def ParseOptions(cls, options, output_module): """Parses and validates options. Args: options (argparse.Namespace): parser options. output_module (OutputModule): output module to configure. Raises: BadConfigObject: when the output module object does not have the SetCredentials or SetDatabaseName methods. """ if not hasattr(output_module, u'SetCredentials'): raise errors.BadConfigObject( u'Unable to set username information.') if not hasattr(output_module, u'SetDatabaseName'): raise errors.BadConfigObject( u'Unable to set database information.') username = cls._ParseStringOption(options, u'username', default_value=cls._DEFAULT_USERNAME) password = cls._ParseStringOption(options, u'password', default_value=cls._DEFAULT_PASSWORD) name = cls._ParseStringOption(options, u'db_name', default_value=cls._DEFAULT_NAME) output_module.SetCredentials(username=username, password=password) output_module.SetDatabaseName(name) server_config.ServerArgumentsHelper.ParseOptions( options, output_module)
def _ParseExtractionOptions(self, options): """Parses the extraction options. Args: options (argparse.Namespace): command line arguments. Raises: BadConfigOption: if the options are invalid. """ self._hasher_names_string = getattr( options, u'hashers', self._DEFAULT_HASHER_STRING) if isinstance(self._hasher_names_string, py2to3.STRING_TYPES): if self._hasher_names_string.lower() == u'list': self.list_hashers = True yara_rules_path = getattr(options, u'yara_rules_path', None) if yara_rules_path: try: with open(yara_rules_path, 'rb') as rules_file: yara_rules_string = rules_file.read() # We try to parse the rules here, to check that the definitions are # valid. We then pass the string definitions along to the workers, so # that they don't need read access to the rules file. yara.compile(source=yara_rules_string) self._yara_rules_string = yara_rules_string except IOError as exception: raise errors.BadConfigObject( u'Unable to read Yara rules file: {0:s}, error was: {1!s}'.format( yara_rules_path, exception)) except yara.Error as exception: raise errors.BadConfigObject( u'Unable to parse Yara rules in: {0:s}, error was: {1!s}'.format( yara_rules_path, exception)) parser_filter_expression = self.ParseStringOption( options, u'parsers', default_value=u'') self._parser_filter_expression = parser_filter_expression.replace( u'\\', u'/') if (isinstance(self._parser_filter_expression, py2to3.STRING_TYPES) and self._parser_filter_expression.lower() == u'list'): self.list_parsers_and_plugins = True self._force_preprocessing = getattr(options, u'preprocess', False) self._preferred_year = getattr(options, u'preferred_year', None) if self._preferred_year: try: self._preferred_year = int(self._preferred_year, 10) except ValueError: raise errors.BadConfigOption( u'Invalid preferred year: {0:s}.'.format(self._preferred_year)) self._process_archives = getattr(options, u'process_archives', False) self._process_compressed_streams = getattr( options, u'process_compressed_streams', True)
def ParseOptions(cls, options, configuration_object): """Parses and validates options. Args: options (argparse.Namespace): parser options. configuration_object (CLITool): object to be configured by the argument helper. Raises: BadConfigObject: when the configuration object is of the wrong type. BadConfigOption: when the date filter is badly formatted. """ if not isinstance(configuration_object, tools.CLITool): raise errors.BadConfigObject( 'Configuration object is not an instance of CLITool') filter_collection = getattr(configuration_object, '_filter_collection', None) if not filter_collection: raise errors.BadConfigObject( 'Filter collection missing from configuration object') date_filters = getattr(options, 'date_filters', None) if not date_filters: return file_entry_filter = file_entry_filters.DateTimeFileEntryFilter() for date_filter in date_filters: date_filter_pieces = date_filter.split(',') if len(date_filter_pieces) != 3: raise errors.BadConfigOption( 'Badly formed date filter: {0:s}'.format(date_filter)) time_value, start_time_string, end_time_string = date_filter_pieces time_value = time_value.strip() start_time_string = start_time_string.strip() end_time_string = end_time_string.strip() try: file_entry_filter.AddDateTimeRange( time_value, start_time_string=start_time_string, end_time_string=end_time_string) except ValueError: raise errors.BadConfigOption( 'Badly formed date filter: {0:s}'.format(date_filter)) filter_collection.AddFilter(file_entry_filter)
def ParseOptions(cls, options, analysis_plugin): """Parses and validates options. Args: options (argparse.Namespace): parser options object. analysis_plugin (NsrlsvrAnalysisPlugin): analysis plugin to configure. Raises: BadConfigObject: when the analysis plugin is the wrong type. BadConfigOption: when unable to connect to nsrlsvr instance. """ if not isinstance(analysis_plugin, nsrlsvr.NsrlsvrAnalysisPlugin): raise errors.BadConfigObject( 'Analysis plugin is not an instance of NsrlsvrAnalysisPlugin') label = cls._ParseStringOption( options, 'nsrlsvr_label', default_value=cls._DEFAULT_LABEL) analysis_plugin.SetLabel(label) lookup_hash = cls._ParseStringOption( options, 'nsrlsvr_hash', default_value=cls._DEFAULT_HASH) analysis_plugin.SetLookupHash(lookup_hash) host = cls._ParseStringOption( options, 'nsrlsvr_host', default_value=cls._DEFAULT_HOST) analysis_plugin.SetHost(host) port = cls._ParseNumericOption( options, 'nsrlsvr_port', default_value=cls._DEFAULT_PORT) analysis_plugin.SetPort(port) if not analysis_plugin.TestConnection(): raise errors.BadConfigOption( 'Unable to connect to nsrlsvr {0:s}:{1:d}'.format(host, port))
def ParseOptions(cls, options, output_module): """Parses and validates options. Args: options: the parser option object (instance of argparse.Namespace). output_module: an output module (instance of OutputModule). Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when a configuration parameter fails validation. """ if not isinstance(output_module, shared_4n6time.Base4n6TimeOutputModule): raise errors.BadConfigObject( u'Output module is not an instance of Base4n6TimeOutputModule') append = getattr(options, u'append', False) evidence = getattr(options, u'evidence', u'-') fields = getattr(options, u'fields', None) if not fields: fields = cls._DEFAULT_FIELDS output_module.SetAppendMode(append) output_module.SetEvidence(evidence) output_module.SetFields(fields)
def ParseOptions(cls, options, configuration_object): """Parses and validates options. Args: options (argparse.Namespace): parser options. configuration_object (CLITool): object to be configured by the argument helper. Raises: BadConfigObject: when the configuration object is of the wrong type. BadConfigOption: when the output format is not supported or the output is not provided or already exists. """ if not isinstance(configuration_object, tools.CLITool): raise errors.BadConfigObject( 'Configuration object is not an instance of CLITool') output_format = getattr(options, 'output_format', 'dynamic') output_filename = getattr(options, 'write', None) if output_format != 'list': if not output_manager.OutputManager.HasOutputClass(output_format): raise errors.BadConfigOption( 'Unsupported output format: {0:s}.'.format(output_format)) setattr(configuration_object, '_output_format', output_format) setattr(configuration_object, '_output_filename', output_filename)
def ParseOptions(cls, options, configuration_object): """Parses and validates options. Args: options (argparse.Namespace): parser options. configuration_object (CLITool): object to be configured by the argument helper. Raises: BadConfigObject: when the configuration object is of the wrong type. """ if not isinstance(configuration_object, tools.CLITool): raise errors.BadConfigObject( 'Configuration object is not an instance of CLITool') preprocess = getattr(options, 'preprocess', False) preferred_year = cls._ParseNumericOption(options, 'preferred_year') process_archives = getattr(options, 'process_archives', False) process_compressed_streams = getattr(options, 'process_compressed_streams', True) setattr(configuration_object, '_force_preprocessing', preprocess) setattr(configuration_object, '_preferred_year', preferred_year) setattr(configuration_object, '_process_archives', process_archives) setattr(configuration_object, '_process_compressed_streams', process_compressed_streams)
def ParseOptions(cls, options, configuration_object): """Parses and validates options. Args: options (argparse.Namespace): parser options. configuration_object (CLITool): object to be configured by the argument helper. Raises: BadConfigObject: when the configuration object is of the wrong type. BadConfigOption: when the location of the data files cannot be determined. """ if not isinstance(configuration_object, tools.CLITool): raise errors.BadConfigObject( 'Configuration object is not an instance of CLITool') data_location = cls._ParseStringOption(options, 'data_location') if not data_location: # Determine the source root path, which is 3 directories up from # the location of the script. data_location = os.path.dirname(cls._PATH) data_location = os.path.dirname(data_location) data_location = os.path.dirname(data_location) data_location = os.path.dirname(data_location) # There are multiple options to run a tool e.g. running from source or # from an egg file. data_location_egg = os.path.join(data_location, 'share', 'plaso') data_location_source = os.path.join(data_location, 'data') data_location = None if os.path.exists(data_location_egg) and os.path.isfile(os.path.join( data_location_egg, 'plaso-data.README')): data_location = data_location_egg elif os.path.exists(data_location_source) and os.path.isfile(os.path.join( data_location_source, 'plaso-data.README')): data_location = data_location_source if not data_location or not os.path.exists(data_location): data_location = os.path.join(sys.prefix, 'share', 'plaso') if not os.path.exists(data_location): data_location = os.path.join(sys.prefix, 'local', 'share', 'plaso') if sys.prefix != '/usr': if not os.path.exists(data_location): data_location = os.path.join('/usr', 'share', 'plaso') if not os.path.exists(data_location): data_location = os.path.join('/usr', 'local', 'share', 'plaso') if not os.path.exists(data_location) or not os.path.isfile(os.path.join( data_location, 'plaso-data.README')): data_location = None if not data_location: raise errors.BadConfigOption( 'Unable to determine location of data files.') logger.info('Determined data location: {0:s}'.format(data_location)) setattr(configuration_object, '_data_location', data_location)
def ParseOptions(cls, options, configuration_object): """Parses and validates options. Args: options (argparse.Namespace): parser options. configuration_object (CLITool): object to be configured by the argument helper. Raises: BadConfigObject: when the configuration object is of the wrong type. """ if not isinstance(configuration_object, tools.CLITool): raise errors.BadConfigObject( u'Configuration object is not an instance of CLITool') plugin_names_argument = cls._ParseStringOption(options, u'analysis_plugins') if plugin_names_argument and plugin_names_argument != u'list': available_plugin_names = ( analysis_manager.AnalysisPluginManager.GetPluginNames()) plugin_names_argument = [ name.strip() for name in plugin_names_argument.split(u',') ] difference = set(plugin_names_argument).difference( available_plugin_names) if difference: raise errors.BadConfigOption( u'Non-existent analysis plugins specified: {0:s}'.format( u' '.join(difference))) setattr(configuration_object, u'_analysis_plugins', plugin_names_argument)
def ParseOptions(cls, options, output_module): """Parses and validates options. Args: options: the parser option object (instance of argparse.Namespace). output_module: an output module (instance of OutputModule). Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when the output filename was not provided. """ if not isinstance(output_module, sqlite_4n6time.SQLite4n6TimeOutputModule): raise errors.BadConfigObject( u'Output module is not an instance of SQLite4n6TimeOutputModule' ) shared_4n6time_output.Shared4n6TimeOutputHelper.ParseOptions( options, output_module) filename = getattr(options, u'write', None) if not filename: raise errors.BadConfigOption( u'Output filename was not provided use "-w filename" to specify.' ) output_module.SetFilename(filename)
def ParseOptions(cls, options, output_module): """Parses and validates options. Args: options: the parser option object (instance of argparse.Namespace). output_module: an output module (instance of OutputModule). Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when a configuration parameter fails validation. """ if not hasattr(output_module, u'SetServerInformation'): raise errors.BadConfigObject(u'Unable to set server information.') server = getattr(options, u'server', None) if not server: server = cls._DEFAULT_SERVER port = getattr(options, u'port', None) if port and not isinstance(port, (int, long)): raise errors.BadConfigOption(u'Invalid port value not an integer.') if not port: port = cls._DEFAULT_PORT output_module.SetServerInformation(server, port)
def ParseOptions(cls, options, output_module): """Parses and validates options. Args: options: the parser option object (instance of argparse.Namespace). output_module: an output module (instance of OutputModule). Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when a configuration parameter fails validation. """ if not hasattr(output_module, u'SetCredentials'): raise errors.BadConfigObject(u'Unable to set username information.') username = getattr(options, u'username', None) if not username: username = cls._DEFAULT_USERNAME password = getattr(options, u'password', None) if not password: password = cls._DEFAULT_PASSWORD name = getattr(options, u'db_name', None) if not name: name = cls._DEFAULT_NAME output_module.SetCredentials( username=username, password=password) output_module.SetDatabaseName(name) server_config.BaseServerConfigHelper.ParseOptions(options, output_module)
def ParseOptions(cls, options, configuration_object): """Parses and validates options. Args: options (argparse.Namespace): parser options. configuration_object (CLITool): object to be configured by the argument helper. Raises: BadConfigObject: when the configuration object is of the wrong type. BadConfigOption: when a configuration parameter fails validation. """ if not isinstance(configuration_object, tools.CLITool): raise errors.BadConfigObject( 'Configuration object is not an instance of CLITool') hashers = cls._ParseStringOption( options, 'hashers', default_value=cls._DEFAULT_HASHER_STRING) hasher_file_size_limit = cls._ParseNumericOption( options, 'hasher_file_size_limit', default_value=0) # TODO: validate hasher names. if hasher_file_size_limit < 0: raise errors.BadConfigOption( 'Invalid hasher file size limit value cannot be negative.') setattr(configuration_object, '_hasher_names_string', hashers) setattr(configuration_object, '_hasher_file_size_limit', hasher_file_size_limit)
def ParseOptions(cls, options, output_module): """Parses and validates options. Args: options: the parser option object (instance of argparse.Namespace). output_module: an output module (instance of OutputModule). Raises: BadConfigObject: when the output module object is of the wrong type. """ if not isinstance(output_module, shared_4n6time.Base4n6TimeOutputModule): raise errors.BadConfigObject( u'Output module is not an instance of Base4n6TimeOutputModule') append = getattr(options, u'append', cls._DEFAULT_APPEND) evidence = cls._ParseStringOption(options, u'evidence', default_value=cls._DEFAULT_EVIDENCE) fields = cls._ParseStringOption(options, u'fields', default_value=cls._DEFAULT_FIELDS) output_module.SetAppendMode(append) output_module.SetEvidence(evidence) output_module.SetFields( [field_name.strip() for field_name in fields.split(u',')])
def ParseOptions(cls, options, output_module): """Parses and validates options. Args: options: the parser option object (instance of argparse.Namespace). output_module: an output module (instance of OutputModule). Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when a configuration parameter fails validation. """ if not isinstance(output_module, timesketch_out.TimesketchOutputModule): raise errors.BadConfigObject( u'Output module is not an instance of TimesketchOutputModule') output_format = getattr(options, u'output_format', None) if output_format != u'timesketch': raise errors.BadConfigOption( u'Only works on Timesketch output module.') flush_interval = getattr(options, u'flush_interval', None) if flush_interval: output_module.SetFlushInterval(flush_interval) index = getattr(options, u'index', None) if index: output_module.SetIndex(index) name = getattr(options, u'timeline_name', None) if name: output_module.SetName(name)
def ParseOptions(cls, options, output_module): # pylint: disable=arguments-differ """Parses and validates options. Args: options (argparse.Namespace): parser options. output_module (OutputModule): output module to configure. Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when the output filename was not provided. """ if not isinstance(output_module, dynamic.DynamicOutputModule): raise errors.BadConfigObject( 'Output module is not an instance of DynamicOutputModule') default_fields = ','.join(cls._DEFAULT_FIELDS) fields = cls._ParseStringOption( options, 'fields', default_value=default_fields) additional_fields = cls._ParseStringOption(options, 'additional_fields') if additional_fields: fields = ','.join([fields, additional_fields]) output_module.SetFields([ field_name.strip() for field_name in fields.split(',')])
def ParseOptions(cls, options, configuration_object): """Parses and validates options. Args: options (argparse.Namespace): parser options. configuration_object (CLITool): object to be configured by the argument helper. Raises: BadConfigObject: when the configuration object is of the wrong type. """ if not isinstance(configuration_object, tools.CLITool): raise errors.BadConfigObject( u'Configuration object is not an instance of CLITool') output_format = getattr(options, u'output_format', u'dynamic') output_filename = getattr(options, u'write', None) if output_format != u'list': if not output_manager.OutputManager.HasOutputClass(output_format): raise errors.BadConfigOption( u'Unsupported output format: {0:s}.'.format(output_format)) if output_manager.OutputManager.IsLinearOutputModule(output_format): if not output_filename: raise errors.BadConfigOption(( u'Output format: {0:s} requires an output file').format( output_format)) if os.path.exists(output_filename): raise errors.BadConfigOption( u'Output file already exists: {0:s}.'.format(output_filename)) setattr(configuration_object, u'_output_format', output_format) setattr(configuration_object, u'_output_filename', output_filename)
def ParseOptions(cls, options, configuration_object): """Parses and validates options. Args: options (argparse.Namespace): parser options. configuration_object (CLITool): object to be configured by the argument helper. Raises: BadConfigObject: when the configuration object is of the wrong type. """ if not isinstance(configuration_object, tools.CLITool): raise errors.BadConfigObject( 'Configuration object is not an instance of CLITool') analysis_plugins = cls._ParseStringOption(options, 'analysis_plugins') if analysis_plugins and analysis_plugins.lower() != 'list': plugin_names = analysis_manager.AnalysisPluginManager.GetPluginNames( ) analysis_plugins = [ name.strip() for name in analysis_plugins.split(',') ] difference = set(analysis_plugins).difference(plugin_names) if difference: raise errors.BadConfigOption( 'Non-existent analysis plugins specified: {0:s}'.format( ' '.join(difference))) setattr(configuration_object, '_analysis_plugins', analysis_plugins)
def ParseOptions(cls, options, output_module): """Parses and validates options. Args: options (argparse.Namespace): parser options. output_module (OutputModule): output module to configure. Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when a configuration parameter fails validation. """ if not isinstance(output_module, elastic.ElasticSearchOutputModule): raise errors.BadConfigObject( u'Output module is not an instance of ElasticSearchOutputModule') index_name = cls._ParseStringOption( options, u'index_name', default_value=cls._DEFAULT_INDEX_NAME) doc_type = cls._ParseStringOption( options, u'doc_type', default_value=cls._DEFAULT_DOC_TYPE) flush_interval = cls._ParseIntegerOption( options, u'flush_interval', default_value=cls._DEFAULT_FLUSH_INTERVAL) raw_fields = getattr( options, u'raw_fields', cls._DEFAULT_RAW_FIELDS) ElasticSearchServerArgumentsHelper.ParseOptions(options, output_module) output_module.SetIndexName(index_name) output_module.SetDocType(doc_type) output_module.SetFlushInterval(flush_interval) output_module.SetRawFields(raw_fields)
def ParseOptions(cls, options, configuration_object): """Parses and validates options. Args: options (argparse.Namespace): parser options. configuration_object (CLITool): object to be configured by the argument helper. Raises: BadConfigObject: when the configuration object is of the wrong type. BadConfigOption: when a configuration parameter fails validation. """ if not isinstance(configuration_object, tools.CLITool): raise errors.BadConfigObject( 'Configuration object is not an instance of CLITool') process_memory_limit = cls._ParseNumericOption(options, 'process_memory_limit') if process_memory_limit and process_memory_limit < 0: raise errors.BadConfigOption( 'Invalid process memory limit value cannot be negative.') setattr(configuration_object, '_process_memory_limit', process_memory_limit)
def ParseOptions(cls, options, output_module): """Parses and validates options. Args: options (argparse.Namespace): parser options. output_module (TimesketchOutputModule): output module to configure. Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when a configuration parameter fails validation. """ if not isinstance(output_module, timesketch_out.TimesketchOutputModule): raise errors.BadConfigObject( u'Output module is not an instance of TimesketchOutputModule') doc_type = cls._ParseStringOption( options, u'doc_time', default_value=cls._DEFAULT_DOC_TYPE) output_module.SetDocType(doc_type) flush_interval = cls._ParseIntegerOption( options, u'flush_interval', default_value=cls._DEFAULT_FLUSH_INTERVAL) output_module.SetFlushInterval(flush_interval) index = cls._ParseStringOption( options, u'index', default_value=cls._DEFAULT_UUID) output_module.SetIndexName(index) name = cls._ParseStringOption( options, u'timeline_name', default_value=cls._DEFAULT_NAME) output_module.SetTimelineName(name) username = cls._ParseStringOption( options, u'username', default_value=cls._DEFAULT_USERNAME) output_module.SetUserName(username)
def ParseOptions(cls, options, configuration_object): """Parses and validates options. Args: options (argparse.Namespace): parser options. configuration_object (CLITool): object to be configured by the argument helper. Raises: BadConfigObject: when the configuration object is of the wrong type. BadConfigOption: if the storage format is not defined or supported. """ if not isinstance(configuration_object, tools.CLITool): raise errors.BadConfigObject( 'Configuration object is not an instance of CLITool') storage_format = cls._ParseStringOption(options, 'storage_format') if not storage_format: raise errors.BadConfigOption('Unable to determine storage format.') if storage_format not in definitions.STORAGE_FORMATS: raise errors.BadConfigOption( 'Unsupported storage format: {0:s}'.format(storage_format)) setattr(configuration_object, '_storage_format', storage_format)
def ParseOptions(cls, options, output_module): """Parses and validates options. Args: options: the parser option object (instance of argparse.Namespace). output_module: an output module (instance of OutputModule). Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when a configuration parameter fails validation. """ if not isinstance(output_module, elastic.ElasticSearchOutputModule): raise errors.BadConfigObject( u'Output module is not an instance of ElasticSearchOutputModule' ) output_format = getattr(options, u'output_format', None) if output_format != u'elastic': raise errors.BadConfigOption( u'Only works on Elastic output module.') case_name = cls._ParseStringOption(options, u'case_name', default_value=cls._DEFAULT_CASE) document_type = cls._ParseStringOption( options, u'document_type', default_value=cls._DEFAULT_DOCUMENT_TYPE) ElasticServer.ParseOptions(options, output_module) output_module.SetCaseName(case_name) output_module.SetDocumentType(document_type)
def ParseOptions(cls, options, output_module): """Parses and validates options. Args: options: the parser option object (instance of argparse.Namespace). output_module: an output module (instance of OutputModule). Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when the output filename was not provided. """ if not isinstance(output_module, xlsx.XLSXOutputModule): raise errors.BadConfigObject( u'Output module is not an instance of XLSXOutputModule') fields = cls._ParseStringOption(options, u'fields', default_value=cls._DEFAULT_FIELDS) filename = getattr(options, u'write', None) if not filename: raise errors.BadConfigOption( u'Output filename was not provided use "-w filename" to specify.' ) timestamp_format = cls._ParseStringOption( options, u'timestamp_format', default_value=cls._DEFAULT_TIMESTAMP_FORMAT) output_module.SetFields( [field_name.strip() for field_name in fields.split(u',')]) output_module.SetFilename(filename) output_module.SetTimestampFormat(timestamp_format)
def ParseOptions(cls, options, analysis_plugin): """Parses and validates options. Args: options: the parser option object (instance of argparse.Namespace). analysis_plugin: an analysis plugin (instance of AnalysisPlugin). Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when a configuration parameter fails validation. """ if not isinstance(analysis_plugin, virustotal.VirusTotalAnalysisPlugin): raise errors.BadConfigObject( u'Analysis plugin is not an instance of VirusTotalAnalysisPlugin' ) api_key = cls._ParseStringOption(options, u'virustotal_api_key') if not api_key: raise errors.BadConfigOption( u'VirusTotal API key not specified. Try again with ' u'--virustotal-api-key.') analysis_plugin.SetAPIKey(api_key) rate_limit = getattr(options, u'virustotal_rate_limit', cls._DEFAULT_RATE_LIMIT) analysis_plugin.EnableFreeAPIKeyRateLimit(rate_limit)
def ParseOptions(cls, options, output_module): """Parses and validates options. Args: options (argparse.Namespace): parser options. output_module (OutputModule): output module to configure. Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when a configuration parameter fails validation. """ if not isinstance(output_module, elastic_ts.ElasticTimesketchOutputModule): raise errors.BadConfigObject( 'Output module is not an instance of ElasticsearchOutputModule' ) elastic_output.ElasticSearchOutputArgumentsHelper.ParseOptions( options, output_module) timeline_identifier = cls._ParseNumericOption( options, 'timeline_identifier', default_value=cls._DEFAULT_TIMELINE_IDENTIFIER) if timeline_identifier: output_module.SetTimelineIdentifier(timeline_identifier)
def ParseOptions(cls, options, configuration_object): """Parses and validates options. Args: options (argparse.Namespace): parser options. configuration_object (CLITool): object to be configured by the argument helper. Raises: BadConfigObject: when the configuration object is of the wrong type. BadConfigOption: if the collection file does not exist. """ if not isinstance(configuration_object, tools.CLITool): raise errors.BadConfigObject( 'Configuration object is not an instance of CLITool') filter_file = cls._ParseStringOption(options, 'file_filter') # Search the data location for the filter file. if filter_file and not os.path.isfile(filter_file): data_location = getattr(configuration_object, '_data_location', None) if data_location: filter_file_basename = os.path.basename(filter_file) filter_file_path = os.path.join(data_location, filter_file_basename) if os.path.isfile(filter_file_path): filter_file = filter_file_path if filter_file and not os.path.isfile(filter_file): raise errors.BadConfigOption( 'No such collection filter file: {0:s}.'.format(filter_file)) setattr(configuration_object, '_filter_file', filter_file)
def ParseOptions(cls, options, analysis_plugin): """Parses and validates options. Args: options: the parser option object (instance of argparse.Namespace). analysis_plugin: an analysis plugin (instance of OutputModule). Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when a configuration parameter fails validation. """ if not isinstance(analysis_plugin, tagging.TaggingPlugin): raise errors.BadConfigObject( u'Analysis plugin is not an instance of TaggingPlugin') tagging_file = getattr(options, u'tagging_file', None) if tagging_file: if not os.path.exists(tagging_file) or not os.path.isfile(tagging_file): # Check if the file exists in the data location path. data_location = getattr(options, 'data_location', None) if data_location: new_tagging_path = os.path.join(data_location, tagging_file) if os.path.exists(new_tagging_path) and os.path.isfile( new_tagging_path): analysis_plugin.SetAndLoadTagFile(new_tagging_path) return raise errors.BadConfigOption( u'Tagging file {0:s} does not exist.'.format(tagging_file)) analysis_plugin.SetAndLoadTagFile(tagging_file)
def ParseOptions(cls, options, analysis_plugin): """Parses and validates options. Args: options (argparse.Namespace): parser options. analysis_plugin (VirusTotalAnalysisPlugin): analysis plugin to configure. Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when a configuration parameter fails validation. """ if not isinstance(analysis_plugin, virustotal.VirusTotalAnalysisPlugin): raise errors.BadConfigObject( u'Analysis plugin is not an instance of VirusTotalAnalysisPlugin' ) api_key = cls._ParseStringOption(options, u'virustotal_api_key') if not api_key: raise errors.BadConfigOption( u'VirusTotal API key not specified. Try again with ' u'--virustotal-api-key.') analysis_plugin.SetAPIKey(api_key) enable_rate_limit = getattr(options, u'virustotal_free_rate_limit', cls._DEFAULT_RATE_LIMIT) if enable_rate_limit: analysis_plugin.EnableFreeAPIKeyRateLimit() lookup_hash = cls._ParseStringOption(options, u'virustotal_hash', default_value=cls._DEFAULT_HASH) analysis_plugin.SetLookupHash(lookup_hash)
def ParseOptions(cls, options, analysis_plugin): # pylint: disable=arguments-renamed """Parses and validates options. Args: options (argparse.Namespace): parser options. analysis_plugin (OutputModule): analysis_plugin to configure. Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when a configuration parameter fails validation. """ if not isinstance(analysis_plugin, sessionize.SessionizeAnalysisPlugin): raise errors.BadConfigObject( 'Analysis plugin is not an instance of SessionizeAnalysisPlugin' ) maximum_pause = cls._ParseNumericOption(options, 'sessionize_maximumpause', default_value=10) if maximum_pause <= 0: raise errors.BadConfigOption( 'Maximum pause value {0:d} is not supported. ' 'Value must be greater than 0.'.format(maximum_pause)) analysis_plugin.SetMaximumPause(maximum_pause)