OLD | NEW |
1 #!/usr/bin/python | 1 #!/usr/bin/python |
2 # -*- coding: utf-8 -*- | 2 # -*- coding: utf-8 -*- |
3 """Tests for the Run Windows Registry plugin.""" | 3 """Tests for the Run Windows Registry plugin.""" |
4 | 4 |
5 from __future__ import unicode_literals | 5 from __future__ import unicode_literals |
6 | 6 |
7 import unittest | 7 import unittest |
8 | 8 |
9 from plaso.formatters import winreg # pylint: disable=unused-import | 9 from plaso.formatters import winreg # pylint: disable=unused-import |
10 from plaso.lib import timelib | 10 from plaso.lib import timelib |
11 from plaso.parsers.winreg_plugins import run | 11 from plaso.parsers.winreg_plugins import run |
12 | 12 |
13 from tests import test_lib as shared_test_lib | 13 from tests import test_lib as shared_test_lib |
14 from tests.parsers.winreg_plugins import test_lib | 14 from tests.parsers.winreg_plugins import test_lib |
15 | 15 |
16 | 16 |
17 class AutoRunsPluginTest(test_lib.RegistryPluginTestCase): | 17 class AutoRunsPluginTest(test_lib.RegistryPluginTestCase): |
18 """Tests for the auto rus Windows Registry plugin.""" | 18 """Tests for the auto rus Windows Registry plugin.""" |
19 | 19 |
| 20 def testFilters(self): |
| 21 """Tests the FILTERS class attribute.""" |
| 22 plugin = run.AutoRunsPlugin() |
| 23 |
| 24 key_path = ( |
| 25 'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\' |
| 26 'Run') |
| 27 self._AssertFiltersOnKeyPath(plugin, key_path) |
| 28 |
| 29 key_path = ( |
| 30 'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\' |
| 31 'RunOnce') |
| 32 self._AssertFiltersOnKeyPath(plugin, key_path) |
| 33 |
| 34 key_path = ( |
| 35 'HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\' |
| 36 'Run') |
| 37 self._AssertFiltersOnKeyPath(plugin, key_path) |
| 38 |
| 39 key_path = ( |
| 40 'HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\' |
| 41 'RunOnce') |
| 42 self._AssertFiltersOnKeyPath(plugin, key_path) |
| 43 |
| 44 key_path = ( |
| 45 'HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\' |
| 46 'RunOnce\\Setup') |
| 47 self._AssertFiltersOnKeyPath(plugin, key_path) |
| 48 |
| 49 key_path = ( |
| 50 'HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\' |
| 51 'RunServices') |
| 52 self._AssertFiltersOnKeyPath(plugin, key_path) |
| 53 |
| 54 key_path = ( |
| 55 'HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\' |
| 56 'RunServicesOnce') |
| 57 self._AssertFiltersOnKeyPath(plugin, key_path) |
| 58 |
| 59 self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus') |
| 60 |
20 @shared_test_lib.skipUnlessHasTestFile(['NTUSER-RunTests.DAT']) | 61 @shared_test_lib.skipUnlessHasTestFile(['NTUSER-RunTests.DAT']) |
21 def testProcessNtuserRun(self): | 62 def testProcessNtuserRun(self): |
22 """Tests the Process function on a Run key.""" | 63 """Tests the Process function on a Run key.""" |
23 test_file_entry = self._GetTestFileEntry(['NTUSER-RunTests.DAT']) | 64 test_file_entry = self._GetTestFileEntry(['NTUSER-RunTests.DAT']) |
24 key_path = ( | 65 key_path = ( |
25 'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\' | 66 'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\' |
26 'Run') | 67 'Run') |
27 | 68 |
28 win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) | 69 win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) |
29 registry_key = win_registry.GetKeyByPath(key_path) | 70 registry_key = win_registry.GetKeyByPath(key_path) |
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
165 expected_message = ( | 206 expected_message = ( |
166 '[{0:s}] *WerKernelReporting: %SYSTEMROOT%\\SYSTEM32\\WerFault.exe ' | 207 '[{0:s}] *WerKernelReporting: %SYSTEMROOT%\\SYSTEM32\\WerFault.exe ' |
167 '-k -rq').format(key_path) | 208 '-k -rq').format(key_path) |
168 expected_short_message = '{0:s}...'.format(expected_message[:77]) | 209 expected_short_message = '{0:s}...'.format(expected_message[:77]) |
169 | 210 |
170 self._TestGetMessageStrings(event, expected_message, expected_short_message) | 211 self._TestGetMessageStrings(event, expected_message, expected_short_message) |
171 | 212 |
172 | 213 |
173 if __name__ == '__main__': | 214 if __name__ == '__main__': |
174 unittest.main() | 215 unittest.main() |
OLD | NEW |