Created enumeration format helper #444 (#2869)

log2timeline · Apr 14, 2020 · 499137e · 499137e
1 parent 99d0a1d
commit 499137e
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 28 deletions.
diff --git a/plaso/formatters/interface.py b/plaso/formatters/interface.py
@@ -13,20 +13,79 @@
 
 from __future__ import unicode_literals
 
+import abc
 import re
 
 from plaso.formatters import logger
 from plaso.lib import errors
 from plaso.lib import py2to3
 
 
+class EventFormatterHelper(object):
+  """Base class of helper for formatting event data."""
+
+  @abc.abstractmethod
+  def FormatEventValues(self, event_values):
+    """Formats event values using the helper.
+
+    Args:
+      event_values (dict[str, object]): event values.
+    """
+
+
+class EnumerationEventFormatterHelper(object):
+  """Helper for formatting enumeration event data.
+
+  Attributes:
+    default (str): default value.
+    input_attribute (str): name of the attribute that contains the enumeration
+        input value.
+    output_attribute (str): name of the attribute where the enumeration output
+        value should be stored.
+    values (dict[str, str]): mapping of enumeration input and output values.
+  """
+
+  def __init__(
+      self, default=None, input_attribute=None, output_attribute=None,
+      values=None):
+    """Initialized a helper for formatting enumeration event data.
+
+    Args:
+      default (Optional[str]): default value.
+      input_attribute (Optional[str]): name of the attribute that contains
+          the enumeration input value.
+      output_attribute (Optional[str]): name of the attribute where the
+          enumeration output value should be stored.
+      values (Optional[dict[str, str]]): mapping of enumeration input and
+          output values.
+    """
+    super(EnumerationEventFormatterHelper, self).__init__()
+    self.default = default
+    self.input_attribute = input_attribute
+    self.output_attribute = output_attribute
+    self.values = values or {}
+
+  def FormatEventValues(self, event_values):
+    """Formats event values using the helper.
+
+    Args:
+      event_values (dict[str, object]): event values.
+    """
+    input_value = event_values.get(self.input_attribute, None)
+    event_values[self.output_attribute] = self.values.get(
+        input_value, self.default)
+
+
 class EventFormatter(object):
-  """Base class to format event type specific data using a format string.
+  """Base class to format event data using a format string.
 
   Define the (long) format string and the short format string by defining
   FORMAT_STRING and FORMAT_STRING_SHORT. The syntax of the format strings
   is similar to that of format() where the place holder for a certain
   event object attribute is defined as {attribute_name}.
+
+  Attributes:
+    helpers (list[EventFormatterHelper]): event formatter helpers.
   """
 
   # The data type is a unique identifier for the event data. The current
@@ -52,6 +111,7 @@ def __init__(self):
     """Initializes an event formatter object."""
     super(EventFormatter, self).__init__()
     self._format_string_attribute_names = None
+    self.helpers = []
 
   def _FormatMessage(self, format_string, event_values):
     """Determines the formatted message string.
@@ -359,4 +419,8 @@ def GetMessages(self, formatter_mediator, event_data):
           event_data.data_type))
 
     event_values = event_data.CopyToDict()
+
+    for helper in self.helpers:
+      helper.FormatEventValues(event_values)
+
     return self._ConditionalFormatMessages(event_values)
diff --git a/plaso/formatters/recycler.py b/plaso/formatters/recycler.py
@@ -5,7 +5,6 @@
 
 from plaso.formatters import interface
 from plaso.formatters import manager
-from plaso.lib import errors
 
 
 class WinRecyclerFormatter(interface.ConditionalEventFormatter):
@@ -55,33 +54,13 @@ class WinRecyclerFormatter(interface.ConditionalEventFormatter):
   SOURCE_LONG = 'Recycle Bin'
   SOURCE_SHORT = 'RECBIN'
 
-  # pylint: disable=unused-argument
-  def GetMessages(self, formatter_mediator, event_data):
-    """Determines the formatted message strings for the event data.
+  def __init__(self):
+    super(WinRecyclerFormatter, self).__init__()
+    helper = interface.EnumerationEventFormatterHelper(
+        default='UNKNOWN', input_attribute='drive_number',
+        output_attribute='drive_letter', values=self._DRIVE_LETTER)
 
-    Args:
-      formatter_mediator (FormatterMediator): mediates the interactions
-          between formatters and other components, such as storage and Windows
-          EventLog resources.
-      event_data (EventData): event data.
-
-    Returns:
-      tuple(str, str): formatted message string and short message string.
-
-    Raises:
-      WrongFormatter: if the event data cannot be formatted by the formatter.
-    """
-    if self.DATA_TYPE != event_data.data_type:
-      raise errors.WrongFormatter('Unsupported data type: {0:s}.'.format(
-          event_data.data_type))
-
-    event_values = event_data.CopyToDict()
-
-    drive_number = event_values.get('drive_number', None)
-    event_values['drive_letter'] = self._DRIVE_LETTER.get(
-        drive_number, 'UNKNOWN')
-
-    return self._ConditionalFormatMessages(event_values)
+    self.helpers.append(helper)
 
 
 manager.FormattersManager.RegisterFormatter(WinRecyclerFormatter)