def WriteSerializedDictObject(cls, proto_attribute, attribute_name, dict_object): """Writes a dictionary event attribute to serialized form. Args: proto_attribute: a protobuf attribute object. attribute_name: the name of the attribute. ditctobject: a dictionary object that is the value of the attribute. Raises: AttributeError: if the attribute cannot be merged with the dictionary. """ dict_proto = plaso_storage_pb2.Dict() for dict_key, dict_value in iter(dict_object.items()): dict_proto_add = dict_proto.attributes.add() cls.WriteSerializedObject(dict_proto_add, dict_key, dict_value) dict_attribute = getattr(proto_attribute, attribute_name) try: dict_attribute.MergeFrom(dict_proto) except AttributeError as exception: raise AttributeError( u'Unable to merge attribute: {0:s} with error: {1:s}'.format( attribute_name, exception))
def ReadSerialized(cls, serialized): """Reads a path filter from serialized form. Args: serialized: an object containing the serialized form. Returns: A collection information object (instance of CollectionInformation). """ proto = plaso_storage_pb2.Dict() proto.ParseFromString(serialized) return cls.ReadSerializedObject(proto)
def WriteSerializedObject(cls, analysis_report): """Writes an analysis report to serialized form. Args: analysis_report: an analysis report (instance of AnalysisReport). Returns: A protobuf object containing the serialized form (instance of plaso_storage_pb2.AnalysisReport). """ proto = plaso_storage_pb2.AnalysisReport() for attribute_name, attribute_value in analysis_report.GetAttributes(): if attribute_value is None: continue if attribute_name == u'_event_tags': for event_tag in attribute_value: event_tag_proto = ProtobufEventTagSerializer.WriteSerializedObject( event_tag) # pylint: disable=protected-access proto._event_tags.MergeFrom(event_tag_proto) elif attribute_name == u'images': for image in attribute_value: proto.images.append(image) elif attribute_name == u'report_array': list_proto = plaso_storage_pb2.Array() for value in getattr(analysis_report, u'report_array', []): sub_proto = list_proto.values.add() ProtobufEventAttributeSerializer.WriteSerializedObject( sub_proto, u'', value) proto.report_array.MergeFrom(list_proto) elif attribute_name == u'report_dict': dict_proto = plaso_storage_pb2.Dict() dict_object = getattr(analysis_report, u'report_dict', {}) for key, value in iter(dict_object.items()): sub_proto = dict_proto.attributes.add() ProtobufEventAttributeSerializer.WriteSerializedObject( sub_proto, key, value) proto.report_dict.MergeFrom(dict_proto) else: setattr(proto, attribute_name, attribute_value) return proto
def WriteSerializedDictObject( cls, proto_attribute, attribute_name, dict_object): """Writes a dictionary event attribute to serialized form. Args: proto_attribute: a protobuf attribute object. attribute_name: the name of the attribute. ditctobject: a dictionary object that is the value of the attribute. """ dict_proto = plaso_storage_pb2.Dict() for dict_key, dict_value in dict_object.items(): dict_proto_add = dict_proto.attributes.add() cls.WriteSerializedObject(dict_proto_add, dict_key, dict_value) dict_attribute = getattr(proto_attribute, attribute_name) dict_attribute.MergeFrom(dict_proto)
def WriteSerializedObject(cls, collection_information_object): """Writes a collection information object to serialized form. Args: collection_information_object: a collection information object (instance of CollectionInformation). Returns: A protobuf object containing the serialized form (instance of plaso_storage_pb2.Dict). Raises: RuntimeError: when the collection information object is malformed. """ if not hasattr(collection_information_object, u'GetValues'): raise RuntimeError( u'Unable to serialize collection information, missing value getting.' ) if not hasattr(collection_information_object, u'AddCounter'): raise RuntimeError( u'Unable to serialize collection information, missing counters.' ) proto = plaso_storage_pb2.Dict() dict_object = collection_information_object.GetValueDict() for key, value in iter(dict_object.items()): attribute = proto.attributes.add() if u'zone' in key and not isinstance(value, basestring): value = getattr(value, u'zone', u'{0!s}'.format(value)) ProtobufEventAttributeSerializer.WriteSerializedObject( attribute, key, value) if collection_information_object.HasCounters(): attribute = proto.attributes.add() counter_dict = dict(collection_information_object.GetCounters()) ProtobufEventAttributeSerializer.WriteSerializedObject( attribute, collection_information_object.RESERVED_COUNTER_KEYWORD, counter_dict) return proto
def WriteSerializedObject(cls, analysis_report): """Writes an analysis report to serialized form. Args: analysis_report: an analysis report (instance of AnalysisReport). Returns: A protobuf object containing the serialized form (instance of plaso_storage_pb2.AnalysisReport). """ proto = plaso_storage_pb2.AnalysisReport() proto.time_compiled = getattr(analysis_report, u'time_compiled', 0) plugin_name = getattr(analysis_report, u'plugin_name', None) if plugin_name: proto.plugin_name = plugin_name proto.text = getattr(analysis_report, u'text', u'N/A') for image in getattr(analysis_report, u'images', []): proto.images.append(image) if hasattr(analysis_report, u'report_dict'): dict_proto = plaso_storage_pb2.Dict() dict_object = getattr(analysis_report, u'report_dict', {}) for key, value in iter(dict_object.items()): sub_proto = dict_proto.attributes.add() ProtobufEventAttributeSerializer.WriteSerializedObject( sub_proto, key, value) proto.report_dict.MergeFrom(dict_proto) if hasattr(analysis_report, u'report_array'): list_proto = plaso_storage_pb2.Array() for value in getattr(analysis_report, u'report_array', []): sub_proto = list_proto.values.add() ProtobufEventAttributeSerializer.WriteSerializedObject( sub_proto, u'', value) proto.report_array.MergeFrom(list_proto) return proto
def setUp(self): """Makes preparations before running an individual test.""" self._report_dict = { u'dude': [ [u'Google Keep - notes and lists', u'hmjkmjkepdijhoojdojkdfohbdgmmhki'] ], u'frank': [ [u'YouTube', u'blpcfgokakmgnkcojhhkbfbldkacnbeo'], [u'Google Play Music', u'icppfcnhkcmnfdhfhphakoifcfokfdhg'] ] } self._report_text = ( u' == USER: dude ==\n' u' Google Keep - notes and lists [hmjkmjkepdijhoojdojkdfohbdgmmhki]\n' u'\n' u' == USER: frank ==\n' u' Google Play Music [icppfcnhkcmnfdhfhphakoifcfokfdhg]\n' u' YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo]\n' u'\n') attribute_serializer = protobuf_serializer.ProtobufEventAttributeSerializer proto = plaso_storage_pb2.AnalysisReport() dict_proto = plaso_storage_pb2.Dict() for key, value in iter(self._report_dict.items()): sub_proto = dict_proto.attributes.add() attribute_serializer.WriteSerializedObject(sub_proto, key, value) proto.report_dict.MergeFrom(dict_proto) # TODO: add report_array, _anomalies and _tags tests. proto.plugin_name = u'chrome_extension_test' proto.text = self._report_text proto.time_compiled = 1431978243000000 self._proto_string = proto.SerializeToString() self._serializer = protobuf_serializer.ProtobufAnalysisReportSerializer