120 lines
4.1 KiB
Python
120 lines
4.1 KiB
Python
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
#
|
|
# Copyright 2013 The Plaso Project Authors.
|
|
# Please see the AUTHORS file for details on individual authors.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
"""This file contains tests for the format scanner classes."""
|
|
|
|
import unittest
|
|
|
|
from plaso.classifier import scanner
|
|
from plaso.classifier import test_lib
|
|
|
|
|
|
class ScannerTest(unittest.TestCase):
|
|
"""Class to test the scanner."""
|
|
|
|
def testInitialize(self):
|
|
"""Function to test the initialize function."""
|
|
store = test_lib.CreateSpecificationStore()
|
|
|
|
# Signature for LNK
|
|
data1 = ('\x4c\x00\x00\x00\x01\x14\x02\x00\x00\x00\x00\x00\xc0\x00\x00\x00'
|
|
'\x00\x00\x00\x46')
|
|
|
|
# Signature for REGF
|
|
data2 = 'regf'
|
|
|
|
# Random data
|
|
data3 = '\x01\xfa\xe0\xbe\x99\x8e\xdb\x70\xea\xcc\x6b\xae\x2f\xf5\xa2\xe4'
|
|
|
|
# Boundary scan test
|
|
data4a = ('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
|
|
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00PK')
|
|
data4b = ('\x07\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
|
|
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00Z')
|
|
|
|
# Large buffer test
|
|
data5_size = 1024 * 1024
|
|
data5 = '\x00' * (data5_size - 4)
|
|
data5 += 'PK\x07\x08'
|
|
|
|
test_scanner = scanner.Scanner(store)
|
|
|
|
total_data_size = len(data1)
|
|
scan_state = test_scanner.StartScan(total_data_size=total_data_size)
|
|
test_scanner.ScanBuffer(scan_state, data1, len(data1))
|
|
test_scanner.StopScan(scan_state)
|
|
|
|
self.assertEqual(len(scan_state.GetMatches()), 1)
|
|
|
|
scan_state = test_scanner.StartScan(total_data_size=None)
|
|
test_scanner.ScanBuffer(scan_state, data1, len(data1))
|
|
test_scanner.StopScan(scan_state)
|
|
|
|
self.assertEqual(len(scan_state.GetMatches()), 1)
|
|
|
|
total_data_size = len(data2)
|
|
scan_state = test_scanner.StartScan(total_data_size=total_data_size)
|
|
test_scanner.ScanBuffer(scan_state, data2, len(data2))
|
|
test_scanner.StopScan(scan_state)
|
|
|
|
self.assertEqual(len(scan_state.GetMatches()), 1)
|
|
|
|
scan_state = test_scanner.StartScan(total_data_size=None)
|
|
test_scanner.ScanBuffer(scan_state, data2, len(data2))
|
|
test_scanner.StopScan(scan_state)
|
|
|
|
self.assertEqual(len(scan_state.GetMatches()), 1)
|
|
|
|
total_data_size = len(data3)
|
|
scan_state = test_scanner.StartScan(total_data_size=total_data_size)
|
|
test_scanner.ScanBuffer(scan_state, data3, len(data3))
|
|
test_scanner.StopScan(scan_state)
|
|
|
|
self.assertEqual(len(scan_state.GetMatches()), 0)
|
|
|
|
scan_state = test_scanner.StartScan(total_data_size=None)
|
|
test_scanner.ScanBuffer(scan_state, data3, len(data3))
|
|
test_scanner.StopScan(scan_state)
|
|
|
|
self.assertEqual(len(scan_state.GetMatches()), 0)
|
|
|
|
total_data_size = len(data4a) + len(data4b)
|
|
scan_state = test_scanner.StartScan(total_data_size=total_data_size)
|
|
test_scanner.ScanBuffer(scan_state, data4a, len(data4a))
|
|
test_scanner.ScanBuffer(scan_state, data4b, len(data4b))
|
|
test_scanner.StopScan(scan_state)
|
|
|
|
self.assertEqual(len(scan_state.GetMatches()), 1)
|
|
|
|
scan_state = test_scanner.StartScan(total_data_size=None)
|
|
test_scanner.ScanBuffer(scan_state, data4a, len(data4a))
|
|
test_scanner.ScanBuffer(scan_state, data4b, len(data4b))
|
|
test_scanner.StopScan(scan_state)
|
|
|
|
self.assertEqual(len(scan_state.GetMatches()), 1)
|
|
|
|
total_data_size = len(data5)
|
|
scan_state = test_scanner.StartScan(total_data_size=total_data_size)
|
|
test_scanner.ScanBuffer(scan_state, data5, len(data5))
|
|
test_scanner.StopScan(scan_state)
|
|
|
|
self.assertEqual(len(scan_state.GetMatches()), 1)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
unittest.main()
|