def ParseMultiple(self, result_dicts): """Parse WMI Event Consumers.""" for result_dict in result_dicts: wmi_dict = result_dict.ToDict() try: creator_sid_bytes = bytes(wmi_dict["CreatorSID"]) wmi_dict["CreatorSID"] = BinarySIDtoStringSID( creator_sid_bytes) except ValueError: # We recover from corrupt SIDs by outputting it raw as a string wmi_dict["CreatorSID"] = compatibility.Repr( wmi_dict["CreatorSID"]) except KeyError: pass for output_type in self.output_types: anomalies = [] output = rdfvalue.RDFValue.classes[output_type.__name__]() for k, v in wmi_dict.items(): try: output.Set(k, v) except AttributeError as e: # Skip any attribute we don't know about anomalies.append("Unknown field %s, with value %s" % (k, v)) except ValueError as e: anomalies.append("Invalid value %s for field %s: %s" % (v, k, e)) # Yield anomalies first to help with debugging if anomalies: yield rdf_anomaly.Anomaly( type="PARSER_ANOMALY", generated_by=self.__class__.__name__, finding=anomalies) # Raise if the parser generated no output but there were fields. if wmi_dict and not output: raise ValueError( "Non-empty dict %s returned empty output." % wmi_dict) yield output
def testNonUnicodeBytes(self): string = compatibility.Repr(b"\xfa\xfb\xfc\xfe\xff") self.assertIsInstance(string, Text) # We `assertEndsWith` instead of `assertEquals` to account for string having # or not having `b` prefix depending on the Python version being used. self.assertEndsWith(string, "'\\xfa\\xfb\\xfc\\xfe\\xff'")
def testListOfIntegers(self): string = compatibility.Repr([4, 8, 15, 16, 23, 42]) self.assertIsInstance(string, Text) self.assertEqual(string, "[4, 8, 15, 16, 23, 42]")