def Parse(self, persistence, knowledge_base, download_pathtype):
"""Convert persistence collector output to downloadable rdfvalues."""
pathspecs = []
source_urn = None
if isinstance(persistence, rdf_client.WindowsServiceInformation):
if persistence.HasField("registry_key"):
source_urn = persistence.registry_key
if persistence.HasField("binary"):
pathspecs.append(persistence.binary.pathspec)
elif persistence.HasField("image_path"):
pathspecs = self._GetFilePaths(persistence.image_path,
download_pathtype,
knowledge_base)
# TODO(user): handle empty image_path driver default
if isinstance(persistence, rdf_client.StatEntry
) and persistence.HasField("registry_type"):
pathspecs = self._GetFilePaths(persistence.registry_data.string,
download_pathtype, knowledge_base)
source_urn = persistence.aff4path
for pathspec in pathspecs:
yield rdf_standard.PersistenceFile(pathspec=pathspec,
source_urn=source_urn)
def Parse(self, persistence, knowledge_base, download_pathtype):
"""Convert persistence collector output to downloadable rdfvalues."""
pathspecs = []
if isinstance(persistence, rdf_client.OSXServiceInformation):
if persistence.program:
pathspecs = rdf_paths.PathSpec(
path=persistence.program, pathtype=download_pathtype)
elif persistence.args:
pathspecs = rdf_paths.PathSpec(
path=persistence.args[0], pathtype=download_pathtype)
for pathspec in pathspecs:
yield rdf_standard.PersistenceFile(pathspec=pathspec)
def Parse(self, persistence, knowledge_base, download_pathtype):
"""Convert persistence collector output to downloadable rdfvalues."""
pathspecs = []
if isinstance(persistence, rdf_client.WindowsServiceInformation):
if persistence.HasField("binary"):
pathspecs.append(persistence.binary.pathspec)
elif persistence.HasField("image_path"):
pathspecs = self._GetFilePaths(persistence.image_path,
download_pathtype,
knowledge_base)
if isinstance(persistence, rdf_client.StatEntry
) and persistence.HasField("registry_type"):
pathspecs = self._GetFilePaths(persistence.registry_data.string,
download_pathtype, knowledge_base)
for pathspec in pathspecs:
yield rdf_standard.PersistenceFile(pathspec=pathspec)