def LoadConfigFile(self):
"""Parses the the config file.
Applies interpolations and produces a dict of config options for each
test. This also adds useful defaults to be available for interpolations
in the config file itself. This config file is not written back.
Returns:
a dict with keys being the test names, and values being config_options
for each test.
"""
config = yaml.load(open(self.FLAGS.config).read())
# Set some useful defaults - These do not get written to the file.
config.setdefault("DEFAULT", {})
defaults = config["DEFAULT"]
defaults.update(
dict(tempdir=self.temp_directory,
testdir=self.test_directory,
executable=self.FLAGS.executable))
# Extra options to be used for testing.
defaults["--renderer"] = "test"
for test_config in config.values():
# For each test config interpolate the parameter if it is a string.
for k, v in test_config.items():
merged_config = defaults.copy()
merged_config.update(test_config)
if isinstance(v, basestring):
v = v % merged_config
test_config[k] = v
return utils.AttributeDict(config)
def __init__(self, *pos_args, **kwargs):
self.ignore_required = kwargs.get("ignore_required", False)
# If this is set we do not enforce required args. This is useful when
# callers want to instantiate a plugin in order to use its methods as a
# utility.
if self.plugin_args is None:
self.plugin_args = utils.AttributeDict()
# Collect args in the declared order (basically follow the mro
# backwards).
definitions = []
definitions_classes = {}
for cls in self.__class__.__mro__:
args_definition = getattr(cls, "_%s__args" % cls.__name__, [])
for definition in args_definition:
# Definitions can be just simple dicts.
if isinstance(definition, dict):
definition = CommandOption(**definition)
# We have seen this arg before.
previous_definition = definitions_classes.get(definition.name)
if previous_definition:
# Since we traverse the definition in reverse MRO order,
# later definitions should be masked by earlier (more
# derived) definitions.
continue
definitions_classes[definition.name] = cls
definitions.append(definition)
# Handle positional args by consuming them off the pos_args array in
# definition order. This allows positional args to be specified either
# by position, or by keyword.
positional_args = [x for x in definitions if x.positional]
if len(positional_args) < len(pos_args):
raise TypeError("Too many positional args provided.")
for pos_arg, definition in zip(pos_args, positional_args):
# If the positional arg is also defined as a keyword arg this is a
# bug.
if definition.name in kwargs:
raise TypeError(
"Positional Args %s is also supplied as a keyword arg." %
definition.name)
kwargs[definition.name] = pos_arg
# Collect all the declared args and parse them.
for definition in definitions:
value = kwargs.pop(definition.name, None)
if (value is None and definition.required and
not self.ignore_required):
raise InvalidArgs("%s is required." % definition.name)
self.plugin_args[definition.name] = definition.parse(
value, session=kwargs.get("session"))
super(ArgsParserMixin, self).__init__(**kwargs)
def parse_args(argv=None, user_session=None):
"""Parse the args from the command line argv."""
if argv is None:
argv = sys.argv[1:]
parser = RekallArgParser(
description=constants.BANNER,
conflict_handler='resolve',
add_help=True,
epilog="When no module is provided, drops into interactive mode",
formatter_class=RekallHelpFormatter)
# The plugin name is taken from the command line, but it is not enough to
# know which specific implementation will be used. For example there are 3
# classes implementing the pslist plugin WinPsList, LinPsList and OSXPsList.
plugin_name, argv = FindPlugin(argv, user_session)
# Add all critical parameters. Critical parameters are those which are
# common to all implementations of a certain plugin and are required in
# order to choose from these implementations. For example, the profile or
# filename are usually used to select the specific implementation of a
# plugin.
for metadata in user_session.plugins.plugin_db.MetadataByName(plugin_name):
ConfigureCommandLineParser(metadata, parser, critical=True)
# Parse the global and critical args from the command line.
ParseGlobalArgs(parser, argv, user_session)
# Find the specific implementation of the plugin that applies here. For
# example, we have 3 different pslist implementations depending on the
# specific profile loaded.
command_metadata = user_session.plugins.Metadata(plugin_name)
if not command_metadata:
raise plugin.PluginError(
"Plugin %s is not available for this configuration" % plugin_name)
# Configure the arg parser for this command's options.
plugin_cls = command_metadata.plugin_cls
ConfigureCommandLineParser(command_metadata, parser)
# Parse the final command line.
result = parser.parse_args(argv)
# We handle help especially since we want to enumerate all plugins.
if getattr(result, "help", None):
parser.print_help()
sys.exit(-1)
# Apply the defaults to the parsed args.
result = utils.AttributeDict(vars(result))
result.pop("__dummy", None)
command_metadata.ApplyDefaults(result)
return plugin_cls, result
def collect(self):
kuser_shared = self.session.address_resolver.get_constant_object(
"nt!KI_USER_SHARED_DATA", "_KUSER_SHARED_DATA")
seconds_since_boot = self.session.plugins.imageinfo().GetBootTime(
kuser_shared)
kernel_time = kuser_shared.SystemTime
boot_timestamp = basic.UnixTimeStamp(
value=kernel_time - seconds_since_boot,
session=self.session)
yield [utils.AttributeDict(now=kernel_time, boot=boot_timestamp,
uptime=seconds_since_boot)]
def _get_result_paths(results_directory_path):
return utils.AttributeDict(pre_ast_forest_file_path=os.path.join(
results_directory_path,
'pre_ast.json',
),
preprocessed_file_path=os.path.join(
results_directory_path,
'preprocessed.json',
),
preprocessed_string_file_path=os.path.join(
results_directory_path,
'preprocessed.c',
),
ast_file_path=os.path.join(
results_directory_path,
'ast.json',
),
profile_file_path=os.path.join(
results_directory_path,
'profile.json',
))
def __init__(self, session=None, **kwargs):
"""Instantiate the plugin with the provided kwargs."""
self.args = utils.AttributeDict(kwargs)
self.session = session
self.pool = threadpool.ThreadPool(self.args.processes)
def column_types(self):
return dict(Result=utils.AttributeDict())
def DecodeFromJsonSafe(self, state, options):
state = super(AttributeDictObjectRenderer,
self).DecodeFromJsonSafe(state, options)
return utils.AttributeDict(state.get("data", {}))
