def ParseMultiple(self, result_dicts):
"""Parse WMI Event Consumers."""
for result_dict in result_dicts:
wmi_dict = result_dict.ToDict()
try:
creator_sid_bytes = bytes(wmi_dict["CreatorSID"])
wmi_dict["CreatorSID"] = BinarySIDtoStringSID(
creator_sid_bytes)
except ValueError:
# We recover from corrupt SIDs by outputting it raw as a string
wmi_dict["CreatorSID"] = compatibility.Repr(
wmi_dict["CreatorSID"])
except KeyError:
pass
for output_type in self.output_types:
anomalies = []
output = rdfvalue.RDFValue.classes[output_type.__name__]()
for k, v in wmi_dict.items():
try:
output.Set(k, v)
except AttributeError as e:
# Skip any attribute we don't know about
anomalies.append("Unknown field %s, with value %s" %
(k, v))
except ValueError as e:
anomalies.append("Invalid value %s for field %s: %s" %
(v, k, e))
# Yield anomalies first to help with debugging
if anomalies:
yield rdf_anomaly.Anomaly(
type="PARSER_ANOMALY",
generated_by=self.__class__.__name__,
finding=anomalies)
# Raise if the parser generated no output but there were fields.
if wmi_dict and not output:
raise ValueError(
"Non-empty dict %s returned empty output." % wmi_dict)
yield output
def testNonUnicodeBytes(self):
string = compatibility.Repr(b"\xfa\xfb\xfc\xfe\xff")
self.assertIsInstance(string, Text)
# We `assertEndsWith` instead of `assertEquals` to account for string having
# or not having `b` prefix depending on the Python version being used.
self.assertEndsWith(string, "'\\xfa\\xfb\\xfc\\xfe\\xff'")
def testListOfIntegers(self):
string = compatibility.Repr([4, 8, 15, 16, 23, 42])
self.assertIsInstance(string, Text)
self.assertEqual(string, "[4, 8, 15, 16, 23, 42]")