def ReadSerialized(cls, proto_string):
"""Reads a preprocess object from serialized form.
Args:
proto_string: a protobuf string containing the serialized form.
Returns:
A preprocessing object (instance of PreprocessObject).
"""
proto = plaso_storage_pb2.PreProcess()
proto.ParseFromString(proto_string)
return cls.ReadSerializedObject(proto)
def WriteSerializedObject(cls, preprocess_object):
"""Writes a preprocessing object to serialized form.
Args:
preprocess_object: a preprocessing object (instance of PreprocessObject).
Returns:
A protobuf object containing the serialized form (instance of
plaso_storage_pb2.PreProcess).
"""
proto = plaso_storage_pb2.PreProcess()
for attribute, value in iter(preprocess_object.__dict__.items()):
if value is None:
continue
if attribute == u'collection_information':
zone = value.get(u'configured_zone', u'')
if zone and hasattr(zone, u'zone'):
value[u'configured_zone'] = u'{0:s}'.format(zone.zone)
ProtobufEventAttributeSerializer.WriteSerializedDictObject(
proto, u'collection_information', value)
elif attribute == u'counter':
value_dict = dict(value.items())
ProtobufEventAttributeSerializer.WriteSerializedDictObject(
proto, u'counter', value_dict)
elif attribute == u'plugin_counter':
value_dict = dict(value.items())
ProtobufEventAttributeSerializer.WriteSerializedDictObject(
proto, u'plugin_counter', value_dict)
elif attribute == u'store_range':
range_proto = plaso_storage_pb2.Array()
range_start = range_proto.values.add()
range_start.integer = int(value[0])
range_end = range_proto.values.add()
range_end.integer = int(value[-1])
proto.store_range.MergeFrom(range_proto)
else:
if attribute == u'zone':
value = u'{0:s}'.format(value.zone)
if isinstance(value, (bool, float, py2to3.INTEGER_TYPES)) or value:
proto_attribute = proto.attributes.add()
ProtobufEventAttributeSerializer.WriteSerializedObject(
proto_attribute, attribute, value)
return proto
def WriteSerializedObject(cls, pre_obj):
"""Writes a preprocessing object to serialized form.
Args:
pre_obj: a preprocessing object (instance of PreprocessObject).
Returns:
A protobuf object containing the serialized form (instance of
plaso_storage_pb2.PreProcess).
"""
proto = plaso_storage_pb2.PreProcess()
for attribute, value in pre_obj.__dict__.items():
if attribute == 'collection_information':
zone = value.get('configured_zone', '')
if zone and hasattr(zone, 'zone'):
value['configured_zone'] = zone.zone
ProtobufEventAttributeSerializer.WriteSerializedDictObject(
proto, 'collection_information', value)
elif attribute == 'counter':
value_dict = dict(value.items())
ProtobufEventAttributeSerializer.WriteSerializedDictObject(
proto, 'counter', value_dict)
elif attribute == 'plugin_counter':
value_dict = dict(value.items())
ProtobufEventAttributeSerializer.WriteSerializedDictObject(
proto, 'plugin_counter', value_dict)
elif attribute == 'store_range':
range_proto = plaso_storage_pb2.Array()
range_start = range_proto.values.add()
range_start.integer = int(value[0])
range_end = range_proto.values.add()
range_end.integer = int(value[-1])
proto.store_range.MergeFrom(range_proto)
else:
if attribute == 'zone':
value = value.zone
if isinstance(value, (bool, int, float, long)) or value:
proto_attribute = proto.attributes.add()
ProtobufEventAttributeSerializer.WriteSerializedObject(
proto_attribute, attribute, value)
return proto
def ReadSerialized(cls, proto_string):
"""Reads a preprocess object from serialized form.
Args:
proto_string: a protobuf string containing the serialized form.
Returns:
A preprocessing object (instance of PreprocessObject).
Raises:
SerializationError: if the preprocessing object cannot be read.
"""
proto = plaso_storage_pb2.PreProcess()
proto.ParseFromString(proto_string)
try:
preprocess_object = cls.ReadSerializedObject(proto)
except message.DecodeError as exception:
raise errors.SerializationError((
u'Unable to read serialized preprocessing object '
u'with error: {0:s}').format(exception))
return preprocess_object
def setUp(self):
"""Makes preparations before running an individual test."""
parsers = [
u'esedb', u'chrome_preferences', u'winfirewall', u'android_app_usage',
u'selinux', u'recycle_bin', u'pls_recall', u'filestat', u'sqlite',
u'cups_ipp', u'winiis', u'lnk', u'rplog', u'symantec_scanlog',
u'recycle_bin_info2', u'winevtx', u'plist', u'bsm_log', u'mac_keychain',
u'pcap', u'mac_securityd', u'utmp', u'pe', u'asl_log', u'opera_global',
u'custom_destinations', u'chrome_cache', u'popularity_contest',
u'prefetch', u'winreg', u'msiecf', u'bencode', u'skydrive_log',
u'openxml', u'xchatscrollback', u'utmpx', u'binary_cookies', u'syslog',
u'hachoir', u'opera_typed_history', u'winevt', u'mac_appfirewall_log',
u'winjob', u'olecf', u'xchatlog', u'macwifi', u'mactime', u'java_idx',
u'firefox_cache', u'mcafee_protection', u'skydrive_log_error']
self._collection_information = {
u'cmd_line': (
u'/usr/bin/log2timeline.py pinfo_test.out tsk_volume_system.raw'),
u'configured_zone': u'UTC',
u'debug': False,
u'file_processed': u'/tmp/tsk_volume_system.raw',
u'image_offset': 180224,
u'method': u'imaged processed',
u'os_detected': u'N/A',
u'output_file': u'pinfo_test.out',
u'parser_selection': u'(no list set)',
u'parsers': parsers,
u'preferred_encoding': u'utf-8',
u'preprocess': True,
u'protobuf_size': 0,
u'recursive': False,
u'runtime': u'multi process mode',
u'time_of_run': 1430290411000000,
u'version': u'1.2.1_20150424',
u'vss parsing': False,
u'workers': 0
}
self._stores = {
u'Number': 1,
u'Store 1': {
u'count': 3,
u'data_type': [u'fs:stat'],
u'parsers': [u'filestat'],
u'range': [1387891912000000, 1387891912000000],
u'type_count': [[u'fs:stat', 3]],
u'version': 1
}
}
self._counter = collections.Counter()
self._counter[u'filestat'] = 3
self._counter[u'total'] = 3
self._plugin_counter = collections.Counter()
attribute_serializer = protobuf_serializer.ProtobufEventAttributeSerializer
# Warning the order in which the attributes are added to the protobuf
# matters for the test.
proto = plaso_storage_pb2.PreProcess()
attribute_serializer.WriteSerializedDictObject(
proto, u'collection_information', self._collection_information)
attribute_serializer.WriteSerializedDictObject(
proto, u'counter', self._counter)
proto_attribute = proto.attributes.add()
attribute_serializer.WriteSerializedObject(
proto_attribute, u'guessed_os', u'None')
attribute_serializer.WriteSerializedDictObject(
proto, u'plugin_counter', self._plugin_counter)
# Add the store_range attribute.
range_proto = plaso_storage_pb2.Array()
range_start = range_proto.values.add()
range_start.integer = 1
range_end = range_proto.values.add()
range_end.integer = 1
proto.store_range.MergeFrom(range_proto)
proto_attribute = proto.attributes.add()
attribute_serializer.WriteSerializedObject(
proto_attribute, u'zone', u'{0!s}'.format(pytz.UTC))
proto_attribute = proto.attributes.add()
attribute_serializer.WriteSerializedObject(
proto_attribute, u'stores', self._stores)
self._proto_object = proto
self._proto_string = proto.SerializeToString()
self._serializer = protobuf_serializer.ProtobufPreprocessObjectSerializer