1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""Containers related functions and classes for testing."""
from __future__ import unicode_literals
from plaso.containers import events
from plaso.containers import interface
from tests import test_lib as shared_test_lib
def CreateEventFromValues(event_values):
"""Creates an event and event data from event values.
Args:
event_values (dict[str, str]): event values.
Returns:
tuple[EventObject, EventData, EventDataStream]: event, event data and
event data stream for testing.
"""
copy_of_event_values = dict(event_values)
event = events.EventObject()
for attribute_name in ('timestamp', 'timestamp_desc'):
attribute_value = copy_of_event_values.pop(attribute_name, None)
if attribute_value is not None:
if attribute_name == 'timestamp' and isinstance(attribute_value, str):
attribute_value = shared_test_lib.CopyTimestampFromSring(
attribute_value)
setattr(event, attribute_name, attribute_value)
event_data_stream = events.EventDataStream()
for attribute_name in ('path_spec', 'md5_hash', 'sha256_hash'):
attribute_value = copy_of_event_values.pop(attribute_name, None)
if attribute_value is not None:
setattr(event_data_stream, attribute_name, attribute_value)
event_data = events.EventData()
event_data.CopyFromDict(copy_of_event_values)
return event, event_data, event_data_stream
def CreateEventsFromValues(event_values_list):
"""Creates events and event data from a list of event values.
Args:
event_values_list (list[dict[str, str]]): list of event values.
Yields:
tuple[EventObject, EventData, EventDataStream]: event, event data and
event data stream for testing.
"""
for event_values in event_values_list:
yield CreateEventFromValues(event_values)
class TestAttributeContainer(interface.AttributeContainer):
"""Test attribute container."""
CONTAINER_TYPE = 'test_attribute_container'
|
