def WriteSerializedDictObject(cls, proto_attribute, attribute_name,
dict_object):
"""Writes a dictionary event attribute to serialized form.
Args:
proto_attribute: a protobuf attribute object.
attribute_name: the name of the attribute.
ditctobject: a dictionary object that is the value of the attribute.
Raises:
AttributeError: if the attribute cannot be merged with the dictionary.
"""
dict_proto = plaso_storage_pb2.Dict()
for dict_key, dict_value in iter(dict_object.items()):
dict_proto_add = dict_proto.attributes.add()
cls.WriteSerializedObject(dict_proto_add, dict_key, dict_value)
dict_attribute = getattr(proto_attribute, attribute_name)
try:
dict_attribute.MergeFrom(dict_proto)
except AttributeError as exception:
raise AttributeError(
u'Unable to merge attribute: {0:s} with error: {1:s}'.format(
attribute_name, exception))
def ReadSerialized(cls, serialized):
"""Reads a path filter from serialized form.
Args:
serialized: an object containing the serialized form.
Returns:
A collection information object (instance of CollectionInformation).
"""
proto = plaso_storage_pb2.Dict()
proto.ParseFromString(serialized)
return cls.ReadSerializedObject(proto)
def WriteSerializedObject(cls, analysis_report):
"""Writes an analysis report to serialized form.
Args:
analysis_report: an analysis report (instance of AnalysisReport).
Returns:
A protobuf object containing the serialized form (instance of
plaso_storage_pb2.AnalysisReport).
"""
proto = plaso_storage_pb2.AnalysisReport()
for attribute_name, attribute_value in analysis_report.GetAttributes():
if attribute_value is None:
continue
if attribute_name == u'_event_tags':
for event_tag in attribute_value:
event_tag_proto = ProtobufEventTagSerializer.WriteSerializedObject(
event_tag)
# pylint: disable=protected-access
proto._event_tags.MergeFrom(event_tag_proto)
elif attribute_name == u'images':
for image in attribute_value:
proto.images.append(image)
elif attribute_name == u'report_array':
list_proto = plaso_storage_pb2.Array()
for value in getattr(analysis_report, u'report_array', []):
sub_proto = list_proto.values.add()
ProtobufEventAttributeSerializer.WriteSerializedObject(
sub_proto, u'', value)
proto.report_array.MergeFrom(list_proto)
elif attribute_name == u'report_dict':
dict_proto = plaso_storage_pb2.Dict()
dict_object = getattr(analysis_report, u'report_dict', {})
for key, value in iter(dict_object.items()):
sub_proto = dict_proto.attributes.add()
ProtobufEventAttributeSerializer.WriteSerializedObject(
sub_proto, key, value)
proto.report_dict.MergeFrom(dict_proto)
else:
setattr(proto, attribute_name, attribute_value)
return proto
def WriteSerializedDictObject(
cls, proto_attribute, attribute_name, dict_object):
"""Writes a dictionary event attribute to serialized form.
Args:
proto_attribute: a protobuf attribute object.
attribute_name: the name of the attribute.
ditctobject: a dictionary object that is the value of the attribute.
"""
dict_proto = plaso_storage_pb2.Dict()
for dict_key, dict_value in dict_object.items():
dict_proto_add = dict_proto.attributes.add()
cls.WriteSerializedObject(dict_proto_add, dict_key, dict_value)
dict_attribute = getattr(proto_attribute, attribute_name)
dict_attribute.MergeFrom(dict_proto)
def WriteSerializedObject(cls, collection_information_object):
"""Writes a collection information object to serialized form.
Args:
collection_information_object: a collection information object (instance
of CollectionInformation).
Returns:
A protobuf object containing the serialized form (instance of
plaso_storage_pb2.Dict).
Raises:
RuntimeError: when the collection information object is malformed.
"""
if not hasattr(collection_information_object, u'GetValues'):
raise RuntimeError(
u'Unable to serialize collection information, missing value getting.'
)
if not hasattr(collection_information_object, u'AddCounter'):
raise RuntimeError(
u'Unable to serialize collection information, missing counters.'
)
proto = plaso_storage_pb2.Dict()
dict_object = collection_information_object.GetValueDict()
for key, value in iter(dict_object.items()):
attribute = proto.attributes.add()
if u'zone' in key and not isinstance(value, basestring):
value = getattr(value, u'zone', u'{0!s}'.format(value))
ProtobufEventAttributeSerializer.WriteSerializedObject(
attribute, key, value)
if collection_information_object.HasCounters():
attribute = proto.attributes.add()
counter_dict = dict(collection_information_object.GetCounters())
ProtobufEventAttributeSerializer.WriteSerializedObject(
attribute,
collection_information_object.RESERVED_COUNTER_KEYWORD,
counter_dict)
return proto
def WriteSerializedObject(cls, analysis_report):
"""Writes an analysis report to serialized form.
Args:
analysis_report: an analysis report (instance of AnalysisReport).
Returns:
A protobuf object containing the serialized form (instance of
plaso_storage_pb2.AnalysisReport).
"""
proto = plaso_storage_pb2.AnalysisReport()
proto.time_compiled = getattr(analysis_report, u'time_compiled', 0)
plugin_name = getattr(analysis_report, u'plugin_name', None)
if plugin_name:
proto.plugin_name = plugin_name
proto.text = getattr(analysis_report, u'text', u'N/A')
for image in getattr(analysis_report, u'images', []):
proto.images.append(image)
if hasattr(analysis_report, u'report_dict'):
dict_proto = plaso_storage_pb2.Dict()
dict_object = getattr(analysis_report, u'report_dict', {})
for key, value in iter(dict_object.items()):
sub_proto = dict_proto.attributes.add()
ProtobufEventAttributeSerializer.WriteSerializedObject(
sub_proto, key, value)
proto.report_dict.MergeFrom(dict_proto)
if hasattr(analysis_report, u'report_array'):
list_proto = plaso_storage_pb2.Array()
for value in getattr(analysis_report, u'report_array', []):
sub_proto = list_proto.values.add()
ProtobufEventAttributeSerializer.WriteSerializedObject(
sub_proto, u'', value)
proto.report_array.MergeFrom(list_proto)
return proto
def setUp(self):
"""Makes preparations before running an individual test."""
self._report_dict = {
u'dude': [
[u'Google Keep - notes and lists',
u'hmjkmjkepdijhoojdojkdfohbdgmmhki']
],
u'frank': [
[u'YouTube', u'blpcfgokakmgnkcojhhkbfbldkacnbeo'],
[u'Google Play Music', u'icppfcnhkcmnfdhfhphakoifcfokfdhg']
]
}
self._report_text = (
u' == USER: dude ==\n'
u' Google Keep - notes and lists [hmjkmjkepdijhoojdojkdfohbdgmmhki]\n'
u'\n'
u' == USER: frank ==\n'
u' Google Play Music [icppfcnhkcmnfdhfhphakoifcfokfdhg]\n'
u' YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo]\n'
u'\n')
attribute_serializer = protobuf_serializer.ProtobufEventAttributeSerializer
proto = plaso_storage_pb2.AnalysisReport()
dict_proto = plaso_storage_pb2.Dict()
for key, value in iter(self._report_dict.items()):
sub_proto = dict_proto.attributes.add()
attribute_serializer.WriteSerializedObject(sub_proto, key, value)
proto.report_dict.MergeFrom(dict_proto)
# TODO: add report_array, _anomalies and _tags tests.
proto.plugin_name = u'chrome_extension_test'
proto.text = self._report_text
proto.time_compiled = 1431978243000000
self._proto_string = proto.SerializeToString()
self._serializer = protobuf_serializer.ProtobufAnalysisReportSerializer
