コード例 #1
0
    def setUp(self):
        """Sets up the needed objects used throughout the test."""
        proto = plaso_storage_pb2.EventObject()

        proto.data_type = u'test:event2'
        proto.timestamp = 1234124
        proto.timestamp_desc = u'Written'

        attribute_serializer = protobuf_serializer.ProtobufEventAttributeSerializer

        proto_attribute = proto.attributes.add()
        attribute_serializer.WriteSerializedObject(proto_attribute,
                                                   u'zero_integer', 0)

        proto_attribute = proto.attributes.add()
        dict_object = {
            u'a': u'not b',
            u'c': 34,
            u'list': [u'sf', 234],
            u'an': [234, 32]
        }
        attribute_serializer.WriteSerializedObject(proto_attribute, u'my_dict',
                                                   dict_object)

        proto_attribute = proto.attributes.add()
        tuple_object = (u'some item', [234, 52, 15], {
            u'a': u'not a',
            u'b': u'not b'
        }, 35)
        attribute_serializer.WriteSerializedObject(proto_attribute, u'a_tuple',
                                                   tuple_object)

        proto_attribute = proto.attributes.add()
        list_object = [u'asf', 4234, 2, 54, u'asf']
        attribute_serializer.WriteSerializedObject(proto_attribute, u'my_list',
                                                   list_object)

        proto_attribute = proto.attributes.add()
        attribute_serializer.WriteSerializedObject(proto_attribute,
                                                   u'unicode_string',
                                                   u'And I\'m a unicorn.')

        proto_attribute = proto.attributes.add()
        attribute_serializer.WriteSerializedObject(proto_attribute, u'integer',
                                                   34)

        proto_attribute = proto.attributes.add()
        attribute_serializer.WriteSerializedObject(proto_attribute, u'string',
                                                   u'Normal string')

        proto.uuid = u'5a78777006de4ddb8d7bbe12ab92ccf8'

        self._proto_string = proto.SerializeToString()
        self._serializer = protobuf_serializer.ProtobufEventObjectSerializer
コード例 #2
0
    def ReadSerialized(cls, proto_string):
        """Reads an event object from serialized form.

    Args:
      proto_string: a protobuf string containing the serialized form.

    Returns:
      An event object (instance of EventObject).
    """
        proto = plaso_storage_pb2.EventObject()
        proto.ParseFromString(proto_string)

        return cls.ReadSerializedObject(proto)
コード例 #3
0
    def WriteSerializedObject(cls, event_object):
        """Writes an event object to serialized form.

    Args:
      event_object: an event object (instance of EventObject).

    Returns:
      A protobuf object containing the serialized form (instance of
      plaso_storage_pb2.EventObject).
    """
        proto = plaso_storage_pb2.EventObject()

        proto.data_type = getattr(event_object, u'data_type', u'event')

        for attribute_name in event_object.GetAttributes():
            if attribute_name == u'source_short':
                proto.source_short = cls._SOURCE_SHORT_TO_PROTO_MAP[
                    event_object.source_short]

            elif attribute_name == u'pathspec':
                attribute_value = getattr(event_object, attribute_name, None)
                if attribute_value:
                    attribute_value = cls._path_spec_serializer.WriteSerialized(
                        attribute_value)
                    setattr(proto, attribute_name, attribute_value)

            elif attribute_name == u'tag':
                attribute_value = getattr(event_object, attribute_name, None)
                if attribute_value:
                    event_tag_proto = ProtobufEventTagSerializer.WriteSerializedObject(
                        attribute_value)
                    proto.tag.MergeFrom(event_tag_proto)

            elif hasattr(proto, attribute_name):
                attribute_value = getattr(event_object, attribute_name)

                if attribute_value is None:
                    continue

                if isinstance(attribute_value, basestring):
                    attribute_value = utils.GetUnicodeString(attribute_value)
                    if not attribute_value:
                        continue

                if isinstance(attribute_value, dict):
                    ProtobufEventAttributeSerializer.WriteSerializedDictObject(
                        proto, attribute_name, attribute_value)

                elif isinstance(attribute_value, (list, tuple)):
                    ProtobufEventAttributeSerializer.WriteSerializedListObject(
                        proto, attribute_name, attribute_value)

                else:
                    try:
                        setattr(proto, attribute_name, attribute_value)
                    except ValueError as exception:
                        path_spec = getattr(event_object, u'pathspec', None)
                        path = getattr(path_spec, u'location', u'')
                        logging.error((
                            u'Unable to save value for: {0:s} [{1:s}] with error: {2:s} '
                            u'coming from file: {3:s}').format(
                                attribute_name, type(attribute_value),
                                exception, path))
                        # Catch potential out of range errors.
                        if isinstance(attribute_value, py2to3.INTEGER_TYPES):
                            setattr(proto, attribute_name, -1)

            else:
                attribute_value = getattr(event_object, attribute_name)

                # TODO: check if the next TODO still applies.
                # Serialize the attribute value only if it is an integer type
                # (int or long) or if it has a value.
                # TODO: fix logic.
                if (isinstance(attribute_value, (bool, int, float, long))
                        or attribute_value):
                    proto_attribute = proto.attributes.add()
                    ProtobufEventAttributeSerializer.WriteSerializedObject(
                        proto_attribute, attribute_name, attribute_value)

        return proto