Exemplos de ExpandWindowsEnvironmentVariables em Python

Exemplo n.º 1

    def ParseMultiple(self, stats, knowledge_base):
        """Parse each returned registry value."""
        user_dict = {}

        for stat in stats:
            sid_str = stat.pathspec.path.split("/", 3)[2]
            if SID_RE.match(sid_str):
                if sid_str not in user_dict:
                    user_dict[sid_str] = rdf_client.User(sid=sid_str)

                if stat.registry_data.GetValue():
                    # Look up in the mapping if we can use this entry to populate a user
                    # attribute, and if so, set it.
                    reg_key_name = stat.pathspec.Dirname().Basename()
                    if reg_key_name in self.key_var_mapping:
                        map_dict = self.key_var_mapping[reg_key_name]
                        reg_key = stat.pathspec.Basename()
                        kb_attr = map_dict.get(reg_key)
                        if kb_attr:
                            value = artifact_utils.ExpandWindowsEnvironmentVariables(
                                stat.registry_data.GetValue(), knowledge_base)
                            value = artifact_utils.ExpandWindowsUserEnvironmentVariables(
                                value, knowledge_base, sid=sid_str)
                            user_dict[sid_str].Set(kb_attr, value)

        # Now yield each user we found.
        return itervalues(user_dict)

Exemplo n.º 2

 def Parse(self, stat, knowledge_base):
     value = stat.registry_data.GetValue()
     if not value:
         # Provide a default, if the registry value is not available.
         value = "%SystemDrive%\\Documents and Settings"
     interpolated_value = artifact_utils.ExpandWindowsEnvironmentVariables(
         value, knowledge_base)
     yield rdfvalue.RDFString(interpolated_value)

Exemplo n.º 3

Arquivo: windows_registry_parser.py Projeto: wxh0000mm/grr

 def Parse(self, stat, knowledge_base):
   """Expand any variables in the value."""
   value = stat.registry_data.GetValue()
   if not value:
     raise parsers.ParseError("Invalid value for key %s" % stat.pathspec.path)
   value = artifact_utils.ExpandWindowsEnvironmentVariables(
       value, knowledge_base)
   if value:
     yield rdfvalue.RDFString(value)

Exemplo n.º 4

  def Parse(self, response, knowledge_base):
    system_drive = artifact_utils.ExpandWindowsEnvironmentVariables(
        "%systemdrive%", knowledge_base)

    for message in json.loads(response.json_messages):
      if message[0] == "r":
        protection = message[1].get("protection", {}).get("enum", "")
        if "EXECUTE" not in protection:
          continue

        filename = message[1].get("filename", "")
        if filename and filename != "Pagefile-backed section":
          yield rdf_paths.PathSpec(
              path=ntpath.normpath(ntpath.join(system_drive, filename)),
              pathtype=rdf_paths.PathSpec.PathType.OS)

Exemplo n.º 5

 def Parse(self, stat, knowledge_base):
     value = stat.registry_data.GetValue() or "All Users"
     all_users_dir = artifact_utils.ExpandWindowsEnvironmentVariables(
         "%ProfilesDirectory%\\" + value, knowledge_base)
     yield rdfvalue.RDFString(all_users_dir)