def testProcess(self): """Tests the Process function.""" test_file_entry = self._GetTestFileEntry(['SYSTEM']) key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum\\USBSTOR' win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) registry_key = win_registry.GetKeyByPath(key_path) plugin = usbstor.USBStorPlugin() storage_writer = self._ParseKeyWithPlugin( registry_key, plugin, file_entry=test_file_entry) self.assertEqual(storage_writer.number_of_events, 5) self.assertEqual(storage_writer.number_of_extraction_warnings, 0) self.assertEqual(storage_writer.number_of_recovery_warnings, 0) events = list(storage_writer.GetEvents()) expected_event_values = { 'date_time': '2012-04-07 10:31:37.6408714', 'data_type': 'windows:registry:usbstor', 'device_type': 'Disk', 'display_name': 'HP v100w USB Device', 'key_path': key_path, # This should just be the plugin name, as we're invoking it directly, # and not through the parser. 'parser': plugin.NAME, 'product': 'Prod_v100w', 'revision': 'Rev_1024', 'serial': 'AA951D0000007252&0', 'subkey_name': 'Disk&Ven_HP&Prod_v100w&Rev_1024', 'timestamp_desc': definitions.TIME_DESCRIPTION_WRITTEN, 'vendor': 'Ven_HP'} self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testFilters(self): """Tests the FILTERS class attribute.""" plugin = usbstor.USBStorPlugin() key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum\\USBSTOR' self._AssertFiltersOnKeyPath(plugin, key_path) self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus')
def testProcess(self): """Tests the Process function.""" test_file_entry = self._GetTestFileEntry(['SYSTEM']) key_path = 'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum\\USBSTOR' win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) registry_key = win_registry.GetKeyByPath(key_path) plugin = usbstor.USBStorPlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin, file_entry=test_file_entry) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 5) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2012-04-07 10:31:37.640871') self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_WRITTEN) event_data = self._GetEventDataOfEvent(storage_writer, event) # This should just be the plugin name, as we're invoking it directly, # and not through the parser. self.assertEqual(event_data.parser, plugin.plugin_name) self.assertEqual(event_data.data_type, 'windows:registry:usbstor') self.assertEqual(event_data.pathspec, test_file_entry.path_spec) self.assertEqual(event_data.subkey_name, 'Disk&Ven_HP&Prod_v100w&Rev_1024') self.assertEqual(event_data.device_type, 'Disk') self.assertEqual(event_data.vendor, 'Ven_HP') self.assertEqual(event_data.product, 'Prod_v100w') self.assertEqual(event_data.revision, 'Rev_1024') expected_message = ('[{0:s}] ' 'Device type: Disk ' 'Display name: HP v100w USB Device ' 'Product: Prod_v100w ' 'Revision: Rev_1024 ' 'Serial: AA951D0000007252&0 ' 'Subkey name: Disk&Ven_HP&Prod_v100w&Rev_1024 ' 'Vendor: Ven_HP').format(key_path) expected_short_message = '{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings(event_data, expected_message, expected_short_message)
def testProcess(self): """Tests the Process function.""" test_file_entry = self._GetTestFileEntry([u'SYSTEM']) key_path = u'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum\\USBSTOR' win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) registry_key = win_registry.GetKeyByPath(key_path) plugin = usbstor.USBStorPlugin() storage_writer = self._ParseKeyWithPlugin(registry_key, plugin, file_entry=test_file_entry) self.assertEqual(storage_writer.number_of_events, 5) events = list(storage_writer.GetEvents()) event = events[0] self.assertEqual(event.pathspec, test_file_entry.path_spec) # This should just be the plugin name, as we're invoking it directly, # and not through the parser. self.assertEqual(event.parser, plugin.plugin_name) expected_timestamp = timelib.Timestamp.CopyFromString( u'2012-04-07 10:31:37.640871') self.assertEqual(event.timestamp, expected_timestamp) self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_WRITTEN) expected_value = u'Disk&Ven_HP&Prod_v100w&Rev_1024' self._TestRegvalue(event, u'subkey_name', expected_value) self._TestRegvalue(event, u'device_type', u'Disk') self._TestRegvalue(event, u'vendor', u'Ven_HP') self._TestRegvalue(event, u'product', u'Prod_v100w') self._TestRegvalue(event, u'revision', u'Rev_1024') expected_message = (u'[{0:s}] ' u'device_type: Disk ' u'friendly_name: HP v100w USB Device ' u'product: Prod_v100w ' u'revision: Rev_1024 ' u'serial: AA951D0000007252&0 ' u'subkey_name: Disk&Ven_HP&Prod_v100w&Rev_1024 ' u'vendor: Ven_HP').format(key_path) expected_short_message = u'{0:s}...'.format(expected_message[:77]) self._TestGetMessageStrings(event, expected_message, expected_short_message)
def setUp(self): """Makes preparations before running an individual test.""" self._plugin = usbstor.USBStorPlugin()
def setUp(self): """Sets up the needed objects used throughout the test.""" self._plugin = usbstor.USBStorPlugin()
def setUp(self): """Sets up the needed objects used throughout the test.""" pre_obj = event.PreprocessObject() pre_obj.current_control_set = 'ControlSet001' self._plugin = usbstor.USBStorPlugin(pre_obj=pre_obj)