stefan/plaso-rubanetra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
master
plaso-rubanetra/plaso/parsers/sqlite_plugins/firefox_test.py
Stefan 0da6783a45 Import from old repository
2020-04-06 18:48:34 +02:00

278 lines
10 KiB
Python
Raw Permalink Blame History

#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright 2013 The Plaso Project Authors.
# Please see the AUTHORS file for details on individual authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Tests for the Mozilla Firefox history database plugin."""
import collections
import unittest
# pylint: disable=unused-import
from plaso.formatters import firefox as firefox_formatter
from plaso.lib import eventdata
from plaso.lib import timelib_test
from plaso.parsers import sqlite
from plaso.parsers.sqlite_plugins import firefox
from plaso.parsers.sqlite_plugins import test_lib
class FirefoxHistoryPluginTest(test_lib.SQLitePluginTestCase):
"""Tests for the Mozilla Firefox history database plugin."""
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._plugin = firefox.FirefoxHistoryPlugin()
def testProcessPriorTo24(self):
"""Tests the Process function on a Firefox History database file."""
# This is probably version 23 but potentially an older version.
test_file = self._GetTestFilePath(['places.sqlite'])
cache = sqlite.SQLiteCache()
event_queue_consumer = self._ParseDatabaseFileWithPlugin(
self._plugin, test_file, cache)
event_objects = self._GetEventObjectsFromQueue(event_queue_consumer)
# The places.sqlite file contains 205 events (1 page visit,
# 2 x 91 bookmark records, 2 x 3 bookmark annotations,
# 2 x 8 bookmark folders).
# However there are three events that do not have a timestamp
# so the test file will show 202 extracted events.
self.assertEquals(len(event_objects), 202)
# Check the first page visited event.
event_object = event_objects[0]
self.assertEquals(event_object.data_type, 'firefox:places:page_visited')
self.assertEquals(event_object.timestamp_desc,
eventdata.EventTimestamp.PAGE_VISITED)
expected_timestamp = timelib_test.CopyStringToTimestamp(
'2011-07-01 11:16:21.371935')
self.assertEquals(event_object.timestamp, expected_timestamp)
expected_url = u'http://news.google.com/'
self.assertEquals(event_object.url, expected_url)
expected_title = u'Google News'
self.assertEquals(event_object.title, expected_title)
expected_msg = (
u'{0:s} ({1:s}) [count: 1] Host: news.google.com '
u'(URL not typed directly) Transition: TYPED').format(
expected_url, expected_title)
expected_short = u'URL: {}'.format(expected_url)
self._TestGetMessageStrings(event_object, expected_msg, expected_short)
# Check the first bookmark event.
event_object = event_objects[1]
self.assertEquals(event_object.data_type, 'firefox:places:bookmark')
self.assertEquals(event_object.timestamp_desc,
eventdata.EventTimestamp.ADDED_TIME)
expected_timestamp = timelib_test.CopyStringToTimestamp(
u'2011-07-01 11:13:59.266344+00:00')
self.assertEquals(event_object.timestamp, expected_timestamp)
# Check the second bookmark event.
event_object = event_objects[2]
self.assertEquals(event_object.data_type, 'firefox:places:bookmark')
self.assertEquals(event_object.timestamp_desc,
eventdata.EventTimestamp.MODIFICATION_TIME)
expected_timestamp = timelib_test.CopyStringToTimestamp(
u'2011-07-01 11:13:59.267198+00:00')
self.assertEquals(event_object.timestamp, expected_timestamp)
expected_url = (
u'place:folder=BOOKMARKS_MENU&folder=UNFILED_BOOKMARKS&folder=TOOLBAR&'
u'sort=12&excludeQueries=1&excludeItemIfParentHasAnnotation=livemark%2F'
u'feedURI&maxResults=10&queryType=1')
self.assertEquals(event_object.url, expected_url)
expected_title = u'Recently Bookmarked'
self.assertEquals(event_object.title, expected_title)
expected_msg = (
u'Bookmark URL {0:s} ({1:s}) [folder=BOOKMARKS_MENU&'
u'folder=UNFILED_BOOKMARKS&folder=TOOLBAR&sort=12&excludeQueries=1&'
u'excludeItemIfParentHasAnnotation=livemark%2FfeedURI&maxResults=10&'
u'queryType=1] visit count 0').format(
expected_title, expected_url)
expected_short = (
u'Bookmarked Recently Bookmarked '
u'(place:folder=BOOKMARKS_MENU&folder=UNFILED_BO...')
self._TestGetMessageStrings(event_object, expected_msg, expected_short)
# Check the first bookmark annotation event.
event_object = event_objects[183]
self.assertEquals(
event_object.data_type, 'firefox:places:bookmark_annotation')
self.assertEquals(
event_object.timestamp_desc, eventdata.EventTimestamp.CREATION_TIME)
expected_timestamp = timelib_test.CopyStringToTimestamp(
u'2011-07-01 11:13:59.267146+00:00')
self.assertEquals(event_object.timestamp, expected_timestamp)
# Check another bookmark annotation event.
event_object = event_objects[184]
self.assertEquals(
event_object.data_type, 'firefox:places:bookmark_annotation')
self.assertEquals(
event_object.timestamp_desc, eventdata.EventTimestamp.CREATION_TIME)
expected_timestamp = timelib_test.CopyStringToTimestamp(
u'2011-07-01 11:13:59.267605+00:00')
self.assertEquals(event_object.timestamp, expected_timestamp)
expected_url = u'place:sort=14&type=6&maxResults=10&queryType=1'
self.assertEquals(event_object.url, expected_url)
expected_title = u'Recent Tags'
self.assertEquals(event_object.title, expected_title)
expected_msg = (
u'Bookmark Annotation: [RecentTags] to bookmark '
u'[{0:s}] ({1:s})').format(
expected_title, expected_url)
expected_short = u'Bookmark Annotation: Recent Tags'
self._TestGetMessageStrings(event_object, expected_msg, expected_short)
# Check the second last bookmark folder event.
event_object = event_objects[200]
self.assertEquals(event_object.data_type, 'firefox:places:bookmark_folder')
self.assertEquals(
event_object.timestamp_desc, eventdata.EventTimestamp.ADDED_TIME)
expected_timestamp = timelib_test.CopyStringToTimestamp(
u'2011-03-21 10:05:01.553774+00:00')
self.assertEquals(event_object.timestamp, expected_timestamp)
# Check the last bookmark folder event.
event_object = event_objects[201]
self.assertEquals(
event_object.data_type, 'firefox:places:bookmark_folder')
self.assertEquals(
event_object.timestamp_desc,
eventdata.EventTimestamp.MODIFICATION_TIME)
expected_timestamp = timelib_test.CopyStringToTimestamp(
u'2011-07-01 11:14:11.766851+00:00')
self.assertEquals(event_object.timestamp, expected_timestamp)
expected_title = u'Latest Headlines'
self.assertEquals(event_object.title, expected_title)
expected_msg = expected_title
expected_short = expected_title
self._TestGetMessageStrings(event_object, expected_msg, expected_short)
def testProcessVersion25(self):
"""Tests the Process function on a Firefox History database file v 25."""
test_file = self._GetTestFilePath(['places_new.sqlite'])
cache = sqlite.SQLiteCache()
event_queue_consumer = self._ParseDatabaseFileWithPlugin(
self._plugin, test_file, cache)
event_objects = self._GetEventObjectsFromQueue(event_queue_consumer)
# The places.sqlite file contains 84 events:
# 34 page visits.
# 28 bookmarks
# 14 bookmark folders
# 8 annotations
self.assertEquals(len(event_objects), 84)
counter = collections.Counter()
for event_object in event_objects:
counter[event_object.data_type] += 1
self.assertEquals(counter['firefox:places:bookmark'], 28)
self.assertEquals(counter['firefox:places:page_visited'], 34)
self.assertEquals(counter['firefox:places:bookmark_folder'], 14)
self.assertEquals(counter['firefox:places:bookmark_annotation'], 8)
random_event = event_objects[10]
expected_timestamp = timelib_test.CopyStringToTimestamp(
'2013-10-30 21:57:11.281942')
self.assertEquals(random_event.timestamp, expected_timestamp)
expected_short = u'URL: http://code.google.com/p/plaso'
expected_msg = (
u'http://code.google.com/p/plaso [count: 1] Host: code.google.com '
u'(URL not typed directly) Transition: TYPED')
self._TestGetMessageStrings(random_event, expected_msg, expected_short)
class FirefoxDownloadsPluginTest(test_lib.SQLitePluginTestCase):
"""Tests for the Mozilla Firefox downloads database plugin."""
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._plugin = firefox.FirefoxDownloadsPlugin()
def testProcessVersion25(self):
"""Tests the Process function on a Firefox Downloads database file."""
test_file = self._GetTestFilePath(['downloads.sqlite'])
cache = sqlite.SQLiteCache()
event_queue_consumer = self._ParseDatabaseFileWithPlugin(
self._plugin, test_file, cache)
event_objects = self._GetEventObjectsFromQueue(event_queue_consumer)
# The downloads.sqlite file contains 2 events (1 download).
self.assertEquals(len(event_objects), 2)
# Check the first page visited event.
event_object = event_objects[0]
self.assertEquals(event_object.data_type, 'firefox:downloads:download')
self.assertEquals(event_object.timestamp_desc,
eventdata.EventTimestamp.START_TIME)
expected_timestamp = timelib_test.CopyStringToTimestamp(
u'2013-07-18 18:59:59.312000+00:00')
self.assertEquals(event_object.timestamp, expected_timestamp)
expected_url = (
u'https://plaso.googlecode.com/files/'
u'plaso-static-1.0.1-win32-vs2008.zip')
self.assertEquals(event_object.url, expected_url)
expected_full_path = u'file:///D:/plaso-static-1.0.1-win32-vs2008.zip'
self.assertEquals(event_object.full_path, expected_full_path)
self.assertEquals(event_object.received_bytes, 15974599)
self.assertEquals(event_object.total_bytes, 15974599)
if __name__ == '__main__':
unittest.main()
Reference in New Issue View Git Blame Copy Permalink