def run(self, evidence, result):
"""Run grep binary.
Args:
evidence (Evidence object): The evidence we will process
result (TurbiniaTaskResult): The object to place task results into.
Returns:
TurbiniaTaskResult object.
"""
output_evidence = FilteredTextFile()
patterns = evidence.config.get('filter_patterns')
if not patterns:
result.close(
self, success=False, status='No patterns supplied, exit task')
return result
# Create temporary file to write patterns to.
# Used as input to grep (-f).
with NamedTemporaryFile(dir=self.output_dir, delete=False) as fh:
patterns_file_path = fh.name
fh.write('\n'.join(patterns))
# Create a path that we can write the new file to.
base_name = os.path.basename(evidence.local_path)
output_file_path = os.path.join(
self.output_dir, '{0:s}.filtered'.format(base_name))
output_evidence.local_path = output_file_path
cmd = 'grep -E -b -n -f {0:s} {1:s} > {2:s}'.format(
patterns_file_path, evidence.local_path, output_file_path)
result.log('Running [{0:s}]'.format(cmd))
ret, result = self.execute(
cmd, result, new_evidence=[output_evidence], shell=True,
success_codes=[0, 1])
# Grep returns 0 on success and 1 if no results are found.
if ret == 0:
status = 'Grep Task found results in {0:s}'.format(evidence.name)
result.close(self, success=True, status=status)
elif ret == 1:
status = 'Grep Task did not find any results in {0:s}'.format(
evidence.name)
result.close(self, success=True, status=status)
else:
result.close(self, success=False)
return result
class GrepJob(TurbiniaJob):
"""Filter input based on regular expression patterns."""
# The types of evidence that this Job will process
evidence_input = [type(TextFile()), type(PlasoCsvFile())]
evidence_output = [type(FilteredTextFile())]
def __init__(self):
super(GrepJob, self).__init__(name='GrepJob')
def create_tasks(self, evidence):
"""Create task.
Args:
evidence: List of evidence object to process
Returns:
A list of tasks to schedule.
"""
tasks = [GrepTask() for _ in evidence]
return tasks