Skip to content

Commit

Permalink
Applied updates and worked on tests
Browse files Browse the repository at this point in the history
  • Loading branch information
joachimmetz committed Jan 10, 2024
1 parent dfc15fe commit 7015b6d
Show file tree
Hide file tree
Showing 3 changed files with 55 additions and 2 deletions.
15 changes: 15 additions & 0 deletions esedbrc/data/known_databases.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,19 @@
# esedb-kb database definitions
---
artifact_definition: InternetExplorerHistory
database_identifier: windows_WebCacheVXX.dat
---
artifact_definition: WindowsBITSQueueManagerDatabases
database_identifier: windows_bits_qmgr.db
---
artifact_definition: WindowsCortanaDatabase
database_identifier: windows_CortanaCoreDb.dat
---
artifact_definition: WindowsSearchDatabase
database_identifier: windows_search_Windows.edb
---
artifact_definition: WindowsSecuritySettingsDatabases
database_identifier: windows_secedit.sdb
---
artifact_definition: WindowsSystemResourceUsageMonitorDatabaseFile
database_identifier: windows_SRUDB.dat
2 changes: 2 additions & 0 deletions esedbrc/schema_extractor.py
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,8 @@ def _GetDatabaseSchemaFromFileObject(self, file_object):
is_unique_table = False

if is_unique_table:
# TODO: generalize name of unique tables e.g. change AppCacheEntryEx_9
# into AppCacheEntryEx_# or AppCacheEntryEx_1
unique_table_definitions.append(table_definition)

finally:
Expand Down
40 changes: 38 additions & 2 deletions tests/schema_extractor.py
Original file line number Diff line number Diff line change
Expand Up @@ -66,9 +66,45 @@ def testFormatSchemaAsYAML(self):

self.assertEqual(yaml_data, expected_yaml_data)

# TODO: add tests for _GetDatabaseSchema
# TODO: add tests for _GetDatabaseIdentifier
# TODO: add tests for _GetDatabaseSchemaFromFileObject

def testGetDatabaseSchema(self):
"""Tests the _GetDatabaseSchema function."""
test_extractor = schema_extractor.EseDbSchemaExtractor(
self._ARTIFACT_DEFINITIONS_PATH)

database_path = self._GetTestFilePath(['WebCacheV01.dat'])
schema = test_extractor._GetDatabaseSchema(database_path)

self.assertIsNotNone(schema)
self.assertEqual(len(schema), 10)

table_definition = schema[0]
self.assertIsNotNone(table_definition)
self.assertEqual(len(table_definition.aliases), 1)
self.assertEqual(len(table_definition.column_definitions), 27)
self.assertEqual(table_definition.name, 'MSysObjects')
self.assertIsNone(table_definition.template_table_name)

def testGetDatabaseSchemaFromFileObject(self):
"""Tests the _GetDatabaseSchemaFromFileObject function."""
test_extractor = schema_extractor.EseDbSchemaExtractor(
self._ARTIFACT_DEFINITIONS_PATH)

database_path = self._GetTestFilePath(['WebCacheV01.dat'])
with open(database_path, 'rb') as file_object:
schema = test_extractor._GetDatabaseSchemaFromFileObject(file_object)

self.assertIsNotNone(schema)
self.assertEqual(len(schema), 10)

table_definition = schema[0]
self.assertIsNotNone(table_definition)
self.assertEqual(len(table_definition.aliases), 1)
self.assertEqual(len(table_definition.column_definitions), 27)
self.assertEqual(table_definition.name, 'MSysObjects')
self.assertIsNone(table_definition.template_table_name)

# TODO: add tests for GetDisplayPath
# TODO: add tests for ExtractSchemas
# TODO: add tests for FormatSchema
Expand Down

0 comments on commit 7015b6d

Please sign in to comment.