def _ParseResponses(self, responses, artifact_name, source):
"""Create a result parser sending different arguments for diff parsers.
Args:
responses: A list of responses.
artifact_name: Name of the artifact that generated the responses.
source: The source responsible for producing the responses.
"""
artifact_return_types = self._GetArtifactReturnTypes(source)
if self.args.apply_parsers:
parser_factory = parsers.ArtifactParserFactory(artifact_name)
results = artifact.ApplyParsersToResponses(parser_factory, responses,
self)
else:
results = responses
# Increment artifact result count in flow progress.
progress = self._GetOrInsertArtifactProgress(artifact_name)
progress.num_results += len(results)
for result in results:
result_type = result.__class__.__name__
if result_type == "Anomaly":
self.SendReply(result)
elif (not artifact_return_types or result_type in artifact_return_types):
self.state.response_count += 1
self.SendReply(result, tag="artifact:%s" % artifact_name)
def _RunProcessors(self, artifact_name, responses):
"""Manages processing of raw data from the artifact collection.
The raw data and parsed results are stored in different result contexts:
Anomaly, Parser and Raw. Demuxing these results makes the specific data
types available to checks working in different contexts.
Then, iterate over the parsers that should be applied to the raw data and
map rdfvalues to the Parse context.
Args:
artifact_name: The name of the artifact being processed as a string.
responses: A list of RDF value responses.
"""
parser_factory = parsers.ArtifactParserFactory(artifact_name)
artifact_data = self.state.host_data.get(artifact_name)
results = artifact.ApplyParsersToResponses(parser_factory, responses, self)
for result in results:
if isinstance(result, rdf_anomaly.Anomaly):
artifact_data["ANOMALY"].append(result)
else:
artifact_data["PARSER"].append(result)
