Exemplos de TypedURLsPlugin em Python

Exemplo n.º 1

    def testProcess(self):
        """Tests the Process function."""
        test_file_entry = self._GetTestFileEntry(['NTUSER-WIN7.DAT'])
        key_path = (
            'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\'
            'Explorer\\TypedPaths')

        win_registry = self._GetWinRegistryFromFileEntry(test_file_entry)
        registry_key = win_registry.GetKeyByPath(key_path)

        plugin = typedurls.TypedURLsPlugin()
        storage_writer = self._ParseKeyWithPlugin(registry_key,
                                                  plugin,
                                                  file_entry=test_file_entry)

        self.assertEqual(storage_writer.number_of_warnings, 0)
        self.assertEqual(storage_writer.number_of_events, 1)

        events = list(storage_writer.GetEvents())

        event = events[0]

        self.CheckTimestamp(event.timestamp, '2010-11-10 07:58:15.811625')

        event_data = self._GetEventDataOfEvent(storage_writer, event)

        # This should just be the plugin name, as we're invoking it directly,
        # and not through the parser.
        self.assertEqual(event_data.parser, plugin.plugin_name)
        self.assertEqual(event_data.data_type, 'windows:registry:typedurls')

        expected_message = ('[{0:s}] ' 'url1: \\\\controller').format(key_path)
        expected_short_message = '{0:s}...'.format(expected_message[:77])
        self._TestGetMessageStrings(event_data, expected_message,
                                    expected_short_message)

Exemplo n.º 2

    def testProcess(self):
        """Tests the Process function."""
        test_file_entry = self._GetTestFileEntry(['NTUSER-WIN7.DAT'])
        key_path = (
            'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\'
            'Explorer\\TypedPaths')

        win_registry = self._GetWinRegistryFromFileEntry(test_file_entry)
        registry_key = win_registry.GetKeyByPath(key_path)

        plugin = typedurls.TypedURLsPlugin()
        storage_writer = self._ParseKeyWithPlugin(registry_key,
                                                  plugin,
                                                  file_entry=test_file_entry)

        self.assertEqual(storage_writer.number_of_warnings, 0)
        self.assertEqual(storage_writer.number_of_events, 1)

        events = list(storage_writer.GetEvents())

        expected_entries = ('url1: \\\\controller')

        expected_event_values = {
            'data_type': 'windows:registry:typedurls',
            'entries': expected_entries,
            'key_path': key_path,
            # This should just be the plugin name, as we're invoking it directly,
            # and not through the parser.
            'parser': plugin.plugin_name,
            'timestamp': '2010-11-10 07:58:15.811625'
        }

        self.CheckEventValues(storage_writer, events[0], expected_event_values)

Exemplo n.º 3

Arquivo: typedurls.py Projeto: cshanahan/plaso

    def testProcess(self):
        """Tests the Process function."""
        test_file_entry = self._GetTestFileEntry(['NTUSER-WIN7.DAT'])
        key_path = (
            'HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\'
            'TypedURLs')

        win_registry = self._GetWinRegistryFromFileEntry(test_file_entry)
        registry_key = win_registry.GetKeyByPath(key_path)

        plugin = typedurls.TypedURLsPlugin()
        storage_writer = self._ParseKeyWithPlugin(registry_key,
                                                  plugin,
                                                  file_entry=test_file_entry)

        number_of_events = storage_writer.GetNumberOfAttributeContainers(
            'event')
        self.assertEqual(number_of_events, 1)

        number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
            'extraction_warning')
        self.assertEqual(number_of_warnings, 0)

        number_of_warnings = storage_writer.GetNumberOfAttributeContainers(
            'recovery_warning')
        self.assertEqual(number_of_warnings, 0)

        events = list(storage_writer.GetEvents())

        expected_entries = (
            'url1: http://cnn.com/ '
            'url2: http://twitter.com/ '
            'url3: http://linkedin.com/ '
            'url4: http://tweetdeck.com/ '
            'url5: mozilla '
            'url6: http://google.com/ '
            'url7: http://controller.shieldbase.local/certsrv/ '
            'url8: http://controller.shieldbase.local/ '
            'url9: http://www.stark-research-labs.com/ '
            'url10: http://www.adobe.com/ '
            'url11: http://www.google.com/ '
            'url12: http://www.firefox.com/ '
            'url13: http://go.microsoft.com/fwlink/?LinkId=69157')

        expected_event_values = {
            'date_time': '2012-03-12 21:23:53.3077499',
            'data_type': 'windows:registry:typedurls',
            'entries': expected_entries,
            'key_path': key_path,
            # This should just be the plugin name, as we're invoking it directly,
            # and not through the parser.
            'parser': plugin.NAME
        }

        self.CheckEventValues(storage_writer, events[0], expected_event_values)

Exemplo n.º 4

    def testProcess(self):
        """Tests the Process function."""
        test_file_entry = self._GetTestFileEntry(['NTUSER-WIN7.DAT'])
        key_path = (
            'HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\'
            'TypedURLs')

        win_registry = self._GetWinRegistryFromFileEntry(test_file_entry)
        registry_key = win_registry.GetKeyByPath(key_path)

        plugin = typedurls.TypedURLsPlugin()
        storage_writer = self._ParseKeyWithPlugin(registry_key,
                                                  plugin,
                                                  file_entry=test_file_entry)

        self.assertEqual(storage_writer.number_of_events, 1)

        events = list(storage_writer.GetEvents())

        event = events[0]

        self.assertEqual(event.pathspec, test_file_entry.path_spec)
        # This should just be the plugin name, as we're invoking it directly,
        # and not through the parser.
        self.assertEqual(event.parser, plugin.plugin_name)

        expected_timestamp = timelib.Timestamp.CopyFromString(
            '2012-03-12 21:23:53.307749')
        self.assertEqual(event.timestamp, expected_timestamp)

        regvalue_identifier = 'url1'
        expected_value = 'http://cnn.com/'
        self._TestRegvalue(event, regvalue_identifier, expected_value)

        expected_message = (
            '[{0:s}] '
            'url1: http://cnn.com/ '
            'url10: http://www.adobe.com/ '
            'url11: http://www.google.com/ '
            'url12: http://www.firefox.com/ '
            'url13: http://go.microsoft.com/fwlink/?LinkId=69157 '
            'url2: http://twitter.com/ '
            'url3: http://linkedin.com/ '
            'url4: http://tweetdeck.com/ '
            'url5: mozilla '
            'url6: http://google.com/ '
            'url7: http://controller.shieldbase.local/certsrv/ '
            'url8: http://controller.shieldbase.local/ '
            'url9: http://www.stark-research-labs.com/').format(key_path)
        expected_short_message = '{0:s}...'.format(expected_message[:77])

        self._TestGetMessageStrings(event, expected_message,
                                    expected_short_message)

Exemplo n.º 5

Arquivo: typedurls.py Projeto: x35029/plaso

    def testFilters(self):
        """Tests the FILTERS class attribute."""
        plugin = typedurls.TypedURLsPlugin()

        key_path = (
            'HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\'
            'TypedURLs')
        self._AssertFiltersOnKeyPath(plugin, key_path)

        key_path = (
            'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\'
            'Explorer\\TypedPaths')
        self._AssertFiltersOnKeyPath(plugin, key_path)

        self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus')

Exemplo n.º 6

    def testProcess(self):
        """Tests the Process function."""
        test_file_entry = self._GetTestFileEntry(['NTUSER-WIN7.DAT'])
        key_path = (
            'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\'
            'Explorer\\TypedPaths')

        win_registry = self._GetWinRegistryFromFileEntry(test_file_entry)
        registry_key = win_registry.GetKeyByPath(key_path)

        plugin = typedurls.TypedURLsPlugin()
        storage_writer = self._ParseKeyWithPlugin(registry_key,
                                                  plugin,
                                                  file_entry=test_file_entry)

        self.assertEqual(storage_writer.number_of_events, 1)

        events = list(storage_writer.GetEvents())

        event = events[0]

        self.assertEqual(event.pathspec, test_file_entry.path_spec)
        # This should just be the plugin name, as we're invoking it directly,
        # and not through the parser.
        self.assertEqual(event.parser, plugin.plugin_name)

        expected_timestamp = timelib.Timestamp.CopyFromString(
            '2010-11-10 07:58:15.811625')
        self.assertEqual(event.timestamp, expected_timestamp)

        regvalue_identifier = 'url1'
        expected_value = '\\\\controller'
        self._TestRegvalue(event, regvalue_identifier, expected_value)

        expected_message = '[{0:s}] {1:s}: {2:s}'.format(
            key_path, regvalue_identifier, expected_value)
        expected_short_message = '{0:s}...'.format(expected_message[:77])
        self._TestGetMessageStrings(event, expected_message,
                                    expected_short_message)

Exemplo n.º 7

 def setUp(self):
     """Sets up the needed objects used throughout the test."""
     self._plugin = typedurls.TypedURLsPlugin()

Exemplo n.º 8

Arquivo: typedurls.py Projeto: vonnopsled/plaso

 def setUp(self):
     """Makes preparations before running an individual test."""
     self._plugin = typedurls.TypedURLsPlugin()