From d3528b397e6b7f4c0dda3ad2d7605e281ceda7cd Mon Sep 17 00:00:00 2001 From: Martin SK Date: Thu, 1 Aug 2024 18:43:42 +0300 Subject: [PATCH] WIP --- regipy_tests/__init__.py | 25 +++++++++++++++++++ regipy_tests/validation/plugin_validation.md | 4 +-- regipy_tests/validation/plugin_validation.py | 1 + .../boot_entry_list_plugin_validation.py | 10 ++++++++ .../boot_key_plugin_validation.py | 10 ++++++++ .../computer_name_plugin_validation.py | 12 +++++++++ .../domain_sid_plugin_validation.py | 10 ++++++++ .../host_domain_name_plugin_validation.py | 10 ++++++++ ...led_programs_software_plugin_validation.py | 14 +++++++++++ .../last_logon_plugin_validation.py | 12 +++++++++ .../local_sid_plugin_validation.py | 10 ++++++++ .../network_data_plugin_validation.py | 9 +++++++ .../network_drives_plugin_validation.py | 10 ++++++++ ...ser_classes_installer_plugin_validation.py | 11 ++++++++ .../print_demon_plugin_validation.py | 12 +++++++++ .../profile_list_plugin_validation.py | 12 +++++++++ .../ras_tracing_plugin_validation.py | 12 +++++++++ .../services_plugin_validation.py | 13 ++++++++++ .../shell_bag_ntuser_plugin_validation.py | 13 ++++++++++ .../shell_bag_usrclass_plugin_validation.py | 11 ++++++++ ...are_classes_installer_plugin_validation.py | 12 +++++++++ .../test_boot_entry_list_plugin_bcd.py | 0 .../test_bootkey_plugin_system.py | 0 .../test_classes_installer_plugin_ntuser.py | 0 .../test_classes_installer_plugin_software.py | 0 .../test_computer_name_plugin.py | 0 .../test_domain_sid_plugin_security.py | 0 .../test_host_domain_name_plugin_system.py | 0 ...test_installed_programs_plugin_software.py | 0 .../test_last_logon_plugin_software.py | 0 .../test_local_sid_plugin_sam.py | 0 .../validation_tests/test_netdrives.py | 0 .../test_network_data_plugin.py | 0 .../test_printdemon_plugin.py | 0 .../test_profilelist_plugin.py | 0 .../test_ras_tracing_plugin_software.py | 0 .../test_services_plugin_on_corrupted_hive.py | 0 .../test_shellbags_plugin_ntuser.py | 0 .../test_shellbags_plugin_usrclass.py | 0 .../test_typed_paths_plugin_ntuser.py | 0 .../test_typed_urls_plugin_ntuser.py | 0 .../test_uac_status_plugin_software.py | 0 .../validation_tests/test_usbstor.py | 0 .../validation_tests/test_wdigest.py | 0 .../validation_tests/test_winrar.py | 0 .../test_winscp_saved_sessions_plugin.py | 0 .../typed_paths_plugin_validation.py | 10 ++++++++ .../typed_urls_plugin_validation.py | 10 ++++++++ .../uac_status_plugin_validation.py | 11 ++++++++ .../usbstor_plugin_validation.py | 13 ++++++++++ .../wdigest_plugin_validation.py | 10 ++++++++ .../winrar_plugin_validation.py | 10 ++++++++ ...winscp_saved_sessions_plugin_validation.py | 12 +++++++++ .../word_wheel_query_ntuser_validation.py | 2 +- 54 files changed, 308 insertions(+), 3 deletions(-) create mode 100644 regipy_tests/validation/validation_tests/boot_entry_list_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/boot_key_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/computer_name_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/domain_sid_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/host_domain_name_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/installed_programs_software_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/last_logon_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/local_sid_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/network_data_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/network_drives_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/ntuser_classes_installer_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/print_demon_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/profile_list_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/ras_tracing_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/services_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/shell_bag_ntuser_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/shell_bag_usrclass_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/software_classes_installer_plugin_validation.py delete mode 100644 regipy_tests/validation/validation_tests/test_boot_entry_list_plugin_bcd.py delete mode 100644 regipy_tests/validation/validation_tests/test_bootkey_plugin_system.py delete mode 100644 regipy_tests/validation/validation_tests/test_classes_installer_plugin_ntuser.py delete mode 100644 regipy_tests/validation/validation_tests/test_classes_installer_plugin_software.py delete mode 100644 regipy_tests/validation/validation_tests/test_computer_name_plugin.py delete mode 100644 regipy_tests/validation/validation_tests/test_domain_sid_plugin_security.py delete mode 100644 regipy_tests/validation/validation_tests/test_host_domain_name_plugin_system.py delete mode 100644 regipy_tests/validation/validation_tests/test_installed_programs_plugin_software.py delete mode 100644 regipy_tests/validation/validation_tests/test_last_logon_plugin_software.py delete mode 100644 regipy_tests/validation/validation_tests/test_local_sid_plugin_sam.py delete mode 100644 regipy_tests/validation/validation_tests/test_netdrives.py delete mode 100644 regipy_tests/validation/validation_tests/test_network_data_plugin.py delete mode 100644 regipy_tests/validation/validation_tests/test_printdemon_plugin.py delete mode 100644 regipy_tests/validation/validation_tests/test_profilelist_plugin.py delete mode 100644 regipy_tests/validation/validation_tests/test_ras_tracing_plugin_software.py delete mode 100644 regipy_tests/validation/validation_tests/test_services_plugin_on_corrupted_hive.py delete mode 100644 regipy_tests/validation/validation_tests/test_shellbags_plugin_ntuser.py delete mode 100644 regipy_tests/validation/validation_tests/test_shellbags_plugin_usrclass.py delete mode 100644 regipy_tests/validation/validation_tests/test_typed_paths_plugin_ntuser.py delete mode 100644 regipy_tests/validation/validation_tests/test_typed_urls_plugin_ntuser.py delete mode 100644 regipy_tests/validation/validation_tests/test_uac_status_plugin_software.py delete mode 100644 regipy_tests/validation/validation_tests/test_usbstor.py delete mode 100644 regipy_tests/validation/validation_tests/test_wdigest.py delete mode 100644 regipy_tests/validation/validation_tests/test_winrar.py delete mode 100644 regipy_tests/validation/validation_tests/test_winscp_saved_sessions_plugin.py create mode 100644 regipy_tests/validation/validation_tests/typed_paths_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/typed_urls_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/uac_status_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/usbstor_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/wdigest_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/winrar_plugin_validation.py create mode 100644 regipy_tests/validation/validation_tests/winscp_saved_sessions_plugin_validation.py diff --git a/regipy_tests/__init__.py b/regipy_tests/__init__.py index edcec36..7bd66ec 100644 --- a/regipy_tests/__init__.py +++ b/regipy_tests/__init__.py @@ -5,3 +5,28 @@ from .validation.validation_tests import amcache_validation from .validation.validation_tests import bam_validation from .validation.validation_tests import word_wheel_query_ntuser_validation +from .validation.validation_tests import computer_name_plugin_validation +from .validation.validation_tests import uac_status_plugin_validation +from .validation.validation_tests import software_classes_installer_plugin_validation +from .validation.validation_tests import ntuser_classes_installer_plugin_validation +from .validation.validation_tests import ras_tracing_plugin_validation +from .validation.validation_tests import installed_programs_software_plugin_validation +from .validation.validation_tests import last_logon_plugin_validation +from .validation.validation_tests import typed_urls_plugin_validation +from .validation.validation_tests import profile_list_plugin_validation +from .validation.validation_tests import print_demon_plugin_validation +from .validation.validation_tests import services_plugin_validation +from .validation.validation_tests import local_sid_plugin_validation +from .validation.validation_tests import boot_key_plugin_validation +from .validation.validation_tests import host_domain_name_plugin_validation +from .validation.validation_tests import domain_sid_plugin_validation +from .validation.validation_tests import boot_entry_list_plugin_validation +from .validation.validation_tests import wdigest_plugin_validation +from .validation.validation_tests import winrar_plugin_validation +from .validation.validation_tests import network_drives_plugin_validation +from .validation.validation_tests import winscp_saved_sessions_plugin_validation +from .validation.validation_tests import usbstor_plugin_validation +from .validation.validation_tests import typed_paths_plugin_validation +from .validation.validation_tests import shell_bag_ntuser_plugin_validation +from .validation.validation_tests import shell_bag_usrclass_plugin_validation +from .validation.validation_tests import network_data_plugin_validation diff --git a/regipy_tests/validation/plugin_validation.md b/regipy_tests/validation/plugin_validation.md index 4ce4b71..d370fc3 100644 --- a/regipy_tests/validation/plugin_validation.md +++ b/regipy_tests/validation/plugin_validation.md @@ -21,15 +21,16 @@ | domain_sid | DomainSidPlugin | | False | | routes | RoutesPlugin | | False | | last_logon_plugin | LastLogonPlugin | | False | +| usrclass_shellbag_plugin | ShellBagUsrclassPlugin | | False | | services | ServicesPlugin | | False | | host_domain_name | HostDomainNamePlugin | | False | | profilelist_plugin | ProfileListPlugin | | False | -| usrclass_shellbag_plugin | ShellBagUsrclassPlugin | | False | | ntuser_shellbag_plugin | ShellBagNtuserPlugin | | False | | computer_name | ComputerNamePlugin | | False | | installed_programs_ntuser | InstalledProgramsNTUserPlugin | | False | | winscp_saved_sessions | WinSCPSavedSessionsPlugin | | False | | local_sid | LocalSidPlugin | | False | +| winrar_plugin | WinRARPlugin | | False | | print_demon_plugin | PrintDemonPlugin | | False | | active_control_set | ActiveControlSetPlugin | | False | | timezone_data | TimezoneDataPlugin | | False | @@ -48,6 +49,5 @@ | network_drives_plugin | NetworkDrivesPlugin | | False | | bootkey | BootKeyPlugin | | False | | boot_entry_list | BootEntryListPlugin | | False | -| winrar_plugin | WinRARPlugin | | False | | software_classes_installer | SoftwareClassesInstallerPlugin | | False | \ No newline at end of file diff --git a/regipy_tests/validation/plugin_validation.py b/regipy_tests/validation/plugin_validation.py index 02518c9..2fb86b3 100644 --- a/regipy_tests/validation/plugin_validation.py +++ b/regipy_tests/validation/plugin_validation.py @@ -93,6 +93,7 @@ def main(): print( f"\n\t[*] Validating {registry_hive_file_name} ({len(validation_cases)} validations):" ) + validation_results.extend( run_validations_for_hive_file(registry_hive_file_name, validation_cases) ) diff --git a/regipy_tests/validation/validation_tests/boot_entry_list_plugin_validation.py b/regipy_tests/validation/validation_tests/boot_entry_list_plugin_validation.py new file mode 100644 index 0000000..ee647e4 --- /dev/null +++ b/regipy_tests/validation/validation_tests/boot_entry_list_plugin_validation.py @@ -0,0 +1,10 @@ + +from regipy.plugins.bcd.boot_entry_list import BootEntryListPlugin +from regipy_tests.validation.validation import ValidationCase + + +class BootEntryListPluginValidationCase(ValidationCase): + plugin = BootEntryListPlugin + test_hive_file_name = "BCD.xz.xz" + exact_expected_result = [{'guid': '{733b62de-f608-11eb-825c-c112f60133ab}', 'type': '0x101FFFFF', 'name': 'Linux Boot Manager', 'gpt_disk': '376e5397-7d1f-4e4f-a668-5a62c1269e60', 'gpt_partition': '24e0e103-9bc2-477e-a5e2-3e42d2bb134f', 'image_path': '\\EFI\\systemd\\systemd-bootx64.efi', 'timestamp': '2021-08-09T02:13:30.992594+00:00'}, {'guid': '{733b62e2-f608-11eb-825c-c112f60133ab}', 'type': '0x101FFFFF', 'name': 'UEFI OS', 'gpt_disk': '376e5397-7d1f-4e4f-a668-5a62c1269e60', 'gpt_partition': '24e0e103-9bc2-477e-a5e2-3e42d2bb134f', 'image_path': '\\EFI\\BOOT\\BOOTX64.EFI', 'timestamp': '2021-08-09T02:13:30.992594+00:00'}, {'guid': '{733b62e3-f608-11eb-825c-c112f60133ab}', 'type': '0x101FFFFF', 'name': 'Windows Boot Manager', 'gpt_disk': '376e5397-7d1f-4e4f-a668-5a62c1269e60', 'gpt_partition': '24e0e103-9bc2-477e-a5e2-3e42d2bb134f', 'image_path': '\\EFI\\Microsoft\\Boot\\bootmgfw.efi', 'timestamp': '2021-08-09T02:13:30.992594+00:00'}, {'guid': '{733b62e4-f608-11eb-825c-c112f60133ab}', 'type': '0x10200004', 'name': 'Windows Resume Application', 'gpt_disk': '0b2394a9-095e-487d-8d48-719ecd4d78ca', 'gpt_partition': '8e0f2c38-e4ea-47ba-b7fc-9d8c74dccf0b', 'image_path': '\\Windows\\system32\\winresume.efi', 'timestamp': '2021-08-09T02:13:30.992594+00:00'}, {'guid': '{733b62e5-f608-11eb-825c-c112f60133ab}', 'type': '0x10200003', 'name': 'Windows 10', 'gpt_disk': '0b2394a9-095e-487d-8d48-719ecd4d78ca', 'gpt_partition': '8e0f2c38-e4ea-47ba-b7fc-9d8c74dccf0b', 'image_path': '\\Windows\\system32\\winload.efi', 'timestamp': '2021-08-09T02:13:30.992594+00:00'}, {'guid': '{733b62e6-f608-11eb-825c-c112f60133ab}', 'type': '0x10200003', 'name': 'Windows Recovery Environment', 'gpt_disk': '00000001-0090-0000-0500-000006000000', 'gpt_partition': '00000003-0000-0000-0000-000000000000', 'image_path': '\\windows\\system32\\winload.efi', 'timestamp': '2021-08-09T02:13:30.976970+00:00'}, {'guid': '{9dea862c-5cdd-4e70-acc1-f32b344d4795}', 'type': '0x10100002', 'name': 'Windows Boot Manager', 'gpt_disk': '0b2394a9-095e-487d-8d48-719ecd4d78ca', 'gpt_partition': '36be3955-63bf-4068-a6ab-00195cca3a22', 'image_path': '\\EFI\\Microsoft\\Boot\\bootmgfw.efi', 'timestamp': '2021-08-09T02:13:30.992594+00:00'}, {'guid': '{b2721d73-1db4-4c62-bf78-c548a880142d}', 'type': '0x10200005', 'name': 'Windows Memory Diagnostic', 'gpt_disk': '0b2394a9-095e-487d-8d48-719ecd4d78ca', 'gpt_partition': '36be3955-63bf-4068-a6ab-00195cca3a22', 'image_path': '\\EFI\\Microsoft\\Boot\\memtest.efi', 'timestamp': '2021-08-09T02:13:30.976970+00:00'}] + \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/boot_key_plugin_validation.py b/regipy_tests/validation/validation_tests/boot_key_plugin_validation.py new file mode 100644 index 0000000..9e19e7b --- /dev/null +++ b/regipy_tests/validation/validation_tests/boot_key_plugin_validation.py @@ -0,0 +1,10 @@ + +from regipy.plugins.system.bootkey import BootKeyPlugin +from regipy_tests.validation.validation import ValidationCase + + +class BootKeyPluginValidationCase(ValidationCase): + plugin = BootKeyPlugin + test_hive_file_name = "SYSTEM.xz" + exact_expected_result = [{'key': 'e7f28d88f470cfed67dbcdb62ed1275b', 'timestamp': '2012-04-04T11:47:46.203124+00:00'}, {'key': 'e7f28d88f470cfed67dbcdb62ed1275b', 'timestamp': '2012-04-04T11:47:46.203124+00:00'}] + \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/computer_name_plugin_validation.py b/regipy_tests/validation/validation_tests/computer_name_plugin_validation.py new file mode 100644 index 0000000..bcd2ab9 --- /dev/null +++ b/regipy_tests/validation/validation_tests/computer_name_plugin_validation.py @@ -0,0 +1,12 @@ +from regipy.plugins.system.computer_name import ComputerNamePlugin +from regipy_tests.validation.validation import ValidationCase + + +class ComputerNamePluginValidationCase(ValidationCase): + plugin = ComputerNamePlugin + test_hive_file_name = "SYSTEM.xz" + + exact_expected_result = [ + {"name": "WKS-WIN732BITA", "timestamp": "2010-11-10T17:18:08.718750+00:00"}, + {"name": "WIN-V5T3CSP8U4H", "timestamp": "2010-11-10T18:17:36.968750+00:00"}, + ] diff --git a/regipy_tests/validation/validation_tests/domain_sid_plugin_validation.py b/regipy_tests/validation/validation_tests/domain_sid_plugin_validation.py new file mode 100644 index 0000000..d366ddc --- /dev/null +++ b/regipy_tests/validation/validation_tests/domain_sid_plugin_validation.py @@ -0,0 +1,10 @@ + +from regipy.plugins.security.domain_sid import DomainSidPlugin +from regipy_tests.validation.validation import ValidationCase + + +class DomainSidPluginValidationCase(ValidationCase): + plugin = DomainSidPlugin + test_hive_file_name = "SECURITY.xz" + exact_expected_result = [{'domain_name': 'WORKGROUP', 'domain_sid': None, 'machine_sid': None, 'timestamp': '2021-08-05T10:43:08.911000+00:00'}] + \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/host_domain_name_plugin_validation.py b/regipy_tests/validation/validation_tests/host_domain_name_plugin_validation.py new file mode 100644 index 0000000..be7cb6e --- /dev/null +++ b/regipy_tests/validation/validation_tests/host_domain_name_plugin_validation.py @@ -0,0 +1,10 @@ + +from regipy.plugins.system.host_domain_name import HostDomainNamePlugin +from regipy_tests.validation.validation import ValidationCase + + +class HostDomainNamePluginValidationCase(ValidationCase): + plugin = HostDomainNamePlugin + test_hive_file_name = "SYSTEM.xz" + exact_expected_result = [{'hostname': 'WKS-WIN732BITA', 'domain': 'shieldbase.local', 'timestamp': '2011-09-17T13:43:23.770078+00:00'}, {'hostname': 'WKS-WIN732BITA', 'domain': 'shieldbase.local', 'timestamp': '2011-09-17T13:43:23.770078+00:00'}] + \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/installed_programs_software_plugin_validation.py b/regipy_tests/validation/validation_tests/installed_programs_software_plugin_validation.py new file mode 100644 index 0000000..9495aa5 --- /dev/null +++ b/regipy_tests/validation/validation_tests/installed_programs_software_plugin_validation.py @@ -0,0 +1,14 @@ + +from regipy.plugins.software.installed_programs import InstalledProgramsSoftwarePlugin +from regipy_tests.validation.validation import ValidationCase + + +class InstalledProgramsSoftwarePluginValidationCase(ValidationCase): + plugin = InstalledProgramsSoftwarePlugin + test_hive_file_name = "SOFTWARE.xz" + + expected_entries_count = 67 + expected_entries = [ + {'registry_path': '\\Microsoft\\Windows\\CurrentVersion\\Uninstall', 'service_name': 'AddressBook', 'timestamp': '2009-07-14T04:41:12.758808+00:00'}, + {'service_name': '{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}', 'timestamp': '2011-07-05T22:58:57.996094+00:00', 'registry_path': '\\Microsoft\\Windows\\CurrentVersion\\Uninstall', 'UninstallString': 'MsiExec.exe /X{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}', 'URLInfoAbout': 'http://www.vmware.com', 'DisplayName': 'VMware Tools'} + ] \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/last_logon_plugin_validation.py b/regipy_tests/validation/validation_tests/last_logon_plugin_validation.py new file mode 100644 index 0000000..043e275 --- /dev/null +++ b/regipy_tests/validation/validation_tests/last_logon_plugin_validation.py @@ -0,0 +1,12 @@ + +from regipy.plugins.software.last_logon import LastLogonPlugin +from regipy_tests.validation.validation import ValidationCase + + +class LastLogonPluginValidationCase(ValidationCase): + plugin = LastLogonPlugin + test_hive_file_name = "SOFTWARE.xz" + + exact_expected_result = {'last_logged_on_provider': '{6F45DC1E-5384-457A-BC13-2CD81B0D28ED}', 'last_logged_on_sam_user': 'SHIELDBASE\\rsydow', 'last_logged_on_user': 'SHIELDBASE\\rsydow', 'last_write': '2012-04-04T12:20:41.453654+00:00', 'show_tablet_keyboard': 0} + + expected_entries_count = 5 \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/local_sid_plugin_validation.py b/regipy_tests/validation/validation_tests/local_sid_plugin_validation.py new file mode 100644 index 0000000..3abf848 --- /dev/null +++ b/regipy_tests/validation/validation_tests/local_sid_plugin_validation.py @@ -0,0 +1,10 @@ + +from regipy.plugins.sam.local_sid import LocalSidPlugin +from regipy_tests.validation.validation import ValidationCase + + +class LocalSidPluginValidationCase(ValidationCase): + plugin = LocalSidPlugin + test_hive_file_name = "sam_hive.xz" + + exact_expected_result = [{'machine_sid': 'S-1-5-21-1760460187-1592185332-161725925', 'timestamp': '2014-09-24T03:36:43.549302+00:00'}] diff --git a/regipy_tests/validation/validation_tests/network_data_plugin_validation.py b/regipy_tests/validation/validation_tests/network_data_plugin_validation.py new file mode 100644 index 0000000..10a528d --- /dev/null +++ b/regipy_tests/validation/validation_tests/network_data_plugin_validation.py @@ -0,0 +1,9 @@ + +from regipy.plugins.system.network_data import NetworkDataPlugin +from regipy_tests.validation.validation import ValidationCase + + +class NetworkDataPluginValidationCase(ValidationCase): + plugin = NetworkDataPlugin + test_hive_file_name = "SYSTEM.xz" + expected_entries = [{'interface_name': '{698E50A9-4F58-4D86-B61D-F42E58DCACF6}', 'last_modified': '2011-09-17T13:43:23.770078+00:00', 'dhcp_enabled': False, 'ip_address': ['10.3.58.5'], 'subnet_mask': ['255.255.255.0'], 'default_gateway': ['10.3.58.1'], 'name_server': '10.3.58.4', 'domain': 0}] \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/network_drives_plugin_validation.py b/regipy_tests/validation/validation_tests/network_drives_plugin_validation.py new file mode 100644 index 0000000..274f771 --- /dev/null +++ b/regipy_tests/validation/validation_tests/network_drives_plugin_validation.py @@ -0,0 +1,10 @@ + +from regipy.plugins.ntuser.network_drives import NetworkDrivesPlugin +from regipy_tests.validation.validation import ValidationCase + + +class NetworkDrivesPluginValidationCase(ValidationCase): + plugin = NetworkDrivesPlugin + test_hive_file_name = "NTUSER.DAT.xz" + exact_expected_result = [{'drive_letter': 'p', 'last_write': '2012-04-03T22:08:18.840132+00:00', 'network_path': '\\\\controller\\public'}] + \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/ntuser_classes_installer_plugin_validation.py b/regipy_tests/validation/validation_tests/ntuser_classes_installer_plugin_validation.py new file mode 100644 index 0000000..c27bb71 --- /dev/null +++ b/regipy_tests/validation/validation_tests/ntuser_classes_installer_plugin_validation.py @@ -0,0 +1,11 @@ + +from regipy.plugins.ntuser.classes_installer import NtuserClassesInstallerPlugin +from regipy_tests.validation.validation import ValidationCase + + +class NtuserClassesInstallerPluginValidationCase(ValidationCase): + plugin = NtuserClassesInstallerPlugin + test_hive_file_name = "ntuser_hive_2.xz" + expected_entries = [{'identifier': '8A4152964845CF540BEAEBD27F7A8519', 'is_hidden': False, 'product_name': 'Microsoft Visual C++ Compiler Package for Python 2.7', 'timestamp': '2022-02-15T07:00:07.245646+00:00'}] + + \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/print_demon_plugin_validation.py b/regipy_tests/validation/validation_tests/print_demon_plugin_validation.py new file mode 100644 index 0000000..177732c --- /dev/null +++ b/regipy_tests/validation/validation_tests/print_demon_plugin_validation.py @@ -0,0 +1,12 @@ + +from regipy.plugins.software.printdemon import PrintDemonPlugin +from regipy_tests.validation.validation import ValidationCase + + +class PrintDemonPluginValidationCase(ValidationCase): + plugin = PrintDemonPlugin + test_hive_file_name = "SOFTWARE.xz" + + exact_expected_result = [{'parameters': ['9600', 'n', '8', '1'], 'port_name': 'COM1:', 'timestamp': '2010-11-10T10:35:02.448040+00:00'}, {'parameters': ['9600', 'n', '8', '1'], 'port_name': 'COM2:', 'timestamp': '2010-11-10T10:35:02.448040+00:00'}, {'parameters': ['9600', 'n', '8', '1'], 'port_name': 'COM3:', 'timestamp': '2010-11-10T10:35:02.448040+00:00'}, {'parameters': ['9600', 'n', '8', '1'], 'port_name': 'COM4:', 'timestamp': '2010-11-10T10:35:02.448040+00:00'}, {'parameters': 0, 'port_name': 'FILE:', 'timestamp': '2010-11-10T10:35:02.448040+00:00'}, {'parameters': 0, 'port_name': 'LPT1:', 'timestamp': '2010-11-10T10:35:02.448040+00:00'}, {'parameters': 0, 'port_name': 'LPT2:', 'timestamp': '2010-11-10T10:35:02.448040+00:00'}, {'parameters': 0, 'port_name': 'LPT3:', 'timestamp': '2010-11-10T10:35:02.448040+00:00'}, {'parameters': 0, 'port_name': 'XPSPort:', 'timestamp': '2010-11-10T10:35:02.448040+00:00'}, {'parameters': 0, 'port_name': 'Ne00:', 'timestamp': '2010-11-10T10:35:02.448040+00:00'}, {'parameters': 0, 'port_name': 'Ne01:', 'timestamp': '2010-11-10T10:35:02.448040+00:00'}, {'parameters': 0, 'port_name': 'nul:', 'timestamp': '2010-11-10T10:35:02.448040+00:00'}] + + expected_entries_count = 12 \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/profile_list_plugin_validation.py b/regipy_tests/validation/validation_tests/profile_list_plugin_validation.py new file mode 100644 index 0000000..43c854b --- /dev/null +++ b/regipy_tests/validation/validation_tests/profile_list_plugin_validation.py @@ -0,0 +1,12 @@ + +from regipy.plugins.software.profilelist import ProfileListPlugin +from regipy_tests.validation.validation import ValidationCase + + +class ProfileListPluginValidationCase(ValidationCase): + plugin = ProfileListPlugin + test_hive_file_name = "SOFTWARE.xz" + + exact_expected_result = [{'last_write': '2009-07-14T04:41:12.493608+00:00', 'path': '%systemroot%\\system32\\config\\systemprofile', 'flags': 12, 'full_profile': None, 'state': 0, 'sid': 'S-1-5-18', 'load_time': None, 'local_load_time': None}, {'last_write': '2010-11-10T18:09:16.250000+00:00', 'path': 'C:\\Windows\\ServiceProfiles\\LocalService', 'flags': 0, 'full_profile': None, 'state': 0, 'sid': 'S-1-5-19', 'load_time': None, 'local_load_time': None}, {'last_write': '2010-11-10T18:09:16.250000+00:00', 'path': 'C:\\Windows\\ServiceProfiles\\NetworkService', 'flags': 0, 'full_profile': None, 'state': 0, 'sid': 'S-1-5-20', 'load_time': None, 'local_load_time': None}, {'last_write': '2010-11-10T17:22:52.109376+00:00', 'path': 'C:\\Users\\Pepper', 'flags': 0, 'full_profile': None, 'state': 0, 'sid': 'S-1-5-21-100689374-1717798114-2601648136-1000', 'load_time': '1601-01-01T00:00:00+00:00', 'local_load_time': None}, {'last_write': '2012-04-04T12:42:17.719834+00:00', 'path': 'C:\\Users\\SRL-Helpdesk', 'flags': 0, 'full_profile': None, 'state': 0, 'sid': 'S-1-5-21-100689374-1717798114-2601648136-1001', 'load_time': '1601-01-01T00:00:00+00:00', 'local_load_time': None}, {'last_write': '2011-08-21T00:51:19.820166+00:00', 'path': 'C:\\Users\\nfury', 'flags': 0, 'full_profile': None, 'state': 0, 'sid': 'S-1-5-21-2036804247-3058324640-2116585241-1105', 'load_time': '1601-01-01T00:00:00+00:00', 'local_load_time': None}, {'last_write': '2011-08-23T01:33:29.006350+00:00', 'path': 'C:\\Users\\mhill', 'flags': 0, 'full_profile': None, 'state': 0, 'sid': 'S-1-5-21-2036804247-3058324640-2116585241-1106', 'load_time': '1601-01-01T00:00:00+00:00', 'local_load_time': None}, {'last_write': '2011-09-17T13:33:17.372366+00:00', 'path': 'C:\\Users\\Tdungan', 'flags': 0, 'full_profile': None, 'state': 0, 'sid': 'S-1-5-21-2036804247-3058324640-2116585241-1107', 'load_time': '1601-01-01T00:00:00+00:00', 'local_load_time': None}, {'last_write': '2012-04-06T19:44:17.844274+00:00', 'path': 'C:\\Users\\nromanoff', 'flags': 0, 'full_profile': None, 'state': 0, 'sid': 'S-1-5-21-2036804247-3058324640-2116585241-1109', 'load_time': '1601-01-01T00:00:00+00:00', 'local_load_time': None}, {'last_write': '2012-04-06T19:42:31.408714+00:00', 'path': 'C:\\Users\\rsydow', 'flags': 0, 'full_profile': None, 'state': 256, 'sid': 'S-1-5-21-2036804247-3058324640-2116585241-1114', 'load_time': '1601-01-01T00:00:00+00:00', 'local_load_time': None}, {'last_write': '2012-04-06T19:22:20.845938+00:00', 'path': 'C:\\Users\\vibranium', 'flags': 0, 'full_profile': None, 'state': 256, 'sid': 'S-1-5-21-2036804247-3058324640-2116585241-1673', 'load_time': '1601-01-01T00:00:00+00:00', 'local_load_time': None}] + + expected_entries_count = 11 \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/ras_tracing_plugin_validation.py b/regipy_tests/validation/validation_tests/ras_tracing_plugin_validation.py new file mode 100644 index 0000000..812544b --- /dev/null +++ b/regipy_tests/validation/validation_tests/ras_tracing_plugin_validation.py @@ -0,0 +1,12 @@ + +from regipy.plugins.software.tracing import RASTracingPlugin +from regipy_tests.validation.validation import ValidationCase + + +class RASTracingPluginValidationCase(ValidationCase): + plugin = RASTracingPlugin + test_hive_file_name = "SOFTWARE.xz" + + expected_entries = [{'key': '\\Microsoft\\Tracing', 'name': 'AcroRd32_RASAPI32', 'timestamp': '2012-03-16T21:31:26.613878+00:00'}, + {'key': '\\Microsoft\\Tracing', 'name': 'wmplayer_RASMANCS', 'timestamp': '2012-03-12T20:58:55.476336+00:00'}] + expected_entries_count = 70 diff --git a/regipy_tests/validation/validation_tests/services_plugin_validation.py b/regipy_tests/validation/validation_tests/services_plugin_validation.py new file mode 100644 index 0000000..2a389dc --- /dev/null +++ b/regipy_tests/validation/validation_tests/services_plugin_validation.py @@ -0,0 +1,13 @@ + +from regipy.plugins.system.services import ServicesPlugin +from regipy_tests.validation.validation import ValidationCase + + +class ServicesPluginValidationCase(ValidationCase): + plugin = ServicesPlugin + test_hive_file_name = "corrupted_SYSTEM.xz" + + expected_entries = [{'a':'b'}] + + #assert plugin_instance.entries['\\ControlSet001\\Services']['services'][0] == {'last_modified': '2008-10-21T17:48:29.328124+00:00', 'name': 'Abiosdsk', 'parameters': [], 'values': [{'is_corrupted': False, 'name': 'ErrorControl', 'value': 0, 'value_type': 'REG_DWORD'}, {'is_corrupted': False, 'name': 'Group', 'value': 'Primary disk', 'value_type': 'REG_SZ'}, {'is_corrupted': False, 'name': 'Start', 'value': 4, 'value_type': 'REG_DWORD'}, {'is_corrupted': False, 'name': 'Tag', 'value': 3, 'value_type': 'REG_DWORD'}, {'is_corrupted': False, 'name': 'Type', 'value': 1, 'value_type': 'REG_DWORD'}]} + \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/shell_bag_ntuser_plugin_validation.py b/regipy_tests/validation/validation_tests/shell_bag_ntuser_plugin_validation.py new file mode 100644 index 0000000..57cfbcc --- /dev/null +++ b/regipy_tests/validation/validation_tests/shell_bag_ntuser_plugin_validation.py @@ -0,0 +1,13 @@ + +import datetime as dt + +from regipy.plugins.ntuser.shellbags_ntuser import ShellBagNtuserPlugin +from regipy_tests.validation.validation import ValidationCase + + +class ShellBagNtuserPluginValidationCase(ValidationCase): + plugin = ShellBagNtuserPlugin + test_hive_file_name = "shellbags_ntuser.xz" + + expected_entries_count = 102 + expected_entries = [{'value': 'rekall', 'slot': '0', 'reg_path': '\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\2\\0', 'value_name': '0', 'node_slot': '11', 'shell_type': 'Directory', 'path': 'Search Folder\\tmp\\rekall', 'creation_time': dt.datetime(2021, 8, 16, 9, 41, 32).isoformat(), 'full path': None, 'access_time': dt.datetime(2021, 8, 16, 9, 43, 22).isoformat(), 'modification_time': dt.datetime(2021, 8, 16, 9, 41, 32).isoformat(), 'last_write': '2021-08-16T09:44:39.333110+00:00', 'location description': None, 'mru_order': '0', 'mru_order_location': 0}] \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/shell_bag_usrclass_plugin_validation.py b/regipy_tests/validation/validation_tests/shell_bag_usrclass_plugin_validation.py new file mode 100644 index 0000000..f4fc342 --- /dev/null +++ b/regipy_tests/validation/validation_tests/shell_bag_usrclass_plugin_validation.py @@ -0,0 +1,11 @@ + +from regipy.plugins.usrclass.shellbags_usrclass import ShellBagUsrclassPlugin +from regipy_tests.validation.validation import ValidationCase + + +class ShellBagUsrclassPluginValidationCase(ValidationCase): + plugin = ShellBagUsrclassPlugin + test_hive_file_name = "transaction_usrclass.xz" + + expected_entries_count = 29 + expected_entries = [{'value': 'Dropbox', 'slot': '9', 'reg_path': '\\Local Settings\\Software\\Microsoft\\Windows\\Shell\\BagMRU', 'value_name': '9', 'node_slot': '20', 'shell_type': 'Root Folder', 'path': 'Dropbox', 'creation_time': None, 'full path': None, 'access_time': None, 'modification_time': None, 'last_write': '2018-04-05T02:13:26.843024+00:00', 'location description': None, 'mru_order': '4-8-7-6-9-0-1-5-3-2', 'mru_order_location': 4}] \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/software_classes_installer_plugin_validation.py b/regipy_tests/validation/validation_tests/software_classes_installer_plugin_validation.py new file mode 100644 index 0000000..b9154b8 --- /dev/null +++ b/regipy_tests/validation/validation_tests/software_classes_installer_plugin_validation.py @@ -0,0 +1,12 @@ + +from regipy.plugins.software.classes_installer import SoftwareClassesInstallerPlugin +from regipy_tests.validation.validation import ValidationCase + + +class SoftwareClassesInstallerPluginValidationCase(ValidationCase): + plugin = SoftwareClassesInstallerPlugin + test_hive_file_name = "SOFTWARE.xz" + + expected_entries = [{'identifier': '000041091A0090400000000000F01FEC', 'is_hidden': False, 'product_name': 'Microsoft Office OneNote MUI (English) 2010', 'timestamp': '2010-11-10T10:31:06.573040+00:00'}] + # TODO: add support to test such thing + # assert not any([x['is_hidden'] for x in plugin_instance.entries]) diff --git a/regipy_tests/validation/validation_tests/test_boot_entry_list_plugin_bcd.py b/regipy_tests/validation/validation_tests/test_boot_entry_list_plugin_bcd.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_bootkey_plugin_system.py b/regipy_tests/validation/validation_tests/test_bootkey_plugin_system.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_classes_installer_plugin_ntuser.py b/regipy_tests/validation/validation_tests/test_classes_installer_plugin_ntuser.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_classes_installer_plugin_software.py b/regipy_tests/validation/validation_tests/test_classes_installer_plugin_software.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_computer_name_plugin.py b/regipy_tests/validation/validation_tests/test_computer_name_plugin.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_domain_sid_plugin_security.py b/regipy_tests/validation/validation_tests/test_domain_sid_plugin_security.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_host_domain_name_plugin_system.py b/regipy_tests/validation/validation_tests/test_host_domain_name_plugin_system.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_installed_programs_plugin_software.py b/regipy_tests/validation/validation_tests/test_installed_programs_plugin_software.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_last_logon_plugin_software.py b/regipy_tests/validation/validation_tests/test_last_logon_plugin_software.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_local_sid_plugin_sam.py b/regipy_tests/validation/validation_tests/test_local_sid_plugin_sam.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_netdrives.py b/regipy_tests/validation/validation_tests/test_netdrives.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_network_data_plugin.py b/regipy_tests/validation/validation_tests/test_network_data_plugin.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_printdemon_plugin.py b/regipy_tests/validation/validation_tests/test_printdemon_plugin.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_profilelist_plugin.py b/regipy_tests/validation/validation_tests/test_profilelist_plugin.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_ras_tracing_plugin_software.py b/regipy_tests/validation/validation_tests/test_ras_tracing_plugin_software.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_services_plugin_on_corrupted_hive.py b/regipy_tests/validation/validation_tests/test_services_plugin_on_corrupted_hive.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_shellbags_plugin_ntuser.py b/regipy_tests/validation/validation_tests/test_shellbags_plugin_ntuser.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_shellbags_plugin_usrclass.py b/regipy_tests/validation/validation_tests/test_shellbags_plugin_usrclass.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_typed_paths_plugin_ntuser.py b/regipy_tests/validation/validation_tests/test_typed_paths_plugin_ntuser.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_typed_urls_plugin_ntuser.py b/regipy_tests/validation/validation_tests/test_typed_urls_plugin_ntuser.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_uac_status_plugin_software.py b/regipy_tests/validation/validation_tests/test_uac_status_plugin_software.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_usbstor.py b/regipy_tests/validation/validation_tests/test_usbstor.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_wdigest.py b/regipy_tests/validation/validation_tests/test_wdigest.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_winrar.py b/regipy_tests/validation/validation_tests/test_winrar.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/test_winscp_saved_sessions_plugin.py b/regipy_tests/validation/validation_tests/test_winscp_saved_sessions_plugin.py deleted file mode 100644 index e69de29..0000000 diff --git a/regipy_tests/validation/validation_tests/typed_paths_plugin_validation.py b/regipy_tests/validation/validation_tests/typed_paths_plugin_validation.py new file mode 100644 index 0000000..8dfe455 --- /dev/null +++ b/regipy_tests/validation/validation_tests/typed_paths_plugin_validation.py @@ -0,0 +1,10 @@ + +from regipy.plugins.ntuser.typed_paths import TypedPathsPlugin +from regipy_tests.validation.validation import ValidationCase + + +class TypedPathsPluginValidationCase(ValidationCase): + plugin = TypedPathsPlugin + test_hive_file_name = "shellbags_ntuser.xz" + exact_expected_result = {'last_write': '2022-02-06T13:46:04.945080+00:00', 'entries': [{'url1': 'cmd'}, {'url2': 'C:\\Offline\\AD'}, {'url3': 'git'}, {'url4': 'powershell'}, {'url5': 'C:\\Program Files'}, {'url6': 'Network'}, {'url7': '\\\\wsl$\\Ubuntu\\projects\\CAD316_001\\partition_p1'}, {'url8': '\\\\wsl$\\Ubuntu\\projects'}, {'url9': '\\\\wsl$\\Ubuntu'}, {'url10': 'C:\\Users\\tony\\Github'}, {'url11': 'C:\\Users\\tony\\Github\\velocity-client-master'}, {'url12': 'C:\\Users\\tony\\Github\\cogz'}, {'url13': 'C:\\Users\\tony\\Github\\cogz\\cogz'}, {'url14': 'Quick access'}, {'url15': 'C:\\ProgramData\\chocolatey\\lib\\yara\\tools'}, {'url16': 'C:\\Training\\MT01\\exercise'}]} + \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/typed_urls_plugin_validation.py b/regipy_tests/validation/validation_tests/typed_urls_plugin_validation.py new file mode 100644 index 0000000..c8f727e --- /dev/null +++ b/regipy_tests/validation/validation_tests/typed_urls_plugin_validation.py @@ -0,0 +1,10 @@ + +from regipy.plugins.ntuser.typed_urls import TypedUrlsPlugin +from regipy_tests.validation.validation import ValidationCase + + +class TypedUrlsPluginValidationCase(ValidationCase): + plugin = TypedUrlsPlugin + test_hive_file_name = "NTUSER.DAT.xz" + + exact_expected_result = {'last_write': '2012-04-03T22:37:55.411500+00:00', 'entries': [{'url1': 'http://199.73.28.114:53/'}, {'url2': 'http://go.microsoft.com/fwlink/?LinkId=69157'}]} diff --git a/regipy_tests/validation/validation_tests/uac_status_plugin_validation.py b/regipy_tests/validation/validation_tests/uac_status_plugin_validation.py new file mode 100644 index 0000000..459b0d6 --- /dev/null +++ b/regipy_tests/validation/validation_tests/uac_status_plugin_validation.py @@ -0,0 +1,11 @@ + +from regipy.plugins.software.uac import UACStatusPlugin +from regipy_tests.validation.validation import ValidationCase + + +class UACStatusPluginValidationCase(ValidationCase): + plugin = UACStatusPlugin + test_hive_file_name = "SOFTWARE.xz" + + exact_expected_result = {'consent_prompt_admin': 5, 'consent_prompt_user': 3, 'enable_limited_user_accounts': 1, 'enable_virtualization': 1, 'filter_admin_token': 0, 'last_write': '2011-08-30T18:47:10.734144+00:00'} + \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/usbstor_plugin_validation.py b/regipy_tests/validation/validation_tests/usbstor_plugin_validation.py new file mode 100644 index 0000000..fe3cc4d --- /dev/null +++ b/regipy_tests/validation/validation_tests/usbstor_plugin_validation.py @@ -0,0 +1,13 @@ + +from regipy.plugins.system.usbstor import USBSTORPlugin +from regipy_tests.validation.validation import ValidationCase + + +class USBSTORPluginValidationCase(ValidationCase): + plugin = USBSTORPlugin + test_hive_file_name = "system_hive_with_filetime.xz" + expected_entries = [ + {'device_name': 'SanDisk Cruzer USB Device', 'disk_guid': '{fc416b61-6437-11ea-bd0c-a483e7c21469}', 'first_installed': '2020-03-17T14:02:38.955490+00:00', 'key_path': '\\ControlSet001\\Enum\\USBSTOR\\Disk&Ven_SanDisk&Prod_Cruzer&Rev_1.20\\200608767007B7C08A6A&0', 'last_connected': '2020-03-17T14:02:38.946628+00:00', 'last_installed': '2020-03-17T14:02:38.955490+00:00', 'last_removed': '2020-03-17T14:23:45.504690+00:00', 'last_write': '2020-03-17T14:02:38.965050+00:00', 'manufacturer': 'Ven_SanDisk', 'serial_number': '200608767007B7C08A6A&0', 'title': 'Prod_Cruzer', 'version': 'Rev_1.20'} + ] + + \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/wdigest_plugin_validation.py b/regipy_tests/validation/validation_tests/wdigest_plugin_validation.py new file mode 100644 index 0000000..e2e9f92 --- /dev/null +++ b/regipy_tests/validation/validation_tests/wdigest_plugin_validation.py @@ -0,0 +1,10 @@ + +from regipy.plugins.system.wdigest import WDIGESTPlugin +from regipy_tests.validation.validation import ValidationCase + + +class WDIGESTPluginValidationCase(ValidationCase): + plugin = WDIGESTPlugin + test_hive_file_name = "SYSTEM.xz" + exact_expected_result = [{'subkey': '\\ControlSet001\\Control\\SecurityProviders\\WDigest', 'timestamp': '2009-07-14T04:37:09.491968+00:00', 'use_logon_credential': 1}, {'subkey': '\\ControlSet002\\Control\\SecurityProviders\\WDigest', 'timestamp': '2009-07-14T04:37:09.491968+00:00', 'use_logon_credential': None}] + \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/winrar_plugin_validation.py b/regipy_tests/validation/validation_tests/winrar_plugin_validation.py new file mode 100644 index 0000000..c579ba3 --- /dev/null +++ b/regipy_tests/validation/validation_tests/winrar_plugin_validation.py @@ -0,0 +1,10 @@ + +from regipy.plugins.ntuser.winrar import WinRARPlugin +from regipy_tests.validation.validation import ValidationCase + + +class WinRARPluginValidationCase(ValidationCase): + plugin = WinRARPlugin + test_hive_file_name = "NTUSER.DAT.xz" + exact_expected_result = [{'last_write': '2021-11-18T13:59:04.888952+00:00', 'file_path': 'C:\\Users\\tony\\Downloads\\RegistryFinder64.zip', 'operation': 'archive_opened', 'value_name': '0'}, {'last_write': '2021-11-18T13:59:04.888952+00:00', 'file_path': 'C:\\temp\\token.zip', 'operation': 'archive_opened', 'value_name': '1'}, {'last_write': '2021-11-18T13:59:50.023788+00:00', 'file_name': 'Tools.zip', 'operation': 'archive_created', 'value_name': '0'}, {'last_write': '2021-11-18T13:59:50.023788+00:00', 'file_name': 'data.zip', 'operation': 'archive_created', 'value_name': '1'}, {'last_write': '2021-11-18T14:00:44.180468+00:00', 'file_path': 'C:\\Users\\tony\\Downloads', 'operation': 'archive_extracted', 'value_name': '0'}, {'last_write': '2021-11-18T14:00:44.180468+00:00', 'file_path': 'C:\\temp', 'operation': 'archive_extracted', 'value_name': '1'}] + \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/winscp_saved_sessions_plugin_validation.py b/regipy_tests/validation/validation_tests/winscp_saved_sessions_plugin_validation.py new file mode 100644 index 0000000..0293d33 --- /dev/null +++ b/regipy_tests/validation/validation_tests/winscp_saved_sessions_plugin_validation.py @@ -0,0 +1,12 @@ +from regipy.plugins.ntuser.winscp_saved_sessions import WinSCPSavedSessionsPlugin +from regipy_tests.validation.validation import ValidationCase + + +class WinSCPSavedSessionsPluginValidationCase(ValidationCase): + plugin = WinSCPSavedSessionsPlugin + test_hive_file_name = "ntuser_hive_2.xz" + expected_entries_count = 2 + + # TODO: Replace hive test files, as some seem a bit sensitive and some might infrige licenses... + # @nocommit + \ No newline at end of file diff --git a/regipy_tests/validation/validation_tests/word_wheel_query_ntuser_validation.py b/regipy_tests/validation/validation_tests/word_wheel_query_ntuser_validation.py index c7e662a..fb45d2b 100644 --- a/regipy_tests/validation/validation_tests/word_wheel_query_ntuser_validation.py +++ b/regipy_tests/validation/validation_tests/word_wheel_query_ntuser_validation.py @@ -2,7 +2,7 @@ from regipy_tests.validation.validation import ValidationCase -class NTUserUserAssistValidationCase(ValidationCase): +class WordWheelQueryPluginValidationCase(ValidationCase): plugin = WordWheelQueryPlugin test_hive_file_name = "NTUSER.DAT.xz"