Python WMIActiveScriptEventConsumerParser示例

编程语言: Python

命名空间/包名称: grr.lib.parsers.wmi_parser

方法/功能: WMIActiveScriptEventConsumerParser

hotexamples.com的示例: 5

Python WMIActiveScriptEventConsumerParser - 已找到5个示例。这些是从开源项目中提取的最受好评的grr.lib.parsers.wmi_parser.WMIActiveScriptEventConsumerParser现实Python示例。您可以评价示例，以帮助我们提高示例质量。

示例#1

显示文件

  def testWMIActiveScriptEventConsumerParser(self):
    parser = wmi_parser.WMIActiveScriptEventConsumerParser()
    rdf_dict = rdf_protodict.Dict()
    rdf_dict["CreatorSID"] = [
        1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 152, 18, 57, 8, 206, 29, 80, 44,
        70, 38, 82, 8, 244, 1, 0, 0
    ]
    rdf_dict["KillTimeout"] = 0
    rdf_dict["MachineName"] = None
    rdf_dict["MaximumQueueSize"] = None
    rdf_dict["Name"] = "SomeName"
    rdf_dict["ScriptFilename"] = None
    rdf_dict["ScriptingEngine"] = "VBScript"
    rdf_dict["ScriptText"] = r"""Dim objFS, objFile
Set objFS = CreateObject("Scripting.FileSystemObject")
Set objFile = objFS.OpenTextFile("C:\temp.log", 8, true)
objFile.WriteLine "Time: " & Now & "; Entry made by: ASEC"
objFile.WriteLine "Application closed. UserModeTime: " &
TargetEvent.TargetInstance.UserModeTime &_ "; KernelModeTime: " &
TargetEvent.TargetInstance.KernelModeTime & " [hundreds of nanoseconds]"
objFile.Close"""

    result_list = list(parser.Parse(None, rdf_dict, None))
    self.assertEqual(len(result_list), 1)
    result = result_list[0]
    self.assertEqual(result.CreatorSID,
                     "S-1-5-21-137958040-743448014-139601478-500")
    self.assertEqual(result.MaximumQueueSize, 0)
    self.assertFalse(result.ScriptFilename)

示例#2

显示文件

 def testWMIEventConsumerParserRaisesWhenNonEmptyDictReturnedEmpty(self):
   parser = wmi_parser.WMIActiveScriptEventConsumerParser()
   rdf_dict = rdf_protodict.Dict()
   rdf_dict["NonexistentField"] = "Abcdef"
   with self.assertRaises(ValueError):
     for output in parser.Parse(None, rdf_dict, None):
       self.assertEqual(output.__class__, rdf_anomaly.Anomaly)

示例#3

显示文件

 def testWMIEventConsumerParserDoesntFailOnUnknownField(self):
   parser = wmi_parser.WMIActiveScriptEventConsumerParser()
   rdf_dict = rdf_protodict.Dict()
   rdf_dict["NonexistentField"] = "Abcdef"
   rdf_dict["Name"] = "Test event consumer"
   results = list(parser.Parse(None, rdf_dict, None))
   self.assertEqual(2, len(results))
   # Anomalies yield first
   self.assertEqual(results[0].__class__, rdf_anomaly.Anomaly)
   self.assertEqual(results[1].__class__, rdf_wmi.WMIActiveScriptEventConsumer)

示例#4

显示文件

  def testWMIEventConsumerParserDoesntFailOnMalformedSIDs(self):
    parser = wmi_parser.WMIActiveScriptEventConsumerParser()
    rdf_dict = rdf_protodict.Dict()
    tests = [
        [1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0],
        "(1, 2, 3)",  # Older clients (3.0.0.3) return a the SID like this
        1,
        {
            1: 2
        },
        (1, 2)
    ]

    for test in tests:
      rdf_dict["CreatorSID"] = test
      result_list = list(parser.Parse(None, rdf_dict, None))
      self.assertEqual(len(result_list), 1)

示例#5

显示文件

 def testWMIEventConsumerParser_EmptyConsumersYieldBlank(self):
   parser = wmi_parser.WMIActiveScriptEventConsumerParser()
   rdf_dict = rdf_protodict.Dict()
   result_list = list(parser.Parse(None, rdf_dict, None))
   self.assertEqual(1, len(result_list))
   self.assertEqual(True, not result_list[0])