def WriteSerializedListObject(cls, proto_attribute, attribute_name, list_object): """Writes a list event attribute to serialized form. Args: proto_attribute: a protobuf attribute object. attribute_name: the name of the attribute. list_object: a list object that is the value of the attribute. Raises: AttributeError: if the attribute cannot be merged with the list. """ list_proto = plaso_storage_pb2.Array() for list_value in list_object: list_proto_add = list_proto.values.add() cls.WriteSerializedObject(list_proto_add, u'', list_value) list_attribute = getattr(proto_attribute, attribute_name) try: list_attribute.MergeFrom(list_proto) except AttributeError as exception: raise AttributeError( u'Unable to merge attribute: {0:s} with error: {1:s}'.format( attribute_name, exception))
def WriteSerializedObject(cls, preprocess_object): """Writes a preprocessing object to serialized form. Args: preprocess_object: a preprocessing object (instance of PreprocessObject). Returns: A protobuf object containing the serialized form (instance of plaso_storage_pb2.PreProcess). """ proto = plaso_storage_pb2.PreProcess() for attribute, value in iter(preprocess_object.__dict__.items()): if value is None: continue if attribute == u'collection_information': zone = value.get(u'configured_zone', u'') if zone and hasattr(zone, u'zone'): value[u'configured_zone'] = u'{0:s}'.format(zone.zone) ProtobufEventAttributeSerializer.WriteSerializedDictObject( proto, u'collection_information', value) elif attribute == u'counter': value_dict = dict(value.items()) ProtobufEventAttributeSerializer.WriteSerializedDictObject( proto, u'counter', value_dict) elif attribute == u'plugin_counter': value_dict = dict(value.items()) ProtobufEventAttributeSerializer.WriteSerializedDictObject( proto, u'plugin_counter', value_dict) elif attribute == u'store_range': range_proto = plaso_storage_pb2.Array() range_start = range_proto.values.add() range_start.integer = int(value[0]) range_end = range_proto.values.add() range_end.integer = int(value[-1]) proto.store_range.MergeFrom(range_proto) else: if attribute == u'zone': value = u'{0:s}'.format(value.zone) if isinstance(value, (bool, float, py2to3.INTEGER_TYPES)) or value: proto_attribute = proto.attributes.add() ProtobufEventAttributeSerializer.WriteSerializedObject( proto_attribute, attribute, value) return proto
def WriteSerializedObject(cls, analysis_report): """Writes an analysis report to serialized form. Args: analysis_report: an analysis report (instance of AnalysisReport). Returns: A protobuf object containing the serialized form (instance of plaso_storage_pb2.AnalysisReport). """ proto = plaso_storage_pb2.AnalysisReport() for attribute_name, attribute_value in analysis_report.GetAttributes(): if attribute_value is None: continue if attribute_name == u'_event_tags': for event_tag in attribute_value: event_tag_proto = ProtobufEventTagSerializer.WriteSerializedObject( event_tag) # pylint: disable=protected-access proto._event_tags.MergeFrom(event_tag_proto) elif attribute_name == u'images': for image in attribute_value: proto.images.append(image) elif attribute_name == u'report_array': list_proto = plaso_storage_pb2.Array() for value in getattr(analysis_report, u'report_array', []): sub_proto = list_proto.values.add() ProtobufEventAttributeSerializer.WriteSerializedObject( sub_proto, u'', value) proto.report_array.MergeFrom(list_proto) elif attribute_name == u'report_dict': dict_proto = plaso_storage_pb2.Dict() dict_object = getattr(analysis_report, u'report_dict', {}) for key, value in iter(dict_object.items()): sub_proto = dict_proto.attributes.add() ProtobufEventAttributeSerializer.WriteSerializedObject( sub_proto, key, value) proto.report_dict.MergeFrom(dict_proto) else: setattr(proto, attribute_name, attribute_value) return proto
def WriteSerializedListObject( cls, proto_attribute, attribute_name, list_object): """Writes a list event attribute to serialized form. Args: proto_attribute: a protobuf attribute object. attribute_name: the name of the attribute. list_object: a list object that is the value of the attribute. """ list_proto = plaso_storage_pb2.Array() for list_value in list_object: list_proto_add = list_proto.values.add() cls.WriteSerializedObject(list_proto_add, '', list_value) list_attribute = getattr(proto_attribute, attribute_name) list_attribute.MergeFrom(list_proto)
def WriteSerializedObject(cls, pre_obj): """Writes a preprocessing object to serialized form. Args: pre_obj: a preprocessing object (instance of PreprocessObject). Returns: A protobuf object containing the serialized form (instance of plaso_storage_pb2.PreProcess). """ proto = plaso_storage_pb2.PreProcess() for attribute, value in pre_obj.__dict__.items(): if attribute == 'collection_information': zone = value.get('configured_zone', '') if zone and hasattr(zone, 'zone'): value['configured_zone'] = zone.zone ProtobufEventAttributeSerializer.WriteSerializedDictObject( proto, 'collection_information', value) elif attribute == 'counter': value_dict = dict(value.items()) ProtobufEventAttributeSerializer.WriteSerializedDictObject( proto, 'counter', value_dict) elif attribute == 'plugin_counter': value_dict = dict(value.items()) ProtobufEventAttributeSerializer.WriteSerializedDictObject( proto, 'plugin_counter', value_dict) elif attribute == 'store_range': range_proto = plaso_storage_pb2.Array() range_start = range_proto.values.add() range_start.integer = int(value[0]) range_end = range_proto.values.add() range_end.integer = int(value[-1]) proto.store_range.MergeFrom(range_proto) else: if attribute == 'zone': value = value.zone if isinstance(value, (bool, int, float, long)) or value: proto_attribute = proto.attributes.add() ProtobufEventAttributeSerializer.WriteSerializedObject( proto_attribute, attribute, value) return proto
def WriteSerializedObject(cls, analysis_report): """Writes an analysis report to serialized form. Args: analysis_report: an analysis report (instance of AnalysisReport). Returns: A protobuf object containing the serialized form (instance of plaso_storage_pb2.AnalysisReport). """ proto = plaso_storage_pb2.AnalysisReport() proto.time_compiled = getattr(analysis_report, u'time_compiled', 0) plugin_name = getattr(analysis_report, u'plugin_name', None) if plugin_name: proto.plugin_name = plugin_name proto.text = getattr(analysis_report, u'text', u'N/A') for image in getattr(analysis_report, u'images', []): proto.images.append(image) if hasattr(analysis_report, u'report_dict'): dict_proto = plaso_storage_pb2.Dict() dict_object = getattr(analysis_report, u'report_dict', {}) for key, value in iter(dict_object.items()): sub_proto = dict_proto.attributes.add() ProtobufEventAttributeSerializer.WriteSerializedObject( sub_proto, key, value) proto.report_dict.MergeFrom(dict_proto) if hasattr(analysis_report, u'report_array'): list_proto = plaso_storage_pb2.Array() for value in getattr(analysis_report, u'report_array', []): sub_proto = list_proto.values.add() ProtobufEventAttributeSerializer.WriteSerializedObject( sub_proto, u'', value) proto.report_array.MergeFrom(list_proto) return proto
def setUp(self): """Makes preparations before running an individual test.""" parsers = [ u'esedb', u'chrome_preferences', u'winfirewall', u'android_app_usage', u'selinux', u'recycle_bin', u'pls_recall', u'filestat', u'sqlite', u'cups_ipp', u'winiis', u'lnk', u'rplog', u'symantec_scanlog', u'recycle_bin_info2', u'winevtx', u'plist', u'bsm_log', u'mac_keychain', u'pcap', u'mac_securityd', u'utmp', u'pe', u'asl_log', u'opera_global', u'custom_destinations', u'chrome_cache', u'popularity_contest', u'prefetch', u'winreg', u'msiecf', u'bencode', u'skydrive_log', u'openxml', u'xchatscrollback', u'utmpx', u'binary_cookies', u'syslog', u'hachoir', u'opera_typed_history', u'winevt', u'mac_appfirewall_log', u'winjob', u'olecf', u'xchatlog', u'macwifi', u'mactime', u'java_idx', u'firefox_cache', u'mcafee_protection', u'skydrive_log_error'] self._collection_information = { u'cmd_line': ( u'/usr/bin/log2timeline.py pinfo_test.out tsk_volume_system.raw'), u'configured_zone': u'UTC', u'debug': False, u'file_processed': u'/tmp/tsk_volume_system.raw', u'image_offset': 180224, u'method': u'imaged processed', u'os_detected': u'N/A', u'output_file': u'pinfo_test.out', u'parser_selection': u'(no list set)', u'parsers': parsers, u'preferred_encoding': u'utf-8', u'preprocess': True, u'protobuf_size': 0, u'recursive': False, u'runtime': u'multi process mode', u'time_of_run': 1430290411000000, u'version': u'1.2.1_20150424', u'vss parsing': False, u'workers': 0 } self._stores = { u'Number': 1, u'Store 1': { u'count': 3, u'data_type': [u'fs:stat'], u'parsers': [u'filestat'], u'range': [1387891912000000, 1387891912000000], u'type_count': [[u'fs:stat', 3]], u'version': 1 } } self._counter = collections.Counter() self._counter[u'filestat'] = 3 self._counter[u'total'] = 3 self._plugin_counter = collections.Counter() attribute_serializer = protobuf_serializer.ProtobufEventAttributeSerializer # Warning the order in which the attributes are added to the protobuf # matters for the test. proto = plaso_storage_pb2.PreProcess() attribute_serializer.WriteSerializedDictObject( proto, u'collection_information', self._collection_information) attribute_serializer.WriteSerializedDictObject( proto, u'counter', self._counter) proto_attribute = proto.attributes.add() attribute_serializer.WriteSerializedObject( proto_attribute, u'guessed_os', u'None') attribute_serializer.WriteSerializedDictObject( proto, u'plugin_counter', self._plugin_counter) # Add the store_range attribute. range_proto = plaso_storage_pb2.Array() range_start = range_proto.values.add() range_start.integer = 1 range_end = range_proto.values.add() range_end.integer = 1 proto.store_range.MergeFrom(range_proto) proto_attribute = proto.attributes.add() attribute_serializer.WriteSerializedObject( proto_attribute, u'zone', u'{0!s}'.format(pytz.UTC)) proto_attribute = proto.attributes.add() attribute_serializer.WriteSerializedObject( proto_attribute, u'stores', self._stores) self._proto_object = proto self._proto_string = proto.SerializeToString() self._serializer = protobuf_serializer.ProtobufPreprocessObjectSerializer