def _ParseESEDBFileWithPlugin( self, path_segments, plugin, knowledge_base_values=None): """Parses a file as an ESE database file and returns an event generator. Args: path_segments (list[str]): path segments inside the test data directory. plugin (ESEDBPlugin): ESE database plugin. knowledge_base_values (Optional[dict[str, object]]): knowledge base values. Returns: FakeStorageWriter: storage writer. """ session = sessions.Session() storage_writer = fake_writer.FakeStorageWriter(session) storage_writer.Open() file_entry = self._GetTestFileEntry(path_segments) parser_mediator = self._CreateParserMediator( storage_writer, file_entry=file_entry, knowledge_base_values=knowledge_base_values) file_object = file_entry.GetFileObject() try: esedb_file = pyesedb.file() esedb_file.open_file_object(file_object) cache = esedb.ESEDBCache() plugin.Process(parser_mediator, cache=cache, database=esedb_file) esedb_file.close() finally: file_object.close() return storage_writer
def _ParseESEDBFileWithPlugin(self, path_segments, plugin, knowledge_base_values=None): """Parses a file as an ESE database file and returns an event generator. This method will first test if an ESE database contains the required tables using plugin.CheckRequiredTables() and then extracts events using plugin.Process(). Args: path_segments (list[str]): path segments inside the test data directory. plugin (ESEDBPlugin): ESE database plugin. knowledge_base_values (Optional[dict[str, object]]): knowledge base values. Returns: FakeStorageWriter: storage writer. """ session = sessions.Session() storage_writer = fake_writer.FakeStorageWriter(session) storage_writer.Open() file_entry = self._GetTestFileEntry(path_segments) parser_mediator = self._CreateParserMediator( storage_writer, file_entry=file_entry, knowledge_base_values=knowledge_base_values) file_object = file_entry.GetFileObject() try: database = esedb.ESEDatabase() database.Open(file_object) required_tables_exist = plugin.CheckRequiredTables(database) self.assertTrue(required_tables_exist) cache = esedb.ESEDBCache() plugin.Process(parser_mediator, cache=cache, database=database) database.Close() finally: file_object.close() return storage_writer
def _ParseESEDBFileWithPlugin(self, path_segments, plugin_object, knowledge_base_values=None): """Parses a file as an ESE database file and returns an event generator. Args: path_segments: a list of strings containinge the path segments inside the test data directory. plugin_object: an ESE database plugin object (instance of ESEDBPlugin). knowledge_base_values: optional dictionary containing the knowledge base values. Returns: A storage writer object (instance of FakeStorageWriter). """ session = sessions.Session() storage_writer = fake_storage.FakeStorageWriter(session) storage_writer.Open() file_entry = self._GetTestFileEntry(path_segments) parser_mediator = self._CreateParserMediator( storage_writer, file_entry=file_entry, knowledge_base_values=knowledge_base_values) file_object = file_entry.GetFileObject() try: esedb_file = pyesedb.file() esedb_file.open_file_object(file_object) cache = esedb.ESEDBCache() plugin_object.Process(parser_mediator, cache=cache, database=esedb_file) esedb_file.close() finally: file_object.close() return storage_writer