tests: add test for hex64 value and issue 38

williballenthin · williballenthin · commit 94970af0c928 · 2017-06-27T11:23:29.000-04:00
closes #38
diff --git a/tests/data/issue_38.evtx b/tests/data/issue_38.evtx
diff --git a/tests/data/readme.md b/tests/data/readme.md
@@ -7,3 +7,6 @@ The source for security.evtx with md5 8fa20a376cb6745453bc51f906e0fcd0
 The source for ae831beda7dfda43f4de0e18a1035f64/dns_log_malformed.evtx
  was @stephensheridan, via Github issue #37 (https://github.com/williballenthin/python-evtx/issues/37).
 
+The source for d75c90e629f38c7b9e612905e02e2255  issue_38.evtx
+ was @nbareil, via Github issue #38 (https://github.com/williballenthin/python-evtx/issues/38).
+
diff --git a/tests/test_issue_38.py b/tests/test_issue_38.py
@@ -0,0 +1,46 @@
+import os
+import pytest
+
+import Evtx.Evtx as evtx
+
+from fixtures import *
+
+
+
+def one(iterable):
+    '''
+    fetch a single element from the given iterable.
+
+    Args:
+      iterable (iterable): a sequence of things.
+
+    Returns:
+      object: the first thing in the sequence.
+    '''
+    for i in iterable:
+        return i
+
+
+def get_child(node, tag, ns="{http://schemas.microsoft.com/win/2004/08/events/event}"):
+    return node.find("%s%s" % (ns, tag))
+
+
+def test_hex64_value(data_path):
+    '''
+    regression test demonstrating issue 38.
+
+    Args:
+      data_path (str): the file system path of the test directory.
+    '''
+    with evtx.Evtx(os.path.join(data_path, 'issue_38.evtx')) as log:
+        for chunk in log.chunks():
+            record = one(chunk.records())
+            event_data = get_child(record.lxml(), 'EventData')
+            for data in event_data:
+                if data.get('Name') != 'SubjectLogonId':
+                    continue
+
+                assert data.text == '0x000000000019d3af'
+
+
+
