Beispiel #1
0
    def Collect(self, knowledge_base):
        """Collects values from the knowledge base.

    Args:
      knowledge_base (KnowledgeBase): to fill with preprocessing information.

    Raises:
      PreProcessFail: if the preprocessing fails.
    """
        environment_variable = knowledge_base.GetEnvironmentVariable(
            'programdata')
        allusersprofile = getattr(environment_variable, 'value', None)

        if not allusersprofile:
            environment_variable = knowledge_base.GetEnvironmentVariable(
                'allusersprofile')
            allusersprofile = getattr(environment_variable, 'value', None)

            if allusersprofile:
                environment_variable = artifacts.EnvironmentVariableArtifact(
                    case_sensitive=False,
                    name='programdata',
                    value=allusersprofile)

                try:
                    logger.debug(
                        'setting environment variable: {0:s} to: "{1:s}"'.
                        format('programdata', allusersprofile))
                    knowledge_base.AddEnvironmentVariable(environment_variable)
                except KeyError:
                    # TODO: add and store preprocessing errors.
                    pass
Beispiel #2
0
    def _ParseValueData(self, knowledge_base, value_data):
        """Parses Windows Registry value data for a preprocessing attribute.

    Args:
      knowledge_base (KnowledgeBase): to fill with preprocessing information.
      value_data (object): Windows Registry value data.

    Raises:
      errors.PreProcessFail: if the preprocessing fails.
    """
        if not isinstance(value_data, str):
            raise errors.PreProcessFail(
                'Unsupported Windows Registry value type: {0!s} for '
                'artifact: {1:s}.'.format(type(value_data),
                                          self.ARTIFACT_DEFINITION_NAME))

        environment_variable = artifacts.EnvironmentVariableArtifact(
            case_sensitive=False, name=self._NAME, value=value_data)

        try:
            logger.debug(
                'setting environment variable: {0:s} to: "{1:s}"'.format(
                    self._NAME, value_data))
            knowledge_base.AddEnvironmentVariable(environment_variable)
        except KeyError:
            # TODO: add and store preprocessing errors.
            pass
Beispiel #3
0
    def _ParsePathSpecification(self, knowledge_base, searcher, file_system,
                                path_specification, path_separator):
        """Parses artifact file system data for a preprocessing attribute.

    Args:
      knowledge_base (KnowledgeBase): to fill with preprocessing information.
      searcher (dfvfs.FileSystemSearcher): file system searcher to preprocess
          the file system.
      file_system (dfvfs.FileSystem): file system to be preprocessed.
      path_specification (dfvfs.PathSpec): path specification that contains
          the artifact value data.
      path_separator (str): path segment separator.

    Raises:
      errors.PreProcessFail: if the preprocessing fails.
    """
        relative_path = searcher.GetRelativePath(path_specification)
        if not relative_path:
            raise errors.PreProcessFail(
                'Unable to read: {0:s} with error: missing relative path'.
                format(self.ARTIFACT_DEFINITION_NAME))

        if path_separator != file_system.PATH_SEPARATOR:
            relative_path_segments = file_system.SplitPath(relative_path)
            relative_path = '{0:s}{1:s}'.format(
                path_separator, path_separator.join(relative_path_segments))

        environment_variable = artifacts.EnvironmentVariableArtifact(
            case_sensitive=False, name=self._NAME, value=relative_path)

        try:
            logger.debug(
                'setting environment variable: {0:s} to: "{1:s}"'.format(
                    self._NAME, relative_path))
            knowledge_base.AddEnvironmentVariable(environment_variable)
        except KeyError:
            # TODO: add and store preprocessing errors.
            pass