LEFT | RIGHT |
(no file at all) | |
1 # -*- coding: utf-8 -*- | 1 # -*- coding: utf-8 -*- |
2 """The image export front-end.""" | 2 """The image export front-end.""" |
3 | 3 |
4 import abc | 4 import abc |
5 import collections | 5 import collections |
6 import logging | 6 import logging |
7 import os | 7 import os |
8 | 8 |
9 import pysigscan | 9 import pysigscan |
10 | 10 |
| 11 from artifacts import reader as artifacts_reader |
| 12 from artifacts import registry as artifacts_registry |
11 from dfvfs.helpers import file_system_searcher | 13 from dfvfs.helpers import file_system_searcher |
12 from dfvfs.lib import errors as dfvfs_errors | 14 from dfvfs.lib import errors as dfvfs_errors |
13 from dfvfs.path import factory as path_spec_factory | 15 from dfvfs.path import factory as path_spec_factory |
14 from dfvfs.resolver import context | 16 from dfvfs.resolver import context |
15 from dfvfs.resolver import resolver as path_spec_resolver | 17 from dfvfs.resolver import resolver as path_spec_resolver |
16 | 18 |
17 from plaso.analyzers.hashers import manager as hashers_manager | 19 from plaso.analyzers.hashers import manager as hashers_manager |
18 from plaso.engine import extractors | 20 from plaso.engine import extractors |
19 from plaso.engine import knowledge_base | 21 from plaso.engine import knowledge_base |
20 from plaso.engine import path_helper | 22 from plaso.engine import path_helper |
(...skipping 701 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
722 """Preprocesses the image. | 724 """Preprocesses the image. |
723 | 725 |
724 Args: | 726 Args: |
725 file_system (dfvfs.FileSystem): file system to be preprocessed. | 727 file_system (dfvfs.FileSystem): file system to be preprocessed. |
726 mount_point (dfvfs.PathSpec): mount point path specification that refers | 728 mount_point (dfvfs.PathSpec): mount point path specification that refers |
727 to the base location of the file system. | 729 to the base location of the file system. |
728 """ | 730 """ |
729 if self._knowledge_base is not None: | 731 if self._knowledge_base is not None: |
730 return | 732 return |
731 | 733 |
| 734 registry = artifacts_registry.ArtifactDefinitionsRegistry() |
| 735 reader = artifacts_reader.YamlArtifactsReader() |
| 736 # TODO: remove hard coded path. |
| 737 artifacts_definitions_directory = u'{0:s}{1:s}'.format( |
| 738 os.path.sep, os.path.join(u'usr', u'share', u'artifacts')) |
| 739 registry.ReadFromDirectory(reader, artifacts_definitions_directory) |
| 740 |
732 self._knowledge_base = knowledge_base.KnowledgeBase() | 741 self._knowledge_base = knowledge_base.KnowledgeBase() |
733 | 742 |
734 logging.debug(u'Preprocessing.') | 743 logging.debug(u'Preprocessing.') |
735 | 744 |
736 preprocess_manager.PreprocessPluginsManager.RunPlugins( | 745 preprocess_manager.PreprocessPluginsManager.RunPlugins( |
737 file_system, mount_point, self._knowledge_base) | 746 registry, file_system, mount_point, self._knowledge_base) |
738 | 747 |
739 def _WriteFileEntry(self, file_entry, data_stream_name, destination_file): | 748 def _WriteFileEntry(self, file_entry, data_stream_name, destination_file): |
740 """Writes the contents of the source file entry to a destination file. | 749 """Writes the contents of the source file entry to a destination file. |
741 | 750 |
742 Note that this function will overwrite an existing file. | 751 Note that this function will overwrite an existing file. |
743 | 752 |
744 Args: | 753 Args: |
745 file_entry (dfvfs.FileEntry): file entry whose content is to be written. | 754 file_entry (dfvfs.FileEntry): file entry whose content is to be written. |
746 data_stream_name (str): name of the data stream whose content is to be | 755 data_stream_name (str): name of the data stream whose content is to be |
747 written. | 756 written. |
(...skipping 208 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
956 logging.error( | 965 logging.error( |
957 u'[skipping] invalid pattern in line: {0:s}'.format( | 966 u'[skipping] invalid pattern in line: {0:s}'.format( |
958 line.decode(u'utf-8'))) | 967 line.decode(u'utf-8'))) |
959 continue | 968 continue |
960 | 969 |
961 format_specification = specification.FormatSpecification(identifier) | 970 format_specification = specification.FormatSpecification(identifier) |
962 format_specification.AddNewSignature(pattern, offset=offset) | 971 format_specification.AddNewSignature(pattern, offset=offset) |
963 specification_store.AddSpecification(format_specification) | 972 specification_store.AddSpecification(format_specification) |
964 | 973 |
965 return specification_store | 974 return specification_store |
LEFT | RIGHT |