File: winprefetch.py

package info (click to toggle)
plaso 20241006-4
  • links: PTS, VCS
  • area: main
  • in suites: forky
  • size: 673,228 kB
  • sloc: python: 91,831; sh: 557; xml: 97; makefile: 17; sql: 14; vhdl: 11
file content (80 lines) | stat: -rw-r--r-- 2,779 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""Tests for the Windows Prefetch event formatter."""

import unittest

from plaso.formatters import winprefetch

from tests.formatters import test_lib


class WindowsPrefetchPathHintsFormatterHelperTest(
    test_lib.EventFormatterTestCase):
  """Tests for the Windows Prefetch path hints formatter helper."""

  def testFormatEventValues(self):
    """Tests the FormatEventValues function."""
    formatter_helper = winprefetch.WindowsPrefetchPathHintsFormatterHelper()

    output_mediator = self._CreateOutputMediator()

    event_values = {'path_hints': ['path1', 'path2']}
    formatter_helper.FormatEventValues(output_mediator, event_values)
    self.assertEqual(event_values['path_hints'], 'path1; path2')

    event_values = {'path_hints': None}
    formatter_helper.FormatEventValues(output_mediator, event_values)
    self.assertIsNone(event_values['path_hints'])


class WindowsPrefetchVolumesStringFormatterHelperTest(
    test_lib.EventFormatterTestCase):
  """Tests for the Windows Prefetch volumes string formatter helper."""

  def testFormatEventValues(self):
    """Tests the FormatEventValues function."""
    formatter_helper = winprefetch.WindowsPrefetchVolumesStringFormatterHelper()

    output_mediator = self._CreateOutputMediator()

    expected_volumes_string = (
        'volume: 1 [serial number: 0x12345678, device path: device1]')

    event_values = {
        'number_of_volumes': 1,
        'volume_device_paths': ['device1'],
        'volume_serial_numbers': [0x12345678]}
    formatter_helper.FormatEventValues(output_mediator, event_values)
    self.assertEqual(event_values['volumes_string'], expected_volumes_string)

    expected_volumes_string = (
        'volume: 1 [serial number: UNKNOWN, device path: device1]')

    event_values = {
        'number_of_volumes': 1,
        'volume_device_paths': ['device1'],
        'volume_serial_numbers': None}
    formatter_helper.FormatEventValues(output_mediator, event_values)
    self.assertEqual(event_values['volumes_string'], expected_volumes_string)

    expected_volumes_string = (
        'volume: 1 [serial number: 0x12345678, device path: UNKNOWN]')

    event_values = {
        'number_of_volumes': 1,
        'volume_device_paths': None,
        'volume_serial_numbers': [0x12345678]}
    formatter_helper.FormatEventValues(output_mediator, event_values)
    self.assertEqual(event_values['volumes_string'], expected_volumes_string)

    event_values = {
        'number_of_volumes': 0,
        'volume_device_paths': None,
        'volume_serial_numbers': None}
    formatter_helper.FormatEventValues(output_mediator, event_values)
    self.assertNotIn('volumes_string', event_values)


if __name__ == '__main__':
  unittest.main()