def _ConfigureSingleFileTest(self, knowledge_base_values=None):
"""Configure a single file test.
Args:
knowledge_base_values (Optional[dict[str, object]): knowledge base
values.
Returns:
PregTool: preg tool.
"""
registry_file_path = self._GetTestFilePath(['SYSTEM'])
path_spec = path_spec_factory.Factory.NewPathSpec(
dfvfs_definitions.TYPE_INDICATOR_OS, location=registry_file_path)
knowledge_base_object = knowledge_base.KnowledgeBase()
if knowledge_base_values:
for identifier, value in iter(knowledge_base_values.items()):
knowledge_base_object.SetValue(identifier, value)
test_tool = preg_tool.PregTool()
test_tool._single_file = True
test_tool._source_path = registry_file_path
test_tool._source_path_specs = [path_spec]
test_tool.knowledge_base_object = knowledge_base_object
return test_tool
def setUp(self): """Sets up the needed objects used throughout the test.""" self._output_writer = test_lib.TestOutputWriter(encoding='utf-8') self._test_tool = preg_tool.PregTool(output_writer=self._output_writer) self._test_console = preg.PregConsole(self._test_tool) file_entry = self._GetTestFileEntry(['NTUSER.DAT']) self._file_path = self._GetTestFilePath(['NTUSER.DAT']) self._registry_helper = helper.PregRegistryHelper(file_entry, 'OS')
def testPrintHeader(self):
"""Tests the PrintHeader function."""
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = preg_tool.PregTool(output_writer=output_writer)
test_tool.PrintHeader('Text')
string = output_writer.ReadOutput()
expected_string = (b'\n'
b'************************************* '
b'Text '
b'*************************************\n')
self.assertEqual(string, expected_string)
test_tool.PrintHeader('Another Text', character='x')
string = output_writer.ReadOutput()
expected_string = (b'\n'
b'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx '
b'Another Text '
b'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n')
self.assertEqual(string, expected_string)
# TODO: determine if this is the desired behavior.
test_tool.PrintHeader('')
string = output_writer.ReadOutput()
expected_string = (b'\n'
b'*************************************** '
b' '
b'***************************************\n')
self.assertEqual(string, expected_string)
# TODO: determine if this is the desired behavior.
test_tool.PrintHeader(None)
string = output_writer.ReadOutput()
expected_string = (b'\n'
b'************************************* '
b'None '
b'*************************************\n')
self.assertEqual(string, expected_string)
# TODO: determine if this is the desired behavior.
expected_string = (
'\n '
'In computer programming, a string is traditionally a sequence '
'of characters, either as a literal constant or as some kind of '
'variable. \n')
test_tool.PrintHeader(expected_string[2:-2])
string = output_writer.ReadOutput()
self.assertEqual(string, expected_string)
def testParseOptions(self):
"""Tests the ParseOptions function."""
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = preg_tool.PregTool(output_writer=output_writer)
options = test_lib.TestOptions()
options.foo = 'bar'
with self.assertRaises(errors.BadConfigOption):
test_tool.ParseOptions(options)
options = test_lib.TestOptions()
options.registry_file = 'this_path_does_not_exist'
with self.assertRaises(errors.BadConfigOption):
test_tool.ParseOptions(options)
def setUp(self):
"""Sets up the needed objects used throughout the test."""
self._output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = preg_tool.PregTool(output_writer=self._output_writer)
self._test_console = preg.PregConsole(test_tool)
self._magic_obj = preg.PregMagics(None)
self._magic_obj.console = self._test_console
self._magic_obj.output_writer = self._output_writer
registry_file_entry = self._GetTestFileEntry(['NTUSER.DAT'])
self._registry_helper = helper.PregRegistryHelper(
registry_file_entry, 'OS')
self._test_console.AddRegistryHelper(self._registry_helper)
self._test_console.LoadRegistryFile(0)
setattr(self._test_console, '_output_writer', self._output_writer)
def testListPluginInformation(self):
"""Tests the ListPluginInformation function."""
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = preg_tool.PregTool(output_writer=output_writer)
options = test_lib.TestOptions()
options.show_info = True
test_tool.ParseOptions(options)
test_tool.ListPluginInformation()
output = output_writer.ReadOutput()
# TODO: refactor to more accurate way to test this.
self.assertIn(b'* Supported Plugins *', output)
self.assertIn(b'userassist : Parser for User Assist Registry data',
output)
def testRunModeRegistryFile(self):
"""Tests the RunModeRegistryFile function."""
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = preg_tool.PregTool(output_writer=output_writer)
options = test_lib.TestOptions()
options.registry_file = self._GetTestFilePath(['SOFTWARE'])
test_tool.ParseOptions(options)
test_tool.RunModeRegistryFile()
output = output_writer.ReadOutput()
plugins, registry_keys = self._ExtractPluginsAndKey(output)
# Define the minimum set of plugins that need to be in the output.
# This information is gathered from the actual tool output, which
# for aesthetics reasons surrounds the text with **. The above processing
# then cuts of the first half of that, but leaves the second ** intact.
expected_plugins = set([
b'msie_zone', b'windows_run', b'windows_task_cache',
b'windows_version'
])
self.assertTrue(expected_plugins.issubset(plugins))
self.assertIn((b'HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\'
b'CurrentVersion\\Schedule\\TaskCache'), registry_keys)
self.assertIn((b'HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\'
b'CurrentVersion\\Run'), registry_keys)
self.assertIn((b'HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\'
b'CurrentVersion\\Internet Settings\\Lockdown_Zones'),
registry_keys)
# The output should grow with each newly added plugin, and it might be
# reduced with changes to the codebase, yet there should be at least 1.400
# lines in the output.
line_count = 0
for _ in output:
line_count += 1
self.assertGreater(line_count, 1400)
def testRunModeRegistryPlugin(self):
"""Tests the RunModeRegistryPlugin function."""
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = preg_tool.PregTool(output_writer=output_writer)
options = test_lib.TestOptions()
options.registry_file = self._GetTestFilePath(['NTUSER.DAT'])
options.plugin_names = 'userassist'
options.verbose = False
test_tool.ParseOptions(options)
test_tool.RunModeRegistryPlugin()
output = output_writer.ReadOutput()
# TODO: refactor to more accurate way to test this.
expected_string = (
b'UEME_RUNPATH:C:\\Program Files\\Internet Explorer\\iexplore.exe')
self.assertIn(expected_string, output)
def testRunModeRegistryKey(self):
"""Tests the RunModeRegistryKey function."""
output_writer = test_lib.TestOutputWriter(encoding='utf-8')
test_tool = preg_tool.PregTool(output_writer=output_writer)
options = test_lib.TestOptions()
options.key = (
'HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion'
)
options.parser_names = ''
options.registry_file = self._GetTestFilePath(['SOFTWARE'])
options.verbose = False
test_tool.ParseOptions(options)
test_tool.RunModeRegistryKey()
output = output_writer.ReadOutput()
# TODO: refactor to more accurate way to test this.
self.assertIn(b'Product name : Windows 7 Ultimate', output)
def _ConfigureStorageMediaFileTest(self):
"""Configures a test against a storage media file.
Returns:
PregTool: preg tool.
"""
storage_media_path = self._GetTestFilePath(['registry_test.dd'])
test_source_scanner = source_scanner.SourceScanner()
scan_context = source_scanner.SourceScannerContext()
scan_context.OpenSourcePath(storage_media_path)
test_source_scanner.Scan(scan_context)
# Getting the most upper node.
scan_node = scan_context.GetRootScanNode()
while scan_node.sub_nodes:
scan_node = scan_node.sub_nodes[0]
test_tool = preg_tool.PregTool()
test_tool._single_file = False
test_tool._source_path = storage_media_path
test_tool._source_path_specs = [scan_node.path_spec]
test_tool.knowledge_base_object = knowledge_base.KnowledgeBase()
return test_tool
def Main():
"""Run the tool.
Returns:
bool: True if successful, False otherwise.
"""
tool = preg_tool.PregTool()
if not tool.ParseArguments():
return False
if tool.run_mode == tool.RUN_MODE_LIST_PLUGINS:
tool.ListPluginInformation()
elif tool.run_mode == tool.RUN_MODE_REG_KEY:
tool.RunModeRegistryKey()
elif tool.run_mode == tool.RUN_MODE_REG_PLUGIN:
tool.RunModeRegistryPlugin()
elif tool.run_mode == tool.RUN_MODE_REG_FILE:
tool.RunModeRegistryFile()
elif tool.run_mode == tool.RUN_MODE_CONSOLE:
preg_console = PregConsole(tool)
preg_console.Run()
return True