示例#1
0
文件: mrulist.py 项目: ir4n6/plaso 
  def testFilters(self):
    """Tests the FILTERS class attribute."""
    plugin = mrulist.MRUListShellItemListPlugin()

    key_path = (
        'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\'
        'Explorer\\DesktopStreamMRU')
    self._AssertFiltersOnKeyPath(plugin, key_path)

    self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus')
示例#2
0
文件: mrulist.py 项目: no-sec/plaso 
    def testProcess(self):
        """Tests the Process function."""
        key_path = (
            'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\'
            'Explorer\\DesktopStreamMRU')
        time_string = '2012-08-28 09:23:49.002031'
        registry_key = self._CreateTestKey(key_path, time_string)

        plugin = mrulist.MRUListShellItemListPlugin()
        storage_writer = self._ParseKeyWithPlugin(registry_key, plugin)

        self.assertEqual(storage_writer.number_of_events, 5)

        events = list(storage_writer.GetEvents())

        # A MRUList event.
        event = events[4]

        # This should just be the plugin name, as we're invoking it directly,
        # and not through the parser.
        self.assertEqual(event.parser, plugin.plugin_name)

        expected_timestamp = timelib.Timestamp.CopyFromString(time_string)
        self.assertEqual(event.timestamp, expected_timestamp)

        expected_message = (
            '[{0:s}] '
            'Index: 1 [MRU Value a]: Shell item path: '
            '<My Computer> C:\\Winnt\\Profiles\\Administrator\\Desktop'
        ).format(key_path)
        expected_short_message = '{0:s}...'.format(expected_message[:77])

        self._TestGetMessageStrings(event, expected_message,
                                    expected_short_message)

        # A shell item event.
        event = events[0]

        expected_timestamp = timelib.Timestamp.CopyFromString(
            '2011-01-14 12:03:52')
        self.assertEqual(event.timestamp, expected_timestamp)

        expected_message = ('Name: Winnt '
                            'Shell item path: <My Computer> C:\\Winnt '
                            'Origin: {0:s}').format(key_path)
        expected_short_message = (
            'Name: Winnt '
            'Origin: HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\'
            'CurrentVersi...')

        self._TestGetMessageStrings(event, expected_message,
                                    expected_short_message)
示例#3
0
 def setUp(self):
     """Makes preparations before running an individual test."""
     self._plugin = mrulist.MRUListShellItemListPlugin()
示例#4
0
 def setUp(self):
     """Sets up the needed objects used throughout the test."""
     self._plugin = mrulist.MRUListShellItemListPlugin()