public void Should_be_to_generate_xmlfilecontent_items_from_an_object_with_referenced_variable_on_xpath_entity()
{
var expectedXpath = @"//bookstore/book/author/text()";
var fakeOvalObject = ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple", "2315");
var fakeEvaluatedVariables = VariableHelper.CreateVariableWithOneValue(fakeOvalObject.id, "oval:modulo:var:2315", expectedXpath);
var mocks = new MockRepository();
var fakeFileProvider = mocks.DynamicMock<IFileProvider>();
var pathOperator = new PathOperatorEvaluator(fakeFileProvider, FamilyEnumeration.windows);
var itemTypeGenerator = new XmlFileContentItemTypeGenerator(pathOperator);
Expect.Call(fakeFileProvider.FileExists(null)).IgnoreArguments().Return(true);
mocks.ReplayAll();
var itemsToCollect = itemTypeGenerator.GetItemsToCollect(fakeOvalObject, fakeEvaluatedVariables).ToArray();
DoBasicAssert(itemsToCollect, 1, typeof(xmlfilecontent_item));
AssertXmlFileItem(itemsToCollect.Single(), @"c:\temp\bools.xml", expectedXpath);
}
public void Should_be_possible_to_execute_a_simple_file_collect_defined_with_one_entity()
{
// Arrange
var objectType = ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple.xml", "oval:modulo:obj:1");
var fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(new Definitions.ObjectType[] { objectType }, null, null);
var fakeWmiObjects = new WmiObject[] { this.createFakeWmiObject() };
var fakeFileItem = this.CreateFakeFileItem("c:\\temp\\file.txt", null, null);
var fileProber = this.CreateMockedFileProber(fakeWmiObjects, new ItemType[] { fakeFileItem }, null);
// Act
var collectedObjects = (List <CollectedObject>)fileProber.Execute(FakeContext, FakeTarget, fakeCollectInfo).CollectedObjects;
// Assert
Assert.IsNotNull(collectedObjects, "The result of file collect cannot be null");
Assert.IsNotNull(collectedObjects.Single(), string.Format("The object '{0}' was not found.", "oval:modulo:obj:1"));
this.AssertCollectedFileItems(collectedObjects.Single(), fakeWmiObjects);
this.AssertFilePathEntityExistence((file_item)collectedObjects.Single().SystemData[0]);
}
public void Should_be_possible_to_generate_xmlfilecontent_items_from_an_object_with_patternMatch_operation_in_the_middle_of_a_windows_path()
{
//<xmlfilecontent_object id="oval:modulo:obj:2321">
// <filepath operation="pattern match">c:\temp\.*\usb\devices.xml</filepath>
// <xpath>//bookstore/book/price/text()</xpath>
//</xmlfilecontent_object>
var fakeFilepaths = new string[] { @"c:\temp\hub1\", @"c:\temp\hub2\", @"c:\temp\hub3\" };
var fakeOvalObject = (xmlfilecontent_object)ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple", "2321");
var xpathObjectEntity = (EntitySimpleBaseType)fakeOvalObject.GetItemValue(xmlfilecontent_ItemsChoices.xpath);
var itemTypeGenerator = this.CreateMockedItemTypeGenerator(fakeFilepaths);
var itemsToCollect = itemTypeGenerator.GetItemsToCollect(fakeOvalObject, null).ToArray();
DoBasicAssert(itemsToCollect, 3, typeof(xmlfilecontent_item));
AssertXmlFileItem(itemsToCollect.ElementAt(0), @"c:\temp\hub1\usb\devices.xml", xpathObjectEntity.Value);
AssertXmlFileItem(itemsToCollect.ElementAt(1), @"c:\temp\hub2\usb\devices.xml", xpathObjectEntity.Value);
AssertXmlFileItem(itemsToCollect.ElementAt(2), @"c:\temp\hub3\usb\devices.xml", xpathObjectEntity.Value);
}
public void Should_be_possible_execute_a_variable_collect()
{
var definitions = new LoadOvalDocument().GetFakeOvalDefinitions("definitionsWithConstantVariable.xml");
var objects = definitions.objects.OfType <variable_object>().ToArray();
var variables = this.CreateVariable("oval:modulo:obj:4000", "oval:modulo:var:1002", new string[] { "c:\\temp" });
var collectInfo = ProbeHelper.CreateFakeCollectInfo(objects, variables, null);
collectInfo.Variables = variables;
var collectedObjects = new VariableProber().Execute(FakeContext, FakeTargetInfo, collectInfo).CollectedObjects;
Assert.AreEqual(1, collectedObjects.Count());
Assert.AreEqual(1, collectedObjects.Single().SystemData.Count);
var collectedItem = (variable_item)collectedObjects.Single().SystemData.First();
Assert.AreEqual(StatusEnumeration.exists, collectedItem.status);
Assert.AreEqual("c:\\temp", collectedItem.value[0].Value);
}
public void Should_be_possible_to_execute_a_collect_for_RegKeyEffectiveRights_with_referenced_variable_on_key_entity()
{
var fakeObjects = new Definitions.ObjectType[] { ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple", "770") };
string fakeVariableValue = @"SOFTWARE\Microsoft\Windows NT\CurrentVersion";
var fakeEvaluatedVariables = VariableHelper.CreateVariableWithOneValue("oval:modulo:obj:770", "oval:modulo:var:770", fakeVariableValue);
var fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(fakeObjects, fakeEvaluatedVariables, null);
var fakeCollectedItems = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(new regkeyeffectiverights_item()) };
var prober = this.GetMockedRegKeyEffectiveRightsProber(fakeCollectedItems, null);
var proberExecutionResult = prober.Execute(FakeContext, FakeTargetInfo, fakeCollectInfo);
this.doBasicProbeResultAssert(proberExecutionResult);
CollectedObject collectedObject = proberExecutionResult.CollectedObjects.Single(obj => obj.ObjectType.id.Equals("oval:modulo:obj:770"));
this.assertCollectedItemsReferences(collectedObject, (IList <ItemType>)collectedObject.SystemData);
Assert.AreEqual(1, collectedObject.SystemData.Count, "Unexpected system data count.");
this.assertCollectedItemStatus(collectedObject.ObjectType.reference.ElementAt(0), collectedObject.SystemData[0]);
}
public void Should_be_possible_to_generate_xmlfilecontent_items_from_an_object_with_patternMatch_operation_in_the_middle_of_a_unix_path()
{
//<xmlfilecontent_object id="oval:modulo:obj:2322">
// <path>/etc/gconf/gconf.xml.mandatory</path>
// <filename operation="pattern match">.*</filename>
// <xpath>/desktop/gnome/volume_manager/automount_media</xpath>
//</xmlfilecontent_object>
var fakeFilepaths = new string[] { @"file1", @"file2" };
var fakeOvalObject = (xmlfilecontent_object)ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple", "2322");
var xpathObjectEntity = (EntitySimpleBaseType)fakeOvalObject.GetItemValue(xmlfilecontent_ItemsChoices.xpath);
var itemTypeGenerator = this.CreateMockedItemTypeGenerator(fakeFilepaths, false);
var itemsToCollect = itemTypeGenerator.GetItemsToCollect(fakeOvalObject, null).ToArray();
DoBasicAssert(itemsToCollect, 2, typeof(xmlfilecontent_item));
AssertXmlFileItem(itemsToCollect.ElementAt(0), @"/etc/gconf/gconf.xml.mandatory/file1", xpathObjectEntity.Value);
AssertXmlFileItem(itemsToCollect.ElementAt(1), @"/etc/gconf/gconf.xml.mandatory/file2", xpathObjectEntity.Value);
}
public void Should_be_possible_to_collect_uname_object()
{
// Arrange
var prober = new UnameProber();
var probeBehaviorCreator = new ProberBehaviorCreator();
var fakeCollectInfo = base.GetFakeCollectInfo("9", "definitions_all_unix");
probeBehaviorCreator.CreateBehaviorForNormalFlowExecution(
prober,
new ItemType[] { new uname_item() },
new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(new uname_item()) });
// Act
var probeResult = prober.Execute(base.FakeContext, base.FakeTargetInfo, fakeCollectInfo);
// Assert
DoAssertForSingleCollectedObject(probeResult, typeof(uname_item));
}
public void Should_be_possible_to_generate_textfilecontentItems_from_textfilecontentObject_with_referenced_variables_with_multiple_values_in_all_entities()
{
var objectType = (textfilecontent54_object)ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple", "oval:modulo:obj:960");
var fakeVariables = this.CreateFakeEvaluateVariablesForAllEntities(objectType.id);
var itemTypeGenerator = CreateItemTypeGeneratorWithMockedBehavior(new string[] { "does not care" }, true);
var generatedItems = itemTypeGenerator.GetItemsToCollect(objectType, fakeVariables).ToArray();
ItemTypeChecker.DoBasicAssertForItems(generatedItems, 8, typeof(textfilecontent_item));
AssertGeneratedTextFileContentItem(generatedItems.ElementAt(0), @"c:\windows\boot.ini", "^Services.*", "1");
AssertGeneratedTextFileContentItem(generatedItems.ElementAt(1), @"c:\windows\boot.ini", "^Application.*", "1");
AssertGeneratedTextFileContentItem(generatedItems.ElementAt(2), @"c:\windows\win.ini", "^Services.*", "1");
AssertGeneratedTextFileContentItem(generatedItems.ElementAt(3), @"c:\windows\win.ini", "^Application.*", "1");
AssertGeneratedTextFileContentItem(generatedItems.ElementAt(4), @"c:\windows NT\boot.ini", "^Services.*", "1");
AssertGeneratedTextFileContentItem(generatedItems.ElementAt(5), @"c:\windows NT\boot.ini", "^Application.*", "1");
AssertGeneratedTextFileContentItem(generatedItems.ElementAt(6), @"c:\windows NT\win.ini", "^Services.*", "1");
AssertGeneratedTextFileContentItem(generatedItems.ElementAt(7), @"c:\windows NT\win.ini", "^Application.*", "1");
}
public void Should_be_possible_to_generate_items_to_collect_from_an_file_object_with_pattern_match_operation_in_path_entity()
{
//<file_object id="oval:gov.irs.rhel5:obj:33">
// <path operation="pattern match">/lib/modules/.*/kernel/drivers/usb/storage</path>
// <filename>usb-storage.ko</filename>
//</file_object>
var expectedFilepath1 = "lib/modules/2.6.18-128.1.10.el5.xs5.5.0.51xen/kernel/drivers/usb/storage";
var expectedFilepath2 = "lib/modules/2.6.18-128.el5/kernel/drivers/usb/storage";
var fileObject = ProbeHelper.GetDefinitionObjectTypeByID("definitions_all_unix", "oval:gov.irs.rhel5:obj:33");
var fileItemTypeGenerator = CreateFileItemTypeGeneratorWithMockedBehaviorToProcessPatternMatchOperation();
var itemsToCollect = fileItemTypeGenerator.GetItemsToCollect(fileObject, null).ToArray();
ItemTypeChecker.DoBasicAssertForItems(itemsToCollect, 2, TypeOfUnixFileItem);
AssertFileItem(new ItemType[] { itemsToCollect[0] }, expectedFilepath1, string.Empty, true);
AssertFileItem(new ItemType[] { itemsToCollect[1] }, expectedFilepath2, string.Empty, true);
}
public void Should_be_possible_to_evaluate_multiple_variables_for_textfilecontent_which_was_definied_with_path_and_filename_entities()
{
var objectType = ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple", OBJECT_TYPE_930);
var fakeVariableValues = new Dictionary <String, IEnumerable <String> >();
fakeVariableValues.Add("oval:modulo:var:911", new string[] { "c:\\windows", "c:\\windows NT" });
fakeVariableValues.Add("oval:modulo:var:914", new string[] { "boot.ini", "win.ini" });
var fakeVariables = VariableHelper.CreateEvaluatedVariables(OBJECT_TYPE_930, fakeVariableValues);
TextFileContentVariableEvaluator variableEvaluator = new TextFileContentVariableEvaluator(fakeVariables);
var evaluationVariableResult = variableEvaluator.ProcessVariablesForTypeFilePathEntities(objectType);
this.DoBasicAssert(evaluationVariableResult, 4);
Assert.AreEqual(@"c:\windows\boot.ini", evaluationVariableResult.ElementAt(0), "Unexpected variable value was found after variables evaluation.");
Assert.AreEqual(@"c:\windows\win.ini", evaluationVariableResult.ElementAt(1), "Unexpected variable value was found after variables evaluation.");
Assert.AreEqual(@"c:\windows NT\boot.ini", evaluationVariableResult.ElementAt(2), "Unexpected variable value was found after variables evaluation.");
Assert.AreEqual(@"c:\windows NT\win.ini", evaluationVariableResult.ElementAt(3), "Unexpected variable value was found after variables evaluation.");
}
public void Should_be_possible_to_create_items_to_collect_only_for_users_that_have_DACL_on_registry_key()
{
//<regkeyeffectiverights53_object id="oval:modulo:obj:832">
// <hive>HKEY_LOCAL_MACHINE</hive>
// <key>SOFTWARE\Modulo\modSIC</key>
// <trustee_sid operation="pattern match">.*</trustee_sid>
//</regkeyeffectiverights53_object>
var fakeObject = ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple", "832");
var itemTypeGenerator = CreateMockedItemTypeGeneratorToReturnOnlySomeDACLs();
var generatedItems = itemTypeGenerator.GetItemsToCollect(fakeObject, VariableHelper.CreateEmptyEvaluatedVariables());
ItemTypeChecker.DoBasicAssertForItems(generatedItems.ToArray(), 3, typeof(regkeyeffectiverights_item));
AssertGeneratedRegKeyEffectiveRightsItem(generatedItems.ElementAt(0), DEFAULT_REG_HIVE, DEFAULT_REG_KEY, "S-1-2");
AssertGeneratedRegKeyEffectiveRightsItem(generatedItems.ElementAt(1), DEFAULT_REG_HIVE, DEFAULT_REG_KEY, "S-1-3");
AssertGeneratedRegKeyEffectiveRightsItem(generatedItems.ElementAt(2), DEFAULT_REG_HIVE, DEFAULT_REG_KEY, "S-1-4");
}
public void Should_be_possible_to_create_new_object_type_keeping_the_behavior_entity_from_source_object()
{
var objectType = ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple", "920");
var filepaths = new string[] { @"c:\windows\win.ini" };
var patterns = new string[] { "VERSION.*" };
var instances = new string[] { "1" };
var createdFileObjects =
new TextFileContentObjectFactory()
.CreateFileObjects((textfilecontent54_object)objectType, filepaths, null, null, patterns, instances);
Assert.IsNotNull(createdFileObjects, "The file objects were not created.");
Assert.AreEqual(1, createdFileObjects.Count());
var textFileObject = (textfilecontent54_object)createdFileObjects.Single();
var multiLineBehavior = (Textfilecontent54Behaviors)((textfilecontent54_object)textFileObject).Items.OfType <Textfilecontent54Behaviors>().Single();
Assert.IsFalse(multiLineBehavior.multiline);
Assert.IsFalse(textFileObject.IsMultiline(), "Unexpected behavior value was found.");
}
public void Should_be_possible_to_collect_a_user_object_with_set()
{
var fakeUserObjectGuest = new UserObjectFactory().NewObject("Guest");
var fakeUserObjectAdmin = new UserObjectFactory().NewObject("admin");
var fakeUserObjectWithSet = new UserObjectFactory().NewObjectWithSet(fakeUserObjectGuest, fakeUserObjectAdmin);
var fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(new Definitions.ObjectType[] { fakeUserObjectWithSet });
var prober = new UserProber();
ProberBehaviorCreator
.CreateBehaviorForNormalFlowExecution(
prober,
new ItemType[] { new user_item() },
new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(new user_item()) });
var probeResult = prober.Execute(FakeContext, FakeTargetInfo, fakeCollectInfo);
Assert.IsNotNull(probeResult, "The result of probe execution cannot be null.");
Assert.AreEqual(0, probeResult.CollectedObjects.Count(), "No items are expected");
}
private RegKeyEffectiveRightsObjectCollector CreateObjectCollectorWithBehavior()
{
MockRepository mocks = new MockRepository();
var fakeWmiDataProvider = mocks.DynamicMock <WmiDataProvider>();
var fakeACLProvider = AccessControlListProvider.CreateInstance();
Expect.Call(fakeACLProvider.GetRegistryKeyEffectiveRights(null, 0, null, null))
.IgnoreArguments()
.Return(KEY_CREATE_LINK_PERMISSION);
mocks.ReplayAll();
return(new RegKeyEffectiveRightsObjectCollector()
{
TargetInfo = ProbeHelper.CreateFakeTarget(),
WmiDataProvider = fakeWmiDataProvider,
AccessControlListProvider = fakeACLProvider
});
}
public void Should_be_possible_to_collect_file_object_for_unix_systems()
{
var fakeFileItemsToReturn = new ItemType[] { new unix.file_item()
{
filepath = OvalHelper.CreateItemEntityWithStringValue("/home/usr/readme")
} };
var fakeCollectedItemsToReturn = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(CreateFileItem()) };
var unixFileProber = new FileProber();
ProberBehaviorCreator
.CreateBehaviorForNormalFlowExecution(
unixFileProber,
fakeFileItemsToReturn,
fakeCollectedItemsToReturn);
var result = unixFileProber.Execute(FakeContext, FakeTargetInfo, GetFakeCollectInfo("oval:modulo:obj:2", "definitions_all_unix"));
DoAssertForSingleCollectedObject(result, typeof(unix.file_item));
}
public void Should_be_possible_to_execute_a_registry_collect_with_Set_element()
{
var fakeDefinitions = ProbeHelper.GetFakeOvalDefinitions("definitionsWithSet.xml");
var fakeObjects = fakeDefinitions.objects.OfType <registry_object>().ToArray();
oval_system_characteristics fakeSystemCharacteristics = new LoadOvalDocument().GetFakeOvalSystemCharacteristics("system_characteristics_with_sets.xml");
CollectInfo fakeCollectedInfo = ProbeHelper.CreateFakeCollectInfo(fakeObjects, null, fakeSystemCharacteristics);
registry_item fakeRegistryItem = this.GetFakeRegistryItem(@"Software\Microsoft\Windows NT\CurrentVersion", "CurrentVersion", eValueTypes.STRING, "6.0");
RegistryProber registryProber = this.GetMockedRegistryProber(fakeRegistryItem);
IEnumerable <CollectedObject> result = registryProber.Execute(fakeContext, fakeTarget, fakeCollectedInfo).CollectedObjects;
Assert.IsNotNull(result, "the result is not expected");
CollectedObject collectedObject = result.Where <CollectedObject>(obj => obj.ObjectType.id == "oval:org.mitre.oval:obj:6000").SingleOrDefault();
Assert.IsNotNull(collectedObject, "the element was not found");
Assert.AreEqual(collectedObject.ObjectType.reference.Count(), 3, "the quantity of object referenced is not expected");
}
public void Should_be_possible_to_create_items_to_collected_from_RegKeyEffectiveRighstObject_with_referenced_variables_on_key_and_trusteeSID_entities()
{
var expectedKey = @"SOFTWARE\Microsoft\Windows NT\CurrentVersion";
var sourceObjectType = ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple", "771");
var fakeVarValues = new Dictionary <String, IEnumerable <String> >();
fakeVarValues.Add("oval:modulo:var:201", new string[] { @"S-1-5-18", @"S-1-5-20" });
fakeVarValues.Add("oval:modulo:var:770", new string[] { expectedKey });
var fakeVariables = VariableHelper.CreateEvaluatedVariables(sourceObjectType.id, fakeVarValues);
var generatedItems =
CreateRegKeyEffectiveRightsItemTypeGeneratorWithoutBehavior()
.GetItemsToCollect(sourceObjectType, fakeVariables);
ItemTypeChecker.DoBasicAssertForItems(generatedItems.ToArray(), 2, typeof(regkeyeffectiverights_item), StatusEnumeration.notcollected);
this.AssertGeneratedRegKeyEffectiveRightsItem(generatedItems.ElementAt(0), "HKEY_LOCAL_MACHINE", expectedKey, "S-1-5-18");
this.AssertGeneratedRegKeyEffectiveRightsItem(generatedItems.ElementAt(1), "HKEY_LOCAL_MACHINE", expectedKey, "S-1-5-20");
}
public void Should_be_possible_to_generate_SIDItems_from_SIDObject_with_referenced_variable()
{
// Arrange
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions(DEFINITIONS_SIMPLE);
sid_object sidObject10 = (sid_object)definitions.objects.Where(obj => obj.id.Equals("oval:modulo:obj:11")).Single();
VariableType variable10 = definitions.variables.Where(var => var.id.Equals("oval:modulo:var:10")).Single();
string variable10Value = ((VariablesTypeVariableConstant_variable)variable10).value.First().Value;
VariablesEvaluated fakeVariables = VariableHelper.CreateVariableWithOneValue(sidObject10.id, variable10.id, variable10Value);
SIDItemTypeGenerator itemGenerator = new SIDItemTypeGenerator();
// Act
IList <ItemType> generatedItems = itemGenerator.GetItemsToCollect(sidObject10, fakeVariables).ToList();
Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect cannot be null.");
Assert.AreEqual(1, generatedItems.Count, "Unexpected items count was found.");
Assert.IsInstanceOfType(generatedItems[0], typeof(sid_item), "Unexpected type of generated item found. The correct type is 'sid_item'");
Assert.AreEqual(variable10Value, ((sid_item)generatedItems[0]).trustee_name.Value);
}
public FileEffectiveRightsItemTypeGeneratorTests()
{
var ovalDefinitions = ProbeHelper.GetFakeOvalDefinitions("definitionsSimple");
this.FileEffectiveRightsObjectSamples = ovalDefinitions.objects.OfType <fileeffectiverights53_object>();
this.ItemTypeGenerator = new FileEffectiveRights53ItemTypeGenerator(null, null);
this.ObjectFactory = new FileEffectiveRights53ObjectFactory();
this.FakeVariables = new Dictionary <string, IEnumerable <string> >();
FakeVariables.Add("oval:modsic.test:var:1", new string[] { "c:\\windows\\odbc.ini" });
FakeVariables.Add("oval:modsic.test:var:2", new string[] { "c:\\windows" });
FakeVariables.Add("oval:modsic.test:var:3", new string[] { "odbc.ini" });
FakeVariables.Add("oval:modsic.test:var:4", new string[] { "S-1-1-0" });
this.FakeMultiVariables = new Dictionary <string, IEnumerable <string> >();
FakeMultiVariables.Add("oval:modsic.test:var:1", new string[] { "c:\\windows", "c:\\windows NT" });
FakeMultiVariables.Add("oval:modsic.test:var:2", new string[] { "odbc.ini" });
FakeMultiVariables.Add("oval:modsic.test:var:3", new string[] { "S-1-0", "S-1-1" });
}
public void Should_not_be_possible_generate_smf_items_from_an_object_with_pattern_match_operation_on_service_name_entity()
{
var smfObject = ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple", "2900");
var fakeVariables = CreateFakeEvaluatedVariablesWithMultiValues("oval:modulo:obj:2900");
var generatedItems = new SMFItemTypeGenerator().GetItemsToCollect(smfObject, fakeVariables).ToArray();
ItemTypeChecker.DoBasicAssertForItems(generatedItems, 1, typeof(smf_item), StatusEnumeration.error);
var generatedSmfItem = (smf_item)generatedItems.Single();
Assert.AreEqual(StatusEnumeration.error, generatedSmfItem.status, "The expected status is 'error'.");
var fmriEntity = generatedSmfItem.fmri;
Assert.IsNotNull(fmriEntity);
Assert.AreEqual(StatusEnumeration.error, fmriEntity.status);
Assert.IsNotNull(generatedSmfItem.message);
Assert.AreEqual(MessageLevelEnumeration.error, generatedSmfItem.message.First().level);
Assert.AreEqual("The 'patternmatch' operation is not supported for this entity.", generatedSmfItem.message.First().Value);
}
public void The_result_of_item_generation_should_be_a_list_with_items_already_collected()
{
#region
//<textfilecontent54_object id="oval:modulo:obj:920">
// <filepath>c:\windows\win.ini</filepath>
// <pattern>VERSION.*</pattern>
// <instance datatype="int">1</instance>
//</textfilecontent54_object>
#endregion
var fakeFileLines = new string[] { "VERSION=10.1" };
var sourceObjectType = (textfilecontent54_object)ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple", "920");
var itemTypeGenerator = CreateItemTypeGeneratorWithMockedBehavior(fakeFileLines, false);
var result = itemTypeGenerator.GetItemsToCollect(sourceObjectType, null).ToArray();
ItemTypeChecker.DoBasicAssertForItems(result, 1, typeof(textfilecontent_item));
AssertGeneratedTextFileContentItem(result.Single(), @"c:\windows\win.ini", "VERSION.*", "1");
ItemTypeEntityChecker.AssertItemTypeEntity(((textfilecontent_item)result.Single()).text, "VERSION=10.1");
}
public void Should_be_possible_to_generate_metabase_items_from_an_object_with_greaterthanorequal_operation_in_id_entity()
{
var fakeOvalMetabaseObject = (metabase_object)ProbeHelper.GetOvalComponentByOvalID(FakeOvalDefinitions, "6008");
var itemsToCollect = CreateMetabaseItemTypeGeneratorWithBehaviorInID(new string[] { "1001", "1002", "1003", "1004" })
.GetItemsToCollect(fakeOvalMetabaseObject, null);
Assert.AreEqual(3, itemsToCollect.Count(), "Unexpected amount of items to collect.");
var firstItem = (metabase_item)itemsToCollect.ElementAt(0);
var secondItem = (metabase_item)itemsToCollect.ElementAt(1);
var thirdItem = (metabase_item)itemsToCollect.ElementAt(2);
AssertMetabaseEntity(firstItem.key, "/");
AssertMetabaseEntity(firstItem.id1, "1002");
AssertMetabaseEntity(secondItem.key, "/");
AssertMetabaseEntity(secondItem.id1, "1003");
AssertMetabaseEntity(thirdItem.key, "/");
AssertMetabaseEntity(thirdItem.id1, "1004");
}
public void Should_be_possible_to_process_a_RegKeyEffectiveRightsObject_with_set_operation()
{
var definitions = ProbeHelper.GetFakeOvalDefinitions("definitionsSimple.xml");
var fakeObjects = this.GetFakeObjectsFromDefinitions(definitions, new string[] { "750", "751", "760" });
var fakeSysCharac = ProbeHelper.GetOvalSystemCharacteristicsFromFile("system_characteristics_with_sets.xml");
var fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(fakeObjects, null, fakeSysCharac);
var fakeCollectedItems = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(new regkeyeffectiverights_item()) };
var prober = this.GetMockedRegKeyEffectiveRightsProber(fakeCollectedItems, null);
ProbeResult proberExecutionResult = prober.Execute(FakeContext, FakeTargetInfo, fakeCollectInfo);
this.doBasicProbeResultAssert(proberExecutionResult);
Assert.AreEqual(3, proberExecutionResult.CollectedObjects.Count(), "Unexpected collected objects count.");
var collectedObjFromObjectWithSet = proberExecutionResult.CollectedObjects.SingleOrDefault(obj => obj.ObjectType.id.Equals("oval:modulo:obj:760"));
Assert.IsNotNull(collectedObjFromObjectWithSet, "There are no collected objects generated from object type with set.");
var referencedItems = collectedObjFromObjectWithSet.ObjectType.reference;
Assert.AreEqual(2, referencedItems.Count(), "Unexpected collected object references count.");
Assert.AreEqual("761", referencedItems.ElementAt(0).item_ref, "Unexpected referenced item was found on collected object.");
Assert.AreEqual("762", referencedItems.ElementAt(1).item_ref, "Unexpected referenced item was found on collected object.");
var generatedItemFromObjectTypeWithSet = collectedObjFromObjectWithSet.SystemData;
Assert.IsNotNull(generatedItemFromObjectTypeWithSet, "No item type was found in collected object system data.");
Assert.AreEqual(2, generatedItemFromObjectTypeWithSet.Count, "Unexpected system data count.");
var firstRegKeyEffectiveRightsItem = (regkeyeffectiverights_item)generatedItemFromObjectTypeWithSet[0];
Assert.AreEqual("761", firstRegKeyEffectiveRightsItem.id, "Unexpected id for a item was found.");
Assert.AreEqual(@"SOFTWARE\Modulo\RiskManager", firstRegKeyEffectiveRightsItem.key.Value, "Unexpected entity item type value was found.");
Assert.AreEqual("0", firstRegKeyEffectiveRightsItem.key_enumerate_sub_keys.Value, "Unexpected entity item type value was found.");
var secondRegKeyEffectiveRightsItem = (regkeyeffectiverights_item)generatedItemFromObjectTypeWithSet[1];
Assert.AreEqual("762", secondRegKeyEffectiveRightsItem.id, "Unexpected id for a item was found.");
Assert.AreEqual(@"SOFTWARE\Modulo\RiskManagerNG", secondRegKeyEffectiveRightsItem.key.Value, "Unexpected entity item type value was found.");
Assert.AreEqual("1", secondRegKeyEffectiveRightsItem.key_enumerate_sub_keys.Value, "Unexpected entity item type value was found.");
}
public void Should_Be_Possible_To_Execute_A_Default_Registry_Collect()
{
// Arrange
oval_definitions fakeDefinitions = ProbeHelper.GetFakeOvalDefinitions("fdcc_xpfirewall_oval.xml");
CollectInfo fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(fakeDefinitions.objects.OfType <registry_object>().ToArray(), null, null);
registry_item fakeItem = this.GetFakeRegistryItem("Software\\Modulo", "NG", eValueTypes.STRING, "Secret");
List <registry_item> expectedRegistryItems = new List <registry_item>(new registry_item[] { fakeItem });
RegistryProber registryProber = this.GetMockedRegistryProber(fakeItem);
// Act
IEnumerable <CollectedObject> result = registryProber.Execute(this.fakeContext, this.fakeTarget, fakeCollectInfo).CollectedObjects;
// Assert
Assert.AreEqual(46, result.Count());
this.AssertProbeResultItem(result.ElementAt(0), fakeDefinitions.objects[1].id, null, expectedRegistryItems);
this.AssertProbeResultItem(result.ElementAt(10), fakeDefinitions.objects[11].id, null, expectedRegistryItems);
this.AssertProbeResultItem(result.ElementAt(45), fakeDefinitions.objects[46].id, null, expectedRegistryItems);
}
public TextFileContentProberTest()
{
FakeItemsToReturnByItemTypeGenerator =
new ItemType[]
{
CreateFakeTextFileContentItem(null, FAKE_PATH, FAKE_FILENAME, FAKE_PATTERN, FAKE_INSTANCE)
};
FakeColletedItems =
new CollectedItem[]
{
ProbeHelper.CreateFakeCollectedItem(FakeItemsToReturnByItemTypeGenerator.First())
};
var textFileContent54ObjectsSample = ProbeHelper.GetFakeOvalDefinitions("definitionsSimple").objects.OfType <textfilecontent54_object>();
this.TextFileContent54ObjectsWithoutBehaviors = textFileContent54ObjectsSample.First();
this.TextFileContent54ObjectWithMultilineBehavior = textFileContent54ObjectsSample.Single(obj => obj.id.Equals("oval:modulo:obj:910"));
this.TextFileContent54ObjectWithoutMultilineBehavior = textFileContent54ObjectsSample.Single(obj => obj.id.Equals("oval:modulo:obj:920"));
}
public void Should_be_possible_to_collect_family_for_unix_based_systems()
{
var familyObject = ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple", "oval:org.mitre.oval:obj:1000");
var fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(new Definitions.ObjectType[] { familyObject }, null, null);
var prober = this.GetMockedFamilyProberForUnix(null);
var probeResult = prober.Execute(FakeContext, FakeTargetInfo, fakeCollectInfo);
Assert.IsNotNull(probeResult);
Assert.AreEqual(1, probeResult.CollectedObjects.Count());
var collectedItems = probeResult.CollectedObjects.Single().SystemData;
Assert.AreEqual(1, collectedItems.Count);
var familyItem = (family_item)collectedItems.Single();
Assert.AreEqual(familyItem.status, StatusEnumeration.exists);
Assert.AreEqual(familyItem.family.Value, FAKE_FAMILY);
}
public void Should_be_possible_to_evaluate_variable_for_all_entities_at_same_time()
{
var sourceObject = ProbeHelper.GetOvalComponentByOvalID(this.Definitions, ConstantHelper.OBJECT_ID_1050);
var variablesAndValues = this.CreateVariableAndValuesDictionary(sourceObject.id);
var evaluatedVariables = VariableHelper.CreateEvaluatedVariables(sourceObject.id, variablesAndValues);
var variableEvaluator = new FileEffectiveRights53EntityVariableEvaluator(evaluatedVariables);
var evaluationResult = variableEvaluator.ProcessVariables(sourceObject);
DoBasicAssertForVariableProcessing(evaluationResult, 1, typeof(fileeffectiverights53_object));
var pathVariableValue = this.GetVariableValue(variablesAndValues.ElementAt(0).Key);
AssertObjectEntity(evaluationResult.First(), ConstantHelper.PathEntityName, pathVariableValue);
var filenameVariableValue = this.GetVariableValue(variablesAndValues.ElementAt(1).Key);
AssertObjectEntity(evaluationResult.First(), ConstantHelper.FilenameEntityName, filenameVariableValue);
var trusteeSIDVariableValue = this.GetVariableValue(variablesAndValues.ElementAt(2).Key);
AssertObjectEntity(evaluationResult.First(), ConstantHelper.TrusteeSIDEntityName, trusteeSIDVariableValue);
AssertCorrectnessOfFileEntities((fileeffectiverights53_object)evaluationResult.First());
}
public void Should_Be_Possible_To_Extract_From_OVAL_Definitions_Objects_That_Not_Contains_A_Test_Or_DefinitionAssociated()
{
oval_definitions fakeDefinitions = ProbeHelper.GetFakeOvalDefinitions("definitionsWithOnlyObjects.xml");
Assert.IsNotNull(fakeDefinitions.objects);
Assert.AreEqual(6, fakeDefinitions.objects.Count());
Assert.IsNotNull(fakeDefinitions.objects.SingleOrDefault(obj => obj.id.Equals("oval:gov.nist.fdcc.xpfirewall:obj:50000")));
registry_object obj50001 = (registry_object)fakeDefinitions.objects.SingleOrDefault(obj => obj.id.Equals("oval:gov.nist.fdcc.xpfirewall:obj:50001"));
Assert.IsNotNull(obj50001);
string foundHiveName = ((EntityObjectRegistryHiveType)obj50001.Items[0]).Value;
string foundKeyName = ((EntityObjectStringType)obj50001.Items[1]).Value;
EntityObjectStringType foundValueEntity = (EntityObjectStringType)obj50001.Items[2];
Assert.AreEqual("HKEY_LOCAL_MACHINE", foundHiveName);
Assert.AreEqual("SOFTWARE\\Microsoft\\Windows\\CurrentVersion", foundKeyName);
Assert.AreEqual(OperationEnumeration.patternmatch, foundValueEntity.operation);
Assert.AreEqual(".*Build$", foundValueEntity.Value);
}
public void Should_be_possible_to_execute_a_registry_collect_with_variables()
{
// Arrange
string[] fakeVarValues = new string[] { @"Software\Microsoft\Windows NT\CurrentVersion" };
oval_definitions fakeDefinitions = ProbeHelper.GetFakeOvalDefinitions("definitionsWithConstantVariable.xml");
var fakeObjects = fakeDefinitions.objects.OfType <registry_object>().ToArray();
VariablesEvaluated variables = VariableHelper.CreateVariableWithMultiplesValue(OBJ_3000_ID, VAR_3000_ID, fakeVarValues);
CollectInfo fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(fakeObjects, variables, null);
registry_item fakeRegistryItem = this.GetFakeRegistryItem(@"Software\Microsoft\Windows NT\CurrentVersion", "CurrentVersion", eValueTypes.STRING, "6.0");
RegistryProber registryProber = this.GetMockedRegistryProber(fakeRegistryItem);
// Act
IEnumerable <CollectedObject> result = registryProber.Execute(fakeContext, fakeTarget, fakeCollectInfo).CollectedObjects;
// Assert
Assert.AreEqual(1, result.Count(), "the quantity is not expected");
this.AssertProbeResultItem(result.ElementAt(0), fakeDefinitions.objects[1].id, fakeVarValues, new List <registry_item>()
{
fakeRegistryItem
});
}
public void When_an_error_occurs_while_creating_items_to_collect_the_created_items_must_have_error_status()
{
var fakeTargetInfo = ProbeHelper.CreateFakeTarget();
var fakeContext = ProbeHelper.CreateFakeContext();
var objectType = ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple.xml", "oval:org.mitre.oval:obj:1000");
var fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(new Definitions.ObjectType[] { objectType }, null, null);
var prober = GetMockedFamilyProberForUnix(new Exception("Timeout"));
var probeResult = prober.Execute(fakeContext, fakeTargetInfo, fakeCollectInfo);
Assert.IsNotNull(probeResult);
Assert.AreEqual(1, probeResult.CollectedObjects.Count());
var collectedItems = probeResult.CollectedObjects.Single().SystemData;
Assert.AreEqual(1, collectedItems.Count);
var familyItem = (family_item)collectedItems.Single();
Assert.AreEqual(familyItem.status, StatusEnumeration.error);
Assert.IsNotNull(familyItem.message);
}
