def testGetValue(self): """Tests the GetValue function.""" knowledge_base_object = knowledge_base.KnowledgeBase() plugin = windows.WindowsSystemRegistryPath() plugin.Run(self._searcher, knowledge_base_object) path = knowledge_base_object.GetValue('sysregistry') self.assertEqual(path, u'/Windows/System32/config')
def testGetValue(self): """Tests the GetValue function.""" pre_obj = event.PreprocessObject() plugin = windows.WindowsSystemRegistryPath(pre_obj) plugin.Run(self._searcher) path = getattr(pre_obj, 'sysregistry', None) self.assertEquals(path, u'/Windows/System32/config')
def testGetValue(self): """Tests the GetValue function.""" knowledge_base_object = knowledge_base.KnowledgeBase() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath() plugin.Run(self._searcher, knowledge_base_object) plugin = windows.WindowsHostname() plugin.Run(self._searcher, knowledge_base_object) self.assertEqual(knowledge_base_object.hostname, u'WKS-WIN732BITA')
def testGetValue(self): """Tests the GetValue function.""" knowledge_base_object = knowledge_base.KnowledgeBase() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath() plugin.Run(self._searcher, knowledge_base_object) plugin = windows.WindowsCodepage() plugin.Run(self._searcher, knowledge_base_object) self.assertEquals(knowledge_base_object.codepage, u'cp1252')
def testGetValue(self): """Tests the GetValue function.""" knowledge_base_object = knowledge_base.KnowledgeBase() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath() plugin.Run(self._searcher, knowledge_base_object) plugin = windows.WindowsProgramFilesPath() plugin.Run(self._searcher, knowledge_base_object) path = knowledge_base_object.GetValue('programfiles') self.assertEqual(path, u'Program Files')
def testGetValue(self): """Tests the GetValue function.""" knowledge_base_object = knowledge_base.KnowledgeBase() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath() plugin.Run(self._searcher, knowledge_base_object) plugin = windows.WindowsVersion() plugin.Run(self._searcher, knowledge_base_object) osversion = knowledge_base_object.GetValue('osversion') self.assertEqual(osversion, u'Windows 7 Ultimate')
def testGetValue(self): """Tests the GetValue function.""" knowledge_base_object = knowledge_base.KnowledgeBase() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath() plugin.Run(self._searcher, knowledge_base_object) plugin = windows.WindowsTimeZone() plugin.Run(self._searcher, knowledge_base_object) time_zone_str = knowledge_base_object.GetValue('time_zone_str') self.assertEqual(time_zone_str, u'EST5EDT')
def testGetValue(self): """Tests the GetValue function.""" pre_obj = event.PreprocessObject() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath(pre_obj) plugin.Run(self._searcher) plugin = windows.WindowsHostname(pre_obj) plugin.Run(self._searcher) hostname = getattr(pre_obj, 'hostname', None) self.assertEquals(hostname, u'WKS-WIN732BITA')
def testGetValue(self): """Tests the GetValue function.""" pre_obj = event.PreprocessObject() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath(pre_obj) plugin.Run(self._searcher) plugin = windows.WindowsCodepage(pre_obj) plugin.Run(self._searcher) codepage = getattr(pre_obj, 'code_page', None) self.assertEquals(codepage, u'cp1252')
def testGetValue(self): """Tests the GetValue function.""" pre_obj = event.PreprocessObject() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath(pre_obj) plugin.Run(self._searcher) plugin = windows.WindowsVersion(pre_obj) plugin.Run(self._searcher) version = getattr(pre_obj, 'osversion', None) self.assertEquals(version, u'Windows 7 Ultimate')
def testGetValue(self): """Tests the GetValue function.""" pre_obj = event.PreprocessObject() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath(pre_obj) plugin.Run(self._searcher) plugin = windows.WindowsTimeZone(pre_obj) plugin.Run(self._searcher) timezone = getattr(pre_obj, 'time_zone_str', None) self.assertEquals(timezone, u'EST5EDT')
def testGetValue(self): """Tests the GetValue function.""" pre_obj = event.PreprocessObject() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath(pre_obj) plugin.Run(self._searcher) plugin = windows.WindowsProgramFilesPath(pre_obj) plugin.Run(self._searcher) path = getattr(pre_obj, 'programfiles', None) self.assertEquals(path, u'Program Files')
def testGetValue(self): """Tests the GetValue function.""" pre_obj = event.PreprocessObject() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath(pre_obj) plugin.Run(self._searcher) plugin = windows.WindowsProgramFilesX86Path(pre_obj) plugin.Run(self._searcher) path = getattr(pre_obj, 'programfilesx86', None) # The test SOFTWARE Registry file does not contain a value for # the Program Files X86 path. self.assertEquals(path, None)
def testGetValue(self): """Tests the GetValue function.""" knowledge_base_object = knowledge_base.KnowledgeBase() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath() plugin.Run(self._searcher, knowledge_base_object) plugin = windows.WindowsProgramFilesX86Path() plugin.Run(self._searcher, knowledge_base_object) path = knowledge_base_object.GetValue('programfilesx86') # The test SOFTWARE Registry file does not contain a value for # the Program Files X86 path. self.assertEqual(path, None)
def testGetValue(self): """Tests the GetValue function.""" knowledge_base_object = knowledge_base.KnowledgeBase() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath() plugin.Run(self._searcher, knowledge_base_object) plugin = windows.WindowsUsers() plugin.Run(self._searcher, knowledge_base_object) users = knowledge_base_object.GetValue('users') self.assertEqual(len(users), 11) expected_sid = u'S-1-5-21-2036804247-3058324640-2116585241-1114' self.assertEqual(users[9].get('sid', None), expected_sid) self.assertEqual(users[9].get('name', None), u'rsydow') self.assertEqual(users[9].get('path', None), u'C:\\Users\\rsydow')
def testGetValue(self): """Tests the GetValue function.""" pre_obj = event.PreprocessObject() # The plug-in needs to expand {sysregistry} so we need to run # the WindowsSystemRegistryPath plug-in first. plugin = windows.WindowsSystemRegistryPath(pre_obj) plugin.Run(self._searcher) plugin = windows.WindowsUsers(pre_obj) plugin.Run(self._searcher) users = getattr(pre_obj, 'users', None) self.assertEquals(len(users), 11) expected_sid = u'S-1-5-21-2036804247-3058324640-2116585241-1114' self.assertEquals(users[9].get('sid', None), expected_sid) self.assertEquals(users[9].get('name', None), u'rsydow') self.assertEquals(users[9].get('path', None), u'C:\\Users\\rsydow')