def ParseOptions(cls, options, output_module):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
output_module (OutputModule): output module to configure.
Raises:
BadConfigObject: when the output module object does not have the
SetCredentials or SetDatabaseName methods.
"""
if not hasattr(output_module, u'SetCredentials'):
raise errors.BadConfigObject(
u'Unable to set username information.')
if not hasattr(output_module, u'SetDatabaseName'):
raise errors.BadConfigObject(
u'Unable to set database information.')
username = cls._ParseStringOption(options,
u'username',
default_value=cls._DEFAULT_USERNAME)
password = cls._ParseStringOption(options,
u'password',
default_value=cls._DEFAULT_PASSWORD)
name = cls._ParseStringOption(options,
u'db_name',
default_value=cls._DEFAULT_NAME)
output_module.SetCredentials(username=username, password=password)
output_module.SetDatabaseName(name)
server_config.ServerArgumentsHelper.ParseOptions(
options, output_module)
def _ParseExtractionOptions(self, options):
"""Parses the extraction options.
Args:
options (argparse.Namespace): command line arguments.
Raises:
BadConfigOption: if the options are invalid.
"""
self._hasher_names_string = getattr(
options, u'hashers', self._DEFAULT_HASHER_STRING)
if isinstance(self._hasher_names_string, py2to3.STRING_TYPES):
if self._hasher_names_string.lower() == u'list':
self.list_hashers = True
yara_rules_path = getattr(options, u'yara_rules_path', None)
if yara_rules_path:
try:
with open(yara_rules_path, 'rb') as rules_file:
yara_rules_string = rules_file.read()
# We try to parse the rules here, to check that the definitions are
# valid. We then pass the string definitions along to the workers, so
# that they don't need read access to the rules file.
yara.compile(source=yara_rules_string)
self._yara_rules_string = yara_rules_string
except IOError as exception:
raise errors.BadConfigObject(
u'Unable to read Yara rules file: {0:s}, error was: {1!s}'.format(
yara_rules_path, exception))
except yara.Error as exception:
raise errors.BadConfigObject(
u'Unable to parse Yara rules in: {0:s}, error was: {1!s}'.format(
yara_rules_path, exception))
parser_filter_expression = self.ParseStringOption(
options, u'parsers', default_value=u'')
self._parser_filter_expression = parser_filter_expression.replace(
u'\\', u'/')
if (isinstance(self._parser_filter_expression, py2to3.STRING_TYPES) and
self._parser_filter_expression.lower() == u'list'):
self.list_parsers_and_plugins = True
self._force_preprocessing = getattr(options, u'preprocess', False)
self._preferred_year = getattr(options, u'preferred_year', None)
if self._preferred_year:
try:
self._preferred_year = int(self._preferred_year, 10)
except ValueError:
raise errors.BadConfigOption(
u'Invalid preferred year: {0:s}.'.format(self._preferred_year))
self._process_archives = getattr(options, u'process_archives', False)
self._process_compressed_streams = getattr(
options, u'process_compressed_streams', True)
def ParseOptions(cls, options, configuration_object):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
configuration_object (CLITool): object to be configured by the argument
helper.
Raises:
BadConfigObject: when the configuration object is of the wrong type.
BadConfigOption: when the date filter is badly formatted.
"""
if not isinstance(configuration_object, tools.CLITool):
raise errors.BadConfigObject(
'Configuration object is not an instance of CLITool')
filter_collection = getattr(configuration_object, '_filter_collection',
None)
if not filter_collection:
raise errors.BadConfigObject(
'Filter collection missing from configuration object')
date_filters = getattr(options, 'date_filters', None)
if not date_filters:
return
file_entry_filter = file_entry_filters.DateTimeFileEntryFilter()
for date_filter in date_filters:
date_filter_pieces = date_filter.split(',')
if len(date_filter_pieces) != 3:
raise errors.BadConfigOption(
'Badly formed date filter: {0:s}'.format(date_filter))
time_value, start_time_string, end_time_string = date_filter_pieces
time_value = time_value.strip()
start_time_string = start_time_string.strip()
end_time_string = end_time_string.strip()
try:
file_entry_filter.AddDateTimeRange(
time_value,
start_time_string=start_time_string,
end_time_string=end_time_string)
except ValueError:
raise errors.BadConfigOption(
'Badly formed date filter: {0:s}'.format(date_filter))
filter_collection.AddFilter(file_entry_filter)
def ParseOptions(cls, options, analysis_plugin):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options object.
analysis_plugin (NsrlsvrAnalysisPlugin): analysis plugin to configure.
Raises:
BadConfigObject: when the analysis plugin is the wrong type.
BadConfigOption: when unable to connect to nsrlsvr instance.
"""
if not isinstance(analysis_plugin, nsrlsvr.NsrlsvrAnalysisPlugin):
raise errors.BadConfigObject(
'Analysis plugin is not an instance of NsrlsvrAnalysisPlugin')
label = cls._ParseStringOption(
options, 'nsrlsvr_label', default_value=cls._DEFAULT_LABEL)
analysis_plugin.SetLabel(label)
lookup_hash = cls._ParseStringOption(
options, 'nsrlsvr_hash', default_value=cls._DEFAULT_HASH)
analysis_plugin.SetLookupHash(lookup_hash)
host = cls._ParseStringOption(
options, 'nsrlsvr_host', default_value=cls._DEFAULT_HOST)
analysis_plugin.SetHost(host)
port = cls._ParseNumericOption(
options, 'nsrlsvr_port', default_value=cls._DEFAULT_PORT)
analysis_plugin.SetPort(port)
if not analysis_plugin.TestConnection():
raise errors.BadConfigOption(
'Unable to connect to nsrlsvr {0:s}:{1:d}'.format(host, port))
def ParseOptions(cls, options, output_module):
"""Parses and validates options.
Args:
options: the parser option object (instance of argparse.Namespace).
output_module: an output module (instance of OutputModule).
Raises:
BadConfigObject: when the output module object is of the wrong type.
BadConfigOption: when a configuration parameter fails validation.
"""
if not isinstance(output_module,
shared_4n6time.Base4n6TimeOutputModule):
raise errors.BadConfigObject(
u'Output module is not an instance of Base4n6TimeOutputModule')
append = getattr(options, u'append', False)
evidence = getattr(options, u'evidence', u'-')
fields = getattr(options, u'fields', None)
if not fields:
fields = cls._DEFAULT_FIELDS
output_module.SetAppendMode(append)
output_module.SetEvidence(evidence)
output_module.SetFields(fields)
def ParseOptions(cls, options, configuration_object):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
configuration_object (CLITool): object to be configured by the argument
helper.
Raises:
BadConfigObject: when the configuration object is of the wrong type.
BadConfigOption: when the output format is not supported or the output
is not provided or already exists.
"""
if not isinstance(configuration_object, tools.CLITool):
raise errors.BadConfigObject(
'Configuration object is not an instance of CLITool')
output_format = getattr(options, 'output_format', 'dynamic')
output_filename = getattr(options, 'write', None)
if output_format != 'list':
if not output_manager.OutputManager.HasOutputClass(output_format):
raise errors.BadConfigOption(
'Unsupported output format: {0:s}.'.format(output_format))
setattr(configuration_object, '_output_format', output_format)
setattr(configuration_object, '_output_filename', output_filename)
def ParseOptions(cls, options, configuration_object):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
configuration_object (CLITool): object to be configured by the argument
helper.
Raises:
BadConfigObject: when the configuration object is of the wrong type.
"""
if not isinstance(configuration_object, tools.CLITool):
raise errors.BadConfigObject(
'Configuration object is not an instance of CLITool')
preprocess = getattr(options, 'preprocess', False)
preferred_year = cls._ParseNumericOption(options, 'preferred_year')
process_archives = getattr(options, 'process_archives', False)
process_compressed_streams = getattr(options,
'process_compressed_streams',
True)
setattr(configuration_object, '_force_preprocessing', preprocess)
setattr(configuration_object, '_preferred_year', preferred_year)
setattr(configuration_object, '_process_archives', process_archives)
setattr(configuration_object, '_process_compressed_streams',
process_compressed_streams)
def ParseOptions(cls, options, configuration_object):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
configuration_object (CLITool): object to be configured by the argument
helper.
Raises:
BadConfigObject: when the configuration object is of the wrong type.
BadConfigOption: when the location of the data files cannot be determined.
"""
if not isinstance(configuration_object, tools.CLITool):
raise errors.BadConfigObject(
'Configuration object is not an instance of CLITool')
data_location = cls._ParseStringOption(options, 'data_location')
if not data_location:
# Determine the source root path, which is 3 directories up from
# the location of the script.
data_location = os.path.dirname(cls._PATH)
data_location = os.path.dirname(data_location)
data_location = os.path.dirname(data_location)
data_location = os.path.dirname(data_location)
# There are multiple options to run a tool e.g. running from source or
# from an egg file.
data_location_egg = os.path.join(data_location, 'share', 'plaso')
data_location_source = os.path.join(data_location, 'data')
data_location = None
if os.path.exists(data_location_egg) and os.path.isfile(os.path.join(
data_location_egg, 'plaso-data.README')):
data_location = data_location_egg
elif os.path.exists(data_location_source) and os.path.isfile(os.path.join(
data_location_source, 'plaso-data.README')):
data_location = data_location_source
if not data_location or not os.path.exists(data_location):
data_location = os.path.join(sys.prefix, 'share', 'plaso')
if not os.path.exists(data_location):
data_location = os.path.join(sys.prefix, 'local', 'share', 'plaso')
if sys.prefix != '/usr':
if not os.path.exists(data_location):
data_location = os.path.join('/usr', 'share', 'plaso')
if not os.path.exists(data_location):
data_location = os.path.join('/usr', 'local', 'share', 'plaso')
if not os.path.exists(data_location) or not os.path.isfile(os.path.join(
data_location, 'plaso-data.README')):
data_location = None
if not data_location:
raise errors.BadConfigOption(
'Unable to determine location of data files.')
logger.info('Determined data location: {0:s}'.format(data_location))
setattr(configuration_object, '_data_location', data_location)
def ParseOptions(cls, options, configuration_object):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
configuration_object (CLITool): object to be configured by the argument
helper.
Raises:
BadConfigObject: when the configuration object is of the wrong type.
"""
if not isinstance(configuration_object, tools.CLITool):
raise errors.BadConfigObject(
u'Configuration object is not an instance of CLITool')
plugin_names_argument = cls._ParseStringOption(options,
u'analysis_plugins')
if plugin_names_argument and plugin_names_argument != u'list':
available_plugin_names = (
analysis_manager.AnalysisPluginManager.GetPluginNames())
plugin_names_argument = [
name.strip() for name in plugin_names_argument.split(u',')
]
difference = set(plugin_names_argument).difference(
available_plugin_names)
if difference:
raise errors.BadConfigOption(
u'Non-existent analysis plugins specified: {0:s}'.format(
u' '.join(difference)))
setattr(configuration_object, u'_analysis_plugins',
plugin_names_argument)
def ParseOptions(cls, options, output_module):
"""Parses and validates options.
Args:
options: the parser option object (instance of argparse.Namespace).
output_module: an output module (instance of OutputModule).
Raises:
BadConfigObject: when the output module object is of the wrong type.
BadConfigOption: when the output filename was not provided.
"""
if not isinstance(output_module,
sqlite_4n6time.SQLite4n6TimeOutputModule):
raise errors.BadConfigObject(
u'Output module is not an instance of SQLite4n6TimeOutputModule'
)
shared_4n6time_output.Shared4n6TimeOutputHelper.ParseOptions(
options, output_module)
filename = getattr(options, u'write', None)
if not filename:
raise errors.BadConfigOption(
u'Output filename was not provided use "-w filename" to specify.'
)
output_module.SetFilename(filename)
def ParseOptions(cls, options, output_module):
"""Parses and validates options.
Args:
options: the parser option object (instance of argparse.Namespace).
output_module: an output module (instance of OutputModule).
Raises:
BadConfigObject: when the output module object is of the wrong type.
BadConfigOption: when a configuration parameter fails validation.
"""
if not hasattr(output_module, u'SetServerInformation'):
raise errors.BadConfigObject(u'Unable to set server information.')
server = getattr(options, u'server', None)
if not server:
server = cls._DEFAULT_SERVER
port = getattr(options, u'port', None)
if port and not isinstance(port, (int, long)):
raise errors.BadConfigOption(u'Invalid port value not an integer.')
if not port:
port = cls._DEFAULT_PORT
output_module.SetServerInformation(server, port)
def ParseOptions(cls, options, output_module):
"""Parses and validates options.
Args:
options: the parser option object (instance of argparse.Namespace).
output_module: an output module (instance of OutputModule).
Raises:
BadConfigObject: when the output module object is of the wrong type.
BadConfigOption: when a configuration parameter fails validation.
"""
if not hasattr(output_module, u'SetCredentials'):
raise errors.BadConfigObject(u'Unable to set username information.')
username = getattr(options, u'username', None)
if not username:
username = cls._DEFAULT_USERNAME
password = getattr(options, u'password', None)
if not password:
password = cls._DEFAULT_PASSWORD
name = getattr(options, u'db_name', None)
if not name:
name = cls._DEFAULT_NAME
output_module.SetCredentials(
username=username, password=password)
output_module.SetDatabaseName(name)
server_config.BaseServerConfigHelper.ParseOptions(options, output_module)
def ParseOptions(cls, options, configuration_object):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
configuration_object (CLITool): object to be configured by the argument
helper.
Raises:
BadConfigObject: when the configuration object is of the wrong type.
BadConfigOption: when a configuration parameter fails validation.
"""
if not isinstance(configuration_object, tools.CLITool):
raise errors.BadConfigObject(
'Configuration object is not an instance of CLITool')
hashers = cls._ParseStringOption(
options, 'hashers', default_value=cls._DEFAULT_HASHER_STRING)
hasher_file_size_limit = cls._ParseNumericOption(
options, 'hasher_file_size_limit', default_value=0)
# TODO: validate hasher names.
if hasher_file_size_limit < 0:
raise errors.BadConfigOption(
'Invalid hasher file size limit value cannot be negative.')
setattr(configuration_object, '_hasher_names_string', hashers)
setattr(configuration_object, '_hasher_file_size_limit',
hasher_file_size_limit)
def ParseOptions(cls, options, output_module):
"""Parses and validates options.
Args:
options: the parser option object (instance of argparse.Namespace).
output_module: an output module (instance of OutputModule).
Raises:
BadConfigObject: when the output module object is of the wrong type.
"""
if not isinstance(output_module,
shared_4n6time.Base4n6TimeOutputModule):
raise errors.BadConfigObject(
u'Output module is not an instance of Base4n6TimeOutputModule')
append = getattr(options, u'append', cls._DEFAULT_APPEND)
evidence = cls._ParseStringOption(options,
u'evidence',
default_value=cls._DEFAULT_EVIDENCE)
fields = cls._ParseStringOption(options,
u'fields',
default_value=cls._DEFAULT_FIELDS)
output_module.SetAppendMode(append)
output_module.SetEvidence(evidence)
output_module.SetFields(
[field_name.strip() for field_name in fields.split(u',')])
def ParseOptions(cls, options, output_module):
"""Parses and validates options.
Args:
options: the parser option object (instance of argparse.Namespace).
output_module: an output module (instance of OutputModule).
Raises:
BadConfigObject: when the output module object is of the wrong type.
BadConfigOption: when a configuration parameter fails validation.
"""
if not isinstance(output_module,
timesketch_out.TimesketchOutputModule):
raise errors.BadConfigObject(
u'Output module is not an instance of TimesketchOutputModule')
output_format = getattr(options, u'output_format', None)
if output_format != u'timesketch':
raise errors.BadConfigOption(
u'Only works on Timesketch output module.')
flush_interval = getattr(options, u'flush_interval', None)
if flush_interval:
output_module.SetFlushInterval(flush_interval)
index = getattr(options, u'index', None)
if index:
output_module.SetIndex(index)
name = getattr(options, u'timeline_name', None)
if name:
output_module.SetName(name)
def ParseOptions(cls, options, output_module): # pylint: disable=arguments-differ
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
output_module (OutputModule): output module to configure.
Raises:
BadConfigObject: when the output module object is of the wrong type.
BadConfigOption: when the output filename was not provided.
"""
if not isinstance(output_module, dynamic.DynamicOutputModule):
raise errors.BadConfigObject(
'Output module is not an instance of DynamicOutputModule')
default_fields = ','.join(cls._DEFAULT_FIELDS)
fields = cls._ParseStringOption(
options, 'fields', default_value=default_fields)
additional_fields = cls._ParseStringOption(options, 'additional_fields')
if additional_fields:
fields = ','.join([fields, additional_fields])
output_module.SetFields([
field_name.strip() for field_name in fields.split(',')])
def ParseOptions(cls, options, configuration_object):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
configuration_object (CLITool): object to be configured by the argument
helper.
Raises:
BadConfigObject: when the configuration object is of the wrong type.
"""
if not isinstance(configuration_object, tools.CLITool):
raise errors.BadConfigObject(
u'Configuration object is not an instance of CLITool')
output_format = getattr(options, u'output_format', u'dynamic')
output_filename = getattr(options, u'write', None)
if output_format != u'list':
if not output_manager.OutputManager.HasOutputClass(output_format):
raise errors.BadConfigOption(
u'Unsupported output format: {0:s}.'.format(output_format))
if output_manager.OutputManager.IsLinearOutputModule(output_format):
if not output_filename:
raise errors.BadConfigOption((
u'Output format: {0:s} requires an output file').format(
output_format))
if os.path.exists(output_filename):
raise errors.BadConfigOption(
u'Output file already exists: {0:s}.'.format(output_filename))
setattr(configuration_object, u'_output_format', output_format)
setattr(configuration_object, u'_output_filename', output_filename)
def ParseOptions(cls, options, configuration_object):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
configuration_object (CLITool): object to be configured by the argument
helper.
Raises:
BadConfigObject: when the configuration object is of the wrong type.
"""
if not isinstance(configuration_object, tools.CLITool):
raise errors.BadConfigObject(
'Configuration object is not an instance of CLITool')
analysis_plugins = cls._ParseStringOption(options, 'analysis_plugins')
if analysis_plugins and analysis_plugins.lower() != 'list':
plugin_names = analysis_manager.AnalysisPluginManager.GetPluginNames(
)
analysis_plugins = [
name.strip() for name in analysis_plugins.split(',')
]
difference = set(analysis_plugins).difference(plugin_names)
if difference:
raise errors.BadConfigOption(
'Non-existent analysis plugins specified: {0:s}'.format(
' '.join(difference)))
setattr(configuration_object, '_analysis_plugins', analysis_plugins)
def ParseOptions(cls, options, output_module):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
output_module (OutputModule): output module to configure.
Raises:
BadConfigObject: when the output module object is of the wrong type.
BadConfigOption: when a configuration parameter fails validation.
"""
if not isinstance(output_module, elastic.ElasticSearchOutputModule):
raise errors.BadConfigObject(
u'Output module is not an instance of ElasticSearchOutputModule')
index_name = cls._ParseStringOption(
options, u'index_name', default_value=cls._DEFAULT_INDEX_NAME)
doc_type = cls._ParseStringOption(
options, u'doc_type', default_value=cls._DEFAULT_DOC_TYPE)
flush_interval = cls._ParseIntegerOption(
options, u'flush_interval', default_value=cls._DEFAULT_FLUSH_INTERVAL)
raw_fields = getattr(
options, u'raw_fields', cls._DEFAULT_RAW_FIELDS)
ElasticSearchServerArgumentsHelper.ParseOptions(options, output_module)
output_module.SetIndexName(index_name)
output_module.SetDocType(doc_type)
output_module.SetFlushInterval(flush_interval)
output_module.SetRawFields(raw_fields)
def ParseOptions(cls, options, configuration_object):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
configuration_object (CLITool): object to be configured by the argument
helper.
Raises:
BadConfigObject: when the configuration object is of the wrong type.
BadConfigOption: when a configuration parameter fails validation.
"""
if not isinstance(configuration_object, tools.CLITool):
raise errors.BadConfigObject(
'Configuration object is not an instance of CLITool')
process_memory_limit = cls._ParseNumericOption(options,
'process_memory_limit')
if process_memory_limit and process_memory_limit < 0:
raise errors.BadConfigOption(
'Invalid process memory limit value cannot be negative.')
setattr(configuration_object, '_process_memory_limit',
process_memory_limit)
def ParseOptions(cls, options, output_module):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
output_module (TimesketchOutputModule): output module to configure.
Raises:
BadConfigObject: when the output module object is of the wrong type.
BadConfigOption: when a configuration parameter fails validation.
"""
if not isinstance(output_module, timesketch_out.TimesketchOutputModule):
raise errors.BadConfigObject(
u'Output module is not an instance of TimesketchOutputModule')
doc_type = cls._ParseStringOption(
options, u'doc_time', default_value=cls._DEFAULT_DOC_TYPE)
output_module.SetDocType(doc_type)
flush_interval = cls._ParseIntegerOption(
options, u'flush_interval', default_value=cls._DEFAULT_FLUSH_INTERVAL)
output_module.SetFlushInterval(flush_interval)
index = cls._ParseStringOption(
options, u'index', default_value=cls._DEFAULT_UUID)
output_module.SetIndexName(index)
name = cls._ParseStringOption(
options, u'timeline_name', default_value=cls._DEFAULT_NAME)
output_module.SetTimelineName(name)
username = cls._ParseStringOption(
options, u'username', default_value=cls._DEFAULT_USERNAME)
output_module.SetUserName(username)
def ParseOptions(cls, options, configuration_object):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
configuration_object (CLITool): object to be configured by the argument
helper.
Raises:
BadConfigObject: when the configuration object is of the wrong type.
BadConfigOption: if the storage format is not defined or supported.
"""
if not isinstance(configuration_object, tools.CLITool):
raise errors.BadConfigObject(
'Configuration object is not an instance of CLITool')
storage_format = cls._ParseStringOption(options, 'storage_format')
if not storage_format:
raise errors.BadConfigOption('Unable to determine storage format.')
if storage_format not in definitions.STORAGE_FORMATS:
raise errors.BadConfigOption(
'Unsupported storage format: {0:s}'.format(storage_format))
setattr(configuration_object, '_storage_format', storage_format)
def ParseOptions(cls, options, output_module):
"""Parses and validates options.
Args:
options: the parser option object (instance of argparse.Namespace).
output_module: an output module (instance of OutputModule).
Raises:
BadConfigObject: when the output module object is of the wrong type.
BadConfigOption: when a configuration parameter fails validation.
"""
if not isinstance(output_module, elastic.ElasticSearchOutputModule):
raise errors.BadConfigObject(
u'Output module is not an instance of ElasticSearchOutputModule'
)
output_format = getattr(options, u'output_format', None)
if output_format != u'elastic':
raise errors.BadConfigOption(
u'Only works on Elastic output module.')
case_name = cls._ParseStringOption(options,
u'case_name',
default_value=cls._DEFAULT_CASE)
document_type = cls._ParseStringOption(
options,
u'document_type',
default_value=cls._DEFAULT_DOCUMENT_TYPE)
ElasticServer.ParseOptions(options, output_module)
output_module.SetCaseName(case_name)
output_module.SetDocumentType(document_type)
def ParseOptions(cls, options, output_module):
"""Parses and validates options.
Args:
options: the parser option object (instance of argparse.Namespace).
output_module: an output module (instance of OutputModule).
Raises:
BadConfigObject: when the output module object is of the wrong type.
BadConfigOption: when the output filename was not provided.
"""
if not isinstance(output_module, xlsx.XLSXOutputModule):
raise errors.BadConfigObject(
u'Output module is not an instance of XLSXOutputModule')
fields = cls._ParseStringOption(options,
u'fields',
default_value=cls._DEFAULT_FIELDS)
filename = getattr(options, u'write', None)
if not filename:
raise errors.BadConfigOption(
u'Output filename was not provided use "-w filename" to specify.'
)
timestamp_format = cls._ParseStringOption(
options,
u'timestamp_format',
default_value=cls._DEFAULT_TIMESTAMP_FORMAT)
output_module.SetFields(
[field_name.strip() for field_name in fields.split(u',')])
output_module.SetFilename(filename)
output_module.SetTimestampFormat(timestamp_format)
def ParseOptions(cls, options, analysis_plugin):
"""Parses and validates options.
Args:
options: the parser option object (instance of argparse.Namespace).
analysis_plugin: an analysis plugin (instance of AnalysisPlugin).
Raises:
BadConfigObject: when the output module object is of the wrong type.
BadConfigOption: when a configuration parameter fails validation.
"""
if not isinstance(analysis_plugin,
virustotal.VirusTotalAnalysisPlugin):
raise errors.BadConfigObject(
u'Analysis plugin is not an instance of VirusTotalAnalysisPlugin'
)
api_key = cls._ParseStringOption(options, u'virustotal_api_key')
if not api_key:
raise errors.BadConfigOption(
u'VirusTotal API key not specified. Try again with '
u'--virustotal-api-key.')
analysis_plugin.SetAPIKey(api_key)
rate_limit = getattr(options, u'virustotal_rate_limit',
cls._DEFAULT_RATE_LIMIT)
analysis_plugin.EnableFreeAPIKeyRateLimit(rate_limit)
def ParseOptions(cls, options, output_module):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
output_module (OutputModule): output module to configure.
Raises:
BadConfigObject: when the output module object is of the wrong type.
BadConfigOption: when a configuration parameter fails validation.
"""
if not isinstance(output_module,
elastic_ts.ElasticTimesketchOutputModule):
raise errors.BadConfigObject(
'Output module is not an instance of ElasticsearchOutputModule'
)
elastic_output.ElasticSearchOutputArgumentsHelper.ParseOptions(
options, output_module)
timeline_identifier = cls._ParseNumericOption(
options,
'timeline_identifier',
default_value=cls._DEFAULT_TIMELINE_IDENTIFIER)
if timeline_identifier:
output_module.SetTimelineIdentifier(timeline_identifier)
def ParseOptions(cls, options, configuration_object):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
configuration_object (CLITool): object to be configured by the argument
helper.
Raises:
BadConfigObject: when the configuration object is of the wrong type.
BadConfigOption: if the collection file does not exist.
"""
if not isinstance(configuration_object, tools.CLITool):
raise errors.BadConfigObject(
'Configuration object is not an instance of CLITool')
filter_file = cls._ParseStringOption(options, 'file_filter')
# Search the data location for the filter file.
if filter_file and not os.path.isfile(filter_file):
data_location = getattr(configuration_object, '_data_location',
None)
if data_location:
filter_file_basename = os.path.basename(filter_file)
filter_file_path = os.path.join(data_location,
filter_file_basename)
if os.path.isfile(filter_file_path):
filter_file = filter_file_path
if filter_file and not os.path.isfile(filter_file):
raise errors.BadConfigOption(
'No such collection filter file: {0:s}.'.format(filter_file))
setattr(configuration_object, '_filter_file', filter_file)
def ParseOptions(cls, options, analysis_plugin):
"""Parses and validates options.
Args:
options: the parser option object (instance of argparse.Namespace).
analysis_plugin: an analysis plugin (instance of OutputModule).
Raises:
BadConfigObject: when the output module object is of the wrong type.
BadConfigOption: when a configuration parameter fails validation.
"""
if not isinstance(analysis_plugin, tagging.TaggingPlugin):
raise errors.BadConfigObject(
u'Analysis plugin is not an instance of TaggingPlugin')
tagging_file = getattr(options, u'tagging_file', None)
if tagging_file:
if not os.path.exists(tagging_file) or not os.path.isfile(tagging_file):
# Check if the file exists in the data location path.
data_location = getattr(options, 'data_location', None)
if data_location:
new_tagging_path = os.path.join(data_location, tagging_file)
if os.path.exists(new_tagging_path) and os.path.isfile(
new_tagging_path):
analysis_plugin.SetAndLoadTagFile(new_tagging_path)
return
raise errors.BadConfigOption(
u'Tagging file {0:s} does not exist.'.format(tagging_file))
analysis_plugin.SetAndLoadTagFile(tagging_file)
def ParseOptions(cls, options, analysis_plugin):
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
analysis_plugin (VirusTotalAnalysisPlugin): analysis plugin to configure.
Raises:
BadConfigObject: when the output module object is of the wrong type.
BadConfigOption: when a configuration parameter fails validation.
"""
if not isinstance(analysis_plugin,
virustotal.VirusTotalAnalysisPlugin):
raise errors.BadConfigObject(
u'Analysis plugin is not an instance of VirusTotalAnalysisPlugin'
)
api_key = cls._ParseStringOption(options, u'virustotal_api_key')
if not api_key:
raise errors.BadConfigOption(
u'VirusTotal API key not specified. Try again with '
u'--virustotal-api-key.')
analysis_plugin.SetAPIKey(api_key)
enable_rate_limit = getattr(options, u'virustotal_free_rate_limit',
cls._DEFAULT_RATE_LIMIT)
if enable_rate_limit:
analysis_plugin.EnableFreeAPIKeyRateLimit()
lookup_hash = cls._ParseStringOption(options,
u'virustotal_hash',
default_value=cls._DEFAULT_HASH)
analysis_plugin.SetLookupHash(lookup_hash)
def ParseOptions(cls, options, analysis_plugin): # pylint: disable=arguments-renamed
"""Parses and validates options.
Args:
options (argparse.Namespace): parser options.
analysis_plugin (OutputModule): analysis_plugin to configure.
Raises:
BadConfigObject: when the output module object is of the wrong type.
BadConfigOption: when a configuration parameter fails validation.
"""
if not isinstance(analysis_plugin,
sessionize.SessionizeAnalysisPlugin):
raise errors.BadConfigObject(
'Analysis plugin is not an instance of SessionizeAnalysisPlugin'
)
maximum_pause = cls._ParseNumericOption(options,
'sessionize_maximumpause',
default_value=10)
if maximum_pause <= 0:
raise errors.BadConfigOption(
'Maximum pause value {0:d} is not supported. '
'Value must be greater than 0.'.format(maximum_pause))
analysis_plugin.SetMaximumPause(maximum_pause)