Changed formatters to use configuration log2timeline#444

Author: joachimmetz

data/formatters/windows.yaml

@@ -329,6 +329,15 @@ short_message:
 - 'Origin: {key_path}'
 ---
 type: 'conditional'
+data_type: 'windows:registry:key_value'
+message:
+- '[{key_path}]'
+- '{values}'
+short_message:
+- '[{key_path}]'
+- '{values}'
+---
+type: 'conditional'
 data_type: 'windows:registry:mount_points2'
 message:
 - '[{key_path}]'

plaso/formatters/winreg.py

@@ -1,22 +1,19 @@
 # -*- coding: utf-8 -*-
-"""The Windows Registry key or value event formatter."""
+"""Windows Registry custom event formatter helpers."""
 
 from __future__ import unicode_literals
 
 from plaso.formatters import interface
 from plaso.formatters import manager
 
 
-class WinRegistryGenericFormatter(interface.EventFormatter):
-  """Formatter for a Windows Registry key or value event."""
+class WinRegistryGenericFormatter(interface.CustomEventFormatterHelper):
+  """Custom formatter for Windows Registry key or value event values."""
 
   DATA_TYPE = 'windows:registry:key_value'
 
-  FORMAT_STRING = '[{key_path}] {values}'
-  FORMAT_STRING_ALTERNATIVE = '{values}'
-
   def FormatEventValues(self, event_values):
-    """Formats event values using the helpers.
+    """Formats event values using the helper.
 
     Args:
       event_values (dict[str, object]): event values.
@@ -25,45 +22,6 @@ def FormatEventValues(self, event_values):
     if not values:
       event_values['values'] = '(empty)'
 
-  def GetMessage(self, event_values):
-    """Determines the message.
-
-    Args:
-      event_values (dict[str, object]): event values.
-
-    Returns:
-      str: message.
-    """
-    if 'key_path' in event_values:
-      format_string = self.FORMAT_STRING
-    else:
-      format_string = self.FORMAT_STRING_ALTERNATIVE
-
-    return self._FormatMessage(format_string, event_values)
-
-  def GetMessageShort(self, event_values):
-    """Determines the short message.
-
-    Args:
-      event_values (dict[str, object]): event values.
-
-    Returns:
-      str: short message.
-    """
-    if self.FORMAT_STRING_SHORT:
-      format_string = self.FORMAT_STRING_SHORT
-    elif 'key_path' in event_values:
-      format_string = self.FORMAT_STRING
-    else:
-      format_string = self.FORMAT_STRING_ALTERNATIVE
-
-    short_message_string = self._FormatMessage(format_string, event_values)
-
-    # Truncate the short message string if necessary.
-    if len(short_message_string) > 80:
-      short_message_string = '{0:s}...'.format(short_message_string[:77])
-
-    return short_message_string
-
 
-manager.FormattersManager.RegisterFormatter(WinRegistryGenericFormatter)
+manager.FormattersManager.RegisterEventFormatterHelper(
+    WinRegistryGenericFormatter)

tests/filters/expression_parser.py

@@ -10,28 +10,12 @@
 from plaso.containers import events
 from plaso.filters import expression_parser
 from plaso.filters import filters
-from plaso.formatters import interface as formatters_interface
-from plaso.formatters import manager as formatters_manager
 from plaso.lib import errors
 
 from tests import test_lib as shared_test_lib
 from tests.containers import test_lib as containers_test_lib
 
 
-class PfilterFakeFormatter(formatters_interface.EventFormatter):
-  """A formatter for this fake class."""
-  DATA_TYPE = 'Weirdo:Made up Source:Last Written'
-
-  FORMAT_STRING = '{text}'
-  FORMAT_STRING_SHORT = '{text_short}'
-
-  SOURCE_LONG = 'Fake Parsing Source'
-  SOURCE_SHORT = 'REG'
-
-
-formatters_manager.FormattersManager.RegisterFormatter(PfilterFakeFormatter)
-
-
 class TestBinaryOperator(filters.GenericBinaryOperator):
   """Binary operator for testing.
 

tests/formatters/manager.py

@@ -7,7 +7,6 @@
 import unittest
 
 from plaso.formatters import manager
-from plaso.formatters import winreg  # pylint: disable=unused-import
 from plaso.lib import definitions
 
 from tests import test_lib as shared_test_lib

tests/formatters/winreg.py

@@ -19,18 +19,7 @@ def testInitialization(self):
     event_formatter = winreg.WinRegistryGenericFormatter()
     self.assertIsNotNone(event_formatter)
 
-  def testGetFormatStringAttributeNames(self):
-    """Tests the GetFormatStringAttributeNames function."""
-    event_formatter = winreg.WinRegistryGenericFormatter()
-
-    expected_attribute_names = [
-        'key_path',
-        'values']
-
-    self._TestGetFormatStringAttributeNames(
-        event_formatter, expected_attribute_names)
-
-  # TODO: add test for GetMessages.
+  # TODO: add test for FormatEventValues.
 
 
 if __name__ == '__main__':

tests/parsers/custom_destinations.py

@@ -6,7 +6,6 @@
 
 import unittest
 
-from plaso.formatters import winlnk  # pylint: disable=unused-import
 from plaso.lib import definitions
 from plaso.parsers import custom_destinations
 

tests/parsers/filestat.py

@@ -10,7 +10,6 @@
 from dfvfs.lib import definitions as dfvfs_definitions
 from dfvfs.path import factory as path_spec_factory
 
-from plaso.formatters import file_system  # pylint: disable=unused-import
 from plaso.lib import definitions
 from plaso.parsers import filestat
 

tests/parsers/ntfs.py

@@ -9,7 +9,6 @@
 from dfvfs.lib import definitions as dfvfs_definitions
 from dfvfs.path import factory as path_spec_factory
 
-from plaso.formatters import file_system  # pylint: disable=unused-import
 from plaso.lib import definitions
 from plaso.parsers import ntfs
 

tests/parsers/winreg_plugins/default.py

@@ -10,7 +10,6 @@
 from dfwinreg import definitions as dfwinreg_definitions
 from dfwinreg import fake as dfwinreg_fake
 
-from plaso.formatters import winreg  # pylint: disable=unused-import
 from plaso.parsers.winreg_plugins import default
 
 from tests.parsers.winreg_plugins import test_lib