예제 #1
0
파일: ie_history.py 프로젝트: zzzzpaul/grr
 def Parse(self, stat, file_object, knowledge_base):
   """Parse the History file."""
   _, _ = stat, knowledge_base
   # TODO(user): Convert this to use the far more intelligent plaso parser.
   ie = IEParser(file_object)
   for dat in ie.Parse():
     yield rdfvalue.BrowserHistoryItem(
         url=dat["url"], domain=urlparse.urlparse(dat["url"]).netloc,
         access_time=dat.get("mtime"),
         program_name="Internet Explorer", source_urn=stat.aff4path)
예제 #2
0
 def Parse(self, stat, file_object, knowledge_base):
     """Parse the History file."""
     _, _ = stat, knowledge_base
     # TODO(user): Convert this to use the far more intelligent plaso parser.
     chrome = ChromeParser(file_object)
     for timestamp, entry_type, url, data1, _, _ in chrome.Parse():
         if entry_type == "CHROME_DOWNLOAD":
             yield rdfvalue.BrowserHistoryItem(
                 url=url,
                 domain=urlparse.urlparse(url).netloc,
                 access_time=timestamp,
                 program_name="Chrome",
                 source_urn=stat.aff4path,
                 download_path=data1)
         elif entry_type == "CHROME_VISIT":
             yield rdfvalue.BrowserHistoryItem(
                 url=url,
                 domain=urlparse.urlparse(url).netloc,
                 access_time=timestamp,
                 program_name="Chrome",
                 source_urn=stat.aff4path,
                 title=data1)
예제 #3
0
 def Parse(self, stat, file_object, knowledge_base):
     """Parse the History file."""
     _, _ = stat, knowledge_base
     # TODO(user): Convert this to use the far more intelligent plaso parser.
     ff = Firefox3History(file_object)
     for timestamp, unused_entry_type, url, title in ff.Parse():
         yield rdfvalue.BrowserHistoryItem(
             url=url,
             domain=urlparse.urlparse(url).netloc,
             access_time=timestamp,
             program_name="Firefox",
             source_urn=stat.aff4path,
             title=title)