Worked on script to parse WEVT_TEMPLATE

libyal · Jan 26, 2024 · e2c9bff · e2c9bff
1 parent 5886f31
commit e2c9bff
Show file tree

Hide file tree

Showing 5 changed files with 762 additions and 7 deletions.
diff --git a/scripts/wevt_template.py b/scripts/wevt_template.py
@@ -10,6 +10,9 @@
 import pyfwevt
 import pywrc
 
+from winevtrc import dfvfs_helpers
+from winevtrc import file_system
+
 
 def Main():
   """The main program function.
@@ -24,18 +27,30 @@ def Main():
       '-d', '--debug', dest='debug', action='store_true', default=False,
       help='enable debug output.')
 
+  dfvfs_helpers.AddDFVFSCLIArguments(argument_parser)
+
   argument_parser.add_argument(
       'source', nargs='?', action='store', metavar='PATH', default=None, help=(
           'path of the PE/COFF resource file.'))
 
   options = argument_parser.parse_args()
 
-  if not options.source:
-    print('Source file missing.')
-    print('')
-    argument_parser.print_help()
-    print('')
-    return False
+  if dfvfs_helpers and getattr(options, 'image', None):
+    file_system_helper = dfvfs_helpers.ParseDFVFSCLIArguments(options)
+    if not file_system_helper:
+      print('No supported file system found in storage media image.')
+      print('')
+      return False
+
+  else:
+    if not options.source:
+      print('Source file missing.')
+      print('')
+      argument_parser.print_help()
+      print('')
+      return False
+
+    file_system_helper = file_system.NativeFileSystemHelper()
 
   logging.basicConfig(
       level=logging.INFO, format='[%(levelname)s] %(message)s')
@@ -101,8 +116,10 @@ def Main():
       0x23: 'win:Utf8',
       0x24: 'win:Pkcs7WithTypeInfo'}
 
+  file_object = file_system_helper.OpenFileByPath(options.source)
+
   exe_file = pyexe.file()
-  exe_file.open(options.source)
+  exe_file.open_file_object(file_object)
 
   exe_section = exe_file.get_section_by_name('.rsrc')
   if exe_section:

diff --git a/tests/dfvfs_helpers.py b/tests/dfvfs_helpers.py
@@ -0,0 +1,151 @@
+# -*- coding: utf-8 -*-
+"""Tests for the dfVFS helpers."""
+
+import pathlib
+import os
+import unittest
+
+from dfvfs.lib import definitions as dfvfs_definitions
+from dfvfs.path import factory as path_spec_factory
+
+from winevtrc import dfvfs_helpers
+
+from tests import test_lib
+
+
+class DFVFSFileSystemHelperTest(test_lib.BaseTestCase):
+  """dfVFS file system helper tests."""
+
+  def testBasenamePath(self):
+    """Tests the BasenamePath function."""
+    test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = dfvfs_helpers.DFVFSFileSystemHelper(None)
+
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path)
+    test_helper.OpenFileSystem(path_spec)
+
+    basename = test_helper.BasenamePath(test_file_path)
+    self.assertEqual(basename, 'utmp-linux_libc6')
+
+  def testCheckFileExistsByPath(self):
+    """Tests the CheckFileExistsByPath function."""
+    test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = dfvfs_helpers.DFVFSFileSystemHelper(None)
+
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path)
+    test_helper.OpenFileSystem(path_spec)
+
+    result = test_helper.CheckFileExistsByPath(test_file_path)
+    self.assertTrue(result)
+
+  def testDirnamePath(self):
+    """Tests the DirnamePath function."""
+    test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = dfvfs_helpers.DFVFSFileSystemHelper(None)
+
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path)
+    test_helper.OpenFileSystem(path_spec)
+
+    dirname = test_helper.DirnamePath(test_file_path)
+    self.assertEqual(dirname, test_lib.TEST_DATA_PATH)
+
+  def testGetFileSizeByPath(self):
+    """Tests the GetFileSizeByPath function."""
+    test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = dfvfs_helpers.DFVFSFileSystemHelper(None)
+
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path)
+    test_helper.OpenFileSystem(path_spec)
+
+    file_size = test_helper.GetFileSizeByPath(test_file_path)
+    self.assertEqual(file_size, 5376)
+
+  def testJoinPath(self):
+    """Tests the JoinPath function."""
+    test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = dfvfs_helpers.DFVFSFileSystemHelper(None)
+
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path)
+    test_helper.OpenFileSystem(path_spec)
+
+    path_segments = os.path.split(test_file_path)
+
+    path = test_helper.JoinPath(path_segments)
+    self.assertEqual(path, test_file_path)
+
+  def testListDirectory(self):
+    """Tests the ListDirectory function."""
+    test_file_path = self._GetTestFilePath(['unified_logging'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = dfvfs_helpers.DFVFSFileSystemHelper(None)
+
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path)
+    test_helper.OpenFileSystem(path_spec)
+
+    expected_directory_entries = [
+        '0000000000000030.tracev3',
+        '0000000000000f85.tracev3',
+        'timesync',
+        'uuidtext']
+
+    directory_entries = sorted(test_helper.ListDirectory(test_file_path))
+    self.assertEqual(directory_entries, expected_directory_entries)
+
+  def testOpenFileByPath(self):
+    """Tests the OpenFileByPath function."""
+    test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = dfvfs_helpers.DFVFSFileSystemHelper(None)
+
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path)
+    test_helper.OpenFileSystem(path_spec)
+
+    file_object = test_helper.OpenFileByPath(test_file_path)
+    self.assertIsNotNone(file_object)
+
+    file_object.close()
+
+  def testSplitPath(self):
+    """Tests the SplitPath function."""
+    test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = dfvfs_helpers.DFVFSFileSystemHelper(None)
+
+    path_spec = path_spec_factory.Factory.NewPathSpec(
+        dfvfs_definitions.TYPE_INDICATOR_OS, location=test_file_path)
+    test_helper.OpenFileSystem(path_spec)
+
+    expected_path_segments = list(pathlib.Path(test_file_path).parts)
+    expected_path_segments.pop(0)
+
+    path_segments = test_helper.SplitPath(test_file_path)
+    self.assertEqual(path_segments, expected_path_segments)
+
+
+# TODO: add test for SetDFVFSBackEnd
+# TODO: add test for AddDFVFSCLIArguments
+# TODO: add test for ParseDFVFSCLIArguments
+
+
+if __name__ == '__main__':
+  unittest.main()
diff --git a/tests/file_system.py b/tests/file_system.py
@@ -0,0 +1,120 @@
+# -*- coding: utf-8 -*-
+"""Tests for the file system helper."""
+
+import pathlib
+import platform
+import unittest
+
+from winevtrc import file_system
+
+from tests import test_lib
+
+
+class NativeFileSystemHelperTest(test_lib.BaseTestCase):
+  """Python native system helper tests."""
+
+  def testBasenamePath(self):
+    """Tests the BasenamePath function."""
+    test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = file_system.NativeFileSystemHelper()
+
+    basename = test_helper.BasenamePath(test_file_path)
+    self.assertEqual(basename, 'utmp-linux_libc6')
+
+  def testCheckFileExistsByPath(self):
+    """Tests the CheckFileExistsByPath function."""
+    test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = file_system.NativeFileSystemHelper()
+
+    result = test_helper.CheckFileExistsByPath(test_file_path)
+    self.assertTrue(result)
+
+  def testDirnamePath(self):
+    """Tests the DirnamePath function."""
+    test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = file_system.NativeFileSystemHelper()
+
+    dirname = test_helper.DirnamePath(test_file_path)
+    self.assertEqual(dirname, test_lib.TEST_DATA_PATH)
+
+  def testGetFileSizeByPath(self):
+    """Tests the GetFileSizeByPath function."""
+    test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = file_system.NativeFileSystemHelper()
+
+    file_size = test_helper.GetFileSizeByPath(test_file_path)
+    self.assertEqual(file_size, 5376)
+
+  def testJoinPath(self):
+    """Tests the JoinPath function."""
+    test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = file_system.NativeFileSystemHelper()
+
+    path_segments = list(pathlib.Path(test_file_path).parts)
+    path_segments.pop(0)
+
+    if platform.system() == 'Windows':
+      expected_path = test_file_path[2:]
+    else:
+      expected_path = test_file_path
+
+    path = test_helper.JoinPath(path_segments)
+    self.assertEqual(path, expected_path)
+
+  def testListDirectory(self):
+    """Tests the ListDirectory function."""
+    test_file_path = self._GetTestFilePath(['unified_logging'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = file_system.NativeFileSystemHelper()
+
+    expected_directory_entries = [
+        '0000000000000030.tracev3',
+        '0000000000000f85.tracev3',
+        'timesync',
+        'uuidtext']
+
+    directory_entries = sorted(test_helper.ListDirectory(test_file_path))
+    self.assertEqual(directory_entries, expected_directory_entries)
+
+  def testOpenFileByPath(self):
+    """Tests the OpenFileByPath function."""
+    test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = file_system.NativeFileSystemHelper()
+
+    file_object = test_helper.OpenFileByPath(test_file_path)
+    self.assertIsNotNone(file_object)
+
+    file_object.close()
+
+  def testSplitPath(self):
+    """Tests the SplitPath function."""
+    test_file_path = self._GetTestFilePath(['utmp-linux_libc6'])
+    self._SkipIfPathNotExists(test_file_path)
+
+    test_helper = file_system.NativeFileSystemHelper()
+
+    expected_path_segments = list(pathlib.Path(test_file_path).parts)
+    expected_path_segments.pop(0)
+
+    path_segments = test_helper.SplitPath(test_file_path)
+    if platform.system() == 'Windows':
+      path_segments.pop(0)
+
+    self.assertEqual(path_segments, expected_path_segments)
+
+
+if __name__ == '__main__':
+  unittest.main()