Issue 293180043: [plaso] Fixed parser filter expression bugs #647

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+992 lines, -881 lines)			Patch
M	plaso/cli/extraction_tool.py	View	1 2 3	3 chunks	+7 lines, -5 lines	0 comments	Download
M	plaso/cli/helpers/manager.py	View		1 chunk	+1 line, -1 line	0 comments	Download
M	plaso/engine/single_process.py	View		3 chunks	+7 lines, -4 lines	0 comments	Download
M	plaso/engine/worker.py	View		2 chunks	+10 lines, -8 lines	0 comments	Download
M	plaso/formatters/userassist.py	View		1 chunk	+1 line, -1 line	0 comments	Download
M	plaso/frontend/extraction_frontend.py	View	1 2 3	12 chunks	+39 lines, -32 lines	0 comments	Download
M	plaso/frontend/preg.py	View		1 chunk	+1 line, -1 line	0 comments	Download
M	plaso/frontend/presets.py	View	1 2 3	1 chunk	+23 lines, -20 lines	0 comments	Download
M	plaso/multi_processing/multi_process.py	View		9 chunks	+24 lines, -20 lines	0 comments	Download
M	plaso/parsers/asl.py	View		1 chunk	+1 line, -1 line	0 comments	Download
M	plaso/parsers/bencode_parser.py	View	1	2 chunks	+1 line, -6 lines	0 comments	Download
M	plaso/parsers/esedb.py	View	1	2 chunks	+2 lines, -7 lines	0 comments	Download
M	plaso/parsers/interface.py	View	1 2 3 4	5 chunks	+44 lines, -63 lines	4 comments	Download
M	plaso/parsers/mac_wifi.py	View	1 2 3	2 chunks	+2 lines, -2 lines	0 comments	Download
M	plaso/parsers/mactime.py	View		1 chunk	+1 line, -1 line	0 comments	Download
M	plaso/parsers/manager.py	View	1 2 3	6 chunks	+143 lines, -142 lines	2 comments	Download
M	plaso/parsers/olecf.py	View	1	3 chunks	+6 lines, -17 lines	0 comments	Download
M	plaso/parsers/plist.py	View	1 2 3 4	2 chunks	+8 lines, -6 lines	0 comments	Download
M	plaso/parsers/plugins.py	View		1 chunk	+1 line, -1 line	0 comments	Download
M	plaso/parsers/safari_cookies.py	View	1 2 3	1 chunk	+1 line, -1 line	0 comments	Download
M	plaso/parsers/skydrivelog.py	View	1 2 3	1 chunk	+0 lines, -5 lines	0 comments	Download
M	plaso/parsers/sqlite.py	View	1	7 chunks	+8 lines, -15 lines	0 comments	Download
M	plaso/parsers/syslog.py	View	1 2 3	6 chunks	+35 lines, -23 lines	0 comments	Download
M	plaso/parsers/syslog_plugins/interface.py	View	1 2 3	3 chunks	+18 lines, -16 lines	0 comments	Download
M	plaso/parsers/syslog_plugins/ssh.py	View	1 2 3	1 chunk	+8 lines, -5 lines	0 comments	Download
M	plaso/parsers/text_parser.py	View	1 2 3	4 chunks	+7 lines, -7 lines	0 comments	Download
M	plaso/parsers/winfirewall.py	View	1 2 3	3 chunks	+3 lines, -3 lines	0 comments	Download
M	plaso/parsers/winreg.py	View	1 2 3	2 chunks	+2 lines, -3 lines	0 comments	Download
M	plaso/parsers/xchatlog.py	View	1 2 3	1 chunk	+1 line, -1 line	0 comments	Download
M	plaso/parsers/xchatscrollback.py	View	1 2 3	4 chunks	+18 lines, -9 lines	0 comments	Download
M	tests/engine/single_process.py	View		1 chunk	+1 line, -3 lines	0 comments	Download
M	tests/multi_processing/multi_process.py	View		1 chunk	+1 line, -3 lines	0 comments	Download
M	tests/parsers/android_app_usage.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/asl.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/bencode_parser.py	View	1 2 3	1 chunk	+14 lines, -6 lines	0 comments	Download
M	tests/parsers/bencode_plugins/transmission.py	View	1 2 3	2 chunks	+10 lines, -12 lines	0 comments	Download
M	tests/parsers/bencode_plugins/utorrent.py	View	1 2 3	4 chunks	+21 lines, -23 lines	0 comments	Download
M	tests/parsers/bsm.py	View	1	2 chunks	+6 lines, -10 lines	0 comments	Download
M	tests/parsers/chrome_cache.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/chrome_preferences.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/cups_ipp.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/custom_destinations.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/docker.py	View	1	3 chunks	+9 lines, -7 lines	0 comments	Download
M	tests/parsers/filestat.py	View	1	13 chunks	+19 lines, -11 lines	0 comments	Download
M	tests/parsers/firefox_cache.py	View	1	9 chunks	+30 lines, -18 lines	0 comments	Download
M	tests/parsers/iis.py	View	1	2 chunks	+6 lines, -6 lines	0 comments	Download
A	tests/parsers/interface.py	View	1	1 chunk	+35 lines, -0 lines	0 comments	Download
M	tests/parsers/java_idx.py	View	1	2 chunks	+6 lines, -6 lines	0 comments	Download
M	tests/parsers/mac_appfirewall.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/mac_keychain.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/mac_securityd.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/mac_wifi.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/mactime.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/manager.py	View	1 2	3 chunks	+164 lines, -27 lines	0 comments	Download
M	tests/parsers/mcafeeav.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/msiecf.py	View	1	2 chunks	+4 lines, -6 lines	0 comments	Download
M	tests/parsers/ntfs.py	View	1	6 chunks	+10 lines, -12 lines	0 comments	Download
M	tests/parsers/opera.py	View	1	2 chunks	+6 lines, -10 lines	0 comments	Download
M	tests/parsers/oxml.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/pcap.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/plist.py	View	1 2 3	1 chunk	+14 lines, -4 lines	0 comments	Download
M	tests/parsers/plist_plugins/interface.py	View	1	2 chunks	+0 lines, -9 lines	0 comments	Download
M	tests/parsers/pls_recall.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/popcontest.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/recycler.py	View	1	2 chunks	+6 lines, -10 lines	0 comments	Download
M	tests/parsers/safari_cookies.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/sccm.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/selinux.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/skydrivelog.py	View	1	4 chunks	+12 lines, -12 lines	0 comments	Download
M	tests/parsers/sqlite.py	View	1 2 3	2 chunks	+12 lines, -31 lines	2 comments	Download
M	tests/parsers/sqlite_plugins/skype.py	View		1 chunk	+1 line, -1 line	0 comments	Download
M	tests/parsers/symantec.py	View	1	1 chunk	+7 lines, -7 lines	0 comments	Download
M	tests/parsers/syslog.py	View	1 2	1 chunk	+3 lines, -1 line	0 comments	Download
M	tests/parsers/syslog_plugins/cron.py	View	1 2 3	1 chunk	+1 line, -5 lines	0 comments	Download
M	tests/parsers/syslog_plugins/ssh.py	View	1 2 3	1 chunk	+20 lines, -9 lines	0 comments	Download
M	tests/parsers/syslog_plugins/test_lib.py	View	1 2 3	2 chunks	+11 lines, -32 lines	0 comments	Download
M	tests/parsers/text_parser.py	View	1	1 chunk	+6 lines, -6 lines	0 comments	Download
M	tests/parsers/utmp.py	View	1	2 chunks	+6 lines, -6 lines	0 comments	Download
M	tests/parsers/utmpx.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/winevt.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/winevtx.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/winfirewall.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/winjob.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/winlnk.py	View	1	2 chunks	+6 lines, -6 lines	0 comments	Download
M	tests/parsers/winprefetch.py	View	1	4 chunks	+12 lines, -8 lines	0 comments	Download
M	tests/parsers/winreg.py	View	1 2 3	3 chunks	+23 lines, -7 lines	0 comments	Download
M	tests/parsers/winrestore.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/xchatlog.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tests/parsers/xchatscrollback.py	View	1	1 chunk	+3 lines, -5 lines	0 comments	Download
M	tools/image_export.py	View		2 chunks	+2 lines, -2 lines	0 comments	Download
M	tools/log2timeline.py	View	1 2 3	2 chunks	+2 lines, -2 lines	0 comments	Download
M	tools/preg.py	View		2 chunks	+2 lines, -2 lines	0 comments	Download

Messages

Total messages: 41

Expand All Messages | Collapse All Messages

dc3.plaso

On 2016/04/20 16:56:12, Joachim Metz wrote: > Code updated. The --parsers option works a lot ...

8 years ago (2016-04-21 18:29:08 UTC) #3

dc3.plaso

Made some comments about running individual plugins. https://codereview.appspot.com/293180043/diff/20001/plaso/parsers/interface.py File plaso/parsers/interface.py (right): https://codereview.appspot.com/293180043/diff/20001/plaso/parsers/interface.py#newcode75 plaso/parsers/interface.py:75: Takes a ...

8 years ago (2016-04-21 18:30:36 UTC) #4

Joachim Metz

https://codereview.appspot.com/293180043/diff/20001/plaso/parsers/interface.py File plaso/parsers/interface.py (right): https://codereview.appspot.com/293180043/diff/20001/plaso/parsers/interface.py#newcode75 plaso/parsers/interface.py:75: Takes a comma separated string and splits it up ...

8 years ago (2016-04-26 04:58:23 UTC) #5

dc3.plaso

Looks a lot cleaner than my idea! :) Exclusion list is not handled properly when ...

7 years, 12 months ago (2016-04-27 19:29:23 UTC) #7

Joachim Metz

> Looks a lot cleaner than my idea! :) Great, we seem to be in ...

7 years, 12 months ago (2016-04-27 20:01:36 UTC) #8

Joachim Metz

> Looks a lot cleaner than my idea! :) Great, we seem to be in ...

7 years, 12 months ago (2016-04-27 20:01:40 UTC) #9

Joachim Metz

https://codereview.appspot.com/293180043/diff/40001/plaso/parsers/interface.py File plaso/parsers/interface.py (right): https://codereview.appspot.com/293180043/diff/40001/plaso/parsers/interface.py#newcode64 plaso/parsers/interface.py:64: # _plugin_classes = {} On 2016/04/27 19:29:22, dc3.plaso wrote: ...

7 years, 12 months ago (2016-04-27 20:04:08 UTC) #10

dc3.plaso

Any ideas about the olecf issue? https://codereview.appspot.com/293180043/diff/40001/plaso/parsers/xchatscrollback.py File plaso/parsers/xchatscrollback.py (right): https://codereview.appspot.com/293180043/diff/40001/plaso/parsers/xchatscrollback.py#newcode79 plaso/parsers/xchatscrollback.py:79: self.text = text ...

7 years, 12 months ago (2016-04-28 12:08:55 UTC) #12

Joachim Metz

https://codereview.appspot.com/293180043/diff/40001/plaso/parsers/xchatscrollback.py File plaso/parsers/xchatscrollback.py (right): https://codereview.appspot.com/293180043/diff/40001/plaso/parsers/xchatscrollback.py#newcode79 plaso/parsers/xchatscrollback.py:79: self.text = text Typically method args in docstrings are ...

7 years, 12 months ago (2016-04-28 12:53:06 UTC) #14

dc3.plaso

On 2016/04/28 12:53:06, Joachim Metz wrote: > https://codereview.appspot.com/293180043/diff/40001/plaso/parsers/xchatscrollback.py > File plaso/parsers/xchatscrollback.py (right): > > https://codereview.appspot.com/293180043/diff/40001/plaso/parsers/xchatscrollback.py#newcode79 ...

7 years, 12 months ago (2016-04-28 17:19:03 UTC) #15

Joachim Metz

Fixed support for a parser expression string with only excludes. > Any ideas about the ...

7 years, 11 months ago (2016-05-05 12:40:54 UTC) #16

Joachim Metz

https://codereview.appspot.com/293180043/diff/40001/plaso/parsers/manager.py File plaso/parsers/manager.py (right): https://codereview.appspot.com/293180043/diff/40001/plaso/parsers/manager.py#newcode209 plaso/parsers/manager.py:209: I see what you mean, I'll solve this differently ...

7 years, 11 months ago (2016-05-05 12:41:03 UTC) #17

Joachim Metz

7 years, 11 months ago (2016-05-05 12:41:05 UTC) #18

Joachim Metz

FYI recent changes from HEAD seem to have leaked into this CL.

7 years, 11 months ago (2016-05-05 14:50:21 UTC) #20

dc3.plaso

LG2M. I assume the leak is in response to mostly the parsers\syslog file.

7 years, 11 months ago (2016-05-05 15:56:23 UTC) #21

dc3.plaso

On 2016/05/09 05:15:58, Joachim Metz wrote: > Code updated. LG2M

7 years, 11 months ago (2016-05-09 20:08:47 UTC) #23

onager

Got up to the parser manager, but running out of time, so partial review. I ...

7 years, 11 months ago (2016-05-10 04:56:01 UTC) #24

Joachim Metz

> I don't love the passing-empty-lists-of-plugins-to-init-for-parsers-that-don't-actually-support-plugins > pattern, it's pretty ugly. Is there a way ...

7 years, 11 months ago (2016-05-11 19:35:31 UTC) #25

Joachim Metz

> I don't love the passing-empty-lists-of-plugins-to-init-for-parsers-that-don't-actually-support-plugins > pattern, it's pretty ugly. Is there a way ...

7 years, 11 months ago (2016-05-11 19:35:36 UTC) #26

Joachim Metz

https://codereview.appspot.com/293180043/diff/80001/plaso/frontend/presets.py File plaso/frontend/presets.py (right): https://codereview.appspot.com/293180043/diff/80001/plaso/frontend/presets.py#newcode43 plaso/frontend/presets.py:43: u'android_app_usage', u'sqlite/android_calls', u'sqlite/android_sms']} On 2016/05/10 04:56:01, onager wrote: > ...

7 years, 11 months ago (2016-05-11 19:36:03 UTC) #27

Joachim Metz

I'll could move the plugin initialization into a separate method.

7 years, 11 months ago (2016-05-14 14:14:46 UTC) #28

Joachim Metz

Some previous changes seem to have leaked into this CL, used diffbase: 7c5f934bfe13f046cc5b31d48979c602a25b3808

7 years, 11 months ago (2016-05-15 07:54:53 UTC) #31

onager

https://codereview.appspot.com/293180043/diff/120001/plaso/parsers/interface.py File plaso/parsers/interface.py (right): https://codereview.appspot.com/293180043/diff/120001/plaso/parsers/interface.py#newcode77 plaso/parsers/interface.py:77: The default plugin, named "{self.NAME:s}_default", is handled separately. -separately ...

7 years, 11 months ago (2016-05-16 04:27:22 UTC) #32

Joachim Metz

7 years, 11 months ago (2016-05-16 04:35:40 UTC) #33

dc3.plaso

Some runtime errors. https://codereview.appspot.com/293180043/diff/140001/plaso/parsers/manager.py File plaso/parsers/manager.py (right): https://codereview.appspot.com/293180043/diff/140001/plaso/parsers/manager.py#newcode212 plaso/parsers/manager.py:212: parser_object.EnablePlugins(plugin_includes) Unless I'm missing something, the ...

7 years, 11 months ago (2016-05-16 14:02:04 UTC) #35

Joachim Metz

https://codereview.appspot.com/293180043/diff/140001/plaso/parsers/manager.py File plaso/parsers/manager.py (right): https://codereview.appspot.com/293180043/diff/140001/plaso/parsers/manager.py#newcode212 plaso/parsers/manager.py:212: parser_object.EnablePlugins(plugin_includes) It is defined in the interface, should not ...

7 years, 11 months ago (2016-05-16 15:23:28 UTC) #36

dc3.plaso

On 2016/05/16 15:23:28, Joachim Metz wrote: > https://codereview.appspot.com/293180043/diff/140001/plaso/parsers/manager.py > File plaso/parsers/manager.py (right): > > https://codereview.appspot.com/293180043/diff/140001/plaso/parsers/manager.py#newcode212 ...

7 years, 11 months ago (2016-05-16 15:28:38 UTC) #37

onager

On 2016/05/16 15:28:38, dc3.plaso wrote: > On 2016/05/16 15:23:28, Joachim Metz wrote: > > https://codereview.appspot.com/293180043/diff/140001/plaso/parsers/manager.py ...

7 years, 11 months ago (2016-05-17 01:18:34 UTC) #38

onager

Woops, forgot to say, couple of typos https://codereview.appspot.com/293180043/diff/140001/plaso/parsers/interface.py File plaso/parsers/interface.py (right): https://codereview.appspot.com/293180043/diff/140001/plaso/parsers/interface.py#newcode77 plaso/parsers/interface.py:77: The default ...

7 years, 11 months ago (2016-05-17 01:18:55 UTC) #39

Joachim Metz

https://codereview.appspot.com/293180043/diff/140001/plaso/parsers/interface.py File plaso/parsers/interface.py (right): https://codereview.appspot.com/293180043/diff/140001/plaso/parsers/interface.py#newcode77 plaso/parsers/interface.py:77: The default plugin, named "{self.NAME:s}_default", if it exitsts, On ...

7 years, 11 months ago (2016-05-17 03:20:41 UTC) #40

Manual merge

Expand All Messages | Collapse All Messages