def _ParseESEDBFileWithPlugin(
self, path_segments, plugin, knowledge_base_values=None):
"""Parses a file as an ESE database file and returns an event generator.
Args:
path_segments (list[str]): path segments inside the test data directory.
plugin (ESEDBPlugin): ESE database plugin.
knowledge_base_values (Optional[dict[str, object]]): knowledge base
values.
Returns:
FakeStorageWriter: storage writer.
"""
session = sessions.Session()
storage_writer = fake_writer.FakeStorageWriter(session)
storage_writer.Open()
file_entry = self._GetTestFileEntry(path_segments)
parser_mediator = self._CreateParserMediator(
storage_writer, file_entry=file_entry,
knowledge_base_values=knowledge_base_values)
file_object = file_entry.GetFileObject()
try:
esedb_file = pyesedb.file()
esedb_file.open_file_object(file_object)
cache = esedb.ESEDBCache()
plugin.Process(parser_mediator, cache=cache, database=esedb_file)
esedb_file.close()
finally:
file_object.close()
return storage_writer
def _ParseESEDBFileWithPlugin(self,
path_segments,
plugin,
knowledge_base_values=None):
"""Parses a file as an ESE database file and returns an event generator.
This method will first test if an ESE database contains the required tables
using plugin.CheckRequiredTables() and then extracts events using
plugin.Process().
Args:
path_segments (list[str]): path segments inside the test data directory.
plugin (ESEDBPlugin): ESE database plugin.
knowledge_base_values (Optional[dict[str, object]]): knowledge base
values.
Returns:
FakeStorageWriter: storage writer.
"""
session = sessions.Session()
storage_writer = fake_writer.FakeStorageWriter(session)
storage_writer.Open()
file_entry = self._GetTestFileEntry(path_segments)
parser_mediator = self._CreateParserMediator(
storage_writer,
file_entry=file_entry,
knowledge_base_values=knowledge_base_values)
file_object = file_entry.GetFileObject()
try:
database = esedb.ESEDatabase()
database.Open(file_object)
required_tables_exist = plugin.CheckRequiredTables(database)
self.assertTrue(required_tables_exist)
cache = esedb.ESEDBCache()
plugin.Process(parser_mediator, cache=cache, database=database)
database.Close()
finally:
file_object.close()
return storage_writer
def _ParseESEDBFileWithPlugin(self,
path_segments,
plugin_object,
knowledge_base_values=None):
"""Parses a file as an ESE database file and returns an event generator.
Args:
path_segments: a list of strings containinge the path segments inside
the test data directory.
plugin_object: an ESE database plugin object (instance of ESEDBPlugin).
knowledge_base_values: optional dictionary containing the knowledge base
values.
Returns:
A storage writer object (instance of FakeStorageWriter).
"""
session = sessions.Session()
storage_writer = fake_storage.FakeStorageWriter(session)
storage_writer.Open()
file_entry = self._GetTestFileEntry(path_segments)
parser_mediator = self._CreateParserMediator(
storage_writer,
file_entry=file_entry,
knowledge_base_values=knowledge_base_values)
file_object = file_entry.GetFileObject()
try:
esedb_file = pyesedb.file()
esedb_file.open_file_object(file_object)
cache = esedb.ESEDBCache()
plugin_object.Process(parser_mediator,
cache=cache,
database=esedb_file)
esedb_file.close()
finally:
file_object.close()
return storage_writer
