def __init__(self, input_reader=None, output_writer=None):
"""Initializes a log2timeline CLI tool.
Args:
input_reader (Optional[InputReader]): input reader, where None indicates
that the stdin input reader should be used.
output_writer (Optional[OutputWriter]): output writer, where None
indicates that the stdout output writer should be used.
"""
super(Log2TimelineTool, self).__init__(
input_reader=input_reader, output_writer=output_writer)
self._command_line_arguments = None
self._enable_sigsegv_handler = False
self._number_of_extraction_workers = 0
self._storage_serializer_format = definitions.SERIALIZER_FORMAT_JSON
self._source_type = None
self._status_view = status_view.StatusView(self._output_writer, self.NAME)
self._status_view_mode = self._DEFAULT_STATUS_VIEW_MODE
self._stdout_output_writer = isinstance(
self._output_writer, tools.StdoutOutputWriter)
self._worker_memory_limit = None
self.dependencies_check = True
self.list_hashers = False
self.list_parsers_and_plugins = False
self.list_profilers = False
self.show_info = False
def testFormatProcessingTime(self):
"""Tests the _FormatProcessingTime function."""
output_writer = test_lib.TestOutputWriter()
process_status = processing_status.ProcessingStatus()
test_view = status_view.StatusView(output_writer, 'test_tool')
test_view.SetSourceInformation('/test/source/path',
dfvfs_definitions.SOURCE_TYPE_DIRECTORY)
process_status.start_time = 0
processing_time = test_view._FormatProcessingTime(process_status)
self.assertEqual(processing_time, '00:00:00')
self._mocked_time = 12 * 60 * 60 + 31 * 60 + 15
processing_time = test_view._FormatProcessingTime(process_status)
self.assertEqual(processing_time, '12:31:15')
self._mocked_time = 24 * 60 * 60
processing_time = test_view._FormatProcessingTime(process_status)
self.assertEqual(processing_time, '1 day, 00:00:00')
self._mocked_time = 5 * 24 * 60 * 60 + 5 * 60 * 60 + 61
processing_time = test_view._FormatProcessingTime(process_status)
self.assertEqual(processing_time, '5 days, 05:01:01')
def __init__(self, input_reader=None, output_writer=None):
"""Initializes the CLI tool object.
Args:
input_reader (Optional[InputReader]): input reader, where None indicates
that the stdin input reader should be used.
output_writer (Optional[OutputWriter]): output writer, where None
indicates that the stdout output writer should be used.
"""
super(PstealTool, self).__init__(
input_reader=input_reader, output_writer=output_writer)
self._artifacts_registry = None
self._command_line_arguments = None
self._deduplicate_events = True
self._enable_sigsegv_handler = False
self._knowledge_base = knowledge_base.KnowledgeBase()
self._number_of_analysis_reports = 0
self._number_of_extraction_workers = 0
self._output_format = None
self._output_time_zone = None
self._parsers_manager = parsers_manager.ParsersManager
self._preferred_language = 'en-US'
self._preferred_year = None
self._status_view_mode = status_view.StatusView.MODE_WINDOW
self._status_view = status_view.StatusView(self._output_writer, self.NAME)
self._time_slice = None
self._use_time_slicer = False
self.dependencies_check = True
self.list_hashers = False
self.list_language_identifiers = False
self.list_output_modules = False
self.list_parsers_and_plugins = False
self.list_time_zones = False
def testPrintExtractionStatusUpdateLinear(self):
"""Tests the PrintExtractionStatusUpdateLinear function."""
output_writer = test_lib.TestOutputWriter()
test_view = status_view.StatusView(output_writer, 'test_tool')
test_view.SetSourceInformation('/test/source/path',
dfvfs_definitions.SOURCE_TYPE_DIRECTORY)
process_status = processing_status.ProcessingStatus()
process_status.UpdateForemanStatus('f_identifier', 'f_status', 123, 0,
'f_test_file', 1, 29, 3, 456, 5, 6,
9, 10, 7, 8)
test_view._PrintExtractionStatusUpdateLinear(process_status)
output = output_writer.ReadOutput()
self.assertEqual(output, '')
process_status.UpdateWorkerStatus('w_identifier', 'w_status', 123, 0,
'w_test_file', 1, 2, 3, 4, 5, 6, 9,
10, 7, 8)
test_view._PrintExtractionStatusUpdateLinear(process_status)
expected_output = ('w_identifier (PID: 123) - events produced: 4 - '
'file: w_test_file - running: True\n')
output = output_writer.ReadOutput()
self.assertEqual(output, expected_output)
def testPrintProcessingTime(self):
"""Tests the _PrintProcessingTime function."""
output_writer = test_lib.TestOutputWriter()
process_status = processing_status.ProcessingStatus()
test_view = status_view.StatusView(output_writer, 'test_tool')
test_view.SetSourceInformation('/test/source/path',
dfvfs_definitions.SOURCE_TYPE_DIRECTORY)
process_status.start_time = 0
test_view._PrintProcessingTime(process_status)
expected_output = 'Processing time\t\t: 00:00:00\n'
output = output_writer.ReadOutput()
self.assertEqual(output, expected_output)
self._mocked_time = 12 * 60 * 60 + 31 * 60 + 15
test_view._PrintProcessingTime(process_status)
expected_output = 'Processing time\t\t: 12:31:15\n'
output = output_writer.ReadOutput()
self.assertEqual(output, expected_output)
self._mocked_time = 24 * 60 * 60
test_view._PrintProcessingTime(process_status)
expected_output = 'Processing time\t\t: 1 day, 00:00:00\n'
output = output_writer.ReadOutput()
self.assertEqual(output, expected_output)
self._mocked_time = 5 * 24 * 60 * 60 + 5 * 60 * 60 + 61
test_view._PrintProcessingTime(process_status)
expected_output = 'Processing time\t\t: 5 days, 05:01:01\n'
output = output_writer.ReadOutput()
self.assertEqual(output, expected_output)
def testPrintExtractionStatusUpdateLinear(self):
"""Tests the PrintExtractionStatusUpdateLinear function."""
output_writer = test_lib.TestOutputWriter()
test_view = status_view.StatusView(output_writer, u'test_tool')
test_view.SetSourceInformation(u'/test/source/path',
dfvfs_definitions.SOURCE_TYPE_DIRECTORY)
process_status = processing_status.ProcessingStatus()
process_status.UpdateForemanStatus(u'f_identifier', u'f_status', 123,
0, u'f_test_file', 1, 29, 3, 456, 5,
6, 7, 8, 9, 10)
test_view._PrintExtractionStatusUpdateLinear(process_status)
string = output_writer.ReadOutput()
expected_lines = [b'']
self.assertEqual(string.split(b'\n'), expected_lines)
process_status.UpdateWorkerStatus(u'w_identifier', u'w_status', 123, 0,
u'w_test_file', 1, 2, 3, 4, 5, 6, 7,
8, 9, 10)
test_view._PrintExtractionStatusUpdateLinear(process_status)
string = output_writer.ReadOutput()
expected_string = (u'w_identifier (PID: 123) - events produced: 4 - '
u'file: w_test_file - running: True\n')
self.assertEqual(string, expected_string)
def testPrintExtractionStatusHeader(self):
"""Tests the PrintExtractionStatusHeader function."""
output_writer = test_lib.TestOutputWriter()
test_view = status_view.StatusView(output_writer, 'test_tool')
test_view.SetSourceInformation('/test/source/path',
dfvfs_definitions.SOURCE_TYPE_DIRECTORY)
test_view.PrintExtractionStatusHeader(None)
def __init__(self, input_reader=None, output_writer=None):
"""Initializes an CLI tool.
Args:
input_reader (Optional[InputReader]): input reader, where None indicates
that the stdin input reader should be used.
output_writer (Optional[OutputWriter]): output writer, where None
indicates that the stdout output writer should be used.
"""
super(ExtractionTool, self).__init__(input_reader=input_reader,
output_writer=output_writer)
self._artifacts_registry = None
self._buffer_size = 0
self._command_line_arguments = None
self._enable_sigsegv_handler = False
self._expanded_parser_filter_expression = None
self._extract_winevt_resources = True
self._number_of_extraction_workers = 0
self._parser_filter_expression = None
self._preferred_codepage = None
self._preferred_language = None
self._preferred_time_zone = None
self._preferred_year = None
self._presets_file = None
self._presets_manager = parsers_presets.ParserPresetsManager()
self._process_archives = False
self._process_compressed_streams = True
self._process_memory_limit = None
self._queue_size = self._DEFAULT_QUEUE_SIZE
self._resolver_context = dfvfs_context.Context()
self._single_process_mode = False
self._status_view_mode = status_view.StatusView.MODE_WINDOW
self._status_view = status_view.StatusView(self._output_writer,
self.NAME)
self._storage_file_path = None
self._storage_format = definitions.STORAGE_FORMAT_SQLITE
self._task_storage_format = definitions.STORAGE_FORMAT_SQLITE
self._temporary_directory = None
self._text_prepend = None
self._worker_memory_limit = None
self._worker_timeout = None
self._yara_rules_string = None
self.list_language_tags = False
self.list_time_zones = False
def __init__(self, input_reader=None, output_writer=None):
super(CARPEL2TTool, self).__init__(input_reader=input_reader,
output_writer=output_writer)
self._command_line_arguments = None
self._enable_sigsegv_handler = False
self._number_of_extraction_workers = 0
self._storage_serializer_format = definitions.SERIALIZER_FORMAT_JSON
self._source_type = None
self._status_view = status_view.StatusView(self._output_writer,
self.NAME)
self._status_view_mode = status_view.StatusView.MODE_WINDOW
self._stdout_output_writer = isinstance(self._output_writer,
tools.StdoutOutputWriter)
self._worker_memory_limit = None
self.dependencies_check = True
self.list_hashers = False
self.list_parsers_and_plugins = False
self.list_profilers = False
self.show_info = False
self.par_name = None
def __init__(self, input_reader=None, output_writer=None):
"""Initializes the CLI tool object.
Args:
input_reader (Optional[InputReader]): input reader, where None indicates
that the stdin input reader should be used.
output_writer (Optional[OutputWriter]): output writer, where None
indicates that the stdout output writer should be used.
"""
super(PstealTool, self).__init__(input_reader=input_reader,
output_writer=output_writer)
self._analysis_plugins = None
self._artifacts_registry = None
self._command_line_arguments = None
self._deduplicate_events = True
self._enable_sigsegv_handler = False
self._force_preprocessing = False
self._knowledge_base = knowledge_base.KnowledgeBase()
self._number_of_analysis_reports = 0
self._number_of_extraction_workers = 0
self._parser_filter_expression = None
self._parsers_manager = parsers_manager.ParsersManager
self._preferred_language = u'en-US'
self._preferred_year = None
self._resolver_context = dfvfs_context.Context()
self._single_process_mode = False
self._status_view_mode = self._DEFAULT_STATUS_VIEW_MODE
self._status_view = status_view.StatusView(self._output_writer,
self.NAME)
self._storage_file_path = None
self._time_slice = None
self._use_time_slicer = False
self._use_zeromq = True
self._yara_rules_string = None
self.list_analysis_plugins = False
self.list_hashers = False
self.list_language_identifiers = False
self.list_parsers_and_plugins = False
self.list_output_modules = False
def __init__(self, input_reader=None, output_writer=None):
"""Initializes the CLI tool object.
Args:
input_reader (Optional[InputReader]): input reader, where None indicates
that the stdin input reader should be used.
output_writer (Optional[OutputWriter]): output writer, where None
indicates that the stdout output writer should be used.
"""
super(PsortTool, self).__init__(input_reader=input_reader,
output_writer=output_writer)
self._analysis_manager = analysis_manager.AnalysisPluginManager
self._analysis_plugins = None
self._analysis_plugins_output_format = None
self._command_line_arguments = None
self._deduplicate_events = True
self._event_filter_expression = None
self._event_filter = None
self._knowledge_base = knowledge_base.KnowledgeBase()
self._number_of_analysis_reports = 0
self._output_time_zone = None
self._preferred_language = 'en-US'
self._process_memory_limit = None
self._status_view_mode = status_view.StatusView.MODE_WINDOW
self._status_view = status_view.StatusView(self._output_writer,
self.NAME)
self._stdout_output_writer = isinstance(self._output_writer,
tools.StdoutOutputWriter)
self._storage_file_path = None
self._temporary_directory = None
self._time_slice = None
self._use_time_slicer = False
self._worker_memory_limit = None
self._worker_timeout = None
self.list_analysis_plugins = False
self.list_language_identifiers = False
self.list_output_modules = False
self.list_profilers = False
self.list_time_zones = False
def __init__(self, input_reader=None, output_writer=None):
"""Initializes the CLI tool object.
Args:
input_reader (Optional[InputReader]): input reader, where None indicates
that the stdin input reader should be used.
output_writer (Optional[OutputWriter]): output writer, where None
indicates that the stdout output writer should be used.
"""
super(PsortTool, self).__init__(input_reader=input_reader,
output_writer=output_writer)
self._deduplicate_events = True
self._preferred_language = None
self._process_memory_limit = None
self._status_view_mode = status_view.StatusView.MODE_WINDOW
self._status_view = status_view.StatusView(self._output_writer,
self.NAME)
self._time_slice = None
self._use_time_slicer = False
self.list_language_tags = False
self.list_output_modules = False
self.list_profilers = False
def testPrintExtractionStatusUpdateWindow(self):
"""Tests the _PrintExtractionStatusUpdateWindow function."""
output_writer = test_lib.TestOutputWriter()
test_view = status_view.StatusView(output_writer, 'test_tool')
test_view.SetSourceInformation('/test/source/path',
dfvfs_definitions.SOURCE_TYPE_DIRECTORY)
process_status = processing_status.ProcessingStatus()
process_status.UpdateForemanStatus('f_identifier', 'f_status', 123, 0,
'f_test_file', 1, 29, 3, 456, 5, 6,
9, 10, 7, 8)
test_view._PrintExtractionStatusUpdateWindow(process_status)
table_header = ('Identifier '
'PID '
'Status '
'Memory '
'Sources '
'Events '
'File')
if not sys.platform.startswith('win'):
table_header = '\x1b[1m{0:s}\x1b[0m'.format(table_header)
expected_output = [
'plaso - test_tool version {0:s}'.format(plaso.__version__), '',
'Source path\t\t: /test/source/path', 'Source type\t\t: directory',
'Processing time\t\t: 00:00:00', '', table_header,
('f_identifier '
'123 '
'f_status '
'0 B '
'29 (29) '
'456 (456) '
'f_test_file'), '', ''
]
output = output_writer.ReadOutput()
self._CheckOutput(output, expected_output)
process_status.UpdateWorkerStatus('w_identifier', 'w_status', 123, 0,
'w_test_file', 1, 2, 3, 4, 5, 6, 9,
10, 7, 8)
test_view._PrintExtractionStatusUpdateWindow(process_status)
expected_output = [
'plaso - test_tool version {0:s}'.format(plaso.__version__), '',
'Source path\t\t: /test/source/path', 'Source type\t\t: directory',
'Processing time\t\t: 00:00:00', '', table_header,
('f_identifier '
'123 '
'f_status '
'0 B '
'29 (29) '
'456 (456) '
'f_test_file'),
('w_identifier '
'123 '
'w_status '
'0 B '
'2 (2) '
'4 (4) '
'w_test_file'), '', ''
]
output = output_writer.ReadOutput()
self._CheckOutput(output, expected_output)
def testPrintExtractionStatusUpdateWindow(self):
"""Tests the _PrintExtractionStatusUpdateWindow function."""
output_writer = test_lib.TestOutputWriter()
test_view = status_view.StatusView(output_writer, u'test_tool')
test_view.SetSourceInformation(u'/test/source/path',
dfvfs_definitions.SOURCE_TYPE_DIRECTORY)
process_status = processing_status.ProcessingStatus()
process_status.UpdateForemanStatus(u'f_identifier', u'f_status', 123,
0, u'f_test_file', 1, 29, 3, 456, 5,
6, 7, 8, 9, 10)
test_view._PrintExtractionStatusUpdateWindow(process_status)
string = output_writer.ReadOutput()
table_header = (b'Identifier '
b'PID '
b'Status '
b'Memory '
b'Sources '
b'Events '
b'File')
if not sys.platform.startswith(u'win'):
table_header = b'\x1b[1m{0:s}\x1b[0m'.format(table_header)
expected_lines = [
b'plaso - test_tool version {0:s}'.format(plaso.__version__), b'',
b'Source path\t: /test/source/path', b'Source type\t: directory',
b'', table_header,
(b'f_identifier '
b'123 '
b'f_status '
b'0 B '
b'29 (29) '
b'456 (456) '
b'f_test_file'), b'', b''
]
self.assertEqual(string.split(b'\n'), expected_lines)
process_status.UpdateWorkerStatus(u'w_identifier', u'w_status', 123, 0,
u'w_test_file', 1, 2, 3, 4, 5, 6, 7,
8, 9, 10)
test_view._PrintExtractionStatusUpdateWindow(process_status)
string = output_writer.ReadOutput()
expected_lines = [
b'plaso - test_tool version {0:s}'.format(plaso.__version__), b'',
b'Source path\t: /test/source/path', b'Source type\t: directory',
b'', table_header,
(b'f_identifier '
b'123 '
b'f_status '
b'0 B '
b'29 (29) '
b'456 (456) '
b'f_test_file'),
(b'w_identifier '
b'123 '
b'w_status '
b'0 B '
b'2 (2) '
b'4 (4) '
b'w_test_file'), b'', b''
]
self.assertEqual(string.split(b'\n'), expected_lines)