Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Created enumeration format helper #444 #2869

Merged
merged 1 commit into from
Apr 14, 2020
Merged

Created enumeration format helper #444 #2869

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 65 additions & 1 deletion plaso/formatters/interface.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,20 +13,79 @@

from __future__ import unicode_literals

import abc
import re

from plaso.formatters import logger
from plaso.lib import errors
from plaso.lib import py2to3


class EventFormatterHelper(object):
"""Base class of helper for formatting event data."""

@abc.abstractmethod
def FormatEventValues(self, event_values):
"""Formats event values using the helper.
Args:
event_values (dict[str, object]): event values.
"""


class EnumerationEventFormatterHelper(object):
"""Helper for formatting enumeration event data.
Attributes:
default (str): default value.
input_attribute (str): name of the attribute that contains the enumeration
input value.
output_attribute (str): name of the attribute where the enumeration output
value should be stored.
values (dict[str, str]): mapping of enumeration input and output values.
"""

def __init__(
self, default=None, input_attribute=None, output_attribute=None,
values=None):
"""Initialized a helper for formatting enumeration event data.
Args:
default (Optional[str]): default value.
input_attribute (Optional[str]): name of the attribute that contains
the enumeration input value.
output_attribute (Optional[str]): name of the attribute where the
enumeration output value should be stored.
values (Optional[dict[str, str]]): mapping of enumeration input and
output values.
"""
super(EnumerationEventFormatterHelper, self).__init__()
self.default = default
self.input_attribute = input_attribute
self.output_attribute = output_attribute
self.values = values or {}

def FormatEventValues(self, event_values):
"""Formats event values using the helper.
Args:
event_values (dict[str, object]): event values.
"""
input_value = event_values.get(self.input_attribute, None)
event_values[self.output_attribute] = self.values.get(
input_value, self.default)


class EventFormatter(object):
"""Base class to format event type specific data using a format string.
"""Base class to format event data using a format string.
Define the (long) format string and the short format string by defining
FORMAT_STRING and FORMAT_STRING_SHORT. The syntax of the format strings
is similar to that of format() where the place holder for a certain
event object attribute is defined as {attribute_name}.
Attributes:
helpers (list[EventFormatterHelper]): event formatter helpers.
"""

# The data type is a unique identifier for the event data. The current
Expand All @@ -52,6 +111,7 @@ def __init__(self):
"""Initializes an event formatter object."""
super(EventFormatter, self).__init__()
self._format_string_attribute_names = None
self.helpers = []

def _FormatMessage(self, format_string, event_values):
"""Determines the formatted message string.
Expand Down Expand Up @@ -359,4 +419,8 @@ def GetMessages(self, formatter_mediator, event_data):
event_data.data_type))

event_values = event_data.CopyToDict()

for helper in self.helpers:
helper.FormatEventValues(event_values)

return self._ConditionalFormatMessages(event_values)
33 changes: 6 additions & 27 deletions plaso/formatters/recycler.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@

from plaso.formatters import interface
from plaso.formatters import manager
from plaso.lib import errors


class WinRecyclerFormatter(interface.ConditionalEventFormatter):
Expand Down Expand Up @@ -55,33 +54,13 @@ class WinRecyclerFormatter(interface.ConditionalEventFormatter):
SOURCE_LONG = 'Recycle Bin'
SOURCE_SHORT = 'RECBIN'

# pylint: disable=unused-argument
def GetMessages(self, formatter_mediator, event_data):
"""Determines the formatted message strings for the event data.
def __init__(self):
super(WinRecyclerFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN', input_attribute='drive_number',
output_attribute='drive_letter', values=self._DRIVE_LETTER)

Args:
formatter_mediator (FormatterMediator): mediates the interactions
between formatters and other components, such as storage and Windows
EventLog resources.
event_data (EventData): event data.
Returns:
tuple(str, str): formatted message string and short message string.
Raises:
WrongFormatter: if the event data cannot be formatted by the formatter.
"""
if self.DATA_TYPE != event_data.data_type:
raise errors.WrongFormatter('Unsupported data type: {0:s}.'.format(
event_data.data_type))

event_values = event_data.CopyToDict()

drive_number = event_values.get('drive_number', None)
event_values['drive_letter'] = self._DRIVE_LETTER.get(
drive_number, 'UNKNOWN')

return self._ConditionalFormatMessages(event_values)
self.helpers.append(helper)


manager.FormattersManager.RegisterFormatter(WinRecyclerFormatter)