def testGetValue(self):
"""Tests the GetValue function."""
knowledge_base_object = knowledge_base.KnowledgeBase()
plugin = windows.WindowsSystemRegistryPath()
plugin.Run(self._searcher, knowledge_base_object)
path = knowledge_base_object.GetValue('sysregistry')
self.assertEqual(path, u'/Windows/System32/config')
def testGetValue(self):
"""Tests the GetValue function."""
pre_obj = event.PreprocessObject()
plugin = windows.WindowsSystemRegistryPath(pre_obj)
plugin.Run(self._searcher)
path = getattr(pre_obj, 'sysregistry', None)
self.assertEquals(path, u'/Windows/System32/config')
def testGetValue(self):
"""Tests the GetValue function."""
knowledge_base_object = knowledge_base.KnowledgeBase()
# The plug-in needs to expand {sysregistry} so we need to run
# the WindowsSystemRegistryPath plug-in first.
plugin = windows.WindowsSystemRegistryPath()
plugin.Run(self._searcher, knowledge_base_object)
plugin = windows.WindowsHostname()
plugin.Run(self._searcher, knowledge_base_object)
self.assertEqual(knowledge_base_object.hostname, u'WKS-WIN732BITA')
def testGetValue(self):
"""Tests the GetValue function."""
knowledge_base_object = knowledge_base.KnowledgeBase()
# The plug-in needs to expand {sysregistry} so we need to run
# the WindowsSystemRegistryPath plug-in first.
plugin = windows.WindowsSystemRegistryPath()
plugin.Run(self._searcher, knowledge_base_object)
plugin = windows.WindowsCodepage()
plugin.Run(self._searcher, knowledge_base_object)
self.assertEquals(knowledge_base_object.codepage, u'cp1252')
def testGetValue(self):
"""Tests the GetValue function."""
knowledge_base_object = knowledge_base.KnowledgeBase()
# The plug-in needs to expand {sysregistry} so we need to run
# the WindowsSystemRegistryPath plug-in first.
plugin = windows.WindowsSystemRegistryPath()
plugin.Run(self._searcher, knowledge_base_object)
plugin = windows.WindowsProgramFilesPath()
plugin.Run(self._searcher, knowledge_base_object)
path = knowledge_base_object.GetValue('programfiles')
self.assertEqual(path, u'Program Files')
def testGetValue(self):
"""Tests the GetValue function."""
knowledge_base_object = knowledge_base.KnowledgeBase()
# The plug-in needs to expand {sysregistry} so we need to run
# the WindowsSystemRegistryPath plug-in first.
plugin = windows.WindowsSystemRegistryPath()
plugin.Run(self._searcher, knowledge_base_object)
plugin = windows.WindowsVersion()
plugin.Run(self._searcher, knowledge_base_object)
osversion = knowledge_base_object.GetValue('osversion')
self.assertEqual(osversion, u'Windows 7 Ultimate')
def testGetValue(self):
"""Tests the GetValue function."""
knowledge_base_object = knowledge_base.KnowledgeBase()
# The plug-in needs to expand {sysregistry} so we need to run
# the WindowsSystemRegistryPath plug-in first.
plugin = windows.WindowsSystemRegistryPath()
plugin.Run(self._searcher, knowledge_base_object)
plugin = windows.WindowsTimeZone()
plugin.Run(self._searcher, knowledge_base_object)
time_zone_str = knowledge_base_object.GetValue('time_zone_str')
self.assertEqual(time_zone_str, u'EST5EDT')
def testGetValue(self):
"""Tests the GetValue function."""
pre_obj = event.PreprocessObject()
# The plug-in needs to expand {sysregistry} so we need to run
# the WindowsSystemRegistryPath plug-in first.
plugin = windows.WindowsSystemRegistryPath(pre_obj)
plugin.Run(self._searcher)
plugin = windows.WindowsHostname(pre_obj)
plugin.Run(self._searcher)
hostname = getattr(pre_obj, 'hostname', None)
self.assertEquals(hostname, u'WKS-WIN732BITA')
def testGetValue(self):
"""Tests the GetValue function."""
pre_obj = event.PreprocessObject()
# The plug-in needs to expand {sysregistry} so we need to run
# the WindowsSystemRegistryPath plug-in first.
plugin = windows.WindowsSystemRegistryPath(pre_obj)
plugin.Run(self._searcher)
plugin = windows.WindowsCodepage(pre_obj)
plugin.Run(self._searcher)
codepage = getattr(pre_obj, 'code_page', None)
self.assertEquals(codepage, u'cp1252')
def testGetValue(self):
"""Tests the GetValue function."""
pre_obj = event.PreprocessObject()
# The plug-in needs to expand {sysregistry} so we need to run
# the WindowsSystemRegistryPath plug-in first.
plugin = windows.WindowsSystemRegistryPath(pre_obj)
plugin.Run(self._searcher)
plugin = windows.WindowsVersion(pre_obj)
plugin.Run(self._searcher)
version = getattr(pre_obj, 'osversion', None)
self.assertEquals(version, u'Windows 7 Ultimate')
def testGetValue(self):
"""Tests the GetValue function."""
pre_obj = event.PreprocessObject()
# The plug-in needs to expand {sysregistry} so we need to run
# the WindowsSystemRegistryPath plug-in first.
plugin = windows.WindowsSystemRegistryPath(pre_obj)
plugin.Run(self._searcher)
plugin = windows.WindowsTimeZone(pre_obj)
plugin.Run(self._searcher)
timezone = getattr(pre_obj, 'time_zone_str', None)
self.assertEquals(timezone, u'EST5EDT')
def testGetValue(self):
"""Tests the GetValue function."""
pre_obj = event.PreprocessObject()
# The plug-in needs to expand {sysregistry} so we need to run
# the WindowsSystemRegistryPath plug-in first.
plugin = windows.WindowsSystemRegistryPath(pre_obj)
plugin.Run(self._searcher)
plugin = windows.WindowsProgramFilesPath(pre_obj)
plugin.Run(self._searcher)
path = getattr(pre_obj, 'programfiles', None)
self.assertEquals(path, u'Program Files')
def testGetValue(self):
"""Tests the GetValue function."""
pre_obj = event.PreprocessObject()
# The plug-in needs to expand {sysregistry} so we need to run
# the WindowsSystemRegistryPath plug-in first.
plugin = windows.WindowsSystemRegistryPath(pre_obj)
plugin.Run(self._searcher)
plugin = windows.WindowsProgramFilesX86Path(pre_obj)
plugin.Run(self._searcher)
path = getattr(pre_obj, 'programfilesx86', None)
# The test SOFTWARE Registry file does not contain a value for
# the Program Files X86 path.
self.assertEquals(path, None)
def testGetValue(self):
"""Tests the GetValue function."""
knowledge_base_object = knowledge_base.KnowledgeBase()
# The plug-in needs to expand {sysregistry} so we need to run
# the WindowsSystemRegistryPath plug-in first.
plugin = windows.WindowsSystemRegistryPath()
plugin.Run(self._searcher, knowledge_base_object)
plugin = windows.WindowsProgramFilesX86Path()
plugin.Run(self._searcher, knowledge_base_object)
path = knowledge_base_object.GetValue('programfilesx86')
# The test SOFTWARE Registry file does not contain a value for
# the Program Files X86 path.
self.assertEqual(path, None)
def testGetValue(self):
"""Tests the GetValue function."""
knowledge_base_object = knowledge_base.KnowledgeBase()
# The plug-in needs to expand {sysregistry} so we need to run
# the WindowsSystemRegistryPath plug-in first.
plugin = windows.WindowsSystemRegistryPath()
plugin.Run(self._searcher, knowledge_base_object)
plugin = windows.WindowsUsers()
plugin.Run(self._searcher, knowledge_base_object)
users = knowledge_base_object.GetValue('users')
self.assertEqual(len(users), 11)
expected_sid = u'S-1-5-21-2036804247-3058324640-2116585241-1114'
self.assertEqual(users[9].get('sid', None), expected_sid)
self.assertEqual(users[9].get('name', None), u'rsydow')
self.assertEqual(users[9].get('path', None), u'C:\\Users\\rsydow')
def testGetValue(self):
"""Tests the GetValue function."""
pre_obj = event.PreprocessObject()
# The plug-in needs to expand {sysregistry} so we need to run
# the WindowsSystemRegistryPath plug-in first.
plugin = windows.WindowsSystemRegistryPath(pre_obj)
plugin.Run(self._searcher)
plugin = windows.WindowsUsers(pre_obj)
plugin.Run(self._searcher)
users = getattr(pre_obj, 'users', None)
self.assertEquals(len(users), 11)
expected_sid = u'S-1-5-21-2036804247-3058324640-2116585241-1114'
self.assertEquals(users[9].get('sid', None), expected_sid)
self.assertEquals(users[9].get('name', None), u'rsydow')
self.assertEquals(users[9].get('path', None), u'C:\\Users\\rsydow')
