def testProcess(self): """Tests the Process function on created key.""" key_path = u'HKEY_CURRENT_USER\\Network' time_string = u'2013-01-30 10:47:57' registry_key = self._CreateTestKey(key_path, time_string) plugin_object = network_drives.NetworkDrivesPlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin_object) self.assertEqual(len(storage_writer.events), 2) events = self._GetSortedEvents(storage_writer.events) event_object = events[0] expected_timestamp = timelib.Timestamp.CopyFromString(time_string) self.assertEqual(event_object.timestamp, expected_timestamp) expected_message = (u'[{0:s}] ' u'DriveLetter: H ' u'RemoteServer: acme.local ' u'ShareName: \\Shares\\User_Data\\John.Doe ' u'Type: Mapped Drive').format(key_path) expected_short_message = u'{0:s}...'.format(expected_message[0:77]) self._TestGetMessageStrings(event_object, expected_message, expected_short_message)
def testFilters(self): """Tests the FILTERS class attribute.""" plugin = network_drives.NetworkDrivesPlugin() self._AssertFiltersOnKeyPath(plugin, 'HKEY_CURRENT_USER\\Network') self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus')
def testProcess(self): """Tests the Process function on created key.""" key_path = 'HKEY_CURRENT_USER\\Network' time_string = '2013-01-30 10:47:57' registry_key = self._CreateTestKey(key_path, time_string) plugin = network_drives.NetworkDrivesPlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 2) events = list(storage_writer.GetSortedEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2013-01-30 10:47:57.000000') event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.data_type, 'windows:registry:network_drive') expected_message = ( '[{0:s}] ' 'DriveLetter: H ' 'RemoteServer: acme.local ' 'ShareName: \\Shares\\User_Data\\John.Doe ' 'Type: Mapped Drive').format(key_path) expected_short_message = '{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings( event_data, expected_message, expected_short_message)
def testProcess(self): """Tests the Process function on created key.""" key_path = 'HKEY_CURRENT_USER\\Network' registry_key = self._CreateTestKey(key_path, '2013-01-30 10:47:57') plugin = network_drives.NetworkDrivesPlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin) number_of_events = storage_writer.GetNumberOfAttributeContainers( 'event') self.assertEqual(number_of_events, 2) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'extraction_warning') self.assertEqual(number_of_warnings, 0) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'recovery_warning') self.assertEqual(number_of_warnings, 0) events = list(storage_writer.GetSortedEvents()) expected_event_values = { 'date_time': '2013-01-30 10:47:57.0000000', 'data_type': 'windows:registry:network_drive', 'drive_letter': 'H', 'key_path': key_path, 'server_name': 'acme.local', 'share_name': '\\Shares\\User_Data\\John.Doe' } self.CheckEventValues(storage_writer, events[0], expected_event_values)