def testProcess(self):
"""Tests the Process function."""
key_path = (
'HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\'
'Default')
time_string = '2012-08-28 09:23:49.002031'
registry_key = self._CreateTestKey(key_path, time_string)
plugin = terminal_server.TerminalServerClientMRUPlugin()
storage_writer = self._ParseKeyWithPlugin(registry_key, plugin)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 1)
events = list(storage_writer.GetEvents())
event = events[0]
self.CheckTimestamp(event.timestamp, '2012-08-28 09:23:49.002031')
event_data = self._GetEventDataOfEvent(storage_writer, event)
# This should just be the plugin name, as we're invoking it directly,
# and not through the parser.
self.assertEqual(event_data.parser, plugin.plugin_name)
self.assertEqual(event_data.data_type, 'windows:registry:mstsc:mru')
expected_message = (
'[{0:s}] '
'MRU0: 192.168.16.60 '
'MRU1: computer.domain.com').format(key_path)
expected_short_message = '{0:s}...'.format(expected_message[:77])
self._TestGetMessageStrings(
event_data, expected_message, expected_short_message)
def testProcess(self):
"""Tests the Process function."""
key_path = (
u'HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\'
u'Default')
time_string = u'2012-08-28 09:23:49.002031'
registry_key = self._CreateTestKey(key_path, time_string)
plugin = terminal_server.TerminalServerClientMRUPlugin()
storage_writer = self._ParseKeyWithPlugin(registry_key, plugin)
self.assertEqual(storage_writer.number_of_events, 1)
events = list(storage_writer.GetEvents())
event = events[0]
# This should just be the plugin name, as we're invoking it directly,
# and not through the parser.
self.assertEqual(event.parser, plugin.plugin_name)
expected_timestamp = timelib.Timestamp.CopyFromString(time_string)
self.assertEqual(event.timestamp, expected_timestamp)
expected_message = (u'[{0:s}] '
u'MRU0: 192.168.16.60 '
u'MRU1: computer.domain.com').format(key_path)
expected_short_message = u'{0:s}...'.format(expected_message[:77])
self._TestGetMessageStrings(event, expected_message,
expected_short_message)
def testProcess(self):
"""Tests the Process function."""
key_path = (
'HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\'
'Default')
registry_key = self._CreateTestKey(key_path, '2012-08-28 09:23:49.002031')
plugin = terminal_server.TerminalServerClientMRUPlugin()
storage_writer = self._ParseKeyWithPlugin(registry_key, plugin)
self.assertEqual(storage_writer.number_of_events, 1)
self.assertEqual(storage_writer.number_of_extraction_warnings, 0)
self.assertEqual(storage_writer.number_of_recovery_warnings, 0)
events = list(storage_writer.GetEvents())
expected_entries = (
'MRU0: 192.168.16.60 '
'MRU1: computer.domain.com')
expected_event_values = {
'date_time': '2012-08-28 09:23:49.0020310',
'data_type': 'windows:registry:mstsc:mru',
'entries': expected_entries,
'key_path': key_path,
# This should just be the plugin name, as we're invoking it directly,
# and not through the parser.
'parser': plugin.NAME}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
def setUp(self):
"""Makes preparations before running an individual test."""
self._plugin = terminal_server.TerminalServerClientMRUPlugin()
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._plugin = terminal_server.TerminalServerClientMRUPlugin()