public void Should_be_possible_to_generate_FileItems_from_FileObject_with_FilePathEntity_defined_with_reference_to_variable() { #region Oval File Object // <file_object id="oval:modulo:obj:50010" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows"> // <filepath var_ref="oval:modulo:var:50010"></filepath> // </file_object> // <constant_variable id="oval:modulo:var:50010" datatype="string" version="1" comment="..."> // <value>c:\windows\system32\vgadriver.dll</value> // </constant_variable> #endregion // Arrange string fakeVariableValue = @"c:\windows\system32\vgadriver.dll"; var fileObj50010 = (file_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_REGEX_ON_VALUE, OBJ_50010_ID); var vars = VariableHelper.CreateVariableWithOneValue(OBJ_50010_ID, "oval:modulo:var:50010", fakeVariableValue); var fileItemsGenerator = new FileItemTypeGenerator() { SystemDataSource = WindowsTestHelper.GetDataSourceFakewithoutRegex() }; // Act IList <ItemType> itemsToCollect = fileItemsGenerator.GetItemsToCollect(fileObj50010, vars).ToList(); // Assert Assert.IsNotNull(itemsToCollect, "The generated items cannot be null."); Assert.AreEqual(1, itemsToCollect.Count, "The number of generated items is not expected."); this.AssertGeneratedFileItem(itemsToCollect[0], fakeVariableValue, null, null); }
public void Should_be_possible_to_generate_itemTypes_from_objectTypes() { var ovalObject = WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_WITH_LOCAL_VARIABLE, OBJ_MITRE_3000_ID); var fakeDataSource = WindowsTestHelper.GetDataSourceFakewithoutRegex(); var wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess(); var fakeRegistryKeyPath = new List <string>() { @"Software\Microsoft\Windows NT\CurrentVersion" }; var variable = new VariableValue(ovalObject.id, VAR_MITRE_3000_ID, fakeRegistryKeyPath); var variables = new VariablesEvaluated(new List <VariableValue>() { variable }); RegistryItemTypeGenerator itemGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider }; IEnumerable <ItemType> itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, variables); Assert.AreEqual(1, itemsToCollect.Count(), "the quantity of items is not expected"); this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), "HKEY_LOCAL_MACHINE", @"Software\Microsoft\Windows NT\CurrentVersion", "CurrentVersion"); }
public void Should_be_possible_to_define_a_not_equals_operation_on_the_keyEntity() { string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString(); string startKey = "SOFTWARE\\Adobe"; var ovalObject = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithLocalVariable.xml", "oval:modulo:obj:6000"); var fakeDataSource = new SystemDataSourceFactory() .GetDataSourceFakeWithSpecificNames(startKey, new string[] { "Acrobat Reader\\9.0\\Installer", "Acrobat Reader\\9.0\\InstallPath", "Acrobat Reader\\Language\\current", "Adobe Air\\FileTypeRegistration", "Adobe Air\\Repair\\9.0\\IOD" }); var wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess(); var itemGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider }; var itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, VariableHelper.CreateEmptyEvaluatedVariables()).Cast <registry_item>(); Assert.AreEqual(2, itemsToCollect.Count()); this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, "SOFTWARE\\Adobe\\Adobe Air\\FileTypeRegistration", "Path"); this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(1), hiveHKLM, "SOFTWARE\\Adobe\\Repair\\9.0\\IOD", "Path"); }
public void Should_be_possible_to_generate_itemTypes_from_objectTypes_with_variables_and_regex() { string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString(); string startKey = "SOFTWARE\\Microsoft\\Windows"; var ovalObject = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithLocalVariable.xml", "oval:modulo:obj:5000"); var fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex(startKey, 1); WmiDataProvider wmiDataProvider = new WmiDataProvider();// new WmiDataProviderFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess(); VariableValue variable = new VariableValue(ovalObject.id, "oval:org.mitre.oval:var:3000", new List <string>() { "CurrentType" }); VariablesEvaluated variables = new VariablesEvaluated(new List <VariableValue>() { variable }); var itemGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider }; var itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, variables).Cast <registry_item>(); Assert.AreEqual(2, itemsToCollect.Count()); this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentBuild", "CurrentType"); this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(1), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "CurrentType"); }
public void Should_be_possible_to_generate_itemTypes_from_objectTypes_with_variables() { string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString(); string key = @"Software\Microsoft\Windows NT\CurrentVersion"; string name = "CurrentType"; var ovalObject = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithLocalVariable.xml", "oval:org.mitre.oval:obj:4000"); BaseObjectCollector fakeDataSource = WindowsTestHelper.GetDataSourceFakewithoutRegex(); WmiDataProvider wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess(); VariableValue variable = new VariableValue(ovalObject.id, "oval:org.mitre.oval:var:4000", new List <string>() { key }); VariablesEvaluated variables = new VariablesEvaluated(new List <VariableValue>() { variable }); var itemGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider }; var itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, variables); Assert.IsTrue(itemsToCollect.Count() == 1, "the quantity of items is not expected"); this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, key, name); }
public void Should_be_possible_to_generate_FileItems_from_FileEffectiveRightsObject() { // Arrange var obj = (fileeffectiverights_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_SIMPLE, OBJ_SIMPLE_7); var itemTypeGenerator = new FileEffectiveRightsItemTypeGenerator(); // Act IList <ItemType> generatedItems = itemTypeGenerator.GetItemsToCollect(obj, null).ToList(); // Assert Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect cannot be null."); Assert.AreEqual(1, generatedItems.Count, "Unexpected items count was found."); this.AssertGeneratedFileEffectiveRightsItem(generatedItems[0], null, @"c:\temp", "file1.txt", @"mss\lfernandes"); }
public void Should_be_possible_to_generate_itemTypes_from_objectType_with_PatternMatchOperation_on_key_and_name_entities_at_same_time() { var objectType = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithOnlyObjects.xml", "oval:modulo:obj:12345"); var fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex("", 2); var fakeWmiDataProvider = new WmiDataProvider();// new WmiDataProviderFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess(); var itemTypeGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = fakeWmiDataProvider }; var generatedItems = itemTypeGenerator.GetItemsToCollect(objectType, VariableHelper.CreateEmptyEvaluatedVariables()); Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect method cannot be null."); Assert.AreEqual(4, generatedItems.Count(), "Unexpected generated items type count"); }
public void Should_be_possible_generate_SIDItems_from_with_PatternMatch_operation_on_TrusteeNameEntity() { // Pattern .*\fernandes // Arrange var fakeTrusteeNames = new string[] { "XPTO\\fernandess", @"MSS\lfernandes", @"LOCAL\lfernandes", @"lfernandes", "MSS\\admin" }; var sidObject = (sid_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_SIMPLE, "oval:modulo:obj:12"); var itemGenerator = this.GetMockecSidItemTypeGenerator(sidObject.id, fakeTrusteeNames); // Act var generatedItems = itemGenerator.GetItemsToCollect(sidObject, null); // Assert Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect cannot be null."); Assert.AreEqual(3, generatedItems.Count(), "Unexpected items count was found."); this.AssertGeneratedSidItem(generatedItems.ElementAt(0), @"MSS\lfernandes"); this.AssertGeneratedSidItem(generatedItems.ElementAt(1), @"LOCAL\lfernandes"); this.AssertGeneratedSidItem(generatedItems.ElementAt(2), @"lfernandes"); }
public void Should_possible_to_collect_directory_passing_nil_filename() { var fileObject = (file_object)WindowsTestHelper.GetObjectFromDefinitions("definitionsSimple.xml", "oval:com.modulo.IIS6:obj:6877401"); var fakeFileProvider = CreateFileProviderToAlwaysReturnThatTheFileExists(); var fakeEvaluatedVars = VariableHelper.CreateVariableWithOneValue(fileObject.id, "oval:com.modulo.IIS6:var:687741", @"c:\System32\Inetsrv\Iisadmpwd"); var fileItemTypeGenerator = new FileItemTypeGenerator() { FileProvider = fakeFileProvider }; var itemsToCollect = fileItemTypeGenerator.GetItemsToCollect(fileObject, fakeEvaluatedVars).ToList(); ItemTypeChecker.DoBasicAssertForItems(itemsToCollect, 1, typeof(file_item)); var fileItem = (file_item)itemsToCollect.Single(); ItemTypeEntityChecker.AssertItemTypeEntity(fileItem.path, @"c:\System32\Inetsrv\Iisadmpwd", "path"); ItemTypeEntityChecker.AssertItemTypeEntity(fileItem.filename, string.Empty, "filename"); }
public void Should_be_possible_to_generate_file_items_from_object_types() { // Arrange var fileObject = (file_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_REGEX_ON_VALUE, OBJ_50004_ID); var fakeFileProvider = CreateFileProviderToAlwaysReturnThatTheFileExists(); var fileItemTypeGenerator = new FileItemTypeGenerator() { FileProvider = fakeFileProvider }; // Act var itemsToCollect = fileItemTypeGenerator.GetItemsToCollect(fileObject, null).ToList(); // Assert Assert.IsNotNull(itemsToCollect, "The return of GetItemsToCollect cannot be null."); Assert.AreEqual(1, itemsToCollect.Count, "The number of items to collect is unexpected."); this.AssertGeneratedFileItem(itemsToCollect[0], null, "c:\\windows", "foo.exe"); }
public void Should_be_possible_to_generate_SIDItems_from_SIDObject() { #region SID OBJECT //<sid_object id="oval:modulo:obj:8" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows"> // <trustee_name>Administrator</trustee_name> //</sid_object> #endregion // Arrange var sidObject = (sid_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_SIMPLE, OBJ_SIMPLE_8); SIDItemTypeGenerator itemTypeGenerator = new SIDItemTypeGenerator(); // Act IList <ItemType> generatedItems = itemTypeGenerator.GetItemsToCollect(sidObject, null).ToList(); // Assert Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect cannot be null."); Assert.AreEqual(1, generatedItems.Count, "Unexpected items count was found."); Assert.IsInstanceOfType(generatedItems[0], typeof(sid_item), "Unexpected type of generated item found. The correct type is 'sid_item'"); Assert.AreEqual("Administrator", ((sid_item)generatedItems[0]).trustee_name.Value); }
public void Should_be_possible_generate_SID_SIDItems_from_with_PatternMatch_operation_on_TrusteeSIDEntity() { #region SID SID OBJECT //<sid_sid_object id="oval:modulo:obj:202"> // <trustee_sid operation="pattern match">^S.*-500$</trustee_sid> //</sid_sid_object> #endregion // Arrange string[] fakeTrusteeSIDs = new string[] { "S-1-5", @"S-1-18-500", @"S-1-55-500", "S-1-25-5000" }; var sidObject = (sid_sid_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_SIMPLE, "oval:modulo:obj:202"); SID_SIDItemTypeGenerator itemGenerator = this.GetMockecSid_SidItemTypeGenerator(sidObject.id, fakeTrusteeSIDs); // Act var generatedItems = itemGenerator.GetItemsToCollect(sidObject, null); // Assert Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect cannot be null."); Assert.AreEqual(2, generatedItems.Count(), "Unexpected items count was found."); this.AssertGeneratedSid_SidItem(generatedItems.ElementAt(0), @"S-1-18-500"); this.AssertGeneratedSid_SidItem(generatedItems.ElementAt(1), @"S-1-55-500"); }
public void Should_be_possible_to_generate_SID_SID_Items_from_SID_SIDObject() { #region SID SID OBJECT //<sid_sid_object id="oval:modulo:obj:200"> // <trustee_sid>S-1-5-20</trustee_sid> //</sid_sid_object> #endregion // Arrange var sid_sidObject = (sid_sid_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_SIMPLE, "oval:modulo:obj:200"); SID_SIDItemTypeGenerator itemTypeGenerator = new SID_SIDItemTypeGenerator(); // Act var generatedItems = itemTypeGenerator.GetItemsToCollect(sid_sidObject, null); // Assert Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect cannot be null."); Assert.AreEqual(1, generatedItems.Count(), "Unexpected items count was found."); Assert.IsInstanceOfType(generatedItems.ElementAt(0), typeof(sid_sid_item), "Unexpected type of generated item found. The correct type is 'sid_sid_item'"); Assert.AreEqual("S-1-5-20", ((sid_sid_item)generatedItems.ElementAt(0)).trustee_sid.Value, "A generated sid_sid_item with unexpected sid was found."); Assert.IsNull(((sid_sid_item)generatedItems.ElementAt(0)).trustee_name); }
public void Should_be_possible_to_generate_FileItems_from_FileObject_with_FilePathEntity_defined() { #region Oval File Object // <file_object id="oval:modulo:obj:50008" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows"> // <filepath>c:\windows\foo.exe</filepath> // </file_object> #endregion // Arrange file_object fileObj50008 = (file_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_REGEX_ON_VALUE, OBJ_50008_ID); var fileItemsGenerator = new FileItemTypeGenerator() { SystemDataSource = WindowsTestHelper.GetDataSourceFakewithoutRegex() }; // Act IList <ItemType> itemsToCollect = fileItemsGenerator.GetItemsToCollect(fileObj50008, null).ToList(); Assert.IsNotNull(itemsToCollect, "The generated items cannot be null."); Assert.AreEqual(1, itemsToCollect.Count, "The number of generated items is not expected."); this.AssertGeneratedFileItem(itemsToCollect[0], @"c:\windows\foo.exe", null, null); }
public void Should_be_possible_to_generate_itemTypes_from_objectTypes_with_regex_operation() { string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString(); string startKey = "SOFTWARE\\Microsoft\\Windows"; var obj50003 = WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_REGEX_ON_VALUE, OBJ_50003_ID); BaseObjectCollector fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex(startKey, 2); WmiDataProvider wmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess(); RegistryItemTypeGenerator itemGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider }; var itemsToCollect = itemGenerator.GetItemsToCollect(obj50003, VariableHelper.CreateEmptyEvaluatedVariables()).Cast <registry_item>(); Assert.AreEqual(4, itemsToCollect.Count()); this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentBuild", "CurrentBuild"); this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(1), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentBuild", "LastBuild"); this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(2), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "CurrentBuild"); this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(3), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "LastBuild"); }