public void Should_be_possible_to_generate_itemTypes_from_objectTypes()
        {
            var ovalObject = WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_WITH_LOCAL_VARIABLE, OBJ_MITRE_3000_ID);
            var fakeDataSource = WindowsTestHelper.GetDataSourceFakewithoutRegex();
            var wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
            var fakeRegistryKeyPath = new List<string>() { @"Software\Microsoft\Windows NT\CurrentVersion" };
            var variable = new VariableValue(ovalObject.id, VAR_MITRE_3000_ID, fakeRegistryKeyPath);
            var variables = new VariablesEvaluated(new List<VariableValue>() { variable });


            RegistryItemTypeGenerator itemGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider };
            IEnumerable<ItemType> itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, variables);


            Assert.AreEqual(1, itemsToCollect.Count(), "the quantity of items is not expected");
            this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), "HKEY_LOCAL_MACHINE", @"Software\Microsoft\Windows NT\CurrentVersion", "CurrentVersion");
        }
        public void Should_be_possible_to_define_a_not_equals_operation_on_the_keyEntity()
        {
            string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString();
            string startKey = "SOFTWARE\\Adobe";
            var ovalObject = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithLocalVariable.xml", "oval:modulo:obj:6000");

            var fakeDataSource =
                new SystemDataSourceFactory()
                    .GetDataSourceFakeWithSpecificNames(startKey, new string[] { "Acrobat Reader\\9.0\\Installer",
                                                                                 "Acrobat Reader\\9.0\\InstallPath",
                                                                                 "Acrobat Reader\\Language\\current",
                                                                                 "Adobe Air\\FileTypeRegistration",
                                                                                 "Adobe Air\\Repair\\9.0\\IOD"});

            var wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
            var itemGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider };
            var itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, VariableHelper.CreateEmptyEvaluatedVariables()).Cast<registry_item>();

            Assert.AreEqual(2, itemsToCollect.Count());
            this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, "SOFTWARE\\Adobe\\Adobe Air\\FileTypeRegistration", "Path");
            this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(1), hiveHKLM, "SOFTWARE\\Adobe\\Repair\\9.0\\IOD", "Path");
        }
        public void Should_be_possible_to_generate_itemTypes_from_objectType_with_PatternMatchOperation_on_key_and_name_entities_at_same_time()
        {
            var objectType = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithOnlyObjects.xml", "oval:modulo:obj:12345");
            var fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex("", 2);
            var fakeWmiDataProvider = new WmiDataProvider();// new WmiDataProviderFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
            var itemTypeGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = fakeWmiDataProvider };

            var generatedItems = itemTypeGenerator.GetItemsToCollect(objectType, VariableHelper.CreateEmptyEvaluatedVariables());

            Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect method cannot be null.");
            Assert.AreEqual(4, generatedItems.Count(), "Unexpected generated items type count");
        }
        public void Should_be_possible_to_generate_itemTypes_from_objectTypes_with_variables_and_regex()
        {
            string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString();
            string startKey = "SOFTWARE\\Microsoft\\Windows";
            var ovalObject = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithLocalVariable.xml", "oval:modulo:obj:5000");

            var fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex(startKey, 1);
            WmiDataProvider wmiDataProvider = new WmiDataProvider();// new WmiDataProviderFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();

            VariableValue variable = new VariableValue(ovalObject.id, "oval:org.mitre.oval:var:3000", new List<string>() { "CurrentType" });
            VariablesEvaluated variables = new VariablesEvaluated(new List<VariableValue>() { variable });

            var itemGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider };
            var itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, variables).Cast<registry_item>();

            Assert.AreEqual(2, itemsToCollect.Count());
            this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentBuild", "CurrentType");
            this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(1), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "CurrentType");
        }
        public void Should_be_possible_to_generate_itemTypes_from_objectTypes_with_variables()
        {
            string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString();
            string key = @"Software\Microsoft\Windows NT\CurrentVersion";
            string name = "CurrentType";
            var ovalObject = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithLocalVariable.xml", "oval:org.mitre.oval:obj:4000");
            BaseObjectCollector fakeDataSource = WindowsTestHelper.GetDataSourceFakewithoutRegex();
            WmiDataProvider wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();

            VariableValue variable = new VariableValue(ovalObject.id, "oval:org.mitre.oval:var:4000", new List<string>() { key });
            VariablesEvaluated variables = new VariablesEvaluated(new List<VariableValue>() { variable });

            var itemGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider };
            var itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, variables);

            Assert.IsTrue(itemsToCollect.Count() == 1, "the quantity of items is not expected");
            this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, key, name);
        }
        public void Should_be_possible_to_generate_itemTypes_from_objectTypes_with_regex_operation()
        {
            string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString();
            string startKey = "SOFTWARE\\Microsoft\\Windows";
            var obj50003 = WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_REGEX_ON_VALUE, OBJ_50003_ID);

            BaseObjectCollector fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex(startKey, 2);
            WmiDataProvider wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();

            RegistryItemTypeGenerator itemGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider };
            var itemsToCollect = itemGenerator.GetItemsToCollect(obj50003, VariableHelper.CreateEmptyEvaluatedVariables()).Cast<registry_item>();

            Assert.AreEqual(4, itemsToCollect.Count());
            this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentBuild", "CurrentBuild");
            this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(1), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentBuild", "LastBuild");
            this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(2), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "CurrentBuild");
            this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(3), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "LastBuild");
        }
Exemple #7
0
        private RegistryProber GetMockedRegistryProber(registry_item fakeItem)
        {
            var fakeValues = new List<String>(new string[] { "FakeValue" });
            var fakeCollectedItems = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(fakeItem) };

            MockRepository mocks = new MockRepository();
                var fakeConnection = mocks.DynamicMock<IConnectionManager>();
                var fakeSystemInformation = mocks.DynamicMock<ISystemInformationService>();
                var fakeProvider = mocks.DynamicMock<RegistryConnectionProvider>();
                var fakeWmiProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
                var fakeDataCollector = mocks.DynamicMock<RegistryObjectCollector>();
                fakeDataCollector.WmiDataProvider = fakeWmiProvider;
                var  registryItemTypeGeneration = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataCollector, WmiDataProvider = fakeWmiProvider };

                Expect.Call(fakeConnection.Connect<RegistryConnectionProvider>(null, null)).IgnoreArguments().Repeat.Any().Return(fakeProvider);
                Expect.Call(fakeDataCollector.CollectDataForSystemItem(fakeItem)).IgnoreArguments().Repeat.Any().Return(fakeCollectedItems);
                Expect.Call(fakeDataCollector.GetValues(null)).IgnoreArguments().Repeat.Any().Return(fakeValues);
                Expect.Call(fakeSystemInformation.GetSystemInformationFrom(null)).IgnoreArguments().Return(SystemInformationFactory.GetExpectedSystemInformation());
            mocks.ReplayAll();

            return new RegistryProber() { ConnectionManager = fakeConnection, ObjectCollector = fakeDataCollector, ItemTypeGenerator = registryItemTypeGeneration};
        }