public void Should_be_possible_to_collect_file_effective_rights()
{
#region File Effective Rights Object
//<fileeffectiverights_object id="oval:modulo:obj:7" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
// <path>c:\temp</path>
// <filename>file1.txt</filename>
// <trustee_name>mss\lfernandes</trustee_name>
//</fileeffectiverights_object>
#endregion
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions("definitionsSimple.xml");
CollectInfo fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(definitions.objects, null, null);
Definitions::ObjectType fileEffectiveRightsObject = ProbeHelper.GetOvalComponentByOvalID(definitions, "oval:modulo:obj:7");
IEnumerable<CollectedItem> fakeCollectedItems = new CollectedItem[] { this.createFakeCollectedItem(fileEffectiveRightsObject) };
FileEffectiveRightsProber prober = this.createMockedFileEffectiveRightsProber(fakeCollectedItems);
ProbeResult result = prober.Execute(ProbeHelper.CreateFakeContext(), ProbeHelper.CreateFakeTarget(), fakeCollectInfo);
Assert.IsNotNull(result, "The result of FileEffectiveRightsProber execution cannot be null.");
Assert.IsNotNull(result.ExecutionLog, "The ExecutionLog of FileEffectiveRightsProber was not created.");
Assert.IsNotNull(result.CollectedObjects, "There are no collected objects.");
Assert.AreEqual(1, result.CollectedObjects.Count(), "Unexpected collected objects count found.");
this.AssertCollectedFileItems(fileEffectiveRightsObject, result.CollectedObjects.ElementAt(0), fakeCollectedItems);
}
protected override IEnumerable<CollectedItem> collectDataForSystemItem(ItemType systemItem)
{
var filePath = string.Empty;
try
{
var fileContentItem = (textfilecontent_item)systemItem;
filePath = Path.Combine(fileContentItem.path.Value, fileContentItem.filename.Value);
var interimList = WinNetUtils.getWinTextFileContent(hostUNC, filePath, fileContentItem.line.Value);
var collectedItems = new List<CollectedItem>();
foreach (FileContentItemSystemData srcItem in interimList)
{
var destItem = new textfilecontent_item();
this.BuilderFileContentItem(destItem, srcItem, fileContentItem);
var newCollectedItem = new CollectedItem() { ItemType = destItem, ExecutionLog = BuildExecutionLog() };
collectedItems.Add(newCollectedItem);
}
return collectedItems;
}
catch (FileNotFoundException)
{
base.SetDoesNotExistStatusForItemType(systemItem, filePath);
}
return new ItemTypeHelper().CreateCollectedItemsWithOneItem(systemItem, BuildExecutionLog());
}
public RunLevelProberTests()
{
FakeItemToCollect1 = CreateFakeRunlevelItem("ssh", "2", null, null);
FakeItemToCollect2 = CreateFakeRunlevelItem("cups", "3", null, null);
FakeCollectedItem1 = ProbeHelper.CreateFakeCollectedItem(CreateFakeRunlevelItem("ssh", "2", "0", "1"));
FakeCollectedItem2 = ProbeHelper.CreateFakeCollectedItem(CreateFakeRunlevelItem("cups", "3", "1", "0"));
}
public RpmInfoProberTests()
{
FakeItemToCollect1 = CreateFakeRpmInfoItem("vbox", null, null, null, null, null);
FakeItemToCollect2 = CreateFakeRpmInfoItem("firefox", null, null, null, null, null);
var fakeCollectedItem1 = CreateFakeRpmInfoItem("vbox", "x86", "2010", "1020", "12345678", "1");
FakeCollectedItem1 = ProbeHelper.CreateFakeCollectedItem(fakeCollectedItem1);
var fakeCollectedItem2 = CreateFakeRpmInfoItem("firefox", "x86", "2010", "1020", "12345678", "1");
FakeCollectedItem2 = ProbeHelper.CreateFakeCollectedItem(fakeCollectedItem2);
}
public void Should_be_possible_to_collect_wmi_object()
{
var fakeItemsToReturn = this.CreateWmiItems(FAKE_WMI_NAMESPACE, FAKE_WQL);
var fakeCollectedItems = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(fakeItemsToReturn.First()) };
var fakeCollectedInfo = GetFakeCollectInfo("oval:modulo:obj:2200");
ProberBehaviorCreator
.CreateBehaviorForNormalFlowExecution(
WMIProber,
fakeItemsToReturn,
fakeCollectedItems);
var proberExecutionResult = WMIProber.Execute(FakeContext, FakeTargetInfo, fakeCollectedInfo);
DoAssertForSingleCollectedObject(proberExecutionResult, typeof(wmi_item));
}
public void Should_be_possible_to_collect_file_object_for_unix_systems()
{
var fakeFileItemsToReturn = new ItemType[] { new unix.file_item() { filepath = OvalHelper.CreateItemEntityWithStringValue("/home/usr/readme") } };
var fakeCollectedItemsToReturn = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(CreateFileItem()) };
var unixFileProber = new FileProber();
ProberBehaviorCreator
.CreateBehaviorForNormalFlowExecution(
unixFileProber,
fakeFileItemsToReturn,
fakeCollectedItemsToReturn);
var result = unixFileProber.Execute(FakeContext, FakeTargetInfo, GetFakeCollectInfo("oval:modulo:obj:2", "definitions_all_unix"));
DoAssertForSingleCollectedObject(result, typeof(unix.file_item));
}
public void CreateBehaviorForNormalFlowExecution(
ProbeBase probeToConfigure,
ItemType[] fakeItemsToReturnByItemTypeGenerator,
CollectedItem[] fakeCollectedItemsToReturnByObjectCollector)
{
var mocksRepository = new MockRepository();
var fakeConnectionManager = mocksRepository.DynamicMock<IConnectionManager>();
var fakeObjectCollector = mocksRepository.DynamicMock<FileEffectiveRights53ObjectCollector>();
var fakeItemTypeGenerator = mocksRepository.DynamicMock<IItemTypeGenerator>();
Expect.Call(fakeItemTypeGenerator.GetItemsToCollect(null, null))
.IgnoreArguments()
.Return(fakeItemsToReturnByItemTypeGenerator);
Expect.Call(fakeObjectCollector.CollectDataForSystemItem(null))
.IgnoreArguments()
.Return(fakeCollectedItemsToReturnByObjectCollector);
mocksRepository.ReplayAll();
probeToConfigure.ConnectionManager = fakeConnectionManager;
probeToConfigure.ItemTypeGenerator = fakeItemTypeGenerator;
probeToConfigure.ObjectCollector = fakeObjectCollector;
}
private FileAuditedPermissionsProber CreateMockedXmlFileContentProber(CollectedItem[] fakeCollectedItems, Exception exception)
{
MockRepository mocks = new MockRepository();
var fakeConnectionManager = mocks.DynamicMock<IConnectionManager>();
var fakeSystemDataSource = mocks.DynamicMock<FileAuditedPermissionsObjectCollector>();
var fakeItemTypeGenerator = mocks.DynamicMock<FileAuditedPermissionsItemTypeGenerator>();
if (exception == null)
{
var fakeItems = this.CreateFakeItemTypes();
Expect.Call(fakeItemTypeGenerator.GetItemsToCollect(null, null)).IgnoreArguments().Return(fakeItems);
Expect.Call(fakeSystemDataSource.CollectDataForSystemItem(null)).IgnoreArguments().Return(fakeCollectedItems);
}
else
{
Expect.Call(fakeSystemDataSource.CollectDataForSystemItem(null)).IgnoreArguments().CallOriginalMethod(OriginalCallOptions.NoExpectation);
Expect.Call(fakeItemTypeGenerator.GetItemsToCollect(null, null)).IgnoreArguments().Throw(exception);
}
mocks.ReplayAll();
return new FileAuditedPermissionsProber() { ConnectionManager = fakeConnectionManager, ObjectCollector = fakeSystemDataSource, ItemTypeGenerator = fakeItemTypeGenerator };
}
public void The_operation_evaluator_of_TextFileContentItemTypeGenerator_must_be_configured()
{
var objectType = ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple", "900");
var fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(new Definitions.ObjectType[] { objectType }, null, null);
var fakeCollectedItems = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(new textfilecontent_item()) };
var textFileContentProber = CreateMockedProberWithNoFakeItemTypeGenerator(fakeCollectedItems);
textFileContentProber.Execute(FakeContext, FakeTargetInfo, fakeCollectInfo);
Assert.IsInstanceOfType(textFileContentProber.ItemTypeGenerator, typeof(TextFileContentItemTypeGenerator));
var itemTypeGenerator = (TextFileContentItemTypeGenerator)textFileContentProber.ItemTypeGenerator;
Assert.IsNotNull(itemTypeGenerator.OperationEvaluator);
}
private RegistryProber GetMockedRegistryProber(registry_item fakeItem)
{
var fakeValues = new List<String>(new string[] { "FakeValue" });
var fakeCollectedItems = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(fakeItem) };
MockRepository mocks = new MockRepository();
var fakeConnection = mocks.DynamicMock<IConnectionManager>();
var fakeSystemInformation = mocks.DynamicMock<ISystemInformationService>();
var fakeProvider = mocks.DynamicMock<RegistryConnectionProvider>();
var fakeWmiProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
var fakeDataCollector = mocks.DynamicMock<RegistryObjectCollector>();
fakeDataCollector.WmiDataProvider = fakeWmiProvider;
var registryItemTypeGeneration = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataCollector, WmiDataProvider = fakeWmiProvider };
Expect.Call(fakeConnection.Connect<RegistryConnectionProvider>(null, null)).IgnoreArguments().Repeat.Any().Return(fakeProvider);
Expect.Call(fakeDataCollector.CollectDataForSystemItem(fakeItem)).IgnoreArguments().Repeat.Any().Return(fakeCollectedItems);
Expect.Call(fakeDataCollector.GetValues(null)).IgnoreArguments().Repeat.Any().Return(fakeValues);
Expect.Call(fakeSystemInformation.GetSystemInformationFrom(null)).IgnoreArguments().Return(SystemInformationFactory.GetExpectedSystemInformation());
mocks.ReplayAll();
return new RegistryProber() { ConnectionManager = fakeConnection, ObjectCollector = fakeDataCollector, ItemTypeGenerator = registryItemTypeGeneration};
}
public void Should_be_possible_to_execute_a_collect_for_RegKeyEffectiveRights_with_referenced_variable_on_key_entity()
{
var fakeObjects = new Definitions.ObjectType[] { ProbeHelper.GetDefinitionObjectTypeByID("definitionsSimple", "770") };
string fakeVariableValue = @"SOFTWARE\Microsoft\Windows NT\CurrentVersion";
var fakeEvaluatedVariables = VariableHelper.CreateVariableWithOneValue("oval:modulo:obj:770", "oval:modulo:var:770", fakeVariableValue);
var fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(fakeObjects, fakeEvaluatedVariables, null);
var fakeCollectedItems = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(new regkeyeffectiverights_item()) };
var prober = this.GetMockedRegKeyEffectiveRightsProber(fakeCollectedItems, null);
var proberExecutionResult = prober.Execute(FakeContext, FakeTargetInfo, fakeCollectInfo);
this.doBasicProbeResultAssert(proberExecutionResult);
CollectedObject collectedObject = proberExecutionResult.CollectedObjects.Single(obj => obj.ObjectType.id.Equals("oval:modulo:obj:770"));
this.assertCollectedItemsReferences(collectedObject, (IList<ItemType>)collectedObject.SystemData);
Assert.AreEqual(1, collectedObject.SystemData.Count, "Unexpected system data count.");
this.assertCollectedItemStatus(collectedObject.ObjectType.reference.ElementAt(0), collectedObject.SystemData[0]);
}
public void Should_be_possible_to_process_a_RegKeyEffectiveRightsObject_with_set_operation()
{
var definitions = ProbeHelper.GetFakeOvalDefinitions("definitionsSimple.xml");
var fakeObjects = this.GetFakeObjectsFromDefinitions(definitions, new string[] { "750", "751", "760" });
var fakeSysCharac = ProbeHelper.GetOvalSystemCharacteristicsFromFile("system_characteristics_with_sets.xml");
var fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(fakeObjects, null, fakeSysCharac);
var fakeCollectedItems = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(new regkeyeffectiverights_item()) };
var prober = this.GetMockedRegKeyEffectiveRightsProber(fakeCollectedItems, null);
ProbeResult proberExecutionResult = prober.Execute(FakeContext, FakeTargetInfo, fakeCollectInfo);
this.doBasicProbeResultAssert(proberExecutionResult);
Assert.AreEqual(3, proberExecutionResult.CollectedObjects.Count(), "Unexpected collected objects count.");
var collectedObjFromObjectWithSet = proberExecutionResult.CollectedObjects.SingleOrDefault(obj => obj.ObjectType.id.Equals("oval:modulo:obj:760"));
Assert.IsNotNull(collectedObjFromObjectWithSet, "There are no collected objects generated from object type with set.");
var referencedItems = collectedObjFromObjectWithSet.ObjectType.reference;
Assert.AreEqual(2, referencedItems.Count(), "Unexpected collected object references count.");
Assert.AreEqual("761", referencedItems.ElementAt(0).item_ref, "Unexpected referenced item was found on collected object.");
Assert.AreEqual("762", referencedItems.ElementAt(1).item_ref, "Unexpected referenced item was found on collected object.");
var generatedItemFromObjectTypeWithSet = collectedObjFromObjectWithSet.SystemData;
Assert.IsNotNull(generatedItemFromObjectTypeWithSet, "No item type was found in collected object system data.");
Assert.AreEqual(2, generatedItemFromObjectTypeWithSet.Count, "Unexpected system data count.");
var firstRegKeyEffectiveRightsItem = (regkeyeffectiverights_item)generatedItemFromObjectTypeWithSet[0];
Assert.AreEqual("761", firstRegKeyEffectiveRightsItem.id, "Unexpected id for a item was found.");
Assert.AreEqual(@"SOFTWARE\Modulo\RiskManager", firstRegKeyEffectiveRightsItem.key.Value, "Unexpected entity item type value was found.");
Assert.AreEqual("0", firstRegKeyEffectiveRightsItem.key_enumerate_sub_keys.Value, "Unexpected entity item type value was found.");
var secondRegKeyEffectiveRightsItem = (regkeyeffectiverights_item)generatedItemFromObjectTypeWithSet[1];
Assert.AreEqual("762", secondRegKeyEffectiveRightsItem.id, "Unexpected id for a item was found.");
Assert.AreEqual(@"SOFTWARE\Modulo\RiskManagerNG", secondRegKeyEffectiveRightsItem.key.Value, "Unexpected entity item type value was found.");
Assert.AreEqual("1", secondRegKeyEffectiveRightsItem.key_enumerate_sub_keys.Value, "Unexpected entity item type value was found.");
}
private ProbeBase CreateMockedProbe(CollectedItem[] fakeCollectedItems, ItemType[] fakeGeneratedItems, Exception exceptionToThrow)
{
MockRepository mocks = new MockRepository();
var fakeConnectionManager = mocks.DynamicMock<IConnectionManager>();
var fakeSystemDataSource = mocks.DynamicMock<BaseObjectCollector>();
var fakeItemTypeGenerator = mocks.DynamicMock<IItemTypeGenerator>();
if (exceptionToThrow == null)
{
Expect.Call(fakeItemTypeGenerator.GetItemsToCollect(null, null)).IgnoreArguments().Return(fakeGeneratedItems);
Expect.Call(fakeSystemDataSource.CollectDataForSystemItem(null)).IgnoreArguments().Return(fakeCollectedItems);
}
else
{
Expect.Call(fakeItemTypeGenerator.GetItemsToCollect(null, null)).IgnoreArguments().Throw(exceptionToThrow);
Expect.Call(fakeSystemDataSource.CollectDataForSystemItem(null)).IgnoreArguments().CallOriginalMethod(OriginalCallOptions.NoExpectation);
}
mocks.ReplayAll();
return new AuditEventPolicyProber()
{
ConnectionManager = fakeConnectionManager,
ObjectCollector = fakeSystemDataSource,
ItemTypeGenerator = fakeItemTypeGenerator
};
}
private void DoBasicAssert(CollectedItem[] collectedItems, int expectedResultCount)
{
Assert.IsNotNull(collectedItems, "The result of item collection cannot be null");
Assert.AreEqual(1, collectedItems.Count(), "Unexpected items count was found.");
}
private void DoBasicAssertForXmlFileContentCollectedItems(CollectedItem[] collectedItems, StatusEnumeration expectedStatus)
{
var collectedItemType = collectedItems.Single().ItemType;
var withExistsStatus = expectedStatus == StatusEnumeration.exists;
var expectedType = typeof(xmlfilecontent_item);
ItemTypeChecker.DoBasicAssertForCollectedItems(collectedItems, 1, expectedType, withExistsStatus);
if (expectedStatus == StatusEnumeration.error)
ItemTypeChecker.AssertItemTypeWithErrorStatus(collectedItemType, "XmlFileContentObjectCollector");
else
Assert.AreEqual(expectedStatus, collectedItemType.status, "Unexpected collected item status was found.");
var filepathEntity = ((xmlfilecontent_item)collectedItemType).filepath;
var xpathEntity = ((xmlfilecontent_item)collectedItemType).xpath;
ItemTypeEntityChecker.AssertItemTypeEntity(filepathEntity, "c:\\temp");
ItemTypeEntityChecker.AssertItemTypeEntity(xpathEntity, "//generator/product_name");
}
private void DoBasicAssert(CollectedItem[] collectedItems, int expectedCollectedItemsCount)
{
Assert.IsNotNull(collectedItems, "There is no collected items.");
Assert.AreEqual(expectedCollectedItemsCount, collectedItems.Count(), "Unexpected collected items count was found.");
}
public ProcessProberTests()
{
this.FakeProcessItem = new process_item();
this.FakeCollectedItem = ProbeHelper.CreateFakeCollectedItem(new OVAL.SystemCharacteristics.Unix.process_item());
}
private void assertFileEffectiveRightsCollectedItems(CollectedItem expectedItem, ItemType collectedItem)
{
fileeffectiverights_item expectedFileItem = (fileeffectiverights_item)expectedItem.ItemType;
fileeffectiverights_item collectedFileItem = (fileeffectiverights_item)collectedItem;
Assert.AreEqual(expectedFileItem.trustee_sid.Value, collectedFileItem.trustee_sid.Value, string.Format(MSG_UNEXPECTED_COLLECTED_ENTITY_VALUE, "trustee_sid"));
}
private IEnumerable<CollectedItem> createFakeFamilyItem()
{
var familyItemType = new EntityItemFamilyType() { Value = "Windows" };
var family = new family_item() { id = "1", family = familyItemType };
var collectedItem = new CollectedItem() { ItemType = family, ExecutionLog = new List<ProbeLogItem>() };
return new List<CollectedItem>() { collectedItem } ;
}