private static ItemType CreateRegistryItem(string hiveName, string ovalId, string message, string keyName, string name, string value)
{
registry_item registry_item = new registry_item()
{
hive = new EntityItemRegistryHiveType()
{
datatype = SimpleDatatypeEnumeration.@string, Value = hiveName
},
id = ovalId,
message = MessageType.FromString(message),
key = new EntityItemStringType()
{
datatype = SimpleDatatypeEnumeration.@string, Value = keyName
},
name = new EntityItemStringType()
{
datatype = SimpleDatatypeEnumeration.@string, Value = name
},
value = new EntityItemAnySimpleType[1] {
new EntityItemAnySimpleType()
{
datatype = SimpleDatatypeEnumeration.@string, Value = name
}
}
};
return(registry_item);
}
private registry_item GetFakeRegistryItem(string key, string name, eValueTypes dataType, string dataValue)
{
string hive = Enum.GetName(typeof(eHiveNames), eHiveNames.HKEY_LOCAL_MACHINE);
string keyCollectedSuccessfully = "The Key, which fullPath is '{0}\\{1}\\{2}', was collected sucessfully.";
registry_item registryItem = new registry_item();
registryItem.hive = new EntityItemRegistryHiveType()
{
Value = hive
};
registryItem.key = new EntityItemStringType()
{
Value = key
};
registryItem.name = new EntityItemStringType()
{
Value = name
};
registryItem.type = new EntityItemRegistryTypeType()
{
Value = RegistryHelper.GetValueTypeAsString(dataType)
};
registryItem.value = new EntityItemAnySimpleType[] { new EntityItemAnySimpleType()
{
Value = dataValue
} };
registryItem.status = StatusEnumeration.exists;
registryItem.message = MessageType.FromString(string.Format(keyCollectedSuccessfully, hive, key, name));
return(registryItem);
}
private IEnumerable <ItemType> processOperationInRegistryObject(RegistryObject registryObject)
{
List <string> hives = new List <string>()
{
registryObject.Hive
};
RegistryItemTypeFactory itemTypeFactory = new RegistryItemTypeFactory();
List <ItemType> items = new List <ItemType>();
List <string> keys = new List <string>();
List <string> names = new List <string>();
try
{
var registryNameValue = registryObject.GetValueOfEntity("name");
keys.AddRange(this.processOperationInEntity(registry_object_ItemsChoices.key, registryObject));
var derivedRegistryObjects =
RegistryObjectFactory.CreateRegistryObjectsByCombinationOfEntitiesFrom(hives, keys, new string[] { registryNameValue }, registryObject);
if (registryObject.GetNameOperation() != OperationEnumeration.equals)
{
foreach (var newRegistryObject in derivedRegistryObjects)
{
if (!string.IsNullOrEmpty(registryNameValue))
{
names = this.processOperationInEntity(registry_object_ItemsChoices.name, newRegistryObject).ToList();
items.AddRange(itemTypeFactory.CreateRegistryItemTypesByCombinationOfEntitiesFrom(hives, new string[] { newRegistryObject.Key }, names, registryObject));
}
}
}
else
{
names.AddRange(this.processOperationInEntity(registry_object_ItemsChoices.name, registryObject));
items.AddRange(itemTypeFactory.CreateRegistryItemTypesByCombinationOfEntitiesFrom(hives, keys, names, registryObject));
}
}
catch (RegistryKeyNotFoundException)
{
items = itemTypeFactory.CreateRegistryItemTypesByCombinationOfEntitiesFrom(hives, null, null, registryObject).ToList();
}
catch (RegistryItemNotFoundException)
{
items = new List <ItemType>()
{
itemTypeFactory.CreateRegistryItem("", "", "", StatusEnumeration.doesnotexist)
};
}
catch (Exception ex)
{
registry_item registry = itemTypeFactory.CreateRegistryItem(registryObject.Hive, registryObject.Key, registryObject.Name, StatusEnumeration.error);
registry.message = MessageType.FromErrorString(ex.Message);
items = new List <ItemType>()
{
registry
};
}
return(items);
}
public registry_item CreateRegistryItem(string hive, string key, string name, StatusEnumeration status)
{
registry_item newRegistryItem = this.CreateRegistryItem(hive, key, name);
newRegistryItem.status = status;
return(newRegistryItem);
}
private IEnumerable <ItemType> VerifyErrorsInTheListOfRegistryEntities(
IEnumerable <string> hives, IEnumerable <string> keys, IEnumerable <string> names, RegistryObject registryObjectSource)
{
List <ItemType> registryObjects = new List <ItemType>();
if ((hives == null) || (hives.Count() == 0))
{
registry_item registry = this.CreateRegistryItem(registryObjectSource.Hive, "", "", StatusEnumeration.doesnotexist);
registry.hive.status = StatusEnumeration.doesnotexist;
registryObjects.Add(registry);
return(registryObjects);
}
if ((keys == null) || (keys.Count() == 0))
{
registry_item registry = this.CreateRegistryItem(registryObjectSource.Hive, registryObjectSource.Key, "", StatusEnumeration.doesnotexist);
registry.key.status = StatusEnumeration.doesnotexist;
registryObjects.Add(registry);
return(registryObjects);
}
if ((names == null) || (names.Count() == 0))
{
registry_item registry = this.CreateRegistryItem(registryObjectSource.Hive, registryObjectSource.Key, registryObjectSource.Name, StatusEnumeration.doesnotexist);
registry.name.status = StatusEnumeration.doesnotexist;
registryObjects.Add(registry);
return(registryObjects);
}
return(registryObjects);
}
public void Should_be_possible_to_create_a_relation_between_objectType_and_systemData_through_of_referenceData()
{
CollectedObject collectObject = new CollectedObject("oval:org.mitre.oval:obj:6000");
ItemType registryItem1 = new registry_item()
{
status = StatusEnumeration.exists, id = "1"
};
ItemType registryItem2 = new registry_item()
{
status = StatusEnumeration.doesnotexist, id = "2"
};
collectObject.AddItemToSystemData(registryItem1);
collectObject.AddItemToSystemData(registryItem2);
Assert.AreEqual(2, collectObject.ObjectType.reference.Count(), "the quantity of reference is not expected");
Assert.AreEqual("1", collectObject.ObjectType.reference[0].item_ref, "the first element of reference not has the id expected");
Assert.AreEqual("2", collectObject.ObjectType.reference[1].item_ref, "the second element of reference not has the id expected");
CollectedObject otherCollectedObject = new CollectedObject("oval:org.mitre.oval:obj:6001");
ItemType registryItem3 = new registry_item()
{
status = StatusEnumeration.exists, id = "3"
};
otherCollectedObject.AddItemToSystemData(registryItem3);
Assert.AreEqual(1, otherCollectedObject.ObjectType.reference.Count(), "the quantity of reference is not expected for the second collectedObject");
Assert.AreEqual("3", otherCollectedObject.ObjectType.reference[0].item_ref, "the referece id of element is not expected");
}
private RegistryItemSystemData collectSystemDataForRegistryItem(registry_item item)
{
object dataValue = null;
var valueTypeID = this.getValueTypeIDFromRegistry(item.hive.Value, item.key.Value, item.name.Value);
if (valueTypeID == eValueTypes.DWORD_LITTLE_ENDIAN)
{
var credentials = TargetInfo.credentials;
Helpers.WinNetUtils.connectToRemote(TargetInfo.GetRemoteUNC(), credentials.GetUserName(), credentials.GetPassword());
var address = TargetInfo.GetAddress();
var hive = RegistryHelper.GetRegistryHiveFromHiveName(item.hive.Value);
var key = item.key.Value;
var name = item.name.Value;
dataValue = Microsoft.Win32.RegistryKey.OpenRemoteBaseKey(hive, address).OpenSubKey(key).GetValue(name);
}
else
{
var sGetValueMethodName = RegistryHelper.ConvertToGetValueMethodNameFromValueType(valueTypeID);
var inParameters = this.getInParametersForGetValueMethod(item.hive.Value, item.key.Value, item.name.Value);
var getValueResult = this.WmiDataProvider.InvokeMethod(sGetValueMethodName, inParameters);
dataValue = this.getCollectedValueFromGetValueMethodResult(getValueResult);
}
if (valueTypeID == eValueTypes.STRING)
{
dataValue = RemoveInvalidChars(dataValue.ToString());
}
return(new RegistryItemSystemData(valueTypeID, dataValue));
}
private RegistryProber GetMockedRegistryProber(registry_item fakeItem)
{
var fakeValues = new List <String>(new string[] { "FakeValue" });
var fakeCollectedItems = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(fakeItem) };
MockRepository mocks = new MockRepository();
var fakeConnection = mocks.DynamicMock <IConnectionManager>();
var fakeSystemInformation = mocks.DynamicMock <ISystemInformationService>();
var fakeProvider = mocks.DynamicMock <RegistryConnectionProvider>();
var fakeWmiProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
var fakeDataCollector = mocks.DynamicMock <RegistryObjectCollector>();
fakeDataCollector.WmiDataProvider = fakeWmiProvider;
var registryItemTypeGeneration = new RegistryItemTypeGenerator()
{
SystemDataSource = fakeDataCollector, WmiDataProvider = fakeWmiProvider
};
Expect.Call(fakeConnection.Connect <RegistryConnectionProvider>(null, null)).IgnoreArguments().Repeat.Any().Return(fakeProvider);
Expect.Call(fakeDataCollector.CollectDataForSystemItem(fakeItem)).IgnoreArguments().Repeat.Any().Return(fakeCollectedItems);
Expect.Call(fakeDataCollector.GetValues(null)).IgnoreArguments().Repeat.Any().Return(fakeValues);
Expect.Call(fakeSystemInformation.GetSystemInformationFrom(null)).IgnoreArguments().Return(SystemInformationFactory.GetExpectedSystemInformation());
mocks.ReplayAll();
return(new RegistryProber()
{
ConnectionManager = fakeConnection, ObjectCollector = fakeDataCollector, ItemTypeGenerator = registryItemTypeGeneration
});
}
private void AssertGeneratedRegistryItem(ItemType generatedItem, string expectedHive, string expectedKey, string expectedName)
{
Assert.IsInstanceOfType(generatedItem, typeof(registry_item), "The type of generated Registry Item must be 'registry_item'");
registry_item registryItem = (registry_item)generatedItem;
Assert.AreEqual(expectedHive, registryItem.hive.Value, "A generated Registry Item with an unexpected 'hive' was found.");
Assert.AreEqual(expectedKey, registryItem.key.Value, "A generated Registry Item with an unexpected 'key' was found.");
Assert.AreEqual(expectedName, registryItem.name.Value, "A generated Registry Item with an unexpected 'Name' was found.");
}
public void Should_not_possible_to_add_a_item_type_if_it_already_exists_in_the_collected_object()
{
oval_system_characteristics systemCharacteristics = new LoadOvalDocument().GetFakeOvalSystemCharacteristics("system_characteristics_with_local_variable.xml");
CollectedObject collectedObject = new CollectedObject("oval:org.mitre.oval:obj:1000");
ItemType registryItem1 = new registry_item()
{
status = StatusEnumeration.exists, id = "1"
};
ItemType registryItem2 = systemCharacteristics.GetSystemDataByReferenceId("2");
}
/// <summary>
/// Creates the registry item types from the list of RegistryObjects.
/// </summary>
/// <param name="registryObjects">The registry objects.</param>
/// <returns></returns>
public IEnumerable <registry_item> CreateRegistryItemTypesFrom(IEnumerable <RegistryObject> registryObjects)
{
List <registry_item> registryItems = new List <registry_item>();
foreach (RegistryObject registryObject in registryObjects)
{
registry_item registryItem = this.CreateRegistryItem(registryObject.Hive, registryObject.Key, registryObject.Name);
registryItems.Add(registryItem);
}
return(registryItems);
}
public registry_item CreateRegistryItem(string hive, string key, string name)
{
registry_item newRegistryItem = new registry_item();
newRegistryItem.hive = new EntityItemRegistryHiveType()
{
Value = hive
};
newRegistryItem.key = this.CreateEntityItemStringType(key);
newRegistryItem.name = this.CreateEntityItemStringType(name);
return(newRegistryItem);
}
public void Should_be_possible_to_execute_a_registry_collect_with_Set_element()
{
var fakeDefinitions = ProbeHelper.GetFakeOvalDefinitions("definitionsWithSet.xml");
var fakeObjects = fakeDefinitions.objects.OfType <registry_object>().ToArray();
oval_system_characteristics fakeSystemCharacteristics = new LoadOvalDocument().GetFakeOvalSystemCharacteristics("system_characteristics_with_sets.xml");
CollectInfo fakeCollectedInfo = ProbeHelper.CreateFakeCollectInfo(fakeObjects, null, fakeSystemCharacteristics);
registry_item fakeRegistryItem = this.GetFakeRegistryItem(@"Software\Microsoft\Windows NT\CurrentVersion", "CurrentVersion", eValueTypes.STRING, "6.0");
RegistryProber registryProber = this.GetMockedRegistryProber(fakeRegistryItem);
IEnumerable <CollectedObject> result = registryProber.Execute(fakeContext, fakeTarget, fakeCollectedInfo).CollectedObjects;
Assert.IsNotNull(result, "the result is not expected");
CollectedObject collectedObject = result.Where <CollectedObject>(obj => obj.ObjectType.id == "oval:org.mitre.oval:obj:6000").SingleOrDefault();
Assert.IsNotNull(collectedObject, "the element was not found");
Assert.AreEqual(collectedObject.ObjectType.reference.Count(), 3, "the quantity of object referenced is not expected");
}
public void Should_be_possible_to_update_status_of_an_objectType_to_doesnotexists_based_on_in_systemData()
{
CollectedObject collectObject = new CollectedObject("oval:org.mitre.oval:obj:6000");
ItemType registryItem1 = new registry_item()
{
status = StatusEnumeration.exists, id = "1"
};
ItemType registryItem2 = new registry_item()
{
status = StatusEnumeration.doesnotexist, id = "2"
};
collectObject.AddItemToSystemData(registryItem1);
collectObject.AddItemToSystemData(registryItem2);
collectObject.UpdateCollectedObjectStatus();
Assert.AreEqual(FlagEnumeration.doesnotexist, collectObject.ObjectType.flag);
}
public void Should_Be_Possible_To_Execute_A_Default_Registry_Collect()
{
// Arrange
oval_definitions fakeDefinitions = ProbeHelper.GetFakeOvalDefinitions("fdcc_xpfirewall_oval.xml");
CollectInfo fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(fakeDefinitions.objects.OfType <registry_object>().ToArray(), null, null);
registry_item fakeItem = this.GetFakeRegistryItem("Software\\Modulo", "NG", eValueTypes.STRING, "Secret");
List <registry_item> expectedRegistryItems = new List <registry_item>(new registry_item[] { fakeItem });
RegistryProber registryProber = this.GetMockedRegistryProber(fakeItem);
// Act
IEnumerable <CollectedObject> result = registryProber.Execute(this.fakeContext, this.fakeTarget, fakeCollectInfo).CollectedObjects;
// Assert
Assert.AreEqual(46, result.Count());
this.AssertProbeResultItem(result.ElementAt(0), fakeDefinitions.objects[1].id, null, expectedRegistryItems);
this.AssertProbeResultItem(result.ElementAt(10), fakeDefinitions.objects[11].id, null, expectedRegistryItems);
this.AssertProbeResultItem(result.ElementAt(45), fakeDefinitions.objects[46].id, null, expectedRegistryItems);
}
public void Should_be_possible_to_execute_a_registry_collect_with_variables()
{
// Arrange
string[] fakeVarValues = new string[] { @"Software\Microsoft\Windows NT\CurrentVersion" };
oval_definitions fakeDefinitions = ProbeHelper.GetFakeOvalDefinitions("definitionsWithConstantVariable.xml");
var fakeObjects = fakeDefinitions.objects.OfType <registry_object>().ToArray();
VariablesEvaluated variables = VariableHelper.CreateVariableWithMultiplesValue(OBJ_3000_ID, VAR_3000_ID, fakeVarValues);
CollectInfo fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(fakeObjects, variables, null);
registry_item fakeRegistryItem = this.GetFakeRegistryItem(@"Software\Microsoft\Windows NT\CurrentVersion", "CurrentVersion", eValueTypes.STRING, "6.0");
RegistryProber registryProber = this.GetMockedRegistryProber(fakeRegistryItem);
// Act
IEnumerable <CollectedObject> result = registryProber.Execute(fakeContext, fakeTarget, fakeCollectInfo).CollectedObjects;
// Assert
Assert.AreEqual(1, result.Count(), "the quantity is not expected");
this.AssertProbeResultItem(result.ElementAt(0), fakeDefinitions.objects[1].id, fakeVarValues, new List <registry_item>()
{
fakeRegistryItem
});
}
public void Should_be_possible_to_compare_two_windows_itemTypes_when_they_were_created_manually()
{
ItemType firstItemType = new registry_item()
{
name = new EntityItemStringType()
{
Value = "Modulo"
}
};
ItemType secondItemType = new registry_item()
{
name = new EntityItemStringType()
{
Value = "Microsoft"
}
};
var itemTypeComparator = new GenericItemTypeComparator();
var comparisionResult = itemTypeComparator.IsEquals(firstItemType, secondItemType);
Assert.IsFalse(comparisionResult, "The compared items are different");
}
private void AssertProbeResultItem(CollectedObject collectedObject, string objectID, string[] expectedVariables, List <registry_item> expectedItems)
{
SystemCharacteristics::ObjectType createdObjectType = collectedObject.ObjectType;
List <ItemType> createdItemsType = (List <ItemType>)collectedObject.SystemData;
Assert.AreEqual(objectID, createdObjectType.id);
if (expectedVariables != null)
{
Assert.IsNotNull(createdObjectType.variable_value, "There is no variable values for this collected object");
Assert.AreEqual(expectedVariables.Count(), createdObjectType.variable_value.Count(), "The number of variable values for this collected object is unexpected.");
for (int i = 0; i < expectedVariables.Count(); i++)
{
Assert.AreEqual(expectedVariables[i], createdObjectType.variable_value[i].Value, "An unexpected variable value was found.");
}
}
Assert.AreEqual(expectedItems.Count, createdObjectType.reference.Count());
Assert.AreEqual(expectedItems.Count, createdItemsType.Count);
for (int i = 0; i < createdItemsType.Count; i++)
{
registry_item createdRegistryItem = (registry_item)createdItemsType[i];
Assert.AreEqual(expectedItems[i].status, createdRegistryItem.status);
Assert.AreEqual(expectedItems[i].message.First().Value, createdRegistryItem.message.First().Value);
Assert.AreEqual(expectedItems[i].hive.Value, createdRegistryItem.hive.Value);
Assert.AreEqual(expectedItems[i].key.Value, createdRegistryItem.key.Value);
Assert.AreEqual(expectedItems[i].name.Value, createdRegistryItem.name.Value);
Assert.AreEqual(expectedItems[i].type.Value, createdRegistryItem.type.Value);
Assert.AreEqual(expectedItems[i].value.Count(), createdRegistryItem.value.Count());
for (int j = 0; j < expectedItems[i].value.Count(); j++)
{
Assert.AreEqual(expectedItems[i].value[j].Value, createdRegistryItem.value[j].Value);
}
}
}