How to use the plaso.lib.timelib.Timestamp.CopyFromString function in plaso
To help you get started, we’ve selected a few plaso examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
log2timeline / plaso / tests / output / rawpy.py View on Github 
_OS_PATH_SPEC = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location='{0:s}{1:s}'.format(
os.path.sep, os.path.join('cases', 'image.dd')))
_TEST_EVENTS = [
{'data_type': 'test:output',
'display_name': 'OS: /var/log/syslog.1',
'hostname': 'ubuntu',
'inode': 12345678,
'pathspec': path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK, inode=15,
location='/var/log/syslog.1', parent=_OS_PATH_SPEC),
'text': (
'Reporter PID: |8442| (pam_unix(cron:session): session\n '
'closed for user root)'),
'timestamp': timelib.Timestamp.CopyFromString('2012-06-27 18:17:01'),
'timestamp_desc': definitions.TIME_DESCRIPTION_UNKNOWN,
'username': 'root'}]
def testWriteEventBody(self):
"""Tests the WriteEventBody function."""
output_mediator = self._CreateOutputMediator()
output_writer = cli_test_lib.TestOutputWriter()
output_module = rawpy.NativePythonOutputModule(output_mediator)
output_module.SetOutputWriter(output_writer)
event, event_data = containers_test_lib.CreateEventFromValues(
self._TEST_EVENTS[0])
output_module.WriteEventBody(event, event_data, None)
if sys.platform.startswith('win'):
# The dict comparison is very picky on Windows hence weclass TaggingAnalysisPluginTest(test_lib.AnalysisPluginTestCase):
"""Tests the tagging analysis plugin."""
# pylint: disable=protected-access
_TEST_EVENTS = [
{'data_type': 'windows:prefetch',
'timestamp': timelib.Timestamp.CopyFromString('2015-05-01 15:12:00'),
'timestamp_desc': definitions.TIME_DESCRIPTION_UNKNOWN},
{'data_type': 'chrome:history:file_downloaded',
'timestamp': timelib.Timestamp.CopyFromString('2015-05-01 05:06:00'),
'timestamp_desc': definitions.TIME_DESCRIPTION_UNKNOWN},
{'data_type': 'something_else',
'timestamp': timelib.Timestamp.CopyFromString('2015-02-19 08:00:01'),
'timestamp_desc': definitions.TIME_DESCRIPTION_UNKNOWN},
{'data_type': 'windows:evt:record',
'event_identifier': 538,
'source_name': 'Security',
'timestamp': timelib.Timestamp.CopyFromString('2016-05-25 13:00:06'),
'timestamp_desc': definitions.TIME_DESCRIPTION_UNKNOWN},
{'body': 'this is a message',
'data_type': 'windows:evt:record',
'event_identifier': 16,
'timestamp': timelib.Timestamp.CopyFromString('2016-05-25 13:00:06'),
'source_name': 'Messaging',
'timestamp_desc': definitions.TIME_DESCRIPTION_UNKNOWN}]
def testExamineEventAndCompileReport(self):
"""Tests the ExamineEvent and CompileReport functions."""
test_file_path = self._GetTestFilePath(['tagging_file', 'valid.txt'])with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-06-27 18:17:01.')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-06-27 18:17:01.12')
timestamp = timelib.Timestamp.CopyFromString('2012-06-27 18:17:01.123456')
expected_timestamp = 1340821021123456
self.assertEqual(timestamp, expected_timestamp)
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-06-27 18:17:01.1234')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-06-27 18:17:01.1234567')
timestamp = timelib.Timestamp.CopyFromString('2012-06-27 18:17:01+00:00')
expected_timestamp = 1340821021000000
self.assertEqual(timestamp, expected_timestamp)
timestamp = timelib.Timestamp.CopyFromString('2012-06-27 18:17:01+01:00')
expected_timestamp = 1340817421000000
self.assertEqual(timestamp, expected_timestamp)
timestamp = timelib.Timestamp.CopyFromString('2012-06-27 18:17:01-07:00')
expected_timestamp = 1340846221000000
self.assertEqual(timestamp, expected_timestamp)
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-06-27 18:17:01+1')'text': 'This log line reads ohh so much.',
'timestamp': timelib.Timestamp.CopyFromString(
'2012-04-30 10:29:47.929596'),
'timestamp_desc': definitions.TIME_DESCRIPTION_UNKNOWN},
{'data_type': 'test:event',
'filename': 'c:/Temp/evil.exe',
'hostname': 'MYHOSTNAME',
'text': 'Nothing of interest here, move on.',
'timestamp': timelib.Timestamp.CopyFromString(
'2012-04-30 10:29:47.929596'),
'timestamp_desc': definitions.TIME_DESCRIPTION_UNKNOWN},
{'data_type': 'test:event',
'filename': 'c:/Temp/evil.exe',
'hostname': 'MYHOSTNAME',
'text': 'Mr. Evil just logged into the machine and got root.',
'timestamp': timelib.Timestamp.CopyFromString(
'2012-04-30 13:06:47.939596'),
'timestamp_desc': definitions.TIME_DESCRIPTION_UNKNOWN},
{'body': (
'This is a line by someone not reading the log line properly. And '
'since this log line exceeds the accepted 80 chars it will be '
'shortened.'),
'data_type': 'text:entry',
'filename': 'c:/Temp/evil.exe',
'hostname': 'nomachine',
'offset': 12,
# TODO: fix missing body attribute
'text': (
'This is a line by someone not reading the log line properly. And '
'since this log line exceeds the accepted 80 chars it will be '
'shortened.'),
'timestamp': timelib.Timestamp.CopyFromString('timestamp': timelib.Timestamp.CopyFromString('2015-01-01 17:00:01'),
'timestamp_desc': definitions.TIME_DESCRIPTION_UNKNOWN},
{'data_type': 'test:event',
'pathspec': fake_path_spec.FakePathSpec(location='/opt/dfvfs'),
'test_hash': '4',
'timestamp': timelib.Timestamp.CopyFromString('2015-01-01 17:00:02'),
'timestamp_desc': definitions.TIME_DESCRIPTION_UNKNOWN},
{'alternate_test_hash': '5',
'data_type': 'test:event',
'pathspec': fake_path_spec.FakePathSpec(location='/opt/2hash_file'),
'test_hash': '4',
'timestamp': timelib.Timestamp.CopyFromString('2015-01-01 17:00:03'),
'timestamp_desc': definitions.TIME_DESCRIPTION_UNKNOWN},
{'data_type': 'test:event',
'pathspec': fake_path_spec.FakePathSpec(location='/opt/no_hash_file'),
'timestamp': timelib.Timestamp.CopyFromString('2015-01-01 17:00:04'),
'timestamp_desc': definitions.TIME_DESCRIPTION_UNKNOWN}]
def testExamineEventAndCompileReport(self):
"""Tests the ExamineEvent and CompileReport functions."""
plugin = file_hashes.FileHashesPlugin()
storage_writer = self._AnalyzeEvents(self._TEST_EVENTS, plugin)
self.assertEqual(len(storage_writer.analysis_reports), 1)
analysis_report = storage_writer.analysis_reports[0]
expected_text = (
'Listing file paths and hashes\n'
'FAKE:/opt/2hash_file: alternate_test_hash=5 test_hash=4\n'
'FAKE:/opt/dfvfs: test_hash=4\n'
'FAKE:/opt/no_hash_file:\n'_OS_PATH_SPEC = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location='{0:s}{1:s}'.format(
os.path.sep, os.path.join('cases', 'image.dd')))
_TEST_EVENTS = [
{'data_type': 'test:output',
'display_name': 'OS: /var/log/syslog.1',
'hostname': 'ubuntu',
'inode': 12345678,
'pathspec': path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_TSK, inode=15,
location='/var/log/syslog.1', parent=_OS_PATH_SPEC),
'text': (
'Reporter PID: |8442| (pam_unix(cron:session): session\n '
'closed for user root)'),
'timestamp': timelib.Timestamp.CopyFromString('2012-06-27 18:17:01'),
'timestamp_desc': definitions.TIME_DESCRIPTION_UNKNOWN,
'username': 'root'}]
def setUp(self):
"""Makes preparations before running an individual test."""
self._output_writer = cli_test_lib.TestOutputWriter()
output_mediator = self._CreateOutputMediator()
self._output_module = tln.TLNOutputModule(output_mediator)
self._output_module.SetOutputWriter(self._output_writer)
def testWriteHeader(self):
"""Tests the WriteHeader function."""
expected_header = 'Time|Source|Host|User|Description\n'
self._output_module.WriteHeader()SOURCE_LONG = 'Syslog'
class DynamicFieldsHelperTest(test_lib.OutputModuleTestCase):
"""Test the dynamic fields helper."""
# pylint: disable=protected-access
_TEST_EVENTS = [
{'data_type': 'test:dynamic',
'filename': 'log/syslog.1',
'hostname': 'ubuntu',
'text': (
'Reporter PID: 8442 (pam_unix(cron:session): session\n '
'closed for user root)'),
'timestamp': timelib.Timestamp.CopyFromString('2012-06-27 18:17:01'),
'timestamp_desc': definitions.TIME_DESCRIPTION_CHANGE}]
def testFormatDate(self):
"""Tests the _FormatDate function."""
output_mediator = self._CreateOutputMediator()
dynamic_fields_helper = dynamic.DynamicFieldsHelper(output_mediator)
event, event_data = containers_test_lib.CreateEventFromValues(
self._TEST_EVENTS[0])
date_string = dynamic_fields_helper._FormatDate(event, event_data)
self.assertEqual(date_string, '2012-06-27')
event.timestamp = -9223372036854775808
date_string = dynamic_fields_helper._FormatDate(event, event_data)
self.assertEqual(date_string, '0000-00-00')_ = timelib.Timestamp.CopyFromString('2012')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-06')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-6-27')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-00-27')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-13-27')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-01-00')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-01-32')
timestamp = timelib.Timestamp.CopyFromString('2012-06-27 18:17:01')
expected_timestamp = 1340821021000000
self.assertEqual(timestamp, expected_timestamp)
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-06-27 18')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-06-27 18:17')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-06-27 18:17:1')"""Tests the CopyFromString function."""
timestamp = timelib.Timestamp.CopyFromString('2012-06-27')
expected_timestamp = 1340755200000000
self.assertEqual(timestamp, expected_timestamp)
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString(None)
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-06')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-6-27')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-00-27')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-13-27')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-01-00')
with self.assertRaises(ValueError):
_ = timelib.Timestamp.CopyFromString('2012-01-32')timestamp = timelib.Timestamp.LocaltimeToUTC(
local_timestamp, timezone, is_dst=False)
expected_timestamp = timelib.Timestamp.CopyFromString(
'2013-03-31 01:00:00')
self.assertEqual(timestamp, expected_timestamp)
# In the local timezone this is an ambiguous timestamp.
local_timestamp = timelib.Timestamp.CopyFromString('2013-10-27 02:30:00')
with self.assertRaises(pytz.AmbiguousTimeError):
timelib.Timestamp.LocaltimeToUTC(local_timestamp, timezone, is_dst=None)
timestamp = timelib.Timestamp.LocaltimeToUTC(
local_timestamp, timezone, is_dst=True)
expected_timestamp = timelib.Timestamp.CopyFromString(
'2013-10-27 00:30:00')
self.assertEqual(timestamp, expected_timestamp)
timestamp = timelib.Timestamp.LocaltimeToUTC(local_timestamp, timezone)
expected_timestamp = timelib.Timestamp.CopyFromString(
'2013-10-27 01:30:00')
self.assertEqual(timestamp, expected_timestamp)
# Use the UTC timezone.
self.assertEqual(
timelib.Timestamp.LocaltimeToUTC(local_timestamp, pytz.UTC),
local_timestamp)
# Use a timezone in the Western Hemisphere.
timezone = pytz.timezone('EST')plaso
Plaso (log2timeline) - Super timeline all the things
Package Health Score
81 / 100Popular plaso functions
- plaso.containers.events
- plaso.containers.events.EventData
- plaso.containers.sessions.Session
- plaso.containers.time_events
- plaso.containers.time_events.DateTimeValuesEvent
- plaso.engine.knowledge_base.KnowledgeBase
- plaso.formatters.interface
- plaso.formatters.interface.ConditionalEventFormatter
- plaso.formatters.manager
- plaso.formatters.manager.FormattersManager
- plaso.formatters.manager.FormattersManager.RegisterFormatter
- plaso.lib.definitions
- plaso.lib.errors
- plaso.lib.errors.BadConfigObject
- plaso.lib.errors.BadConfigOption
- plaso.lib.errors.ParseError
- plaso.lib.errors.UnableToParseFile
- plaso.lib.py2to3
- plaso.lib.timelib.Timestamp.CopyFromString
- plaso.parsers.manager.ParsersManager.RegisterParser