From ecdf887300b4f0e728c3a4799a333ea7a240260e Mon Sep 17 00:00:00 2001 From: Joachim Metz Date: Fri, 29 Mar 2024 06:38:26 +0100 Subject: [PATCH] Changes to make year-less log helper support full dates #4697 --- docs/sources/api/plaso.lib.rst | 16 +-- .../api/plaso.parsers.sqlite_plugins.rst | 8 ++ plaso/containers/events.py | 110 +++++++++--------- plaso/engine/timeliner.py | 20 ++-- ...{yearless_helper.py => dateless_helper.py} | 18 +-- plaso/multi_process/extraction_engine.py | 6 +- plaso/multi_process/merge_helpers.py | 4 +- plaso/parsers/mediator.py | 10 +- plaso/parsers/text_parser.py | 6 +- plaso/parsers/text_plugins/android_logcat.py | 6 +- plaso/parsers/text_plugins/google_logging.py | 4 +- .../parsers/text_plugins/macos_appfirewall.py | 4 +- plaso/parsers/text_plugins/macos_securityd.py | 4 +- plaso/parsers/text_plugins/macos_wifi.py | 4 +- plaso/parsers/text_plugins/snort_fastlog.py | 4 +- plaso/parsers/text_plugins/syslog.py | 6 +- plaso/parsers/text_plugins/xchatlog.py | 4 +- tests/containers/events.py | 10 +- tests/engine/timeliner.py | 14 +-- ...{yearless_helper.py => dateless_helper.py} | 32 ++--- tests/parsers/text_plugins/test_lib.py | 6 +- 21 files changed, 152 insertions(+), 144 deletions(-) rename plaso/lib/{yearless_helper.py => dateless_helper.py} (91%) rename tests/lib/{yearless_helper.py => dateless_helper.py} (85%) diff --git a/docs/sources/api/plaso.lib.rst b/docs/sources/api/plaso.lib.rst index fe67bd207b..6b72b33d12 100644 --- a/docs/sources/api/plaso.lib.rst +++ b/docs/sources/api/plaso.lib.rst @@ -20,6 +20,14 @@ plaso.lib.cookie\_plugins\_helper module :undoc-members: :show-inheritance: +plaso.lib.dateless\_helper module +--------------------------------- + +.. automodule:: plaso.lib.dateless_helper + :members: + :undoc-members: + :show-inheritance: + plaso.lib.decorators module --------------------------- @@ -84,14 +92,6 @@ plaso.lib.specification module :undoc-members: :show-inheritance: -plaso.lib.yearless\_helper module ---------------------------------- - -.. automodule:: plaso.lib.yearless_helper - :members: - :undoc-members: - :show-inheritance: - Module contents --------------- diff --git a/docs/sources/api/plaso.parsers.sqlite_plugins.rst b/docs/sources/api/plaso.parsers.sqlite_plugins.rst index b1ab219a6b..071c6ccf63 100644 --- a/docs/sources/api/plaso.parsers.sqlite_plugins.rst +++ b/docs/sources/api/plaso.parsers.sqlite_plugins.rst @@ -300,6 +300,14 @@ plaso.parsers.sqlite\_plugins.windows\_eventtranscript module :undoc-members: :show-inheritance: +plaso.parsers.sqlite\_plugins.windows\_push\_notification module +---------------------------------------------------------------- + +.. automodule:: plaso.parsers.sqlite_plugins.windows_push_notification + :members: + :undoc-members: + :show-inheritance: + plaso.parsers.sqlite\_plugins.windows\_timeline module ------------------------------------------------------ diff --git a/plaso/containers/events.py b/plaso/containers/events.py index f1e1ee845a..bdf576e3a1 100644 --- a/plaso/containers/events.py +++ b/plaso/containers/events.py @@ -82,6 +82,60 @@ def CalculateEventValuesHash(event_data, event_data_stream): return md5_context.hexdigest() +class DateLessLogHelper(interface.AttributeContainer): + """Attribute container to assist with logs without full dates. + + Attributes: + earliest_year (int): earliest possible year the event data stream was + created. + last_relative_year (int): last relative year determined by the date-less + log helper. + latest_year (int): latest possible year the event data stream was created. + """ + + CONTAINER_TYPE = 'date_less_log_helper' + + SCHEMA = { + '_event_data_stream_identifier': 'AttributeContainerIdentifier', + 'earliest_year': 'int', + 'last_relative_year': 'int', + 'latest_year': 'int'} + + _SERIALIZABLE_PROTECTED_ATTRIBUTES = [ + '_event_data_stream_identifier'] + + def __init__(self): + """Initializes a date-less log helper attribute container.""" + super(DateLessLogHelper, self).__init__() + self._event_data_stream_identifier = None + self.earliest_year = None + self.last_relative_year = None + self.latest_year = None + + def GetEventDataStreamIdentifier(self): + """Retrieves the identifier of the associated event data stream. + + The event data stream identifier is a storage specific value that requires + special handling during serialization. + + Returns: + AttributeContainerIdentifier: event data stream or None when not set. + """ + return self._event_data_stream_identifier + + def SetEventDataStreamIdentifier(self, event_data_stream_identifier): + """Sets the identifier of the associated event data stream. + + The event data stream identifier is a storage specific value that requires + special handling during serialization. + + Args: + event_data_stream_identifier (AttributeContainerIdentifier): event data + stream identifier. + """ + self._event_data_stream_identifier = event_data_stream_identifier + + class EventData(interface.AttributeContainer): """Event data attribute container. @@ -384,59 +438,5 @@ def SetEventIdentifier(self, event_identifier): self._event_identifier = event_identifier -class YearLessLogHelper(interface.AttributeContainer): - """Year-less log helper attribute container. - - Attributes: - earliest_year (int): earliest possible year the event data stream was - created. - last_relative_year (int): last relative year determined by the year-less - log helper. - latest_year (int): latest possible year the event data stream was created. - """ - - CONTAINER_TYPE = 'year_less_log_helper' - - SCHEMA = { - '_event_data_stream_identifier': 'AttributeContainerIdentifier', - 'earliest_year': 'int', - 'last_relative_year': 'int', - 'latest_year': 'int'} - - _SERIALIZABLE_PROTECTED_ATTRIBUTES = [ - '_event_data_stream_identifier'] - - def __init__(self): - """Initializes a year-less log helper attribute container.""" - super(YearLessLogHelper, self).__init__() - self._event_data_stream_identifier = None - self.earliest_year = None - self.last_relative_year = None - self.latest_year = None - - def GetEventDataStreamIdentifier(self): - """Retrieves the identifier of the associated event data stream. - - The event data stream identifier is a storage specific value that requires - special handling during serialization. - - Returns: - AttributeContainerIdentifier: event data stream or None when not set. - """ - return self._event_data_stream_identifier - - def SetEventDataStreamIdentifier(self, event_data_stream_identifier): - """Sets the identifier of the associated event data stream. - - The event data stream identifier is a storage specific value that requires - special handling during serialization. - - Args: - event_data_stream_identifier (AttributeContainerIdentifier): event data - stream identifier. - """ - self._event_data_stream_identifier = event_data_stream_identifier - - manager.AttributeContainersManager.RegisterAttributeContainers([ - EventData, EventDataStream, EventObject, EventTag, YearLessLogHelper]) + DateLessLogHelper, EventData, EventDataStream, EventObject, EventTag]) diff --git a/plaso/engine/timeliner.py b/plaso/engine/timeliner.py index f25d813e9f..c329828bb4 100644 --- a/plaso/engine/timeliner.py +++ b/plaso/engine/timeliner.py @@ -39,7 +39,7 @@ def __init__( Args: data_location (Optional[str]): path of the timeliner configuration file. - preferred_year (Optional[int]): preferred initial year value for year-less + preferred_year (Optional[int]): preferred initial year value for date-less date and time values. system_configurations (Optional[list[SystemConfigurationArtifact]]): system configurations. @@ -86,7 +86,7 @@ def _GetBaseYear(self, storage_writer, event_data): int: base year. """ # If preferred year is set considered it a user override, otherwise try - # to determine the year based on the year-less log helper or fallback to + # to determine the year based on the date-less log helper or fallback to # the current year. if self._preferred_year: @@ -103,25 +103,25 @@ def _GetBaseYear(self, storage_writer, event_data): return base_year filter_expression = f'_event_data_stream_identifier == "{lookup_key:s}"' - year_less_log_helpers = list(storage_writer.GetAttributeContainers( - events.YearLessLogHelper.CONTAINER_TYPE, + date_less_log_helpers = list(storage_writer.GetAttributeContainers( + events.DateLessLogHelper.CONTAINER_TYPE, filter_expression=filter_expression)) - if not year_less_log_helpers: + if not date_less_log_helpers: message = ( - f'missing year-less log helper, defaulting to current year: ' + f'missing date-less log helper, defaulting to current year: ' f'{self._current_year:d}') self._ProduceTimeliningWarning(storage_writer, event_data, message) base_year = self._current_year else: - earliest_year = year_less_log_helpers[0].earliest_year - last_relative_year = year_less_log_helpers[0].last_relative_year - latest_year = year_less_log_helpers[0].latest_year + earliest_year = date_less_log_helpers[0].earliest_year + last_relative_year = date_less_log_helpers[0].last_relative_year + latest_year = date_less_log_helpers[0].latest_year if earliest_year is None and latest_year is None: message = ( - f'missing earliest and latest year in year-less log helper, ' + f'missing earliest and latest year in date-less log helper, ' f'defaulting to current year: {self._current_year:d}') self._ProduceTimeliningWarning(storage_writer, event_data, message) diff --git a/plaso/lib/yearless_helper.py b/plaso/lib/dateless_helper.py similarity index 91% rename from plaso/lib/yearless_helper.py rename to plaso/lib/dateless_helper.py index 0cfd073a5a..f2c9e75463 100644 --- a/plaso/lib/yearless_helper.py +++ b/plaso/lib/dateless_helper.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -"""The year-less log format helper mix-in.""" +"""The date-less log format helper mix-in.""" from dfvfs.lib import definitions as dfvfs_definitions from dfvfs.resolver import resolver as path_spec_resolver @@ -7,8 +7,8 @@ from plaso.containers import events -class YearLessLogFormatHelper(object): - """Year-less log format helper mix-in.""" +class DateLessLogFormatHelper(object): + """Date-less log format helper mix-in.""" _MONTH_DICT = { 'jan': 1, @@ -27,8 +27,8 @@ class YearLessLogFormatHelper(object): _VALID_MONTHS = frozenset(range(1, 13)) def __init__(self): - """Initializes the year-less log format helper mix-in.""" - super(YearLessLogFormatHelper, self).__init__() + """Initializes the date-less log format helper mix-in.""" + super(DateLessLogFormatHelper, self).__init__() self._base_year = None self._maximum_year = None self._month = None @@ -173,13 +173,13 @@ def _UpdateYear(self, month): self._month = month - def GetYearLessLogHelper(self): - """Retrieves a year-less log helper attribute container. + def GetDateLessLogHelper(self): + """Retrieves a date-less log helper attribute container. Returns: - YearLessLogHelper: year-less log helper. + DateLessLogHelper: date-less log helper. """ - year_less_log_helper = events.YearLessLogHelper() + year_less_log_helper = events.DateLessLogHelper() year_less_log_helper.earliest_year = self._base_year year_less_log_helper.last_relative_year = self._relative_year year_less_log_helper.latest_year = self._maximum_year diff --git a/plaso/multi_process/extraction_engine.py b/plaso/multi_process/extraction_engine.py index c53a231681..71f58b1fdc 100644 --- a/plaso/multi_process/extraction_engine.py +++ b/plaso/multi_process/extraction_engine.py @@ -92,10 +92,10 @@ class ExtractionMultiProcessEngine(task_engine.TaskMultiProcessEngine): * merge results returned by extraction worker processes. """ + _CONTAINER_TYPE_DATE_LESS_LOG_HELPER = events.DateLessLogHelper.CONTAINER_TYPE _CONTAINER_TYPE_EVENT_DATA = events.EventData.CONTAINER_TYPE _CONTAINER_TYPE_EVENT_DATA_STREAM = events.EventDataStream.CONTAINER_TYPE _CONTAINER_TYPE_EVENT_SOURCE = event_sources.EventSource.CONTAINER_TYPE - _CONTAINER_TYPE_YEAR_LESS_LOG_HELPER = events.YearLessLogHelper.CONTAINER_TYPE # Maximum number of dfVFS file system objects to cache in the foreman process. _FILE_SYSTEM_CACHE_SIZE = 3 @@ -395,8 +395,8 @@ def _MergeAttributeContainer(self, storage_writer, merge_helper, container): self._status = definitions.STATUS_INDICATOR_MERGING if container.CONTAINER_TYPE in ( - self._CONTAINER_TYPE_EVENT_DATA, - self._CONTAINER_TYPE_YEAR_LESS_LOG_HELPER): + self._CONTAINER_TYPE_DATE_LESS_LOG_HELPER, + self._CONTAINER_TYPE_EVENT_DATA): event_data_stream_identifier = container.GetEventDataStreamIdentifier() event_data_stream_lookup_key = None if event_data_stream_identifier: diff --git a/plaso/multi_process/merge_helpers.py b/plaso/multi_process/merge_helpers.py index d5b51a25a7..cfc43115fc 100644 --- a/plaso/multi_process/merge_helpers.py +++ b/plaso/multi_process/merge_helpers.py @@ -116,10 +116,10 @@ class ExtractionTaskMergeHelper(BaseTaskMergeHelper): _CONTAINER_TYPES = ( event_sources.EventSource.CONTAINER_TYPE, events.EventDataStream.CONTAINER_TYPE, - # The year-less log helper is needed to generate event from the event + # The date-less log helper is needed to generate event from the event # data by the timeliner and therefore needs to be merged before event # data containers. - events.YearLessLogHelper.CONTAINER_TYPE, + events.DateLessLogHelper.CONTAINER_TYPE, events.EventData.CONTAINER_TYPE, warnings.ExtractionWarning.CONTAINER_TYPE, warnings.RecoveryWarning.CONTAINER_TYPE, diff --git a/plaso/parsers/mediator.py b/plaso/parsers/mediator.py index ae586f1a85..6b9ca5b087 100644 --- a/plaso/parsers/mediator.py +++ b/plaso/parsers/mediator.py @@ -200,17 +200,17 @@ def _GetEnvironmentVariablesByPathSpec(self, path_spec): return self._environment_variables_per_path_spec.get(path_spec.parent, None) - def AddYearLessLogHelper(self, year_less_log_helper): - """Adds a year-less log helper. + def AddDateLessLogHelper(self, date_less_log_helper): + """Adds a date-less log helper. Args: - year_less_log_helper (YearLessLogHelper): year-less log helper. + date_less_log_helper (DateLessLogHelper): date-less log helper. """ if self._event_data_stream_identifier: - year_less_log_helper.SetEventDataStreamIdentifier( + date_less_log_helper.SetEventDataStreamIdentifier( self._event_data_stream_identifier) - self._storage_writer.AddAttributeContainer(year_less_log_helper) + self._storage_writer.AddAttributeContainer(date_less_log_helper) def AddWindowsEventLogMessageFile(self, message_file): """Adds a Windows EventLog message file. diff --git a/plaso/parsers/text_parser.py b/plaso/parsers/text_parser.py index 6bf69d4fb8..b096014c86 100644 --- a/plaso/parsers/text_parser.py +++ b/plaso/parsers/text_parser.py @@ -316,9 +316,9 @@ def ParseFileObject(self, parser_mediator, file_object): finally: parser_mediator.SampleStopTiming(profiling_name) - if hasattr(plugin, 'GetYearLessLogHelper'): - year_less_log_helper = plugin.GetYearLessLogHelper() - parser_mediator.AddYearLessLogHelper(year_less_log_helper) + if hasattr(plugin, 'GetDateLessLogHelper'): + year_less_log_helper = plugin.GetDateLessLogHelper() + parser_mediator.AddDateLessLogHelper(year_less_log_helper) break diff --git a/plaso/parsers/text_plugins/android_logcat.py b/plaso/parsers/text_plugins/android_logcat.py index 1fcb38c8c9..be0ad5d58e 100644 --- a/plaso/parsers/text_plugins/android_logcat.py +++ b/plaso/parsers/text_plugins/android_logcat.py @@ -35,8 +35,8 @@ from dfdatetime import time_elements as dfdatetime_time_elements from plaso.containers import events +from plaso.lib import dateless_helper from plaso.lib import errors -from plaso.lib import yearless_helper from plaso.parsers import text_parser from plaso.parsers.text_plugins import interface @@ -76,7 +76,7 @@ def __init__(self): class AndroidLogcatTextPlugin( - interface.TextPlugin, yearless_helper.YearLessLogFormatHelper): + interface.TextPlugin, dateless_helper.DateLessLogFormatHelper): """Text parser plugin for Android logcat files.""" NAME = 'android_logcat' @@ -105,7 +105,7 @@ class AndroidLogcatTextPlugin( pyparsing.Word(pyparsing.nums, exact=6)) # Date and time values are formatted as: - # 01-02 01:02:04.156 (yearless) + # 01-02 01:02:04.156 (year-less) # 2022-01-02 01:20:03.171 # 2022-01-02 11:44:23.183801 _DATE_TIME = ( diff --git a/plaso/parsers/text_plugins/google_logging.py b/plaso/parsers/text_plugins/google_logging.py index e6b9933cac..00d8e08b48 100644 --- a/plaso/parsers/text_plugins/google_logging.py +++ b/plaso/parsers/text_plugins/google_logging.py @@ -15,8 +15,8 @@ import pyparsing from plaso.containers import events +from plaso.lib import dateless_helper from plaso.lib import errors -from plaso.lib import yearless_helper from plaso.parsers import text_parser from plaso.parsers.text_plugins import interface @@ -56,7 +56,7 @@ def __init__(self, data_type=DATA_TYPE): class GoogleLogTextPlugin( - interface.TextPlugin, yearless_helper.YearLessLogFormatHelper): + interface.TextPlugin, dateless_helper.DateLessLogFormatHelper): """Text parser plugin for Google-formatted log files.""" NAME = 'googlelog' diff --git a/plaso/parsers/text_plugins/macos_appfirewall.py b/plaso/parsers/text_plugins/macos_appfirewall.py index 1f07c8150a..1ec6e9437e 100644 --- a/plaso/parsers/text_plugins/macos_appfirewall.py +++ b/plaso/parsers/text_plugins/macos_appfirewall.py @@ -6,8 +6,8 @@ from dfdatetime import time_elements as dfdatetime_time_elements from plaso.containers import events +from plaso.lib import dateless_helper from plaso.lib import errors -from plaso.lib import yearless_helper from plaso.parsers import text_parser from plaso.parsers.text_plugins import interface @@ -39,7 +39,7 @@ def __init__(self): class MacOSAppFirewallTextPlugin( - interface.TextPlugin, yearless_helper.YearLessLogFormatHelper): + interface.TextPlugin, dateless_helper.DateLessLogFormatHelper): """Text plugin for MacOS Application firewall log (appfirewall.log) files.""" NAME = 'mac_appfirewall_log' diff --git a/plaso/parsers/text_plugins/macos_securityd.py b/plaso/parsers/text_plugins/macos_securityd.py index e3ebf735df..ef5d689f6e 100644 --- a/plaso/parsers/text_plugins/macos_securityd.py +++ b/plaso/parsers/text_plugins/macos_securityd.py @@ -10,8 +10,8 @@ from dfdatetime import time_elements as dfdatetime_time_elements from plaso.containers import events +from plaso.lib import dateless_helper from plaso.lib import errors -from plaso.lib import yearless_helper from plaso.parsers import text_parser from plaso.parsers.text_plugins import interface @@ -47,7 +47,7 @@ def __init__(self): class MacOSSecuritydLogTextPlugin( - interface.TextPlugin, yearless_helper.YearLessLogFormatHelper): + interface.TextPlugin, dateless_helper.DateLessLogFormatHelper): """Text parser plugin for MacOS security daemon (securityd) log files.""" NAME = 'mac_securityd' diff --git a/plaso/parsers/text_plugins/macos_wifi.py b/plaso/parsers/text_plugins/macos_wifi.py index 5869f66807..725857b042 100644 --- a/plaso/parsers/text_plugins/macos_wifi.py +++ b/plaso/parsers/text_plugins/macos_wifi.py @@ -8,8 +8,8 @@ from dfdatetime import time_elements as dfdatetime_time_elements from plaso.containers import events +from plaso.lib import dateless_helper from plaso.lib import errors -from plaso.lib import yearless_helper from plaso.parsers import text_parser from plaso.parsers.text_plugins import interface @@ -41,7 +41,7 @@ def __init__(self): class MacOSWiFiLogTextPlugin( - interface.TextPlugin, yearless_helper.YearLessLogFormatHelper): + interface.TextPlugin, dateless_helper.DateLessLogFormatHelper): """Text parser plugin MacOS Wi-Fi log (wifi.log) files.""" NAME = 'mac_wifi' diff --git a/plaso/parsers/text_plugins/snort_fastlog.py b/plaso/parsers/text_plugins/snort_fastlog.py index 9189694141..0be6915eb5 100644 --- a/plaso/parsers/text_plugins/snort_fastlog.py +++ b/plaso/parsers/text_plugins/snort_fastlog.py @@ -23,8 +23,8 @@ from dfdatetime import time_elements as dfdatetime_time_elements from plaso.containers import events +from plaso.lib import dateless_helper from plaso.lib import errors -from plaso.lib import yearless_helper from plaso.parsers import text_parser from plaso.parsers.text_plugins import interface @@ -64,7 +64,7 @@ def __init__(self): class SnortFastLogTextPlugin( - interface.TextPlugin, yearless_helper.YearLessLogFormatHelper): + interface.TextPlugin, dateless_helper.DateLessLogFormatHelper): """Text parser plugin for Snort3/Suricata fast-log alert log files.""" NAME = 'snort_fastlog' diff --git a/plaso/parsers/text_plugins/syslog.py b/plaso/parsers/text_plugins/syslog.py index 4240b54473..a7ab33c802 100644 --- a/plaso/parsers/text_plugins/syslog.py +++ b/plaso/parsers/text_plugins/syslog.py @@ -12,8 +12,8 @@ import pyparsing from plaso.containers import events +from plaso.lib import dateless_helper from plaso.lib import errors -from plaso.lib import yearless_helper from plaso.parsers import logger from plaso.parsers import text_parser from plaso.parsers.text_plugins import interface @@ -555,7 +555,7 @@ def CheckRequiredFormat(self, parser_mediator, text_reader): class TraditionalSyslogTextPlugin( - BaseSyslogTextPlugin, yearless_helper.YearLessLogFormatHelper): + BaseSyslogTextPlugin, dateless_helper.DateLessLogFormatHelper): """Text parser plugin for traditional syslog log files.""" NAME = 'syslog_traditional' @@ -611,7 +611,7 @@ class TraditionalSyslogTextPlugin( # consists of: # %TIMESTAMP% %HOSTNAME% %syslogtag%%msg% # - # Where %TIMESTAMP% is in yearless ctime date time format e.g. + # Where %TIMESTAMP% is in year-less ctime date time format e.g. # Jan 22 07:54:32 _RSYSLOG_BODY = ( diff --git a/plaso/parsers/text_plugins/xchatlog.py b/plaso/parsers/text_plugins/xchatlog.py index 65097dfbd5..ebcdc1e882 100644 --- a/plaso/parsers/text_plugins/xchatlog.py +++ b/plaso/parsers/text_plugins/xchatlog.py @@ -56,8 +56,8 @@ from dfdatetime import time_elements as dfdatetime_time_elements from plaso.containers import events +from plaso.lib import dateless_helper from plaso.lib import errors -from plaso.lib import yearless_helper from plaso.parsers import text_parser from plaso.parsers.text_plugins import interface @@ -83,7 +83,7 @@ def __init__(self): class XChatLogTextPlugin( - interface.TextPlugin, yearless_helper.YearLessLogFormatHelper): + interface.TextPlugin, dateless_helper.DateLessLogFormatHelper): """Text parser plugin for XChat log files.""" NAME = 'xchatlog' diff --git a/tests/containers/events.py b/tests/containers/events.py index 0d896c9534..42f796d9c2 100644 --- a/tests/containers/events.py +++ b/tests/containers/events.py @@ -153,12 +153,12 @@ def testSetEventIdentifier(self): attribute_container.SetEventIdentifier(None) -class YearLessLogHelperTest(shared_test_lib.BaseTestCase): - """Tests for the year-less log helper attribute container.""" +class DateLessLogHelperTest(shared_test_lib.BaseTestCase): + """Tests for the date-less log helper attribute container.""" def testGetAttributeNames(self): """Tests the GetAttributeNames function.""" - attribute_container = events.YearLessLogHelper() + attribute_container = events.DateLessLogHelper() expected_attribute_names = [ '_event_data_stream_identifier', @@ -172,14 +172,14 @@ def testGetAttributeNames(self): def testGetEventDataStreamIdentifier(self): """Tests the GetEventDataStreamIdentifier function.""" - attribute_container = events.YearLessLogHelper() + attribute_container = events.DateLessLogHelper() identifier = attribute_container.GetEventDataStreamIdentifier() self.assertIsNone(identifier) def testSetEventDataStreamIdentifier(self): """Tests the SetEventDataStreamIdentifier function.""" - attribute_container = events.YearLessLogHelper() + attribute_container = events.DateLessLogHelper() attribute_container.SetEventDataStreamIdentifier(None) diff --git a/tests/engine/timeliner.py b/tests/engine/timeliner.py index f7b7ecb3c9..184521b50a 100644 --- a/tests/engine/timeliner.py +++ b/tests/engine/timeliner.py @@ -74,13 +74,13 @@ def _CreateStorageWriter(self, event_data, base_year=None): event_data_stream_identifier = event_data_stream.GetIdentifier() if base_year: - year_less_log_helper = events.YearLessLogHelper() - year_less_log_helper.earliest_year = base_year - year_less_log_helper.last_relative_year = 0 + date_less_log_helper = events.DateLessLogHelper() + date_less_log_helper.earliest_year = base_year + date_less_log_helper.last_relative_year = 0 - year_less_log_helper.SetEventDataStreamIdentifier( + date_less_log_helper.SetEventDataStreamIdentifier( event_data_stream_identifier) - storage_writer.AddAttributeContainer(year_less_log_helper) + storage_writer.AddAttributeContainer(date_less_log_helper) event_data.SetEventDataStreamIdentifier(event_data_stream_identifier) storage_writer.AddAttributeContainer(event_data) @@ -97,7 +97,7 @@ def testGetBaseYear(self): event_data = TestEventData1() event_data.value = 'MyValue' - # Test with year-less log helper. + # Test with date-less log helper. storage_writer = self._CreateStorageWriter(event_data, base_year=2012) # Ensure to reset the timeliner base years cache. @@ -110,7 +110,7 @@ def testGetBaseYear(self): 'timelining_warning') self.assertEqual(number_of_warnings, 0) - # Test missing year-less log helper. + # Test missing date-less log helper. storage_writer = self._CreateStorageWriter(event_data) # Ensure to reset the timeliner base years cache. diff --git a/tests/lib/yearless_helper.py b/tests/lib/dateless_helper.py similarity index 85% rename from tests/lib/yearless_helper.py rename to tests/lib/dateless_helper.py index 2a68396bf4..d1499fc8db 100644 --- a/tests/lib/yearless_helper.py +++ b/tests/lib/dateless_helper.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -"""Tests for the year-less log format helper mix-in.""" +"""Tests for the date-less log format helper mix-in.""" import unittest @@ -7,14 +7,14 @@ from dfvfs.path import factory as path_spec_factory from dfvfs.resolver import resolver as path_spec_resolver -from plaso.lib import yearless_helper +from plaso.lib import dateless_helper from plaso.parsers import mediator as parsers_mediator from tests import test_lib as shared_test_lib -class YearLessLogFormatHelperTest(shared_test_lib.BaseTestCase): - """Year-less log format definition helper mix-in tests.""" +class DateLessLogFormatHelperTest(shared_test_lib.BaseTestCase): + """Date-less log format definition helper mix-in tests.""" # pylint: disable=protected-access @@ -27,14 +27,14 @@ def testGetYearsFromFileEntry(self): dfvfs_definitions.TYPE_INDICATOR_GZIP, parent=os_path_spec) file_entry = path_spec_resolver.Resolver.OpenFileEntry(gzip_path_spec) - test_helper = yearless_helper.YearLessLogFormatHelper() + test_helper = dateless_helper.DateLessLogFormatHelper() years = test_helper._GetYearsFromFileEntry(file_entry) self.assertEqual(years, set([2012])) def testGetMonthFromString(self): """Tests the _GetMonthFromString function.""" - test_helper = yearless_helper.YearLessLogFormatHelper() + test_helper = dateless_helper.DateLessLogFormatHelper() month = test_helper._GetMonthFromString('jan') self.assertEqual(month, 1) @@ -44,7 +44,7 @@ def testGetMonthFromString(self): def testGetRelativeYear(self): """Tests the _GetRelativeYear function.""" - test_helper = yearless_helper.YearLessLogFormatHelper() + test_helper = dateless_helper.DateLessLogFormatHelper() test_helper._SetMonthAndYear(11, 2022) @@ -53,7 +53,7 @@ def testGetRelativeYear(self): def testGetYear(self): """Tests the _GetYear function.""" - test_helper = yearless_helper.YearLessLogFormatHelper() + test_helper = dateless_helper.DateLessLogFormatHelper() test_helper._SetMonthAndYear(11, 2022) @@ -73,7 +73,7 @@ def testSetEstimatedYear(self): parser_mediator.SetFileEntry(file_entry) - test_helper = yearless_helper.YearLessLogFormatHelper() + test_helper = dateless_helper.DateLessLogFormatHelper() self.assertEqual(test_helper._relative_year, 0) self.assertEqual(test_helper._year, 0) @@ -100,7 +100,7 @@ def testSetEstimatedYear(self): parser_mediator.SetFileEntry(file_entry) - test_helper = yearless_helper.YearLessLogFormatHelper() + test_helper = dateless_helper.DateLessLogFormatHelper() self.assertEqual(test_helper._relative_year, 0) self.assertEqual(test_helper._year, 0) @@ -116,7 +116,7 @@ def testSetEstimatedYear(self): def testSetMonthAndYear(self): """Tests the _SetMonthAndYear function.""" - test_helper = yearless_helper.YearLessLogFormatHelper() + test_helper = dateless_helper.DateLessLogFormatHelper() self.assertEqual(test_helper._relative_year, 0) self.assertEqual(test_helper._year, 0) @@ -130,7 +130,7 @@ def testSetMonthAndYear(self): def testUpdateYear(self): """Tests the _UpdateYear function.""" - test_helper = yearless_helper.YearLessLogFormatHelper() + test_helper = dateless_helper.DateLessLogFormatHelper() self.assertEqual(test_helper._relative_year, 0) self.assertEqual(test_helper._year, 0) @@ -178,11 +178,11 @@ def testUpdateYear(self): self.assertEqual(test_helper._year, 2) self.assertEqual(test_helper._month, 1) - def testGetYearLessLogHelper(self): - """Tests the GetYearLessLogHelper function.""" - test_helper = yearless_helper.YearLessLogFormatHelper() + def testGetDateLessLogHelper(self): + """Tests the GetDateLessLogHelper function.""" + test_helper = dateless_helper.DateLessLogFormatHelper() - year_less_log_helper = test_helper.GetYearLessLogHelper() + year_less_log_helper = test_helper.GetDateLessLogHelper() self.assertIsNotNone(year_less_log_helper) diff --git a/tests/parsers/text_plugins/test_lib.py b/tests/parsers/text_plugins/test_lib.py index 562b30d2c5..42df6635b7 100644 --- a/tests/parsers/text_plugins/test_lib.py +++ b/tests/parsers/text_plugins/test_lib.py @@ -60,8 +60,8 @@ def _ParseTextFileWithPlugin(self, path_segments, plugin): plugin.UpdateChainAndProcess(parser_mediator, file_object=file_object) - if hasattr(plugin, 'GetYearLessLogHelper'): - year_less_log_helper = plugin.GetYearLessLogHelper() - parser_mediator.AddYearLessLogHelper(year_less_log_helper) + if hasattr(plugin, 'GetDateLessLogHelper'): + date_less_log_helper = plugin.GetDateLessLogHelper() + parser_mediator.AddDateLessLogHelper(date_less_log_helper) return storage_writer