def WriteSerializedListObject(cls, proto_attribute, attribute_name,
list_object):
"""Writes a list event attribute to serialized form.
Args:
proto_attribute: a protobuf attribute object.
attribute_name: the name of the attribute.
list_object: a list object that is the value of the attribute.
Raises:
AttributeError: if the attribute cannot be merged with the list.
"""
list_proto = plaso_storage_pb2.Array()
for list_value in list_object:
list_proto_add = list_proto.values.add()
cls.WriteSerializedObject(list_proto_add, u'', list_value)
list_attribute = getattr(proto_attribute, attribute_name)
try:
list_attribute.MergeFrom(list_proto)
except AttributeError as exception:
raise AttributeError(
u'Unable to merge attribute: {0:s} with error: {1:s}'.format(
attribute_name, exception))
def WriteSerializedObject(cls, preprocess_object):
"""Writes a preprocessing object to serialized form.
Args:
preprocess_object: a preprocessing object (instance of PreprocessObject).
Returns:
A protobuf object containing the serialized form (instance of
plaso_storage_pb2.PreProcess).
"""
proto = plaso_storage_pb2.PreProcess()
for attribute, value in iter(preprocess_object.__dict__.items()):
if value is None:
continue
if attribute == u'collection_information':
zone = value.get(u'configured_zone', u'')
if zone and hasattr(zone, u'zone'):
value[u'configured_zone'] = u'{0:s}'.format(zone.zone)
ProtobufEventAttributeSerializer.WriteSerializedDictObject(
proto, u'collection_information', value)
elif attribute == u'counter':
value_dict = dict(value.items())
ProtobufEventAttributeSerializer.WriteSerializedDictObject(
proto, u'counter', value_dict)
elif attribute == u'plugin_counter':
value_dict = dict(value.items())
ProtobufEventAttributeSerializer.WriteSerializedDictObject(
proto, u'plugin_counter', value_dict)
elif attribute == u'store_range':
range_proto = plaso_storage_pb2.Array()
range_start = range_proto.values.add()
range_start.integer = int(value[0])
range_end = range_proto.values.add()
range_end.integer = int(value[-1])
proto.store_range.MergeFrom(range_proto)
else:
if attribute == u'zone':
value = u'{0:s}'.format(value.zone)
if isinstance(value, (bool, float, py2to3.INTEGER_TYPES)) or value:
proto_attribute = proto.attributes.add()
ProtobufEventAttributeSerializer.WriteSerializedObject(
proto_attribute, attribute, value)
return proto
def WriteSerializedObject(cls, analysis_report):
"""Writes an analysis report to serialized form.
Args:
analysis_report: an analysis report (instance of AnalysisReport).
Returns:
A protobuf object containing the serialized form (instance of
plaso_storage_pb2.AnalysisReport).
"""
proto = plaso_storage_pb2.AnalysisReport()
for attribute_name, attribute_value in analysis_report.GetAttributes():
if attribute_value is None:
continue
if attribute_name == u'_event_tags':
for event_tag in attribute_value:
event_tag_proto = ProtobufEventTagSerializer.WriteSerializedObject(
event_tag)
# pylint: disable=protected-access
proto._event_tags.MergeFrom(event_tag_proto)
elif attribute_name == u'images':
for image in attribute_value:
proto.images.append(image)
elif attribute_name == u'report_array':
list_proto = plaso_storage_pb2.Array()
for value in getattr(analysis_report, u'report_array', []):
sub_proto = list_proto.values.add()
ProtobufEventAttributeSerializer.WriteSerializedObject(
sub_proto, u'', value)
proto.report_array.MergeFrom(list_proto)
elif attribute_name == u'report_dict':
dict_proto = plaso_storage_pb2.Dict()
dict_object = getattr(analysis_report, u'report_dict', {})
for key, value in iter(dict_object.items()):
sub_proto = dict_proto.attributes.add()
ProtobufEventAttributeSerializer.WriteSerializedObject(
sub_proto, key, value)
proto.report_dict.MergeFrom(dict_proto)
else:
setattr(proto, attribute_name, attribute_value)
return proto
def WriteSerializedListObject(
cls, proto_attribute, attribute_name, list_object):
"""Writes a list event attribute to serialized form.
Args:
proto_attribute: a protobuf attribute object.
attribute_name: the name of the attribute.
list_object: a list object that is the value of the attribute.
"""
list_proto = plaso_storage_pb2.Array()
for list_value in list_object:
list_proto_add = list_proto.values.add()
cls.WriteSerializedObject(list_proto_add, '', list_value)
list_attribute = getattr(proto_attribute, attribute_name)
list_attribute.MergeFrom(list_proto)
def WriteSerializedObject(cls, pre_obj):
"""Writes a preprocessing object to serialized form.
Args:
pre_obj: a preprocessing object (instance of PreprocessObject).
Returns:
A protobuf object containing the serialized form (instance of
plaso_storage_pb2.PreProcess).
"""
proto = plaso_storage_pb2.PreProcess()
for attribute, value in pre_obj.__dict__.items():
if attribute == 'collection_information':
zone = value.get('configured_zone', '')
if zone and hasattr(zone, 'zone'):
value['configured_zone'] = zone.zone
ProtobufEventAttributeSerializer.WriteSerializedDictObject(
proto, 'collection_information', value)
elif attribute == 'counter':
value_dict = dict(value.items())
ProtobufEventAttributeSerializer.WriteSerializedDictObject(
proto, 'counter', value_dict)
elif attribute == 'plugin_counter':
value_dict = dict(value.items())
ProtobufEventAttributeSerializer.WriteSerializedDictObject(
proto, 'plugin_counter', value_dict)
elif attribute == 'store_range':
range_proto = plaso_storage_pb2.Array()
range_start = range_proto.values.add()
range_start.integer = int(value[0])
range_end = range_proto.values.add()
range_end.integer = int(value[-1])
proto.store_range.MergeFrom(range_proto)
else:
if attribute == 'zone':
value = value.zone
if isinstance(value, (bool, int, float, long)) or value:
proto_attribute = proto.attributes.add()
ProtobufEventAttributeSerializer.WriteSerializedObject(
proto_attribute, attribute, value)
return proto
def WriteSerializedObject(cls, analysis_report):
"""Writes an analysis report to serialized form.
Args:
analysis_report: an analysis report (instance of AnalysisReport).
Returns:
A protobuf object containing the serialized form (instance of
plaso_storage_pb2.AnalysisReport).
"""
proto = plaso_storage_pb2.AnalysisReport()
proto.time_compiled = getattr(analysis_report, u'time_compiled', 0)
plugin_name = getattr(analysis_report, u'plugin_name', None)
if plugin_name:
proto.plugin_name = plugin_name
proto.text = getattr(analysis_report, u'text', u'N/A')
for image in getattr(analysis_report, u'images', []):
proto.images.append(image)
if hasattr(analysis_report, u'report_dict'):
dict_proto = plaso_storage_pb2.Dict()
dict_object = getattr(analysis_report, u'report_dict', {})
for key, value in iter(dict_object.items()):
sub_proto = dict_proto.attributes.add()
ProtobufEventAttributeSerializer.WriteSerializedObject(
sub_proto, key, value)
proto.report_dict.MergeFrom(dict_proto)
if hasattr(analysis_report, u'report_array'):
list_proto = plaso_storage_pb2.Array()
for value in getattr(analysis_report, u'report_array', []):
sub_proto = list_proto.values.add()
ProtobufEventAttributeSerializer.WriteSerializedObject(
sub_proto, u'', value)
proto.report_array.MergeFrom(list_proto)
return proto
def setUp(self):
"""Makes preparations before running an individual test."""
parsers = [
u'esedb', u'chrome_preferences', u'winfirewall', u'android_app_usage',
u'selinux', u'recycle_bin', u'pls_recall', u'filestat', u'sqlite',
u'cups_ipp', u'winiis', u'lnk', u'rplog', u'symantec_scanlog',
u'recycle_bin_info2', u'winevtx', u'plist', u'bsm_log', u'mac_keychain',
u'pcap', u'mac_securityd', u'utmp', u'pe', u'asl_log', u'opera_global',
u'custom_destinations', u'chrome_cache', u'popularity_contest',
u'prefetch', u'winreg', u'msiecf', u'bencode', u'skydrive_log',
u'openxml', u'xchatscrollback', u'utmpx', u'binary_cookies', u'syslog',
u'hachoir', u'opera_typed_history', u'winevt', u'mac_appfirewall_log',
u'winjob', u'olecf', u'xchatlog', u'macwifi', u'mactime', u'java_idx',
u'firefox_cache', u'mcafee_protection', u'skydrive_log_error']
self._collection_information = {
u'cmd_line': (
u'/usr/bin/log2timeline.py pinfo_test.out tsk_volume_system.raw'),
u'configured_zone': u'UTC',
u'debug': False,
u'file_processed': u'/tmp/tsk_volume_system.raw',
u'image_offset': 180224,
u'method': u'imaged processed',
u'os_detected': u'N/A',
u'output_file': u'pinfo_test.out',
u'parser_selection': u'(no list set)',
u'parsers': parsers,
u'preferred_encoding': u'utf-8',
u'preprocess': True,
u'protobuf_size': 0,
u'recursive': False,
u'runtime': u'multi process mode',
u'time_of_run': 1430290411000000,
u'version': u'1.2.1_20150424',
u'vss parsing': False,
u'workers': 0
}
self._stores = {
u'Number': 1,
u'Store 1': {
u'count': 3,
u'data_type': [u'fs:stat'],
u'parsers': [u'filestat'],
u'range': [1387891912000000, 1387891912000000],
u'type_count': [[u'fs:stat', 3]],
u'version': 1
}
}
self._counter = collections.Counter()
self._counter[u'filestat'] = 3
self._counter[u'total'] = 3
self._plugin_counter = collections.Counter()
attribute_serializer = protobuf_serializer.ProtobufEventAttributeSerializer
# Warning the order in which the attributes are added to the protobuf
# matters for the test.
proto = plaso_storage_pb2.PreProcess()
attribute_serializer.WriteSerializedDictObject(
proto, u'collection_information', self._collection_information)
attribute_serializer.WriteSerializedDictObject(
proto, u'counter', self._counter)
proto_attribute = proto.attributes.add()
attribute_serializer.WriteSerializedObject(
proto_attribute, u'guessed_os', u'None')
attribute_serializer.WriteSerializedDictObject(
proto, u'plugin_counter', self._plugin_counter)
# Add the store_range attribute.
range_proto = plaso_storage_pb2.Array()
range_start = range_proto.values.add()
range_start.integer = 1
range_end = range_proto.values.add()
range_end.integer = 1
proto.store_range.MergeFrom(range_proto)
proto_attribute = proto.attributes.add()
attribute_serializer.WriteSerializedObject(
proto_attribute, u'zone', u'{0!s}'.format(pytz.UTC))
proto_attribute = proto.attributes.add()
attribute_serializer.WriteSerializedObject(
proto_attribute, u'stores', self._stores)
self._proto_object = proto
self._proto_string = proto.SerializeToString()
self._serializer = protobuf_serializer.ProtobufPreprocessObjectSerializer
