def testProcess(self): """Tests the Process function.""" key_path = ( 'HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\' 'Servers') registry_key = self._CreateTestKey(key_path, '2012-08-28 09:23:49.002031') plugin = terminal_server.TerminalServerClientPlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin) self.assertEqual(storage_writer.number_of_events, 2) self.assertEqual(storage_writer.number_of_extraction_warnings, 0) self.assertEqual(storage_writer.number_of_recovery_warnings, 0) events = list(storage_writer.GetEvents()) expected_event_values = { 'date_time': '2012-08-28 09:23:49.0020310', 'data_type': 'windows:registry:mstsc:connection', 'key_path': '{0:s}\\myserver.com'.format(key_path), # This should just be the plugin name, as we're invoking it directly, # and not through the parser. 'parser': plugin.NAME, 'username': '******'} self.CheckEventValues(storage_writer, events[0], expected_event_values) expected_event_values = { 'date_time': '2012-08-28 09:23:49.0020310', 'data_type': 'windows:registry:key_value', 'key_path': key_path, 'values': None} self.CheckEventValues(storage_writer, events[1], expected_event_values)
def testFilters(self): """Tests the FILTERS class attribute.""" plugin = terminal_server.TerminalServerClientPlugin() key_path = ( 'HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\' 'Servers') self._AssertFiltersOnKeyPath(plugin, key_path) key_path = ( 'HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\' 'Default\\AddIns\\RDPDR') self._AssertFiltersOnKeyPath(plugin, key_path) self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus')
def testProcess(self): """Tests the Process function.""" key_path = ( 'HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\' 'Servers') time_string = '2012-08-28 09:23:49.002031' registry_key = self._CreateTestKey(key_path, time_string) plugin = terminal_server.TerminalServerClientPlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 2) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2012-08-28 09:23:49.002031') event_data = self._GetEventDataOfEvent(storage_writer, event) # This should just be the plugin name, as we're invoking it directly, # and not through the parser. self.assertEqual(event_data.parser, plugin.plugin_name) self.assertEqual(event_data.data_type, 'windows:registry:mstsc:connection') expected_message = ( '[{0:s}\\myserver.com] ' 'Username hint: DOMAIN\\username').format(key_path) expected_short_message = '{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings( event_data, expected_message, expected_short_message) event = events[1] self.CheckTimestamp(event.timestamp, '2012-08-28 09:23:49.002031') event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.data_type, 'windows:registry:key_value') expected_message = ( '[{0:s}] ' '(empty)').format(key_path) self._TestGetMessageStrings( event_data, expected_message, expected_message)
def testProcess(self): """Tests the Process function.""" key_path = ( u'HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\' u'Servers') time_string = u'2012-08-28 09:23:49.002031' registry_key = self._CreateTestKey(key_path, time_string) plugin = terminal_server.TerminalServerClientPlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin) self.assertEqual(storage_writer.number_of_events, 2) events = list(storage_writer.GetEvents()) event = events[0] # This should just be the plugin name, as we're invoking it directly, # and not through the parser. self.assertEqual(event.parser, plugin.plugin_name) expected_timestamp = timelib.Timestamp.CopyFromString(time_string) self.assertEqual(event.timestamp, expected_timestamp) expected_message = ( u'[{0:s}\\myserver.com] ' u'Username hint: DOMAIN\\username').format(key_path) expected_short_message = u'{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings(event, expected_message, expected_short_message) event = events[1] expected_message = (u'[{0:s}] ' u'myserver.com: DOMAIN\\username').format(key_path) expected_short_message = u'{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings(event, expected_message, expected_short_message)
def setUp(self): """Makes preparations before running an individual test.""" self._plugin = terminal_server.TerminalServerClientPlugin()
def setUp(self): """Sets up the needed objects used throughout the test.""" self._plugin = terminal_server.TerminalServerClientPlugin()