Python KnowledgeBaseUninitializedError Exemples

Exemple #1

Fichier : artifact.py Projet : zzzzpaul/grr

def GetArtifactKnowledgeBase(client_obj, allow_uninitialized=False):
    """This generates an artifact knowledge base from a GRR client.

  Args:
    client_obj: A GRRClient object which is opened for reading.
    allow_uninitialized: If True we accept an uninitialized knowledge_base.

  Returns:
    A KnowledgeBase semantic value.

  Raises:
    ArtifactProcessingError: If called when the knowledge base has not been
    initialized.
    KnowledgeBaseUninitializedError: If we failed to initialize the knowledge
    base.

  This is needed so that the artifact library has a standardized
  interface to the data that is actually stored in the GRRClient object in
  the GRR datastore.

  We expect that the client KNOWLEDGE_BASE is already filled out through the,
  KnowledgeBaseInitialization flow, but attempt to make some intelligent
  guesses if things failed.
  """
    client_schema = client_obj.Schema
    kb = client_obj.Get(client_schema.KNOWLEDGE_BASE)
    if not allow_uninitialized:
        if not kb:
            raise artifact_lib.KnowledgeBaseUninitializedError(
                "KnowledgeBase empty for %s." % client_obj.urn)
        if not kb.os:
            raise artifact_lib.KnowledgeBaseAttributesMissingError(
                "KnowledgeBase missing OS for %s. Knowledgebase content: %s" %
                (client_obj.urn, kb))
    if not kb:
        kb = client_schema.KNOWLEDGE_BASE()
        SetCoreGRRKnowledgeBaseValues(kb, client_obj)

    if kb.os == "Windows":
        # Add fallback values.
        if not kb.environ_allusersappdata and kb.environ_allusersprofile:
            # Guess if we don't have it already.
            if kb.os_major_version >= 6:
                kb.environ_allusersappdata = u"c:\\programdata"
                kb.environ_allusersprofile = u"c:\\programdata"
            else:
                kb.environ_allusersappdata = (
                    u"c:\\documents and settings\\All Users\\"
                    "Application Data")
                kb.environ_allusersprofile = u"c:\\documents and settings\\All Users"

    return kb

Exemple #2

Fichier : collectors.py Projet : wprelic/grr

    def StartCollection(self, responses):
        """Start collecting."""
        if not responses.success:
            raise artifact_lib.KnowledgeBaseUninitializedError(
                "Attempt to initialize Knowledge Base failed.")

        if not self.state.knowledge_base:
            self.client = aff4.FACTORY.Open(self.client_id, token=self.token)
            # If we are processing the knowledge base, it still won't exist yet.
            self.state.knowledge_base = artifact.GetArtifactKnowledgeBase(
                self.client, allow_uninitialized=True)

        for artifact_name in self.args.artifact_list:
            artifact_obj = self._GetArtifactFromName(artifact_name)

            # Ensure artifact has been written sanely. Note that this could be
            # removed if it turns out to be expensive. Artifact tests should catch
            # these.
            artifact_obj.Validate()

            self.Collect(artifact_obj)