go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers/os/resources/windows/security_products_test.go (about) 1 // Copyright (c) Mondoo, Inc. 2 // SPDX-License-Identifier: BUSL-1.1 3 4 package windows 5 6 import ( 7 "os" 8 "testing" 9 "time" 10 11 "github.com/stretchr/testify/assert" 12 "github.com/stretchr/testify/require" 13 ) 14 15 func TestParseSecurityProductState(t *testing.T) { 16 code := uint32(397568) 17 res := parseProductState(code) 18 assert.Equal(t, uint32(1), res.Owner) // microsoft 19 assert.Equal(t, uint32(0), res.Product) // on 20 assert.Equal(t, uint32(1), res.Signature) // up to date 21 22 code = uint32(393216) 23 res = parseProductState(code) 24 assert.Equal(t, uint32(0), res.Owner) // other 25 assert.Equal(t, uint32(1), res.Product) // off 26 assert.Equal(t, uint32(1), res.Signature) // up to date 27 28 code = uint32(397584) 29 res = parseProductState(code) 30 assert.Equal(t, uint32(1), res.Owner) // microsoft 31 assert.Equal(t, uint32(0), res.Product) // on 32 assert.Equal(t, uint32(0), res.Signature) // ouf to date 33 } 34 35 func findProduct(products []securityProduct, id string, typ string) securityProduct { 36 var actual securityProduct 37 38 for i := range products { 39 p := products[i] 40 if p.Guid == id && p.Type == typ { 41 actual = p 42 break 43 } 44 } 45 return actual 46 } 47 48 func mustParse(value string) time.Time { 49 t, err := time.Parse(time.RFC1123, value) 50 if err != nil { 51 panic(err) 52 } 53 return t 54 } 55 56 func TestSecurityProductsPowershell(t *testing.T) { 57 // default windows 10 58 r, err := os.Open("./testdata/security_products_antivirus.json") 59 require.NoError(t, err) 60 61 products, err := ParseWindowsSecurityProducts(r) 62 require.NoError(t, err) 63 assert.True(t, len(products) == 1) 64 65 assert.Equal(t, "Windows Defender", products[0].Name) 66 assert.Equal(t, int64(397568), products[0].State) 67 assert.Equal(t, "UP-TO-DATE", products[0].SignatureStatus) 68 assert.Equal(t, "ON", products[0].ProductStatus) 69 70 // parse more products 71 r, err = os.Open("./testdata/security_products_antispyware.json") 72 require.NoError(t, err) 73 74 products, err = ParseWindowsSecurityProducts(r) 75 require.NoError(t, err) 76 assert.True(t, len(products) == 6) 77 78 assert.Equal(t, securityProduct{ 79 Type: "antivirus", 80 Guid: "{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}", 81 Name: "Windows Defender", 82 SignedProductExe: "windowsdefender://", 83 SignedReportingExe: "%ProgramFiles%\\Windows Defender\\MsMpeng.exe", 84 State: 393472, 85 ProductStatus: "OFF", 86 SignatureStatus: "UP-TO-DATE", 87 Timestamp: mustParse("Sun, 14 Nov 2021 12:09:12 GMT"), 88 }, findProduct(products, "{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}", "antivirus")) 89 90 assert.Equal(t, securityProduct{ 91 Type: "antivirus", 92 Guid: "{F6EF0F75-4CCD-059F-B5E3-F43DFF8ECEEF}", 93 Name: "Sophos Intercept X", 94 SignedProductExe: "C:\\Program Files\\Sophos\\Endpoint Defense\\SEDcli.exe", 95 SignedReportingExe: "C:\\Program Files\\Sophos\\Endpoint Defense\\SEDService.exe", 96 State: 266240, 97 ProductStatus: "ON", 98 SignatureStatus: "UP-TO-DATE", 99 Timestamp: mustParse("Fri, 22 Apr 2022 07:56:39 GMT"), 100 }, findProduct(products, "{F6EF0F75-4CCD-059F-B5E3-F43DFF8ECEEF}", "antivirus")) 101 102 assert.Equal(t, securityProduct{ 103 Type: "antivirus", 104 Guid: "{8E0623B8-CF1C-DFFE-CEA3-AA41BDA4B8EE}", 105 Name: "Sophos Anti-Virus", 106 SignedProductExe: "C:\\Program Files (x86)\\Sophos\\Sophos Anti-Virus\\WSCClient.exe", 107 SignedReportingExe: "C:\\Program Files (x86)\\Sophos\\Sophos Anti-Virus\\WSCClient.exe", 108 State: 331776, 109 ProductStatus: "ON", 110 SignatureStatus: "UP-TO-DATE", 111 Timestamp: mustParse("Tue, 02 Nov 2021 15:42:21 GMT"), 112 }, findProduct(products, "{8E0623B8-CF1C-DFFE-CEA3-AA41BDA4B8EE}", "antivirus")) 113 114 assert.Equal(t, securityProduct{ 115 Type: "firewall", 116 Guid: "{CED48E50-06A2-04C7-9EBC-5D08015D8994}", 117 Name: "Sophos Intercept X", 118 SignedProductExe: "C:\\Program Files\\Sophos\\Endpoint Defense\\SEDcli.exe", 119 SignedReportingExe: "C:\\Program Files\\Sophos\\Endpoint Defense\\SEDService.exe", 120 State: 266240, 121 ProductStatus: "ON", 122 SignatureStatus: "UP-TO-DATE", 123 Timestamp: mustParse("Fri, 22 Apr 2022 07:56:39 GMT"), 124 }, findProduct(products, "{CED48E50-06A2-04C7-9EBC-5D08015D8994}", "firewall")) 125 126 assert.Equal(t, securityProduct{ 127 Type: "antispyware", 128 Guid: "{577C8ED3-C22B-48D4-E5E0-298D0463E6CD}", 129 Name: "ESET Security", 130 SignedProductExe: "C:\\Program Files\\ESET\\ESET Security\\ecmds.exe", 131 SignedReportingExe: "C:\\Program Files\\ESET\\ESET Security\\ekrn.exe", 132 State: 266240, 133 ProductStatus: "ON", 134 SignatureStatus: "UP-TO-DATE", 135 Timestamp: mustParse("Fri, 13 Sep 2019 08:03:30 GMT"), 136 }, findProduct(products, "{577C8ED3-C22B-48D4-E5E0-298D0463E6CD}", "antispyware")) 137 138 assert.Equal(t, securityProduct{ 139 Type: "antispyware", 140 Guid: "{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}", 141 Name: "Windows Defender", 142 SignedProductExe: "windowsdefender://", 143 SignedReportingExe: "%ProgramFiles%\\Windows Defender\\MsMpeng.exe", 144 State: 393472, 145 ProductStatus: "OFF", 146 SignatureStatus: "UP-TO-DATE", 147 Timestamp: mustParse("Fri, 05 Apr 2019 16:26:27 GMT"), 148 }, findProduct(products, "{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}", "antispyware")) 149 }