def Collect(self, knowledge_base): """Collects values from the knowledge base. Args: knowledge_base (KnowledgeBase): to fill with preprocessing information. Raises: PreProcessFail: if the preprocessing fails. """ environment_variable = knowledge_base.GetEnvironmentVariable( 'programdata') allusersprofile = getattr(environment_variable, 'value', None) if not allusersprofile: environment_variable = knowledge_base.GetEnvironmentVariable( 'allusersprofile') allusersprofile = getattr(environment_variable, 'value', None) if allusersprofile: environment_variable = artifacts.EnvironmentVariableArtifact( case_sensitive=False, name='programdata', value=allusersprofile) try: logger.debug( 'setting environment variable: {0:s} to: "{1:s}"'. format('programdata', allusersprofile)) knowledge_base.AddEnvironmentVariable(environment_variable) except KeyError: # TODO: add and store preprocessing errors. pass
def _ParseValueData(self, knowledge_base, value_data): """Parses Windows Registry value data for a preprocessing attribute. Args: knowledge_base (KnowledgeBase): to fill with preprocessing information. value_data (object): Windows Registry value data. Raises: errors.PreProcessFail: if the preprocessing fails. """ if not isinstance(value_data, str): raise errors.PreProcessFail( 'Unsupported Windows Registry value type: {0!s} for ' 'artifact: {1:s}.'.format(type(value_data), self.ARTIFACT_DEFINITION_NAME)) environment_variable = artifacts.EnvironmentVariableArtifact( case_sensitive=False, name=self._NAME, value=value_data) try: logger.debug( 'setting environment variable: {0:s} to: "{1:s}"'.format( self._NAME, value_data)) knowledge_base.AddEnvironmentVariable(environment_variable) except KeyError: # TODO: add and store preprocessing errors. pass
def _ParsePathSpecification(self, knowledge_base, searcher, file_system, path_specification, path_separator): """Parses artifact file system data for a preprocessing attribute. Args: knowledge_base (KnowledgeBase): to fill with preprocessing information. searcher (dfvfs.FileSystemSearcher): file system searcher to preprocess the file system. file_system (dfvfs.FileSystem): file system to be preprocessed. path_specification (dfvfs.PathSpec): path specification that contains the artifact value data. path_separator (str): path segment separator. Raises: errors.PreProcessFail: if the preprocessing fails. """ relative_path = searcher.GetRelativePath(path_specification) if not relative_path: raise errors.PreProcessFail( 'Unable to read: {0:s} with error: missing relative path'. format(self.ARTIFACT_DEFINITION_NAME)) if path_separator != file_system.PATH_SEPARATOR: relative_path_segments = file_system.SplitPath(relative_path) relative_path = '{0:s}{1:s}'.format( path_separator, path_separator.join(relative_path_segments)) environment_variable = artifacts.EnvironmentVariableArtifact( case_sensitive=False, name=self._NAME, value=relative_path) try: logger.debug( 'setting environment variable: {0:s} to: "{1:s}"'.format( self._NAME, relative_path)) knowledge_base.AddEnvironmentVariable(environment_variable) except KeyError: # TODO: add and store preprocessing errors. pass