public void Should_not_be_possible_to_get_value_to_variableComponent_if_this_variable_refer_his_localVariable()
{
OvalDocumentLoader ovalDocuments = new OvalDocumentLoader();
oval_definitions definitions = ovalDocuments.GetFakeOvalDefinitions("definitionsWithLocalVariable.xml");
Assert.IsNotNull(definitions);
oval_system_characteristics systemSystemCharacteristics = ovalDocuments.GetFakeOvalSystemCharacteristics("system_characteristics_with_local_variable.xml");
Assert.IsNotNull(systemSystemCharacteristics);
VariablesTypeVariableLocal_variable localVariable = new VariablesTypeVariableLocal_variable()
{
id = "oval:org.mitre.oval:var:4000"
};
VariableComponentType variableComponent = new VariableComponentType()
{
var_ref = "oval:org.mitre.oval:var:4000"
};
LocalVariableVariablesComponent variableComponentEvaluator = new LocalVariableVariablesComponent(localVariable, variableComponent, definitions.variables, systemSystemCharacteristics);
IEnumerable <string> values = variableComponentEvaluator.GetValue();
Assert.IsTrue(values.Count() == 0);
}
public void Should_be_possible_to_get_only_unique_values_for_a_list_with_duplicates()
{
VariablesTypeVariableLocal_variable localVariable = LocalVariableBuilder.
CreateTheLocalVariable().
WithUnique().
AddLiteralComponent(@"banana").
AddLiteralComponent(@"banana").
AddLiteralComponent(@"apple").
AddLiteralComponent(@"banana").
SetInLocalVariable().
Build();
oval_definitions definitions = this.ovalDocument.GetFakeOvalDefinitions("definitionsWithLocalVariable.xml");
Assert.IsNotNull(definitions, "the definitions was loaded");
oval_system_characteristics systemCharacteristics = this.ovalDocument.GetFakeOvalSystemCharacteristics("system_characteristics_with_local_variable.xml");
Assert.IsNotNull(systemCharacteristics, "the systemCharacteristics was not loaded");
LocalVariableComponentsFactory factory = new LocalVariableComponentsFactory(systemCharacteristics, definitions.variables);
var uniqueFunctionComponent = factory.GetLocalVariableComponent(localVariable);
Assert.IsInstanceOfType(uniqueFunctionComponent, typeof(UniqueFunctionComponent));
IEnumerable <string> values = uniqueFunctionComponent.GetValue();
Assert.AreEqual(2, values.Count());
Assert.AreEqual("banana", values.ElementAt(0));
Assert.AreEqual("apple", values.ElementAt(1));
}
public void Should_be_possible_to_evaluate_a_Set_in_the_ObjectType()
{
OvalDocumentLoader ovalDocument = new OvalDocumentLoader();
sc.oval_system_characteristics systemCharacteristics = ovalDocument.GetFakeOvalSystemCharacteristics("system_characteristics_with_sets.xml");
oval_definitions definitions = ovalDocument.GetFakeOvalDefinitions("definitionsWithSet.xml");
IEnumerable <StateType> states = definitions.states;
set registryObjectSet = SetFactory.GetSetFromDefinitionsOfRegistryObject("definitionsWithSet.xml", "oval:org.mitre.oval:obj:6000");
SetEvaluator setEvaluator = new SetEvaluator(systemCharacteristics, states, null);
SetResult result = setEvaluator.Evaluate(registryObjectSet);
Assert.IsNotNull(result, "the items expected is null");
Assert.AreEqual(3, result.Result.Count(), "the quantity of items is not expected");
Assert.AreEqual(FlagEnumeration.complete, result.ObjectFlag, "the object flag is not expected");
string element = result.Result.Where <string>(item => item == "1").SingleOrDefault();
Assert.IsNotNull(element, "the element expected is not exits");
element = result.Result.Where <string>(item => item == "2").SingleOrDefault();
Assert.IsNotNull(element, "the element expected is not exits");
element = result.Result.Where <string>(item => item == "3").SingleOrDefault();
Assert.IsNotNull(element, "the element expected is not exits");
}
/// <summary>
/// Gets the oval variables from the OvalDefinitions property.
/// </summary>
/// <returns></returns>
public IEnumerable <VariableType> GetOvalVariables(IDocumentSession session)
{
try
{
if (Variables == null)
{
oval_definitions oval = this.GetOvalDefinitions(session);
if (oval.variables != null)
{
Variables = oval.variables.ToArray();
}
if (Variables == null)
{
Variables = new List <VariableType>().ToArray();
}
return(Variables);
}
return(Variables);
}
catch (Exception ex)
{
var errorMessage = String.Format("The Oval Definitions XML is Invalid: {0}", ex.Message);
throw new InvalidXMLOvalDefinitionsException(errorMessage, ex);
}
}
public void MyTestInitialize()
{
OvalDocumentLoader ovalDocument = new OvalDocumentLoader();
definitions = ovalDocument.GetFakeOvalDefinitions("definitionsWithLocalVariable.xml");
systemCharacteristics = ovalDocument.GetFakeOvalSystemCharacteristics("system_characteristics_with_local_variable.xml");
}
private FileItemTypeGenerator GetMockedFileItemTypeGenerator(string fileObjectID, string[] fakeFoundPaths, out file_object fileObject)
{
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions(DEFINITIONS_REGEX_ON_VALUE);
fileObject = (file_object)ProbeHelper.GetOvalComponentByOvalID(definitions, fileObjectID);
List <WmiObject> fakeWmiObjects = new List <WmiObject>();
foreach (var fakePath in fakeFoundPaths)
{
fakeWmiObjects.Add(this.createFakeWmiObject(fakePath, "Application", 100));
}
MockRepository mocks = new MockRepository();
WmiDataProvider fakeWmiProvider = mocks.DynamicMock <WmiDataProvider>();
Expect.Call(fakeWmiProvider.SearchWmiObjects(null, null)).IgnoreArguments().Return(fakeWmiObjects.ToArray());
mocks.ReplayAll();
return(new FileItemTypeGenerator()
{
SystemDataSource = new FileObjectCollector()
{
WmiDataProvider = fakeWmiProvider
}
});
}
public void Should_be_possible_to_get_value_to_variableComponent_by_the_LocalVariable()
{
OvalDocumentLoader ovalDocuments = new OvalDocumentLoader();
oval_definitions definitions = ovalDocuments.GetFakeOvalDefinitions("definitionsWithLocalVariable.xml");
Assert.IsNotNull(definitions);
oval_system_characteristics systemSystemCharacteristics = ovalDocuments.GetFakeOvalSystemCharacteristics("system_characteristics_with_local_variable.xml");
Assert.IsNotNull(systemSystemCharacteristics);
VariablesTypeVariableLocal_variable localVariable = new VariablesTypeVariableLocal_variable()
{
id = "oval:org.mitre.oval:var:5000"
};
VariableComponentType variableComponent = new VariableComponentType()
{
var_ref = "oval:org.mitre.oval:var:4000"
};
LocalVariableVariablesComponent variableComponentEvaluator = new LocalVariableVariablesComponent(localVariable, variableComponent, definitions.variables, systemSystemCharacteristics);
IEnumerable <string> values = variableComponentEvaluator.GetValue();
Assert.IsTrue(values.Count() > 0, "the quantity of value is not expected");
Assert.IsTrue(values.ElementAt(0) == @"Software\Microsoft\Windows NT\CurrentVersion", "the value is not expected");
}
public void Should_be_possible_to_get_value_of_concatFunction_with_ObjectComponent_and_LiteralComponent()
{
VariablesTypeVariableLocal_variable localVariable = LocalVariableBuilder.
CreateTheLocalVariable().
WithConcat().
AddLiteralComponent(@"c:\").
AddObjectComponent("oval:org.mitre.oval:obj:1000", "family").
SetInLocalVariable().
Build();
oval_definitions definitions = this.ovalDocument.GetFakeOvalDefinitions("definitionsWithLocalVariable.xml");
Assert.IsNotNull(definitions, "the definitions was loaded");
oval_system_characteristics systemCharacteristics = this.ovalDocument.GetFakeOvalSystemCharacteristics("system_characteristics_with_local_variable.xml");
Assert.IsNotNull(systemCharacteristics, "the systemCharacteristics was not loaded");
LocalVariableComponentsFactory factory = new LocalVariableComponentsFactory(systemCharacteristics, definitions.variables);
LocalVariableComponent concatFunctionComponent = factory.GetLocalVariableComponent(localVariable);
Assert.IsInstanceOfType(concatFunctionComponent, typeof(ConcatFunctionComponent));
IEnumerable <string> values = concatFunctionComponent.GetValue();
Assert.IsTrue(values.Count() > 0, "the quantity is not expected");
Assert.IsTrue(values.ElementAt(0) == @"c:\windows", "the value is not expected");
}
public void Should_be_possible_to_get_value_of_concatFunction_with_multiples_values_of_return()
{
VariablesTypeVariableLocal_variable localVariable = LocalVariableBuilder.
CreateTheLocalVariable().
WithConcat().
AddObjectComponent("oval:org.mitre.oval:obj:5000", "name").
AddLiteralComponent(@"\").
AddObjectComponent("oval:org.mitre.oval:obj:6000", "name").
AddLiteralComponent(@"\").
AddObjectComponent("oval:org.mitre.oval:obj:7000", "name").
SetInLocalVariable().
Build();
oval_definitions definitions = this.ovalDocument.GetFakeOvalDefinitions("definitionsWithLocalVariable.xml");
Assert.IsNotNull(definitions, "the definitions was loaded");
oval_system_characteristics systemCharacteristics = this.ovalDocument.GetFakeOvalSystemCharacteristics("system_characteristics_with_local_variable.xml");
Assert.IsNotNull(systemCharacteristics, "the systemCharacteristics was not loaded");
LocalVariableComponentsFactory factory = new LocalVariableComponentsFactory(systemCharacteristics, definitions.variables);
LocalVariableComponent concatFunctionComponent = factory.GetLocalVariableComponent(localVariable);
Assert.IsInstanceOfType(concatFunctionComponent, typeof(ConcatFunctionComponent));
IEnumerable <string> values = concatFunctionComponent.GetValue();
Assert.IsTrue(values.Count() == 4, "the quantity is not expected");
Assert.IsTrue(values.ElementAt(0) == @"BuildLabEx\SoftwareType\InstallDate", "the value is not expected");
Assert.IsTrue(values.ElementAt(1) == @"BuildLabEx\SystemRoot\InstallDate", "the value is not expected");
Assert.IsTrue(values.ElementAt(2) == @"CSDBuildNumber\SoftwareType\InstallDate", "the value is not expected");
Assert.IsTrue(values.ElementAt(3) == @"CSDBuildNumber\SystemRoot\InstallDate", "the value is not expected");
}
public void Should_be_possible_to_collect_file_effective_rights()
{
#region File Effective Rights Object
//<fileeffectiverights_object id="oval:modulo:obj:7" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
// <path>c:\temp</path>
// <filename>file1.txt</filename>
// <trustee_name>mss\lfernandes</trustee_name>
//</fileeffectiverights_object>
#endregion
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions("definitionsSimple.xml");
CollectInfo fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(definitions.objects, null, null);
Definitions::ObjectType fileEffectiveRightsObject = ProbeHelper.GetOvalComponentByOvalID(definitions, "oval:modulo:obj:7");
IEnumerable <CollectedItem> fakeCollectedItems = new CollectedItem[] { this.createFakeCollectedItem(fileEffectiveRightsObject) };
FileEffectiveRightsProber prober = this.createMockedFileEffectiveRightsProber(fakeCollectedItems);
ProbeResult result = prober.Execute(ProbeHelper.CreateFakeContext(), ProbeHelper.CreateFakeTarget(), fakeCollectInfo);
Assert.IsNotNull(result, "The result of FileEffectiveRightsProber execution cannot be null.");
Assert.IsNotNull(result.ExecutionLog, "The ExecutionLog of FileEffectiveRightsProber was not created.");
Assert.IsNotNull(result.CollectedObjects, "There are no collected objects.");
Assert.AreEqual(1, result.CollectedObjects.Count(), "Unexpected collected objects count found.");
this.AssertCollectedFileItems(fileEffectiveRightsObject, result.CollectedObjects.ElementAt(0), fakeCollectedItems);
}
public void Should_be_possible_to_get_a_registryObject_with_his_variable_processed_with_multiple_values()
{
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions(DEFINITIONS_WITH_CONST_VARIABLES);
registry_object ovalRegistryObject = (registry_object)ProbeHelper.GetOvalComponentByOvalID(definitions, OBJ_3000_ID);
Assert.IsNotNull(ovalRegistryObject, "the oval registry object is not exists in the fakeDefinitions");
Dictionary <String, EntityObjectStringType> allRegistryEntities = OvalHelper.GetRegistryEntitiesFromObjectType(ovalRegistryObject);
string expectedHiveValue = allRegistryEntities[registry_object_ItemsChoices.hive.ToString()].Value;
string expectedNameValue = allRegistryEntities[registry_object_ItemsChoices.name.ToString()].Value;
string[] variableValues = new string[] { VAR_3000_VALUE_1, VAR_3000_VALUE_2 };
VariablesEvaluated variablesEvaluated = VariableHelper.CreateVariableWithMultiplesValue(OBJ_3000_ID, VAR_3000_ID, variableValues);
RegistryEntityVariableEvaluator registryEntityVariableEvaluator = new RegistryEntityVariableEvaluator(variablesEvaluated);
IEnumerable <RegistryObject> registries = registryEntityVariableEvaluator.ProcessVariableForRegistryObject(ovalRegistryObject);
Assert.AreEqual(2, registries.Count(), "the quantity of registries is not expected");
Assert.AreEqual(expectedHiveValue, registries.ElementAt(0).Hive, "the hive value is not expected");
Assert.AreEqual(VAR_3000_VALUE_1, registries.ElementAt(0).Key, "the key value is not expected");
Assert.AreEqual(expectedNameValue, registries.ElementAt(0).Name, "the name value is not expected");
Assert.AreEqual(expectedHiveValue, registries.ElementAt(1).Hive, "the hive value is not expected");
Assert.AreEqual(VAR_3000_VALUE_2, registries.ElementAt(1).Key, "the key value is not expected");
Assert.AreEqual(expectedNameValue, registries.ElementAt(1).Name, "the name value is not expected");
}
public void Should_be_possible_to_get_count_result_for_a_simple_list()
{
VariablesTypeVariableLocal_variable localVariable = LocalVariableBuilder.
CreateTheLocalVariable().
WithCount().
AddLiteralComponent(@"banana").
AddLiteralComponent(@"apple").
SetInLocalVariable().
Build();
oval_definitions definitions = this.ovalDocument.GetFakeOvalDefinitions("definitionsWithLocalVariable.xml");
Assert.IsNotNull(definitions, "the definitions was loaded");
oval_system_characteristics systemCharacteristics = this.ovalDocument.GetFakeOvalSystemCharacteristics("system_characteristics_with_local_variable.xml");
Assert.IsNotNull(systemCharacteristics, "the systemCharacteristics was not loaded");
LocalVariableComponentsFactory factory = new LocalVariableComponentsFactory(systemCharacteristics, definitions.variables);
var countFunctionComponent = factory.GetLocalVariableComponent(localVariable);
Assert.IsInstanceOfType(countFunctionComponent, typeof(CountFunctionComponent));
IEnumerable <string> values = countFunctionComponent.GetValue();
Assert.AreEqual(1, values.Count());
Assert.AreEqual("2", values.First());
}
/// <summary>
/// Gets the states of the oval definitions.
/// </summary>
/// <returns></returns>
public IEnumerable <StateType> GetStates(IDocumentSession session)
{
try
{
if (States == null)
{
oval_definitions oval = this.GetOvalDefinitions(session);
if ((States == null) && (oval.states != null))
{
States = oval.states;
}
return(States);
}
else
{
return(States);
}
}
catch (Exception ex)
{
var errorMessage = String.Format("The Oval Definitions XML is Invalid: {0}", ex.Message);
throw new InvalidXMLOvalDefinitionsException(errorMessage, ex);
}
}
private VariablesEvaluated createFakeVariablesEvaluated(oval_definitions definitions, string objectID, string variableID)
{
VariableType variable = definitions.variables.Where(var => var.id.Equals(variableID)).Single();
string variableValue = ((VariablesTypeVariableConstant_variable)variable).value.First().Value;
return(VariableHelper.CreateVariableWithOneValue(objectID, variableID, variableValue));
}
public void MyTestInitialize()
{
OvalDocumentLoader ovalDocument = new OvalDocumentLoader();
this.systemCharacteristics = ovalDocument.GetFakeOvalSystemCharacteristics("system_characteristics_with_sets.xml");
oval_definitions definitions = ovalDocument.GetFakeOvalDefinitions("definitionsWithSet.xml");
this.states = definitions.states;
}
private file_object GetFileObjectToTest(string definitionsFileName, string objectNumber)
{
string objectID = string.Format(OBJ_ID_PATTERN, objectNumber);
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions(definitionsFileName);
file_object fileObject1001 = (file_object)ProbeHelper.GetOvalComponentByOvalID(definitions, objectID);
Assert.IsNotNull(fileObject1001, "the oval file object not exists in the fakeDefinitions");
return(fileObject1001);
}
public static set GetSetFromDefinitionsOfRegistryObject(string definitionsName, string idRegistryObject)
{
OvalDocumentLoader ovalDocument = new OvalDocumentLoader();
oval_definitions definition = ovalDocument.GetFakeOvalDefinitions(definitionsName);
ObjectType objectType = definition.objects.Where(x => x.id == idRegistryObject).SingleOrDefault();
set registryObjectSet = GetSetFromRegistryObject((registry_object)objectType);
return(registryObjectSet);
}
private Definitions.ObjectType[] GetFakeObjectsFromDefinitions(oval_definitions definitions, string[] objectIDs)
{
var fakeObjects = new List <Definitions.ObjectType>();
foreach (var objectID in objectIDs)
{
fakeObjects.Add(ProbeHelper.GetOvalComponentByOvalID(definitions, string.Format("oval:modulo:obj:{0}", objectID)));
}
return(fakeObjects.ToArray());
}
public void Should_be_access_information_from_the_registry_object_by_the_registry_wrapper()
{
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions("definitionsSimple.xml");
registry_object ovalRegistryObject = (registry_object)ProbeHelper.GetOvalComponentByOvalID(definitions, "oval:org.mitre.oval:obj:4000");
Assert.IsNotNull(ovalRegistryObject, "the oval registry object is not exists in the fakeDefinitions");
RegistryObject registry = RegistryObjectFactory.CreateRegistryObject(ovalRegistryObject);
Assert.AreEqual(registry.Hive, "HKEY_LOCAL_MACHINE", "the hive value is not expected");
Assert.AreEqual(registry.Key, @"Software\Microsoft\Windows NT\CSDBuild", "the key value is not expected");
Assert.AreEqual(registry.Name, "^D.*", "the hive value is not expected");
Assert.AreEqual(OperationEnumeration.patternmatch, registry.GetNameOperation(), "the operation from from name is not expected");
Assert.AreEqual(OperationEnumeration.equals, registry.GetKeyOperation(), "the operation from from key is not expected");
}
public void Should_be_access_variable_information_from_the_registry_object_by_the_registry_wrapper()
{
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions("definitionsWithConstantVariable.xml");
registry_object ovalRegistryObject = (registry_object)ProbeHelper.GetOvalComponentByOvalID(definitions, "oval:org.mitre.oval:obj:3000");
Assert.IsNotNull(ovalRegistryObject, "the oval registry object is not exists in the fakeDefinitions");
RegistryObject registry = RegistryObjectFactory.CreateRegistryObject(ovalRegistryObject);
Assert.AreEqual(registry.Hive, "HKEY_LOCAL_MACHINE", "the hive value is not expected");
Assert.AreEqual(registry.Key, "", "the key value is not expected");
Assert.AreEqual(registry.Name, "CurrentVersion", "the hive value is not expected");
Assert.AreEqual("oval:org.mitre.oval:var:3000", registry.GetVariableId(registry_object_ItemsChoices.key.ToString()), "the variableId from key is not expected");
Assert.AreEqual("", registry.GetVariableId(registry_object_ItemsChoices.name.ToString()), "the variableId from from name is not expected");
}
public void Should_Not_Be_Possible_To_Execute_A_Registry_Collect_If_The_Host_is_Unavailable()
{
IConnectionManager connectionManagerWithInvalidCredentials = GetConnectionMangerWithUnavailableBehavior();
RegistryProber probe = new RegistryProber();
probe.ConnectionManager = connectionManagerWithInvalidCredentials;
IList <registry_object> registryObjects = new List <registry_object>();
oval_definitions fakeDefinitions = ProbeHelper.GetFakeOvalDefinitions("fdcc_xpfirewall_oval.xml");
ProbeResult probeResult = probe.Execute(
ProbeHelper.CreateFakeContext(), ProbeHelper.CreateFakeTarget(), new CollectInfo()
{
ObjectTypes = fakeDefinitions.objects
});
}
public void Should_be_possible_generate_SIDItems_from_SIDObject_with_PatternMatchOperation_and_VariableReference_on_TrusteeNameEntity()
{
// Arrange
string[] fakeTrusteeNames = new string[]
{ "XPTO\\fernandess", @"MSS\lfernandes", @"LOCAL\lfernandes", @"lfernandes", "MSS\\admin" };
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions(DEFINITIONS_SIMPLE);
sid_object sidObject = (sid_object)definitions.objects.Where(obj => obj.id.Equals("oval:modulo:obj:99")).Single();
VariablesEvaluated fakeVariables = this.createFakeVariablesEvaluated(definitions, sidObject.id, "oval:modulo:var:99");
SIDItemTypeGenerator itemGenerator = this.GetMockecSidItemTypeGenerator(sidObject.id, fakeTrusteeNames);
// Act
var generatedItems = itemGenerator.GetItemsToCollect(sidObject, fakeVariables);
// Arrange
Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect cannot be null.");
Assert.AreEqual(3, generatedItems.Count(), "Unexpected items count was found.");
this.AssertAllGeneratedSidItems(generatedItems.ToList(), new string[] { @"MSS\lfernandes", @"LOCAL\lfernandes", @"lfernandes" });
}
public void Should_be_possible_to_generate_SIDItems_from_SIDObject_with_referenced_variable()
{
// Arrange
oval_definitions definitions = ProbeHelper.GetFakeOvalDefinitions(DEFINITIONS_SIMPLE);
sid_object sidObject10 = (sid_object)definitions.objects.Where(obj => obj.id.Equals("oval:modulo:obj:11")).Single();
VariableType variable10 = definitions.variables.Where(var => var.id.Equals("oval:modulo:var:10")).Single();
string variable10Value = ((VariablesTypeVariableConstant_variable)variable10).value.First().Value;
VariablesEvaluated fakeVariables = VariableHelper.CreateVariableWithOneValue(sidObject10.id, variable10.id, variable10Value);
SIDItemTypeGenerator itemGenerator = new SIDItemTypeGenerator();
// Act
IList <ItemType> generatedItems = itemGenerator.GetItemsToCollect(sidObject10, fakeVariables).ToList();
Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect cannot be null.");
Assert.AreEqual(1, generatedItems.Count, "Unexpected items count was found.");
Assert.IsInstanceOfType(generatedItems[0], typeof(sid_item), "Unexpected type of generated item found. The correct type is 'sid_item'");
Assert.AreEqual(variable10Value, ((sid_item)generatedItems[0]).trustee_name.Value);
}
public void Should_Be_Possible_To_Execute_A_Default_Registry_Collect()
{
// Arrange
oval_definitions fakeDefinitions = ProbeHelper.GetFakeOvalDefinitions("fdcc_xpfirewall_oval.xml");
CollectInfo fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(fakeDefinitions.objects.OfType <registry_object>().ToArray(), null, null);
registry_item fakeItem = this.GetFakeRegistryItem("Software\\Modulo", "NG", eValueTypes.STRING, "Secret");
List <registry_item> expectedRegistryItems = new List <registry_item>(new registry_item[] { fakeItem });
RegistryProber registryProber = this.GetMockedRegistryProber(fakeItem);
// Act
IEnumerable <CollectedObject> result = registryProber.Execute(this.fakeContext, this.fakeTarget, fakeCollectInfo).CollectedObjects;
// Assert
Assert.AreEqual(46, result.Count());
this.AssertProbeResultItem(result.ElementAt(0), fakeDefinitions.objects[1].id, null, expectedRegistryItems);
this.AssertProbeResultItem(result.ElementAt(10), fakeDefinitions.objects[11].id, null, expectedRegistryItems);
this.AssertProbeResultItem(result.ElementAt(45), fakeDefinitions.objects[46].id, null, expectedRegistryItems);
}
public void Should_Be_Possible_To_Extract_From_OVAL_Definitions_Objects_That_Not_Contains_A_Test_Or_DefinitionAssociated()
{
oval_definitions fakeDefinitions = ProbeHelper.GetFakeOvalDefinitions("definitionsWithOnlyObjects.xml");
Assert.IsNotNull(fakeDefinitions.objects);
Assert.AreEqual(6, fakeDefinitions.objects.Count());
Assert.IsNotNull(fakeDefinitions.objects.SingleOrDefault(obj => obj.id.Equals("oval:gov.nist.fdcc.xpfirewall:obj:50000")));
registry_object obj50001 = (registry_object)fakeDefinitions.objects.SingleOrDefault(obj => obj.id.Equals("oval:gov.nist.fdcc.xpfirewall:obj:50001"));
Assert.IsNotNull(obj50001);
string foundHiveName = ((EntityObjectRegistryHiveType)obj50001.Items[0]).Value;
string foundKeyName = ((EntityObjectStringType)obj50001.Items[1]).Value;
EntityObjectStringType foundValueEntity = (EntityObjectStringType)obj50001.Items[2];
Assert.AreEqual("HKEY_LOCAL_MACHINE", foundHiveName);
Assert.AreEqual("SOFTWARE\\Microsoft\\Windows\\CurrentVersion", foundKeyName);
Assert.AreEqual(OperationEnumeration.patternmatch, foundValueEntity.operation);
Assert.AreEqual(".*Build$", foundValueEntity.Value);
}
public void Should_be_possible_to_execute_a_registry_collect_with_variables()
{
// Arrange
string[] fakeVarValues = new string[] { @"Software\Microsoft\Windows NT\CurrentVersion" };
oval_definitions fakeDefinitions = ProbeHelper.GetFakeOvalDefinitions("definitionsWithConstantVariable.xml");
var fakeObjects = fakeDefinitions.objects.OfType <registry_object>().ToArray();
VariablesEvaluated variables = VariableHelper.CreateVariableWithMultiplesValue(OBJ_3000_ID, VAR_3000_ID, fakeVarValues);
CollectInfo fakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(fakeObjects, variables, null);
registry_item fakeRegistryItem = this.GetFakeRegistryItem(@"Software\Microsoft\Windows NT\CurrentVersion", "CurrentVersion", eValueTypes.STRING, "6.0");
RegistryProber registryProber = this.GetMockedRegistryProber(fakeRegistryItem);
// Act
IEnumerable <CollectedObject> result = registryProber.Execute(fakeContext, fakeTarget, fakeCollectInfo).CollectedObjects;
// Assert
Assert.AreEqual(1, result.Count(), "the quantity is not expected");
this.AssertProbeResultItem(result.ElementAt(0), fakeDefinitions.objects[1].id, fakeVarValues, new List <registry_item>()
{
fakeRegistryItem
});
}
/// <summary>
/// This method return the list of ObjectTypes by the OvalDefinitions property.
/// </summary>
/// <returns></returns>
public IEnumerable <Definitions.ObjectType> GetObjectTypes(IDocumentSession session)
{
try
{
if (ObjectTypes == null)
{
oval_definitions oval = this.GetOvalDefinitions(session);
ObjectTypes = oval.objects.ToArray();
return(ObjectTypes);
}
else
{
return(ObjectTypes);
}
}
catch (Exception ex)
{
var errorMessage = String.Format("The Oval Definitions XML is Invalid: {0}", ex.Message);
throw new InvalidXMLOvalDefinitionsException(errorMessage, ex);
}
}
public void Should_be_evaluate_a_local_Variables_of_an_entityType()
{
OvalDocumentLoader ovalDocument = new OvalDocumentLoader();
oval_definitions definitions = ovalDocument.GetFakeOvalDefinitions("definitionsWithLocalVariable.xml");
Assert.IsNotNull(definitions, "the definitios is not created");
oval_system_characteristics systemCharacteristics = ovalDocument.GetFakeOvalSystemCharacteristics("system_characteristics_with_local_variable.xml");
Assert.IsNotNull(definitions, "the system Characteristics is not was created");
EntityObjectStringType entityType = new EntityObjectStringType();
entityType.var_ref = "oval:org.mitre.oval:var:4000";
VariableEvaluator variableEvaluator = new VariableEvaluator(definitions.variables, systemCharacteristics, null);
IEnumerable <string> values = variableEvaluator.Evaluate(entityType);
Assert.IsNotNull(values, "the valueToMatch of variable is null");
Assert.IsTrue(values.Count() == 1, "the quantity of values is not expected");
Assert.IsTrue(values.ElementAt(0) == @"Software\Microsoft\Windows NT\CurrentVersion", "the value is not expected");
}
public WmiItemTypeGeneratorTest()
{
this.OvalDefinitions = ProbeHelper.GetFakeOvalDefinitions("definitionsSimple.xml");
}
public FileEffectiveRights53EntityVariableEvaluatorTest()
{
this.Definitions = ProbeHelper.GetFakeOvalDefinitions("definitionsSimple");
}
