Python NodeUtilsの例

プログラミング言語: Python

名前空間/パッケージ名: Workflow

クラス/型: NodeUtils

hotexamples.comのコード掲載数: 6

Python NodeUtils - 6件のコード例が見つかりました。すべてオープンソースプロジェクトから抽出されたPythonのWorkflow.NodeUtilsの実例で、最も評価が高いものを厳選しています。コード例の評価を行っていただくことで、より質の高いコード例が表示されるようになります。

よく使われるメソッド

表示非表示

get_attribute_value(3)

get_element_value(3)

get_readable_value(3)

has_resident_template(2)

コード例 #1

ファイルを表示

    def execute(self, record, element, root):
        old_value_node = NodeUtils.get_element_value(element)
        old_value = NodeUtils.get_readable_value(old_value_node, root)

        try:
            new_value = int(old_value) + self.new_value
            self.new_value = new_value
        except:
            raise TypeError("Value could not be incremented.")

        super(IncrementElementValueStep, self).execute(record, element, root)

コード例 #2

ファイルを表示

    def execute(self, record, element, root):
        old_value_node = NodeUtils.get_attribute_value(element,
                                                       self.attribute_name)
        old_value = NodeUtils.get_readable_value(old_value_node, root)
        old_value_dt = datetime.datetime.strptime(old_value,
                                                  "%Y-%m-%d %H:%M:%S.%f")

        self.new_value = old_value_dt.replace(
            tzinfo=datetime.timezone.utc) + self.timedelta

        super(IncrementTimestampStep, self).execute(record, element, root)

コード例 #3

ファイルを表示

ファイル: DeleteRecordStep.py プロジェクト: cledge/fakenevtx

    def execute(self, record):

        record_size = record.length()
        chunk = record.chunk()
        fh = self._dest_evtx.get_file_header()

        move_template = False

        # TODO Removing of residents templates
        resident_templates = NodeUtils.has_resident_template(record)
        if len(resident_templates) > 0:
            # TODO implement resident template steps
            # TODO copy template to new position
            # TODO reload EVTX?

            logger.error("Records with resident templates cannot be deleted (Record {0})".format(record.record_num()))
            return

        for cur_chunk in fh.chunks():
            for cur_record in cur_chunk.records():
                if cur_record.record_num() > record.record_num():
                    # repair field EventRecordId
                    if self.repair_eventrecord_id:
                        element, root = FilterUtils.get_elements_from_record(cur_record, elementName="EventRecordID")[0]
                        old_value_node = NodeUtils.get_element_value(element)
                        old_value = NodeUtils.get_readable_value(old_value_node, root)
                        old, new = WriteUtils.modify_value(self._dest_evtx, int(old_value) - 1, old_value_node, element, root, record)

                    # repair internal record number
                    cur_record.set_field("qword", "record_num", cur_record.record_num() - 1)

            if cur_chunk.file_last_record_number() > record.record_num():
                cur_chunk.set_field("qword", "file_last_record_number", cur_chunk.file_last_record_number() - 1)
            if cur_chunk.file_first_record_number() > record.record_num():
                cur_chunk.set_field("qword", "file_first_record_number", cur_chunk.file_first_record_number() - 1)
            if cur_chunk.log_last_record_number() > record.record_num():
                cur_chunk.set_field("qword", "log_last_record_number", cur_chunk.log_last_record_number() - 1)
            if cur_chunk.log_first_record_number() > record.record_num():
                cur_chunk.set_field("qword", "log_first_record_number", cur_chunk.log_first_record_number() - 1)
            cur_chunk.repair_header()

        WriteUtils.repair_offsets(self._dest_evtx, record_size * -1, record.offset(), None, record, repair_header=False)

        # delete record
        record.move_buffer(record_size, 0, max_offset=chunk.offset() + 65536, fill_zero=True)

        # repair chunk header
        chunk.repair_tables(record.offset(), record_size * -1)
        chunk.repair_header(record.offset(), record_size * -1)
        fh.set_field("qword", "next_record_number", fh.next_record_number() - 1)
        fh.repair_checksum()

コード例 #4

ファイルを表示

 def execute(self, record, element, root):
     old_value_node = NodeUtils.get_attribute_value(
         element, attribute_name=self.attribute_name)
     old, new = WriteUtils.modify_value(self._dest_evtx, self.new_value,
                                        old_value_node, element, root,
                                        record)
     logger.info(
         "Changed value of element <{0} {1}={2} from {3} to {4}".format(
             element.tag_name(), self.attribute_name, self.attribute_value,
             old, new))

コード例 #5

ファイルを表示

ファイル: WriteUtils.py プロジェクト: cledge/fakenevtx

def prepare_resident_template_moving(src_evtx, old_record,
                                     resident_template_nodes):
    chunk = old_record.chunk()
    fh = src_evtx.get_file_header()
    # TODO update TemplateTable
    # TODO update record size
    # TODO update References to Template (Offsets)
    if not isinstance(src_evtx, evtx.Evtx):
        logger.error("No evtx provided. Aborting...")
        raise TypeError("No evtx provided. Aborting...")

    # for each resident template node in original record
    reference_template_nodes_per_template = {}
    for template_instance_node in resident_template_nodes:
        if isinstance(template_instance_node, TemplateInstanceNode):
            template_node = template_instance_node.template()
            template_id = template_node.template_id()
            template_length = template_node.data_length()

            # find templates referring to current resident template
            reference_template_nodes = {}
            for cur_record in chunk.records():
                if cur_record.record_num() > old_record.record_num():
                    tmp_reference_template_nodes = NodeUtils.has_resident_template(
                        cur_record,
                        find_residents=False,
                        find_non_residents=True,
                        template_id=template_id)
                    if len(tmp_reference_template_nodes) > 0:
                        reference_template_nodes[cur_record.record_num(
                        )] = tmp_reference_template_nodes

            reference_template_nodes_per_template[
                template_id] = reference_template_nodes

            # TODO copy from target to src
    for a, b in reference_template_nodes_per_template.items():
        # target record for resident template is first record referring to old resident template
        target_record = fh.get_record(min(b.keys()))
        target_template = b[target_record.record_num()][0]
        # TODO calculate new
        new_template_offset = target_template.offset(
        ) + target_template._off_template_offset + 4 - chunk.offset()
        for k, v in b.items():
            for ref_template_node in v:
                if isinstance(ref_template_node, TemplateInstanceNode):
                    ref_template_node.set_field("dword", "template_offset",
                                                new_template_offset)
                    continue

    pass

コード例 #6

ファイルを表示

    def execute(self, record, element, root):
        """
        Executes the ModifyElementValueStep

        :param record: Record to be manipulated
        :param element: BinXmlNode to be manipulated
        :param root: RootNode of element
        """
        old_value_node = NodeUtils.get_element_value(element)
        old, new = WriteUtils.modify_value(self._dest_evtx, self.new_value,
                                           old_value_node, element, root,
                                           record)
        logger.info(
            "Changed value of element <{0} {1}={2} from {3} to {4}".format(
                element.tag_name(), self.attribute_name, self.attribute_value,
                old, new))