def testProcessFile(self): """Tests the Process function on registry file.""" test_file_entry = self._GetTestFileEntry(['SYSTEM']) key_path = ( 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\' 'TimeZoneInformation') win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) registry_key = win_registry.GetKeyByPath(key_path) plugin = winreg_timezone.WinRegTimezonePlugin() storage_writer = self._ParseKeyWithPlugin( registry_key, plugin, file_entry=test_file_entry) self.assertEqual(storage_writer.number_of_events, 1) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2012-03-11 07:00:00.000642') expected_message = ( '[{0:s}] ' 'ActiveTimeBias: 240 ' 'Bias: 300 ' 'DaylightBias: -60 ' 'DaylightName: @tzres.dll,-111 ' 'DynamicDaylightTimeDisabled: 0 ' 'StandardBias: 0 ' 'StandardName: @tzres.dll,-112 ' 'TimeZoneKeyName: Eastern Standard Time').format(key_path) expected_short_message = '{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings(event, expected_message, expected_short_message)
def testProcessMock(self): """Tests the Process function on created key.""" key_path = ('HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\' 'TimeZoneInformation') time_string = '2013-01-30 10:47:57' registry_key = self._CreateTestKey(key_path, time_string) plugin = winreg_timezone.WinRegTimezonePlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin) self.assertEqual(storage_writer.number_of_events, 1) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2013-01-30 10:47:57.000000') expected_message = ( '[{0:s}] ' 'ActiveTimeBias: -60 ' 'Bias: -60 ' 'DaylightBias: -60 ' 'DaylightName: @tzres.dll,-321 ' 'DynamicDaylightTimeDisabled: 0 ' 'StandardBias: 0 ' 'StandardName: @tzres.dll,-322 ' 'TimeZoneKeyName: W. Europe Standard Time').format(key_path) expected_short_message = '{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings(event, expected_message, expected_short_message)
def testProcessMock(self): """Tests the Process function on created key.""" key_path = (u'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\' u'TimeZoneInformation') time_string = u'2013-01-30 10:47:57' registry_key = self._CreateTestKey(key_path, time_string) plugin_object = winreg_timezone.WinRegTimezonePlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin_object) self.assertEqual(len(storage_writer.events), 1) event_object = storage_writer.events[0] expected_timestamp = timelib.Timestamp.CopyFromString(time_string) self.assertEqual(event_object.timestamp, expected_timestamp) expected_message = ( u'[{0:s}] ' u'ActiveTimeBias: -60 ' u'Bias: -60 ' u'DaylightBias: -60 ' u'DaylightName: @tzres.dll,-321 ' u'DynamicDaylightTimeDisabled: 0 ' u'StandardBias: 0 ' u'StandardName: @tzres.dll,-322 ' u'TimeZoneKeyName: W. Europe Standard Time').format(key_path) expected_short_message = u'{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings(event_object, expected_message, expected_short_message)
def testProcessMock(self): """Tests the Process function on created key.""" key_path = ('HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\' 'TimeZoneInformation') time_string = '2013-01-30 10:47:57' registry_key = self._CreateTestKey(key_path, time_string) plugin = timezone.WinRegTimezonePlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 1) events = list(storage_writer.GetEvents()) expected_configuration = ('ActiveTimeBias: -60 ' 'Bias: -60 ' 'DaylightBias: -60 ' 'DaylightName: @tzres.dll,-321 ' 'DynamicDaylightTimeDisabled: 0 ' 'StandardBias: 0 ' 'StandardName: @tzres.dll,-322 ' 'TimeZoneKeyName: W. Europe Standard Time') expected_event_values = { 'configuration': expected_configuration, 'key_path': key_path, 'data_type': 'windows:registry:timezone', 'timestamp': '2013-01-30 10:47:57.000000' } self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testFilters(self): """Tests the FILTERS class attribute.""" plugin = winreg_timezone.WinRegTimezonePlugin() key_path = ('HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\' 'TimeZoneInformation') self._AssertFiltersOnKeyPath(plugin, key_path) self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus')
def testProcessFile(self): """Tests the Process function on registry file.""" test_file_entry = self._GetTestFileEntry(['SYSTEM']) key_path = ('HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\' 'TimeZoneInformation') win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) registry_key = win_registry.GetKeyByPath(key_path) plugin = timezone.WinRegTimezonePlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin, file_entry=test_file_entry) number_of_events = storage_writer.GetNumberOfAttributeContainers( 'event') self.assertEqual(number_of_events, 1) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'extraction_warning') self.assertEqual(number_of_warnings, 0) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'recovery_warning') self.assertEqual(number_of_warnings, 0) events = list(storage_writer.GetEvents()) expected_configuration = ('ActiveTimeBias: 240 ' 'Bias: 300 ' 'DaylightBias: -60 ' 'DaylightName: @tzres.dll,-111 ' 'DynamicDaylightTimeDisabled: 0 ' 'StandardBias: 0 ' 'StandardName: @tzres.dll,-112 ' 'TimeZoneKeyName: Eastern Standard Time') expected_event_values = { 'configuration': expected_configuration, 'data_type': 'windows:registry:timezone', 'date_time': '2012-03-11 07:00:00.0006424', 'key_path': key_path } self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testProcessFile(self): """Tests the Process function on registry file.""" test_file_entry = self._GetTestFileEntry([u'SYSTEM']) key_path = (u'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control\\' u'TimeZoneInformation') win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) registry_key = win_registry.GetKeyByPath(key_path) plugin_object = winreg_timezone.WinRegTimezonePlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin_object, file_entry=test_file_entry) self.assertEqual(len(storage_writer.events), 1) event_object = storage_writer.events[0] expected_timestamp = timelib.Timestamp.CopyFromString( u'2012-03-11 07:00:00.000642') self.assertEqual(event_object.timestamp, expected_timestamp) expected_message = ( u'[{0:s}] ' u'ActiveTimeBias: 240 ' u'Bias: 300 ' u'DaylightBias: -60 ' u'DaylightName: @tzres.dll,-111 ' u'DynamicDaylightTimeDisabled: 0 ' u'StandardBias: 0 ' u'StandardName: @tzres.dll,-112 ' u'TimeZoneKeyName: Eastern Standard Time').format(key_path) expected_short_message = u'{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings(event_object, expected_message, expected_short_message)
def setUp(self): """Makes preparations before running an individual test.""" self._plugin = winreg_timezone.WinRegTimezonePlugin()
def setUp(self): """Sets up the needed objects used throughout the test.""" self._plugin = winreg_timezone.WinRegTimezonePlugin()