def testProcess(self):
"""Tests the Process function on created key."""
key_path = u'HKEY_CURRENT_USER\\Network'
time_string = u'2013-01-30 10:47:57'
registry_key = self._CreateTestKey(key_path, time_string)
plugin_object = network_drives.NetworkDrivesPlugin()
storage_writer = self._ParseKeyWithPlugin(registry_key, plugin_object)
self.assertEqual(len(storage_writer.events), 2)
events = self._GetSortedEvents(storage_writer.events)
event_object = events[0]
expected_timestamp = timelib.Timestamp.CopyFromString(time_string)
self.assertEqual(event_object.timestamp, expected_timestamp)
expected_message = (u'[{0:s}] '
u'DriveLetter: H '
u'RemoteServer: acme.local '
u'ShareName: \\Shares\\User_Data\\John.Doe '
u'Type: Mapped Drive').format(key_path)
expected_short_message = u'{0:s}...'.format(expected_message[0:77])
self._TestGetMessageStrings(event_object, expected_message,
expected_short_message)
def testFilters(self):
"""Tests the FILTERS class attribute."""
plugin = network_drives.NetworkDrivesPlugin()
self._AssertFiltersOnKeyPath(plugin, 'HKEY_CURRENT_USER\\Network')
self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus')
def testProcess(self):
"""Tests the Process function on created key."""
key_path = 'HKEY_CURRENT_USER\\Network'
time_string = '2013-01-30 10:47:57'
registry_key = self._CreateTestKey(key_path, time_string)
plugin = network_drives.NetworkDrivesPlugin()
storage_writer = self._ParseKeyWithPlugin(registry_key, plugin)
self.assertEqual(storage_writer.number_of_warnings, 0)
self.assertEqual(storage_writer.number_of_events, 2)
events = list(storage_writer.GetSortedEvents())
event = events[0]
self.CheckTimestamp(event.timestamp, '2013-01-30 10:47:57.000000')
event_data = self._GetEventDataOfEvent(storage_writer, event)
self.assertEqual(event_data.data_type, 'windows:registry:network_drive')
expected_message = (
'[{0:s}] '
'DriveLetter: H '
'RemoteServer: acme.local '
'ShareName: \\Shares\\User_Data\\John.Doe '
'Type: Mapped Drive').format(key_path)
expected_short_message = '{0:s}...'.format(expected_message[:77])
self._TestGetMessageStrings(
event_data, expected_message, expected_short_message)
def testProcess(self):
"""Tests the Process function on created key."""
key_path = 'HKEY_CURRENT_USER\\Network'
registry_key = self._CreateTestKey(key_path, '2013-01-30 10:47:57')
plugin = network_drives.NetworkDrivesPlugin()
storage_writer = self._ParseKeyWithPlugin(registry_key, plugin)
number_of_events = storage_writer.GetNumberOfAttributeContainers(
'event')
self.assertEqual(number_of_events, 2)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'extraction_warning')
self.assertEqual(number_of_warnings, 0)
number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
'recovery_warning')
self.assertEqual(number_of_warnings, 0)
events = list(storage_writer.GetSortedEvents())
expected_event_values = {
'date_time': '2013-01-30 10:47:57.0000000',
'data_type': 'windows:registry:network_drive',
'drive_letter': 'H',
'key_path': key_path,
'server_name': 'acme.local',
'share_name': '\\Shares\\User_Data\\John.Doe'
}
self.CheckEventValues(storage_writer, events[0], expected_event_values)
