def testProcess(self):
"""Tests the Process function."""
key_path = u'\\Microsoft\\Some Windows\\InterestingApp\\MRU'
time_string = u'2012-08-28 09:23:49.002031'
registry_key = self._CreateTestKey(key_path, time_string)
plugin_object = default.DefaultPlugin()
storage_writer = self._ParseKeyWithPlugin(registry_key, plugin_object)
self.assertEqual(len(storage_writer.events), 1)
event_object = storage_writer.events[0]
# This should just be the plugin name, as we're invoking it directly,
# and not through the parser.
self.assertEqual(event_object.parser, plugin_object.plugin_name)
expected_timestamp = timelib.Timestamp.CopyFromString(time_string)
self.assertEqual(event_object.timestamp, expected_timestamp)
expected_message = (u'[{0:s}] '
u'MRUList: [REG_SZ] acb '
u'a: [REG_SZ] Some random text here '
u'b: [REG_BINARY] '
u'c: [REG_SZ] C:/looks_legit.exe').format(key_path)
expected_short_message = u'{0:s}...'.format(expected_message[:77])
self._TestGetMessageStrings(event_object, expected_message,
expected_short_message)
def testProcess(self):
"""Tests the Process function."""
key_path = '\\Microsoft\\Some Windows\\InterestingApp\\MRU'
time_string = '2012-08-28 09:23:49.002031'
registry_key = self._CreateTestKey(key_path, time_string)
plugin = default.DefaultPlugin()
storage_writer = self._ParseKeyWithPlugin(registry_key, plugin)
number_of_events = storage_writer.GetNumberOfAttributeContainers(
'event')
self.assertEqual(number_of_events, 1)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'extraction_warning')
self.assertEqual(number_of_warnings, 0)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'recovery_warning')
self.assertEqual(number_of_warnings, 0)
events = list(storage_writer.GetEvents())
expected_values = ('MRUList: [REG_SZ] acb '
'a: [REG_SZ] Some random text here '
'b: [REG_BINARY] (22 bytes) '
'c: [REG_SZ] C:/looks_legit.exe')
expected_event_values = {
'date_time': '2012-08-28 09:23:49.0020310',
'data_type': 'windows:registry:key_value',
'key_path': key_path,
# This should just be the plugin name, as we're invoking it directly,
# and not through the parser.
'parser': plugin.NAME,
'values': expected_values
}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._plugin = default.DefaultPlugin()
def setUp(self):
"""Makes preparations before running an individual test."""
self._plugin = default.DefaultPlugin()