registry_item C# (CSharp) 코드 예제들

예제 #1

0

파일 보기

파일: RegistryProbeFactory.cs 프로젝트: yonglehou/modSIC

        private static ItemType CreateRegistryItem(string hiveName, string ovalId, string message, string keyName, string name, string value)
        {
            registry_item registry_item = new registry_item()
            {
                hive = new EntityItemRegistryHiveType()
                {
                    datatype = SimpleDatatypeEnumeration.@string, Value = hiveName
                },
                id      = ovalId,
                message = MessageType.FromString(message),
                key     = new EntityItemStringType()
                {
                    datatype = SimpleDatatypeEnumeration.@string, Value = keyName
                },
                name = new EntityItemStringType()
                {
                    datatype = SimpleDatatypeEnumeration.@string, Value = name
                },
                value = new EntityItemAnySimpleType[1] {
                    new EntityItemAnySimpleType()
                    {
                        datatype = SimpleDatatypeEnumeration.@string, Value = name
                    }
                }
            };

            return(registry_item);
        }

예제 #2

0

파일 보기

        private registry_item GetFakeRegistryItem(string key, string name, eValueTypes dataType, string dataValue)
        {
            string hive = Enum.GetName(typeof(eHiveNames), eHiveNames.HKEY_LOCAL_MACHINE);
            string keyCollectedSuccessfully = "The Key, which fullPath is '{0}\\{1}\\{2}', was collected sucessfully.";

            registry_item registryItem = new registry_item();

            registryItem.hive = new EntityItemRegistryHiveType()
            {
                Value = hive
            };
            registryItem.key = new EntityItemStringType()
            {
                Value = key
            };
            registryItem.name = new EntityItemStringType()
            {
                Value = name
            };
            registryItem.type = new EntityItemRegistryTypeType()
            {
                Value = RegistryHelper.GetValueTypeAsString(dataType)
            };
            registryItem.value = new EntityItemAnySimpleType[] { new EntityItemAnySimpleType()
                                                                 {
                                                                     Value = dataValue
                                                                 } };

            registryItem.status  = StatusEnumeration.exists;
            registryItem.message = MessageType.FromString(string.Format(keyCollectedSuccessfully, hive, key, name));

            return(registryItem);
        }

예제 #3

0

파일 보기

파일: RegistryEntityOperationEvaluator.cs 프로젝트: yonglehou/modSIC

        private IEnumerable <ItemType> processOperationInRegistryObject(RegistryObject registryObject)
        {
            List <string> hives = new List <string>()
            {
                registryObject.Hive
            };
            RegistryItemTypeFactory itemTypeFactory = new RegistryItemTypeFactory();

            List <ItemType> items = new List <ItemType>();
            List <string>   keys  = new List <string>();
            List <string>   names = new List <string>();

            try
            {
                var registryNameValue = registryObject.GetValueOfEntity("name");
                keys.AddRange(this.processOperationInEntity(registry_object_ItemsChoices.key, registryObject));

                var derivedRegistryObjects =
                    RegistryObjectFactory.CreateRegistryObjectsByCombinationOfEntitiesFrom(hives, keys, new string[] { registryNameValue }, registryObject);

                if (registryObject.GetNameOperation() != OperationEnumeration.equals)
                {
                    foreach (var newRegistryObject in derivedRegistryObjects)
                    {
                        if (!string.IsNullOrEmpty(registryNameValue))
                        {
                            names = this.processOperationInEntity(registry_object_ItemsChoices.name, newRegistryObject).ToList();
                            items.AddRange(itemTypeFactory.CreateRegistryItemTypesByCombinationOfEntitiesFrom(hives, new string[] { newRegistryObject.Key }, names, registryObject));
                        }
                    }
                }
                else
                {
                    names.AddRange(this.processOperationInEntity(registry_object_ItemsChoices.name, registryObject));
                    items.AddRange(itemTypeFactory.CreateRegistryItemTypesByCombinationOfEntitiesFrom(hives, keys, names, registryObject));
                }
            }
            catch (RegistryKeyNotFoundException)
            {
                items = itemTypeFactory.CreateRegistryItemTypesByCombinationOfEntitiesFrom(hives, null, null, registryObject).ToList();
            }
            catch (RegistryItemNotFoundException)
            {
                items = new List <ItemType>()
                {
                    itemTypeFactory.CreateRegistryItem("", "", "", StatusEnumeration.doesnotexist)
                };
            }
            catch (Exception ex)
            {
                registry_item registry = itemTypeFactory.CreateRegistryItem(registryObject.Hive, registryObject.Key, registryObject.Name, StatusEnumeration.error);
                registry.message = MessageType.FromErrorString(ex.Message);
                items            = new List <ItemType>()
                {
                    registry
                };
            }

            return(items);
        }

예제 #4

0

파일 보기

파일: RegistryItemTypeFactory.cs 프로젝트: solind/modSIC

        public registry_item CreateRegistryItem(string hive, string key, string name, StatusEnumeration status)
        {
            registry_item newRegistryItem = this.CreateRegistryItem(hive, key, name);

            newRegistryItem.status = status;
            return(newRegistryItem);
        }

예제 #5

0

파일 보기

파일: RegistryItemTypeFactory.cs 프로젝트: solind/modSIC

        private IEnumerable <ItemType> VerifyErrorsInTheListOfRegistryEntities(
            IEnumerable <string> hives, IEnumerable <string> keys, IEnumerable <string> names, RegistryObject registryObjectSource)
        {
            List <ItemType> registryObjects = new List <ItemType>();

            if ((hives == null) || (hives.Count() == 0))
            {
                registry_item registry = this.CreateRegistryItem(registryObjectSource.Hive, "", "", StatusEnumeration.doesnotexist);
                registry.hive.status = StatusEnumeration.doesnotexist;
                registryObjects.Add(registry);
                return(registryObjects);
            }
            if ((keys == null) || (keys.Count() == 0))
            {
                registry_item registry = this.CreateRegistryItem(registryObjectSource.Hive, registryObjectSource.Key, "", StatusEnumeration.doesnotexist);
                registry.key.status = StatusEnumeration.doesnotexist;
                registryObjects.Add(registry);
                return(registryObjects);
            }
            if ((names == null) || (names.Count() == 0))
            {
                registry_item registry = this.CreateRegistryItem(registryObjectSource.Hive, registryObjectSource.Key, registryObjectSource.Name, StatusEnumeration.doesnotexist);
                registry.name.status = StatusEnumeration.doesnotexist;
                registryObjects.Add(registry);
                return(registryObjects);
            }

            return(registryObjects);
        }

예제 #6

0

파일 보기

        public void Should_be_possible_to_create_a_relation_between_objectType_and_systemData_through_of_referenceData()
        {
            CollectedObject collectObject = new CollectedObject("oval:org.mitre.oval:obj:6000");
            ItemType        registryItem1 = new registry_item()
            {
                status = StatusEnumeration.exists, id = "1"
            };
            ItemType registryItem2 = new registry_item()
            {
                status = StatusEnumeration.doesnotexist, id = "2"
            };

            collectObject.AddItemToSystemData(registryItem1);
            collectObject.AddItemToSystemData(registryItem2);

            Assert.AreEqual(2, collectObject.ObjectType.reference.Count(), "the quantity of reference is not expected");
            Assert.AreEqual("1", collectObject.ObjectType.reference[0].item_ref, "the first element of reference not has the id expected");
            Assert.AreEqual("2", collectObject.ObjectType.reference[1].item_ref, "the second element of reference not has the id expected");

            CollectedObject otherCollectedObject = new CollectedObject("oval:org.mitre.oval:obj:6001");
            ItemType        registryItem3        = new registry_item()
            {
                status = StatusEnumeration.exists, id = "3"
            };

            otherCollectedObject.AddItemToSystemData(registryItem3);

            Assert.AreEqual(1, otherCollectedObject.ObjectType.reference.Count(), "the quantity of reference is not expected for the second collectedObject");
            Assert.AreEqual("3", otherCollectedObject.ObjectType.reference[0].item_ref, "the referece id of element is not expected");
        }

예제 #7

0

파일 보기

파일: RegistryObjectCollector.cs 프로젝트: yonglehou/modSIC

        private RegistryItemSystemData collectSystemDataForRegistryItem(registry_item item)
        {
            object dataValue = null;

            var valueTypeID = this.getValueTypeIDFromRegistry(item.hive.Value, item.key.Value, item.name.Value);

            if (valueTypeID == eValueTypes.DWORD_LITTLE_ENDIAN)
            {
                var credentials = TargetInfo.credentials;
                Helpers.WinNetUtils.connectToRemote(TargetInfo.GetRemoteUNC(), credentials.GetUserName(), credentials.GetPassword());
                var address = TargetInfo.GetAddress();
                var hive    = RegistryHelper.GetRegistryHiveFromHiveName(item.hive.Value);
                var key     = item.key.Value;
                var name    = item.name.Value;
                dataValue = Microsoft.Win32.RegistryKey.OpenRemoteBaseKey(hive, address).OpenSubKey(key).GetValue(name);
            }
            else
            {
                var sGetValueMethodName = RegistryHelper.ConvertToGetValueMethodNameFromValueType(valueTypeID);
                var inParameters        = this.getInParametersForGetValueMethod(item.hive.Value, item.key.Value, item.name.Value);
                var getValueResult      = this.WmiDataProvider.InvokeMethod(sGetValueMethodName, inParameters);
                dataValue = this.getCollectedValueFromGetValueMethodResult(getValueResult);
            }

            if (valueTypeID == eValueTypes.STRING)
            {
                dataValue = RemoveInvalidChars(dataValue.ToString());
            }

            return(new RegistryItemSystemData(valueTypeID, dataValue));
        }

예제 #8

0

파일 보기

        private RegistryProber GetMockedRegistryProber(registry_item fakeItem)
        {
            var fakeValues         = new List <String>(new string[] { "FakeValue" });
            var fakeCollectedItems = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(fakeItem) };

            MockRepository mocks                 = new MockRepository();
            var            fakeConnection        = mocks.DynamicMock <IConnectionManager>();
            var            fakeSystemInformation = mocks.DynamicMock <ISystemInformationService>();
            var            fakeProvider          = mocks.DynamicMock <RegistryConnectionProvider>();
            var            fakeWmiProvider       = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
            var            fakeDataCollector     = mocks.DynamicMock <RegistryObjectCollector>();

            fakeDataCollector.WmiDataProvider = fakeWmiProvider;
            var registryItemTypeGeneration = new RegistryItemTypeGenerator()
            {
                SystemDataSource = fakeDataCollector, WmiDataProvider = fakeWmiProvider
            };

            Expect.Call(fakeConnection.Connect <RegistryConnectionProvider>(null, null)).IgnoreArguments().Repeat.Any().Return(fakeProvider);
            Expect.Call(fakeDataCollector.CollectDataForSystemItem(fakeItem)).IgnoreArguments().Repeat.Any().Return(fakeCollectedItems);
            Expect.Call(fakeDataCollector.GetValues(null)).IgnoreArguments().Repeat.Any().Return(fakeValues);
            Expect.Call(fakeSystemInformation.GetSystemInformationFrom(null)).IgnoreArguments().Return(SystemInformationFactory.GetExpectedSystemInformation());
            mocks.ReplayAll();

            return(new RegistryProber()
            {
                ConnectionManager = fakeConnection, ObjectCollector = fakeDataCollector, ItemTypeGenerator = registryItemTypeGeneration
            });
        }

예제 #9

0

파일 보기

파일: RegistryItemTypeGeneratorTest.cs 프로젝트: yonglehou/modSIC

        private void AssertGeneratedRegistryItem(ItemType generatedItem, string expectedHive, string expectedKey, string expectedName)
        {
            Assert.IsInstanceOfType(generatedItem, typeof(registry_item), "The type of generated Registry Item must be 'registry_item'");

            registry_item registryItem = (registry_item)generatedItem;

            Assert.AreEqual(expectedHive, registryItem.hive.Value, "A generated Registry Item with an unexpected 'hive' was found.");
            Assert.AreEqual(expectedKey, registryItem.key.Value, "A generated Registry Item with an unexpected 'key' was found.");
            Assert.AreEqual(expectedName, registryItem.name.Value, "A generated Registry Item with an unexpected 'Name' was found.");
        }

예제 #10

0

파일 보기

 public void Should_not_possible_to_add_a_item_type_if_it_already_exists_in_the_collected_object()
 {
     oval_system_characteristics systemCharacteristics = new LoadOvalDocument().GetFakeOvalSystemCharacteristics("system_characteristics_with_local_variable.xml");
     CollectedObject             collectedObject       = new CollectedObject("oval:org.mitre.oval:obj:1000");
     ItemType registryItem1 = new registry_item()
     {
         status = StatusEnumeration.exists, id = "1"
     };
     ItemType registryItem2 = systemCharacteristics.GetSystemDataByReferenceId("2");
 }

예제 #11

0

파일 보기

파일: RegistryItemTypeFactory.cs 프로젝트: solind/modSIC

        /// <summary>
        /// Creates the registry item types from the list of RegistryObjects.
        /// </summary>
        /// <param name="registryObjects">The registry objects.</param>
        /// <returns></returns>
        public IEnumerable <registry_item> CreateRegistryItemTypesFrom(IEnumerable <RegistryObject> registryObjects)
        {
            List <registry_item> registryItems = new List <registry_item>();

            foreach (RegistryObject registryObject in registryObjects)
            {
                registry_item registryItem = this.CreateRegistryItem(registryObject.Hive, registryObject.Key, registryObject.Name);
                registryItems.Add(registryItem);
            }
            return(registryItems);
        }

예제 #12

0

파일 보기

파일: RegistryItemTypeFactory.cs 프로젝트: solind/modSIC

        public registry_item CreateRegistryItem(string hive, string key, string name)
        {
            registry_item newRegistryItem = new registry_item();

            newRegistryItem.hive = new EntityItemRegistryHiveType()
            {
                Value = hive
            };
            newRegistryItem.key  = this.CreateEntityItemStringType(key);
            newRegistryItem.name = this.CreateEntityItemStringType(name);

            return(newRegistryItem);
        }

예제 #13

0

파일 보기

        public void Should_be_possible_to_execute_a_registry_collect_with_Set_element()
        {
            var fakeDefinitions = ProbeHelper.GetFakeOvalDefinitions("definitionsWithSet.xml");
            var fakeObjects     = fakeDefinitions.objects.OfType <registry_object>().ToArray();
            oval_system_characteristics fakeSystemCharacteristics = new LoadOvalDocument().GetFakeOvalSystemCharacteristics("system_characteristics_with_sets.xml");
            CollectInfo    fakeCollectedInfo = ProbeHelper.CreateFakeCollectInfo(fakeObjects, null, fakeSystemCharacteristics);
            registry_item  fakeRegistryItem  = this.GetFakeRegistryItem(@"Software\Microsoft\Windows NT\CurrentVersion", "CurrentVersion", eValueTypes.STRING, "6.0");
            RegistryProber registryProber    = this.GetMockedRegistryProber(fakeRegistryItem);


            IEnumerable <CollectedObject> result = registryProber.Execute(fakeContext, fakeTarget, fakeCollectedInfo).CollectedObjects;


            Assert.IsNotNull(result, "the result is not expected");
            CollectedObject collectedObject = result.Where <CollectedObject>(obj => obj.ObjectType.id == "oval:org.mitre.oval:obj:6000").SingleOrDefault();

            Assert.IsNotNull(collectedObject, "the element was not found");
            Assert.AreEqual(collectedObject.ObjectType.reference.Count(), 3, "the quantity of object referenced is not expected");
        }

예제 #14

0

파일 보기

        public void Should_be_possible_to_update_status_of_an_objectType_to_doesnotexists_based_on_in_systemData()
        {
            CollectedObject collectObject = new CollectedObject("oval:org.mitre.oval:obj:6000");
            ItemType        registryItem1 = new registry_item()
            {
                status = StatusEnumeration.exists, id = "1"
            };
            ItemType registryItem2 = new registry_item()
            {
                status = StatusEnumeration.doesnotexist, id = "2"
            };

            collectObject.AddItemToSystemData(registryItem1);
            collectObject.AddItemToSystemData(registryItem2);

            collectObject.UpdateCollectedObjectStatus();

            Assert.AreEqual(FlagEnumeration.doesnotexist, collectObject.ObjectType.flag);
        }

예제 #15

0

파일 보기

        public void Should_Be_Possible_To_Execute_A_Default_Registry_Collect()
        {
            // Arrange
            oval_definitions     fakeDefinitions       = ProbeHelper.GetFakeOvalDefinitions("fdcc_xpfirewall_oval.xml");
            CollectInfo          fakeCollectInfo       = ProbeHelper.CreateFakeCollectInfo(fakeDefinitions.objects.OfType <registry_object>().ToArray(), null, null);
            registry_item        fakeItem              = this.GetFakeRegistryItem("Software\\Modulo", "NG", eValueTypes.STRING, "Secret");
            List <registry_item> expectedRegistryItems = new List <registry_item>(new registry_item[] { fakeItem });

            RegistryProber registryProber = this.GetMockedRegistryProber(fakeItem);


            // Act
            IEnumerable <CollectedObject> result = registryProber.Execute(this.fakeContext, this.fakeTarget, fakeCollectInfo).CollectedObjects;

            // Assert
            Assert.AreEqual(46, result.Count());
            this.AssertProbeResultItem(result.ElementAt(0), fakeDefinitions.objects[1].id, null, expectedRegistryItems);
            this.AssertProbeResultItem(result.ElementAt(10), fakeDefinitions.objects[11].id, null, expectedRegistryItems);
            this.AssertProbeResultItem(result.ElementAt(45), fakeDefinitions.objects[46].id, null, expectedRegistryItems);
        }

예제 #16

0

파일 보기

        public void Should_be_possible_to_execute_a_registry_collect_with_variables()
        {
            // Arrange
            string[]         fakeVarValues   = new string[] { @"Software\Microsoft\Windows NT\CurrentVersion" };
            oval_definitions fakeDefinitions = ProbeHelper.GetFakeOvalDefinitions("definitionsWithConstantVariable.xml");
            var fakeObjects = fakeDefinitions.objects.OfType <registry_object>().ToArray();
            VariablesEvaluated variables        = VariableHelper.CreateVariableWithMultiplesValue(OBJ_3000_ID, VAR_3000_ID, fakeVarValues);
            CollectInfo        fakeCollectInfo  = ProbeHelper.CreateFakeCollectInfo(fakeObjects, variables, null);
            registry_item      fakeRegistryItem = this.GetFakeRegistryItem(@"Software\Microsoft\Windows NT\CurrentVersion", "CurrentVersion", eValueTypes.STRING, "6.0");
            RegistryProber     registryProber   = this.GetMockedRegistryProber(fakeRegistryItem);

            // Act
            IEnumerable <CollectedObject> result = registryProber.Execute(fakeContext, fakeTarget, fakeCollectInfo).CollectedObjects;

            // Assert
            Assert.AreEqual(1, result.Count(), "the quantity is not expected");
            this.AssertProbeResultItem(result.ElementAt(0), fakeDefinitions.objects[1].id, fakeVarValues, new List <registry_item>()
            {
                fakeRegistryItem
            });
        }

예제 #17

0

파일 보기

파일: GenericItemTypeComparatorTest.cs 프로젝트: yonglehou/modSIC

        public void Should_be_possible_to_compare_two_windows_itemTypes_when_they_were_created_manually()
        {
            ItemType firstItemType = new registry_item()
            {
                name = new EntityItemStringType()
                {
                    Value = "Modulo"
                }
            };
            ItemType secondItemType = new registry_item()
            {
                name = new EntityItemStringType()
                {
                    Value = "Microsoft"
                }
            };
            var itemTypeComparator = new GenericItemTypeComparator();

            var comparisionResult = itemTypeComparator.IsEquals(firstItemType, secondItemType);

            Assert.IsFalse(comparisionResult, "The compared items are different");
        }

예제 #18

0

파일 보기

        private void AssertProbeResultItem(CollectedObject collectedObject, string objectID, string[] expectedVariables, List <registry_item> expectedItems)
        {
            SystemCharacteristics::ObjectType createdObjectType = collectedObject.ObjectType;
            List <ItemType> createdItemsType = (List <ItemType>)collectedObject.SystemData;

            Assert.AreEqual(objectID, createdObjectType.id);
            if (expectedVariables != null)
            {
                Assert.IsNotNull(createdObjectType.variable_value, "There is no variable values for this collected object");
                Assert.AreEqual(expectedVariables.Count(), createdObjectType.variable_value.Count(), "The number of variable values for this collected object is unexpected.");
                for (int i = 0; i < expectedVariables.Count(); i++)
                {
                    Assert.AreEqual(expectedVariables[i], createdObjectType.variable_value[i].Value, "An unexpected variable value was found.");
                }
            }


            Assert.AreEqual(expectedItems.Count, createdObjectType.reference.Count());
            Assert.AreEqual(expectedItems.Count, createdItemsType.Count);

            for (int i = 0; i < createdItemsType.Count; i++)
            {
                registry_item createdRegistryItem = (registry_item)createdItemsType[i];

                Assert.AreEqual(expectedItems[i].status, createdRegistryItem.status);
                Assert.AreEqual(expectedItems[i].message.First().Value, createdRegistryItem.message.First().Value);

                Assert.AreEqual(expectedItems[i].hive.Value, createdRegistryItem.hive.Value);
                Assert.AreEqual(expectedItems[i].key.Value, createdRegistryItem.key.Value);
                Assert.AreEqual(expectedItems[i].name.Value, createdRegistryItem.name.Value);
                Assert.AreEqual(expectedItems[i].type.Value, createdRegistryItem.type.Value);

                Assert.AreEqual(expectedItems[i].value.Count(), createdRegistryItem.value.Count());
                for (int j = 0; j < expectedItems[i].value.Count(); j++)
                {
                    Assert.AreEqual(expectedItems[i].value[j].Value, createdRegistryItem.value[j].Value);
                }
            }
        }

C# (CSharp) registry_item 예제들