protected override void ConfigureObjectCollector()
{
if (base.ObjectCollector == null)
{
var connectionScope = ((FileConnectionProvider)FileConnectionProvider).ConnectionScope;
var newWmiDataProvider = new WmiDataProvider(connectionScope);
var newFileProvider = new WindowsFileProvider(TargetInfo) { WmiDataProvider = newWmiDataProvider };
ObjectCollector = new TextFileContentObjectCollector() { FileContentProvider = newFileProvider, TargetInfo = TargetInfo };
FileDataSource = new FileObjectCollector() { WmiDataProvider = newWmiDataProvider };
}
if (base.ItemTypeGenerator == null)
{
var newFileProvider =
new WindowsFileProvider(this.TargetInfo)
{
WmiDataProvider =
WmiDataProviderFactory
.CreateWmiDataProviderForFileSearching(this.TargetInfo)
};
var newOperationEvaluator =
new TextFileContentEntityOperationEvaluator(ObjectCollector, newFileProvider, FamilyEnumeration.windows);
ItemTypeGenerator = new TextFileContentItemTypeGenerator()
{
OperationEvaluator = newOperationEvaluator
};
}
}
public FileEffectiveRights53ObjectCollector(WmiDataProvider wmiDataProvider)
{
this.WmiProvider = wmiDataProvider;
this.DaclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
this.Cache = new Dictionary<string, IEnumerable<fileeffectiverights_item>>();
this.FlatCache = new Dictionary<string, fileeffectiverights_item>();
}
protected override void ConfigureObjectCollector()
{
if (base.ObjectCollector == null)
{
var newWmiProvider = new WmiDataProvider(((RegKeyEffectiveRights53ConnectionProvider)base.ConnectionProvider).ConnectionScope);
base.ObjectCollector = new RegKeyEffectiveRightsObjectCollector()
{
TargetInfo = this.TargetInfo,
WmiDataProvider = newWmiProvider,
AccessControlListProvider = AccessControlListProvider.CreateInstance()
};
}
if (base.ItemTypeGenerator == null)
base.ItemTypeGenerator =
new RegKeyEffectiveRightsItemTypeGenerator()
{
OperationEvaluator = new RegKeyEffectiveRightsOperationEvaluator()
{
SystemDataSource = base.ObjectCollector
},
ObjectCollector = (RegKeyEffectiveRightsObjectCollector)base.ObjectCollector
};
/* { SystemDataSource = base.ObjectCollector } */;
}
public static FileEffectiveRightsCollector GetInstance(WmiDataProvider wmiDataProvider)
{
WmiDataProvider = wmiDataProvider;
if (Instance == null)
Instance = new FileEffectiveRightsCollector();
return Instance;
}
protected override void ConfigureObjectCollector()
{
if (this.ObjectCollector == null)
{
var wmiProvider = new WmiDataProvider(((FileConnectionProvider)ConnectionProvider).ConnectionScope);
var accountProvider = new WindowsUsersProvider(wmiProvider, this.TargetInfo);
ObjectCollector = new UserObjectCollector(accountProvider);
if (ItemTypeGenerator == null)
ItemTypeGenerator = new UserItemTypeGenerator(accountProvider);
}
}
private void CheckWmiDataProviderInstance()
{
if (this.WmiDataProvider == null)
{
var newConnectionScope = this.CreateConnectedManagementScope();
this.WmiDataProvider = new WmiDataProvider(newConnectionScope);
}
if (this.WindowsSecurityDescriptorDisassembler == null)
this.WindowsSecurityDescriptorDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.SACL);
}
public RegistryEntityOperationEvaluator(BaseObjectCollector systemDataSource, WmiDataProvider wmiDataProvider)
{
this.systemDataSource = systemDataSource;
this.wmiDataProvider = wmiDataProvider;
}
private void ConfigureCollector()
{
this.wmiDataProvider = new WmiDataProvider(this.connectionProvider.ConnectionScope);
this.systemInformationCollector = new WindowsSystemInformationCollector(wmiDataProvider);
}
public void Should_be_possible_to_generate_itemTypes_from_objectType_with_PatternMatchOperation_on_key_and_name_entities_at_same_time()
{
var objectType = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithOnlyObjects.xml", "oval:modulo:obj:12345");
var fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex("", 2);
var fakeWmiDataProvider = new WmiDataProvider();// new WmiDataProviderFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
var itemTypeGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = fakeWmiDataProvider };
var generatedItems = itemTypeGenerator.GetItemsToCollect(objectType, VariableHelper.CreateEmptyEvaluatedVariables());
Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect method cannot be null.");
Assert.AreEqual(4, generatedItems.Count(), "Unexpected generated items type count");
}
public void Should_be_possible_to_generate_itemTypes_from_objectTypes_with_variables_and_regex()
{
string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString();
string startKey = "SOFTWARE\\Microsoft\\Windows";
var ovalObject = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithLocalVariable.xml", "oval:modulo:obj:5000");
var fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex(startKey, 1);
WmiDataProvider wmiDataProvider = new WmiDataProvider();// new WmiDataProviderFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
VariableValue variable = new VariableValue(ovalObject.id, "oval:org.mitre.oval:var:3000", new List<string>() { "CurrentType" });
VariablesEvaluated variables = new VariablesEvaluated(new List<VariableValue>() { variable });
var itemGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider };
var itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, variables).Cast<registry_item>();
Assert.AreEqual(2, itemsToCollect.Count());
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentBuild", "CurrentType");
this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(1), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "CurrentType");
}
private void CreateWmiDataProviderFromWmiItem(wmi_item wmiItem)
{
if (this.WmiDataProvider == null)
{
var wmiNamespace = String.Format(@"{0}\{1}", this.TargetInfo.GetAddress(), [email protected]);
var wmiNamespacePath = new System.Management.ManagementPath(wmiNamespace);
var wmiConnectionOptions = WmiDataProviderFactory.CreateConnectionOptions(this.TargetInfo);
var wmiManagementScope = new System.Management.ManagementScope(wmiNamespacePath, wmiConnectionOptions);
wmiManagementScope.Connect();
this.WmiDataProvider = new WmiDataProvider(wmiManagementScope);
}
}
/// <summary>
/// Creates a list of WinACEs objects from security descriptor management object.
/// </summary>
/// <param name="rootManagementObject">The result of invoked method which returns the Security Descriptor as ManagementBaseObject.</param>
/// <param name="trusteeName">The username formatted such as: "[DOMAIN]\[USERNAME]". For local users use the machine name on [DOMAIN]</param>
/// <returns>Returns a List of WMIWinACE objects.</returns>
public virtual IEnumerable<WMIWinACE> GetSecurityDescriptorsFromManagementObject(object rootManagementObject, string userTrusteeName, WmiDataProvider wmiProvider)
{
ManagementBaseObject[] ACLs = this.getACLFromManagementObject((ManagementBaseObject)rootManagementObject);
var result = new List<WMIWinACE>();
foreach (var acl in ACLs)
{
var aclTrustee = (ManagementBaseObject)acl.Properties["Trustee"].Value;
if (this.DoesACLBelongToUser(aclTrustee, userTrusteeName, wmiProvider))
{
WMIWinACE newWinACE = new WMIWinACE();
newWinACE.AccessMask = this.getPropertyValueAsUnsiggnedInteger(acl, "AccessMask");
newWinACE.AceFlags = this.getPropertyValueAsUnsiggnedInteger(acl, "AceFlags");
newWinACE.AceType = this.getPropertyValueAsUnsiggnedInteger(acl, "AceType");
newWinACE.Trustee = this.getWinTrusteeFromManagementObject(aclTrustee);
newWinACE.CalculateFileAccessRightsFromAccessMask();
result.Add(newWinACE);
}
}
return result;
}
public WindowsFileProvider(TargetInfo targetInfo, WmiDataProvider wmiDataProvider) : this(targetInfo)
{
this.WmiDataProvider = wmiDataProvider;
}
private void CreateItemTypeGeneratorInstance()
{
if (base.ItemTypeGenerator == null)
{
var newWmiDataProvider = new WmiDataProvider(this.WMIConnectionProvider.ConnectionScope);
var newAccountProvider = new WindowsUsersProvider(newWmiDataProvider, this.TargetInfo);
base.ItemTypeGenerator = new AccessTokenItemTypeGenerator(newAccountProvider);
}
}
public WindowsSystemInformationCollectorTest()
{
this.WmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestExecutingQueriesForSystemInfo();
this.FakeTargetInfo = ProbeHelper.CreateFakeTarget("MSS-RJ-215", "MSS", "lcosta", "password");
}
public WindowsSystemInformationCollector(WmiDataProvider wmiDataProvider)
{
this.wmiDataProvider = wmiDataProvider;
}
private void WmiProviderMustNotHaveBeenUsed(WmiDataProvider wmiProvider)
{
wmiProvider.AssertWasNotCalled<WmiDataProvider>(wmi => wmi.ExecuteWQL(null));
}
private void CheckIfWmiProviderWasUsedProperly(WmiDataProvider usedWmiProvider, string wqlThatShouldBeUsed)
{
usedWmiProvider.AssertWasCalled<WmiDataProvider>(wmi => wmi.ExecuteWQL(wqlThatShouldBeUsed));
}
private void CreateExpectationForGetGroupComponent(WmiDataProvider fakeWmiProvider, string groupName)
{
var fakeWin32GroupUserRecords = new List<WmiObject>();
var groupComponent = GroupComponent(FAKE_COMPUTER_NAME, groupName);
var wqlAdministratorsUsers = new WQLBuilder().WithWmiClass("Win32_GroupUser").AddParameter("GroupComponent", groupComponent).Build();
Expect.Call(fakeWmiProvider.ExecuteWQL(wqlAdministratorsUsers)).Return(new[] { NewWmiObjectForFakeGroupUser("fakeUser") });
}
public WindowsUsersProvider(WmiDataProvider wmiDataProvider, TargetInfo targetInfo)
{
this.WmiProvider = wmiDataProvider;
this.TargetInfo = targetInfo;
}
private bool DoesACLBelongToUser(ManagementBaseObject daclTrustee, string userTrusteeName, WmiDataProvider wmiProvider)
{
var winTrustee = this.getWinTrusteeFromManagementObject(daclTrustee);
if (userTrusteeName.Equals(winTrustee.SIDString))
return true;
string username = this.getPropertyValueAsString(daclTrustee, "Name");
var wql = new WQLBuilder().WithWmiClass("Win32_Account").AddParameter("SID", userTrusteeName).Build();
var accountName = wmiProvider.ExecuteWQL(wql);
if ((accountName.Count() > 0) && accountName.First().GetValueOf("Name").ToString().Equals(username, StringComparison.InvariantCultureIgnoreCase))
return true;
string userDomain = this.getPropertyValueAsString(daclTrustee, "Domain");
string[] trusteeParts = userTrusteeName.Split(new string[] { @"\" }, StringSplitOptions.RemoveEmptyEntries);
bool matchUsername = username.Equals(trusteeParts.Last(), StringComparison.CurrentCultureIgnoreCase);
bool matchUserDomain = userDomain.Equals(trusteeParts.First(), StringComparison.CurrentCultureIgnoreCase);
bool isSystemAccount = (userTrusteeName.IndexOf(@"\") < 0);
return isSystemAccount ? matchUsername : (matchUsername && matchUserDomain);
}
private void CheckWmiDataProviderInstance()
{
if (this.WmiDataProvider == null)
{
var managementPath = string.Format(@"\\{0}\root\cimv2", this.TargetInfo.GetAddress());
this.WmiDataProvider = new WmiDataProvider(new ManagementScope(managementPath));
}
}
public WindowsGroupAccountProvider(WmiDataProvider wmiDataProvider, TargetInfo targetInfo)
{
this.WmiDataProvider = wmiDataProvider;
this.TargetInfo = targetInfo;
}
private void CreateObjectCollector()
{
if (base.ObjectCollector == null)
{
var wmiConnectionScope = ((FileConnectionProvider)this.ConnectionProvider).ConnectionScope;
var newWmiProvider = new WmiDataProvider(wmiConnectionScope);
base.ObjectCollector = new FileEffectiveRights53ObjectCollector() { WmiDataProvider = newWmiProvider };
}
}