예제 #1
0
파일: worker.py 프로젝트: cnbird1999/plaso
    def _GetSignatureMatchParserNames(self, file_entry):
        """Determines if a file matches one of the known signatures.

    Args:
      file_entry: A file entry object (instance of dfvfs.FileEntry).

    Returns:
      A list of parser names for which the file entry matches their
      known signatures.
    """
        parser_name_list = []
        scan_state = pysigscan.scan_state()

        file_object = file_entry.GetFileObject()
        try:
            self._file_scanner.scan_file_object(scan_state, file_object)
        finally:
            file_object.close()

        for scan_result in scan_state.scan_results:
            format_specification = (
                self._specification_store.GetSpecificationBySignature(
                    scan_result.identifier))

            if format_specification.identifier not in parser_name_list:
                parser_name_list.append(format_specification.identifier)

        return parser_name_list
예제 #2
0
def pysigscan_test_scan_buffer(scanner, buffer, expected_scan_results):
  scan_state = pysigscan.scan_state()

  scan_state.set_data_size(len(buffer))

  scanner.scan_start(scan_state)
  scanner.scan_buffer(scan_state, buffer)
  scanner.scan_stop(scan_state)

  scan_results = []
  for scan_result in scan_state.scan_results:
    scan_results.append(scan_result.identifier)

  if sorted(scan_results) == sorted(expected_scan_results):
    result = True
  else:
    result = False

  print("Testing scan\t"),
  if not result:
    print("(FAIL)")
    return False
  print("(PASS)")

  return True
예제 #3
0
  def Matches(self, file_entry):
    """Compares the file entry against the filter.

    Args:
      file_entry (dfvfs.FileEntry): file entry to compare.

    Returns:
      bool: True if the file entry matches the filter, False if not or
          None if the filter does not apply.
    """
    if not self._file_scanner or not file_entry.IsFile():
      return

    file_object = file_entry.GetFileObject()
    if not file_object:
      return False

    try:
      scan_state = pysigscan.scan_state()
      self._file_scanner.scan_file_object(scan_state, file_object)

    except IOError as exception:
      # TODO: replace location by display name.
      location = getattr(file_entry.path_spec, u'location', u'')
      logging.error((
          u'[skipping] unable to scan file: {0:s} for signatures '
          u'with error: {1:s}').format(location, exception))
      return False

    finally:
      file_object.close()

    return scan_state.number_of_scan_results > 0
예제 #4
0
  def Matches(self, file_entry):
    """Compares the file entry against the filter.

    Args:
      file_entry (dfvfs.FileEntry): file entry to compare.

    Returns:
      bool: True if the file entry matches the filter, False if not or
          None if the filter does not apply.
    """
    if not self._file_scanner or not file_entry.IsFile():
      return

    file_object = file_entry.GetFileObject()
    if not file_object:
      return False

    try:
      scan_state = pysigscan.scan_state()
      self._file_scanner.scan_file_object(scan_state, file_object)

    except IOError as exception:
      # TODO: replace location by display name.
      location = getattr(file_entry.path_spec, u'location', u'')
      logging.error((
          u'[skipping] unable to scan file: {0:s} for signatures '
          u'with error: {1:s}').format(location, exception))
      return False

    finally:
      file_object.close()

    return scan_state.number_of_scan_results > 0
예제 #5
0
def pysigscan_test_scan_buffer(scanner, buffer, expected_scan_results):
  scan_state = pysigscan.scan_state()

  scan_state.set_data_size(len(buffer))

  scanner.scan_start(scan_state)
  scanner.scan_buffer(scan_state, buffer)
  scanner.scan_stop(scan_state)

  scan_results = []
  for scan_result in scan_state.scan_results:
    scan_results.append(scan_result.identifier)

  if sorted(scan_results) == sorted(expected_scan_results):
    result = True
  else:
    result = False

  print("Testing scan\t"),
  if not result:
    print("(FAIL)")
    return False
  print("(PASS)")

  return True
예제 #6
0
파일: worker.py 프로젝트: cnbird1999/plaso
  def _GetSignatureMatchParserNames(self, file_entry):
    """Determines if a file matches one of the known signatures.

    Args:
      file_entry: A file entry object (instance of dfvfs.FileEntry).

    Returns:
      A list of parser names for which the file entry matches their
      known signatures.
    """
    parser_name_list = []
    scan_state = pysigscan.scan_state()

    file_object = file_entry.GetFileObject()
    try:
      self._file_scanner.scan_file_object(scan_state, file_object)
    finally:
      file_object.close()

    for scan_result in scan_state.scan_results:
      format_specification = (
          self._specification_store.GetSpecificationBySignature(
              scan_result.identifier))

      if format_specification.identifier not in parser_name_list:
        parser_name_list.append(format_specification.identifier)

    return parser_name_list
예제 #7
0
  def _GetSignatures(self, file_object):
    """Determines the if the file content contains known signatures.

    Args:
      file_object: a file-like object (instance of dfvfs.FileIO).

    Returns:
      A list of strings containing the signature identifier or None
      if no known signature was found.
    """
    scan_state = pysigscan.scan_state()
    self._file_scanner.scan_file_object(scan_state, file_object)
    return [scan_result.identifier for scan_result in scan_state.scan_results]
예제 #8
0
  def _GetSignatures(self, file_object):
    """Determines the if the file content contains known signatures.

    Args:
      file_object (dfvfs.FileIO): file-like object.

    Returns:
      list[str]: signature identifiers or None if no known signatures
          were found.
    """
    scan_state = pysigscan.scan_state()
    self._file_scanner.scan_file_object(scan_state, file_object)
    # pylint: disable=not-an-iterable
    return [scan_result.identifier for scan_result in scan_state.scan_results]
예제 #9
0
    def _GetSignatures(self, file_object):
        """Determines the if the file content contains known signatures.

    Args:
      file_object: a file-like object (instance of dfvfs.FileIO).

    Returns:
      A list of strings containing the signature identifier or None
      if no known signature was found.
    """
        scan_state = pysigscan.scan_state()
        self._file_scanner.scan_file_object(scan_state, file_object)
        return [
            scan_result.identifier for scan_result in scan_state.scan_results
        ]
예제 #10
0
    def _GetTypeIndicators(cls,
                           scanner_object,
                           specification_store,
                           remainder_list,
                           path_spec,
                           resolver_context=None):
        """Determines if a file contains a supported format types.

    Args:
      scanner_object: the format scanner (instance of pysigscan.scanner).
      specification_store: a specification store (instance of
                           FormatSpecificationStore).
      remainder_list: list of remaining analyzer helpers that do not have
                      a format specification.
      path_spec: the VFS path specification (instance of path.PathSpec).
      resolver_context: the optional resolver context (instance of
                        resolver.Context). The default is None which will use
                        the built in context which is not multi process safe.

    Returns:
      A list of supported format type indicator.
    """
        type_indicator_list = []

        file_object = resolver.Resolver.OpenFileObject(
            path_spec, resolver_context=resolver_context)
        scan_state = pysigscan.scan_state()

        try:
            scanner_object.scan_file_object(scan_state, file_object)

            for scan_result in scan_state.scan_results:
                format_specification = specification_store.GetSpecificationBySignature(
                    scan_result.identifier)

                if format_specification.identifier not in type_indicator_list:
                    type_indicator_list.append(format_specification.identifier)

            for analyzer_helper in remainder_list:
                result = analyzer_helper.AnalyzeFileObject(file_object)

                if result is not None:
                    type_indicator_list.append(result)

        finally:
            file_object.close()

        return type_indicator_list
예제 #11
0
    def _GetTypeIndicators(cls,
                           signature_scanner,
                           specification_store,
                           remainder_list,
                           path_spec,
                           resolver_context=None):
        """Determines if a file contains a supported format types.

    Args:
      signature_scanner (pysigscan.scanner): signature scanner.
      specification_store (FormatSpecificationStore): specification store.
      remainder_list (list[AnalyzerHelper]): remaining analyzer helpers that
          do not have a format specification.
      path_spec (PathSpec): path specification.
      resolver_context (Optional[Context]): resolver context, where None
          represents the built-in context which is not multi process safe.

    Returns:
      list[str]: supported format type indicators.
    """
        type_indicator_list = []

        file_object = resolver.Resolver.OpenFileObject(
            path_spec, resolver_context=resolver_context)
        scan_state = pysigscan.scan_state()

        try:
            signature_scanner.scan_file_object(scan_state, file_object)

            for scan_result in iter(scan_state.scan_results):
                format_specification = specification_store.GetSpecificationBySignature(
                    scan_result.identifier)

                if format_specification.identifier not in type_indicator_list:
                    type_indicator_list.append(format_specification.identifier)

            for analyzer_helper in remainder_list:
                result = analyzer_helper.AnalyzeFileObject(file_object)

                if result is not None:
                    type_indicator_list.append(result)

        finally:
            file_object.close()

        return type_indicator_list
예제 #12
0
파일: analyzer.py 프로젝트: Onager/dfvfs
  def _GetTypeIndicators(
      cls, scanner_object, specification_store, remainder_list, path_spec,
      resolver_context=None):
    """Determines if a file contains a supported format types.

    Args:
      scanner_object: the format scanner (instance of pysigscan.scanner).
      specification_store: a specification store (instance of
                           FormatSpecificationStore).
      remainder_list: list of remaining analyzer helpers that do not have
                      a format specification.
      path_spec: the VFS path specification (instance of path.PathSpec).
      resolver_context: the optional resolver context (instance of
                        resolver.Context). The default is None which will use
                        the built in context which is not multi process safe.

    Returns:
      A list of supported format type indicator.
    """
    type_indicator_list = []

    file_object = resolver.Resolver.OpenFileObject(
        path_spec, resolver_context=resolver_context)
    scan_state = pysigscan.scan_state()

    try:
      scanner_object.scan_file_object(scan_state, file_object)

      for scan_result in scan_state.scan_results:
        format_specification = specification_store.GetSpecificationBySignature(
            scan_result.identifier)

        if format_specification.identifier not in type_indicator_list:
          type_indicator_list.append(format_specification.identifier)

      for analyzer_helper in remainder_list:
        result = analyzer_helper.AnalyzeFileObject(file_object)

        if result is not None:
          type_indicator_list.append(result)

    finally:
      file_object.close()

    return type_indicator_list
예제 #13
0
    def ScanFileObject(self, file_object):

        if not file_object:
            return
        try:
            scan_state = pysigscan.scan_state()
            self._scanner.scan_file_object(scan_state, file_object)
            """scan_state.set_data_size(len(file_content))
            self._scanner.scan_start(scan_state)
            self._scanner.scan_buffer(scan_state, file_content)
            self._scanner.scan_stop(scan_state)"""

        except IOError as exception:
            logger.error('unable to scan file: error')

            return False

        #return scan_state.number_of_scan_results > 0
        return scan_state.scan_results
예제 #14
0
파일: analyzer.py 프로젝트: dc3-plaso/dfvfs
  def _GetTypeIndicators(
      cls, signature_scanner, specification_store, remainder_list, path_spec,
      resolver_context=None):
    """Determines if a file contains a supported format types.

    Args:
      signature_scanner (pysigscan.scanner): signature scanner.
      specification_store (FormatSpecificationStore): specification store.
      remainder_list (list[AnalyzerHelper]): remaining analyzer helpers that
          do not have a format specification.
      path_spec (PathSpec): path specification.
      resolver_context (Optional[Context]): resolver context, where None
          represents the built-in context which is not multi process safe.

    Returns:
      list[str]: supported format type indicators.
    """
    type_indicator_list = []

    file_object = resolver.Resolver.OpenFileObject(
        path_spec, resolver_context=resolver_context)
    scan_state = pysigscan.scan_state()

    try:
      signature_scanner.scan_file_object(scan_state, file_object)

      for scan_result in iter(scan_state.scan_results):
        format_specification = specification_store.GetSpecificationBySignature(
            scan_result.identifier)

        if format_specification.identifier not in type_indicator_list:
          type_indicator_list.append(format_specification.identifier)

      for analyzer_helper in remainder_list:
        result = analyzer_helper.AnalyzeFileObject(file_object)

        if result is not None:
          type_indicator_list.append(result)

    finally:
      file_object.close()

    return type_indicator_list
예제 #15
0
파일: worker.py 프로젝트: jadams/plaso
    def _GetSignatureMatchParserNames(self, file_object):
        """Determines if a file-like object matches one of the known signatures.

    Args:
      file_object: the file-like object whose contents will be checked
                   for known signatures.

    Returns:
      A list of parser names for which the file entry matches their
      known signatures.
    """
        parser_name_list = []
        scan_state = pysigscan.scan_state()
        self._file_scanner.scan_file_object(scan_state, file_object)

        for scan_result in scan_state.scan_results:
            format_specification = self._specification_store.GetSpecificationBySignature(scan_result.identifier)

            if format_specification.identifier not in parser_name_list:
                parser_name_list.append(format_specification.identifier)

        return parser_name_list
예제 #16
0
  def Matches(self, file_entry):
    """Compares the file entry against the filter.

    Args:
      file_entry: The file entry (instance of dfvfs.FileEntry).

    Returns:
      A boolean indicating if the file entry matches the filter or
      None if the filter does not apply
    """
    if not self._file_scanner or not file_entry.IsFile():
      return

    scan_state = pysigscan.scan_state()

    try:
      file_object = file_entry.GetFileObject()
      self._file_scanner.scan_file_object(scan_state, file_object)
    finally:
      file_object.close()

    return scan_state.number_of_scan_results > 0
예제 #17
0
파일: worker.py 프로젝트: vertigo0001/plaso
  def _GetSignatureMatchParserNames(self, file_entry):
    """Determines if a file matches one of the known signatures.

    Args:
      file_entry: A file entry object (instance of dfvfs.FileEntry).

    Returns:
      A list of parser names for which the file entry matches their
      known signatures.

    Raises:
      IOError: if scanning for signatures failed.
    """
    parser_name_list = []
    scan_state = pysigscan.scan_state()

    file_object = file_entry.GetFileObject()
    try:
      self._file_scanner.scan_file_object(scan_state, file_object)
    except IOError as exception:
      raise IOError(
          u'Unable to scan for signatures with error: {0:s}'.format(exception))
    finally:
      file_object.close()

      # Make sure frame.f_locals does not keep a reference to file_entry.
      file_entry = None

    for scan_result in scan_state.scan_results:
      format_specification = (
          self._specification_store.GetSpecificationBySignature(
              scan_result.identifier))

      if format_specification.identifier not in parser_name_list:
        parser_name_list.append(format_specification.identifier)

    return parser_name_list
예제 #18
0
파일: worker.py 프로젝트: wdrone/plaso
  def _GetSignatureMatchParserNames(self, file_entry):
    """Determines if a file matches one of the known signatures.

    Args:
      file_entry: A file entry object (instance of dfvfs.FileEntry).

    Returns:
      A list of parser names for which the file entry matches their
      known signatures.

    Raises:
      IOError: if scanning for signatures failed.
    """
    parser_name_list = []
    scan_state = pysigscan.scan_state()

    file_object = file_entry.GetFileObject()
    try:
      self._file_scanner.scan_file_object(scan_state, file_object)
    except IOError as exception:
      raise IOError(
          u'Unable to scan for signatures with error: {0:s}'.format(exception))
    finally:
      file_object.close()

      # Make sure frame.f_locals does not keep a reference to file_entry.
      file_entry = None

    for scan_result in scan_state.scan_results:
      format_specification = (
          self._specification_store.GetSpecificationBySignature(
              scan_result.identifier))

      if format_specification.identifier not in parser_name_list:
        parser_name_list.append(format_specification.identifier)

    return parser_name_list
예제 #19
0
    def _GetSignatureMatchParserNames(self, file_object):
        """Determines if a file-like object matches one of the known signatures.

    Args:
      file_object (file): file-like object whose contents will be checked
          for known signatures.

    Returns:
      list[str]: parser names for which the contents of the file-like object
          matches their known signatures.
    """
        parser_names = []
        scan_state = pysigscan.scan_state()
        self._file_scanner.scan_file_object(scan_state, file_object)

        for scan_result in iter(scan_state.scan_results):
            format_specification = (
                self._formats_with_signatures.GetSpecificationBySignature(
                    scan_result.identifier))

            if format_specification.identifier not in parser_names:
                parser_names.append(format_specification.identifier)

        return parser_names
예제 #20
0
    def _GetSignatureMatchParserNames(self, file_object):
        """Determines if a file-like object matches one of the known signatures.

    Args:
      file_object: the file-like object whose contents will be checked
                   for known signatures.

    Returns:
      A list of parser names for which the file entry matches their
      known signatures.
    """
        parser_name_list = []
        scan_state = pysigscan.scan_state()
        self._file_scanner.scan_file_object(scan_state, file_object)

        for scan_result in scan_state.scan_results:
            format_specification = (
                self._specification_store.GetSpecificationBySignature(
                    scan_result.identifier))

            if format_specification.identifier not in parser_name_list:
                parser_name_list.append(format_specification.identifier)

        return parser_name_list
예제 #21
0
  def _GetSignatureMatchParserNames(self, file_object):
    """Determines if a file-like object matches one of the known signatures.

    Args:
      file_object (file): file-like object whose contents will be checked
          for known signatures.

    Returns:
      list[str]: parser names for which the contents of the file-like object
          matches their known signatures.
    """
    parser_names = []
    scan_state = pysigscan.scan_state()
    self._file_scanner.scan_file_object(scan_state, file_object)

    for scan_result in iter(scan_state.scan_results):
      format_specification = (
          self._formats_with_signatures.GetSpecificationBySignature(
              scan_result.identifier))

      if format_specification.identifier not in parser_names:
        parser_names.append(format_specification.identifier)

    return parser_names