public void Should_be_possible_to_generate_itemTypes_from_objectTypes()
{
var ovalObject = WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_WITH_LOCAL_VARIABLE, OBJ_MITRE_3000_ID);
var fakeDataSource = WindowsTestHelper.GetDataSourceFakewithoutRegex();
var wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
var fakeRegistryKeyPath = new List <string>()
{
@"Software\Microsoft\Windows NT\CurrentVersion"
};
var variable = new VariableValue(ovalObject.id, VAR_MITRE_3000_ID, fakeRegistryKeyPath);
var variables = new VariablesEvaluated(new List <VariableValue>()
{
variable
});
RegistryItemTypeGenerator itemGenerator = new RegistryItemTypeGenerator()
{
SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider
};
IEnumerable <ItemType> itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, variables);
Assert.AreEqual(1, itemsToCollect.Count(), "the quantity of items is not expected");
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), "HKEY_LOCAL_MACHINE", @"Software\Microsoft\Windows NT\CurrentVersion", "CurrentVersion");
}
private RegistryProber GetMockedRegistryProber(registry_item fakeItem)
{
var fakeValues = new List <String>(new string[] { "FakeValue" });
var fakeCollectedItems = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(fakeItem) };
MockRepository mocks = new MockRepository();
var fakeConnection = mocks.DynamicMock <IConnectionManager>();
var fakeSystemInformation = mocks.DynamicMock <ISystemInformationService>();
var fakeProvider = mocks.DynamicMock <RegistryConnectionProvider>();
var fakeWmiProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
var fakeDataCollector = mocks.DynamicMock <RegistryObjectCollector>();
fakeDataCollector.WmiDataProvider = fakeWmiProvider;
var registryItemTypeGeneration = new RegistryItemTypeGenerator()
{
SystemDataSource = fakeDataCollector, WmiDataProvider = fakeWmiProvider
};
Expect.Call(fakeConnection.Connect <RegistryConnectionProvider>(null, null)).IgnoreArguments().Repeat.Any().Return(fakeProvider);
Expect.Call(fakeDataCollector.CollectDataForSystemItem(fakeItem)).IgnoreArguments().Repeat.Any().Return(fakeCollectedItems);
Expect.Call(fakeDataCollector.GetValues(null)).IgnoreArguments().Repeat.Any().Return(fakeValues);
Expect.Call(fakeSystemInformation.GetSystemInformationFrom(null)).IgnoreArguments().Return(SystemInformationFactory.GetExpectedSystemInformation());
mocks.ReplayAll();
return(new RegistryProber()
{
ConnectionManager = fakeConnection, ObjectCollector = fakeDataCollector, ItemTypeGenerator = registryItemTypeGeneration
});
}
public void Should_be_possible_to_define_a_not_equals_operation_on_the_keyEntity()
{
string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString();
string startKey = "SOFTWARE\\Adobe";
var ovalObject = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithLocalVariable.xml", "oval:modulo:obj:6000");
var fakeDataSource =
new SystemDataSourceFactory()
.GetDataSourceFakeWithSpecificNames(startKey, new string[] { "Acrobat Reader\\9.0\\Installer",
"Acrobat Reader\\9.0\\InstallPath",
"Acrobat Reader\\Language\\current",
"Adobe Air\\FileTypeRegistration",
"Adobe Air\\Repair\\9.0\\IOD" });
var wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
var itemGenerator = new RegistryItemTypeGenerator()
{
SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider
};
var itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, VariableHelper.CreateEmptyEvaluatedVariables()).Cast <registry_item>();
Assert.AreEqual(2, itemsToCollect.Count());
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, "SOFTWARE\\Adobe\\Adobe Air\\FileTypeRegistration", "Path");
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(1), hiveHKLM, "SOFTWARE\\Adobe\\Repair\\9.0\\IOD", "Path");
}
public void Should_be_possible_to_generate_itemTypes_from_objectTypes_with_variables_and_regex()
{
string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString();
string startKey = "SOFTWARE\\Microsoft\\Windows";
var ovalObject = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithLocalVariable.xml", "oval:modulo:obj:5000");
var fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex(startKey, 1);
WmiDataProvider wmiDataProvider = new WmiDataProvider();// new WmiDataProviderFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
VariableValue variable = new VariableValue(ovalObject.id, "oval:org.mitre.oval:var:3000", new List <string>()
{
"CurrentType"
});
VariablesEvaluated variables = new VariablesEvaluated(new List <VariableValue>()
{
variable
});
var itemGenerator = new RegistryItemTypeGenerator()
{
SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider
};
var itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, variables).Cast <registry_item>();
Assert.AreEqual(2, itemsToCollect.Count());
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentBuild", "CurrentType");
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(1), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "CurrentType");
}
public void Should_be_possible_to_generate_itemTypes_from_objectTypes_with_variables()
{
string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString();
string key = @"Software\Microsoft\Windows NT\CurrentVersion";
string name = "CurrentType";
var ovalObject = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithLocalVariable.xml", "oval:org.mitre.oval:obj:4000");
BaseObjectCollector fakeDataSource = WindowsTestHelper.GetDataSourceFakewithoutRegex();
WmiDataProvider wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
VariableValue variable = new VariableValue(ovalObject.id, "oval:org.mitre.oval:var:4000", new List <string>()
{
key
});
VariablesEvaluated variables = new VariablesEvaluated(new List <VariableValue>()
{
variable
});
var itemGenerator = new RegistryItemTypeGenerator()
{
SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider
};
var itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, variables);
Assert.IsTrue(itemsToCollect.Count() == 1, "the quantity of items is not expected");
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, key, name);
}
public void Should_be_possible_to_generate_itemTypes_from_objectType_with_PatternMatchOperation_on_key_and_name_entities_at_same_time()
{
var objectType = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithOnlyObjects.xml", "oval:modulo:obj:12345");
var fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex("", 2);
var fakeWmiDataProvider = new WmiDataProvider();// new WmiDataProviderFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
var itemTypeGenerator = new RegistryItemTypeGenerator()
{
SystemDataSource = fakeDataSource, WmiDataProvider = fakeWmiDataProvider
};
var generatedItems = itemTypeGenerator.GetItemsToCollect(objectType, VariableHelper.CreateEmptyEvaluatedVariables());
Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect method cannot be null.");
Assert.AreEqual(4, generatedItems.Count(), "Unexpected generated items type count");
}
public void Should_be_possible_to_generate_itemTypes_from_objectTypes_with_regex_operation()
{
string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString();
string startKey = "SOFTWARE\\Microsoft\\Windows";
var obj50003 = WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_REGEX_ON_VALUE, OBJ_50003_ID);
BaseObjectCollector fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex(startKey, 2);
WmiDataProvider wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
RegistryItemTypeGenerator itemGenerator = new RegistryItemTypeGenerator()
{
SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider
};
var itemsToCollect = itemGenerator.GetItemsToCollect(obj50003, VariableHelper.CreateEmptyEvaluatedVariables()).Cast <registry_item>();
Assert.AreEqual(4, itemsToCollect.Count());
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentBuild", "CurrentBuild");
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(1), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentBuild", "LastBuild");
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(2), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "CurrentBuild");
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(3), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "LastBuild");
}
