def _ProcessData(self, processor, responses, artifact_name, source):
"""Runs parsers over the raw data and maps it to artifact_data types.
Args:
processor: A processor method to use.
responses: One or more response items, depending on whether the processor
uses Parse or ParseMultiple.
artifact_name: The name of the artifact.
source: The origin of the data, if specified.
"""
# Now parse the data and set state.
artifact_data = self.state.host_data.get(artifact_name)
result_iterator = artifact.ApplyParserToResponses(
processor, responses, source, self.state, self.token)
for rdf in result_iterator:
if isinstance(rdf, rdf_anomaly.Anomaly):
artifact_data["ANOMALY"].append(rdf)
else:
artifact_data["PARSER"].append(rdf)
def _ParseResponses(self, processor_obj, responses, responses_obj,
artifact_name, source, aff4_output_map,
output_collection_map):
"""Create a result parser sending different arguments for diff parsers.
Args:
processor_obj: A Processor object that inherits from Parser.
responses: A list of, or single response depending on the processors
process_together setting.
responses_obj: The responses object itself.
artifact_name: Name of the artifact that generated the responses.
source: The source responsible for producing the responses.
aff4_output_map: dict of where to write results in aff4
output_collection_map: dict of collections when splitting by artifact
Raises:
RuntimeError: On bad parser.
"""
_ = responses_obj
result_iterator = artifact.ApplyParserToResponses(
processor_obj, responses, source, self, self.token)
artifact_return_types = self._GetArtifactReturnTypes(source)
if result_iterator:
# If we have a parser, do something with the results it produces.
for result in result_iterator:
result_type = result.__class__.__name__
if result_type == "Anomaly":
if self.args.store_results_in_aff4:
self._StoreAnomaly(result)
self.SendReply(result)
elif not artifact_return_types or result_type in artifact_return_types:
self.state.response_count += 1
self.SendReply(result)
self._WriteResultToSplitCollection(result, artifact_name,
output_collection_map)
if self.args.store_results_in_aff4:
# Write our result back to a mapped location in AFF4 space.
self._WriteResultToMappedAFF4Location(
result, artifact_name, aff4_output_map)