def Parse(self, cmd, args, stdout, stderr, return_val, time_taken,
knowledge_base):
"""Parse the dpkg output."""
_ = stderr, time_taken, args, knowledge_base # Unused.
self.CheckReturn(cmd, return_val)
column_lengths = []
i = 0
for i, line in enumerate(stdout.splitlines()):
if line.startswith("+++-"):
# This is a special header line that determines column size.
for col in line.split("-")[1:]:
if not re.match("=*", col):
raise parsers.ParseError(
"Invalid header parsing for %s at line "
"%s" % (cmd, i))
column_lengths.append(len(col))
break
if column_lengths:
remaining_lines = stdout.splitlines()[i + 1:]
for i, line in enumerate(remaining_lines):
cols = line.split(None, len(column_lengths))
# Installed, Name, Version, Architecture, Description
status, name, version, arch, desc = cols
# Status is potentially 3 columns, but always at least two, desired and
# actual state. We only care about actual state.
if status[1] == "i":
status = rdfvalue.SoftwarePackage.InstallState.INSTALLED
else:
status = rdfvalue.SoftwarePackage.InstallState.UNKNOWN
yield rdfvalue.SoftwarePackage(name=name,
description=desc,
version=version,
architecture=arch,
install_state=status)
def Parse(self, query, result, knowledge_base):
"""Parse the wmi packages output."""
_ = query, knowledge_base
status = rdfvalue.SoftwarePackage.InstallState.INSTALLED
soft = rdfvalue.SoftwarePackage(name=result["Name"],
description=result["Description"],
version=result["Version"],
install_state=status)
yield soft
def Parse(self, cmd, args, stdout, stderr, return_val, time_taken,
knowledge_base):
_ = cmd, args, stdout, stderr, return_val, time_taken, knowledge_base
installed = rdfvalue.SoftwarePackage.InstallState.INSTALLED
soft = rdfvalue.SoftwarePackage(name="Package1", description="Desc1",
version="1", architecture="amd64",
install_state=installed)
yield soft
soft = rdfvalue.SoftwarePackage(name="Package2", description="Desc2",
version="1", architecture="i386",
install_state=installed)
yield soft
# Also yield something random so we can test return type filtering.
yield rdfvalue.StatEntry()
# Also yield an anomaly to test that.
yield rdfvalue.Anomaly(type="PARSER_ANOMALY",
symptom="could not parse gremlins.")
def Parse(self, query, result, knowledge_base):
"""Parse the wmi packages output."""
_ = query, knowledge_base
status = rdfvalue.SoftwarePackage.InstallState.INSTALLED
result = result.ToDict()
# InstalledOn comes back in a godawful format such as '7/10/2013'.
installed_on = time_utils.AmericanDateToEpoch(
result.get("InstalledOn", ""))
soft = rdfvalue.SoftwarePackage(name=result.get("HotFixID"),
description=result.get("Caption"),
installed_by=result.get("InstalledBy"),
install_state=status,
installed_on=installed_on)
yield soft
def Parse(self, stat, file_object, knowledge_base):
"""Parse the status file."""
_, _ = stat, knowledge_base
try:
for pkg in deb822.Packages.iter_paragraphs(file_object):
if self.installed_re.match(pkg["Status"]):
soft = rdfvalue.SoftwarePackage(
name=pkg["Package"],
description=pkg["Description"],
version=pkg["Version"],
architecture=pkg["Architecture"],
publisher=pkg["Maintainer"],
install_state="INSTALLED")
yield soft
except SystemError:
yield rdfvalue.Anomaly(type="PARSER_ANOMALY",
symptom="Invalid dpkg status file")