LEFT | RIGHT |
1 # -*- coding: utf-8 -*- | 1 # -*- coding: utf-8 -*- |
2 """Parser for the Google Chrome extension activity database files. | 2 """Parser for the Google Chrome extension activity database files. |
3 | 3 |
4 The Chrome extension activity is stored in SQLite database files named | 4 The Chrome extension activity is stored in SQLite database files named |
5 Extension Activity. | 5 Extension Activity. |
6 """ | 6 """ |
7 | 7 |
8 from dfdatetime import webkit_time as dfdatetime_webkit_time | 8 from dfdatetime import webkit_time as dfdatetime_webkit_time |
9 | 9 |
10 from plaso.containers import events | 10 from plaso.containers import events |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
55 # Define the needed queries. | 55 # Define the needed queries. |
56 QUERIES = [ | 56 QUERIES = [ |
57 ((u'SELECT time, extension_id, action_type, api_name, args, page_url, ' | 57 ((u'SELECT time, extension_id, action_type, api_name, args, page_url, ' |
58 u'page_title, arg_url, other, activity_id ' | 58 u'page_title, arg_url, other, activity_id ' |
59 u'FROM activitylog_uncompressed ORDER BY time'), | 59 u'FROM activitylog_uncompressed ORDER BY time'), |
60 u'ParseActivityLogUncompressedRow')] | 60 u'ParseActivityLogUncompressedRow')] |
61 | 61 |
62 REQUIRED_TABLES = frozenset([ | 62 REQUIRED_TABLES = frozenset([ |
63 u'activitylog_compressed', u'string_ids', u'url_ids']) | 63 u'activitylog_compressed', u'string_ids', u'url_ids']) |
64 | 64 |
65 SCHEMAS = [ | 65 SCHEMAS = [{ |
66 {u'activitylog_compressed': | 66 u'activitylog_compressed': ( |
67 u'CREATE TABLE activitylog_compressed (count INTEGER NOT NULL DEFAULT ' | 67 u'CREATE TABLE activitylog_compressed (count INTEGER NOT NULL ' |
68 u'1, extension_id_x INTEGER NOT NULL, time INTEGER, action_type ' | 68 u'DEFAULT 1, extension_id_x INTEGER NOT NULL, time INTEGER, ' |
69 u'INTEGER, api_name_x INTEGER, args_x INTEGER, page_url_x INTEGER, ' | 69 u'action_type INTEGER, api_name_x INTEGER, args_x INTEGER, ' |
70 u'page_title_x INTEGER, arg_url_x INTEGER, other_x INTEGER)', | 70 u'page_url_x INTEGER, page_title_x INTEGER, arg_url_x INTEGER, ' |
71 u'string_ids': | 71 u'other_x INTEGER)'), |
72 u'CREATE TABLE string_ids (id INTEGER PRIMARY KEY, value TEXT NOT ' | 72 u'string_ids': ( |
73 u'NULL)', | 73 u'CREATE TABLE string_ids (id INTEGER PRIMARY KEY, value TEXT NOT ' |
74 u'url_ids': | 74 u'NULL)'), |
75 u'CREATE TABLE url_ids (id INTEGER PRIMARY KEY, value TEXT NOT NULL)'}] | 75 u'url_ids': ( |
| 76 u'CREATE TABLE url_ids (id INTEGER PRIMARY KEY, value TEXT NOT ' |
| 77 u'NULL)')}] |
76 | 78 |
77 def ParseActivityLogUncompressedRow( | 79 def ParseActivityLogUncompressedRow( |
78 self, parser_mediator, row, query=None, **unused_kwargs): | 80 self, parser_mediator, row, query=None, **unused_kwargs): |
79 """Parses an activity log row. | 81 """Parses an activity log row. |
80 | 82 |
81 Args: | 83 Args: |
82 parser_mediator (ParserMediator): mediates interactions between parsers | 84 parser_mediator (ParserMediator): mediates interactions between parsers |
83 and other components, such as storage and dfvfs. | 85 and other components, such as storage and dfvfs. |
84 row (sqlite3.Row): row. | 86 row (sqlite3.Row): row. |
85 query (Optional[str]): query. | 87 query (Optional[str]): query. |
(...skipping 14 matching lines...) Expand all Loading... |
100 event_data.query = query | 102 event_data.query = query |
101 | 103 |
102 timestamp = row['time'] | 104 timestamp = row['time'] |
103 date_time = dfdatetime_webkit_time.WebKitTime(timestamp=timestamp) | 105 date_time = dfdatetime_webkit_time.WebKitTime(timestamp=timestamp) |
104 event = time_events.DateTimeValuesEvent( | 106 event = time_events.DateTimeValuesEvent( |
105 date_time, eventdata.EventTimestamp.UNKNOWN) | 107 date_time, eventdata.EventTimestamp.UNKNOWN) |
106 parser_mediator.ProduceEventWithEventData(event, event_data) | 108 parser_mediator.ProduceEventWithEventData(event, event_data) |
107 | 109 |
108 | 110 |
109 sqlite.SQLiteParser.RegisterPlugin(ChromeExtensionActivityPlugin) | 111 sqlite.SQLiteParser.RegisterPlugin(ChromeExtensionActivityPlugin) |
LEFT | RIGHT |