def _GetSignatureMatchParserNames(self, file_entry):
"""Determines if a file matches one of the known signatures.
Args:
file_entry: A file entry object (instance of dfvfs.FileEntry).
Returns:
A list of parser names for which the file entry matches their
known signatures.
"""
parser_name_list = []
scan_state = pysigscan.scan_state()
file_object = file_entry.GetFileObject()
try:
self._file_scanner.scan_file_object(scan_state, file_object)
finally:
file_object.close()
for scan_result in scan_state.scan_results:
format_specification = (
self._specification_store.GetSpecificationBySignature(
scan_result.identifier))
if format_specification.identifier not in parser_name_list:
parser_name_list.append(format_specification.identifier)
return parser_name_list
def pysigscan_test_scan_buffer(scanner, buffer, expected_scan_results):
scan_state = pysigscan.scan_state()
scan_state.set_data_size(len(buffer))
scanner.scan_start(scan_state)
scanner.scan_buffer(scan_state, buffer)
scanner.scan_stop(scan_state)
scan_results = []
for scan_result in scan_state.scan_results:
scan_results.append(scan_result.identifier)
if sorted(scan_results) == sorted(expected_scan_results):
result = True
else:
result = False
print("Testing scan\t"),
if not result:
print("(FAIL)")
return False
print("(PASS)")
return True
def Matches(self, file_entry):
"""Compares the file entry against the filter.
Args:
file_entry (dfvfs.FileEntry): file entry to compare.
Returns:
bool: True if the file entry matches the filter, False if not or
None if the filter does not apply.
"""
if not self._file_scanner or not file_entry.IsFile():
return
file_object = file_entry.GetFileObject()
if not file_object:
return False
try:
scan_state = pysigscan.scan_state()
self._file_scanner.scan_file_object(scan_state, file_object)
except IOError as exception:
# TODO: replace location by display name.
location = getattr(file_entry.path_spec, u'location', u'')
logging.error((
u'[skipping] unable to scan file: {0:s} for signatures '
u'with error: {1:s}').format(location, exception))
return False
finally:
file_object.close()
return scan_state.number_of_scan_results > 0
def Matches(self, file_entry):
"""Compares the file entry against the filter.
Args:
file_entry (dfvfs.FileEntry): file entry to compare.
Returns:
bool: True if the file entry matches the filter, False if not or
None if the filter does not apply.
"""
if not self._file_scanner or not file_entry.IsFile():
return
file_object = file_entry.GetFileObject()
if not file_object:
return False
try:
scan_state = pysigscan.scan_state()
self._file_scanner.scan_file_object(scan_state, file_object)
except IOError as exception:
# TODO: replace location by display name.
location = getattr(file_entry.path_spec, u'location', u'')
logging.error((
u'[skipping] unable to scan file: {0:s} for signatures '
u'with error: {1:s}').format(location, exception))
return False
finally:
file_object.close()
return scan_state.number_of_scan_results > 0
def pysigscan_test_scan_buffer(scanner, buffer, expected_scan_results):
scan_state = pysigscan.scan_state()
scan_state.set_data_size(len(buffer))
scanner.scan_start(scan_state)
scanner.scan_buffer(scan_state, buffer)
scanner.scan_stop(scan_state)
scan_results = []
for scan_result in scan_state.scan_results:
scan_results.append(scan_result.identifier)
if sorted(scan_results) == sorted(expected_scan_results):
result = True
else:
result = False
print("Testing scan\t"),
if not result:
print("(FAIL)")
return False
print("(PASS)")
return True
def _GetSignatureMatchParserNames(self, file_entry):
"""Determines if a file matches one of the known signatures.
Args:
file_entry: A file entry object (instance of dfvfs.FileEntry).
Returns:
A list of parser names for which the file entry matches their
known signatures.
"""
parser_name_list = []
scan_state = pysigscan.scan_state()
file_object = file_entry.GetFileObject()
try:
self._file_scanner.scan_file_object(scan_state, file_object)
finally:
file_object.close()
for scan_result in scan_state.scan_results:
format_specification = (
self._specification_store.GetSpecificationBySignature(
scan_result.identifier))
if format_specification.identifier not in parser_name_list:
parser_name_list.append(format_specification.identifier)
return parser_name_list
def _GetSignatures(self, file_object):
"""Determines the if the file content contains known signatures.
Args:
file_object: a file-like object (instance of dfvfs.FileIO).
Returns:
A list of strings containing the signature identifier or None
if no known signature was found.
"""
scan_state = pysigscan.scan_state()
self._file_scanner.scan_file_object(scan_state, file_object)
return [scan_result.identifier for scan_result in scan_state.scan_results]
def _GetSignatures(self, file_object):
"""Determines the if the file content contains known signatures.
Args:
file_object (dfvfs.FileIO): file-like object.
Returns:
list[str]: signature identifiers or None if no known signatures
were found.
"""
scan_state = pysigscan.scan_state()
self._file_scanner.scan_file_object(scan_state, file_object)
# pylint: disable=not-an-iterable
return [scan_result.identifier for scan_result in scan_state.scan_results]
def _GetSignatures(self, file_object):
"""Determines the if the file content contains known signatures.
Args:
file_object: a file-like object (instance of dfvfs.FileIO).
Returns:
A list of strings containing the signature identifier or None
if no known signature was found.
"""
scan_state = pysigscan.scan_state()
self._file_scanner.scan_file_object(scan_state, file_object)
return [
scan_result.identifier for scan_result in scan_state.scan_results
]
def _GetTypeIndicators(cls,
scanner_object,
specification_store,
remainder_list,
path_spec,
resolver_context=None):
"""Determines if a file contains a supported format types.
Args:
scanner_object: the format scanner (instance of pysigscan.scanner).
specification_store: a specification store (instance of
FormatSpecificationStore).
remainder_list: list of remaining analyzer helpers that do not have
a format specification.
path_spec: the VFS path specification (instance of path.PathSpec).
resolver_context: the optional resolver context (instance of
resolver.Context). The default is None which will use
the built in context which is not multi process safe.
Returns:
A list of supported format type indicator.
"""
type_indicator_list = []
file_object = resolver.Resolver.OpenFileObject(
path_spec, resolver_context=resolver_context)
scan_state = pysigscan.scan_state()
try:
scanner_object.scan_file_object(scan_state, file_object)
for scan_result in scan_state.scan_results:
format_specification = specification_store.GetSpecificationBySignature(
scan_result.identifier)
if format_specification.identifier not in type_indicator_list:
type_indicator_list.append(format_specification.identifier)
for analyzer_helper in remainder_list:
result = analyzer_helper.AnalyzeFileObject(file_object)
if result is not None:
type_indicator_list.append(result)
finally:
file_object.close()
return type_indicator_list
def _GetTypeIndicators(cls,
signature_scanner,
specification_store,
remainder_list,
path_spec,
resolver_context=None):
"""Determines if a file contains a supported format types.
Args:
signature_scanner (pysigscan.scanner): signature scanner.
specification_store (FormatSpecificationStore): specification store.
remainder_list (list[AnalyzerHelper]): remaining analyzer helpers that
do not have a format specification.
path_spec (PathSpec): path specification.
resolver_context (Optional[Context]): resolver context, where None
represents the built-in context which is not multi process safe.
Returns:
list[str]: supported format type indicators.
"""
type_indicator_list = []
file_object = resolver.Resolver.OpenFileObject(
path_spec, resolver_context=resolver_context)
scan_state = pysigscan.scan_state()
try:
signature_scanner.scan_file_object(scan_state, file_object)
for scan_result in iter(scan_state.scan_results):
format_specification = specification_store.GetSpecificationBySignature(
scan_result.identifier)
if format_specification.identifier not in type_indicator_list:
type_indicator_list.append(format_specification.identifier)
for analyzer_helper in remainder_list:
result = analyzer_helper.AnalyzeFileObject(file_object)
if result is not None:
type_indicator_list.append(result)
finally:
file_object.close()
return type_indicator_list
def _GetTypeIndicators(
cls, scanner_object, specification_store, remainder_list, path_spec,
resolver_context=None):
"""Determines if a file contains a supported format types.
Args:
scanner_object: the format scanner (instance of pysigscan.scanner).
specification_store: a specification store (instance of
FormatSpecificationStore).
remainder_list: list of remaining analyzer helpers that do not have
a format specification.
path_spec: the VFS path specification (instance of path.PathSpec).
resolver_context: the optional resolver context (instance of
resolver.Context). The default is None which will use
the built in context which is not multi process safe.
Returns:
A list of supported format type indicator.
"""
type_indicator_list = []
file_object = resolver.Resolver.OpenFileObject(
path_spec, resolver_context=resolver_context)
scan_state = pysigscan.scan_state()
try:
scanner_object.scan_file_object(scan_state, file_object)
for scan_result in scan_state.scan_results:
format_specification = specification_store.GetSpecificationBySignature(
scan_result.identifier)
if format_specification.identifier not in type_indicator_list:
type_indicator_list.append(format_specification.identifier)
for analyzer_helper in remainder_list:
result = analyzer_helper.AnalyzeFileObject(file_object)
if result is not None:
type_indicator_list.append(result)
finally:
file_object.close()
return type_indicator_list
def ScanFileObject(self, file_object):
if not file_object:
return
try:
scan_state = pysigscan.scan_state()
self._scanner.scan_file_object(scan_state, file_object)
"""scan_state.set_data_size(len(file_content))
self._scanner.scan_start(scan_state)
self._scanner.scan_buffer(scan_state, file_content)
self._scanner.scan_stop(scan_state)"""
except IOError as exception:
logger.error('unable to scan file: error')
return False
#return scan_state.number_of_scan_results > 0
return scan_state.scan_results
def _GetTypeIndicators(
cls, signature_scanner, specification_store, remainder_list, path_spec,
resolver_context=None):
"""Determines if a file contains a supported format types.
Args:
signature_scanner (pysigscan.scanner): signature scanner.
specification_store (FormatSpecificationStore): specification store.
remainder_list (list[AnalyzerHelper]): remaining analyzer helpers that
do not have a format specification.
path_spec (PathSpec): path specification.
resolver_context (Optional[Context]): resolver context, where None
represents the built-in context which is not multi process safe.
Returns:
list[str]: supported format type indicators.
"""
type_indicator_list = []
file_object = resolver.Resolver.OpenFileObject(
path_spec, resolver_context=resolver_context)
scan_state = pysigscan.scan_state()
try:
signature_scanner.scan_file_object(scan_state, file_object)
for scan_result in iter(scan_state.scan_results):
format_specification = specification_store.GetSpecificationBySignature(
scan_result.identifier)
if format_specification.identifier not in type_indicator_list:
type_indicator_list.append(format_specification.identifier)
for analyzer_helper in remainder_list:
result = analyzer_helper.AnalyzeFileObject(file_object)
if result is not None:
type_indicator_list.append(result)
finally:
file_object.close()
return type_indicator_list
def _GetSignatureMatchParserNames(self, file_object):
"""Determines if a file-like object matches one of the known signatures.
Args:
file_object: the file-like object whose contents will be checked
for known signatures.
Returns:
A list of parser names for which the file entry matches their
known signatures.
"""
parser_name_list = []
scan_state = pysigscan.scan_state()
self._file_scanner.scan_file_object(scan_state, file_object)
for scan_result in scan_state.scan_results:
format_specification = self._specification_store.GetSpecificationBySignature(scan_result.identifier)
if format_specification.identifier not in parser_name_list:
parser_name_list.append(format_specification.identifier)
return parser_name_list
def Matches(self, file_entry):
"""Compares the file entry against the filter.
Args:
file_entry: The file entry (instance of dfvfs.FileEntry).
Returns:
A boolean indicating if the file entry matches the filter or
None if the filter does not apply
"""
if not self._file_scanner or not file_entry.IsFile():
return
scan_state = pysigscan.scan_state()
try:
file_object = file_entry.GetFileObject()
self._file_scanner.scan_file_object(scan_state, file_object)
finally:
file_object.close()
return scan_state.number_of_scan_results > 0
def _GetSignatureMatchParserNames(self, file_entry):
"""Determines if a file matches one of the known signatures.
Args:
file_entry: A file entry object (instance of dfvfs.FileEntry).
Returns:
A list of parser names for which the file entry matches their
known signatures.
Raises:
IOError: if scanning for signatures failed.
"""
parser_name_list = []
scan_state = pysigscan.scan_state()
file_object = file_entry.GetFileObject()
try:
self._file_scanner.scan_file_object(scan_state, file_object)
except IOError as exception:
raise IOError(
u'Unable to scan for signatures with error: {0:s}'.format(exception))
finally:
file_object.close()
# Make sure frame.f_locals does not keep a reference to file_entry.
file_entry = None
for scan_result in scan_state.scan_results:
format_specification = (
self._specification_store.GetSpecificationBySignature(
scan_result.identifier))
if format_specification.identifier not in parser_name_list:
parser_name_list.append(format_specification.identifier)
return parser_name_list
def _GetSignatureMatchParserNames(self, file_entry):
"""Determines if a file matches one of the known signatures.
Args:
file_entry: A file entry object (instance of dfvfs.FileEntry).
Returns:
A list of parser names for which the file entry matches their
known signatures.
Raises:
IOError: if scanning for signatures failed.
"""
parser_name_list = []
scan_state = pysigscan.scan_state()
file_object = file_entry.GetFileObject()
try:
self._file_scanner.scan_file_object(scan_state, file_object)
except IOError as exception:
raise IOError(
u'Unable to scan for signatures with error: {0:s}'.format(exception))
finally:
file_object.close()
# Make sure frame.f_locals does not keep a reference to file_entry.
file_entry = None
for scan_result in scan_state.scan_results:
format_specification = (
self._specification_store.GetSpecificationBySignature(
scan_result.identifier))
if format_specification.identifier not in parser_name_list:
parser_name_list.append(format_specification.identifier)
return parser_name_list
def _GetSignatureMatchParserNames(self, file_object):
"""Determines if a file-like object matches one of the known signatures.
Args:
file_object (file): file-like object whose contents will be checked
for known signatures.
Returns:
list[str]: parser names for which the contents of the file-like object
matches their known signatures.
"""
parser_names = []
scan_state = pysigscan.scan_state()
self._file_scanner.scan_file_object(scan_state, file_object)
for scan_result in iter(scan_state.scan_results):
format_specification = (
self._formats_with_signatures.GetSpecificationBySignature(
scan_result.identifier))
if format_specification.identifier not in parser_names:
parser_names.append(format_specification.identifier)
return parser_names
def _GetSignatureMatchParserNames(self, file_object):
"""Determines if a file-like object matches one of the known signatures.
Args:
file_object: the file-like object whose contents will be checked
for known signatures.
Returns:
A list of parser names for which the file entry matches their
known signatures.
"""
parser_name_list = []
scan_state = pysigscan.scan_state()
self._file_scanner.scan_file_object(scan_state, file_object)
for scan_result in scan_state.scan_results:
format_specification = (
self._specification_store.GetSpecificationBySignature(
scan_result.identifier))
if format_specification.identifier not in parser_name_list:
parser_name_list.append(format_specification.identifier)
return parser_name_list
def _GetSignatureMatchParserNames(self, file_object):
"""Determines if a file-like object matches one of the known signatures.
Args:
file_object (file): file-like object whose contents will be checked
for known signatures.
Returns:
list[str]: parser names for which the contents of the file-like object
matches their known signatures.
"""
parser_names = []
scan_state = pysigscan.scan_state()
self._file_scanner.scan_file_object(scan_state, file_object)
for scan_result in iter(scan_state.scan_results):
format_specification = (
self._formats_with_signatures.GetSpecificationBySignature(
scan_result.identifier))
if format_specification.identifier not in parser_names:
parser_names.append(format_specification.identifier)
return parser_names