コード例 #1
0
    def testProcess(self):
        """Tests the Process function."""
        test_file_entry = self._GetTestFileEntry(['NTUSER-WIN7.DAT'])
        key_path = (
            'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\'
            'Explorer\\ComDlg32\\OpenSavePidlMRU')

        win_registry = self._GetWinRegistryFromFileEntry(test_file_entry)
        registry_key = win_registry.GetKeyByPath(key_path)

        plugin = mrulistex.MRUListExShellItemListPlugin()
        storage_writer = self._ParseKeyWithPlugin(registry_key,
                                                  plugin,
                                                  file_entry=test_file_entry)

        self.assertEqual(storage_writer.number_of_events, 65)

        events = list(storage_writer.GetEvents())

        # A MRUListEx event.
        event = events[40]

        self.assertEqual(event.pathspec, test_file_entry.path_spec)
        # This should just be the plugin name, as we're invoking it directly,
        # and not through the parser.
        self.assertEqual(event.parser, plugin.plugin_name)

        self.CheckTimestamp(event.timestamp, '2011-08-28 22:48:28.159308')

        expected_message = (
            '[{0:s}\\exe] '
            'Index: 1 [MRU Value 1]: Shell item path: <My Computer> '
            'P:\\Application Tools\\Firefox 6.0\\Firefox Setup 6.0.exe '
            'Index: 2 [MRU Value 0]: Shell item path: <Computers and Devices> '
            '<UNKNOWN: 0x00>\\\\controller\\WebDavShare\\Firefox Setup 3.6.12.exe'
            '').format(key_path)
        expected_short_message = '{0:s}...'.format(expected_message[:77])

        self._TestGetMessageStrings(event, expected_message,
                                    expected_short_message)

        # A shell item event.
        event = events[0]

        self.CheckTimestamp(event.timestamp, '2012-03-08 22:16:02.000000')

        expected_message = (
            'Name: ALLOYR~1 '
            'Long name: Alloy Research '
            'NTFS file reference: 44518-33 '
            'Shell item path: <Shared Documents Folder (Users Files)> '
            '<UNKNOWN: 0x00>\\Alloy Research '
            'Origin: {0:s}\\*').format(key_path)
        expected_short_message = ('Name: Alloy Research '
                                  'NTFS file reference: 44518-33 '
                                  'Origin: HKEY_CURRENT_USER\\...')

        self._TestGetMessageStrings(event, expected_message,
                                    expected_short_message)
コード例 #2
0
  def testFilters(self):
    """Tests the FILTERS class attribute."""
    plugin = mrulistex.MRUListExShellItemListPlugin()

    key_path = (
        'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\'
        'Explorer\\ComDlg32\\OpenSavePidlMRU')
    self._AssertFiltersOnKeyPath(plugin, key_path)

    key_path = (
        'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\'
        'Explorer\\StreamMRU')
    self._AssertFiltersOnKeyPath(plugin, key_path)

    self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus')
コード例 #3
0
 def setUp(self):
     """Sets up the needed objects used throughout the test."""
     self._plugin = mrulistex.MRUListExShellItemListPlugin()
コード例 #4
0
ファイル: mrulistex.py プロジェクト: bethlogic/plaso 
 def setUp(self):
     """Makes preparations before running an individual test."""
     self._plugin = mrulistex.MRUListExShellItemListPlugin()