def testProcess(self): """Tests the Process function.""" test_file_entry = self._GetTestFileEntry(['SYSTEM']) key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\Windows' win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) registry_key = win_registry.GetKeyByPath(key_path) plugin = shutdown.ShutdownWindowsRegistryPlugin() storage_writer = self._ParseKeyWithPlugin( registry_key, plugin, file_entry=test_file_entry) self.assertEqual(storage_writer.number_of_events, 2) self.assertEqual(storage_writer.number_of_extraction_warnings, 0) self.assertEqual(storage_writer.number_of_recovery_warnings, 0) events = list(storage_writer.GetEvents()) expected_event_values = { 'date_time': '2012-04-04 01:58:40.8392499', 'data_type': 'windows:registry:shutdown', 'key_path': key_path, # This should just be the plugin name, as we're invoking it directly, # and not through the parser. 'parser': plugin.NAME, 'timestamp_desc': definitions.TIME_DESCRIPTION_LAST_SHUTDOWN, 'value_name': 'ShutdownTime'} self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testFilters(self): """Tests the FILTERS class attribute.""" plugin = shutdown.ShutdownWindowsRegistryPlugin() key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\Windows' self._AssertFiltersOnKeyPath(plugin, key_path) self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus')
def testProcess(self): """Tests the Process function.""" test_file_entry = self._GetTestFileEntry(['SYSTEM']) key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\Windows' win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) registry_key = win_registry.GetKeyByPath(key_path) plugin = shutdown.ShutdownWindowsRegistryPlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin, file_entry=test_file_entry) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 1) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2012-04-04 01:58:40.839250') self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_SHUTDOWN) event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.pathspec, test_file_entry.path_spec) # This should just be the plugin name, as we're invoking it directly, # and not through the parser. self.assertEqual(event_data.parser, plugin.plugin_name) self.assertEqual(event_data.value_name, 'ShutdownTime') expected_message = ('[{0:s}] ' 'Description: ShutdownTime').format(key_path) expected_short_message = 'ShutdownTime' self._TestGetMessageStrings(event_data, expected_message, expected_short_message)