def _ParseFileEntry(self, knowledge_base, file_entry):
"""Parses artifact file system data for a preprocessing attribute.
Args:
knowledge_base (KnowledgeBase): to fill with preprocessing information.
file_entry (dfvfs.FileEntry): file entry that contains the artifact
value data.
Raises:
errors.PreProcessFail: if the preprocessing fails.
"""
if file_entry.link:
# Determine the timezone based on the file path.
_, _, time_zone = file_entry.link.partition('zoneinfo/')
else:
# Determine the timezone based on the timezone information file.
file_object = file_entry.GetFileObject()
time_zone = None
try:
time_zone_file = tz.tzfile(file_object)
date_time = datetime.datetime(2017, 1, 1)
time_zone = time_zone_file.tzname(date_time)
except ValueError:
# TODO: add and store preprocessing errors.
logger.error('Unable to read time zone information file.')
finally:
file_object.close()
# TODO: check if time zone is set in knowledge base.
if time_zone:
try:
knowledge_base.SetTimeZone(time_zone)
except ValueError:
# TODO: add and store preprocessing errors.
logger.error('Unable to set time zone in knowledge base.')
def _ParseFileEntry(self, knowledge_base, file_entry):
"""Parses artifact file system data for a preprocessing attribute.
Args:
knowledge_base (KnowledgeBase): to fill with preprocessing information.
file_entry (dfvfs.FileEntry): file entry that contains the artifact
value data.
Raises:
errors.PreProcessFail: if the preprocessing fails.
"""
if file_entry.link:
# Determine the timezone based on the file path.
_, _, time_zone = file_entry.link.partition('zoneinfo/')
else:
# Determine the timezone based on the timezone information file.
file_object = file_entry.GetFileObject()
time_zone = None
try:
time_zone_file = tz.tzfile(file_object)
date_time = datetime.datetime(2017, 1, 1)
time_zone = time_zone_file.tzname(date_time)
except ValueError:
# TODO: add and store preprocessing errors.
logger.error('Unable to read time zone information file.')
finally:
file_object.close()
# TODO: check if time zone is set in knowledge base.
if time_zone:
try:
knowledge_base.SetTimeZone(time_zone)
except ValueError:
# TODO: add and store preprocessing errors.
logger.error('Unable to set time zone in knowledge base.')
def _ParseFileData(self, knowledge_base, file_object):
"""Parses file content (data) for user account preprocessing attributes.
Args:
knowledge_base (KnowledgeBase): to fill with preprocessing information.
file_object (dfvfs.FileIO): file-like object that contains the artifact
value data.
Raises:
errors.PreProcessFail: if the preprocessing fails.
"""
line_reader = line_reader_file.BinaryLineReader(file_object)
try:
reader = line_reader_file.BinaryDSVReader(line_reader, b':')
except csv.Error as exception:
raise errors.PreProcessFail(
'Unable to read: {0:s} with error: {1!s}'.format(
self.ARTIFACT_DEFINITION_NAME, exception))
for row in reader:
if len(row) < 7 or not row[0] or not row[2]:
# TODO: add and store preprocessing errors.
continue
try:
username = row[0].decode('utf-8')
except UnicodeDecodeError:
# TODO: add and store preprocessing errors.
logger.error('Unable to decode username.')
continue
try:
identifier = row[2].decode('utf-8')
except UnicodeDecodeError:
# TODO: add and store preprocessing errors.
logger.error('Unable to decode identifier.')
continue
group_identifier = None
if row[3]:
try:
group_identifier = row[3].decode('utf-8')
except UnicodeDecodeError:
# TODO: add and store preprocessing errors.
logger.error('Unable to decode group identifier.')
full_name = None
if row[4]:
try:
full_name = row[4].decode('utf-8')
except UnicodeDecodeError:
# TODO: add and store preprocessing errors.
logger.error('Unable to decode full name.')
user_directory = None
if row[5]:
try:
user_directory = row[5].decode('utf-8')
except UnicodeDecodeError:
# TODO: add and store preprocessing errors.
logger.error('Unable to decode user directory.')
shell = None
if row[6]:
try:
shell = row[6].decode('utf-8')
except UnicodeDecodeError:
# TODO: add and store preprocessing errors.
logger.error('Unable to decode shell.')
user_account = artifacts.UserAccountArtifact(identifier=identifier,
username=username)
user_account.group_identifier = group_identifier
user_account.full_name = full_name
user_account.user_directory = user_directory
user_account.shell = shell
try:
knowledge_base.AddUserAccount(user_account)
except KeyError:
# TODO: add and store preprocessing errors.
pass
def _ParseFileData(self, knowledge_base, file_object):
"""Parses file content (data) for user account preprocessing attributes.
Args:
knowledge_base (KnowledgeBase): to fill with preprocessing information.
file_object (dfvfs.FileIO): file-like object that contains the artifact
value data.
Raises:
errors.PreProcessFail: if the preprocessing fails.
"""
line_reader = line_reader_file.BinaryLineReader(file_object)
try:
reader = line_reader_file.BinaryDSVReader(line_reader, b':')
except csv.Error as exception:
raise errors.PreProcessFail(
'Unable to read: {0:s} with error: {1!s}'.format(
self.ARTIFACT_DEFINITION_NAME, exception))
for row in reader:
if len(row) < 7 or not row[0] or not row[2]:
# TODO: add and store preprocessing errors.
continue
try:
username = row[0].decode('utf-8')
except UnicodeDecodeError:
# TODO: add and store preprocessing errors.
logger.error('Unable to decode username.')
continue
try:
identifier = row[2].decode('utf-8')
except UnicodeDecodeError:
# TODO: add and store preprocessing errors.
logger.error('Unable to decode identifier.')
continue
group_identifier = None
if row[3]:
try:
group_identifier = row[3].decode('utf-8')
except UnicodeDecodeError:
# TODO: add and store preprocessing errors.
logger.error('Unable to decode group identifier.')
full_name = None
if row[4]:
try:
full_name = row[4].decode('utf-8')
except UnicodeDecodeError:
# TODO: add and store preprocessing errors.
logger.error('Unable to decode full name.')
user_directory = None
if row[5]:
try:
user_directory = row[5].decode('utf-8')
except UnicodeDecodeError:
# TODO: add and store preprocessing errors.
logger.error('Unable to decode user directory.')
shell = None
if row[6]:
try:
shell = row[6].decode('utf-8')
except UnicodeDecodeError:
# TODO: add and store preprocessing errors.
logger.error('Unable to decode shell.')
user_account = artifacts.UserAccountArtifact(
identifier=identifier, username=username)
user_account.group_identifier = group_identifier
user_account.full_name = full_name
user_account.user_directory = user_directory
user_account.shell = shell
try:
knowledge_base.AddUserAccount(user_account)
except KeyError:
# TODO: add and store preprocessing errors.
pass