public void Should_be_possible_to_get_a_registryObject_with_his_variable_processed_with_multiple_values()
{
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions(DEFINITIONS_WITH_CONST_VARIABLES);
registry_object ovalRegistryObject = (registry_object)ProbeHelper.GetOvalComponentByOvalID(definitions, OBJ_3000_ID);
Assert.IsNotNull(ovalRegistryObject, "the oval registry object is not exists in the fakeDefinitions");
Dictionary <String, EntityObjectStringType> allRegistryEntities = OvalHelper.GetRegistryEntitiesFromObjectType(ovalRegistryObject);
string expectedHiveValue = allRegistryEntities[registry_object_ItemsChoices.hive.ToString()].Value;
string expectedNameValue = allRegistryEntities[registry_object_ItemsChoices.name.ToString()].Value;
string[] variableValues = new string[] { VAR_3000_VALUE_1, VAR_3000_VALUE_2 };
VariablesEvaluated variablesEvaluated = VariableHelper.CreateVariableWithMultiplesValue(OBJ_3000_ID, VAR_3000_ID, variableValues);
RegistryEntityVariableEvaluator registryEntityVariableEvaluator = new RegistryEntityVariableEvaluator(variablesEvaluated);
IEnumerable <RegistryObject> registries = registryEntityVariableEvaluator.ProcessVariableForRegistryObject(ovalRegistryObject);
Assert.AreEqual(2, registries.Count(), "the quantity of registries is not expected");
Assert.AreEqual(expectedHiveValue, registries.ElementAt(0).Hive, "the hive value is not expected");
Assert.AreEqual(VAR_3000_VALUE_1, registries.ElementAt(0).Key, "the key value is not expected");
Assert.AreEqual(expectedNameValue, registries.ElementAt(0).Name, "the name value is not expected");
Assert.AreEqual(expectedHiveValue, registries.ElementAt(1).Hive, "the hive value is not expected");
Assert.AreEqual(VAR_3000_VALUE_2, registries.ElementAt(1).Key, "the key value is not expected");
Assert.AreEqual(expectedNameValue, registries.ElementAt(1).Name, "the name value is not expected");
}
private RegistryObject GetRegistryObject()
{
registry_object ovalRegistryObject = (registry_object)ProbeHelper.GetOvalComponentByOvalID(definitions, "oval:org.mitre.oval:obj:3000");
RegistryObject registry = RegistryObjectFactory.CreateRegistryObject(ovalRegistryObject);
return(registry);
}
private static set GetSetFromRegistryObject(registry_object registryObject)
{
for (int i = 0; i <= registryObject.RegistryObjectItemsElementName.Count() - 1; i++)
{
if (registryObject.RegistryObjectItemsElementName[i] == registry_object_ItemsChoices.set)
{
return((set)registryObject.Items[i]);
}
}
return(null);
}
public void Should_be_access_variable_information_from_the_registry_object_by_the_registry_wrapper()
{
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions("definitionsWithConstantVariable.xml");
registry_object ovalRegistryObject = (registry_object)ProbeHelper.GetOvalComponentByOvalID(definitions, "oval:org.mitre.oval:obj:3000");
Assert.IsNotNull(ovalRegistryObject, "the oval registry object is not exists in the fakeDefinitions");
RegistryObject registry = RegistryObjectFactory.CreateRegistryObject(ovalRegistryObject);
Assert.AreEqual(registry.Hive, "HKEY_LOCAL_MACHINE", "the hive value is not expected");
Assert.AreEqual(registry.Key, "", "the key value is not expected");
Assert.AreEqual(registry.Name, "CurrentVersion", "the hive value is not expected");
Assert.AreEqual("oval:org.mitre.oval:var:3000", registry.GetVariableId(registry_object_ItemsChoices.key.ToString()), "the variableId from key is not expected");
Assert.AreEqual("", registry.GetVariableId(registry_object_ItemsChoices.name.ToString()), "the variableId from from name is not expected");
}
public void Should_be_access_information_from_the_registry_object_by_the_registry_wrapper()
{
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions("definitionsSimple.xml");
registry_object ovalRegistryObject = (registry_object)ProbeHelper.GetOvalComponentByOvalID(definitions, "oval:org.mitre.oval:obj:4000");
Assert.IsNotNull(ovalRegistryObject, "the oval registry object is not exists in the fakeDefinitions");
RegistryObject registry = RegistryObjectFactory.CreateRegistryObject(ovalRegistryObject);
Assert.AreEqual(registry.Hive, "HKEY_LOCAL_MACHINE", "the hive value is not expected");
Assert.AreEqual(registry.Key, @"Software\Microsoft\Windows NT\CSDBuild", "the key value is not expected");
Assert.AreEqual(registry.Name, "^D.*", "the hive value is not expected");
Assert.AreEqual(OperationEnumeration.patternmatch, registry.GetNameOperation(), "the operation from from name is not expected");
Assert.AreEqual(OperationEnumeration.equals, registry.GetKeyOperation(), "the operation from from key is not expected");
}
public void Should_be_possible_to_get_EntityBaseType_from_an_object_that_have_multiples_items_that_is_not_EntityBaseType()
{
registry_object registry = new registry_object();
IEnumerable <EntitySimpleBaseType> entities = registry.GetEntityBaseTypes();
Assert.AreEqual(entities.Count(), 0, "the quantity is no expected");
registry = new registry_object()
{
Items = new[] { new RegistryBehaviors() }
};
entities = registry.GetEntityBaseTypes();
Assert.AreEqual(entities.Count(), 0, "the quantity is no expected");
}
public void Should_be_possible_to_apply_PatternMatch_operation_on_OvalObjectEntity()
{
string definitionFileName = "fdcc_xpfirewall_oval_regex_on_value.xml";
registry_object obj50002 = (registry_object)this.getFakeObj(definitionFileName, "oval:modulo:obj:50001");
string keyPattern = "SOFTWARE\\Microsoft\\Windows\\^Current.*";
string[] fakeSubKeys = new string[] { "XBuildX", "CurrentBuild", "CurrentBuildXPTO", "Build" };
IList <string> fakeSystemValues = createFakeSystemValues("SOFTWARE\\Microsoft\\Windows", fakeSubKeys);
Dictionary <string, object> operationParameters = getOperationParameters(keyPattern, fakeSystemValues.ToArray());
PatternMatchEntityOperation patternOperation = new PatternMatchEntityOperation();
IEnumerable <string> operationResult = patternOperation.Apply(operationParameters);
Assert.IsNotNull(operationResult);
Assert.AreEqual(2, operationResult.Count(), MSG_INVALID_OPERATION_RESULT_COUNT);
}
public void Should_be_possible_to_apply_NotEqual_operation_on_OvalObjectEntity()
{
string definitionFileName = "fdcc_xpfirewall_oval_regex_on_value.xml";
registry_object obj50006 = (registry_object)this.getFakeObj(definitionFileName, "oval:modulo:obj:50006");
Dictionary <string, EntityObjectStringType> entities = OvalHelper.GetRegistryEntitiesFromObjectType(obj50006);
EntityObjectStringType nameEntity = entities[registry_object_ItemsChoices.name.ToString()];
Dictionary <string, object> operationParameters = getOperationParameters("CSDVersion", new string[] { "BuildVersion", "CSDVersion", "XPTO" });
OvalEntityOperationBase notEqualsOperation = OvalEntityOperationFactory.CreateOperationForOvalEntity(nameEntity.operation);
IEnumerable <string> resultAfterApplyOperation = notEqualsOperation.Apply(operationParameters);
Assert.IsInstanceOfType(notEqualsOperation, typeof(NotEqualsEntityOperation), MSG_INVALID_OPERATION_TYPE);
Assert.AreEqual(2, resultAfterApplyOperation.Count(), MSG_INVALID_OPERATION_RESULT_COUNT);
Assert.AreEqual("BuildVersion", resultAfterApplyOperation.ElementAt(0), MSG_UNEXPECTED_FOUND_ITEM);
Assert.AreEqual("XPTO", resultAfterApplyOperation.ElementAt(1), MSG_UNEXPECTED_FOUND_ITEM);
}
public void Should_be_possible_to_apply_Equals_operation_on_RegistryObjectEntities()
{
registry_object registryObject = (registry_object)this.getFakeObj(DEFINITIONS_FILENAME, REGISTRY_OBJECT_ID);
EntityObjectStringType keyEntity = this.getRegistryObjectEntity(registryObject, registry_object_ItemsChoices.key.ToString());
// Assert Key Entity Operation
OvalEntityOperationBase operationForKeyEntity = OvalEntityOperationFactory.CreateOperationForOvalEntity(keyEntity.operation);
Dictionary <string, object> keyOperationParameters = this.getOperationParameters(keyEntity.Value, new string[] { REGISTRY_KEY_NAME });
IEnumerable <string> derivedKeys = operationForKeyEntity.Apply(keyOperationParameters);
Assert.IsInstanceOfType(operationForKeyEntity, typeof(EqualsEntityOperation), MSG_INVALID_OPERATION_TYPE);
Assert.IsNotNull(derivedKeys);
Assert.AreEqual(1, derivedKeys.Count(), MSG_INVALID_OPERATION_RESULT_COUNT);
Assert.AreEqual(keyEntity.Value, derivedKeys.ElementAt(0), MSG_UNEXPECTED_FOUND_ITEM);
}
public void Should_not_evaluate_a_variable_if_the_entityType_not_have_a_variable_reference()
{
oval_definitions definitions = new OvalDocumentLoader().GetFakeOvalDefinitions("definitionsSimple.xml");
Assert.IsNotNull(definitions, "the definitios is not created");
registry_object registryObject = (registry_object)definitions.objects[1];
Dictionary <String, EntityObjectStringType> registryEntities = this.GetRegistryEntitiesFromName(registryObject);
EntitySimpleBaseType keyName = registryEntities[registry_object_ItemsChoices.key.ToString()];
VariableEvaluator variableEvaluator = new VariableEvaluator(definitions.variables, null, null);
IEnumerable <string> values = variableEvaluator.Evaluate(keyName);
Assert.IsNotNull(values, "the valueToMatch of variable is null");
Assert.IsTrue(values.Count() == 1, "the quantity of values is not expected");
Assert.IsTrue(values.ElementAt(0) == @"Software\Microsoft\Windows NT\CurrentVersion", "the valueToMatch is not expected");
}
public void Should_Be_Possible_To_Extract_From_OVAL_Definitions_Objects_That_Not_Contains_A_Test_Or_DefinitionAssociated()
{
oval_definitions fakeDefinitions = ProbeHelper.GetFakeOvalDefinitions("definitionsWithOnlyObjects.xml");
Assert.IsNotNull(fakeDefinitions.objects);
Assert.AreEqual(6, fakeDefinitions.objects.Count());
Assert.IsNotNull(fakeDefinitions.objects.SingleOrDefault(obj => obj.id.Equals("oval:gov.nist.fdcc.xpfirewall:obj:50000")));
registry_object obj50001 = (registry_object)fakeDefinitions.objects.SingleOrDefault(obj => obj.id.Equals("oval:gov.nist.fdcc.xpfirewall:obj:50001"));
Assert.IsNotNull(obj50001);
string foundHiveName = ((EntityObjectRegistryHiveType)obj50001.Items[0]).Value;
string foundKeyName = ((EntityObjectStringType)obj50001.Items[1]).Value;
EntityObjectStringType foundValueEntity = (EntityObjectStringType)obj50001.Items[2];
Assert.AreEqual("HKEY_LOCAL_MACHINE", foundHiveName);
Assert.AreEqual("SOFTWARE\\Microsoft\\Windows\\CurrentVersion", foundKeyName);
Assert.AreEqual(OperationEnumeration.patternmatch, foundValueEntity.operation);
Assert.AreEqual(".*Build$", foundValueEntity.Value);
}
public void NotEqual_operation_should_be_CaseSensitive()
{
#region Registry Object
// <registry_object id="oval:modulo:obj:50006" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
// <hive>HKEY_LOCAL_MACHINE</hive>
// <key>SOFTWARE\Microsoft\Windows\CurrentVersion</key>
// <name operation="not equal">CSDVersion</name>
// </registry_object>
#endregion
registry_object registryObject = (registry_object)this.getFakeObj(DEFINITIONS_FILENAME, "oval:modulo:obj:50006");
Dictionary <string, EntityObjectStringType> registryEntities = OvalHelper.GetRegistryEntitiesFromObjectType(registryObject);
EntityObjectStringType nameEntity = registryEntities[registry_object_ItemsChoices.name.ToString()];
OvalEntityOperationBase NotEqualOperation = OvalEntityOperationFactory.CreateOperationForOvalEntity(nameEntity.operation);
Dictionary <string, object> operationParameters = this.getOperationParameters(nameEntity.Value, new string[] { "CSDversion", "CSDVersion", "csdVersion" });
IEnumerable <string> operationResult = NotEqualOperation.Apply(operationParameters);
Assert.IsInstanceOfType(NotEqualOperation, typeof(NotEqualsEntityOperation), MSG_INVALID_OPERATION_TYPE);
Assert.AreEqual(2, operationResult.Count(), MSG_INVALID_OPERATION_RESULT_COUNT);
Assert.AreNotEqual(nameEntity.Value, operationResult.ElementAt(0), MSG_UNEXPECTED_FOUND_ITEM);
Assert.AreNotEqual(nameEntity.Value, operationResult.ElementAt(1), MSG_UNEXPECTED_FOUND_ITEM);
}
/// <summary>
/// Creates the registry object given the oval Registry Object.
/// </summary>
/// <param name="ovalRegistryObject">The oval registry object.</param>
/// <returns></returns>
public static RegistryObject CreateRegistryObject(registry_object ovalRegistryObject)
{
Dictionary <String, EntityObjectStringType> allRegistryEntities = OvalHelper.GetRegistryEntitiesFromObjectType(ovalRegistryObject);
return(new RegistryObject(allRegistryEntities));
}
private Dictionary <string, EntityObjectStringType> GetRegistryEntitiesFromName(registry_object registryObject)
{
string hiveEntityName = registry_object_ItemsChoices.hive.ToString();
string keyEntityName = registry_object_ItemsChoices.key.ToString();
string nameEntityName = registry_object_ItemsChoices.name.ToString();
object[] allEntities = registryObject.Items.ToArray();
string[] allEntityNames = registryObject.RegistryObjectItemsElementName.Select(i => i.ToString()).ToArray <String>();
Dictionary <String, EntityObjectStringType> registryEntities = new Dictionary <String, EntityObjectStringType>();
registryEntities.Add(hiveEntityName, this.GetEntityObjectByName(hiveEntityName, allEntities, allEntityNames));
registryEntities.Add(keyEntityName, this.GetEntityObjectByName(keyEntityName, allEntities, allEntityNames));
registryEntities.Add(nameEntityName, this.GetEntityObjectByName(nameEntityName, allEntities, allEntityNames));
return(registryEntities);
}
//[TestMethod]
//public void TestFoo()
//{
// string strComputer = ".";
// ManagementObjectSearcher wmiObjectSearcher = new ManagementObjectSearcher();
// wmiObjectSearcher.Scope = new ManagementScope("\\\\" + strComputer + "\\root\\directory\\LDAP");
// wmiObjectSearcher.Query = new ObjectQuery("Select * from ads_domaindns");
// wmiObjectSearcher.Options = new EnumerationOptions() { Rewindable = false, ReturnImmediately = true };
// string result = string.Empty;
// foreach (var obj in wmiObjectSearcher.Get())
// foreach (PropertyData property in obj.Properties)
// {
// string propertyValue = (property.Value == null) ? "[NULL]" : property.Value.ToString();
// result += string.Format("Property Name: '{0}' / Property Value: {1}\r\n", property.Name, propertyValue);
// }
// System.IO.File.WriteAllText("c:\\temp\\DomainDNS.txt", result);
// Assert.IsTrue(true);
//}
private EntityObjectStringType getRegistryObjectEntity(registry_object registryObject, string entityName)
{
Dictionary <string, EntityObjectStringType> entities = OvalHelper.GetRegistryEntitiesFromObjectType(registryObject);
return(entities[entityName]);
}
/// <summary>
/// Evaluates all the variables for registry object.
/// One registry_object can create multiples RegistryObjects.
/// This happen because the variable is defined in the RegistryEntity, and a variable can be have multiples values.
/// </summary>
/// <param name="registryObject">The registry object.</param>
/// <returns></returns>
public IEnumerable <RegistryObject> ProcessVariableForRegistryObject(registry_object registryObject)
{
var registry = RegistryObjectFactory.CreateRegistryObject(registryObject);
return(new List <RegistryObject>(this.ProcessVariables(registry)));
}
