OLD | NEW |
1 #!/usr/bin/python | 1 #!/usr/bin/python |
2 # -*- coding: utf-8 -*- | 2 # -*- coding: utf-8 -*- |
3 """Tests for the UserAssist Windows Registry plugin.""" | 3 """Tests for the UserAssist Windows Registry plugin.""" |
4 | 4 |
5 from __future__ import unicode_literals | 5 from __future__ import unicode_literals |
6 | 6 |
7 import unittest | 7 import unittest |
8 | 8 |
9 from plaso.formatters import userassist as _ # pylint: disable=unused-import | 9 from plaso.formatters import userassist as _ # pylint: disable=unused-import |
10 from plaso.lib import definitions | 10 from plaso.lib import definitions |
11 from plaso.lib import timelib | 11 from plaso.lib import timelib |
12 from plaso.parsers.winreg_plugins import userassist | 12 from plaso.parsers.winreg_plugins import userassist |
13 | 13 |
14 from tests import test_lib as shared_test_lib | 14 from tests import test_lib as shared_test_lib |
15 from tests.parsers.winreg_plugins import test_lib | 15 from tests.parsers.winreg_plugins import test_lib |
16 | 16 |
17 | 17 |
18 class UserAssistPluginTest(test_lib.RegistryPluginTestCase): | 18 class UserAssistPluginTest(test_lib.RegistryPluginTestCase): |
19 """Tests for the UserAssist Windows Registry plugin.""" | 19 """Tests for the UserAssist Windows Registry plugin.""" |
20 | 20 |
| 21 _TEST_GUIDS = [ |
| 22 '{0D6D4F41-2994-4BA0-8FEF-620E43CD2812}', |
| 23 '{5E6AB780-7743-11CF-A12B-00AA004AE837}', |
| 24 '{75048700-EF1F-11D0-9888-006097DEACF9}', |
| 25 '{9E04CAB2-CC14-11DF-BB8C-A2F1DED72085}', |
| 26 '{A3D53349-6E61-4557-8FC7-0028EDCEEBF6}', |
| 27 '{B267E3AD-A825-4A09-82B9-EEC22AA3B847}', |
| 28 '{BCB48336-4DDD-48FF-BB0B-D3190DACB3E2}', |
| 29 '{CAA59E3C-4792-41A5-9909-6A6A8D32490E}', |
| 30 '{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}', |
| 31 '{F2A1CB5A-E3CC-4A2E-AF9D-505A7009D442}', |
| 32 '{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}', |
| 33 '{FA99DFC7-6AC2-453A-A5E2-5E2AFF4507BD}'] |
| 34 |
| 35 def testFilters(self): |
| 36 """Tests the FILTERS class attribute.""" |
| 37 plugin = userassist.UserAssistPlugin() |
| 38 |
| 39 for guid in self._TEST_GUIDS: |
| 40 key_path = ( |
| 41 'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\' |
| 42 'Explorer\\UserAssist\\{0:s}').format(guid) |
| 43 self._AssertFiltersOnKeyPath(plugin, key_path) |
| 44 |
| 45 self._AssertNotFiltersOnKeyPath(plugin, 'HKEY_LOCAL_MACHINE\\Bogus') |
| 46 |
21 @shared_test_lib.skipUnlessHasTestFile(['NTUSER.DAT']) | 47 @shared_test_lib.skipUnlessHasTestFile(['NTUSER.DAT']) |
22 def testProcessOnWinXP(self): | 48 def testProcessOnWinXP(self): |
23 """Tests the Process function on a Windows XP Registry file.""" | 49 """Tests the Process function on a Windows XP Registry file.""" |
24 test_file_entry = self._GetTestFileEntry(['NTUSER.DAT']) | 50 test_file_entry = self._GetTestFileEntry(['NTUSER.DAT']) |
25 key_path = ( | 51 key_path = ( |
26 'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\' | 52 'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\' |
27 'Explorer\\UserAssist\\{75048700-EF1F-11D0-9888-006097DEACF9}') | 53 'Explorer\\UserAssist\\{75048700-EF1F-11D0-9888-006097DEACF9}') |
28 | 54 |
29 win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) | 55 win_registry = self._GetWinRegistryFromFileEntry(test_file_entry) |
30 registry_key = win_registry.GetKeyByPath(key_path) | 56 registry_key = win_registry.GetKeyByPath(key_path) |
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
108 'Application focus count: 21 ' | 134 'Application focus count: 21 ' |
109 'Application focus duration: 420000').format( | 135 'Application focus duration: 420000').format( |
110 key_path, expected_value_name) | 136 key_path, expected_value_name) |
111 expected_short_message = '{0:s} Count: 14'.format(expected_value_name) | 137 expected_short_message = '{0:s} Count: 14'.format(expected_value_name) |
112 | 138 |
113 self._TestGetMessageStrings(event, expected_message, expected_short_message) | 139 self._TestGetMessageStrings(event, expected_message, expected_short_message) |
114 | 140 |
115 | 141 |
116 if __name__ == '__main__': | 142 if __name__ == '__main__': |
117 unittest.main() | 143 unittest.main() |
OLD | NEW |