def testProcess(self):
"""Tests the Process function."""
test_file_entry = self._GetTestFileEntry(['NTUSER-WIN7.DAT'])
key_path = (
'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\'
'Explorer\\MountPoints2')
win_registry = self._GetWinRegistryFromFileEntry(test_file_entry)
registry_key = win_registry.GetKeyByPath(key_path)
plugin = mountpoints.MountPoints2Plugin()
storage_writer = self._ParseKeyWithPlugin(registry_key,
plugin,
file_entry=test_file_entry)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 5)
events = list(storage_writer.GetEvents())
expected_event_values = {
'data_type': 'windows:registry:mount_points2',
'key_path': key_path,
'label': 'Home Drive',
'name': '##controller#home#nfury',
# This should just be the plugin name, as we're invoking it directly,
# and not through the parser.
'parser': plugin.plugin_name,
'server_name': 'controller',
'share_name': '\\home\\nfury',
'timestamp': '2011-08-23 17:10:14.960961',
'type': 'Remote Drive'
}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testFilters(self):
"""Tests the FILTERS class attribute."""
plugin = mountpoints.MountPoints2Plugin()
key_path = (
'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\'
'Explorer\\MountPoints2')
self._AssertFiltersOnKeyPath(plugin, key_path)
self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus')
def testProcess(self):
"""Tests the Process function."""
test_file_entry = self._GetTestFileEntry(['NTUSER-WIN7.DAT'])
key_path = (
'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\'
'Explorer\\MountPoints2')
win_registry = self._GetWinRegistryFromFileEntry(test_file_entry)
registry_key = win_registry.GetKeyByPath(key_path)
plugin = mountpoints.MountPoints2Plugin()
storage_writer = self._ParseKeyWithPlugin(registry_key,
plugin,
file_entry=test_file_entry)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 5)
events = list(storage_writer.GetEvents())
event = events[0]
self.CheckTimestamp(event.timestamp, '2011-08-23 17:10:14.960961')
event_data = self._GetEventDataOfEvent(storage_writer, event)
# This should just be the plugin name, as we're invoking it directly,
# and not through the parser.
self.assertEqual(event_data.parser, plugin.plugin_name)
self.assertEqual(event_data.data_type,
'windows:registry:mount_points2')
self.assertEqual(event_data.pathspec, test_file_entry.path_spec)
self.assertEqual(event_data.share_name, '\\home\\nfury')
expected_message = ('[{0:s}] '
'Label: Home Drive '
'Remote_Server: controller '
'Share_Name: \\home\\nfury '
'Type: Remote Drive '
'Volume: ##controller#home#nfury').format(key_path)
expected_short_message = '{0:s}...'.format(expected_message[:77])
self._TestGetMessageStrings(event_data, expected_message,
expected_short_message)
def testProcess(self):
"""Tests the Process function."""
test_file_entry = self._GetTestFileEntry([u'NTUSER-WIN7.DAT'])
key_path = (
u'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\'
u'Explorer\\MountPoints2')
win_registry = self._GetWinRegistryFromFileEntry(test_file_entry)
registry_key = win_registry.GetKeyByPath(key_path)
plugin = mountpoints.MountPoints2Plugin()
storage_writer = self._ParseKeyWithPlugin(registry_key,
plugin,
file_entry=test_file_entry)
self.assertEqual(storage_writer.number_of_events, 5)
events = list(storage_writer.GetEvents())
event = events[0]
self.assertEqual(event.pathspec, test_file_entry.path_spec)
# This should just be the plugin name, as we're invoking it directly,
# and not through the parser.
self.assertEqual(event.parser, plugin.plugin_name)
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2011-08-23 17:10:14.960960')
self.assertEqual(event.timestamp, expected_timestamp)
regvalue = event.regvalue
self.assertEqual(regvalue.get(u'Share_Name'), u'\\home\\nfury')
expected_message = (
u'[{0:s}] Label: Home Drive Remote_Server: controller Share_Name: '
u'\\home\\nfury Type: Remote Drive Volume: '
u'##controller#home#nfury').format(key_path)
expected_short_message = u'{0:s}...'.format(expected_message[:77])
self._TestGetMessageStrings(event, expected_message,
expected_short_message)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._plugin = mountpoints.MountPoints2Plugin()
def setUp(self): """Makes preparations before running an individual test.""" self._plugin = mountpoints.MountPoints2Plugin()
