Added tests for parser preferred time zone handling log2timeline#3287

joachimmetz · May 24, 2021 · ff8656c · ff8656c
1 parent bf160a2
commit ff8656c
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 2 deletions.
diff --git a/test_data/MSHist012013031020130311-index.dat b/test_data/MSHist012013031020130311-index.dat
diff --git a/tests/parsers/msiecf.py b/tests/parsers/msiecf.py
@@ -24,9 +24,10 @@ def testParse(self):
     #   Number of items                 : 7
     #   Number of recovered items       : 11
 
-    self.assertEqual(storage_writer.number_of_warnings, 0)
     # 7 + 11 records, each with 4 records.
     self.assertEqual(storage_writer.number_of_events, (7 + 11) * 4)
+    self.assertEqual(storage_writer.number_of_extraction_warnings, 0)
+    self.assertEqual(storage_writer.number_of_recovery_warnings, 0)
 
     events = list(storage_writer.GetEvents())
 
@@ -79,7 +80,8 @@ def testParseLeakAndRedirect(self):
     """Tests the Parse function with leak and redirected records."""
     parser = msiecf.MSIECFParser()
     storage_writer = self._ParseFile(['nfury_index.dat'], parser)
-    self.assertEqual(storage_writer.number_of_warnings, 0)
+    self.assertEqual(storage_writer.number_of_extraction_warnings, 0)
+    self.assertEqual(storage_writer.number_of_recovery_warnings, 0)
 
     # MSIE Cache File information:
     #   Version                         : 5.2
@@ -136,6 +138,43 @@ def testParseLeakAndRedirect(self):
 
     self.CheckEventValues(storage_writer, events[21], expected_event_values)
 
+  def testParseWithTimeZone(self):
+    """Tests the Parse function with a time zone."""
+    parser = msiecf.MSIECFParser()
+    storage_writer = self._ParseFile(
+        ['MSHist012013031020130311-index.dat'], parser,
+        timezone='Europe/Amsterdam')
+
+    self.assertEqual(storage_writer.number_of_events, 83)
+    self.assertEqual(storage_writer.number_of_extraction_warnings, 0)
+    self.assertEqual(storage_writer.number_of_recovery_warnings, 0)
+
+    events = list(storage_writer.GetEvents())
+
+    # Test primary last visited time, in UTC, event.
+    expected_event_values = {
+        'timestamp': '2013-03-10 10:18:17.281000',
+        'timestamp_desc': definitions.TIME_DESCRIPTION_LAST_VISITED,
+        'url': ':2013031020130311: -@:Host: libmsiecf.googlecode.com'}
+
+    self.CheckEventValues(storage_writer, events[80], expected_event_values)
+
+    # Test secondary last visited time, in local time, event.
+    expected_event_values = {
+        'timestamp': '2013-03-10 10:18:17.281000',
+        'timestamp_desc': definitions.TIME_DESCRIPTION_LAST_VISITED,
+        'url': ':2013031020130311: -@:Host: libmsiecf.googlecode.com'}
+
+    self.CheckEventValues(storage_writer, events[81], expected_event_values)
+
+    # Test last checked time event.
+    expected_event_values = {
+        'timestamp': '2013-03-10 10:18:18.000000',
+        'timestamp_desc': definitions.TIME_DESCRIPTION_LAST_CHECKED,
+        'url': ':2013031020130311: -@:Host: libmsiecf.googlecode.com'}
+
+    self.CheckEventValues(storage_writer, events[82], expected_event_values)
+
 
 if __name__ == '__main__':
   unittest.main()