def ParseHeader(table: Any) -> rdf_osquery.OsqueryHeader:
"""Parses header of osquery output.
Args:
table: A table in a "parsed JSON" representation.
Returns:
A parsed `rdf_osquery.OsqueryHeader` instance.
"""
precondition.AssertIterableType(table, dict)
prototype = None # type: List[Text]
for row in table:
columns = list(row.keys())
if prototype is None:
prototype = columns
elif prototype != columns:
message = "Expected columns '{expected}', got '{actual}' for table {json}"
message = message.format(expected=prototype,
actual=columns,
json=table)
raise ValueError(message)
result = rdf_osquery.OsqueryHeader()
for name in prototype or []:
result.columns.append(rdf_osquery.OsqueryColumn(name=name))
return result
def testSimple(self):
header = rdf_osquery.OsqueryHeader()
header.columns.append(rdf_osquery.OsqueryColumn(name="foo"))
header.columns.append(rdf_osquery.OsqueryColumn(name="bar"))
header.columns.append(rdf_osquery.OsqueryColumn(name="baz"))
row = osquery.ParseRow(header, {
"foo": "quux",
"bar": "norf",
"baz": "thud",
})
self.assertEqual(row.values, ["quux", "norf", "thud"])
def testEmpty(self):
header = rdf_osquery.OsqueryHeader()
row = osquery.ParseRow(header, {})
self.assertEqual(row.values, [])
