def test_registry_hive(self): hive_string = "HKLM" normalized_hive_string = "HKEY_LOCAL_MACHINE" registry_key_obj = WinRegistryKey() registry_key_obj.hive = hive_string normalize_object_properties(registry_key_obj) self.assertEqual(registry_key_obj.hive.value, normalized_hive_string)
def test_file_path(self): file_path_string = "%WinDir%\abcd.dll" normalized_file_path_string = "CSIDL_WINDOWS\abcd.dll" file_obj = File() file_obj.file_path = file_path_string normalize_object_properties(file_obj) self.assertEqual(file_obj.file_path.value, normalized_file_path_string)
def test_process_image_info_path(self): file_path_string = "C:\Windows\System32\abcd.dll" normalized_file_path_string = "CSIDL_SYSTEM\abcd.dll" process_obj = Process() process_obj.image_info = ImageInfo() process_obj.image_info.path = file_path_string normalize_object_properties(process_obj) self.assertEqual(process_obj.image_info.path.value, normalized_file_path_string)
def test_registry_value_data(self): file_path_string = "C:" normalized_file_path_string = "%SystemDrive%" registry_key_obj = WinRegistryKey() registry_key_obj.values = RegistryValues() registry_value = RegistryValue() registry_value.data = file_path_string registry_key_obj.values.append(registry_value) normalize_object_properties(registry_key_obj) self.assertEqual(registry_key_obj.values[0].data.value, normalized_file_path_string)
def normalize_objects(self): """Normalize all Objects in the Bundle, using the CybOX normalize module.""" all_objects = self.get_all_objects(include_actions = True) for object in all_objects: if object.properties: normalize_object_properties(object.properties)
def normalize_objects(self): """Normalize all Objects in the Bundle, using the CybOX normalize module.""" all_objects = self.get_all_objects(include_actions=True) for object in all_objects: if object.properties: normalize_object_properties(object.properties)