示例#1
0
    def testCreateFormatStringMaps(self):
        """Tests the _CreateFormatStringMaps function."""
        event_formatter = interface.ConditionalEventFormatter(
            data_type='test',
            format_string_pieces=self._TEST_FORMAT_STRING_PIECES)
        event_formatter._CreateFormatStringMaps()

        with self.assertRaises(RuntimeError):
            format_string_pieces = ['{too} {many} formatting placeholders']
            event_formatter = interface.ConditionalEventFormatter(
                data_type='test', format_string_pieces=format_string_pieces)
            event_formatter._CreateFormatStringMaps()
示例#2
0
    def testGetFormatStringAttributeNames(self):
        """Tests the GetFormatStringAttributeNames function."""
        event_formatter = interface.ConditionalEventFormatter(
            data_type='test',
            format_string_pieces=self._TEST_FORMAT_STRING_PIECES)

        expected_attribute_names = sorted(
            ['description', 'numeric', 'optional', 'text'])

        attribute_names = event_formatter.GetFormatStringAttributeNames()
        self.assertEqual(sorted(attribute_names), expected_attribute_names)
示例#3
0
    def testGetMessageShort(self):
        """Tests the GetMessageShort function."""
        event_formatter = interface.ConditionalEventFormatter(
            data_type='test',
            format_string_pieces=self._TEST_FORMAT_STRING_PIECES)

        _, event_data, _ = containers_test_lib.CreateEventFromValues(
            self._TEST_EVENTS[0])
        event_values = event_data.CopyToDict()

        message_short = event_formatter.GetMessage(event_values)

        expected_message_short = (
            'Description: this is beyond words Comment Value: 0x0c '
            'Text: but we\'re still trying to say something about the event')
        self.assertEqual(message_short, expected_message_short)
示例#4
0
    def _ReadFormatterDefinition(self, formatter_definition_values):
        """Reads an event formatter definition from a dictionary.

    Args:
      formatter_definition_values (dict[str, object]): formatter definition
           values.

    Returns:
      EventFormatter: an event formatter.

    Raises:
      ParseError: if the format of the formatter definition is not set
          or incorrect.
    """
        if not formatter_definition_values:
            raise errors.ParseError('Missing formatter definition values.')

        different_keys = set(
            formatter_definition_values) - self._SUPPORTED_KEYS
        if different_keys:
            different_keys = ', '.join(different_keys)
            raise errors.ParseError(
                'Undefined keys: {0:s}'.format(different_keys))

        formatter_type = formatter_definition_values.get('type', None)
        if not formatter_type:
            raise errors.ParseError(
                'Invalid event formatter definition missing type.')

        if formatter_type not in ('basic', 'conditional'):
            raise errors.ParseError(
                'Invalid event formatter definition unsupported type: {0!s}.'.
                format(formatter_type))

        data_type = formatter_definition_values.get('data_type', None)
        if not data_type:
            raise errors.ParseError(
                'Invalid event formatter definition missing data type.')

        message = formatter_definition_values.get('message', None)
        if not message:
            raise errors.ParseError(
                'Invalid event formatter definition missing message.')

        short_message = formatter_definition_values.get('short_message', None)
        if not short_message:
            raise errors.ParseError(
                'Invalid event formatter definition missing short message.')

        # TODO: pylint will complain about invalid-name because of the override
        # of class "constants", hence that setattr is used. Change this once
        # formatters have been migrated to configuration file. Also see:
        # https://github.com/log2timeline/plaso/issues/444
        if formatter_type == 'basic':
            formatter = interface.EventFormatter()
            # TODO: check if message and short_message are strings
            setattr(formatter, 'FORMAT_STRING', message)
            setattr(formatter, 'FORMAT_STRING_SHORT', short_message)

        elif formatter_type == 'conditional':
            formatter = interface.ConditionalEventFormatter()
            separator = formatter_definition_values.get(
                'separator', formatter.FORMAT_STRING_SEPARATOR)
            # TODO: check if message and short_message are list of strings
            setattr(formatter, 'FORMAT_STRING_PIECES', message)
            setattr(formatter, 'FORMAT_STRING_SHORT_PIECES', short_message)
            setattr(formatter, 'FORMAT_STRING_SEPARATOR', separator)

        setattr(formatter, 'DATA_TYPE', data_type)

        boolean_helpers = formatter_definition_values.get(
            'boolean_helpers', [])
        self._ReadBooleanHelpers(formatter, boolean_helpers)

        custom_helpers = formatter_definition_values.get('custom_helpers', [])
        self._ReadCustomHelpers(formatter, custom_helpers)

        enumeration_helpers = formatter_definition_values.get(
            'enumeration_helpers', [])
        self._ReadEnumerationHelpers(formatter, enumeration_helpers)

        flags_helpers = formatter_definition_values.get('flags_helpers', [])
        self._ReadFlagsHelpers(formatter, flags_helpers)

        return formatter
示例#5
0
    def _ReadFormatterDefinition(self, formatter_definition_values):
        """Reads an event formatter definition from a dictionary.

    Args:
      formatter_definition_values (dict[str, object]): formatter definition
           values.

    Returns:
      EventFormatter: an event formatter.

    Raises:
      ParseError: if the format of the formatter definition is not set
          or incorrect.
    """
        if not formatter_definition_values:
            raise errors.ParseError('Missing formatter definition values.')

        different_keys = set(
            formatter_definition_values) - self._SUPPORTED_KEYS
        if different_keys:
            different_keys = ', '.join(different_keys)
            raise errors.ParseError(
                'Undefined keys: {0:s}'.format(different_keys))

        formatter_type = formatter_definition_values.get('type', None)
        if not formatter_type:
            raise errors.ParseError(
                'Invalid event formatter definition missing type.')

        if formatter_type not in ('basic', 'conditional'):
            raise errors.ParseError(
                'Invalid event formatter definition unsupported type: {0!s}.'.
                format(formatter_type))

        data_type = formatter_definition_values.get('data_type', None)
        if not data_type:
            raise errors.ParseError(
                'Invalid event formatter definition missing data type.')

        message = formatter_definition_values.get('message', None)
        if not message:
            raise errors.ParseError(
                'Invalid event formatter definition missing message.')

        short_message = formatter_definition_values.get('short_message', None)
        if not short_message:
            raise errors.ParseError(
                'Invalid event formatter definition missing short message.')

        short_source = formatter_definition_values.get('short_source', None)
        if not short_source:
            raise errors.ParseError(
                'Invalid event formatter definition missing short source.')

        source = formatter_definition_values.get('source', None)
        if not source:
            raise errors.ParseError(
                'Invalid event formatter definition missing source.')

        if formatter_type == 'basic':
            formatter = interface.EventFormatter()
            # TODO: check if message and short_message are strings
            formatter.FORMAT_STRING = message
            formatter.FORMAT_STRING_SHORT = short_message

        elif formatter_type == 'conditional':
            formatter = interface.ConditionalEventFormatter()
            # TODO: check if message and short_message are list of strings
            formatter.FORMAT_STRING_PIECES = message
            formatter.FORMAT_STRING_SHORT_PIECES = short_message

        formatter.DATA_TYPE = data_type
        formatter.SOURCE_LONG = source
        formatter.SOURCE_SHORT = short_source

        return formatter
示例#6
0
    def _ReadFormatterDefinition(self, formatter_definition_values):
        """Reads an event formatter definition from a dictionary.

    Args:
      formatter_definition_values (dict[str, object]): formatter definition
           values.

    Returns:
      EventFormatter: an event formatter.

    Raises:
      ParseError: if the format of the formatter definition is not set
          or incorrect.
    """
        if not formatter_definition_values:
            raise errors.ParseError('Missing formatter definition values.')

        different_keys = set(
            formatter_definition_values) - self._SUPPORTED_KEYS
        if different_keys:
            different_keys = ', '.join(different_keys)
            raise errors.ParseError(
                'Undefined keys: {0:s}'.format(different_keys))

        formatter_type = formatter_definition_values.get('type', None)
        if not formatter_type:
            raise errors.ParseError(
                'Invalid event formatter definition missing type.')

        if formatter_type not in ('basic', 'conditional'):
            raise errors.ParseError(
                'Invalid event formatter definition unsupported type: {0!s}.'.
                format(formatter_type))

        data_type = formatter_definition_values.get('data_type', None)
        if not data_type:
            raise errors.ParseError(
                'Invalid event formatter definition missing data type.')

        message = formatter_definition_values.get('message', None)
        if not message:
            raise errors.ParseError(
                'Invalid event formatter definition missing message.')

        short_message = formatter_definition_values.get('short_message', None)
        if not short_message:
            raise errors.ParseError(
                'Invalid event formatter definition missing short message.')

        if formatter_type == 'basic':
            formatter = interface.BasicEventFormatter(
                data_type=data_type,
                format_string=message,
                format_string_short=short_message)

        elif formatter_type == 'conditional':
            separator = formatter_definition_values.get('separator', None)
            formatter = interface.ConditionalEventFormatter(
                data_type=data_type,
                format_string_pieces=message,
                format_string_separator=separator,
                format_string_short_pieces=short_message)

        boolean_helpers = formatter_definition_values.get(
            'boolean_helpers', [])
        self._ReadBooleanHelpers(formatter, boolean_helpers)

        custom_helpers = formatter_definition_values.get('custom_helpers', [])
        self._ReadCustomHelpers(formatter, custom_helpers)

        enumeration_helpers = formatter_definition_values.get(
            'enumeration_helpers', [])
        self._ReadEnumerationHelpers(formatter, enumeration_helpers)

        flags_helpers = formatter_definition_values.get('flags_helpers', [])
        self._ReadFlagsHelpers(formatter, flags_helpers)

        return formatter