private RegistryObject GetRegistryObject()
{
registry_object ovalRegistryObject = (registry_object)ProbeHelper.GetOvalComponentByOvalID(definitions, "oval:org.mitre.oval:obj:3000");
RegistryObject registry = RegistryObjectFactory.CreateRegistryObject(ovalRegistryObject);
return(registry);
}
private IEnumerable <ItemType> processOperationInRegistryObject(RegistryObject registryObject)
{
List <string> hives = new List <string>()
{
registryObject.Hive
};
RegistryItemTypeFactory itemTypeFactory = new RegistryItemTypeFactory();
List <ItemType> items = new List <ItemType>();
List <string> keys = new List <string>();
List <string> names = new List <string>();
try
{
var registryNameValue = registryObject.GetValueOfEntity("name");
keys.AddRange(this.processOperationInEntity(registry_object_ItemsChoices.key, registryObject));
var derivedRegistryObjects =
RegistryObjectFactory.CreateRegistryObjectsByCombinationOfEntitiesFrom(hives, keys, new string[] { registryNameValue }, registryObject);
if (registryObject.GetNameOperation() != OperationEnumeration.equals)
{
foreach (var newRegistryObject in derivedRegistryObjects)
{
if (!string.IsNullOrEmpty(registryNameValue))
{
names = this.processOperationInEntity(registry_object_ItemsChoices.name, newRegistryObject).ToList();
items.AddRange(itemTypeFactory.CreateRegistryItemTypesByCombinationOfEntitiesFrom(hives, new string[] { newRegistryObject.Key }, names, registryObject));
}
}
}
else
{
names.AddRange(this.processOperationInEntity(registry_object_ItemsChoices.name, registryObject));
items.AddRange(itemTypeFactory.CreateRegistryItemTypesByCombinationOfEntitiesFrom(hives, keys, names, registryObject));
}
}
catch (RegistryKeyNotFoundException)
{
items = itemTypeFactory.CreateRegistryItemTypesByCombinationOfEntitiesFrom(hives, null, null, registryObject).ToList();
}
catch (RegistryItemNotFoundException)
{
items = new List <ItemType>()
{
itemTypeFactory.CreateRegistryItem("", "", "", StatusEnumeration.doesnotexist)
};
}
catch (Exception ex)
{
registry_item registry = itemTypeFactory.CreateRegistryItem(registryObject.Hive, registryObject.Key, registryObject.Name, StatusEnumeration.error);
registry.message = MessageType.FromErrorString(ex.Message);
items = new List <ItemType>()
{
registry
};
}
return(items);
}
private IEnumerable <RegistryObject> ProcessVariables(RegistryObject registry)
{
var hiveValues = this.ProcessEntityVariables(registry, registry_object_ItemsChoices.hive.ToString()).Distinct();
var keyValues = this.ProcessEntityVariables(registry, registry_object_ItemsChoices.key.ToString()).Distinct();
var nameValues = this.ProcessEntityVariables(registry, registry_object_ItemsChoices.name.ToString()).Distinct();
return(RegistryObjectFactory
.CreateRegistryObjectsByCombinationOfEntitiesFrom(
hiveValues, keyValues, nameValues, registry));
}
public void Should_be_possible_create_a_registryObject_by_the_combination_of_multiples_entities()
{
List <string> hives = new List <string>()
{
"HKEY_LOCAL_MACHINE"
};
List <string> keys = new List <string>()
{
@"Software\Microsoft\Windows", @"Software\Microsoft\Windows NT"
};
List <string> names = new List <string>()
{
"CurrentVersion"
};
IEnumerable <RegistryObject> registryObjects = RegistryObjectFactory.CreateRegistryObjectsByCombinationOfEntitiesFrom(hives, keys, names, this.GetRegistryObject());
Assert.IsTrue(registryObjects.Count() == 2, "the quantity of registryObjects is not expected");
Assert.AreEqual(registryObjects.ElementAt(0).Hive, hives.ElementAt(0), "the hive is not expected");
Assert.AreEqual(registryObjects.ElementAt(0).Key, keys.ElementAt(0), "the key is not expected");
Assert.AreEqual(registryObjects.ElementAt(0).Name, names.ElementAt(0), "the name is not expected");
Assert.AreEqual(registryObjects.ElementAt(1).Hive, hives.ElementAt(0), "the hive is not expected");
Assert.AreEqual(registryObjects.ElementAt(1).Key, keys.ElementAt(1), "the key is not expected");
Assert.AreEqual(registryObjects.ElementAt(1).Name, names.ElementAt(0), "the name is not expected");
hives = new List <string>()
{
"HKEY_LOCAL_MACHINE"
};
keys = new List <string>()
{
@"Software\Microsoft\Windows", @"Software\Microsoft\Windows NT"
};
names = new List <string>()
{
"CurrentVersion", "CurrentBuild"
};
registryObjects = RegistryObjectFactory.CreateRegistryObjectsByCombinationOfEntitiesFrom(hives, keys, names, this.GetRegistryObject());
Assert.IsTrue(registryObjects.Count() == 4, "the quantity of registryObjects is not expected");
Assert.AreEqual(registryObjects.ElementAt(0).Hive, hives.ElementAt(0), "the hive is not expected");
Assert.AreEqual(registryObjects.ElementAt(0).Key, keys.ElementAt(0), "the key is not expected");
Assert.AreEqual(registryObjects.ElementAt(0).Name, names.ElementAt(0), "the name is not expected");
Assert.AreEqual(registryObjects.ElementAt(1).Hive, hives.ElementAt(0), "the hive is not expected");
Assert.AreEqual(registryObjects.ElementAt(1).Key, keys.ElementAt(0), "the key is not expected");
Assert.AreEqual(registryObjects.ElementAt(1).Name, names.ElementAt(1), "the name is not expected");
Assert.AreEqual(registryObjects.ElementAt(2).Hive, hives.ElementAt(0), "the hive is not expected");
Assert.AreEqual(registryObjects.ElementAt(2).Key, keys.ElementAt(1), "the key is not expected");
Assert.AreEqual(registryObjects.ElementAt(2).Name, names.ElementAt(0), "the name is not expected");
Assert.AreEqual(registryObjects.ElementAt(3).Hive, hives.ElementAt(0), "the hive is not expected");
Assert.AreEqual(registryObjects.ElementAt(3).Key, keys.ElementAt(1), "the key is not expected");
Assert.AreEqual(registryObjects.ElementAt(3).Name, names.ElementAt(1), "the name is not expected");
}
public void Should_be_access_variable_information_from_the_registry_object_by_the_registry_wrapper()
{
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions("definitionsWithConstantVariable.xml");
registry_object ovalRegistryObject = (registry_object)ProbeHelper.GetOvalComponentByOvalID(definitions, "oval:org.mitre.oval:obj:3000");
Assert.IsNotNull(ovalRegistryObject, "the oval registry object is not exists in the fakeDefinitions");
RegistryObject registry = RegistryObjectFactory.CreateRegistryObject(ovalRegistryObject);
Assert.AreEqual(registry.Hive, "HKEY_LOCAL_MACHINE", "the hive value is not expected");
Assert.AreEqual(registry.Key, "", "the key value is not expected");
Assert.AreEqual(registry.Name, "CurrentVersion", "the hive value is not expected");
Assert.AreEqual("oval:org.mitre.oval:var:3000", registry.GetVariableId(registry_object_ItemsChoices.key.ToString()), "the variableId from key is not expected");
Assert.AreEqual("", registry.GetVariableId(registry_object_ItemsChoices.name.ToString()), "the variableId from from name is not expected");
}
public void Should_be_access_information_from_the_registry_object_by_the_registry_wrapper()
{
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions("definitionsSimple.xml");
registry_object ovalRegistryObject = (registry_object)ProbeHelper.GetOvalComponentByOvalID(definitions, "oval:org.mitre.oval:obj:4000");
Assert.IsNotNull(ovalRegistryObject, "the oval registry object is not exists in the fakeDefinitions");
RegistryObject registry = RegistryObjectFactory.CreateRegistryObject(ovalRegistryObject);
Assert.AreEqual(registry.Hive, "HKEY_LOCAL_MACHINE", "the hive value is not expected");
Assert.AreEqual(registry.Key, @"Software\Microsoft\Windows NT\CSDBuild", "the key value is not expected");
Assert.AreEqual(registry.Name, "^D.*", "the hive value is not expected");
Assert.AreEqual(OperationEnumeration.patternmatch, registry.GetNameOperation(), "the operation from from name is not expected");
Assert.AreEqual(OperationEnumeration.equals, registry.GetKeyOperation(), "the operation from from key is not expected");
}
public void Should_be_possible_create_a_registryObject_by_the_combination_of_entities()
{
List <string> hives = new List <string>()
{
"HKEY_LOCAL_MACHINE"
};
List <string> keys = new List <string>()
{
@"Software\Microsoft\Windows"
};
List <string> names = new List <string>()
{
"CurrentVersion"
};
IEnumerable <RegistryObject> registryObjects = RegistryObjectFactory.CreateRegistryObjectsByCombinationOfEntitiesFrom(hives, keys, names, this.GetRegistryObject());
Assert.IsTrue(registryObjects.Count() == 1, "the quantity of registryObjects is not expected");
Assert.AreEqual(registryObjects.ElementAt(0).Hive, hives.ElementAt(0), "the hive is not expected");
Assert.AreEqual(registryObjects.ElementAt(0).Key, keys.ElementAt(0), "the key is not expected");
Assert.AreEqual(registryObjects.ElementAt(0).GetVariableId(registry_object_ItemsChoices.key.ToString()), "oval:org.mitre.oval:var:3000", "the variable Id is not expected");
Assert.AreEqual(registryObjects.ElementAt(0).Name, names.ElementAt(0), "the name is not expected");
Assert.AreEqual(registryObjects.ElementAt(0).GetOperationOfEntity(registry_object_ItemsChoices.name.ToString()), OperationEnumeration.equals, "the name operation is not expected");
}
/// <summary>
/// Evaluates all the variables for registry object.
/// One registry_object can create multiples RegistryObjects.
/// This happen because the variable is defined in the RegistryEntity, and a variable can be have multiples values.
/// </summary>
/// <param name="registryObject">The registry object.</param>
/// <returns></returns>
public IEnumerable <RegistryObject> ProcessVariableForRegistryObject(registry_object registryObject)
{
var registry = RegistryObjectFactory.CreateRegistryObject(registryObject);
return(new List <RegistryObject>(this.ProcessVariables(registry)));
}
