def CompileReport(self, analysis_context): """Compiles a report of the analysis. Args: analysis_context: The analysis context object. Instance of AnalysisContext. Returns: The analysis report (instance of AnalysisReport). """ report = event.AnalysisReport(self.NAME) report.report_dict = self._results lines_of_text = [] for user, extensions in sorted(self._results.iteritems()): lines_of_text.append(u' == USER: {0:s} =='.format(user)) for extension, extension_id in sorted(extensions): lines_of_text.append(u' {0:s} [{1:s}]'.format(extension, extension_id)) # An empty string is added to have SetText create an empty line. lines_of_text.append(u'') report.SetText(lines_of_text) return report
def CompileReport(self, analysis_mediator): """Compiles a report of the analysis. Args: analysis_mediator: The analysis mediator object (instance of AnalysisMediator). Returns: The analysis report (instance of AnalysisReport). """ report = event.AnalysisReport(self.NAME) if self._output_format == u'yaml': lines_of_text = [] lines_of_text.append( yaml.safe_dump_all(self._service_collection.services)) else: lines_of_text = [u'Listing Windows Services'] for service in self._service_collection.services: lines_of_text.append(self._FormatServiceText(service)) # Separate services with a blank line. lines_of_text.append(u'') report.SetText(lines_of_text) return report
def CompileReport(self, analysis_mediator): """Compiles a report of the analysis. Args: analysis_mediator: The analysis mediator object (instance of AnalysisMediator). Returns: The analysis report (instance of AnalysisReport). """ tags = [] lines_of_text = [u'{0:s} hash tagging Results'.format(self.NAME)] while self._ContinueReportCompilation(): try: self._LogProgressUpdateIfReasonable() hash_analysis = self.hash_analysis_queue.get( timeout=self._analysis_queue_timeout) except Queue.Empty: # The result queue is empty, but there could still be items that need # to be processed by the analyzer. continue pathspecs, tag_strings, new_tags = self._HandleHashAnalysis( hash_analysis) tags.extend(new_tags) for pathspec in pathspecs: text_line = self._GenerateTextLine( analysis_mediator, pathspec, tag_strings) lines_of_text.append(text_line) self._analyzer.SignalAbort() report = event.AnalysisReport(self.NAME) report.SetText(lines_of_text) report.SetTags(tags) return report
def CompileReport(self, analysis_mediator): """Compiles a report of the analysis. Args: analysis_mediator: The analysis mediator object (instance of AnalysisMediator). Returns: The analysis report (instance of AnalysisReport). """ report = event.AnalysisReport(self.NAME) results = {} for key, count in self._counter.iteritems(): search_engine, _, search_term = key.partition(u':') results.setdefault(search_engine, {}) results[search_engine][search_term] = count report.report_dict = results report.report_array = self._search_term_timeline lines_of_text = [] for search_engine, terms in sorted(results.items()): lines_of_text.append(u' == ENGINE: {0:s} =='.format(search_engine)) for search_term, count in sorted( terms.iteritems(), key=lambda x: (x[1], x[0]), reverse=True): lines_of_text.append(u'{0:d} {1:s}'.format(count, search_term)) # An empty string is added to have SetText create an empty line. lines_of_text.append(u'') report.SetText(lines_of_text) return report
def _ConvertDictToAnalysisReport(self, json_dict): """Converts a JSON dict into an analysis report. The dictionary of the JSON serialized objects consists of: { '__type__': 'AnalysisReport' '_anomalies': { ... } '_tags': { ... } 'report_array': { ... } 'report_dict': { ... } ... } Here '__type__' indicates the object base type. In this case this should be 'AnalysisReport'. The rest of the elements of the dictionary make up the preprocessing object properties. Args: json_dict: a dictionary of the JSON serialized objects. Returns: An analysis report (instance of AnalysisReport). """ # Plugin name is set as one of the attributes. analysis_report = event.AnalysisReport(u'') for key, value in iter(json_dict.items()): setattr(analysis_report, key, value) return analysis_report
def testWriteSerialized(self): """Tests the WriteSerialized function.""" analysis_report = event.AnalysisReport(u'chrome_extension_test') analysis_report.report_dict = self._report_dict analysis_report.text = self._report_text analysis_report.time_compiled = 1431978243000000 self._TestWriteSerialized( self._serializer, analysis_report, self._proto_string)
def CompileReport(self, analysis_mediator): """Compiles a report of the analysis. Args: analysis_mediator: The analysis mediator object (instance of AnalysisMediator). Returns: The analysis report (instance of AnalysisReport). """ report = event.AnalysisReport(self.NAME) report.SetTags(self._tags) report.SetText( [u'Tagging plugin produced {0:d} tags.'.format(len(self._tags))]) return report
def CompileReport(self, analysis_mediator): """Compiles a report of the analysis. Args: analysis_mediator: The analysis mediator object (instance of AnalysisMediator). Returns: The analysis report (instance of AnalysisReport). """ report = event.AnalysisReport(self.NAME) lines_of_text = [u'Listing domains visited by all users'] for domain in sorted(self._domains): lines_of_text.append(domain) report.SetText(lines_of_text) return report
def testWriteSerialized(self): """Tests the WriteSerialized function.""" event_tag = event.EventTag( comment=self._comment, event_uuid=self._event_uuid) event_tag.AddLabels(self._labels) self.assertTrue(event_tag.IsValidForSerialization()) analysis_report = event.AnalysisReport(u'chrome_extension_test') analysis_report.report_dict = self._report_dict analysis_report.text = self._report_text analysis_report.time_compiled = 1431978243000000 analysis_report.SetTags([event_tag]) self._TestWriteSerialized( self._serializer, analysis_report, self._json_dict)
def testWriteSerialized(self): """Tests the WriteSerialized function.""" event_tag = event.EventTag() event_tag.event_uuid = u'403818f93dce467bac497ef0f263fde8' event_tag.comment = u'This is a test event tag.' event_tag._tags = [u'This is a test.', u'Also a test.'] self.assertTrue(event_tag.IsValidForSerialization()) analysis_report = event.AnalysisReport(u'chrome_extension_test') analysis_report.report_dict = self._report_dict analysis_report.text = self._report_text analysis_report.time_compiled = 1431978243000000 analysis_report.SetTags([event_tag]) self._TestWriteSerialized(self._serializer, analysis_report, self._json_dict)
def CompileReport(self, analysis_context): """Compiles a report of the analysis. Args: analysis_context: The analysis context object. Instance of AnalysisContext. Returns: The analysis report (instance of AnalysisReport). """ report = event.AnalysisReport(self.NAME) lines_of_text = [u'Listing file paths and hashes'] for pathspec, hashes in sorted(self._paths_with_hashes.items(), key=lambda tuple: tuple[0].comparable): path_string = self._GeneratePathString(analysis_context, pathspec, hashes) lines_of_text.append(path_string) report.SetText(lines_of_text) return report
def ReadSerializedObject(cls, proto): """Reads an analysis report from serialized form. Args: proto: a protobuf object containing the serialized form (instance of plaso_storage_pb2.AnalysisReport). Returns: An analysis report (instance of AnalysisReport). """ # Plugin name is set as one of the attributes. analysis_report = event.AnalysisReport(u'') for proto_attribute, value in proto.ListFields(): # TODO: replace by ReadSerializedDictObject, need tests first. # dict_object = ProtobufEventAttributeSerializer.ReadSerializedDictObject( # proto.report_dict) if proto_attribute.name == u'report_dict': new_value = {} for proto_dict in proto.report_dict.attributes: dict_key, dict_value = (ProtobufEventAttributeSerializer. ReadSerializedObject(proto_dict)) new_value[dict_key] = dict_value setattr(analysis_report, proto_attribute.name, new_value) # TODO: replace by ReadSerializedListObject, need tests first. # list_object = ProtobufEventAttributeSerializer.ReadSerializedListObject( # proto.report_array) elif proto_attribute.name == u'report_array': new_value = [] for proto_array in proto.report_array.values: _, list_value = ProtobufEventAttributeSerializer.ReadSerializedObject( proto_array) new_value.append(list_value) setattr(analysis_report, proto_attribute.name, new_value) else: setattr(analysis_report, proto_attribute.name, value) return analysis_report