def testProcess(self): """Tests the Process function.""" test_file_entry = self._GetTestFileEntry(['SYSTEM']) key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum\\USB' win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) registry_key = win_registry.GetKeyByPath(key_path) plugin = usb.USBPlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin, file_entry=test_file_entry) self.assertEqual(storage_writer.number_of_events, 7) self.assertEqual(storage_writer.number_of_extraction_warnings, 0) self.assertEqual(storage_writer.number_of_recovery_warnings, 0) events = list(storage_writer.GetEvents()) expected_event_values = { 'date_time': '2012-04-07 10:31:37.6252465', 'data_type': 'windows:registry:usb', 'key_path': key_path, # This should just be the plugin name, as we're invoking it directly, # and not through the parser. 'parser': plugin.NAME, 'product': 'PID_0002', 'serial': '6&2ab01149&0&2', 'subkey_name': 'VID_0E0F&PID_0002', 'vendor': 'VID_0E0F' } self.CheckEventValues(storage_writer, events[3], expected_event_values)
def testFilters(self): """Tests the FILTERS class attribute.""" plugin = usb.USBPlugin() key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum\\USB' self._AssertFiltersOnKeyPath(plugin, key_path) self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus')
def testProcess(self): """Tests the Process function.""" test_file_entry = self._GetTestFileEntry(['SYSTEM']) key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum\\USB' win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) registry_key = win_registry.GetKeyByPath(key_path) plugin = usb.USBPlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin, file_entry=test_file_entry) self.assertEqual(storage_writer.number_of_events, 7) events = list(storage_writer.GetEvents()) event = events[3] self.assertEqual(event.pathspec, test_file_entry.path_spec) # This should just be the plugin name, as we're invoking it directly, # and not through the parser. self.assertEqual(event.parser, plugin.plugin_name) expected_value = 'VID_0E0F&PID_0002' self._TestRegvalue(event, 'subkey_name', expected_value) self._TestRegvalue(event, 'vendor', 'VID_0E0F') self._TestRegvalue(event, 'product', 'PID_0002') # Match UTC timestamp. expected_timestamp = timelib.Timestamp.CopyFromString( '2012-04-07 10:31:37.625246') self.assertEqual(event.timestamp, expected_timestamp) expected_message = ('[{0:s}] ' 'product: PID_0002 ' 'serial: 6&2ab01149&0&2 ' 'subkey_name: VID_0E0F&PID_0002 ' 'vendor: VID_0E0F').format(key_path) expected_short_message = '{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings(event, expected_message, expected_short_message)
def testProcess(self): """Tests the Process function.""" test_file_entry = self._GetTestFileEntry(['SYSTEM']) key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum\\USB' win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) registry_key = win_registry.GetKeyByPath(key_path) plugin = usb.USBPlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin, file_entry=test_file_entry) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 7) events = list(storage_writer.GetEvents()) event = events[3] self.CheckTimestamp(event.timestamp, '2012-04-07 10:31:37.625247') event_data = self._GetEventDataOfEvent(storage_writer, event) # This should just be the plugin name, as we're invoking it directly, # and not through the parser. self.assertEqual(event_data.parser, plugin.plugin_name) self.assertEqual(event_data.data_type, 'windows:registry:usb') self.assertEqual(event_data.pathspec, test_file_entry.path_spec) self.assertEqual(event_data.subkey_name, 'VID_0E0F&PID_0002') self.assertEqual(event_data.vendor, 'VID_0E0F') self.assertEqual(event_data.product, 'PID_0002') expected_message = ('[{0:s}] ' 'Product: PID_0002 ' 'Serial: 6&2ab01149&0&2 ' 'Subkey name: VID_0E0F&PID_0002 ' 'Vendor: VID_0E0F').format(key_path) expected_short_message = '{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings(event, expected_message, expected_short_message)
def setUp(self): """Sets up the needed objects used throughout the test.""" self._plugin = usb.USBPlugin()
def setUp(self): """Makes preparations before running an individual test.""" self._plugin = usb.USBPlugin()