private file_object CreateFileObject(EntityObjectStringType filePath, EntityObjectStringType path, EntityObjectStringType fileName)
{
file_object fileObject = new file_object();
EntityObjectStringType[] items;
file_object_ItemsChoices[] itemChoices;
if (filePath != null)
{
items = new EntityObjectStringType[1];
itemChoices = new file_object_ItemsChoices[1];
items[0] = filePath;
itemChoices[0] = file_object_ItemsChoices.filepath;
}
else
{
items = new EntityObjectStringType[2];
itemChoices = new file_object_ItemsChoices[2];
items[0] = path;
items[1] = fileName;
itemChoices[0] = file_object_ItemsChoices.path;
itemChoices[1] = file_object_ItemsChoices.filename;
}
fileObject.Items = items;
fileObject.FileObjectItemsElementName = itemChoices;
return(fileObject);
}
public void Should_be_possible_to_process_path_entity_that_contains_a_reference_to_a_variable_with_multi_values()
{
string[] var1001Values =
new string[] { "c:\\windows\\system32", "c:\\windows\\system", "c:\\windows\\drivers" };
file_object fileObject1001 = this.GetFileObjectToTest(DEFINITIONS_WITH_CONST_VARIABLE, "1001");
VariablesEvaluated vars = VariableHelper.CreateVariableWithMultiplesValue(fileObject1001.id, VAR_1001_ID, var1001Values);
string filename = this.getFileNameEntityValueFromFileObject(fileObject1001);
FileEntityVariableEvaluator fileVariableEvaluator = new FileEntityVariableEvaluator(vars);
IEnumerable <ObjectType> derivedEntitites = fileVariableEvaluator.ProcessVariables(fileObject1001);
Assert.IsNotNull(derivedEntitites);
Assert.AreEqual(3, derivedEntitites.Count());
file_object fileObject = (file_object)derivedEntitites.ElementAt(0);
Assert.AreEqual("c:\\windows\\system32", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.path)).Value);
Assert.AreEqual("inetcomm.dll", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.filename)).Value);
fileObject = (file_object)derivedEntitites.ElementAt(1);
Assert.AreEqual("c:\\windows\\system", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.path)).Value);
Assert.AreEqual("inetcomm.dll", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.filename)).Value);
fileObject = (file_object)derivedEntitites.ElementAt(2);
Assert.AreEqual("c:\\windows\\drivers", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.path)).Value);
Assert.AreEqual("inetcomm.dll", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.filename)).Value);
}
private file_object GetFileObjectToTest(string definitionsFileName, string objectNumber)
{
string objectID = string.Format(OBJ_ID_PATTERN, objectNumber);
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions(definitionsFileName);
file_object fileObject1001 = (file_object)ProbeHelper.GetOvalComponentByOvalID(definitions, objectID);
Assert.IsNotNull(fileObject1001, "the oval file object not exists in the fakeDefinitions");
return(fileObject1001);
}
public IEnumerable <ObjectType> CreateObjectTypeByCombinationOfEntities(file_object fileObject, IEnumerable <string> filePaths, IEnumerable <string> paths, IEnumerable <string> fileNames)
{
var fileObjects = new List <ObjectType>();
if (fileObject.IsFilePathSet())
{
fileObjects.AddRange(CreateFileObjectWithFilePath(fileObject, filePaths));
}
else
{
fileObjects.AddRange(this.CreateFileObjectWithoutFilePath(fileObject, paths, fileNames));
}
return(fileObjects);
}
public void Should_be_possible_to_process_path_entity_that_contains_a_reference_to_a_variable()
{
file_object fileObject1001 = this.GetFileObjectToTest(DEFINITIONS_WITH_CONST_VARIABLE, "1001");
VariablesEvaluated vars = VariableHelper.CreateVariableWithOneValue(fileObject1001.id, VAR_1001_ID, "c:\\windows\\system32");
FileEntityVariableEvaluator fileVariableEvaluator = new FileEntityVariableEvaluator(vars);
//IEnumerable<string> derivedEntitites = fileVariableEvaluator.ProcessVariableForAllObjectEntities();
IEnumerable <ObjectType> derivedEntities = fileVariableEvaluator.ProcessVariables(fileObject1001);
Assert.IsNotNull(derivedEntities);
file_object fileObject = (file_object)derivedEntities.ElementAt(0);
Assert.AreEqual(1, derivedEntities.Count());
Assert.AreEqual("c:\\windows\\system32", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.path)).Value);
Assert.AreEqual("inetcomm.dll", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.filename)).Value);
}
public void Should_be_possible_to_process_variable_from_fileObject_and_keep_the_operation_info_in_object_type()
{
file_object fileObject1004 = this.GetFileObjectToTest(DEFINITIONS_WITH_CONST_VARIABLE, "1004");
VariablesEvaluated vars = VariableHelper.CreateVariableWithOneValue(fileObject1004.id, VAR_1001_ID, "c:\\windows\\system32");
FileEntityVariableEvaluator fileVariableEvaluator = new FileEntityVariableEvaluator(vars);
IEnumerable <ObjectType> derivedEntities = fileVariableEvaluator.ProcessVariables(fileObject1004);
Assert.IsNotNull(derivedEntities);
file_object fileObject = (file_object)derivedEntities.ElementAt(0);
Assert.AreEqual(1, derivedEntities.Count());
Assert.AreEqual("c:\\windows\\system32", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.path)).Value);
Assert.AreEqual("file.txt", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.filename)).Value);
Assert.AreEqual(OperationEnumeration.notequal, ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.filename)).operation);
}
public void Should_be_possible_to_process_filepath_entity_that_contains_a_reference_to_a_variable_with_multi_values()
{
string[] fakeVariableValues = new string[] { "c:\\temp\\file1.txt", "c:\\temp\\file2.txt" };
file_object fileObject1002 = this.GetFileObjectToTest(DEFINITIONS_WITH_CONST_VARIABLE, "1002");
VariablesEvaluated vars = VariableHelper.CreateVariableWithMultiplesValue(fileObject1002.id, VAR_1002_ID, fakeVariableValues);
FileEntityVariableEvaluator fileVariableEvaluator = new FileEntityVariableEvaluator(vars);
IEnumerable <ObjectType> derivedEntitites = fileVariableEvaluator.ProcessVariables(fileObject1002);
Assert.IsNotNull(derivedEntitites);
Assert.AreEqual(2, derivedEntitites.Count());
file_object fileObject = (file_object)derivedEntitites.ElementAt(0);
Assert.AreEqual("c:\\temp\\file1.txt", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.filepath)).Value);
fileObject = (file_object)derivedEntitites.ElementAt(1);
Assert.AreEqual("c:\\temp\\file2.txt", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.filepath)).Value);
}
public void Should_be_possible_to_generate_FileItems_from_FileObject_with_FilePathEntity_defined()
{
#region Oval File Object
// <file_object id="oval:modulo:obj:50008" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
// <filepath>c:\windows\foo.exe</filepath>
// </file_object>
#endregion
// Arrange
file_object fileObj50008 = (file_object)WindowsTestHelper.GetObjectFromDefinitions(DEFINITIONS_REGEX_ON_VALUE, OBJ_50008_ID);
var fileItemsGenerator = new FileItemTypeGenerator()
{
SystemDataSource = WindowsTestHelper.GetDataSourceFakewithoutRegex()
};
// Act
IList <ItemType> itemsToCollect = fileItemsGenerator.GetItemsToCollect(fileObj50008, null).ToList();
Assert.IsNotNull(itemsToCollect, "The generated items cannot be null.");
Assert.AreEqual(1, itemsToCollect.Count, "The number of generated items is not expected.");
this.AssertGeneratedFileItem(itemsToCollect[0], @"c:\windows\foo.exe", null, null);
}
public void Should_be_possible_to_process_fileObject_where_all_entities_have_referenced_multi_values_variables()
{
Dictionary <string, IEnumerable <string> > fakeVariablesValues = new Dictionary <string, IEnumerable <string> >();
fakeVariablesValues.Add(VAR_1001_ID, new string[] { "c:\\tmp", "c:\\temp" });
fakeVariablesValues.Add(VAR_1002_ID, new string[] { "file1.txt", "file2.ext", "file3.exe" });
file_object fileObject1003 = this.GetFileObjectToTest(DEFINITIONS_WITH_CONST_VARIABLE, "1003");
VariablesEvaluated fakeEvaluatedVariables = VariableHelper.CreateEvaluatedVariables(fileObject1003.id, fakeVariablesValues);
FileEntityVariableEvaluator fileVariableEvaluator = new FileEntityVariableEvaluator(fakeEvaluatedVariables);
IEnumerable <ObjectType> derivedEntitites = fileVariableEvaluator.ProcessVariables(fileObject1003);
Assert.IsNotNull(derivedEntitites);
Assert.AreEqual(6, derivedEntitites.Count(), "The number of created entities is not expected.");
file_object fileObject = (file_object)derivedEntitites.ElementAt(0);
Assert.AreEqual(@"c:\tmp", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.path)).Value);
Assert.AreEqual("file1.txt", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.filename)).Value);
fileObject = (file_object)derivedEntitites.ElementAt(1);
Assert.AreEqual(@"c:\tmp", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.path)).Value);
Assert.AreEqual("file2.ext", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.filename)).Value);
fileObject = (file_object)derivedEntitites.ElementAt(2);
Assert.AreEqual(@"c:\tmp", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.path)).Value);
Assert.AreEqual("file3.exe", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.filename)).Value);
fileObject = (file_object)derivedEntitites.ElementAt(3);
Assert.AreEqual(@"c:\temp", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.path)).Value);
Assert.AreEqual("file1.txt", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.filename)).Value);
fileObject = (file_object)derivedEntitites.ElementAt(4);
Assert.AreEqual(@"c:\temp", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.path)).Value);
Assert.AreEqual("file2.ext", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.filename)).Value);
fileObject = (file_object)derivedEntitites.ElementAt(5);
Assert.AreEqual(@"c:\temp", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.path)).Value);
Assert.AreEqual("file3.exe", ((EntityObjectStringType)fileObject.GetItemValue(file_object_ItemsChoices.filename)).Value);
}
private FileItemTypeGenerator GetMockedFileItemTypeGenerator(string fileObjectID, string[] fakeFoundPaths, out file_object fileObject)
{
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions(DEFINITIONS_REGEX_ON_VALUE);
fileObject = (file_object)ProbeHelper.GetOvalComponentByOvalID(definitions, fileObjectID);
List <WmiObject> fakeWmiObjects = new List <WmiObject>();
foreach (var fakePath in fakeFoundPaths)
{
fakeWmiObjects.Add(this.createFakeWmiObject(fakePath, "Application", 100));
}
MockRepository mocks = new MockRepository();
WmiDataProvider fakeWmiProvider = mocks.DynamicMock <WmiDataProvider>();
Expect.Call(fakeWmiProvider.SearchWmiObjects(null, null)).IgnoreArguments().Return(fakeWmiObjects.ToArray());
mocks.ReplayAll();
return(new FileItemTypeGenerator()
{
SystemDataSource = new FileObjectCollector()
{
WmiDataProvider = fakeWmiProvider
}
});
}
private string getFileNameEntityValueFromFileObject(file_object fileObject)
{
Dictionary <String, EntityObjectStringType> allFileEntities = OvalHelper.GetFileEntitiesFromObjectType(fileObject);
return(allFileEntities[file_object_ItemsChoices.filename.ToString()].Value);
}