public void Should_be_possible_to_generate_FileItems_from_FileObject_with_FilePathEntity_defined_with_reference_to_variable()
{
#region Oval File Object
// <file_object id="oval:modulo:obj:50010" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
// <filepath var_ref="oval:modulo:var:50010"></filepath>
// </file_object>
// <constant_variable id="oval:modulo:var:50010" datatype="string" version="1" comment="...">
// <value>c:\windows\system32\vgadriver.dll</value>
// </constant_variable>
#endregion
// Arrange
string fakeVariableValue = @"c:\windows\system32\vgadriver.dll";
var fileObj50010 = (file_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_REGEX_ON_VALUE, OBJ_50010_ID);
var vars = VariableHelper.CreateVariableWithOneValue(OBJ_50010_ID, "oval:modulo:var:50010", fakeVariableValue);
var fileItemsGenerator = new FileItemTypeGenerator()
{
SystemDataSource = WindowsTestHelper.GetDataSourceFakewithoutRegex()
};
// Act
IList <ItemType> itemsToCollect = fileItemsGenerator.GetItemsToCollect(fileObj50010, vars).ToList();
// Assert
Assert.IsNotNull(itemsToCollect, "The generated items cannot be null.");
Assert.AreEqual(1, itemsToCollect.Count, "The number of generated items is not expected.");
this.AssertGeneratedFileItem(itemsToCollect[0], fakeVariableValue, null, null);
}
public void Should_be_possible_to_generate_itemTypes_from_objectTypes()
{
var ovalObject = WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_WITH_LOCAL_VARIABLE, OBJ_MITRE_3000_ID);
var fakeDataSource = WindowsTestHelper.GetDataSourceFakewithoutRegex();
var wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
var fakeRegistryKeyPath = new List <string>()
{
@"Software\Microsoft\Windows NT\CurrentVersion"
};
var variable = new VariableValue(ovalObject.id, VAR_MITRE_3000_ID, fakeRegistryKeyPath);
var variables = new VariablesEvaluated(new List <VariableValue>()
{
variable
});
RegistryItemTypeGenerator itemGenerator = new RegistryItemTypeGenerator()
{
SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider
};
IEnumerable <ItemType> itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, variables);
Assert.AreEqual(1, itemsToCollect.Count(), "the quantity of items is not expected");
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), "HKEY_LOCAL_MACHINE", @"Software\Microsoft\Windows NT\CurrentVersion", "CurrentVersion");
}
public void Should_be_possible_to_define_a_not_equals_operation_on_the_keyEntity()
{
string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString();
string startKey = "SOFTWARE\\Adobe";
var ovalObject = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithLocalVariable.xml", "oval:modulo:obj:6000");
var fakeDataSource =
new SystemDataSourceFactory()
.GetDataSourceFakeWithSpecificNames(startKey, new string[] { "Acrobat Reader\\9.0\\Installer",
"Acrobat Reader\\9.0\\InstallPath",
"Acrobat Reader\\Language\\current",
"Adobe Air\\FileTypeRegistration",
"Adobe Air\\Repair\\9.0\\IOD" });
var wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
var itemGenerator = new RegistryItemTypeGenerator()
{
SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider
};
var itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, VariableHelper.CreateEmptyEvaluatedVariables()).Cast <registry_item>();
Assert.AreEqual(2, itemsToCollect.Count());
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, "SOFTWARE\\Adobe\\Adobe Air\\FileTypeRegistration", "Path");
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(1), hiveHKLM, "SOFTWARE\\Adobe\\Repair\\9.0\\IOD", "Path");
}
public void Should_be_possible_to_generate_itemTypes_from_objectTypes_with_variables_and_regex()
{
string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString();
string startKey = "SOFTWARE\\Microsoft\\Windows";
var ovalObject = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithLocalVariable.xml", "oval:modulo:obj:5000");
var fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex(startKey, 1);
WmiDataProvider wmiDataProvider = new WmiDataProvider();// new WmiDataProviderFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
VariableValue variable = new VariableValue(ovalObject.id, "oval:org.mitre.oval:var:3000", new List <string>()
{
"CurrentType"
});
VariablesEvaluated variables = new VariablesEvaluated(new List <VariableValue>()
{
variable
});
var itemGenerator = new RegistryItemTypeGenerator()
{
SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider
};
var itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, variables).Cast <registry_item>();
Assert.AreEqual(2, itemsToCollect.Count());
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentBuild", "CurrentType");
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(1), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "CurrentType");
}
public void Should_be_possible_to_generate_itemTypes_from_objectTypes_with_variables()
{
string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString();
string key = @"Software\Microsoft\Windows NT\CurrentVersion";
string name = "CurrentType";
var ovalObject = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithLocalVariable.xml", "oval:org.mitre.oval:obj:4000");
BaseObjectCollector fakeDataSource = WindowsTestHelper.GetDataSourceFakewithoutRegex();
WmiDataProvider wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
VariableValue variable = new VariableValue(ovalObject.id, "oval:org.mitre.oval:var:4000", new List <string>()
{
key
});
VariablesEvaluated variables = new VariablesEvaluated(new List <VariableValue>()
{
variable
});
var itemGenerator = new RegistryItemTypeGenerator()
{
SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider
};
var itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, variables);
Assert.IsTrue(itemsToCollect.Count() == 1, "the quantity of items is not expected");
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, key, name);
}
public void Should_be_possible_to_generate_FileItems_from_FileEffectiveRightsObject()
{
// Arrange
var obj = (fileeffectiverights_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_SIMPLE, OBJ_SIMPLE_7);
var itemTypeGenerator = new FileEffectiveRightsItemTypeGenerator();
// Act
IList <ItemType> generatedItems = itemTypeGenerator.GetItemsToCollect(obj, null).ToList();
// Assert
Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect cannot be null.");
Assert.AreEqual(1, generatedItems.Count, "Unexpected items count was found.");
this.AssertGeneratedFileEffectiveRightsItem(generatedItems[0], null, @"c:\temp", "file1.txt", @"mss\lfernandes");
}
public void Should_be_possible_to_generate_itemTypes_from_objectType_with_PatternMatchOperation_on_key_and_name_entities_at_same_time()
{
var objectType = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithOnlyObjects.xml", "oval:modulo:obj:12345");
var fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex("", 2);
var fakeWmiDataProvider = new WmiDataProvider();// new WmiDataProviderFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
var itemTypeGenerator = new RegistryItemTypeGenerator()
{
SystemDataSource = fakeDataSource, WmiDataProvider = fakeWmiDataProvider
};
var generatedItems = itemTypeGenerator.GetItemsToCollect(objectType, VariableHelper.CreateEmptyEvaluatedVariables());
Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect method cannot be null.");
Assert.AreEqual(4, generatedItems.Count(), "Unexpected generated items type count");
}
public void Should_be_possible_generate_SIDItems_from_with_PatternMatch_operation_on_TrusteeNameEntity()
{
// Pattern .*\fernandes
// Arrange
var fakeTrusteeNames = new string[] { "XPTO\\fernandess", @"MSS\lfernandes", @"LOCAL\lfernandes", @"lfernandes", "MSS\\admin" };
var sidObject = (sid_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_SIMPLE, "oval:modulo:obj:12");
var itemGenerator = this.GetMockecSidItemTypeGenerator(sidObject.id, fakeTrusteeNames);
// Act
var generatedItems = itemGenerator.GetItemsToCollect(sidObject, null);
// Assert
Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect cannot be null.");
Assert.AreEqual(3, generatedItems.Count(), "Unexpected items count was found.");
this.AssertGeneratedSidItem(generatedItems.ElementAt(0), @"MSS\lfernandes");
this.AssertGeneratedSidItem(generatedItems.ElementAt(1), @"LOCAL\lfernandes");
this.AssertGeneratedSidItem(generatedItems.ElementAt(2), @"lfernandes");
}
public void Should_possible_to_collect_directory_passing_nil_filename()
{
var fileObject = (file_object)WindowsTestHelper.GetObjectFromDefinitions("definitionsSimple.xml", "oval:com.modulo.IIS6:obj:6877401");
var fakeFileProvider = CreateFileProviderToAlwaysReturnThatTheFileExists();
var fakeEvaluatedVars = VariableHelper.CreateVariableWithOneValue(fileObject.id, "oval:com.modulo.IIS6:var:687741", @"c:\System32\Inetsrv\Iisadmpwd");
var fileItemTypeGenerator = new FileItemTypeGenerator()
{
FileProvider = fakeFileProvider
};
var itemsToCollect = fileItemTypeGenerator.GetItemsToCollect(fileObject, fakeEvaluatedVars).ToList();
ItemTypeChecker.DoBasicAssertForItems(itemsToCollect, 1, typeof(file_item));
var fileItem = (file_item)itemsToCollect.Single();
ItemTypeEntityChecker.AssertItemTypeEntity(fileItem.path, @"c:\System32\Inetsrv\Iisadmpwd", "path");
ItemTypeEntityChecker.AssertItemTypeEntity(fileItem.filename, string.Empty, "filename");
}
public void Should_be_possible_to_generate_file_items_from_object_types()
{
// Arrange
var fileObject = (file_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_REGEX_ON_VALUE, OBJ_50004_ID);
var fakeFileProvider = CreateFileProviderToAlwaysReturnThatTheFileExists();
var fileItemTypeGenerator = new FileItemTypeGenerator()
{
FileProvider = fakeFileProvider
};
// Act
var itemsToCollect = fileItemTypeGenerator.GetItemsToCollect(fileObject, null).ToList();
// Assert
Assert.IsNotNull(itemsToCollect, "The return of GetItemsToCollect cannot be null.");
Assert.AreEqual(1, itemsToCollect.Count, "The number of items to collect is unexpected.");
this.AssertGeneratedFileItem(itemsToCollect[0], null, "c:\\windows", "foo.exe");
}
public void Should_be_possible_to_generate_SIDItems_from_SIDObject()
{
#region SID OBJECT
//<sid_object id="oval:modulo:obj:8" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
// <trustee_name>Administrator</trustee_name>
//</sid_object>
#endregion
// Arrange
var sidObject = (sid_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_SIMPLE, OBJ_SIMPLE_8);
SIDItemTypeGenerator itemTypeGenerator = new SIDItemTypeGenerator();
// Act
IList <ItemType> generatedItems = itemTypeGenerator.GetItemsToCollect(sidObject, null).ToList();
// Assert
Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect cannot be null.");
Assert.AreEqual(1, generatedItems.Count, "Unexpected items count was found.");
Assert.IsInstanceOfType(generatedItems[0], typeof(sid_item), "Unexpected type of generated item found. The correct type is 'sid_item'");
Assert.AreEqual("Administrator", ((sid_item)generatedItems[0]).trustee_name.Value);
}
public void Should_be_possible_generate_SID_SIDItems_from_with_PatternMatch_operation_on_TrusteeSIDEntity()
{
#region SID SID OBJECT
//<sid_sid_object id="oval:modulo:obj:202">
// <trustee_sid operation="pattern match">^S.*-500$</trustee_sid>
//</sid_sid_object>
#endregion
// Arrange
string[] fakeTrusteeSIDs = new string[] { "S-1-5", @"S-1-18-500", @"S-1-55-500", "S-1-25-5000" };
var sidObject = (sid_sid_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_SIMPLE, "oval:modulo:obj:202");
SID_SIDItemTypeGenerator itemGenerator = this.GetMockecSid_SidItemTypeGenerator(sidObject.id, fakeTrusteeSIDs);
// Act
var generatedItems = itemGenerator.GetItemsToCollect(sidObject, null);
// Assert
Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect cannot be null.");
Assert.AreEqual(2, generatedItems.Count(), "Unexpected items count was found.");
this.AssertGeneratedSid_SidItem(generatedItems.ElementAt(0), @"S-1-18-500");
this.AssertGeneratedSid_SidItem(generatedItems.ElementAt(1), @"S-1-55-500");
}
public void Should_be_possible_to_generate_SID_SID_Items_from_SID_SIDObject()
{
#region SID SID OBJECT
//<sid_sid_object id="oval:modulo:obj:200">
// <trustee_sid>S-1-5-20</trustee_sid>
//</sid_sid_object>
#endregion
// Arrange
var sid_sidObject = (sid_sid_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_SIMPLE, "oval:modulo:obj:200");
SID_SIDItemTypeGenerator itemTypeGenerator = new SID_SIDItemTypeGenerator();
// Act
var generatedItems = itemTypeGenerator.GetItemsToCollect(sid_sidObject, null);
// Assert
Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect cannot be null.");
Assert.AreEqual(1, generatedItems.Count(), "Unexpected items count was found.");
Assert.IsInstanceOfType(generatedItems.ElementAt(0), typeof(sid_sid_item), "Unexpected type of generated item found. The correct type is 'sid_sid_item'");
Assert.AreEqual("S-1-5-20", ((sid_sid_item)generatedItems.ElementAt(0)).trustee_sid.Value, "A generated sid_sid_item with unexpected sid was found.");
Assert.IsNull(((sid_sid_item)generatedItems.ElementAt(0)).trustee_name);
}
public void Should_be_possible_to_generate_FileItems_from_FileObject_with_FilePathEntity_defined()
{
#region Oval File Object
// <file_object id="oval:modulo:obj:50008" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
// <filepath>c:\windows\foo.exe</filepath>
// </file_object>
#endregion
// Arrange
file_object fileObj50008 = (file_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_REGEX_ON_VALUE, OBJ_50008_ID);
var fileItemsGenerator = new FileItemTypeGenerator()
{
SystemDataSource = WindowsTestHelper.GetDataSourceFakewithoutRegex()
};
// Act
IList <ItemType> itemsToCollect = fileItemsGenerator.GetItemsToCollect(fileObj50008, null).ToList();
Assert.IsNotNull(itemsToCollect, "The generated items cannot be null.");
Assert.AreEqual(1, itemsToCollect.Count, "The number of generated items is not expected.");
this.AssertGeneratedFileItem(itemsToCollect[0], @"c:\windows\foo.exe", null, null);
}
public void Should_be_possible_to_generate_itemTypes_from_objectTypes_with_regex_operation()
{
string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString();
string startKey = "SOFTWARE\\Microsoft\\Windows";
var obj50003 = WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_REGEX_ON_VALUE, OBJ_50003_ID);
BaseObjectCollector fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex(startKey, 2);
WmiDataProvider wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
RegistryItemTypeGenerator itemGenerator = new RegistryItemTypeGenerator()
{
SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider
};
var itemsToCollect = itemGenerator.GetItemsToCollect(obj50003, VariableHelper.CreateEmptyEvaluatedVariables()).Cast <registry_item>();
Assert.AreEqual(4, itemsToCollect.Count());
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentBuild", "CurrentBuild");
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(1), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentBuild", "LastBuild");
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(2), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "CurrentBuild");
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(3), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "LastBuild");
}