public void Should_be_possible_to_get_a_registryObject_with_his_variable_processed_with_multiple_values() { oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions(DEFINITIONS_WITH_CONST_VARIABLES); registry_object ovalRegistryObject = (registry_object)ProbeHelper.GetOvalComponentByOvalID(definitions, OBJ_3000_ID); Assert.IsNotNull(ovalRegistryObject, "the oval registry object is not exists in the fakeDefinitions"); Dictionary <String, EntityObjectStringType> allRegistryEntities = OvalHelper.GetRegistryEntitiesFromObjectType(ovalRegistryObject); string expectedHiveValue = allRegistryEntities[registry_object_ItemsChoices.hive.ToString()].Value; string expectedNameValue = allRegistryEntities[registry_object_ItemsChoices.name.ToString()].Value; string[] variableValues = new string[] { VAR_3000_VALUE_1, VAR_3000_VALUE_2 }; VariablesEvaluated variablesEvaluated = VariableHelper.CreateVariableWithMultiplesValue(OBJ_3000_ID, VAR_3000_ID, variableValues); RegistryEntityVariableEvaluator registryEntityVariableEvaluator = new RegistryEntityVariableEvaluator(variablesEvaluated); IEnumerable <RegistryObject> registries = registryEntityVariableEvaluator.ProcessVariableForRegistryObject(ovalRegistryObject); Assert.AreEqual(2, registries.Count(), "the quantity of registries is not expected"); Assert.AreEqual(expectedHiveValue, registries.ElementAt(0).Hive, "the hive value is not expected"); Assert.AreEqual(VAR_3000_VALUE_1, registries.ElementAt(0).Key, "the key value is not expected"); Assert.AreEqual(expectedNameValue, registries.ElementAt(0).Name, "the name value is not expected"); Assert.AreEqual(expectedHiveValue, registries.ElementAt(1).Hive, "the hive value is not expected"); Assert.AreEqual(VAR_3000_VALUE_2, registries.ElementAt(1).Key, "the key value is not expected"); Assert.AreEqual(expectedNameValue, registries.ElementAt(1).Name, "the name value is not expected"); }
private RegistryObject GetRegistryObject() { registry_object ovalRegistryObject = (registry_object)ProbeHelper.GetOvalComponentByOvalID(definitions, "oval:org.mitre.oval:obj:3000"); RegistryObject registry = RegistryObjectFactory.CreateRegistryObject(ovalRegistryObject); return(registry); }
private static set GetSetFromRegistryObject(registry_object registryObject) { for (int i = 0; i <= registryObject.RegistryObjectItemsElementName.Count() - 1; i++) { if (registryObject.RegistryObjectItemsElementName[i] == registry_object_ItemsChoices.set) { return((set)registryObject.Items[i]); } } return(null); }
public void Should_be_access_variable_information_from_the_registry_object_by_the_registry_wrapper() { oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions("definitionsWithConstantVariable.xml"); registry_object ovalRegistryObject = (registry_object)ProbeHelper.GetOvalComponentByOvalID(definitions, "oval:org.mitre.oval:obj:3000"); Assert.IsNotNull(ovalRegistryObject, "the oval registry object is not exists in the fakeDefinitions"); RegistryObject registry = RegistryObjectFactory.CreateRegistryObject(ovalRegistryObject); Assert.AreEqual(registry.Hive, "HKEY_LOCAL_MACHINE", "the hive value is not expected"); Assert.AreEqual(registry.Key, "", "the key value is not expected"); Assert.AreEqual(registry.Name, "CurrentVersion", "the hive value is not expected"); Assert.AreEqual("oval:org.mitre.oval:var:3000", registry.GetVariableId(registry_object_ItemsChoices.key.ToString()), "the variableId from key is not expected"); Assert.AreEqual("", registry.GetVariableId(registry_object_ItemsChoices.name.ToString()), "the variableId from from name is not expected"); }
public void Should_be_access_information_from_the_registry_object_by_the_registry_wrapper() { oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions("definitionsSimple.xml"); registry_object ovalRegistryObject = (registry_object)ProbeHelper.GetOvalComponentByOvalID(definitions, "oval:org.mitre.oval:obj:4000"); Assert.IsNotNull(ovalRegistryObject, "the oval registry object is not exists in the fakeDefinitions"); RegistryObject registry = RegistryObjectFactory.CreateRegistryObject(ovalRegistryObject); Assert.AreEqual(registry.Hive, "HKEY_LOCAL_MACHINE", "the hive value is not expected"); Assert.AreEqual(registry.Key, @"Software\Microsoft\Windows NT\CSDBuild", "the key value is not expected"); Assert.AreEqual(registry.Name, "^D.*", "the hive value is not expected"); Assert.AreEqual(OperationEnumeration.patternmatch, registry.GetNameOperation(), "the operation from from name is not expected"); Assert.AreEqual(OperationEnumeration.equals, registry.GetKeyOperation(), "the operation from from key is not expected"); }
public void Should_be_possible_to_get_EntityBaseType_from_an_object_that_have_multiples_items_that_is_not_EntityBaseType() { registry_object registry = new registry_object(); IEnumerable <EntitySimpleBaseType> entities = registry.GetEntityBaseTypes(); Assert.AreEqual(entities.Count(), 0, "the quantity is no expected"); registry = new registry_object() { Items = new[] { new RegistryBehaviors() } }; entities = registry.GetEntityBaseTypes(); Assert.AreEqual(entities.Count(), 0, "the quantity is no expected"); }
public void Should_be_possible_to_apply_PatternMatch_operation_on_OvalObjectEntity() { string definitionFileName = "fdcc_xpfirewall_oval_regex_on_value.xml"; registry_object obj50002 = (registry_object)this.getFakeObj(definitionFileName, "oval:modulo:obj:50001"); string keyPattern = "SOFTWARE\\Microsoft\\Windows\\^Current.*"; string[] fakeSubKeys = new string[] { "XBuildX", "CurrentBuild", "CurrentBuildXPTO", "Build" }; IList <string> fakeSystemValues = createFakeSystemValues("SOFTWARE\\Microsoft\\Windows", fakeSubKeys); Dictionary <string, object> operationParameters = getOperationParameters(keyPattern, fakeSystemValues.ToArray()); PatternMatchEntityOperation patternOperation = new PatternMatchEntityOperation(); IEnumerable <string> operationResult = patternOperation.Apply(operationParameters); Assert.IsNotNull(operationResult); Assert.AreEqual(2, operationResult.Count(), MSG_INVALID_OPERATION_RESULT_COUNT); }
public void Should_be_possible_to_apply_NotEqual_operation_on_OvalObjectEntity() { string definitionFileName = "fdcc_xpfirewall_oval_regex_on_value.xml"; registry_object obj50006 = (registry_object)this.getFakeObj(definitionFileName, "oval:modulo:obj:50006"); Dictionary <string, EntityObjectStringType> entities = OvalHelper.GetRegistryEntitiesFromObjectType(obj50006); EntityObjectStringType nameEntity = entities[registry_object_ItemsChoices.name.ToString()]; Dictionary <string, object> operationParameters = getOperationParameters("CSDVersion", new string[] { "BuildVersion", "CSDVersion", "XPTO" }); OvalEntityOperationBase notEqualsOperation = OvalEntityOperationFactory.CreateOperationForOvalEntity(nameEntity.operation); IEnumerable <string> resultAfterApplyOperation = notEqualsOperation.Apply(operationParameters); Assert.IsInstanceOfType(notEqualsOperation, typeof(NotEqualsEntityOperation), MSG_INVALID_OPERATION_TYPE); Assert.AreEqual(2, resultAfterApplyOperation.Count(), MSG_INVALID_OPERATION_RESULT_COUNT); Assert.AreEqual("BuildVersion", resultAfterApplyOperation.ElementAt(0), MSG_UNEXPECTED_FOUND_ITEM); Assert.AreEqual("XPTO", resultAfterApplyOperation.ElementAt(1), MSG_UNEXPECTED_FOUND_ITEM); }
public void Should_be_possible_to_apply_Equals_operation_on_RegistryObjectEntities() { registry_object registryObject = (registry_object)this.getFakeObj(DEFINITIONS_FILENAME, REGISTRY_OBJECT_ID); EntityObjectStringType keyEntity = this.getRegistryObjectEntity(registryObject, registry_object_ItemsChoices.key.ToString()); // Assert Key Entity Operation OvalEntityOperationBase operationForKeyEntity = OvalEntityOperationFactory.CreateOperationForOvalEntity(keyEntity.operation); Dictionary <string, object> keyOperationParameters = this.getOperationParameters(keyEntity.Value, new string[] { REGISTRY_KEY_NAME }); IEnumerable <string> derivedKeys = operationForKeyEntity.Apply(keyOperationParameters); Assert.IsInstanceOfType(operationForKeyEntity, typeof(EqualsEntityOperation), MSG_INVALID_OPERATION_TYPE); Assert.IsNotNull(derivedKeys); Assert.AreEqual(1, derivedKeys.Count(), MSG_INVALID_OPERATION_RESULT_COUNT); Assert.AreEqual(keyEntity.Value, derivedKeys.ElementAt(0), MSG_UNEXPECTED_FOUND_ITEM); }
public void Should_not_evaluate_a_variable_if_the_entityType_not_have_a_variable_reference() { oval_definitions definitions = new OvalDocumentLoader().GetFakeOvalDefinitions("definitionsSimple.xml"); Assert.IsNotNull(definitions, "the definitios is not created"); registry_object registryObject = (registry_object)definitions.objects[1]; Dictionary <String, EntityObjectStringType> registryEntities = this.GetRegistryEntitiesFromName(registryObject); EntitySimpleBaseType keyName = registryEntities[registry_object_ItemsChoices.key.ToString()]; VariableEvaluator variableEvaluator = new VariableEvaluator(definitions.variables, null, null); IEnumerable <string> values = variableEvaluator.Evaluate(keyName); Assert.IsNotNull(values, "the valueToMatch of variable is null"); Assert.IsTrue(values.Count() == 1, "the quantity of values is not expected"); Assert.IsTrue(values.ElementAt(0) == @"Software\Microsoft\Windows NT\CurrentVersion", "the valueToMatch is not expected"); }
public void Should_Be_Possible_To_Extract_From_OVAL_Definitions_Objects_That_Not_Contains_A_Test_Or_DefinitionAssociated() { oval_definitions fakeDefinitions = ProbeHelper.GetFakeOvalDefinitions("definitionsWithOnlyObjects.xml"); Assert.IsNotNull(fakeDefinitions.objects); Assert.AreEqual(6, fakeDefinitions.objects.Count()); Assert.IsNotNull(fakeDefinitions.objects.SingleOrDefault(obj => obj.id.Equals("oval:gov.nist.fdcc.xpfirewall:obj:50000"))); registry_object obj50001 = (registry_object)fakeDefinitions.objects.SingleOrDefault(obj => obj.id.Equals("oval:gov.nist.fdcc.xpfirewall:obj:50001")); Assert.IsNotNull(obj50001); string foundHiveName = ((EntityObjectRegistryHiveType)obj50001.Items[0]).Value; string foundKeyName = ((EntityObjectStringType)obj50001.Items[1]).Value; EntityObjectStringType foundValueEntity = (EntityObjectStringType)obj50001.Items[2]; Assert.AreEqual("HKEY_LOCAL_MACHINE", foundHiveName); Assert.AreEqual("SOFTWARE\\Microsoft\\Windows\\CurrentVersion", foundKeyName); Assert.AreEqual(OperationEnumeration.patternmatch, foundValueEntity.operation); Assert.AreEqual(".*Build$", foundValueEntity.Value); }
public void NotEqual_operation_should_be_CaseSensitive() { #region Registry Object // <registry_object id="oval:modulo:obj:50006" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows"> // <hive>HKEY_LOCAL_MACHINE</hive> // <key>SOFTWARE\Microsoft\Windows\CurrentVersion</key> // <name operation="not equal">CSDVersion</name> // </registry_object> #endregion registry_object registryObject = (registry_object)this.getFakeObj(DEFINITIONS_FILENAME, "oval:modulo:obj:50006"); Dictionary <string, EntityObjectStringType> registryEntities = OvalHelper.GetRegistryEntitiesFromObjectType(registryObject); EntityObjectStringType nameEntity = registryEntities[registry_object_ItemsChoices.name.ToString()]; OvalEntityOperationBase NotEqualOperation = OvalEntityOperationFactory.CreateOperationForOvalEntity(nameEntity.operation); Dictionary <string, object> operationParameters = this.getOperationParameters(nameEntity.Value, new string[] { "CSDversion", "CSDVersion", "csdVersion" }); IEnumerable <string> operationResult = NotEqualOperation.Apply(operationParameters); Assert.IsInstanceOfType(NotEqualOperation, typeof(NotEqualsEntityOperation), MSG_INVALID_OPERATION_TYPE); Assert.AreEqual(2, operationResult.Count(), MSG_INVALID_OPERATION_RESULT_COUNT); Assert.AreNotEqual(nameEntity.Value, operationResult.ElementAt(0), MSG_UNEXPECTED_FOUND_ITEM); Assert.AreNotEqual(nameEntity.Value, operationResult.ElementAt(1), MSG_UNEXPECTED_FOUND_ITEM); }
/// <summary> /// Creates the registry object given the oval Registry Object. /// </summary> /// <param name="ovalRegistryObject">The oval registry object.</param> /// <returns></returns> public static RegistryObject CreateRegistryObject(registry_object ovalRegistryObject) { Dictionary <String, EntityObjectStringType> allRegistryEntities = OvalHelper.GetRegistryEntitiesFromObjectType(ovalRegistryObject); return(new RegistryObject(allRegistryEntities)); }
private Dictionary <string, EntityObjectStringType> GetRegistryEntitiesFromName(registry_object registryObject) { string hiveEntityName = registry_object_ItemsChoices.hive.ToString(); string keyEntityName = registry_object_ItemsChoices.key.ToString(); string nameEntityName = registry_object_ItemsChoices.name.ToString(); object[] allEntities = registryObject.Items.ToArray(); string[] allEntityNames = registryObject.RegistryObjectItemsElementName.Select(i => i.ToString()).ToArray <String>(); Dictionary <String, EntityObjectStringType> registryEntities = new Dictionary <String, EntityObjectStringType>(); registryEntities.Add(hiveEntityName, this.GetEntityObjectByName(hiveEntityName, allEntities, allEntityNames)); registryEntities.Add(keyEntityName, this.GetEntityObjectByName(keyEntityName, allEntities, allEntityNames)); registryEntities.Add(nameEntityName, this.GetEntityObjectByName(nameEntityName, allEntities, allEntityNames)); return(registryEntities); }
//[TestMethod] //public void TestFoo() //{ // string strComputer = "."; // ManagementObjectSearcher wmiObjectSearcher = new ManagementObjectSearcher(); // wmiObjectSearcher.Scope = new ManagementScope("\\\\" + strComputer + "\\root\\directory\\LDAP"); // wmiObjectSearcher.Query = new ObjectQuery("Select * from ads_domaindns"); // wmiObjectSearcher.Options = new EnumerationOptions() { Rewindable = false, ReturnImmediately = true }; // string result = string.Empty; // foreach (var obj in wmiObjectSearcher.Get()) // foreach (PropertyData property in obj.Properties) // { // string propertyValue = (property.Value == null) ? "[NULL]" : property.Value.ToString(); // result += string.Format("Property Name: '{0}' / Property Value: {1}\r\n", property.Name, propertyValue); // } // System.IO.File.WriteAllText("c:\\temp\\DomainDNS.txt", result); // Assert.IsTrue(true); //} private EntityObjectStringType getRegistryObjectEntity(registry_object registryObject, string entityName) { Dictionary <string, EntityObjectStringType> entities = OvalHelper.GetRegistryEntitiesFromObjectType(registryObject); return(entities[entityName]); }
/// <summary> /// Evaluates all the variables for registry object. /// One registry_object can create multiples RegistryObjects. /// This happen because the variable is defined in the RegistryEntity, and a variable can be have multiples values. /// </summary> /// <param name="registryObject">The registry object.</param> /// <returns></returns> public IEnumerable <RegistryObject> ProcessVariableForRegistryObject(registry_object registryObject) { var registry = RegistryObjectFactory.CreateRegistryObject(registryObject); return(new List <RegistryObject>(this.ProcessVariables(registry))); }