - u'Working dir: C:\\Program Files (x86)\\Nero\\Nero 9\\Nero InfoTool ' - u'Icon location: %ProgramFiles%\\Nero\\Nero 9\\Nero InfoTool\\' - u'InfoTool.exe ' - u'Link target: C:\\Program Files (x86)\\Nero\\Nero 9\\' - u'Nero InfoTool\\InfoTool.exe') + '[Nero InfoTool provides you with information about the most ' + 'important features of installed drives, inserted discs, installed ' + 'software and much more. With Nero InfoTool you can find out all ' + 'about your drive and your system configuration.] ' + 'File size: 4635160 ' + 'File attribute flags: 0x00000020 ' + 'Drive type: 3 ' + 'Drive serial number: 0x70ecfa33 ' + 'Volume label: OS ' + 'Local path: C:\\Program Files (x86)\\Nero\\Nero 9\\Nero InfoTool\\' + 'InfoTool.exe ' + 'cmd arguments: -ScParameter=30002 ' + 'Relative path: ..\\..\\..\\..\\..\\..\\..\\..\\Program Files (x86)\\' + 'Nero\\Nero 9\\Nero InfoTool\\InfoTool.exe ' + 'Working dir: C:\\Program Files (x86)\\Nero\\Nero 9\\Nero InfoTool ' + 'Icon location: %ProgramFiles%\\Nero\\Nero 9\\Nero InfoTool\\' + 'InfoTool.exe ' + 'Link target: C:\\Program Files (x86)\\Nero\\Nero 9\\' + 'Nero InfoTool\\InfoTool.exe') expected_short_message = ( - u'[Nero InfoTool provides you with information about the most ' - u'important feature...') + '[Nero InfoTool provides you with information about the most ' + 'important feature...') self._TestGetMessageStrings(event, expected_message, expected_short_message) @@ -148,21 +150,21 @@ def testParseLinkTargetIdentifier(self): event = events[12] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-06-05 20:13:20') + '2009-06-05 20:13:20') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( - u'Name: InfoTool.exe ' - u'Long name: InfoTool.exe ' - u'NTFS file reference: 81349-1 ' - u'Shell item path: C:\\Program Files (x86)\\Nero\\' - u'Nero 9\\Nero InfoTool\\InfoTool.exe ' - u'Origin: NeroInfoTool.lnk') + 'Name: InfoTool.exe ' + 'Long name: InfoTool.exe ' + 'NTFS file reference: 81349-1 ' + 'Shell item path: C:\\Program Files (x86)\\Nero\\' + 'Nero 9\\Nero InfoTool\\InfoTool.exe ' + 'Origin: NeroInfoTool.lnk') expected_short_message = ( - u'Name: InfoTool.exe ' - u'NTFS file reference: 81349-1 ' - u'Origin: NeroInfoTool.lnk') + 'Name: InfoTool.exe ' + 'NTFS file reference: 81349-1 ' + 'Origin: NeroInfoTool.lnk') self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/winprefetch.py b/tests/parsers/winprefetch.py index 320569a419..c557cabdfd 100644 --- a/tests/parsers/winprefetch.py +++ b/tests/parsers/winprefetch.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the Windows prefetch parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import winprefetch # pylint: disable=unused-import +from plaso.formatters import winprefetch as _ # pylint: disable=unused-import from plaso.lib import definitions from plaso.lib import timelib from plaso.parsers import winprefetch @@ -16,11 +18,11 @@ class WinPrefetchParserTest(test_lib.ParserTestCase): """Tests for the Windows prefetch parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'CMD.EXE-087B4001.pf']) + @shared_test_lib.skipUnlessHasTestFile(['CMD.EXE-087B4001.pf']) def testParse17(self): """Tests the Parse function on a version 17 Prefetch file.""" parser = winprefetch.WinPrefetchParser() - storage_writer = self._ParseFile([u'CMD.EXE-087B4001.pf'], parser) + storage_writer = self._ParseFile(['CMD.EXE-087B4001.pf'], parser) self.assertEqual(storage_writer.number_of_events, 2) @@ -29,87 +31,87 @@ def testParse17(self): # The prefetch last run event. event = events[1] - self.assertEqual(event.data_type, u'windows:prefetch:execution') + self.assertEqual(event.data_type, 'windows:prefetch:execution') self.assertEqual(event.version, 17) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-03-10 10:11:49.281250') + '2013-03-10 10:11:49.281250') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_RUN) - self.assertEqual(event.executable, u'CMD.EXE') + self.assertEqual(event.executable, 'CMD.EXE') self.assertEqual(event.prefetch_hash, 0x087b4001) self.assertEqual(event.volume_serial_numbers[0], 0x24cb074b) expected_mapped_files = [ - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\NTDLL.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\KERNEL32.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\UNICODE.NLS', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\LOCALE.NLS', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\SORTTBLS.NLS', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\MSVCRT.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\CMD.EXE', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\USER32.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\GDI32.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\SHIMENG.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\APPPATCH\\SYSMAIN.SDB', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\APPPATCH\\ACGENRAL.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\ADVAPI32.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\RPCRT4.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\WINMM.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\OLE32.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\OLEAUT32.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\MSACM32.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\VERSION.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\SHELL32.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\SHLWAPI.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\USERENV.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\UXTHEME.DLL', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\CTYPE.NLS', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\SORTKEY.NLS', - (u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\WINSXS\\X86_MICROSOFT.WINDOWS.' - u'COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2180_X-WW_A84F1FF9\\' - u'COMCTL32.DLL'), - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\WINDOWSSHELL.MANIFEST', - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\COMCTL32.DLL', - (u'\\DEVICE\\HARDDISKVOLUME1\\D50FF1E628137B1A251B47AB9466\\UPDATE\\' - u'UPDATE.EXE.MANIFEST'), - u'\\DEVICE\\HARDDISKVOLUME1\\$MFT', - (u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\IE7\\SPUNINST\\SPUNINST.EXE.' - u'MANIFEST'), - (u'\\DEVICE\\HARDDISKVOLUME1\\D50FF1E628137B1A251B47AB9466\\UPDATE\\' - u'IERESETICONS.EXE'), - u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\IE7\\SPUNINST\\IERESETICONS.EXE'] + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\NTDLL.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\KERNEL32.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\UNICODE.NLS', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\LOCALE.NLS', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\SORTTBLS.NLS', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\MSVCRT.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\CMD.EXE', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\USER32.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\GDI32.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\SHIMENG.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\APPPATCH\\SYSMAIN.SDB', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\APPPATCH\\ACGENRAL.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\ADVAPI32.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\RPCRT4.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\WINMM.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\OLE32.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\OLEAUT32.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\MSACM32.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\VERSION.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\SHELL32.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\SHLWAPI.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\USERENV.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\UXTHEME.DLL', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\CTYPE.NLS', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\SORTKEY.NLS', + ('\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\WINSXS\\X86_MICROSOFT.WINDOWS.' + 'COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2180_X-WW_A84F1FF9\\' + 'COMCTL32.DLL'), + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\WINDOWSSHELL.MANIFEST', + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\COMCTL32.DLL', + ('\\DEVICE\\HARDDISKVOLUME1\\D50FF1E628137B1A251B47AB9466\\UPDATE\\' + 'UPDATE.EXE.MANIFEST'), + '\\DEVICE\\HARDDISKVOLUME1\\$MFT', + ('\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\IE7\\SPUNINST\\SPUNINST.EXE.' + 'MANIFEST'), + ('\\DEVICE\\HARDDISKVOLUME1\\D50FF1E628137B1A251B47AB9466\\UPDATE\\' + 'IERESETICONS.EXE'), + '\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\IE7\\SPUNINST\\IERESETICONS.EXE'] self.assertEqual(event.mapped_files, expected_mapped_files) # The volume creation event. event = events[0] - self.assertEqual(event.data_type, u'windows:volume:creation') + self.assertEqual(event.data_type, 'windows:volume:creation') expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-03-10 10:19:46.234375') + '2013-03-10 10:19:46.234375') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) expected_message = ( - u'\\DEVICE\\HARDDISKVOLUME1 ' - u'Serial number: 0x24CB074B ' - u'Origin: CMD.EXE-087B4001.pf') + '\\DEVICE\\HARDDISKVOLUME1 ' + 'Serial number: 0x24CB074B ' + 'Origin: CMD.EXE-087B4001.pf') expected_short_message = ( - u'\\DEVICE\\HARDDISKVOLUME1 ' - u'Origin: CMD.EXE-087B4001.pf') + '\\DEVICE\\HARDDISKVOLUME1 ' + 'Origin: CMD.EXE-087B4001.pf') self._TestGetMessageStrings(event, expected_message, expected_short_message) - @shared_test_lib.skipUnlessHasTestFile([u'PING.EXE-B29F6629.pf']) + @shared_test_lib.skipUnlessHasTestFile(['PING.EXE-B29F6629.pf']) def testParse23(self): """Tests the Parse function on a version 23 Prefetch file.""" parser = winprefetch.WinPrefetchParser() - storage_writer = self._ParseFile([u'PING.EXE-B29F6629.pf'], parser) + storage_writer = self._ParseFile(['PING.EXE-B29F6629.pf'], parser) self.assertEqual(storage_writer.number_of_events, 2) @@ -118,50 +120,50 @@ def testParse23(self): # The prefetch last run event. event = events[1] - self.assertEqual(event.data_type, u'windows:prefetch:execution') + self.assertEqual(event.data_type, 'windows:prefetch:execution') self.assertEqual(event.version, 23) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2012-04-06 19:00:55.932955') + '2012-04-06 19:00:55.932955') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_RUN) - self.assertEqual(event.executable, u'PING.EXE') + self.assertEqual(event.executable, 'PING.EXE') self.assertEqual(event.prefetch_hash, 0xb29f6629) - self.assertEqual(event.path, u'\\WINDOWS\\SYSTEM32\\PING.EXE') + self.assertEqual(event.path, '\\WINDOWS\\SYSTEM32\\PING.EXE') self.assertEqual(event.run_count, 14) - self.assertEqual(event.volume_device_paths[0], u'\\DEVICE\\HARDDISKVOLUME1') + self.assertEqual(event.volume_device_paths[0], '\\DEVICE\\HARDDISKVOLUME1') self.assertEqual(event.volume_serial_numbers[0], 0xac036525) expected_message = ( - u'Prefetch [PING.EXE] was executed - run count 14 path: ' - u'\\WINDOWS\\SYSTEM32\\PING.EXE ' - u'hash: 0xB29F6629 ' - u'volume: 1 [serial number: 0xAC036525, ' - u'device path: \\DEVICE\\HARDDISKVOLUME1]') + 'Prefetch [PING.EXE] was executed - run count 14 path: ' + '\\WINDOWS\\SYSTEM32\\PING.EXE ' + 'hash: 0xB29F6629 ' + 'volume: 1 [serial number: 0xAC036525, ' + 'device path: \\DEVICE\\HARDDISKVOLUME1]') - expected_short_message = u'PING.EXE was run 14 time(s)' + expected_short_message = 'PING.EXE was run 14 time(s)' self._TestGetMessageStrings(event, expected_message, expected_short_message) # The volume creation event. event = events[0] - self.assertEqual(event.data_type, u'windows:volume:creation') + self.assertEqual(event.data_type, 'windows:volume:creation') expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-11-10 17:37:26.484375') + '2010-11-10 17:37:26.484375') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) - @shared_test_lib.skipUnlessHasTestFile([u'WUAUCLT.EXE-830BCC14.pf']) + @shared_test_lib.skipUnlessHasTestFile(['WUAUCLT.EXE-830BCC14.pf']) def testParse23MultiVolume(self): """Tests the Parse function on a multi volume version 23 Prefetch file.""" parser = winprefetch.WinPrefetchParser() storage_writer = self._ParseFile( - [u'WUAUCLT.EXE-830BCC14.pf'], parser) + ['WUAUCLT.EXE-830BCC14.pf'], parser) self.assertEqual(storage_writer.number_of_events, 6) @@ -170,69 +172,69 @@ def testParse23MultiVolume(self): # The prefetch last run event. event = events[5] - self.assertEqual(event.data_type, u'windows:prefetch:execution') + self.assertEqual(event.data_type, 'windows:prefetch:execution') self.assertEqual(event.version, 23) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2012-03-15 21:17:39.807996') + '2012-03-15 21:17:39.807996') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_RUN) - self.assertEqual(event.executable, u'WUAUCLT.EXE') + self.assertEqual(event.executable, 'WUAUCLT.EXE') self.assertEqual(event.prefetch_hash, 0x830bcc14) - self.assertEqual(event.path, u'\\WINDOWS\\SYSTEM32\\WUAUCLT.EXE') + self.assertEqual(event.path, '\\WINDOWS\\SYSTEM32\\WUAUCLT.EXE') self.assertEqual(event.run_count, 25) - self.assertEqual(event.volume_device_paths[0], u'\\DEVICE\\HARDDISKVOLUME1') + self.assertEqual(event.volume_device_paths[0], '\\DEVICE\\HARDDISKVOLUME1') self.assertEqual(event.volume_serial_numbers[0], 0xac036525) expected_message = ( - u'Prefetch [WUAUCLT.EXE] was executed - run count 25 path: ' - u'\\WINDOWS\\SYSTEM32\\WUAUCLT.EXE ' - u'hash: 0x830BCC14 ' - u'volume: 1 [serial number: 0xAC036525, ' - u'device path: \\DEVICE\\HARDDISKVOLUME1], ' - u'volume: 2 [serial number: 0xAC036525, ' - u'device path: \\DEVICE\\HARDDISKVOLUMESHADOWCOPY2], ' - u'volume: 3 [serial number: 0xAC036525, ' - u'device path: \\DEVICE\\HARDDISKVOLUMESHADOWCOPY4], ' - u'volume: 4 [serial number: 0xAC036525, ' - u'device path: \\DEVICE\\HARDDISKVOLUMESHADOWCOPY7], ' - u'volume: 5 [serial number: 0xAC036525, ' - u'device path: \\DEVICE\\HARDDISKVOLUMESHADOWCOPY8]') - - expected_short_message = u'WUAUCLT.EXE was run 25 time(s)' + 'Prefetch [WUAUCLT.EXE] was executed - run count 25 path: ' + '\\WINDOWS\\SYSTEM32\\WUAUCLT.EXE ' + 'hash: 0x830BCC14 ' + 'volume: 1 [serial number: 0xAC036525, ' + 'device path: \\DEVICE\\HARDDISKVOLUME1], ' + 'volume: 2 [serial number: 0xAC036525, ' + 'device path: \\DEVICE\\HARDDISKVOLUMESHADOWCOPY2], ' + 'volume: 3 [serial number: 0xAC036525, ' + 'device path: \\DEVICE\\HARDDISKVOLUMESHADOWCOPY4], ' + 'volume: 4 [serial number: 0xAC036525, ' + 'device path: \\DEVICE\\HARDDISKVOLUMESHADOWCOPY7], ' + 'volume: 5 [serial number: 0xAC036525, ' + 'device path: \\DEVICE\\HARDDISKVOLUMESHADOWCOPY8]') + + expected_short_message = 'WUAUCLT.EXE was run 25 time(s)' self._TestGetMessageStrings(event, expected_message, expected_short_message) # The volume creation event. event = events[0] - self.assertEqual(event.data_type, u'windows:volume:creation') + self.assertEqual(event.data_type, 'windows:volume:creation') expected_timestamp = timelib.Timestamp.CopyFromString( - u'2010-11-10 17:37:26.484375') + '2010-11-10 17:37:26.484375') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) expected_message = ( - u'\\DEVICE\\HARDDISKVOLUME1 ' - u'Serial number: 0xAC036525 ' - u'Origin: WUAUCLT.EXE-830BCC14.pf') + '\\DEVICE\\HARDDISKVOLUME1 ' + 'Serial number: 0xAC036525 ' + 'Origin: WUAUCLT.EXE-830BCC14.pf') expected_short_message = ( - u'\\DEVICE\\HARDDISKVOLUME1 ' - u'Origin: WUAUCLT.EXE-830BCC14.pf') + '\\DEVICE\\HARDDISKVOLUME1 ' + 'Origin: WUAUCLT.EXE-830BCC14.pf') self._TestGetMessageStrings(event, expected_message, expected_short_message) - @shared_test_lib.skipUnlessHasTestFile([u'TASKHOST.EXE-3AE259FC.pf']) + @shared_test_lib.skipUnlessHasTestFile(['TASKHOST.EXE-3AE259FC.pf']) def testParse26(self): """Tests the Parse function on a version 26 Prefetch file.""" parser = winprefetch.WinPrefetchParser() storage_writer = self._ParseFile( - [u'TASKHOST.EXE-3AE259FC.pf'], parser) + ['TASKHOST.EXE-3AE259FC.pf'], parser) self.assertEqual(storage_writer.number_of_events, 5) @@ -241,148 +243,148 @@ def testParse26(self): # The prefetch last run event. event = events[1] - self.assertEqual(event.data_type, u'windows:prefetch:execution') + self.assertEqual(event.data_type, 'windows:prefetch:execution') self.assertEqual(event.version, 26) expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-10-04 15:40:09.037833') + '2013-10-04 15:40:09.037833') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_RUN) - self.assertEqual(event.executable, u'TASKHOST.EXE') + self.assertEqual(event.executable, 'TASKHOST.EXE') self.assertEqual(event.prefetch_hash, 0x3ae259fc) # The prefetch previous last run event. event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-10-04 15:28:09.010356') + '2013-10-04 15:28:09.010356') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, - u'Previous {0:s}'.format(definitions.TIME_DESCRIPTION_LAST_RUN)) + 'Previous {0:s}'.format(definitions.TIME_DESCRIPTION_LAST_RUN)) expected_mapped_files = [ - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\NTDLL.DLL ' - u'[MFT entry: 46299, sequence: 1]'), - u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\TASKHOST.EXE', - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\KERNEL32.DLL ' - u'[MFT entry: 45747, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\KERNELBASE.DLL ' - u'[MFT entry: 45734, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\LOCALE.NLS ' - u'[MFT entry: 45777, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\MSVCRT.DLL ' - u'[MFT entry: 46033, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\RPCRT4.DLL ' - u'[MFT entry: 46668, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\COMBASE.DLL ' - u'[MFT entry: 44616, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\OLEAUT32.DLL ' - u'[MFT entry: 46309, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\OLE32.DLL ' - u'[MFT entry: 46348, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\RPCSS.DLL ' - u'[MFT entry: 46654, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\KERNEL.APPCORE.DLL ' - u'[MFT entry: 45698, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\CRYPTBASE.DLL ' - u'[MFT entry: 44560, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\BCRYPTPRIMITIVES.DLL ' - u'[MFT entry: 44355, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\USER32.DLL ' - u'[MFT entry: 47130, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\GDI32.DLL ' - u'[MFT entry: 45344, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\EN-US\\' - u'TASKHOST.EXE.MUI'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\SECHOST.DLL ' - u'[MFT entry: 46699, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\CLBCATQ.DLL ' - u'[MFT entry: 44511, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\RACENGN.DLL ' - u'[MFT entry: 46549, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\NTMARTA.DLL ' - u'[MFT entry: 46262, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\WEVTAPI.DLL ' - u'[MFT entry: 47223, sequence: 1]'), - u'\\DEVICE\\HARDDISKVOLUME2\\$MFT', - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\SQMAPI.DLL ' - u'[MFT entry: 46832, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\AEPIC.DLL ' - u'[MFT entry: 43991, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\WINTRUST.DLL ' - u'[MFT entry: 47372, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\SLWGA.DLL ' - u'[MFT entry: 46762, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\DXGI.DLL ' - u'[MFT entry: 44935, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\ESENT.DLL ' - u'[MFT entry: 45256, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\WMICLNT.DLL ' - u'[MFT entry: 47413, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\ADVAPI32.DLL ' - u'[MFT entry: 43994, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\SFC_OS.DLL ' - u'[MFT entry: 46729, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\VERSION.DLL ' - u'[MFT entry: 47120, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\CRYPT32.DLL ' - u'[MFT entry: 44645, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\MSASN1.DLL ' - u'[MFT entry: 45909, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\WTSAPI32.DLL ' - u'[MFT entry: 47527, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\SPPC.DLL ' - u'[MFT entry: 46803, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\POWRPROF.DLL ' - u'[MFT entry: 46413, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\PROFAPI.DLL ' - u'[MFT entry: 46441, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\PROGRAMDATA\\MICROSOFT\\RAC\\STATEDATA\\' - u'RACMETADATA.DAT [MFT entry: 39345, sequence: 2]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\GLOBALIZATION\\SORTING\\' - u'SORTDEFAULT.NLS [MFT entry: 37452, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\RACRULES.XML ' - u'[MFT entry: 46509, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\TASKSCHD.DLL ' - u'[MFT entry: 47043, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\SSPICLI.DLL ' - u'[MFT entry: 46856, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\XMLLITE.DLL ' - u'[MFT entry: 47569, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\PROGRAMDATA\\MICROSOFT\\RAC\\STATEDATA\\' - u'RACWMIEVENTDATA.DAT [MFT entry: 23870, sequence: 3]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\PROGRAMDATA\\MICROSOFT\\RAC\\STATEDATA\\' - u'RACWMIDATABOOKMARKS.DAT [MFT entry: 23871, sequence: 2]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\TPMTASKS.DLL ' - u'[MFT entry: 47003, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\NCRYPT.DLL ' - u'[MFT entry: 46073, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\BCRYPT.DLL ' - u'[MFT entry: 44346, sequence: 1]'), - (u'\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\NTASN1.DLL ' - u'[MFT entry: 46261, sequence: 1]')] + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\NTDLL.DLL ' + '[MFT entry: 46299, sequence: 1]'), + '\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\TASKHOST.EXE', + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\KERNEL32.DLL ' + '[MFT entry: 45747, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\KERNELBASE.DLL ' + '[MFT entry: 45734, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\LOCALE.NLS ' + '[MFT entry: 45777, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\MSVCRT.DLL ' + '[MFT entry: 46033, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\RPCRT4.DLL ' + '[MFT entry: 46668, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\COMBASE.DLL ' + '[MFT entry: 44616, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\OLEAUT32.DLL ' + '[MFT entry: 46309, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\OLE32.DLL ' + '[MFT entry: 46348, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\RPCSS.DLL ' + '[MFT entry: 46654, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\KERNEL.APPCORE.DLL ' + '[MFT entry: 45698, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\CRYPTBASE.DLL ' + '[MFT entry: 44560, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\BCRYPTPRIMITIVES.DLL ' + '[MFT entry: 44355, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\USER32.DLL ' + '[MFT entry: 47130, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\GDI32.DLL ' + '[MFT entry: 45344, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\EN-US\\' + 'TASKHOST.EXE.MUI'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\SECHOST.DLL ' + '[MFT entry: 46699, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\CLBCATQ.DLL ' + '[MFT entry: 44511, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\RACENGN.DLL ' + '[MFT entry: 46549, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\NTMARTA.DLL ' + '[MFT entry: 46262, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\WEVTAPI.DLL ' + '[MFT entry: 47223, sequence: 1]'), + '\\DEVICE\\HARDDISKVOLUME2\\$MFT', + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\SQMAPI.DLL ' + '[MFT entry: 46832, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\AEPIC.DLL ' + '[MFT entry: 43991, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\WINTRUST.DLL ' + '[MFT entry: 47372, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\SLWGA.DLL ' + '[MFT entry: 46762, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\DXGI.DLL ' + '[MFT entry: 44935, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\ESENT.DLL ' + '[MFT entry: 45256, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\WMICLNT.DLL ' + '[MFT entry: 47413, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\ADVAPI32.DLL ' + '[MFT entry: 43994, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\SFC_OS.DLL ' + '[MFT entry: 46729, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\VERSION.DLL ' + '[MFT entry: 47120, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\CRYPT32.DLL ' + '[MFT entry: 44645, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\MSASN1.DLL ' + '[MFT entry: 45909, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\WTSAPI32.DLL ' + '[MFT entry: 47527, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\SPPC.DLL ' + '[MFT entry: 46803, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\POWRPROF.DLL ' + '[MFT entry: 46413, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\PROFAPI.DLL ' + '[MFT entry: 46441, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\PROGRAMDATA\\MICROSOFT\\RAC\\STATEDATA\\' + 'RACMETADATA.DAT [MFT entry: 39345, sequence: 2]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\GLOBALIZATION\\SORTING\\' + 'SORTDEFAULT.NLS [MFT entry: 37452, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\RACRULES.XML ' + '[MFT entry: 46509, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\TASKSCHD.DLL ' + '[MFT entry: 47043, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\SSPICLI.DLL ' + '[MFT entry: 46856, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\XMLLITE.DLL ' + '[MFT entry: 47569, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\PROGRAMDATA\\MICROSOFT\\RAC\\STATEDATA\\' + 'RACWMIEVENTDATA.DAT [MFT entry: 23870, sequence: 3]'), + ('\\DEVICE\\HARDDISKVOLUME2\\PROGRAMDATA\\MICROSOFT\\RAC\\STATEDATA\\' + 'RACWMIDATABOOKMARKS.DAT [MFT entry: 23871, sequence: 2]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\TPMTASKS.DLL ' + '[MFT entry: 47003, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\NCRYPT.DLL ' + '[MFT entry: 46073, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\BCRYPT.DLL ' + '[MFT entry: 44346, sequence: 1]'), + ('\\DEVICE\\HARDDISKVOLUME2\\WINDOWS\\SYSTEM32\\NTASN1.DLL ' + '[MFT entry: 46261, sequence: 1]')] self.assertEqual(event.mapped_files, expected_mapped_files) # The volume creation event. event = events[0] - self.assertEqual(event.data_type, u'windows:volume:creation') + self.assertEqual(event.data_type, 'windows:volume:creation') expected_timestamp = timelib.Timestamp.CopyFromString( - u'2013-10-04 15:57:26.146547') + '2013-10-04 15:57:26.146547') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) - @shared_test_lib.skipUnlessHasTestFile([u'BYTECODEGENERATOR.EXE-C1E9BCE6.pf']) + @shared_test_lib.skipUnlessHasTestFile(['BYTECODEGENERATOR.EXE-C1E9BCE6.pf']) def testParse30Compressed(self): """Tests the Parse function on a compressed version 30 Prefetch file.""" parser = winprefetch.WinPrefetchParser() storage_writer = self._ParseFile( - [u'BYTECODEGENERATOR.EXE-C1E9BCE6.pf'], parser) + ['BYTECODEGENERATOR.EXE-C1E9BCE6.pf'], parser) self.assertEqual(storage_writer.number_of_events, 8) @@ -391,42 +393,42 @@ def testParse30Compressed(self): # The prefetch last run event. event = events[1] - self.assertEqual(event.data_type, u'windows:prefetch:execution') + self.assertEqual(event.data_type, 'windows:prefetch:execution') self.assertEqual(event.version, 30) - self.assertEqual(event.data_type, u'windows:prefetch:execution') + self.assertEqual(event.data_type, 'windows:prefetch:execution') expected_timestamp = timelib.Timestamp.CopyFromString( - u'2015-05-14 22:11:58.091134') + '2015-05-14 22:11:58.091134') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_RUN) - self.assertEqual(event.executable, u'BYTECODEGENERATOR.EXE') + self.assertEqual(event.executable, 'BYTECODEGENERATOR.EXE') self.assertEqual(event.prefetch_hash, 0xc1e9bce6) # The prefetch previous last run event. event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2015-05-14 22:11:55.357652') + '2015-05-14 22:11:55.357652') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, - u'Previous {0:s}'.format(definitions.TIME_DESCRIPTION_LAST_RUN)) + 'Previous {0:s}'.format(definitions.TIME_DESCRIPTION_LAST_RUN)) self.assertEqual(len(event.mapped_files), 1085) # The volume creation event. event = events[0] - self.assertEqual(event.data_type, u'windows:volume:creation') + self.assertEqual(event.data_type, 'windows:volume:creation') expected_timestamp = timelib.Timestamp.CopyFromString( - u'2015-05-15 06:54:55.139294') + '2015-05-15 06:54:55.139294') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) -if __name__ == u'__main__': +if __name__ == '__main__': unittest.main() diff --git a/tests/parsers/winreg.py b/tests/parsers/winreg.py index f571810c68..318c1fc979 100644 --- a/tests/parsers/winreg.py +++ b/tests/parsers/winreg.py @@ -2,6 +2,8 @@ # -*- coding: utf-8 -*- """Tests for the Windows Registry file parser.""" +from __future__ import unicode_literals + import unittest from plaso.parsers import winreg @@ -21,7 +23,7 @@ def _GetParserChains(self, events): """Return a dict with a plugin count given a list of events.""" parser_chains = {} for event in events: - parser_chain = getattr(event, u'parser', None) + parser_chain = getattr(event, 'parser', None) if not parser_chain: continue @@ -34,46 +36,46 @@ def _GetParserChains(self, events): def _PluginNameToParserChain(self, plugin_name): """Generate the correct parser chain for a given plugin.""" - return u'winreg/{0:s}'.format(plugin_name) + return 'winreg/{0:s}'.format(plugin_name) def testEnablePlugins(self): """Tests the EnablePlugins function.""" parser = winreg.WinRegistryParser() - parser.EnablePlugins([u'appcompatcache']) + parser.EnablePlugins(['appcompatcache']) self.assertIsNotNone(parser) self.assertIsNotNone(parser._default_plugin) self.assertNotEqual(parser._plugins, []) self.assertEqual(len(parser._plugins), 1) - @shared_test_lib.skipUnlessHasTestFile([u'NTUSER.DAT']) + @shared_test_lib.skipUnlessHasTestFile(['NTUSER.DAT']) def testParseNTUserDat(self): """Tests the Parse function on a NTUSER.DAT file.""" parser = winreg.WinRegistryParser() - storage_writer = self._ParseFile([u'NTUSER.DAT'], parser) + storage_writer = self._ParseFile(['NTUSER.DAT'], parser) events = list(storage_writer.GetEvents()) parser_chains = self._GetParserChains(events) - expected_parser_chain = self._PluginNameToParserChain(u'userassist') + expected_parser_chain = self._PluginNameToParserChain('userassist') self.assertTrue(expected_parser_chain in parser_chains) self.assertEqual(parser_chains[expected_parser_chain], 14) - @shared_test_lib.skipUnlessHasTestFile([u'ntuser.dat.LOG']) + @shared_test_lib.skipUnlessHasTestFile(['ntuser.dat.LOG']) def testParseNoRootKey(self): """Test the parse function on a Registry file with no root key.""" parser = winreg.WinRegistryParser() - storage_writer = self._ParseFile([u'ntuser.dat.LOG'], parser) + storage_writer = self._ParseFile(['ntuser.dat.LOG'], parser) self.assertEqual(storage_writer.number_of_events, 0) - @shared_test_lib.skipUnlessHasTestFile([u'SYSTEM']) + @shared_test_lib.skipUnlessHasTestFile(['SYSTEM']) def testParseSystem(self): """Tests the Parse function on a SYSTEM file.""" parser = winreg.WinRegistryParser() - storage_writer = self._ParseFile([u'SYSTEM'], parser) + storage_writer = self._ParseFile(['SYSTEM'], parser) events = list(storage_writer.GetEvents()) @@ -82,22 +84,22 @@ def testParseSystem(self): # Check the existence of few known plugins, see if they # are being properly picked up and are parsed. plugin_names = [ - u'windows_usbstor_devices', u'windows_boot_execute', - u'windows_services'] + 'windows_usbstor_devices', 'windows_boot_execute', + 'windows_services'] for plugin in plugin_names: expected_parser_chain = self._PluginNameToParserChain(plugin) self.assertTrue( expected_parser_chain in parser_chains, - u'Chain {0:s} not found in events.'.format(expected_parser_chain)) + 'Chain {0:s} not found in events.'.format(expected_parser_chain)) # Check that the number of events produced by each plugin are correct. - parser_chain = self._PluginNameToParserChain(u'windows_usbstor_devices') + parser_chain = self._PluginNameToParserChain('windows_usbstor_devices') self.assertEqual(parser_chains.get(parser_chain, 0), 10) - parser_chain = self._PluginNameToParserChain(u'windows_boot_execute') + parser_chain = self._PluginNameToParserChain('windows_boot_execute') self.assertEqual(parser_chains.get(parser_chain, 0), 4) - parser_chain = self._PluginNameToParserChain(u'windows_services') + parser_chain = self._PluginNameToParserChain('windows_services') self.assertEqual(parser_chains.get(parser_chain, 0), 831) diff --git a/tests/parsers/winrestore.py b/tests/parsers/winrestore.py index 39284da7be..51aed6fee4 100644 --- a/tests/parsers/winrestore.py +++ b/tests/parsers/winrestore.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the Windows Restore Point (rp.log) file parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import winrestore # pylint: disable=unused-import +from plaso.formatters import winrestore as _ # pylint: disable=unused-import from plaso.lib import definitions from plaso.lib import timelib from plaso.parsers import winrestore @@ -16,11 +18,11 @@ class RestorePointLogParserTest(test_lib.ParserTestCase): """Tests for the Windows Restore Point (rp.log) file parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'rp.log']) + @shared_test_lib.skipUnlessHasTestFile(['rp.log']) def testParse(self): """Tests the Parse function.""" parser = winrestore.RestorePointLogParser() - storage_writer = self._ParseFile([u'rp.log'], parser) + storage_writer = self._ParseFile(['rp.log'], parser) self.assertEqual(storage_writer.number_of_events, 1) @@ -29,20 +31,20 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2015-03-23 18:38:14.246954') + '2015-03-23 18:38:14.246954') self.assertEqual( event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.restore_point_event_type, 102) self.assertEqual(event.restore_point_type, 0) - expected_description = u'Software Distribution Service 3.0' + expected_description = 'Software Distribution Service 3.0' self.assertEqual(event.description, expected_description) expected_message = ( - u'{0:s} ' - u'Event type: BEGIN_NESTED_SYSTEM_CHANGE ' - u'Restore point type: UNKNOWN').format(expected_description) + '{0:s} ' + 'Event type: BEGIN_NESTED_SYSTEM_CHANGE ' + 'Restore point type: UNKNOWN').format(expected_description) expected_short_message = expected_description self._TestGetMessageStrings(event, expected_message, expected_short_message) diff --git a/tests/parsers/xchatlog.py b/tests/parsers/xchatlog.py index ac805b9868..3121690415 100644 --- a/tests/parsers/xchatlog.py +++ b/tests/parsers/xchatlog.py @@ -2,9 +2,11 @@ # -*- coding: utf-8 -*- """Tests for the xchatlog parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import xchatlog # pylint: disable=unused-import +from plaso.formatters import xchatlog as _ # pylint: disable=unused-import from plaso.lib import timelib from plaso.parsers import xchatlog @@ -18,12 +20,12 @@ class XChatLogUnitTest(test_lib.ParserTestCase): """Tests for the xchatlog parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'xchat.log']) + @shared_test_lib.skipUnlessHasTestFile(['xchat.log']) def testParse(self): """Tests the Parse function.""" parser = xchatlog.XChatLogParser() storage_writer = self._ParseFile( - [u'xchat.log'], parser, timezone=u'Europe/Rome') + ['xchat.log'], parser, timezone='Europe/Rome') self.assertEqual(storage_writer.number_of_events, 9) @@ -31,50 +33,50 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2011-12-31 21:11:55+01:00') + '2011-12-31 21:11:55+01:00') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'XChat start logging' + expected_message = 'XChat start logging' self._TestGetMessageStrings(event, expected_message, expected_message) event = events[1] - expected_message = u'--> You are now talking on #gugle' + expected_message = '--> You are now talking on #gugle' self._TestGetMessageStrings(event, expected_message, expected_message) event = events[2] - expected_message = u'--- Topic for #gugle is plaso, a difficult word' + expected_message = '--- Topic for #gugle is plaso, a difficult word' self._TestGetMessageStrings(event, expected_message, expected_message) event = events[3] - expected_message = u'Topic for #gugle set by Kristinn' + expected_message = 'Topic for #gugle set by Kristinn' self._TestGetMessageStrings(event, expected_message, expected_message) event = events[4] - expected_message = u'--- Joachim gives voice to fpi' + expected_message = '--- Joachim gives voice to fpi' self._TestGetMessageStrings(event, expected_message, expected_message) event = events[5] - expected_message = u'* XChat here' + expected_message = '* XChat here' self._TestGetMessageStrings(event, expected_message, expected_message) event = events[6] - expected_message = u'[nickname: fpi] ola plas-ing guys!' + expected_message = '[nickname: fpi] ola plas-ing guys!' self._TestGetMessageStrings(event, expected_message, expected_message) event = events[7] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2011-12-31 23:00:00+01:00') + '2011-12-31 23:00:00+01:00') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'[nickname: STRANGER] \u65e5\u672c' + expected_message = '[nickname: STRANGER] \u65e5\u672c' self._TestGetMessageStrings(event, expected_message, expected_message) event = events[8] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2011-12-31 23:59:00+01:00') + '2011-12-31 23:59:00+01:00') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'XChat end logging' + expected_message = 'XChat end logging' self._TestGetMessageStrings(event, expected_message, expected_message) diff --git a/tests/parsers/xchatscrollback.py b/tests/parsers/xchatscrollback.py index 5712d62779..89aaec96be 100644 --- a/tests/parsers/xchatscrollback.py +++ b/tests/parsers/xchatscrollback.py @@ -2,9 +2,12 @@ # -*- coding: utf-8 -*- """Tests for the xchatscrollback log parser.""" +from __future__ import unicode_literals + import unittest -from plaso.formatters import xchatscrollback # pylint: disable=unused-import +# pylint: disable=unused-import +from plaso.formatters import xchatscrollback as _ from plaso.lib import timelib from plaso.parsers import xchatscrollback @@ -18,11 +21,11 @@ class XChatScrollbackUnitTest(test_lib.ParserTestCase): """Tests for the xchatscrollback log parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'xchatscrollback.log']) + @shared_test_lib.skipUnlessHasTestFile(['xchatscrollback.log']) def testParse(self): """Tests the Parse function.""" parser = xchatscrollback.XChatScrollbackParser() - storage_writer = self._ParseFile([u'xchatscrollback.log'], parser) + storage_writer = self._ParseFile(['xchatscrollback.log'], parser) self.assertEqual(storage_writer.number_of_events, 10) @@ -31,76 +34,76 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-01-16 02:56:19') + '2009-01-16 02:56:19') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'[] * Speaking now on ##plaso##' + expected_message = '[] * Speaking now on ##plaso##' self._TestGetMessageStrings(event, expected_message, expected_message) event = events[1] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-01-16 02:56:27') + '2009-01-16 02:56:27') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'[] * Joachim \xe8 uscito (Client exited)' + expected_message = '[] * Joachim \xe8 uscito (Client exited)' self._TestGetMessageStrings(event, expected_message, expected_message) event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-01-18 21:58:36') + '2009-01-18 21:58:36') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'[] Tcl interface unloaded' + expected_message = '[] Tcl interface unloaded' self._TestGetMessageStrings(event, expected_message, expected_message) event = events[3] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-01-18 21:58:36') + '2009-01-18 21:58:36') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'[] Python interface unloaded' + expected_message = '[] Python interface unloaded' self._TestGetMessageStrings(event, expected_message, expected_message) event = events[5] self.assertEqual(event.timestamp, 0) - expected_message = u'[nickname: fpi] 0 is a good timestamp' + expected_message = '[nickname: fpi] 0 is a good timestamp' self._TestGetMessageStrings(event, expected_message, expected_message) event = events[6] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-01-26 08:50:56') + '2009-01-26 08:50:56') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'[] * Topic of #plasify \xe8: .' + expected_message = '[] * Topic of #plasify \xe8: .' self._TestGetMessageStrings(event, expected_message, expected_message) event = events[7] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-01-26 08:51:02') + '2009-01-26 08:51:02') self.assertEqual(event.timestamp, expected_timestamp) event = events[8] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-01-26 08:52:12') + '2009-01-26 08:52:12') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'[nickname: fpi] Hi Kristinn!' + expected_message = '[nickname: fpi] Hi Kristinn!' self._TestGetMessageStrings(event, expected_message, expected_message) event = events[9] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2009-01-26 08:53:13') + '2009-01-26 08:53:13') self.assertEqual(event.timestamp, expected_timestamp) - expected_message = u'[nickname: Kristinn] GO AND WRITE PARSERS!!! O_o' + expected_message = '[nickname: Kristinn] GO AND WRITE PARSERS!!! O_o' self._TestGetMessageStrings(event, expected_message, expected_message) diff --git a/tests/parsers/zsh_extended_history.py b/tests/parsers/zsh_extended_history.py index e521a87aae..fafcf3f9a1 100644 --- a/tests/parsers/zsh_extended_history.py +++ b/tests/parsers/zsh_extended_history.py @@ -1,6 +1,9 @@ #!/usr/bin/python # -*_ coding: utf-8 -*- """Tests for the Zsh extended_history parser.""" + +from __future__ import unicode_literals + import unittest from plaso.lib import timelib @@ -13,12 +16,12 @@ class ZshExtendedHistoryTest(test_lib.ParserTestCase): """Tests for the Zsh extended_history parser.""" - @shared_test_lib.skipUnlessHasTestFile([u'zsh_extended_history.txt']) + @shared_test_lib.skipUnlessHasTestFile(['zsh_extended_history.txt']) def testParse(self): """Tests for the Parse method.""" parser = zsh_extended_history.ZshExtendedHistoryParser() storage_writer = self._ParseFile( - [u'zsh_extended_history.txt'], parser) + ['zsh_extended_history.txt'], parser) self.assertEqual(storage_writer.number_of_events, 4) @@ -26,21 +29,21 @@ def testParse(self): event = events[0] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-03-12 08:26:50') + '2016-03-12 08:26:50') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.elapsed_seconds, 0) - self.assertEqual(event.command, u'cd plaso') + self.assertEqual(event.command, 'cd plaso') event = events[2] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-03-26 11:54:53') - expected_command = u'echo dfgdfg \\\\\n& touch /tmp/afile' + '2016-03-26 11:54:53') + expected_command = 'echo dfgdfg \\\\\n& touch /tmp/afile' self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.command, expected_command) event = events[3] expected_timestamp = timelib.Timestamp.CopyFromString( - u'2016-03-26 11:54:57') + '2016-03-26 11:54:57') self.assertEqual(event.timestamp, expected_timestamp) def testVerification(self): @@ -48,10 +51,10 @@ def testVerification(self): parser = zsh_extended_history.ZshExtendedHistoryParser() mediator = None - valid_lines = u': 1457771210:0;cd plaso' + valid_lines = ': 1457771210:0;cd plaso' self.assertTrue(parser.VerifyStructure(mediator, valid_lines)) - invalid_lines = u': 2016-03-26 11:54:53;0;cd plaso' + invalid_lines = ': 2016-03-26 11:54:53;0;cd plaso' self.assertFalse(parser.VerifyStructure(mediator, invalid_lines))