plaso-rubanetra/plaso/parsers/sqlite_plugins/chrome_cookies_test.py

136 lines
5.2 KiB
Python
Raw Permalink Normal View History

2020-04-06 16:48:34 +00:00
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright 2013 The Plaso Project Authors.
# Please see the AUTHORS file for details on individual authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Tests for the Google Chrome cookie database plugin."""
import unittest
# pylint: disable=unused-import
from plaso.formatters import chrome_cookies as chrome_cookies_formatter
from plaso.lib import eventdata
from plaso.lib import timelib_test
from plaso.parsers.sqlite_plugins import chrome_cookies
from plaso.parsers.sqlite_plugins import test_lib
class ChromeCookiesPluginTest(test_lib.SQLitePluginTestCase):
"""Tests for the Google Chrome cookie database plugin."""
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._plugin = chrome_cookies.ChromeCookiePlugin()
def testProcess(self):
"""Tests the Process function on a Chrome cookie database file."""
test_file = self._GetTestFilePath(['cookies.db'])
event_queue_consumer = self._ParseDatabaseFileWithPlugin(
self._plugin, test_file)
event_objects = []
extra_objects = []
# Since we've got both events generated by cookie plugins and the Chrome
# cookie plugin we need to separate them.
for event_object in self._GetEventObjectsFromQueue(event_queue_consumer):
if isinstance(event_object, chrome_cookies.ChromeCookieEvent):
event_objects.append(event_object)
else:
extra_objects.append(event_object)
# The cookie database contains 560 entries:
# 560 creation timestamps.
# 560 last access timestamps.
# 560 expired timestamps.
# Then there are extra events created by plugins:
# 75 events created by Google Analytics cookies.
# In total: 1755 events.
self.assertEquals(len(event_objects), 3 * 560)
# Double check that we've got at least the 75 Google Analytics sessions.
self.assertGreaterEqual(len(extra_objects), 75)
# Check few "random" events to verify.
# Check one linkedin cookie.
event_object = event_objects[124]
self.assertEquals(
event_object.timestamp_desc, eventdata.EventTimestamp.ACCESS_TIME)
self.assertEquals(event_object.host, u'www.linkedin.com')
self.assertEquals(event_object.cookie_name, u'leo_auth_token')
self.assertFalse(event_object.httponly)
self.assertEquals(event_object.url, u'http://www.linkedin.com/')
expected_timestamp = timelib_test.CopyStringToTimestamp(
'2011-08-25 21:50:27.292367')
self.assertEquals(event_object.timestamp, expected_timestamp)
expected_msg = (
u'http://www.linkedin.com/ (leo_auth_token) Flags: [HTTP only] = False '
u'[Persistent] = True')
expected_short = u'www.linkedin.com (leo_auth_token)'
self._TestGetMessageStrings(event_object, expected_msg, expected_short)
# Check one of the visits to rubiconproject.com.
event_object = event_objects[379]
self.assertEquals(
event_object.timestamp_desc, eventdata.EventTimestamp.ACCESS_TIME)
expected_timestamp = timelib_test.CopyStringToTimestamp(
'2012-04-01 13:54:34.949210')
self.assertEquals(event_object.timestamp, expected_timestamp)
self.assertEquals(event_object.url, u'http://rubiconproject.com/')
self.assertEquals(event_object.path, u'/')
self.assertFalse(event_object.secure)
self.assertTrue(event_object.persistent)
expected_msg = (
u'http://rubiconproject.com/ (put_2249) Flags: [HTTP only] = False '
u'[Persistent] = True')
self._TestGetMessageStrings(
event_object, expected_msg, u'rubiconproject.com (put_2249)')
# Examine an event for a visit to a political blog site.
event_object = event_objects[444]
self.assertEquals(
event_object.path,
u'/2012/03/21/romney-tries-to-clean-up-etch-a-sketch-mess/')
self.assertEquals(event_object.host, u'politicalticker.blogs.cnn.com')
expected_timestamp = timelib_test.CopyStringToTimestamp(
'2012-03-22 01:47:21.012022')
self.assertEquals(event_object.timestamp, expected_timestamp)
# Examine a cookie that has an autologin entry.
event_object = event_objects[1425]
expected_timestamp = timelib_test.CopyStringToTimestamp(
'2012-04-01 13:52:56.189444')
self.assertEquals(event_object.timestamp, expected_timestamp)
self.assertEquals(event_object.host, u'marvel.com')
self.assertEquals(event_object.cookie_name, u'autologin[timeout]')
self.assertEquals(
event_object.timestamp_desc, eventdata.EventTimestamp.CREATION_TIME)
# This particular cookie value represents a timeout value that corresponds
# to the expiration date of the cookie.
self.assertEquals(event_object.data, u'1364824322')
if __name__ == '__main__':
unittest.main()