def testProcessFile(self):
"""Tests the Process function on registry file."""
test_file_entry = self._GetTestFileEntry(['SYSTEM'])
key_path = (
'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\'
'TimeZoneInformation')
win_registry = self._GetWinRegistryFromFileEntry(test_file_entry)
registry_key = win_registry.GetKeyByPath(key_path)
plugin = winreg_timezone.WinRegTimezonePlugin()
storage_writer = self._ParseKeyWithPlugin(
registry_key, plugin, file_entry=test_file_entry)
self.assertEqual(storage_writer.number_of_events, 1)
events = list(storage_writer.GetEvents())
event = events[0]
self.CheckTimestamp(event.timestamp, '2012-03-11 07:00:00.000642')
expected_message = (
'[{0:s}] '
'ActiveTimeBias: 240 '
'Bias: 300 '
'DaylightBias: -60 '
'DaylightName: @tzres.dll,-111 '
'DynamicDaylightTimeDisabled: 0 '
'StandardBias: 0 '
'StandardName: @tzres.dll,-112 '
'TimeZoneKeyName: Eastern Standard Time').format(key_path)
expected_short_message = '{0:s}...'.format(expected_message[:77])
self._TestGetMessageStrings(event, expected_message, expected_short_message)
def testProcessMock(self):
"""Tests the Process function on created key."""
key_path = ('HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\'
'TimeZoneInformation')
time_string = '2013-01-30 10:47:57'
registry_key = self._CreateTestKey(key_path, time_string)
plugin = winreg_timezone.WinRegTimezonePlugin()
storage_writer = self._ParseKeyWithPlugin(registry_key, plugin)
self.assertEqual(storage_writer.number_of_events, 1)
events = list(storage_writer.GetEvents())
event = events[0]
self.CheckTimestamp(event.timestamp, '2013-01-30 10:47:57.000000')
expected_message = (
'[{0:s}] '
'ActiveTimeBias: -60 '
'Bias: -60 '
'DaylightBias: -60 '
'DaylightName: @tzres.dll,-321 '
'DynamicDaylightTimeDisabled: 0 '
'StandardBias: 0 '
'StandardName: @tzres.dll,-322 '
'TimeZoneKeyName: W. Europe Standard Time').format(key_path)
expected_short_message = '{0:s}...'.format(expected_message[:77])
self._TestGetMessageStrings(event, expected_message,
expected_short_message)
def testProcessMock(self):
"""Tests the Process function on created key."""
key_path = (u'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\'
u'TimeZoneInformation')
time_string = u'2013-01-30 10:47:57'
registry_key = self._CreateTestKey(key_path, time_string)
plugin_object = winreg_timezone.WinRegTimezonePlugin()
storage_writer = self._ParseKeyWithPlugin(registry_key, plugin_object)
self.assertEqual(len(storage_writer.events), 1)
event_object = storage_writer.events[0]
expected_timestamp = timelib.Timestamp.CopyFromString(time_string)
self.assertEqual(event_object.timestamp, expected_timestamp)
expected_message = (
u'[{0:s}] '
u'ActiveTimeBias: -60 '
u'Bias: -60 '
u'DaylightBias: -60 '
u'DaylightName: @tzres.dll,-321 '
u'DynamicDaylightTimeDisabled: 0 '
u'StandardBias: 0 '
u'StandardName: @tzres.dll,-322 '
u'TimeZoneKeyName: W. Europe Standard Time').format(key_path)
expected_short_message = u'{0:s}...'.format(expected_message[:77])
self._TestGetMessageStrings(event_object, expected_message,
expected_short_message)
def testProcessMock(self):
"""Tests the Process function on created key."""
key_path = ('HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\'
'TimeZoneInformation')
time_string = '2013-01-30 10:47:57'
registry_key = self._CreateTestKey(key_path, time_string)
plugin = timezone.WinRegTimezonePlugin()
storage_writer = self._ParseKeyWithPlugin(registry_key, plugin)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 1)
events = list(storage_writer.GetEvents())
expected_configuration = ('ActiveTimeBias: -60 '
'Bias: -60 '
'DaylightBias: -60 '
'DaylightName: @tzres.dll,-321 '
'DynamicDaylightTimeDisabled: 0 '
'StandardBias: 0 '
'StandardName: @tzres.dll,-322 '
'TimeZoneKeyName: W. Europe Standard Time')
expected_event_values = {
'configuration': expected_configuration,
'key_path': key_path,
'data_type': 'windows:registry:timezone',
'timestamp': '2013-01-30 10:47:57.000000'
}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testFilters(self):
"""Tests the FILTERS class attribute."""
plugin = winreg_timezone.WinRegTimezonePlugin()
key_path = ('HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\'
'TimeZoneInformation')
self._AssertFiltersOnKeyPath(plugin, key_path)
self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus')
def testProcessFile(self):
"""Tests the Process function on registry file."""
test_file_entry = self._GetTestFileEntry(['SYSTEM'])
key_path = ('HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\'
'TimeZoneInformation')
win_registry = self._GetWinRegistryFromFileEntry(test_file_entry)
registry_key = win_registry.GetKeyByPath(key_path)
plugin = timezone.WinRegTimezonePlugin()
storage_writer = self._ParseKeyWithPlugin(registry_key,
plugin,
file_entry=test_file_entry)
number_of_events = storage_writer.GetNumberOfAttributeContainers(
'event')
self.assertEqual(number_of_events, 1)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'extraction_warning')
self.assertEqual(number_of_warnings, 0)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'recovery_warning')
self.assertEqual(number_of_warnings, 0)
events = list(storage_writer.GetEvents())
expected_configuration = ('ActiveTimeBias: 240 '
'Bias: 300 '
'DaylightBias: -60 '
'DaylightName: @tzres.dll,-111 '
'DynamicDaylightTimeDisabled: 0 '
'StandardBias: 0 '
'StandardName: @tzres.dll,-112 '
'TimeZoneKeyName: Eastern Standard Time')
expected_event_values = {
'configuration': expected_configuration,
'data_type': 'windows:registry:timezone',
'date_time': '2012-03-11 07:00:00.0006424',
'key_path': key_path
}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testProcessFile(self):
"""Tests the Process function on registry file."""
test_file_entry = self._GetTestFileEntry([u'SYSTEM'])
key_path = (u'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\'
u'TimeZoneInformation')
win_registry = self._GetWinRegistryFromFileEntry(test_file_entry)
registry_key = win_registry.GetKeyByPath(key_path)
plugin_object = winreg_timezone.WinRegTimezonePlugin()
storage_writer = self._ParseKeyWithPlugin(registry_key,
plugin_object,
file_entry=test_file_entry)
self.assertEqual(len(storage_writer.events), 1)
event_object = storage_writer.events[0]
expected_timestamp = timelib.Timestamp.CopyFromString(
u'2012-03-11 07:00:00.000642')
self.assertEqual(event_object.timestamp, expected_timestamp)
expected_message = (
u'[{0:s}] '
u'ActiveTimeBias: 240 '
u'Bias: 300 '
u'DaylightBias: -60 '
u'DaylightName: @tzres.dll,-111 '
u'DynamicDaylightTimeDisabled: 0 '
u'StandardBias: 0 '
u'StandardName: @tzres.dll,-112 '
u'TimeZoneKeyName: Eastern Standard Time').format(key_path)
expected_short_message = u'{0:s}...'.format(expected_message[:77])
self._TestGetMessageStrings(event_object, expected_message,
expected_short_message)
def setUp(self): """Makes preparations before running an individual test.""" self._plugin = winreg_timezone.WinRegTimezonePlugin()
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._plugin = winreg_timezone.WinRegTimezonePlugin()