Example #1
0
        public registry_item CreateRegistryItem(string hive, string key, string name)
        {
            registry_item newRegistryItem = new registry_item();
            newRegistryItem.hive = new EntityItemRegistryHiveType() { Value = hive };
            newRegistryItem.key = this.CreateEntityItemStringType(key);
            newRegistryItem.name = this.CreateEntityItemStringType(name);

            return newRegistryItem;
        }
Example #2
0
        public void Should_be_possible_to_create_a_relation_between_objectType_and_systemData_through_of_referenceData()
        {
            CollectedObject collectObject = new CollectedObject("oval:org.mitre.oval:obj:6000");
            ItemType registryItem1 = new registry_item() { status = StatusEnumeration.exists, id = "1" };
            ItemType registryItem2 = new registry_item() { status = StatusEnumeration.doesnotexist, id = "2" };
            collectObject.AddItemToSystemData(registryItem1);
            collectObject.AddItemToSystemData(registryItem2);

            Assert.AreEqual(2, collectObject.ObjectType.reference.Count(), "the quantity of reference is not expected");
            Assert.AreEqual("1", collectObject.ObjectType.reference[0].item_ref, "the first element of reference not has the id expected");
            Assert.AreEqual("2", collectObject.ObjectType.reference[1].item_ref, "the second element of reference not has the id expected");

            CollectedObject otherCollectedObject = new CollectedObject("oval:org.mitre.oval:obj:6001");
            ItemType registryItem3 = new registry_item() { status = StatusEnumeration.exists, id = "3" };
            otherCollectedObject.AddItemToSystemData(registryItem3);

            Assert.AreEqual(1, otherCollectedObject.ObjectType.reference.Count(), "the quantity of reference is not expected for the second collectedObject");
            Assert.AreEqual("3", otherCollectedObject.ObjectType.reference[0].item_ref, "the referece id of element is not expected");
        }
Example #3
0
        public void Should_be_possible_to_compare_two_windows_itemTypes_when_they_were_created_manually()
        {
            ItemType firstItemType = new registry_item() { name = new EntityItemStringType() { Value = "Modulo" } };
            ItemType secondItemType = new registry_item() { name = new EntityItemStringType() { Value = "Microsoft" } };
            var itemTypeComparator = new GenericItemTypeComparator();

            var comparisionResult = itemTypeComparator.IsEquals(firstItemType, secondItemType);

            Assert.IsFalse(comparisionResult, "The compared items are different");
        }
Example #4
0
        private RegistryItemSystemData collectSystemDataForRegistryItem(registry_item item)
        {
            object dataValue = null;
            
            var valueTypeID = this.getValueTypeIDFromRegistry(item.hive.Value, item.key.Value, item.name.Value);
            if (valueTypeID == eValueTypes.DWORD_LITTLE_ENDIAN)
            {
                var credentials = TargetInfo.credentials;
                Helpers.WinNetUtils.connectToRemote(TargetInfo.GetRemoteUNC(), credentials.GetUserName(), credentials.GetPassword());
                var address = TargetInfo.GetAddress();
                var hive = RegistryHelper.GetRegistryHiveFromHiveName(item.hive.Value);
                var key = item.key.Value;
                var name = item.name.Value;
                dataValue = Microsoft.Win32.RegistryKey.OpenRemoteBaseKey(hive, address).OpenSubKey(key).GetValue(name);
            }
            else
            {
                var sGetValueMethodName = RegistryHelper.ConvertToGetValueMethodNameFromValueType(valueTypeID);
                var inParameters = this.getInParametersForGetValueMethod(item.hive.Value, item.key.Value, item.name.Value);
                var getValueResult = this.WmiDataProvider.InvokeMethod(sGetValueMethodName, inParameters);
                dataValue = this.getCollectedValueFromGetValueMethodResult(getValueResult);
            }

            if (valueTypeID == eValueTypes.STRING)
                dataValue = RemoveInvalidChars(dataValue.ToString());

            return new RegistryItemSystemData(valueTypeID, dataValue);
        }
Example #5
0
        private static ItemType CreateRegistryItem(string hiveName, string ovalId, string message, string keyName, string name, string value)
        {
            registry_item registry_item = new registry_item()
            {
                hive = new EntityItemRegistryHiveType() { datatype = SimpleDatatypeEnumeration.@string, Value = hiveName },
                id = ovalId,
                message = MessageType.FromString(message),
                key = new EntityItemStringType() { datatype = SimpleDatatypeEnumeration.@string, Value = keyName },
                name = new EntityItemStringType() { datatype = SimpleDatatypeEnumeration.@string, Value = name },
                value = new EntityItemAnySimpleType[1] { new EntityItemAnySimpleType() { datatype = SimpleDatatypeEnumeration.@string, Value = name } }

            };
            return registry_item;
        }
Example #6
0
        private RegistryProber GetMockedRegistryProber(registry_item fakeItem)
        {
            var fakeValues = new List<String>(new string[] { "FakeValue" });
            var fakeCollectedItems = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(fakeItem) };

            MockRepository mocks = new MockRepository();
                var fakeConnection = mocks.DynamicMock<IConnectionManager>();
                var fakeSystemInformation = mocks.DynamicMock<ISystemInformationService>();
                var fakeProvider = mocks.DynamicMock<RegistryConnectionProvider>();
                var fakeWmiProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
                var fakeDataCollector = mocks.DynamicMock<RegistryObjectCollector>();
                fakeDataCollector.WmiDataProvider = fakeWmiProvider;
                var  registryItemTypeGeneration = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataCollector, WmiDataProvider = fakeWmiProvider };

                Expect.Call(fakeConnection.Connect<RegistryConnectionProvider>(null, null)).IgnoreArguments().Repeat.Any().Return(fakeProvider);
                Expect.Call(fakeDataCollector.CollectDataForSystemItem(fakeItem)).IgnoreArguments().Repeat.Any().Return(fakeCollectedItems);
                Expect.Call(fakeDataCollector.GetValues(null)).IgnoreArguments().Repeat.Any().Return(fakeValues);
                Expect.Call(fakeSystemInformation.GetSystemInformationFrom(null)).IgnoreArguments().Return(SystemInformationFactory.GetExpectedSystemInformation());
            mocks.ReplayAll();

            return new RegistryProber() { ConnectionManager = fakeConnection, ObjectCollector = fakeDataCollector, ItemTypeGenerator = registryItemTypeGeneration};
        }
Example #7
0
        private registry_item GetFakeRegistryItem(string key, string name, eValueTypes dataType, string dataValue)
        {
            string hive = Enum.GetName(typeof(eHiveNames), eHiveNames.HKEY_LOCAL_MACHINE);
            string keyCollectedSuccessfully = "The Key, which fullPath is '{0}\\{1}\\{2}', was collected sucessfully.";

            registry_item registryItem = new registry_item();
            registryItem.hive = new EntityItemRegistryHiveType() { Value = hive };
            registryItem.key = new EntityItemStringType() { Value = key };
            registryItem.name = new EntityItemStringType() { Value = name };
            registryItem.type = new EntityItemRegistryTypeType() { Value = RegistryHelper.GetValueTypeAsString(dataType) };
            registryItem.value = new EntityItemAnySimpleType[] { new EntityItemAnySimpleType() { Value = dataValue } };

            registryItem.status = StatusEnumeration.exists;
            registryItem.message = MessageType.FromString(string.Format(keyCollectedSuccessfully, hive, key, name));

            return registryItem;
        }
Example #8
0
 public void Should_not_possible_to_add_a_item_type_if_it_already_exists_in_the_collected_object()
 {
     oval_system_characteristics systemCharacteristics = new LoadOvalDocument().GetFakeOvalSystemCharacteristics("system_characteristics_with_local_variable.xml");
     CollectedObject collectedObject = new CollectedObject("oval:org.mitre.oval:obj:1000");
     ItemType registryItem1 = new registry_item() { status = StatusEnumeration.exists, id = "1" };
     ItemType registryItem2 = systemCharacteristics.GetSystemDataByReferenceId("2");
 }
Example #9
0
        public void Should_be_possible_to_update_status_of_an_objectType_to_error_based_on_in_systemData()
        {
            CollectedObject collectObject = new CollectedObject("oval:org.mitre.oval:obj:6000");
            ItemType registryItem1 = new registry_item() { status = StatusEnumeration.exists, id = "1" };
            ItemType registryItem2 = new registry_item() { status = StatusEnumeration.doesnotexist, id = "2" };
            ItemType registryItem3 = new registry_item() { status = StatusEnumeration.error, id = "3" };
            collectObject.AddItemToSystemData(registryItem1);
            collectObject.AddItemToSystemData(registryItem2);
            collectObject.AddItemToSystemData(registryItem3);

            collectObject.UpdateCollectedObjectStatus();

            Assert.AreEqual(FlagEnumeration.error, collectObject.ObjectType.flag);
        }