def testProcess(self): """Tests the Process function.""" test_file_entry = self._GetTestFileEntry(['NTUSER-WIN7.DAT']) key_path = ( 'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\' 'Explorer\\MountPoints2') win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) registry_key = win_registry.GetKeyByPath(key_path) plugin = mountpoints.MountPoints2Plugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin, file_entry=test_file_entry) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 5) events = list(storage_writer.GetEvents()) expected_event_values = { 'data_type': 'windows:registry:mount_points2', 'key_path': key_path, 'label': 'Home Drive', 'name': '##controller#home#nfury', # This should just be the plugin name, as we're invoking it directly, # and not through the parser. 'parser': plugin.plugin_name, 'server_name': 'controller', 'share_name': '\\home\\nfury', 'timestamp': '2011-08-23 17:10:14.960961', 'type': 'Remote Drive' } self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testFilters(self): """Tests the FILTERS class attribute.""" plugin = mountpoints.MountPoints2Plugin() key_path = ( 'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\' 'Explorer\\MountPoints2') self._AssertFiltersOnKeyPath(plugin, key_path) self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus')
def testProcess(self): """Tests the Process function.""" test_file_entry = self._GetTestFileEntry(['NTUSER-WIN7.DAT']) key_path = ( 'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\' 'Explorer\\MountPoints2') win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) registry_key = win_registry.GetKeyByPath(key_path) plugin = mountpoints.MountPoints2Plugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin, file_entry=test_file_entry) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 5) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2011-08-23 17:10:14.960961') event_data = self._GetEventDataOfEvent(storage_writer, event) # This should just be the plugin name, as we're invoking it directly, # and not through the parser. self.assertEqual(event_data.parser, plugin.plugin_name) self.assertEqual(event_data.data_type, 'windows:registry:mount_points2') self.assertEqual(event_data.pathspec, test_file_entry.path_spec) self.assertEqual(event_data.share_name, '\\home\\nfury') expected_message = ('[{0:s}] ' 'Label: Home Drive ' 'Remote_Server: controller ' 'Share_Name: \\home\\nfury ' 'Type: Remote Drive ' 'Volume: ##controller#home#nfury').format(key_path) expected_short_message = '{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings(event_data, expected_message, expected_short_message)
def testProcess(self): """Tests the Process function.""" test_file_entry = self._GetTestFileEntry([u'NTUSER-WIN7.DAT']) key_path = ( u'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\' u'Explorer\\MountPoints2') win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) registry_key = win_registry.GetKeyByPath(key_path) plugin = mountpoints.MountPoints2Plugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin, file_entry=test_file_entry) self.assertEqual(storage_writer.number_of_events, 5) events = list(storage_writer.GetEvents()) event = events[0] self.assertEqual(event.pathspec, test_file_entry.path_spec) # This should just be the plugin name, as we're invoking it directly, # and not through the parser. self.assertEqual(event.parser, plugin.plugin_name) expected_timestamp = timelib.Timestamp.CopyFromString( u'2011-08-23 17:10:14.960960') self.assertEqual(event.timestamp, expected_timestamp) regvalue = event.regvalue self.assertEqual(regvalue.get(u'Share_Name'), u'\\home\\nfury') expected_message = ( u'[{0:s}] Label: Home Drive Remote_Server: controller Share_Name: ' u'\\home\\nfury Type: Remote Drive Volume: ' u'##controller#home#nfury').format(key_path) expected_short_message = u'{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings(event, expected_message, expected_short_message)
def setUp(self): """Sets up the needed objects used throughout the test.""" self._plugin = mountpoints.MountPoints2Plugin()
def setUp(self): """Makes preparations before running an individual test.""" self._plugin = mountpoints.MountPoints2Plugin()