Left: | ||
Right: |
OLD | NEW |
---|---|
(Empty) | |
1 #!/usr/bin/python | |
2 # -*- coding: utf-8 -*- | |
3 # | |
4 # Copyright 2014 The Plaso Project Authors. | |
5 # Please see the AUTHORS file for details on individual authors. | |
6 # | |
7 # Licensed under the Apache License, Version 2.0 (the "License"); | |
8 # you may not use this file except in compliance with the License. | |
9 # You may obtain a copy of the License at | |
10 # | |
11 # http://www.apache.org/licenses/LICENSE-2.0 | |
12 # | |
13 # Unless required by applicable law or agreed to in writing, software | |
14 # distributed under the License is distributed on an "AS IS" BASIS, | |
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
16 # See the License for the specific language governing permissions and | |
17 # limitations under the License. | |
18 """This file contains the artifact-based preprocess plug-ins.""" | |
19 | |
20 import logging | |
21 | |
22 from dfvfs.helpers import file_system_searcher | |
23 | |
24 from plaso.artifacts import definition as artifact_definition | |
25 from plaso.lib import errors | |
26 from plaso.preprocessors import interface | |
27 from plaso.preprocessors import manager | |
28 | |
29 | |
30 class ArtifactPathSourceTypePreprocessor(interface.PreprocessPlugin): | |
31 """Class that defines the artifact path source type preprocessor.""" | |
32 | |
33 def __init__(self, definition): | |
34 """Returns the path as found by the searcher. | |
35 | |
36 Args: | |
37 definition: the artifact defintition (instance of ArtifactDefinition). | |
38 """ | |
39 super(ArtifactPathSourceTypePreprocessor, self).__init__() | |
40 self._name = definition.name | |
41 | |
42 self._find_specs = [] | |
43 for source in definition.sources: | |
44 if source.type_indicator == artifact_definition.TYPE_INDICATOR_PATH: | |
45 for location_string in source.locations: | |
46 location = location_string.split(source.separator) | |
47 if location[0] != u'': | |
48 logging.warning(( | |
49 u'[ArtifactPathSourceTypePreprocessor] ignoring location: ' | |
50 u'{0:s} not relative to the root of the file system.').format( | |
51 location_string)) | |
kiddi
2014/11/04 05:28:33
shouldn't there be a continue then here?
Joachim Metz
2017/05/20 17:43:09
CL has changed
| |
52 | |
53 self._find_specs.append(file_system_searcher.FindSpec( | |
54 location=location[1:], case_sensitive=False)) | |
55 | |
56 def GetValue(self, searcher, unused_knowledge_base): | |
57 """Returns the path as found by the searcher. | |
58 | |
59 Args: | |
60 searcher: the file system searcher object (instance of | |
61 dfvfs.FileSystemSearcher). | |
62 knowledge_base: a knowledge base object (instance of KnowledgeBase), | |
63 which contains information from the source data needed | |
64 for parsing. | |
65 | |
66 Returns: | |
67 The first path location string. | |
68 | |
69 Raises: | |
70 PreProcessFail: if the path could not be found. | |
71 """ | |
72 # TODO: add support for path variable expansion. | |
73 path_specs = list(searcher.Find(find_specs=self._find_specs)) | |
74 if not path_specs: | |
75 raise errors.PreProcessFail( | |
76 u'Unable to find path for artifact definition: {0:s}'.format( | |
77 self._name)) | |
78 | |
79 relative_path = searcher.GetRelativePath(path_specs[0]) | |
80 if not relative_path: | |
81 raise errors.PreProcessFail( | |
82 u'Missing relative path for artifact definition: {0:s}'.format( | |
83 self._name)) | |
84 | |
85 return relative_path | |
86 | |
87 def Run(self, searcher, knowledge_base): | |
88 """Runs the preprocess plug-in and stores the result in the knowledge base. | |
89 | |
90 Args: | |
91 searcher: The file system searcher object (instance of | |
92 dfvfs.FileSystemSearcher). | |
93 knowledge_base: A knowledge base object (instance of KnowledgeBase), | |
94 which contains information from the source data needed | |
95 for parsing. | |
96 """ | |
97 value = self.GetValue(searcher, knowledge_base) | |
98 knowledge_base.SetValue(self._name, value) | |
99 | |
100 logging.debug(u'[{0:s}] setting: \'{1:s}\' to: \'{2:s}\''.format( | |
101 self._name, self._name.lower(), | |
102 knowledge_base.GetValue(self._name, default_value=u''))) | |
103 | |
104 | |
105 manager.PreprocessPluginsManager.RegisterPlugins([ | |
106 ArtifactPathSourceTypePreprocessor]) | |
OLD | NEW |