public void Should_Be_Possible_To_Search_SubKeys_From_KeyName() { object fakeFoundSubKeys = new string[] { "Graphics", "GData", "XPTO" }; Dictionary <string, object> searchKeysParameters = new Dictionary <string, object>(); searchKeysParameters.Add(registry_object_ItemsChoices.hive.ToString(), eHiveNames.HKEY_LOCAL_MACHINE.ToString()); searchKeysParameters.Add(registry_object_ItemsChoices.key.ToString(), "Microsoft"); AbstractConstraint[] invokeMethodConstraints = new AbstractConstraint[] { new Equal("EnumKey"), new Anything(), new Anything() }; MockRepository mocks = new MockRepository(); WmiDataProvider fakeWmiPrv = mocks.DynamicMock <WmiDataProvider>(); Expect.Call(fakeWmiPrv.InvokeMethod("", null, "")).Constraints(invokeMethodConstraints).Return(fakeFoundSubKeys); mocks.ReplayAll(); RegistryObjectCollector systemDataSource = new RegistryObjectCollector() { WmiDataProvider = fakeWmiPrv }; IList <string> registrySubKeys = systemDataSource.GetValues(searchKeysParameters); mocks.VerifyAll(); Assert.IsNotNull(registrySubKeys); Assert.AreEqual(3, registrySubKeys.Count); Assert.AreEqual("Graphics", registrySubKeys[0]); Assert.AreEqual("GData", registrySubKeys[1]); Assert.AreEqual("XPTO", registrySubKeys[2]); }
public void Should_be_possible_to_generate_itemTypes_from_objectTypes_with_variables_and_regex() { string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString(); string startKey = "SOFTWARE\\Microsoft\\Windows"; var ovalObject = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithLocalVariable.xml", "oval:modulo:obj:5000"); var fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex(startKey, 1); WmiDataProvider wmiDataProvider = new WmiDataProvider();// new WmiDataProviderFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess(); VariableValue variable = new VariableValue(ovalObject.id, "oval:org.mitre.oval:var:3000", new List <string>() { "CurrentType" }); VariablesEvaluated variables = new VariablesEvaluated(new List <VariableValue>() { variable }); var itemGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider }; var itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, variables).Cast <registry_item>(); Assert.AreEqual(2, itemsToCollect.Count()); this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentBuild", "CurrentType"); this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(1), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "CurrentType"); }
public void GetPrimaryHardDriveSerial() { WmiDataProvider provider = new WmiDataProvider(); string data = provider.GetPrimaryHardDriveSerial(); Assert.IsNotNull(data); }
public FileEffectiveRights53ObjectCollector(WmiDataProvider wmiDataProvider) { this.WmiProvider = wmiDataProvider; this.DaclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL); this.Cache = new Dictionary <string, IEnumerable <fileeffectiverights_item> >(); this.FlatCache = new Dictionary <string, fileeffectiverights_item>(); }
private FileProber GetMockedFileProber(file_item fakeItem) { IList <String> fakeValues = new List <String>(new string[] { "FakeValue" }); CollectedItem fakeCollectedItem = ProbeHelper.CreateFakeCollectedItem(fakeItem); MockRepository mocks = new MockRepository(); IConnectionManager fakeConnection = mocks.DynamicMock <IConnectionManager>(); ISystemInformationService fakeSystemInformation = mocks.DynamicMock <ISystemInformationService>(); FileConnectionProvider fakeProvider = mocks.DynamicMock <FileConnectionProvider>(); WmiDataProvider fakeWmiProvider = mocks.DynamicMock <WmiDataProvider>(); FileObjectCollector fakeDataCollector = mocks.DynamicMock <FileObjectCollector>(); fakeDataCollector.WmiDataProvider = fakeWmiProvider; //Expect.Call(fakeConnection.Connect<FileConnectionProvider>(null, null)).IgnoreArguments().Repeat.Any().Return(fakeProvider); Expect.Call(fakeDataCollector.CollectDataForSystemItem(fakeItem)).IgnoreArguments().Repeat.Any().Return(new List <CollectedItem>() { fakeCollectedItem }); Expect.Call(fakeDataCollector.GetValues(null)).IgnoreArguments().Repeat.Any().Return(fakeValues); Expect.Call(fakeSystemInformation.GetSystemInformationFrom(null)).IgnoreArguments().Return(SystemInformationFactory.GetExpectedSystemInformation()); mocks.ReplayAll(); return(new FileProber() { ConnectionManager = fakeConnection, ObjectCollector = fakeDataCollector }); }
public void GetBiosData() { IWmiDataProvider provider = new WmiDataProvider(); string data = provider.GetBiosData(); Assert.IsNotNull(data); }
private FileItemTypeGenerator GetMockedFileItemTypeGenerator(string fileObjectID, string[] fakeFoundPaths, out file_object fileObject) { oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions(DEFINITIONS_REGEX_ON_VALUE); fileObject = (file_object)ProbeHelper.GetOvalComponentByOvalID(definitions, fileObjectID); List <WmiObject> fakeWmiObjects = new List <WmiObject>(); foreach (var fakePath in fakeFoundPaths) { fakeWmiObjects.Add(this.createFakeWmiObject(fakePath, "Application", 100)); } MockRepository mocks = new MockRepository(); WmiDataProvider fakeWmiProvider = mocks.DynamicMock <WmiDataProvider>(); Expect.Call(fakeWmiProvider.SearchWmiObjects(null, null)).IgnoreArguments().Return(fakeWmiObjects.ToArray()); mocks.ReplayAll(); return(new FileItemTypeGenerator() { SystemDataSource = new FileObjectCollector() { WmiDataProvider = fakeWmiProvider } }); }
public void Should_Be_Possible_To_Search_KeyValues_From_KeyName() { object fakeFoundKeyValues = new List <string>(new string[] { "Risk Manager", "PCN", "Workflow Manager", "Dashboard" }); Dictionary <string, object> searchValuesParameters = new Dictionary <string, object>(); searchValuesParameters.Add(registry_object_ItemsChoices.hive.ToString(), eHiveNames.HKEY_LOCAL_MACHINE.ToString()); searchValuesParameters.Add(registry_object_ItemsChoices.key.ToString(), "SOFTWARE\\Modulo"); searchValuesParameters.Add(registry_object_ItemsChoices.name.ToString(), "^.*"); AbstractConstraint[] invokeMethodConstraints = new AbstractConstraint[] { new Equal("EnumValues"), new Anything(), new Anything() }; MockRepository mocks = new MockRepository(); WmiDataProvider fakeWmiPrv = mocks.DynamicMock <WmiDataProvider>(); Expect.Call(fakeWmiPrv.InvokeMethod("", null, "")).Constraints(invokeMethodConstraints).Return(fakeFoundKeyValues); mocks.ReplayAll(); RegistryObjectCollector systemDataSource = new RegistryObjectCollector() { WmiDataProvider = fakeWmiPrv }; IList <string> registryKeyValues = systemDataSource.GetValues(searchValuesParameters); mocks.VerifyAll(); Assert.IsNotNull(registryKeyValues); Assert.AreEqual(4, registryKeyValues.Count); Assert.IsTrue(registryKeyValues[0].Equals("Risk Manager")); Assert.IsTrue(registryKeyValues[1].Equals("PCN")); Assert.IsTrue(registryKeyValues[2].Equals("Workflow Manager")); Assert.IsTrue(registryKeyValues[3].Equals("Dashboard")); }
protected override void ConfigureObjectCollector() { if (base.ObjectCollector == null) { var newWmiProvider = new WmiDataProvider(((RegKeyEffectiveRights53ConnectionProvider)base.ConnectionProvider).ConnectionScope); base.ObjectCollector = new RegKeyEffectiveRightsObjectCollector() { TargetInfo = this.TargetInfo, WmiDataProvider = newWmiProvider, AccessControlListProvider = AccessControlListProvider.CreateInstance() }; } if (base.ItemTypeGenerator == null) { base.ItemTypeGenerator = new RegKeyEffectiveRightsItemTypeGenerator() { OperationEvaluator = new RegKeyEffectiveRightsOperationEvaluator() { SystemDataSource = base.ObjectCollector }, ObjectCollector = (RegKeyEffectiveRightsObjectCollector)base.ObjectCollector } } ; /* { SystemDataSource = base.ObjectCollector } */; }
private void CreateExpectationForGetGroupComponent(WmiDataProvider fakeWmiProvider, string groupName) { var fakeWin32GroupUserRecords = new List <WmiObject>(); var groupComponent = GroupComponent(FAKE_COMPUTER_NAME, groupName); var wqlAdministratorsUsers = new WQLBuilder().WithWmiClass("Win32_GroupUser").AddParameter("GroupComponent", groupComponent).Build(); Expect.Call(fakeWmiProvider.ExecuteWQL(wqlAdministratorsUsers)).Return(new[] { NewWmiObjectForFakeGroupUser("fakeUser") }); }
private void CreateItemTypeGeneratorInstance() { if (base.ItemTypeGenerator == null) { var newWmiDataProvider = new WmiDataProvider(this.WMIConnectionProvider.ConnectionScope); var newAccountProvider = new WindowsUsersProvider(newWmiDataProvider, this.TargetInfo); base.ItemTypeGenerator = new AccessTokenItemTypeGenerator(newAccountProvider); } }
public static FileEffectiveRightsCollector GetInstance(WmiDataProvider wmiDataProvider) { WmiDataProvider = wmiDataProvider; if (Instance == null) { Instance = new FileEffectiveRightsCollector(); } return(Instance); }
public WmiDataProvider GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess() { MockRepository mocks = new MockRepository(); WmiDataProvider wmiDataProvider = mocks.DynamicMock <WmiDataProvider>(); Expect.Call(wmiDataProvider.InvokeMethod("EnumKey", null)).IgnoreArguments().Repeat.Any().Return(this.GetReturnOfInvokeMethodEnumKey()); mocks.ReplayAll(); return(wmiDataProvider); }
private void CreateObjectCollector() { if (base.ObjectCollector == null) { var wmiConnectionScope = ((FileConnectionProvider)this.ConnectionProvider).ConnectionScope; var newWmiProvider = new WmiDataProvider(wmiConnectionScope); base.ObjectCollector = new FileEffectiveRights53ObjectCollector() { WmiDataProvider = newWmiProvider }; } }
public void Should_be_possible_to_collect_FileEffectiveRights() { // Arrange WmiObject fakeWmiObject = new WmiObject(); fakeWmiObject.Add("Descriptor.DACL.AccessMask", (uint)128); fakeWmiObject.Add("Descriptor.DACL.AceFlags", (uint)123); fakeWmiObject.Add("Descriptor.DACL.Trustee.SID", "{500}"); fakeWmiObject.Add("Descriptor.DACL.Trustee.Domain", "mss"); fakeWmiObject.Add("Descriptor.DACL.Trustee.Name", "lfernandes"); MockRepository mocks = new MockRepository(); WmiDataProvider fakeWmiDataProvider = mocks.DynamicMock <WmiDataProvider>(); Expect.Call(fakeWmiDataProvider.InvokeMethodByWmiPath(null)).IgnoreArguments().Return(new WmiObject[] { fakeWmiObject }); FileEffectiveRightsObjectCollector fileEffectiveRightsSysDataSource = new FileEffectiveRightsObjectCollector(); fileEffectiveRightsSysDataSource.WmiDataProvider = fakeWmiDataProvider; mocks.ReplayAll(); // Act IEnumerable <CollectedItem> collectedItem = fileEffectiveRightsSysDataSource.CollectDataForSystemItem(this.getFakeFileItem()); Assert.IsNotNull(collectedItem, "The return of collect data cannot be null"); Assert.AreEqual(1, collectedItem.Count(), "Unexpected collected items count."); Assert.IsNotNull(collectedItem.ElementAt(0).ItemType, "The file item cannot be null."); Assert.IsInstanceOfType(collectedItem.ElementAt(0).ItemType, typeof(fileeffectiverights_item), "The item of collected item must be file_item"); fileeffectiverights_item collectedFileEffectiveRights = (fileeffectiverights_item)collectedItem.ElementAt(0).ItemType; Assert.AreEqual("{500}", collectedFileEffectiveRights.trustee_sid.Value, "Unexpected item value."); Assert.AreEqual("1", collectedFileEffectiveRights.file_read_attributes.Value, "Unexpected file attribute found."); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_append_data, false, "file_append_data"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_delete_child, false, "file_delete_child"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_execute, false, "file_execute"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_read_data, false, "file_read_data"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_read_ea, false, "file_read_ea"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_write_attributes, false, "file_write_attributes"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_write_data, false, "file_write_data"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_write_ea, false, "file_write_ea"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.generic_all, true, "generic_all"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.generic_execute, true, "generic_execute"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.generic_read, true, "generic_read"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.generic_write, false, "generic_write"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.standard_delete, false, "standard_delete"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.standard_read_control, false, "standard_delete"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.standard_synchronize, false, "standard_sync"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.standard_write_dac, false, "standard_write_dac"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.standard_write_owner, false, "standard_write_owner"); }
public WmiDataProvider GetFakeWmiDataProviderForTestExecutingQueriesForSystemInfo() { MockRepository mocks = new MockRepository(); WmiDataProvider wmiDataProvider = mocks.StrictMock <WmiDataProvider>(); Expect.Call(wmiDataProvider.SearchWmiObjects("Win32_ComputerSystem", null)).Return(this.GetWmiObjectsForComputerSystemQuery()); Expect.Call(wmiDataProvider.SearchWmiObjects("Win32_OperatingSystem", null)).Return(this.GetWmiObjectsForOperatingSystemQuery()); Expect.Call(wmiDataProvider.SearchWmiObjects("Win32_NetworkAdapterConfiguration", null)).IgnoreArguments().Return(this.GetWmiObjectsForNetworkInterfaces()); Expect.Call(wmiDataProvider.SearchWmiObjects("Win32_NetworkAdapter", null)).IgnoreArguments().Return(this.GetWmiObjectsForNetworkInterfacesAdapter()); mocks.ReplayAll(); return(wmiDataProvider); }
private void CreateWmiDataProviderFromWmiItem(wmi_item wmiItem) { if (this.WmiDataProvider == null) { var wmiNamespace = String.Format(@"{0}\{1}", this.TargetInfo.GetAddress(), [email protected]); var wmiNamespacePath = new System.Management.ManagementPath(wmiNamespace); var wmiConnectionOptions = WmiDataProviderFactory.CreateConnectionOptions(this.TargetInfo); var wmiManagementScope = new System.Management.ManagementScope(wmiNamespacePath, wmiConnectionOptions); wmiManagementScope.Connect(); this.WmiDataProvider = new WmiDataProvider(wmiManagementScope); } }
protected override void ConfigureObjectCollector() { if (this.ObjectCollector == null) { var wmiProvider = new WmiDataProvider(((FileConnectionProvider)ConnectionProvider).ConnectionScope); var accountProvider = new WindowsUsersProvider(wmiProvider, this.TargetInfo); ObjectCollector = new UserObjectCollector(accountProvider); if (ItemTypeGenerator == null) { ItemTypeGenerator = new UserItemTypeGenerator(accountProvider); } } }
public void Should_be_possible_to_generate_itemTypes_from_objectType_with_PatternMatchOperation_on_key_and_name_entities_at_same_time() { var objectType = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithOnlyObjects.xml", "oval:modulo:obj:12345"); var fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex("", 2); var fakeWmiDataProvider = new WmiDataProvider();// new WmiDataProviderFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess(); var itemTypeGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = fakeWmiDataProvider }; var generatedItems = itemTypeGenerator.GetItemsToCollect(objectType, VariableHelper.CreateEmptyEvaluatedVariables()); Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect method cannot be null."); Assert.AreEqual(4, generatedItems.Count(), "Unexpected generated items type count"); }
protected override void ConfigureObjectCollector() { if (base.ObjectCollector == null) { var connectionScope = ((FileConnectionProvider)FileConnectionProvider).ConnectionScope; var newWmiDataProvider = new WmiDataProvider(connectionScope); var newFileProvider = new WindowsFileProvider(TargetInfo) { WmiDataProvider = newWmiDataProvider }; ObjectCollector = new TextFileContentObjectCollector() { FileContentProvider = newFileProvider, TargetInfo = TargetInfo }; FileDataSource = new FileObjectCollector() { WmiDataProvider = newWmiDataProvider }; } if (base.ItemTypeGenerator == null) { var newFileProvider = new WindowsFileProvider(this.TargetInfo) { WmiDataProvider = WmiDataProviderFactory .CreateWmiDataProviderForFileSearching(this.TargetInfo) }; var newOperationEvaluator = new TextFileContentEntityOperationEvaluator(ObjectCollector, newFileProvider, FamilyEnumeration.windows); ItemTypeGenerator = new TextFileContentItemTypeGenerator() { OperationEvaluator = newOperationEvaluator }; } }
public WindowsUsersProvider(WmiDataProvider wmiDataProvider, TargetInfo targetInfo) { this.WmiProvider = wmiDataProvider; this.TargetInfo = targetInfo; }
/// <summary> /// Creates a list of WinACEs objects from security descriptor management object. /// </summary> /// <param name="rootManagementObject">The result of invoked method which returns the Security Descriptor as ManagementBaseObject.</param> /// <param name="trusteeName">The username formatted such as: "[DOMAIN]\[USERNAME]". For local users use the machine name on [DOMAIN]</param> /// <returns>Returns a List of WMIWinACE objects.</returns> public virtual IEnumerable <WMIWinACE> GetSecurityDescriptorsFromManagementObject(object rootManagementObject, string userTrusteeName, WmiDataProvider wmiProvider) { ManagementBaseObject[] ACLs = this.getACLFromManagementObject((ManagementBaseObject)rootManagementObject); var result = new List <WMIWinACE>(); foreach (var acl in ACLs) { var aclTrustee = (ManagementBaseObject)acl.Properties["Trustee"].Value; if (this.DoesACLBelongToUser(aclTrustee, userTrusteeName, wmiProvider)) { WMIWinACE newWinACE = new WMIWinACE(); newWinACE.AccessMask = this.getPropertyValueAsUnsiggnedInteger(acl, "AccessMask"); newWinACE.AceFlags = this.getPropertyValueAsUnsiggnedInteger(acl, "AceFlags"); newWinACE.AceType = this.getPropertyValueAsUnsiggnedInteger(acl, "AceType"); newWinACE.Trustee = this.getWinTrusteeFromManagementObject(aclTrustee); newWinACE.CalculateFileAccessRightsFromAccessMask(); result.Add(newWinACE); } } return(result); }
private bool DoesACLBelongToUser(ManagementBaseObject daclTrustee, string userTrusteeName, WmiDataProvider wmiProvider) { var winTrustee = this.getWinTrusteeFromManagementObject(daclTrustee); if (userTrusteeName.Equals(winTrustee.SIDString)) { return(true); } string username = this.getPropertyValueAsString(daclTrustee, "Name"); var wql = new WQLBuilder().WithWmiClass("Win32_Account").AddParameter("SID", userTrusteeName).Build(); var accountName = wmiProvider.ExecuteWQL(wql); if ((accountName.Count() > 0) && accountName.First().GetValueOf("Name").ToString().Equals(username, StringComparison.InvariantCultureIgnoreCase)) { return(true); } string userDomain = this.getPropertyValueAsString(daclTrustee, "Domain"); string[] trusteeParts = userTrusteeName.Split(new string[] { @"\" }, StringSplitOptions.RemoveEmptyEntries); bool matchUsername = username.Equals(trusteeParts.Last(), StringComparison.CurrentCultureIgnoreCase); bool matchUserDomain = userDomain.Equals(trusteeParts.First(), StringComparison.CurrentCultureIgnoreCase); bool isSystemAccount = (userTrusteeName.IndexOf(@"\") < 0); return(isSystemAccount ? matchUsername : (matchUsername && matchUserDomain)); }
public WindowsSystemInformationCollectorTest() { this.WmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestExecutingQueriesForSystemInfo(); this.FakeTargetInfo = ProbeHelper.CreateFakeTarget("MSS-RJ-215", "MSS", "lcosta", "password"); }
private void ConfigureCollector() { this.wmiDataProvider = new WmiDataProvider(this.connectionProvider.ConnectionScope); this.systemInformationCollector = new WindowsSystemInformationCollector(wmiDataProvider); }
public WindowsSystemInformationCollector(WmiDataProvider wmiDataProvider) { this.wmiDataProvider = wmiDataProvider; }
private void WmiProviderMustNotHaveBeenUsed(WmiDataProvider wmiProvider) { wmiProvider.AssertWasNotCalled <WmiDataProvider>(wmi => wmi.ExecuteWQL(null)); }
private void CheckIfWmiProviderWasUsedProperly(WmiDataProvider usedWmiProvider, string wqlThatShouldBeUsed) { usedWmiProvider.AssertWasCalled <WmiDataProvider>(wmi => wmi.ExecuteWQL(wqlThatShouldBeUsed)); }
public WindowsFileProvider(TargetInfo targetInfo, WmiDataProvider wmiDataProvider) : this(targetInfo) { this.WmiDataProvider = wmiDataProvider; }
public WindowsGroupAccountProvider(WmiDataProvider wmiDataProvider, TargetInfo targetInfo) { this.WmiDataProvider = wmiDataProvider; this.TargetInfo = targetInfo; }