From 7d9cbf89e07eb26b8887d1f49989302e78759122 Mon Sep 17 00:00:00 2001 From: Joachim Metz Date: Thu, 20 Aug 2015 05:33:29 +0200 Subject: [PATCH] Code review: 249540043: Clean up of Mac OS X preprocessor plugins #155. --- config/dpkg/changelog | 2 +- docs/plaso.analysis.rst | 65 ++-- docs/plaso.cli.helpers.rst | 81 +++-- docs/plaso.cli.rst | 49 ++- docs/plaso.engine.rst | 57 ++-- docs/plaso.events.rst | 41 ++- docs/plaso.filters.rst | 33 +- docs/plaso.formatters.rst | 325 ++++++++++---------- docs/plaso.frontend.rst | 53 ++-- docs/plaso.hashers.rst | 41 ++- docs/plaso.lib.rst | 97 +++--- docs/plaso.multi_processing.rst | 37 ++- docs/plaso.output.rst | 89 +++--- docs/plaso.parsers.bencode_plugins.rst | 33 +- docs/plaso.parsers.cookie_plugins.rst | 33 +- docs/plaso.parsers.esedb_plugins.rst | 33 +- docs/plaso.parsers.olecf_plugins.rst | 37 ++- docs/plaso.parsers.plist_plugins.rst | 73 +++-- docs/plaso.parsers.rst | 259 ++++++++-------- docs/plaso.parsers.shared.rst | 21 +- docs/plaso.parsers.sqlite_plugins.rst | 81 +++-- docs/plaso.parsers.winreg_plugins.rst | 121 ++++---- docs/plaso.preprocessors.rst | 41 ++- docs/plaso.proto.rst | 21 +- docs/plaso.rst | 37 ++- docs/plaso.serializer.rst | 33 +- docs/plaso.storage.rst | 27 +- docs/plaso.unix.rst | 21 +- docs/plaso.winnt.rst | 45 ++- docs/plaso.winregistry.rst | 45 ++- plaso/__init__.py | 2 +- plaso/lib/plist.py | 71 +++++ plaso/parsers/plist_plugins/interface.py | 159 +++++----- plaso/preprocessors/interface.py | 30 +- plaso/preprocessors/macosx.py | 374 +++++++++++------------ tests/lib/binary.py | 72 ++--- tests/lib/objectfilter.py | 4 +- tests/lib/plist.py | 51 ++++ tests/parsers/plist_plugins/interface.py | 35 ++- 39 files changed, 1369 insertions(+), 1360 deletions(-) create mode 100644 plaso/lib/plist.py create mode 100644 tests/lib/plist.py diff --git a/config/dpkg/changelog b/config/dpkg/changelog index 40ed102e2a..90d974d8b6 100644 --- a/config/dpkg/changelog +++ b/config/dpkg/changelog @@ -2,4 +2,4 @@ python-plaso (1.3.1-1) unstable; urgency=low * Auto-generated - -- Log2Timeline Tue, 18 Aug 2015 13:50:16 +0200 + -- Log2Timeline Thu, 20 Aug 2015 05:33:29 +0200 diff --git a/docs/plaso.analysis.rst b/docs/plaso.analysis.rst index cea7d4fcf0..85896b5111 100644 --- a/docs/plaso.analysis.rst +++ b/docs/plaso.analysis.rst @@ -1,102 +1,99 @@ -plaso.analysis package -====================== +analysis Package +================ -Submodules ----------- +:mod:`analysis` Package +----------------------- -plaso.analysis.browser_search module ------------------------------------- +.. automodule:: plaso.analysis + :members: + :undoc-members: + :show-inheritance: + +:mod:`browser_search` Module +---------------------------- .. automodule:: plaso.analysis.browser_search :members: :undoc-members: :show-inheritance: -plaso.analysis.chrome_extension module --------------------------------------- +:mod:`chrome_extension` Module +------------------------------ .. automodule:: plaso.analysis.chrome_extension :members: :undoc-members: :show-inheritance: -plaso.analysis.file_hashes module ---------------------------------- +:mod:`file_hashes` Module +------------------------- .. automodule:: plaso.analysis.file_hashes :members: :undoc-members: :show-inheritance: -plaso.analysis.interface module -------------------------------- +:mod:`interface` Module +----------------------- .. automodule:: plaso.analysis.interface :members: :undoc-members: :show-inheritance: -plaso.analysis.manager module ------------------------------ +:mod:`manager` Module +--------------------- .. automodule:: plaso.analysis.manager :members: :undoc-members: :show-inheritance: -plaso.analysis.mediator module ------------------------------- +:mod:`mediator` Module +---------------------- .. automodule:: plaso.analysis.mediator :members: :undoc-members: :show-inheritance: -plaso.analysis.tagging module ------------------------------ +:mod:`tagging` Module +--------------------- .. automodule:: plaso.analysis.tagging :members: :undoc-members: :show-inheritance: -plaso.analysis.unique_domains_visited module --------------------------------------------- +:mod:`unique_domains_visited` Module +------------------------------------ .. automodule:: plaso.analysis.unique_domains_visited :members: :undoc-members: :show-inheritance: -plaso.analysis.viper module ---------------------------- +:mod:`viper` Module +------------------- .. automodule:: plaso.analysis.viper :members: :undoc-members: :show-inheritance: -plaso.analysis.virustotal module --------------------------------- +:mod:`virustotal` Module +------------------------ .. automodule:: plaso.analysis.virustotal :members: :undoc-members: :show-inheritance: -plaso.analysis.windows_services module --------------------------------------- +:mod:`windows_services` Module +------------------------------ .. automodule:: plaso.analysis.windows_services :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.analysis - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.cli.helpers.rst b/docs/plaso.cli.helpers.rst index 44484f03eb..6aa53c75af 100644 --- a/docs/plaso.cli.helpers.rst +++ b/docs/plaso.cli.helpers.rst @@ -1,134 +1,131 @@ -plaso.cli.helpers package -========================= +helpers Package +=============== -Submodules ----------- +:mod:`helpers` Package +---------------------- -plaso.cli.helpers.database_config module ----------------------------------------- +.. automodule:: plaso.cli.helpers + :members: + :undoc-members: + :show-inheritance: + +:mod:`database_config` Module +----------------------------- .. automodule:: plaso.cli.helpers.database_config :members: :undoc-members: :show-inheritance: -plaso.cli.helpers.elastic_output module ---------------------------------------- +:mod:`elastic_output` Module +---------------------------- .. automodule:: plaso.cli.helpers.elastic_output :members: :undoc-members: :show-inheritance: -plaso.cli.helpers.interface module ----------------------------------- +:mod:`interface` Module +----------------------- .. automodule:: plaso.cli.helpers.interface :members: :undoc-members: :show-inheritance: -plaso.cli.helpers.manager module --------------------------------- +:mod:`manager` Module +--------------------- .. automodule:: plaso.cli.helpers.manager :members: :undoc-members: :show-inheritance: -plaso.cli.helpers.mysql_4n6time_output module ---------------------------------------------- +:mod:`mysql_4n6time_output` Module +---------------------------------- .. automodule:: plaso.cli.helpers.mysql_4n6time_output :members: :undoc-members: :show-inheritance: -plaso.cli.helpers.pstorage module ---------------------------------- +:mod:`pstorage` Module +---------------------- .. automodule:: plaso.cli.helpers.pstorage :members: :undoc-members: :show-inheritance: -plaso.cli.helpers.server_config module --------------------------------------- +:mod:`server_config` Module +--------------------------- .. automodule:: plaso.cli.helpers.server_config :members: :undoc-members: :show-inheritance: -plaso.cli.helpers.shared_4n6time_output module ----------------------------------------------- +:mod:`shared_4n6time_output` Module +----------------------------------- .. automodule:: plaso.cli.helpers.shared_4n6time_output :members: :undoc-members: :show-inheritance: -plaso.cli.helpers.sqlite_4n6time_output module ----------------------------------------------- +:mod:`sqlite_4n6time_output` Module +----------------------------------- .. automodule:: plaso.cli.helpers.sqlite_4n6time_output :members: :undoc-members: :show-inheritance: -plaso.cli.helpers.tagging_analysis module ------------------------------------------ +:mod:`tagging_analysis` Module +------------------------------ .. automodule:: plaso.cli.helpers.tagging_analysis :members: :undoc-members: :show-inheritance: -plaso.cli.helpers.timesketch_out module ---------------------------------------- +:mod:`timesketch_out` Module +---------------------------- .. automodule:: plaso.cli.helpers.timesketch_out :members: :undoc-members: :show-inheritance: -plaso.cli.helpers.viper_analysis module ---------------------------------------- +:mod:`viper_analysis` Module +---------------------------- .. automodule:: plaso.cli.helpers.viper_analysis :members: :undoc-members: :show-inheritance: -plaso.cli.helpers.virustotal_analysis module --------------------------------------------- +:mod:`virustotal_analysis` Module +--------------------------------- .. automodule:: plaso.cli.helpers.virustotal_analysis :members: :undoc-members: :show-inheritance: -plaso.cli.helpers.windows_services_analysis module --------------------------------------------------- +:mod:`windows_services_analysis` Module +--------------------------------------- .. automodule:: plaso.cli.helpers.windows_services_analysis :members: :undoc-members: :show-inheritance: -plaso.cli.helpers.xlsx_output module ------------------------------------- +:mod:`xlsx_output` Module +------------------------- .. automodule:: plaso.cli.helpers.xlsx_output :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.cli.helpers - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.cli.rst b/docs/plaso.cli.rst index 5cec4aab5a..05133cf42d 100644 --- a/docs/plaso.cli.rst +++ b/docs/plaso.cli.rst @@ -1,61 +1,58 @@ -plaso.cli package -================= +cli Package +=========== -Subpackages ------------ - -.. toctree:: - - plaso.cli.helpers +:mod:`cli` Package +------------------ -Submodules ----------- +.. automodule:: plaso.cli + :members: + :undoc-members: + :show-inheritance: -plaso.cli.analysis_tool module ------------------------------- +:mod:`analysis_tool` Module +--------------------------- .. automodule:: plaso.cli.analysis_tool :members: :undoc-members: :show-inheritance: -plaso.cli.extraction_tool module --------------------------------- +:mod:`extraction_tool` Module +----------------------------- .. automodule:: plaso.cli.extraction_tool :members: :undoc-members: :show-inheritance: -plaso.cli.hexdump module ------------------------- +:mod:`hexdump` Module +--------------------- .. automodule:: plaso.cli.hexdump :members: :undoc-members: :show-inheritance: -plaso.cli.storage_media_tool module ------------------------------------ +:mod:`storage_media_tool` Module +-------------------------------- .. automodule:: plaso.cli.storage_media_tool :members: :undoc-members: :show-inheritance: -plaso.cli.tools module ----------------------- +:mod:`tools` Module +------------------- .. automodule:: plaso.cli.tools :members: :undoc-members: :show-inheritance: +Subpackages +----------- -Module contents ---------------- +.. toctree:: + + plaso.cli.helpers -.. automodule:: plaso.cli - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.engine.rst b/docs/plaso.engine.rst index a321cfe1f2..f30331fb4b 100644 --- a/docs/plaso.engine.rst +++ b/docs/plaso.engine.rst @@ -1,86 +1,83 @@ -plaso.engine package -==================== +engine Package +============== -Submodules ----------- +:mod:`engine` Package +--------------------- -plaso.engine.collector module ------------------------------ +.. automodule:: plaso.engine + :members: + :undoc-members: + :show-inheritance: + +:mod:`collector` Module +----------------------- .. automodule:: plaso.engine.collector :members: :undoc-members: :show-inheritance: -plaso.engine.engine module --------------------------- +:mod:`engine` Module +-------------------- .. automodule:: plaso.engine.engine :members: :undoc-members: :show-inheritance: -plaso.engine.knowledge_base module ----------------------------------- +:mod:`knowledge_base` Module +---------------------------- .. automodule:: plaso.engine.knowledge_base :members: :undoc-members: :show-inheritance: -plaso.engine.processing_status module -------------------------------------- +:mod:`processing_status` Module +------------------------------- .. automodule:: plaso.engine.processing_status :members: :undoc-members: :show-inheritance: -plaso.engine.profiler module ----------------------------- +:mod:`profiler` Module +---------------------- .. automodule:: plaso.engine.profiler :members: :undoc-members: :show-inheritance: -plaso.engine.queue module -------------------------- +:mod:`queue` Module +------------------- .. automodule:: plaso.engine.queue :members: :undoc-members: :show-inheritance: -plaso.engine.single_process module ----------------------------------- +:mod:`single_process` Module +---------------------------- .. automodule:: plaso.engine.single_process :members: :undoc-members: :show-inheritance: -plaso.engine.utils module -------------------------- +:mod:`utils` Module +------------------- .. automodule:: plaso.engine.utils :members: :undoc-members: :show-inheritance: -plaso.engine.worker module --------------------------- +:mod:`worker` Module +-------------------- .. automodule:: plaso.engine.worker :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.engine - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.events.rst b/docs/plaso.events.rst index 25fc487d6f..cd919d2cc7 100644 --- a/docs/plaso.events.rst +++ b/docs/plaso.events.rst @@ -1,54 +1,51 @@ -plaso.events package -==================== +events Package +============== -Submodules ----------- +:mod:`events` Package +--------------------- -plaso.events.plist_event module -------------------------------- +.. automodule:: plaso.events + :members: + :undoc-members: + :show-inheritance: + +:mod:`plist_event` Module +------------------------- .. automodule:: plaso.events.plist_event :members: :undoc-members: :show-inheritance: -plaso.events.shell_item_events module -------------------------------------- +:mod:`shell_item_events` Module +------------------------------- .. automodule:: plaso.events.shell_item_events :members: :undoc-members: :show-inheritance: -plaso.events.text_events module -------------------------------- +:mod:`text_events` Module +------------------------- .. automodule:: plaso.events.text_events :members: :undoc-members: :show-inheritance: -plaso.events.time_events module -------------------------------- +:mod:`time_events` Module +------------------------- .. automodule:: plaso.events.time_events :members: :undoc-members: :show-inheritance: -plaso.events.windows_events module ----------------------------------- +:mod:`windows_events` Module +---------------------------- .. automodule:: plaso.events.windows_events :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.events - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.filters.rst b/docs/plaso.filters.rst index 92c669b4a7..e7222a4d9c 100644 --- a/docs/plaso.filters.rst +++ b/docs/plaso.filters.rst @@ -1,38 +1,35 @@ -plaso.filters package -===================== +filters Package +=============== -Submodules ----------- +:mod:`filters` Package +---------------------- -plaso.filters.dynamic_filter module ------------------------------------ - -.. automodule:: plaso.filters.dynamic_filter +.. automodule:: plaso.filters :members: :undoc-members: :show-inheritance: -plaso.filters.eventfilter module --------------------------------- +:mod:`dynamic_filter` Module +---------------------------- -.. automodule:: plaso.filters.eventfilter +.. automodule:: plaso.filters.dynamic_filter :members: :undoc-members: :show-inheritance: -plaso.filters.filterlist module -------------------------------- +:mod:`eventfilter` Module +------------------------- -.. automodule:: plaso.filters.filterlist +.. automodule:: plaso.filters.eventfilter :members: :undoc-members: :show-inheritance: +:mod:`filterlist` Module +------------------------ -Module contents ---------------- - -.. automodule:: plaso.filters +.. automodule:: plaso.filters.filterlist :members: :undoc-members: :show-inheritance: + diff --git a/docs/plaso.formatters.rst b/docs/plaso.formatters.rst index d5f36f3839..2fbd8c673c 100644 --- a/docs/plaso.formatters.rst +++ b/docs/plaso.formatters.rst @@ -1,622 +1,619 @@ -plaso.formatters package -======================== +formatters Package +================== -Submodules ----------- +:mod:`formatters` Package +------------------------- -plaso.formatters.android_app_usage module ------------------------------------------ +.. automodule:: plaso.formatters + :members: + :undoc-members: + :show-inheritance: + +:mod:`android_app_usage` Module +------------------------------- .. automodule:: plaso.formatters.android_app_usage :members: :undoc-members: :show-inheritance: -plaso.formatters.android_calls module -------------------------------------- +:mod:`android_calls` Module +--------------------------- .. automodule:: plaso.formatters.android_calls :members: :undoc-members: :show-inheritance: -plaso.formatters.android_sms module ------------------------------------ +:mod:`android_sms` Module +------------------------- .. automodule:: plaso.formatters.android_sms :members: :undoc-members: :show-inheritance: -plaso.formatters.appcompatcache module --------------------------------------- +:mod:`appcompatcache` Module +---------------------------- .. automodule:: plaso.formatters.appcompatcache :members: :undoc-members: :show-inheritance: -plaso.formatters.appusage module --------------------------------- +:mod:`appusage` Module +---------------------- .. automodule:: plaso.formatters.appusage :members: :undoc-members: :show-inheritance: -plaso.formatters.asl module ---------------------------- +:mod:`asl` Module +----------------- .. automodule:: plaso.formatters.asl :members: :undoc-members: :show-inheritance: -plaso.formatters.bencode_parser module --------------------------------------- +:mod:`bencode_parser` Module +---------------------------- .. automodule:: plaso.formatters.bencode_parser :members: :undoc-members: :show-inheritance: -plaso.formatters.bsm module ---------------------------- +:mod:`bsm` Module +----------------- .. automodule:: plaso.formatters.bsm :members: :undoc-members: :show-inheritance: -plaso.formatters.chrome module ------------------------------- +:mod:`chrome` Module +-------------------- .. automodule:: plaso.formatters.chrome :members: :undoc-members: :show-inheritance: -plaso.formatters.chrome_cache module ------------------------------------- +:mod:`chrome_cache` Module +-------------------------- .. automodule:: plaso.formatters.chrome_cache :members: :undoc-members: :show-inheritance: -plaso.formatters.chrome_cookies module --------------------------------------- +:mod:`chrome_cookies` Module +---------------------------- .. automodule:: plaso.formatters.chrome_cookies :members: :undoc-members: :show-inheritance: -plaso.formatters.chrome_extension_activity module -------------------------------------------------- +:mod:`chrome_extension_activity` Module +--------------------------------------- .. automodule:: plaso.formatters.chrome_extension_activity :members: :undoc-members: :show-inheritance: -plaso.formatters.chrome_preferences module ------------------------------------------- +:mod:`chrome_preferences` Module +-------------------------------- .. automodule:: plaso.formatters.chrome_preferences :members: :undoc-members: :show-inheritance: -plaso.formatters.cups_ipp module --------------------------------- +:mod:`cups_ipp` Module +---------------------- .. automodule:: plaso.formatters.cups_ipp :members: :undoc-members: :show-inheritance: -plaso.formatters.default module -------------------------------- +:mod:`default` Module +--------------------- .. automodule:: plaso.formatters.default :members: :undoc-members: :show-inheritance: -plaso.formatters.file_history module ------------------------------------- +:mod:`file_history` Module +-------------------------- .. automodule:: plaso.formatters.file_history :members: :undoc-members: :show-inheritance: -plaso.formatters.filestat module --------------------------------- +:mod:`filestat` Module +---------------------- .. automodule:: plaso.formatters.filestat :members: :undoc-members: :show-inheritance: -plaso.formatters.firefox module -------------------------------- +:mod:`firefox` Module +--------------------- .. automodule:: plaso.formatters.firefox :members: :undoc-members: :show-inheritance: -plaso.formatters.firefox_cache module -------------------------------------- +:mod:`firefox_cache` Module +--------------------------- .. automodule:: plaso.formatters.firefox_cache :members: :undoc-members: :show-inheritance: -plaso.formatters.firefox_cookies module ---------------------------------------- +:mod:`firefox_cookies` Module +----------------------------- .. automodule:: plaso.formatters.firefox_cookies :members: :undoc-members: :show-inheritance: -plaso.formatters.ganalytics module ----------------------------------- +:mod:`ganalytics` Module +------------------------ .. automodule:: plaso.formatters.ganalytics :members: :undoc-members: :show-inheritance: -plaso.formatters.gdrive module ------------------------------- +:mod:`gdrive` Module +-------------------- .. automodule:: plaso.formatters.gdrive :members: :undoc-members: :show-inheritance: -plaso.formatters.hachoir module -------------------------------- +:mod:`hachoir` Module +--------------------- .. automodule:: plaso.formatters.hachoir :members: :undoc-members: :show-inheritance: -plaso.formatters.iis module ---------------------------- +:mod:`iis` Module +----------------- .. automodule:: plaso.formatters.iis :members: :undoc-members: :show-inheritance: -plaso.formatters.interface module ---------------------------------- +:mod:`interface` Module +----------------------- .. automodule:: plaso.formatters.interface :members: :undoc-members: :show-inheritance: -plaso.formatters.ipod module ----------------------------- +:mod:`ipod` Module +------------------ .. automodule:: plaso.formatters.ipod :members: :undoc-members: :show-inheritance: -plaso.formatters.java_idx module --------------------------------- +:mod:`java_idx` Module +---------------------- .. automodule:: plaso.formatters.java_idx :members: :undoc-members: :show-inheritance: -plaso.formatters.ls_quarantine module -------------------------------------- +:mod:`ls_quarantine` Module +--------------------------- .. automodule:: plaso.formatters.ls_quarantine :members: :undoc-members: :show-inheritance: -plaso.formatters.mac_appfirewall module ---------------------------------------- +:mod:`mac_appfirewall` Module +----------------------------- .. automodule:: plaso.formatters.mac_appfirewall :members: :undoc-members: :show-inheritance: -plaso.formatters.mac_document_versions module ---------------------------------------------- +:mod:`mac_document_versions` Module +----------------------------------- .. automodule:: plaso.formatters.mac_document_versions :members: :undoc-members: :show-inheritance: -plaso.formatters.mac_keychain module ------------------------------------- +:mod:`mac_keychain` Module +-------------------------- .. automodule:: plaso.formatters.mac_keychain :members: :undoc-members: :show-inheritance: -plaso.formatters.mac_securityd module -------------------------------------- +:mod:`mac_securityd` Module +--------------------------- .. automodule:: plaso.formatters.mac_securityd :members: :undoc-members: :show-inheritance: -plaso.formatters.mac_wifi module --------------------------------- +:mod:`mac_wifi` Module +---------------------- .. automodule:: plaso.formatters.mac_wifi :members: :undoc-members: :show-inheritance: -plaso.formatters.mackeeper_cache module ---------------------------------------- +:mod:`mackeeper_cache` Module +----------------------------- .. automodule:: plaso.formatters.mackeeper_cache :members: :undoc-members: :show-inheritance: -plaso.formatters.mactime module -------------------------------- +:mod:`mactime` Module +--------------------- .. automodule:: plaso.formatters.mactime :members: :undoc-members: :show-inheritance: -plaso.formatters.manager module -------------------------------- +:mod:`manager` Module +--------------------- .. automodule:: plaso.formatters.manager :members: :undoc-members: :show-inheritance: -plaso.formatters.mcafeeav module --------------------------------- +:mod:`mcafeeav` Module +---------------------- .. automodule:: plaso.formatters.mcafeeav :members: :undoc-members: :show-inheritance: -plaso.formatters.mediator module --------------------------------- +:mod:`mediator` Module +---------------------- .. automodule:: plaso.formatters.mediator :members: :undoc-members: :show-inheritance: -plaso.formatters.msie_webcache module -------------------------------------- +:mod:`msie_webcache` Module +--------------------------- .. automodule:: plaso.formatters.msie_webcache :members: :undoc-members: :show-inheritance: -plaso.formatters.msiecf module ------------------------------- +:mod:`msiecf` Module +-------------------- .. automodule:: plaso.formatters.msiecf :members: :undoc-members: :show-inheritance: -plaso.formatters.olecf module ------------------------------ +:mod:`olecf` Module +------------------- .. automodule:: plaso.formatters.olecf :members: :undoc-members: :show-inheritance: -plaso.formatters.opera module ------------------------------ +:mod:`opera` Module +------------------- .. automodule:: plaso.formatters.opera :members: :undoc-members: :show-inheritance: -plaso.formatters.oxml module ----------------------------- +:mod:`oxml` Module +------------------ .. automodule:: plaso.formatters.oxml :members: :undoc-members: :show-inheritance: -plaso.formatters.pcap module ----------------------------- +:mod:`pcap` Module +------------------ .. automodule:: plaso.formatters.pcap :members: :undoc-members: :show-inheritance: -plaso.formatters.pe module --------------------------- +:mod:`pe` Module +---------------- .. automodule:: plaso.formatters.pe :members: :undoc-members: :show-inheritance: -plaso.formatters.plist module ------------------------------ +:mod:`plist` Module +------------------- .. automodule:: plaso.formatters.plist :members: :undoc-members: :show-inheritance: -plaso.formatters.pls_recall module ----------------------------------- +:mod:`pls_recall` Module +------------------------ .. automodule:: plaso.formatters.pls_recall :members: :undoc-members: :show-inheritance: -plaso.formatters.popcontest module ----------------------------------- +:mod:`popcontest` Module +------------------------ .. automodule:: plaso.formatters.popcontest :members: :undoc-members: :show-inheritance: -plaso.formatters.recycler module --------------------------------- +:mod:`recycler` Module +---------------------- .. automodule:: plaso.formatters.recycler :members: :undoc-members: :show-inheritance: -plaso.formatters.safari module ------------------------------- +:mod:`safari` Module +-------------------- .. automodule:: plaso.formatters.safari :members: :undoc-members: :show-inheritance: -plaso.formatters.safari_cookies module --------------------------------------- +:mod:`safari_cookies` Module +---------------------------- .. automodule:: plaso.formatters.safari_cookies :members: :undoc-members: :show-inheritance: -plaso.formatters.selinux module -------------------------------- +:mod:`selinux` Module +--------------------- .. automodule:: plaso.formatters.selinux :members: :undoc-members: :show-inheritance: -plaso.formatters.shell_items module ------------------------------------ +:mod:`shell_items` Module +------------------------- .. automodule:: plaso.formatters.shell_items :members: :undoc-members: :show-inheritance: -plaso.formatters.skydrivelog module ------------------------------------ +:mod:`skydrivelog` Module +------------------------- .. automodule:: plaso.formatters.skydrivelog :members: :undoc-members: :show-inheritance: -plaso.formatters.skydrivelogerr module --------------------------------------- +:mod:`skydrivelogerr` Module +---------------------------- .. automodule:: plaso.formatters.skydrivelogerr :members: :undoc-members: :show-inheritance: -plaso.formatters.skype module ------------------------------ +:mod:`skype` Module +------------------- .. automodule:: plaso.formatters.skype :members: :undoc-members: :show-inheritance: -plaso.formatters.symantec module --------------------------------- +:mod:`symantec` Module +---------------------- .. automodule:: plaso.formatters.symantec :members: :undoc-members: :show-inheritance: -plaso.formatters.syslog module ------------------------------- +:mod:`syslog` Module +-------------------- .. automodule:: plaso.formatters.syslog :members: :undoc-members: :show-inheritance: -plaso.formatters.task_scheduler module --------------------------------------- +:mod:`task_scheduler` Module +---------------------------- .. automodule:: plaso.formatters.task_scheduler :members: :undoc-members: :show-inheritance: -plaso.formatters.text module ----------------------------- +:mod:`text` Module +------------------ .. automodule:: plaso.formatters.text :members: :undoc-members: :show-inheritance: -plaso.formatters.utmp module ----------------------------- +:mod:`utmp` Module +------------------ .. automodule:: plaso.formatters.utmp :members: :undoc-members: :show-inheritance: -plaso.formatters.utmpx module ------------------------------ +:mod:`utmpx` Module +------------------- .. automodule:: plaso.formatters.utmpx :members: :undoc-members: :show-inheritance: -plaso.formatters.windows module -------------------------------- +:mod:`windows` Module +--------------------- .. automodule:: plaso.formatters.windows :members: :undoc-members: :show-inheritance: -plaso.formatters.winevt module ------------------------------- +:mod:`winevt` Module +-------------------- .. automodule:: plaso.formatters.winevt :members: :undoc-members: :show-inheritance: -plaso.formatters.winevt_rc module ---------------------------------- +:mod:`winevt_rc` Module +----------------------- .. automodule:: plaso.formatters.winevt_rc :members: :undoc-members: :show-inheritance: -plaso.formatters.winevtx module -------------------------------- +:mod:`winevtx` Module +--------------------- .. automodule:: plaso.formatters.winevtx :members: :undoc-members: :show-inheritance: -plaso.formatters.winfirewall module ------------------------------------ +:mod:`winfirewall` Module +------------------------- .. automodule:: plaso.formatters.winfirewall :members: :undoc-members: :show-inheritance: -plaso.formatters.winjob module ------------------------------- +:mod:`winjob` Module +-------------------- .. automodule:: plaso.formatters.winjob :members: :undoc-members: :show-inheritance: -plaso.formatters.winlnk module ------------------------------- +:mod:`winlnk` Module +-------------------- .. automodule:: plaso.formatters.winlnk :members: :undoc-members: :show-inheritance: -plaso.formatters.winprefetch module ------------------------------------ +:mod:`winprefetch` Module +------------------------- .. automodule:: plaso.formatters.winprefetch :members: :undoc-members: :show-inheritance: -plaso.formatters.winreg module ------------------------------- +:mod:`winreg` Module +-------------------- .. automodule:: plaso.formatters.winreg :members: :undoc-members: :show-inheritance: -plaso.formatters.winregservice module -------------------------------------- +:mod:`winregservice` Module +--------------------------- .. automodule:: plaso.formatters.winregservice :members: :undoc-members: :show-inheritance: -plaso.formatters.winrestore module ----------------------------------- +:mod:`winrestore` Module +------------------------ .. automodule:: plaso.formatters.winrestore :members: :undoc-members: :show-inheritance: -plaso.formatters.xchatlog module --------------------------------- +:mod:`xchatlog` Module +---------------------- .. automodule:: plaso.formatters.xchatlog :members: :undoc-members: :show-inheritance: -plaso.formatters.xchatscrollback module ---------------------------------------- +:mod:`xchatscrollback` Module +----------------------------- .. automodule:: plaso.formatters.xchatscrollback :members: :undoc-members: :show-inheritance: -plaso.formatters.zeitgeist module ---------------------------------- +:mod:`zeitgeist` Module +----------------------- .. automodule:: plaso.formatters.zeitgeist :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.formatters - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.frontend.rst b/docs/plaso.frontend.rst index f4af670c74..b9ff9d26e9 100644 --- a/docs/plaso.frontend.rst +++ b/docs/plaso.frontend.rst @@ -1,78 +1,75 @@ -plaso.frontend package -====================== +frontend Package +================ -Submodules ----------- +:mod:`frontend` Package +----------------------- -plaso.frontend.analysis_frontend module ---------------------------------------- +.. automodule:: plaso.frontend + :members: + :undoc-members: + :show-inheritance: + +:mod:`analysis_frontend` Module +------------------------------- .. automodule:: plaso.frontend.analysis_frontend :members: :undoc-members: :show-inheritance: -plaso.frontend.extraction_frontend module ------------------------------------------ +:mod:`extraction_frontend` Module +--------------------------------- .. automodule:: plaso.frontend.extraction_frontend :members: :undoc-members: :show-inheritance: -plaso.frontend.frontend module ------------------------------- +:mod:`frontend` Module +---------------------- .. automodule:: plaso.frontend.frontend :members: :undoc-members: :show-inheritance: -plaso.frontend.image_export module ----------------------------------- +:mod:`image_export` Module +-------------------------- .. automodule:: plaso.frontend.image_export :members: :undoc-members: :show-inheritance: -plaso.frontend.log2timeline module ----------------------------------- +:mod:`log2timeline` Module +-------------------------- .. automodule:: plaso.frontend.log2timeline :members: :undoc-members: :show-inheritance: -plaso.frontend.preg module --------------------------- +:mod:`preg` Module +------------------ .. automodule:: plaso.frontend.preg :members: :undoc-members: :show-inheritance: -plaso.frontend.presets module ------------------------------ +:mod:`presets` Module +--------------------- .. automodule:: plaso.frontend.presets :members: :undoc-members: :show-inheritance: -plaso.frontend.psort module ---------------------------- +:mod:`psort` Module +------------------- .. automodule:: plaso.frontend.psort :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.frontend - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.hashers.rst b/docs/plaso.hashers.rst index 4f097de4aa..b990c0a7e5 100644 --- a/docs/plaso.hashers.rst +++ b/docs/plaso.hashers.rst @@ -1,54 +1,51 @@ -plaso.hashers package -===================== +hashers Package +=============== -Submodules ----------- +:mod:`hashers` Package +---------------------- -plaso.hashers.interface module ------------------------------- +.. automodule:: plaso.hashers + :members: + :undoc-members: + :show-inheritance: + +:mod:`interface` Module +----------------------- .. automodule:: plaso.hashers.interface :members: :undoc-members: :show-inheritance: -plaso.hashers.manager module ----------------------------- +:mod:`manager` Module +--------------------- .. automodule:: plaso.hashers.manager :members: :undoc-members: :show-inheritance: -plaso.hashers.md5 module ------------------------- +:mod:`md5` Module +----------------- .. automodule:: plaso.hashers.md5 :members: :undoc-members: :show-inheritance: -plaso.hashers.sha1 module -------------------------- +:mod:`sha1` Module +------------------ .. automodule:: plaso.hashers.sha1 :members: :undoc-members: :show-inheritance: -plaso.hashers.sha256 module ---------------------------- +:mod:`sha256` Module +-------------------- .. automodule:: plaso.hashers.sha256 :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.hashers - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.lib.rst b/docs/plaso.lib.rst index 7175b3a78f..35caaba917 100644 --- a/docs/plaso.lib.rst +++ b/docs/plaso.lib.rst @@ -1,150 +1,155 @@ -plaso.lib package -================= +lib Package +=========== -Submodules ----------- +:mod:`lib` Package +------------------ -plaso.lib.binary module ------------------------ +.. automodule:: plaso.lib + :members: + :undoc-members: + :show-inheritance: + +:mod:`binary` Module +-------------------- .. automodule:: plaso.lib.binary :members: :undoc-members: :show-inheritance: -plaso.lib.bufferlib module --------------------------- +:mod:`bufferlib` Module +----------------------- .. automodule:: plaso.lib.bufferlib :members: :undoc-members: :show-inheritance: -plaso.lib.definitions module ----------------------------- +:mod:`definitions` Module +------------------------- .. automodule:: plaso.lib.definitions :members: :undoc-members: :show-inheritance: -plaso.lib.errors module ------------------------ +:mod:`errors` Module +-------------------- .. automodule:: plaso.lib.errors :members: :undoc-members: :show-inheritance: -plaso.lib.event module ----------------------- +:mod:`event` Module +------------------- .. automodule:: plaso.lib.event :members: :undoc-members: :show-inheritance: -plaso.lib.eventdata module --------------------------- +:mod:`eventdata` Module +----------------------- .. automodule:: plaso.lib.eventdata :members: :undoc-members: :show-inheritance: -plaso.lib.filter_interface module ---------------------------------- +:mod:`filter_interface` Module +------------------------------ .. automodule:: plaso.lib.filter_interface :members: :undoc-members: :show-inheritance: -plaso.lib.lexer module ----------------------- +:mod:`lexer` Module +------------------- .. automodule:: plaso.lib.lexer :members: :undoc-members: :show-inheritance: -plaso.lib.limit module ----------------------- +:mod:`limit` Module +------------------- .. automodule:: plaso.lib.limit :members: :undoc-members: :show-inheritance: -plaso.lib.objectfilter module ------------------------------ +:mod:`objectfilter` Module +-------------------------- .. automodule:: plaso.lib.objectfilter :members: :undoc-members: :show-inheritance: -plaso.lib.pfilter module ------------------------- +:mod:`pfilter` Module +--------------------- .. automodule:: plaso.lib.pfilter :members: :undoc-members: :show-inheritance: -plaso.lib.py2to3 module ------------------------ +:mod:`plist` Module +------------------- + +.. automodule:: plaso.lib.plist + :members: + :undoc-members: + :show-inheritance: + +:mod:`py2to3` Module +-------------------- .. automodule:: plaso.lib.py2to3 :members: :undoc-members: :show-inheritance: -plaso.lib.registry module -------------------------- +:mod:`registry` Module +---------------------- .. automodule:: plaso.lib.registry :members: :undoc-members: :show-inheritance: -plaso.lib.specification module ------------------------------- +:mod:`specification` Module +--------------------------- .. automodule:: plaso.lib.specification :members: :undoc-members: :show-inheritance: -plaso.lib.storage module ------------------------- +:mod:`storage` Module +--------------------- .. automodule:: plaso.lib.storage :members: :undoc-members: :show-inheritance: -plaso.lib.timelib module ------------------------- +:mod:`timelib` Module +--------------------- .. automodule:: plaso.lib.timelib :members: :undoc-members: :show-inheritance: -plaso.lib.utils module ----------------------- +:mod:`utils` Module +------------------- .. automodule:: plaso.lib.utils :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.lib - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.multi_processing.rst b/docs/plaso.multi_processing.rst index 73bae81fdf..c77dfa883a 100644 --- a/docs/plaso.multi_processing.rst +++ b/docs/plaso.multi_processing.rst @@ -1,46 +1,43 @@ -plaso.multi_processing package -============================== +multi_processing Package +======================== -Submodules ----------- +:mod:`multi_processing` Package +------------------------------- -plaso.multi_processing.multi_process module -------------------------------------------- +.. automodule:: plaso.multi_processing + :members: + :undoc-members: + :show-inheritance: + +:mod:`multi_process` Module +--------------------------- .. automodule:: plaso.multi_processing.multi_process :members: :undoc-members: :show-inheritance: -plaso.multi_processing.process_info module ------------------------------------------- +:mod:`process_info` Module +-------------------------- .. automodule:: plaso.multi_processing.process_info :members: :undoc-members: :show-inheritance: -plaso.multi_processing.rpc module ---------------------------------- +:mod:`rpc` Module +----------------- .. automodule:: plaso.multi_processing.rpc :members: :undoc-members: :show-inheritance: -plaso.multi_processing.xmlrpc module ------------------------------------- +:mod:`xmlrpc` Module +-------------------- .. automodule:: plaso.multi_processing.xmlrpc :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.multi_processing - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.output.rst b/docs/plaso.output.rst index 15f2d99944..4009bb1867 100644 --- a/docs/plaso.output.rst +++ b/docs/plaso.output.rst @@ -1,150 +1,147 @@ -plaso.output package -==================== +output Package +============== -Submodules ----------- +:mod:`output` Package +--------------------- -plaso.output.dynamic module ---------------------------- +.. automodule:: plaso.output + :members: + :undoc-members: + :show-inheritance: + +:mod:`dynamic` Module +--------------------- .. automodule:: plaso.output.dynamic :members: :undoc-members: :show-inheritance: -plaso.output.elastic module ---------------------------- +:mod:`elastic` Module +--------------------- .. automodule:: plaso.output.elastic :members: :undoc-members: :show-inheritance: -plaso.output.interface module ------------------------------ +:mod:`interface` Module +----------------------- .. automodule:: plaso.output.interface :members: :undoc-members: :show-inheritance: -plaso.output.json_line module ------------------------------ +:mod:`json_line` Module +----------------------- .. automodule:: plaso.output.json_line :members: :undoc-members: :show-inheritance: -plaso.output.json_out module ----------------------------- +:mod:`json_out` Module +---------------------- .. automodule:: plaso.output.json_out :members: :undoc-members: :show-inheritance: -plaso.output.l2t_csv module ---------------------------- +:mod:`l2t_csv` Module +--------------------- .. automodule:: plaso.output.l2t_csv :members: :undoc-members: :show-inheritance: -plaso.output.manager module ---------------------------- +:mod:`manager` Module +--------------------- .. automodule:: plaso.output.manager :members: :undoc-members: :show-inheritance: -plaso.output.mediator module ----------------------------- +:mod:`mediator` Module +---------------------- .. automodule:: plaso.output.mediator :members: :undoc-members: :show-inheritance: -plaso.output.mysql_4n6time module ---------------------------------- +:mod:`mysql_4n6time` Module +--------------------------- .. automodule:: plaso.output.mysql_4n6time :members: :undoc-members: :show-inheritance: -plaso.output.null module ------------------------- +:mod:`null` Module +------------------ .. automodule:: plaso.output.null :members: :undoc-members: :show-inheritance: -plaso.output.pstorage module ----------------------------- +:mod:`pstorage` Module +---------------------- .. automodule:: plaso.output.pstorage :members: :undoc-members: :show-inheritance: -plaso.output.rawpy module -------------------------- +:mod:`rawpy` Module +------------------- .. automodule:: plaso.output.rawpy :members: :undoc-members: :show-inheritance: -plaso.output.shared_4n6time module ----------------------------------- +:mod:`shared_4n6time` Module +---------------------------- .. automodule:: plaso.output.shared_4n6time :members: :undoc-members: :show-inheritance: -plaso.output.sqlite_4n6time module ----------------------------------- +:mod:`sqlite_4n6time` Module +---------------------------- .. automodule:: plaso.output.sqlite_4n6time :members: :undoc-members: :show-inheritance: -plaso.output.timesketch_out module ----------------------------------- +:mod:`timesketch_out` Module +---------------------------- .. automodule:: plaso.output.timesketch_out :members: :undoc-members: :show-inheritance: -plaso.output.tln module ------------------------ +:mod:`tln` Module +----------------- .. automodule:: plaso.output.tln :members: :undoc-members: :show-inheritance: -plaso.output.xlsx module ------------------------- +:mod:`xlsx` Module +------------------ .. automodule:: plaso.output.xlsx :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.output - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.parsers.bencode_plugins.rst b/docs/plaso.parsers.bencode_plugins.rst index 4d0f317f9b..69e7fd994e 100644 --- a/docs/plaso.parsers.bencode_plugins.rst +++ b/docs/plaso.parsers.bencode_plugins.rst @@ -1,38 +1,35 @@ -plaso.parsers.bencode_plugins package -===================================== +bencode_plugins Package +======================= -Submodules ----------- +:mod:`bencode_plugins` Package +------------------------------ -plaso.parsers.bencode_plugins.interface module ----------------------------------------------- - -.. automodule:: plaso.parsers.bencode_plugins.interface +.. automodule:: plaso.parsers.bencode_plugins :members: :undoc-members: :show-inheritance: -plaso.parsers.bencode_plugins.transmission module -------------------------------------------------- +:mod:`interface` Module +----------------------- -.. automodule:: plaso.parsers.bencode_plugins.transmission +.. automodule:: plaso.parsers.bencode_plugins.interface :members: :undoc-members: :show-inheritance: -plaso.parsers.bencode_plugins.utorrent module ---------------------------------------------- +:mod:`transmission` Module +-------------------------- -.. automodule:: plaso.parsers.bencode_plugins.utorrent +.. automodule:: plaso.parsers.bencode_plugins.transmission :members: :undoc-members: :show-inheritance: +:mod:`utorrent` Module +---------------------- -Module contents ---------------- - -.. automodule:: plaso.parsers.bencode_plugins +.. automodule:: plaso.parsers.bencode_plugins.utorrent :members: :undoc-members: :show-inheritance: + diff --git a/docs/plaso.parsers.cookie_plugins.rst b/docs/plaso.parsers.cookie_plugins.rst index 97b5f6ada9..7a707e112e 100644 --- a/docs/plaso.parsers.cookie_plugins.rst +++ b/docs/plaso.parsers.cookie_plugins.rst @@ -1,38 +1,35 @@ -plaso.parsers.cookie_plugins package -==================================== +cookie_plugins Package +====================== -Submodules ----------- +:mod:`cookie_plugins` Package +----------------------------- -plaso.parsers.cookie_plugins.ganalytics module ----------------------------------------------- - -.. automodule:: plaso.parsers.cookie_plugins.ganalytics +.. automodule:: plaso.parsers.cookie_plugins :members: :undoc-members: :show-inheritance: -plaso.parsers.cookie_plugins.interface module ---------------------------------------------- +:mod:`ganalytics` Module +------------------------ -.. automodule:: plaso.parsers.cookie_plugins.interface +.. automodule:: plaso.parsers.cookie_plugins.ganalytics :members: :undoc-members: :show-inheritance: -plaso.parsers.cookie_plugins.manager module -------------------------------------------- +:mod:`interface` Module +----------------------- -.. automodule:: plaso.parsers.cookie_plugins.manager +.. automodule:: plaso.parsers.cookie_plugins.interface :members: :undoc-members: :show-inheritance: +:mod:`manager` Module +--------------------- -Module contents ---------------- - -.. automodule:: plaso.parsers.cookie_plugins +.. automodule:: plaso.parsers.cookie_plugins.manager :members: :undoc-members: :show-inheritance: + diff --git a/docs/plaso.parsers.esedb_plugins.rst b/docs/plaso.parsers.esedb_plugins.rst index 4fd38b46a6..6a3df8d0a9 100644 --- a/docs/plaso.parsers.esedb_plugins.rst +++ b/docs/plaso.parsers.esedb_plugins.rst @@ -1,38 +1,35 @@ -plaso.parsers.esedb_plugins package -=================================== +esedb_plugins Package +===================== -Submodules ----------- +:mod:`esedb_plugins` Package +---------------------------- -plaso.parsers.esedb_plugins.file_history module ------------------------------------------------ - -.. automodule:: plaso.parsers.esedb_plugins.file_history +.. automodule:: plaso.parsers.esedb_plugins :members: :undoc-members: :show-inheritance: -plaso.parsers.esedb_plugins.interface module --------------------------------------------- +:mod:`file_history` Module +-------------------------- -.. automodule:: plaso.parsers.esedb_plugins.interface +.. automodule:: plaso.parsers.esedb_plugins.file_history :members: :undoc-members: :show-inheritance: -plaso.parsers.esedb_plugins.msie_webcache module ------------------------------------------------- +:mod:`interface` Module +----------------------- -.. automodule:: plaso.parsers.esedb_plugins.msie_webcache +.. automodule:: plaso.parsers.esedb_plugins.interface :members: :undoc-members: :show-inheritance: +:mod:`msie_webcache` Module +--------------------------- -Module contents ---------------- - -.. automodule:: plaso.parsers.esedb_plugins +.. automodule:: plaso.parsers.esedb_plugins.msie_webcache :members: :undoc-members: :show-inheritance: + diff --git a/docs/plaso.parsers.olecf_plugins.rst b/docs/plaso.parsers.olecf_plugins.rst index a87c4b52ab..6de129ca2b 100644 --- a/docs/plaso.parsers.olecf_plugins.rst +++ b/docs/plaso.parsers.olecf_plugins.rst @@ -1,46 +1,43 @@ -plaso.parsers.olecf_plugins package -=================================== +olecf_plugins Package +===================== -Submodules ----------- +:mod:`olecf_plugins` Package +---------------------------- -plaso.parsers.olecf_plugins.automatic_destinations module ---------------------------------------------------------- +.. automodule:: plaso.parsers.olecf_plugins + :members: + :undoc-members: + :show-inheritance: + +:mod:`automatic_destinations` Module +------------------------------------ .. automodule:: plaso.parsers.olecf_plugins.automatic_destinations :members: :undoc-members: :show-inheritance: -plaso.parsers.olecf_plugins.default module ------------------------------------------- +:mod:`default` Module +--------------------- .. automodule:: plaso.parsers.olecf_plugins.default :members: :undoc-members: :show-inheritance: -plaso.parsers.olecf_plugins.interface module --------------------------------------------- +:mod:`interface` Module +----------------------- .. automodule:: plaso.parsers.olecf_plugins.interface :members: :undoc-members: :show-inheritance: -plaso.parsers.olecf_plugins.summary module ------------------------------------------- +:mod:`summary` Module +--------------------- .. automodule:: plaso.parsers.olecf_plugins.summary :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.parsers.olecf_plugins - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.parsers.plist_plugins.rst b/docs/plaso.parsers.plist_plugins.rst index 1b45e5cffa..26b4772230 100644 --- a/docs/plaso.parsers.plist_plugins.rst +++ b/docs/plaso.parsers.plist_plugins.rst @@ -1,118 +1,115 @@ -plaso.parsers.plist_plugins package -=================================== +plist_plugins Package +===================== -Submodules ----------- +:mod:`plist_plugins` Package +---------------------------- -plaso.parsers.plist_plugins.airport module ------------------------------------------- +.. automodule:: plaso.parsers.plist_plugins + :members: + :undoc-members: + :show-inheritance: + +:mod:`airport` Module +--------------------- .. automodule:: plaso.parsers.plist_plugins.airport :members: :undoc-members: :show-inheritance: -plaso.parsers.plist_plugins.appleaccount module ------------------------------------------------ +:mod:`appleaccount` Module +-------------------------- .. automodule:: plaso.parsers.plist_plugins.appleaccount :members: :undoc-members: :show-inheritance: -plaso.parsers.plist_plugins.bluetooth module --------------------------------------------- +:mod:`bluetooth` Module +----------------------- .. automodule:: plaso.parsers.plist_plugins.bluetooth :members: :undoc-members: :show-inheritance: -plaso.parsers.plist_plugins.default module ------------------------------------------- +:mod:`default` Module +--------------------- .. automodule:: plaso.parsers.plist_plugins.default :members: :undoc-members: :show-inheritance: -plaso.parsers.plist_plugins.install_history module --------------------------------------------------- +:mod:`install_history` Module +----------------------------- .. automodule:: plaso.parsers.plist_plugins.install_history :members: :undoc-members: :show-inheritance: -plaso.parsers.plist_plugins.interface module --------------------------------------------- +:mod:`interface` Module +----------------------- .. automodule:: plaso.parsers.plist_plugins.interface :members: :undoc-members: :show-inheritance: -plaso.parsers.plist_plugins.ipod module ---------------------------------------- +:mod:`ipod` Module +------------------ .. automodule:: plaso.parsers.plist_plugins.ipod :members: :undoc-members: :show-inheritance: -plaso.parsers.plist_plugins.macuser module ------------------------------------------- +:mod:`macuser` Module +--------------------- .. automodule:: plaso.parsers.plist_plugins.macuser :members: :undoc-members: :show-inheritance: -plaso.parsers.plist_plugins.safari module ------------------------------------------ +:mod:`safari` Module +-------------------- .. automodule:: plaso.parsers.plist_plugins.safari :members: :undoc-members: :show-inheritance: -plaso.parsers.plist_plugins.softwareupdate module -------------------------------------------------- +:mod:`softwareupdate` Module +---------------------------- .. automodule:: plaso.parsers.plist_plugins.softwareupdate :members: :undoc-members: :show-inheritance: -plaso.parsers.plist_plugins.spotlight module --------------------------------------------- +:mod:`spotlight` Module +----------------------- .. automodule:: plaso.parsers.plist_plugins.spotlight :members: :undoc-members: :show-inheritance: -plaso.parsers.plist_plugins.spotlight_volume module ---------------------------------------------------- +:mod:`spotlight_volume` Module +------------------------------ .. automodule:: plaso.parsers.plist_plugins.spotlight_volume :members: :undoc-members: :show-inheritance: -plaso.parsers.plist_plugins.timemachine module ----------------------------------------------- +:mod:`timemachine` Module +------------------------- .. automodule:: plaso.parsers.plist_plugins.timemachine :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.parsers.plist_plugins - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.parsers.rst b/docs/plaso.parsers.rst index b1df135858..a829a5dca0 100644 --- a/docs/plaso.parsers.rst +++ b/docs/plaso.parsers.rst @@ -1,460 +1,457 @@ -plaso.parsers package -===================== +parsers Package +=============== -Subpackages ------------ - -.. toctree:: - - plaso.parsers.bencode_plugins - plaso.parsers.cookie_plugins - plaso.parsers.esedb_plugins - plaso.parsers.olecf_plugins - plaso.parsers.plist_plugins - plaso.parsers.shared - plaso.parsers.sqlite_plugins - plaso.parsers.winreg_plugins +:mod:`parsers` Package +---------------------- -Submodules ----------- +.. automodule:: plaso.parsers + :members: + :undoc-members: + :show-inheritance: -plaso.parsers.android_app_usage module --------------------------------------- +:mod:`android_app_usage` Module +------------------------------- .. automodule:: plaso.parsers.android_app_usage :members: :undoc-members: :show-inheritance: -plaso.parsers.asl module ------------------------- +:mod:`asl` Module +----------------- .. automodule:: plaso.parsers.asl :members: :undoc-members: :show-inheritance: -plaso.parsers.bencode_parser module ------------------------------------ +:mod:`bencode_parser` Module +---------------------------- .. automodule:: plaso.parsers.bencode_parser :members: :undoc-members: :show-inheritance: -plaso.parsers.bsm module ------------------------- +:mod:`bsm` Module +----------------- .. automodule:: plaso.parsers.bsm :members: :undoc-members: :show-inheritance: -plaso.parsers.chrome_cache module ---------------------------------- +:mod:`chrome_cache` Module +-------------------------- .. automodule:: plaso.parsers.chrome_cache :members: :undoc-members: :show-inheritance: -plaso.parsers.chrome_preferences module ---------------------------------------- +:mod:`chrome_preferences` Module +-------------------------------- .. automodule:: plaso.parsers.chrome_preferences :members: :undoc-members: :show-inheritance: -plaso.parsers.cups_ipp module ------------------------------ +:mod:`cups_ipp` Module +---------------------- .. automodule:: plaso.parsers.cups_ipp :members: :undoc-members: :show-inheritance: -plaso.parsers.custom_destinations module ----------------------------------------- +:mod:`custom_destinations` Module +--------------------------------- .. automodule:: plaso.parsers.custom_destinations :members: :undoc-members: :show-inheritance: -plaso.parsers.esedb module --------------------------- +:mod:`esedb` Module +------------------- .. automodule:: plaso.parsers.esedb :members: :undoc-members: :show-inheritance: -plaso.parsers.filestat module ------------------------------ +:mod:`filestat` Module +---------------------- .. automodule:: plaso.parsers.filestat :members: :undoc-members: :show-inheritance: -plaso.parsers.firefox_cache module ----------------------------------- +:mod:`firefox_cache` Module +--------------------------- .. automodule:: plaso.parsers.firefox_cache :members: :undoc-members: :show-inheritance: -plaso.parsers.hachoir module ----------------------------- +:mod:`hachoir` Module +--------------------- .. automodule:: plaso.parsers.hachoir :members: :undoc-members: :show-inheritance: -plaso.parsers.iis module ------------------------- +:mod:`iis` Module +----------------- .. automodule:: plaso.parsers.iis :members: :undoc-members: :show-inheritance: -plaso.parsers.interface module ------------------------------- +:mod:`interface` Module +----------------------- .. automodule:: plaso.parsers.interface :members: :undoc-members: :show-inheritance: -plaso.parsers.java_idx module ------------------------------ +:mod:`java_idx` Module +---------------------- .. automodule:: plaso.parsers.java_idx :members: :undoc-members: :show-inheritance: -plaso.parsers.mac_appfirewall module ------------------------------------- +:mod:`mac_appfirewall` Module +----------------------------- .. automodule:: plaso.parsers.mac_appfirewall :members: :undoc-members: :show-inheritance: -plaso.parsers.mac_keychain module ---------------------------------- +:mod:`mac_keychain` Module +-------------------------- .. automodule:: plaso.parsers.mac_keychain :members: :undoc-members: :show-inheritance: -plaso.parsers.mac_securityd module ----------------------------------- +:mod:`mac_securityd` Module +--------------------------- .. automodule:: plaso.parsers.mac_securityd :members: :undoc-members: :show-inheritance: -plaso.parsers.mac_wifi module ------------------------------ +:mod:`mac_wifi` Module +---------------------- .. automodule:: plaso.parsers.mac_wifi :members: :undoc-members: :show-inheritance: -plaso.parsers.mactime module ----------------------------- +:mod:`mactime` Module +--------------------- .. automodule:: plaso.parsers.mactime :members: :undoc-members: :show-inheritance: -plaso.parsers.manager module ----------------------------- +:mod:`manager` Module +--------------------- .. automodule:: plaso.parsers.manager :members: :undoc-members: :show-inheritance: -plaso.parsers.mcafeeav module ------------------------------ +:mod:`mcafeeav` Module +---------------------- .. automodule:: plaso.parsers.mcafeeav :members: :undoc-members: :show-inheritance: -plaso.parsers.mediator module ------------------------------ +:mod:`mediator` Module +---------------------- .. automodule:: plaso.parsers.mediator :members: :undoc-members: :show-inheritance: -plaso.parsers.msiecf module ---------------------------- +:mod:`msiecf` Module +-------------------- .. automodule:: plaso.parsers.msiecf :members: :undoc-members: :show-inheritance: -plaso.parsers.olecf module --------------------------- +:mod:`olecf` Module +------------------- .. automodule:: plaso.parsers.olecf :members: :undoc-members: :show-inheritance: -plaso.parsers.opera module --------------------------- +:mod:`opera` Module +------------------- .. automodule:: plaso.parsers.opera :members: :undoc-members: :show-inheritance: -plaso.parsers.oxml module -------------------------- +:mod:`oxml` Module +------------------ .. automodule:: plaso.parsers.oxml :members: :undoc-members: :show-inheritance: -plaso.parsers.pcap module -------------------------- +:mod:`pcap` Module +------------------ .. automodule:: plaso.parsers.pcap :members: :undoc-members: :show-inheritance: -plaso.parsers.pe module ------------------------ +:mod:`pe` Module +---------------- .. automodule:: plaso.parsers.pe :members: :undoc-members: :show-inheritance: -plaso.parsers.plist module --------------------------- +:mod:`plist` Module +------------------- .. automodule:: plaso.parsers.plist :members: :undoc-members: :show-inheritance: -plaso.parsers.pls_recall module -------------------------------- +:mod:`pls_recall` Module +------------------------ .. automodule:: plaso.parsers.pls_recall :members: :undoc-members: :show-inheritance: -plaso.parsers.plugins module ----------------------------- +:mod:`plugins` Module +--------------------- .. automodule:: plaso.parsers.plugins :members: :undoc-members: :show-inheritance: -plaso.parsers.popcontest module -------------------------------- +:mod:`popcontest` Module +------------------------ .. automodule:: plaso.parsers.popcontest :members: :undoc-members: :show-inheritance: -plaso.parsers.recycler module ------------------------------ +:mod:`recycler` Module +---------------------- .. automodule:: plaso.parsers.recycler :members: :undoc-members: :show-inheritance: -plaso.parsers.safari_cookies module ------------------------------------ +:mod:`safari_cookies` Module +---------------------------- .. automodule:: plaso.parsers.safari_cookies :members: :undoc-members: :show-inheritance: -plaso.parsers.selinux module ----------------------------- +:mod:`selinux` Module +--------------------- .. automodule:: plaso.parsers.selinux :members: :undoc-members: :show-inheritance: -plaso.parsers.skydrivelog module --------------------------------- +:mod:`skydrivelog` Module +------------------------- .. automodule:: plaso.parsers.skydrivelog :members: :undoc-members: :show-inheritance: -plaso.parsers.skydrivelogerr module ------------------------------------ +:mod:`skydrivelogerr` Module +---------------------------- .. automodule:: plaso.parsers.skydrivelogerr :members: :undoc-members: :show-inheritance: -plaso.parsers.sqlite module ---------------------------- +:mod:`sqlite` Module +-------------------- .. automodule:: plaso.parsers.sqlite :members: :undoc-members: :show-inheritance: -plaso.parsers.symantec module ------------------------------ +:mod:`symantec` Module +---------------------- .. automodule:: plaso.parsers.symantec :members: :undoc-members: :show-inheritance: -plaso.parsers.syslog module ---------------------------- +:mod:`syslog` Module +-------------------- .. automodule:: plaso.parsers.syslog :members: :undoc-members: :show-inheritance: -plaso.parsers.text_parser module --------------------------------- +:mod:`text_parser` Module +------------------------- .. automodule:: plaso.parsers.text_parser :members: :undoc-members: :show-inheritance: -plaso.parsers.utmp module -------------------------- +:mod:`utmp` Module +------------------ .. automodule:: plaso.parsers.utmp :members: :undoc-members: :show-inheritance: -plaso.parsers.utmpx module --------------------------- +:mod:`utmpx` Module +------------------- .. automodule:: plaso.parsers.utmpx :members: :undoc-members: :show-inheritance: -plaso.parsers.winevt module ---------------------------- +:mod:`winevt` Module +-------------------- .. automodule:: plaso.parsers.winevt :members: :undoc-members: :show-inheritance: -plaso.parsers.winevtx module ----------------------------- +:mod:`winevtx` Module +--------------------- .. automodule:: plaso.parsers.winevtx :members: :undoc-members: :show-inheritance: -plaso.parsers.winfirewall module --------------------------------- +:mod:`winfirewall` Module +------------------------- .. automodule:: plaso.parsers.winfirewall :members: :undoc-members: :show-inheritance: -plaso.parsers.winjob module ---------------------------- +:mod:`winjob` Module +-------------------- .. automodule:: plaso.parsers.winjob :members: :undoc-members: :show-inheritance: -plaso.parsers.winlnk module ---------------------------- +:mod:`winlnk` Module +-------------------- .. automodule:: plaso.parsers.winlnk :members: :undoc-members: :show-inheritance: -plaso.parsers.winprefetch module --------------------------------- +:mod:`winprefetch` Module +------------------------- .. automodule:: plaso.parsers.winprefetch :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg module ---------------------------- +:mod:`winreg` Module +-------------------- .. automodule:: plaso.parsers.winreg :members: :undoc-members: :show-inheritance: -plaso.parsers.winrestore module -------------------------------- +:mod:`winrestore` Module +------------------------ .. automodule:: plaso.parsers.winrestore :members: :undoc-members: :show-inheritance: -plaso.parsers.xchatlog module ------------------------------ +:mod:`xchatlog` Module +---------------------- .. automodule:: plaso.parsers.xchatlog :members: :undoc-members: :show-inheritance: -plaso.parsers.xchatscrollback module ------------------------------------- +:mod:`xchatscrollback` Module +----------------------------- .. automodule:: plaso.parsers.xchatscrollback :members: :undoc-members: :show-inheritance: +Subpackages +----------- -Module contents ---------------- +.. toctree:: + + plaso.parsers.bencode_plugins + plaso.parsers.cookie_plugins + plaso.parsers.esedb_plugins + plaso.parsers.olecf_plugins + plaso.parsers.plist_plugins + plaso.parsers.shared + plaso.parsers.sqlite_plugins + plaso.parsers.winreg_plugins -.. automodule:: plaso.parsers - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.parsers.shared.rst b/docs/plaso.parsers.shared.rst index f56dde9ec5..90276f0a0d 100644 --- a/docs/plaso.parsers.shared.rst +++ b/docs/plaso.parsers.shared.rst @@ -1,22 +1,19 @@ -plaso.parsers.shared package -============================ +shared Package +============== -Submodules ----------- +:mod:`shared` Package +--------------------- -plaso.parsers.shared.shell_items module ---------------------------------------- - -.. automodule:: plaso.parsers.shared.shell_items +.. automodule:: plaso.parsers.shared :members: :undoc-members: :show-inheritance: +:mod:`shell_items` Module +------------------------- -Module contents ---------------- - -.. automodule:: plaso.parsers.shared +.. automodule:: plaso.parsers.shared.shell_items :members: :undoc-members: :show-inheritance: + diff --git a/docs/plaso.parsers.sqlite_plugins.rst b/docs/plaso.parsers.sqlite_plugins.rst index d336bc4ecd..a9cc4a6342 100644 --- a/docs/plaso.parsers.sqlite_plugins.rst +++ b/docs/plaso.parsers.sqlite_plugins.rst @@ -1,134 +1,131 @@ -plaso.parsers.sqlite_plugins package -==================================== +sqlite_plugins Package +====================== -Submodules ----------- +:mod:`sqlite_plugins` Package +----------------------------- -plaso.parsers.sqlite_plugins.android_calls module -------------------------------------------------- +.. automodule:: plaso.parsers.sqlite_plugins + :members: + :undoc-members: + :show-inheritance: + +:mod:`android_calls` Module +--------------------------- .. automodule:: plaso.parsers.sqlite_plugins.android_calls :members: :undoc-members: :show-inheritance: -plaso.parsers.sqlite_plugins.android_sms module ------------------------------------------------ +:mod:`android_sms` Module +------------------------- .. automodule:: plaso.parsers.sqlite_plugins.android_sms :members: :undoc-members: :show-inheritance: -plaso.parsers.sqlite_plugins.appusage module --------------------------------------------- +:mod:`appusage` Module +---------------------- .. automodule:: plaso.parsers.sqlite_plugins.appusage :members: :undoc-members: :show-inheritance: -plaso.parsers.sqlite_plugins.chrome module ------------------------------------------- +:mod:`chrome` Module +-------------------- .. automodule:: plaso.parsers.sqlite_plugins.chrome :members: :undoc-members: :show-inheritance: -plaso.parsers.sqlite_plugins.chrome_cookies module --------------------------------------------------- +:mod:`chrome_cookies` Module +---------------------------- .. automodule:: plaso.parsers.sqlite_plugins.chrome_cookies :members: :undoc-members: :show-inheritance: -plaso.parsers.sqlite_plugins.chrome_extension_activity module -------------------------------------------------------------- +:mod:`chrome_extension_activity` Module +--------------------------------------- .. automodule:: plaso.parsers.sqlite_plugins.chrome_extension_activity :members: :undoc-members: :show-inheritance: -plaso.parsers.sqlite_plugins.firefox module -------------------------------------------- +:mod:`firefox` Module +--------------------- .. automodule:: plaso.parsers.sqlite_plugins.firefox :members: :undoc-members: :show-inheritance: -plaso.parsers.sqlite_plugins.firefox_cookies module ---------------------------------------------------- +:mod:`firefox_cookies` Module +----------------------------- .. automodule:: plaso.parsers.sqlite_plugins.firefox_cookies :members: :undoc-members: :show-inheritance: -plaso.parsers.sqlite_plugins.gdrive module ------------------------------------------- +:mod:`gdrive` Module +-------------------- .. automodule:: plaso.parsers.sqlite_plugins.gdrive :members: :undoc-members: :show-inheritance: -plaso.parsers.sqlite_plugins.interface module ---------------------------------------------- +:mod:`interface` Module +----------------------- .. automodule:: plaso.parsers.sqlite_plugins.interface :members: :undoc-members: :show-inheritance: -plaso.parsers.sqlite_plugins.ls_quarantine module -------------------------------------------------- +:mod:`ls_quarantine` Module +--------------------------- .. automodule:: plaso.parsers.sqlite_plugins.ls_quarantine :members: :undoc-members: :show-inheritance: -plaso.parsers.sqlite_plugins.mac_document_versions module ---------------------------------------------------------- +:mod:`mac_document_versions` Module +----------------------------------- .. automodule:: plaso.parsers.sqlite_plugins.mac_document_versions :members: :undoc-members: :show-inheritance: -plaso.parsers.sqlite_plugins.mackeeper_cache module ---------------------------------------------------- +:mod:`mackeeper_cache` Module +----------------------------- .. automodule:: plaso.parsers.sqlite_plugins.mackeeper_cache :members: :undoc-members: :show-inheritance: -plaso.parsers.sqlite_plugins.skype module ------------------------------------------ +:mod:`skype` Module +------------------- .. automodule:: plaso.parsers.sqlite_plugins.skype :members: :undoc-members: :show-inheritance: -plaso.parsers.sqlite_plugins.zeitgeist module ---------------------------------------------- +:mod:`zeitgeist` Module +----------------------- .. automodule:: plaso.parsers.sqlite_plugins.zeitgeist :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.parsers.sqlite_plugins - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.parsers.winreg_plugins.rst b/docs/plaso.parsers.winreg_plugins.rst index b4a4a8af07..0a331504ef 100644 --- a/docs/plaso.parsers.winreg_plugins.rst +++ b/docs/plaso.parsers.winreg_plugins.rst @@ -1,214 +1,211 @@ -plaso.parsers.winreg_plugins package -==================================== +winreg_plugins Package +====================== -Submodules ----------- +:mod:`winreg_plugins` Package +----------------------------- -plaso.parsers.winreg_plugins.appcompatcache module --------------------------------------------------- +.. automodule:: plaso.parsers.winreg_plugins + :members: + :undoc-members: + :show-inheritance: + +:mod:`appcompatcache` Module +---------------------------- .. automodule:: plaso.parsers.winreg_plugins.appcompatcache :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.bagmru module ------------------------------------------- +:mod:`bagmru` Module +-------------------- .. automodule:: plaso.parsers.winreg_plugins.bagmru :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.ccleaner module --------------------------------------------- +:mod:`ccleaner` Module +---------------------- .. automodule:: plaso.parsers.winreg_plugins.ccleaner :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.default module -------------------------------------------- +:mod:`default` Module +--------------------- .. automodule:: plaso.parsers.winreg_plugins.default :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.interface module ---------------------------------------------- +:mod:`interface` Module +----------------------- .. automodule:: plaso.parsers.winreg_plugins.interface :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.lfu module ---------------------------------------- +:mod:`lfu` Module +----------------- .. automodule:: plaso.parsers.winreg_plugins.lfu :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.mountpoints module ------------------------------------------------ +:mod:`mountpoints` Module +------------------------- .. automodule:: plaso.parsers.winreg_plugins.mountpoints :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.mrulist module -------------------------------------------- +:mod:`mrulist` Module +--------------------- .. automodule:: plaso.parsers.winreg_plugins.mrulist :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.mrulistex module ---------------------------------------------- +:mod:`mrulistex` Module +----------------------- .. automodule:: plaso.parsers.winreg_plugins.mrulistex :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.msie_zones module ----------------------------------------------- +:mod:`msie_zones` Module +------------------------ .. automodule:: plaso.parsers.winreg_plugins.msie_zones :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.officemru module ---------------------------------------------- +:mod:`officemru` Module +----------------------- .. automodule:: plaso.parsers.winreg_plugins.officemru :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.outlook module -------------------------------------------- +:mod:`outlook` Module +--------------------- .. automodule:: plaso.parsers.winreg_plugins.outlook :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.run module ---------------------------------------- +:mod:`run` Module +----------------- .. automodule:: plaso.parsers.winreg_plugins.run :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.sam_users module ---------------------------------------------- +:mod:`sam_users` Module +----------------------- .. automodule:: plaso.parsers.winreg_plugins.sam_users :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.services module --------------------------------------------- +:mod:`services` Module +---------------------- .. automodule:: plaso.parsers.winreg_plugins.services :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.shutdown module --------------------------------------------- +:mod:`shutdown` Module +---------------------- .. automodule:: plaso.parsers.winreg_plugins.shutdown :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.task_scheduler module --------------------------------------------------- +:mod:`task_scheduler` Module +---------------------------- .. automodule:: plaso.parsers.winreg_plugins.task_scheduler :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.terminal_server module ---------------------------------------------------- +:mod:`terminal_server` Module +----------------------------- .. automodule:: plaso.parsers.winreg_plugins.terminal_server :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.timezone module --------------------------------------------- +:mod:`timezone` Module +---------------------- .. automodule:: plaso.parsers.winreg_plugins.timezone :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.typedurls module ---------------------------------------------- +:mod:`typedurls` Module +----------------------- .. automodule:: plaso.parsers.winreg_plugins.typedurls :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.usb module ---------------------------------------- +:mod:`usb` Module +----------------- .. automodule:: plaso.parsers.winreg_plugins.usb :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.usbstor module -------------------------------------------- +:mod:`usbstor` Module +--------------------- .. automodule:: plaso.parsers.winreg_plugins.usbstor :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.userassist module ----------------------------------------------- +:mod:`userassist` Module +------------------------ .. automodule:: plaso.parsers.winreg_plugins.userassist :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.winrar module ------------------------------------------- +:mod:`winrar` Module +-------------------- .. automodule:: plaso.parsers.winreg_plugins.winrar :members: :undoc-members: :show-inheritance: -plaso.parsers.winreg_plugins.winver module ------------------------------------------- +:mod:`winver` Module +-------------------- .. automodule:: plaso.parsers.winreg_plugins.winver :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.parsers.winreg_plugins - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.preprocessors.rst b/docs/plaso.preprocessors.rst index c82ca2b8a1..23b99310c6 100644 --- a/docs/plaso.preprocessors.rst +++ b/docs/plaso.preprocessors.rst @@ -1,54 +1,51 @@ -plaso.preprocessors package -=========================== +preprocessors Package +===================== -Submodules ----------- +:mod:`preprocessors` Package +---------------------------- -plaso.preprocessors.interface module ------------------------------------- +.. automodule:: plaso.preprocessors + :members: + :undoc-members: + :show-inheritance: + +:mod:`interface` Module +----------------------- .. automodule:: plaso.preprocessors.interface :members: :undoc-members: :show-inheritance: -plaso.preprocessors.linux module --------------------------------- +:mod:`linux` Module +------------------- .. automodule:: plaso.preprocessors.linux :members: :undoc-members: :show-inheritance: -plaso.preprocessors.macosx module ---------------------------------- +:mod:`macosx` Module +-------------------- .. automodule:: plaso.preprocessors.macosx :members: :undoc-members: :show-inheritance: -plaso.preprocessors.manager module ----------------------------------- +:mod:`manager` Module +--------------------- .. automodule:: plaso.preprocessors.manager :members: :undoc-members: :show-inheritance: -plaso.preprocessors.windows module ----------------------------------- +:mod:`windows` Module +--------------------- .. automodule:: plaso.preprocessors.windows :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.preprocessors - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.proto.rst b/docs/plaso.proto.rst index e918cfed10..5cb34bc891 100644 --- a/docs/plaso.proto.rst +++ b/docs/plaso.proto.rst @@ -1,22 +1,19 @@ -plaso.proto package -=================== +proto Package +============= -Submodules ----------- +:mod:`proto` Package +-------------------- -plaso.proto.plaso_storage_pb2 module ------------------------------------- - -.. automodule:: plaso.proto.plaso_storage_pb2 +.. automodule:: plaso.proto :members: :undoc-members: :show-inheritance: +:mod:`plaso_storage_pb2` Module +------------------------------- -Module contents ---------------- - -.. automodule:: plaso.proto +.. automodule:: plaso.proto.plaso_storage_pb2 :members: :undoc-members: :show-inheritance: + diff --git a/docs/plaso.rst b/docs/plaso.rst index fbdd64bbdc..12f042100c 100644 --- a/docs/plaso.rst +++ b/docs/plaso.rst @@ -1,6 +1,22 @@ -plaso package +plaso Package ============= +:mod:`plaso` Package +-------------------- + +.. automodule:: plaso.__init__ + :members: + :undoc-members: + :show-inheritance: + +:mod:`dependencies` Module +-------------------------- + +.. automodule:: plaso.dependencies + :members: + :undoc-members: + :show-inheritance: + Subpackages ----------- @@ -26,22 +42,3 @@ Subpackages plaso.winnt plaso.winregistry -Submodules ----------- - -plaso.dependencies module -------------------------- - -.. automodule:: plaso.dependencies - :members: - :undoc-members: - :show-inheritance: - - -Module contents ---------------- - -.. automodule:: plaso - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.serializer.rst b/docs/plaso.serializer.rst index a6f4adab84..bdc135d7ce 100644 --- a/docs/plaso.serializer.rst +++ b/docs/plaso.serializer.rst @@ -1,38 +1,35 @@ -plaso.serializer package -======================== +serializer Package +================== -Submodules ----------- +:mod:`serializer` Package +------------------------- -plaso.serializer.interface module ---------------------------------- - -.. automodule:: plaso.serializer.interface +.. automodule:: plaso.serializer :members: :undoc-members: :show-inheritance: -plaso.serializer.json_serializer module ---------------------------------------- +:mod:`interface` Module +----------------------- -.. automodule:: plaso.serializer.json_serializer +.. automodule:: plaso.serializer.interface :members: :undoc-members: :show-inheritance: -plaso.serializer.protobuf_serializer module -------------------------------------------- +:mod:`json_serializer` Module +----------------------------- -.. automodule:: plaso.serializer.protobuf_serializer +.. automodule:: plaso.serializer.json_serializer :members: :undoc-members: :show-inheritance: +:mod:`protobuf_serializer` Module +--------------------------------- -Module contents ---------------- - -.. automodule:: plaso.serializer +.. automodule:: plaso.serializer.protobuf_serializer :members: :undoc-members: :show-inheritance: + diff --git a/docs/plaso.storage.rst b/docs/plaso.storage.rst index a5f9bb203e..70118f4a0e 100644 --- a/docs/plaso.storage.rst +++ b/docs/plaso.storage.rst @@ -1,30 +1,27 @@ -plaso.storage package -===================== +storage Package +=============== -Submodules ----------- +:mod:`storage` Package +---------------------- -plaso.storage.collection module -------------------------------- - -.. automodule:: plaso.storage.collection +.. automodule:: plaso.storage :members: :undoc-members: :show-inheritance: -plaso.storage.factory module ----------------------------- +:mod:`collection` Module +------------------------ -.. automodule:: plaso.storage.factory +.. automodule:: plaso.storage.collection :members: :undoc-members: :show-inheritance: +:mod:`factory` Module +--------------------- -Module contents ---------------- - -.. automodule:: plaso.storage +.. automodule:: plaso.storage.factory :members: :undoc-members: :show-inheritance: + diff --git a/docs/plaso.unix.rst b/docs/plaso.unix.rst index 380363a203..3e7322c00c 100644 --- a/docs/plaso.unix.rst +++ b/docs/plaso.unix.rst @@ -1,22 +1,19 @@ -plaso.unix package -================== +unix Package +============ -Submodules ----------- +:mod:`unix` Package +------------------- -plaso.unix.bsmtoken module --------------------------- - -.. automodule:: plaso.unix.bsmtoken +.. automodule:: plaso.unix :members: :undoc-members: :show-inheritance: +:mod:`bsmtoken` Module +---------------------- -Module contents ---------------- - -.. automodule:: plaso.unix +.. automodule:: plaso.unix.bsmtoken :members: :undoc-members: :show-inheritance: + diff --git a/docs/plaso.winnt.rst b/docs/plaso.winnt.rst index c94888cd85..82847162e6 100644 --- a/docs/plaso.winnt.rst +++ b/docs/plaso.winnt.rst @@ -1,62 +1,59 @@ -plaso.winnt package -=================== +winnt Package +============= -Submodules ----------- +:mod:`winnt` Package +-------------------- -plaso.winnt.environ_expand module ---------------------------------- +.. automodule:: plaso.winnt + :members: + :undoc-members: + :show-inheritance: + +:mod:`environ_expand` Module +---------------------------- .. automodule:: plaso.winnt.environ_expand :members: :undoc-members: :show-inheritance: -plaso.winnt.human_readable_service_enums module ------------------------------------------------ +:mod:`human_readable_service_enums` Module +------------------------------------------ .. automodule:: plaso.winnt.human_readable_service_enums :members: :undoc-members: :show-inheritance: -plaso.winnt.known_folder_ids module ------------------------------------ +:mod:`known_folder_ids` Module +------------------------------ .. automodule:: plaso.winnt.known_folder_ids :members: :undoc-members: :show-inheritance: -plaso.winnt.language_ids module -------------------------------- +:mod:`language_ids` Module +-------------------------- .. automodule:: plaso.winnt.language_ids :members: :undoc-members: :show-inheritance: -plaso.winnt.shell_folder_ids module ------------------------------------ +:mod:`shell_folder_ids` Module +------------------------------ .. automodule:: plaso.winnt.shell_folder_ids :members: :undoc-members: :show-inheritance: -plaso.winnt.time_zones module ------------------------------ +:mod:`time_zones` Module +------------------------ .. automodule:: plaso.winnt.time_zones :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.winnt - :members: - :undoc-members: - :show-inheritance: diff --git a/docs/plaso.winregistry.rst b/docs/plaso.winregistry.rst index e82ebb1b40..6ba5af1d65 100644 --- a/docs/plaso.winregistry.rst +++ b/docs/plaso.winregistry.rst @@ -1,62 +1,59 @@ -plaso.winregistry package -========================= +winregistry Package +=================== -Submodules ----------- +:mod:`winregistry` Package +-------------------------- -plaso.winregistry.cache module ------------------------------- +.. automodule:: plaso.winregistry + :members: + :undoc-members: + :show-inheritance: + +:mod:`cache` Module +------------------- .. automodule:: plaso.winregistry.cache :members: :undoc-members: :show-inheritance: -plaso.winregistry.definitions module ------------------------------------- +:mod:`definitions` Module +------------------------- .. automodule:: plaso.winregistry.definitions :members: :undoc-members: :show-inheritance: -plaso.winregistry.interface module ----------------------------------- +:mod:`interface` Module +----------------------- .. automodule:: plaso.winregistry.interface :members: :undoc-members: :show-inheritance: -plaso.winregistry.path_expander module --------------------------------------- +:mod:`path_expander` Module +--------------------------- .. automodule:: plaso.winregistry.path_expander :members: :undoc-members: :show-inheritance: -plaso.winregistry.regf module ------------------------------ +:mod:`regf` Module +------------------ .. automodule:: plaso.winregistry.regf :members: :undoc-members: :show-inheritance: -plaso.winregistry.registry module ---------------------------------- +:mod:`registry` Module +---------------------- .. automodule:: plaso.winregistry.registry :members: :undoc-members: :show-inheritance: - -Module contents ---------------- - -.. automodule:: plaso.winregistry - :members: - :undoc-members: - :show-inheritance: diff --git a/plaso/__init__.py b/plaso/__init__.py index 28d8b364f2..b5653159c4 100644 --- a/plaso/__init__.py +++ b/plaso/__init__.py @@ -3,7 +3,7 @@ __version__ = '1.3.1' VERSION_DEV = True -VERSION_DATE = '20150818' +VERSION_DATE = '20150820' def GetVersion(): diff --git a/plaso/lib/plist.py b/plaso/lib/plist.py new file mode 100644 index 0000000000..e64fa6dc87 --- /dev/null +++ b/plaso/lib/plist.py @@ -0,0 +1,71 @@ +# -*- coding: utf-8 -*- +"""The plist file object.""" + +import binascii +import os +import plistlib + +from binplist import binplist + + +class PlistFile(object): + """Class that defines a plist file. + + Attributes: + root_key: the plist root key (instance of plistlib._InternalDict). + """ + + def __init__(self): + """Initializes the plist file object.""" + super(PlistFile, self).__init__() + self.root_key = None + + def GetValueByPath(self, path_segments): + """Retrieves a plist value by path. + + Args: + path_segments: a list of path segments strings relative from the root + of the plist. + + Returns: + The value of the key specified by the path or None. + """ + key = self.root_key + for path_segment in path_segments: + if isinstance(key, (dict, plistlib._InternalDict)): + key = key.get(path_segment) + + elif isinstance(key, list): + try: + list_index = int(path_segment, 10) + except ValueError: + return + + key = key[list_index] + + else: + return + + if not key: + return + + return key + + def Read(self, file_object): + """Reads a plist from a file-like object. + + Args: + file_object: the file-like object. + + Raises: + IOError: if the plist file-like object cannot be read. + """ + try: + file_object.seek(0, os.SEEK_SET) + # Note that binplist.readPlist does not seek to offset 0. + self.root_key = binplist.readPlist(file_object) + + except ( + AttributeError, binascii.Error, binplist.FormatError, LookupError, + OverflowError, ValueError) as exception: + raise IOError(exception) diff --git a/plaso/parsers/plist_plugins/interface.py b/plaso/parsers/plist_plugins/interface.py index 90daef7f5a..980dfa018f 100644 --- a/plaso/parsers/plist_plugins/interface.py +++ b/plaso/parsers/plist_plugins/interface.py @@ -58,6 +58,50 @@ class PlistPlugin(plugins.BasePlugin): # Ex. ['http://www.forensicswiki.org/wiki/Property_list_(plist)'] URLS = [] + def _GetKeys(self, top_level, keys, depth=1): + """Helper function to return keys nested in a plist dict. + + By default this function will return the values for the named keys requested + by a plugin in match dictionary object. The default setting is to look + a single layer down from the root (same as the check for plugin + applicability). This level is suitable for most cases. + + For cases where there is variability in the name at the first level + (e.g. it is the MAC addresses of a device, or a UUID) it is possible to + override the depth limit and use GetKeys to fetch from a deeper level. + + E.g. + Top_Level (root): # depth = 0 + -- Key_Name_is_UUID_Generated_At_Install 1234-5678-8 # depth = 1 + ---- Interesting_SubKey_with_value_to_Process: [Values, ...] # depth = 2 + + Args: + top_level: Plist in dictionary form. + keys: A list of keys that should be returned. + depth: Defines how many levels deep to check for a match. + + Returns: + A dictionary with just the keys requested or an empty dict if the plist + is flat, eg. top_level is a list instead of a dict object. + """ + match = {} + if not isinstance(top_level, dict): + # Return an empty dict here if top_level is a list object, which happens + # if the plist file is flat. + return match + keys = set(keys) + + if depth == 1: + for key in keys: + match[key] = top_level.get(key, None) + else: + for _, parsed_key, parsed_value in RecurseKey(top_level, depth=depth): + if parsed_key in keys: + match[parsed_key] = parsed_value + if set(match.keys()) == keys: + return match + return match + @abc.abstractmethod def GetEntries( self, parser_mediator, top_level=None, match=None, **unused_kwargs): @@ -155,11 +199,12 @@ def Process(self, parser_mediator, plist_name, top_level, **kwargs): logging.debug(u'Plist Plugin Used: {0:s} for: {1:s}'.format( self.NAME, plist_name)) - match = GetKeys(top_level, self.PLIST_KEYS) + match = self._GetKeys(top_level, self.PLIST_KEYS) self.GetEntries(parser_mediator, top_level=top_level, match=match) -def RecurseKey(recur_item, root=u'', depth=15): +# TODO: move to lib.plist. +def RecurseKey(recur_item, depth=15, key_path=u''): """Flattens nested dictionaries and lists by yielding it's values. The hierarchy of a plist file is a series of nested dictionaries and lists. @@ -181,110 +226,44 @@ def RecurseKey(recur_item, root=u'', depth=15): Args: recur_item: An object to be checked for additional nested items. - root: The pathname of the current working key. - depth: A counter to ensure we stop at the maximum recursion depth. + depth: Optional integer indication the current recursion depth. + This value is used to ensure we stop at the maximum recursion depth. + The default is 15. + key_path: Optional path of the current working key. The default is + an emtpy string. Yields: - A tuple of the root, key, and value from a plist. + A tuple of the key path, key, and value from a plist. """ if depth < 1: - logging.debug(u'Recursion limit hit for key: {0:s}'.format(root)) + logging.debug(u'Recursion limit hit for key: {0:s}'.format(key_path)) return if isinstance(recur_item, (list, tuple)): for recur in recur_item: - for key in RecurseKey(recur, root, depth): + for key in RecurseKey(recur, depth=depth, key_path=key_path): yield key return if not hasattr(recur_item, u'iteritems'): return - for key, value in recur_item.iteritems(): - yield root, key, value + # TODO determine if recur_item is a plistlib._InternalDict to determine + # if recur_item.iteritems() should be replaced with iter(recur_item.items()). + # Note that testing breaks when explictly only allowing + # plistlib._InternalDict. + for subkey, value in recur_item.iteritems(): + yield key_path, subkey, value + if isinstance(value, dict): value = [value] + if isinstance(value, list): for item in value: - if isinstance(item, dict): - for keyval in RecurseKey( - item, root=root + u'/' + key, depth=depth - 1): - yield keyval - - -def GetKeys(top_level, keys, depth=1): - """Helper function to return keys nested in a plist dict. + if not isinstance(item, dict): + continue - By default this function will return the values for the named keys requested - by a plugin in match dictionary object. The default setting is to look - a single layer down from the root (same as the check for plugin - applicability). This level is suitable for most cases. - - For cases where there is variability in the name at the first level - (e.g. it is the MAC addresses of a device, or a UUID) it is possible to - override the depth limit and use GetKeys to fetch from a deeper level. - - E.g. - Top_Level (root): # depth = 0 - -- Key_Name_is_UUID_Generated_At_Install 1234-5678-8 # depth = 1 - ---- Interesting_SubKey_with_value_to_Process: [Values, ...] # depth = 2 - - Args: - top_level: Plist in dictionary form. - keys: A list of keys that should be returned. - depth: Defines how many levels deep to check for a match. - - Returns: - A dictionary with just the keys requested or an empty dict if the plist - is flat, eg. top_level is a list instead of a dict object. - """ - match = {} - if not isinstance(top_level, dict): - # Return an empty dict here if top_level is a list object, which happens - # if the plist file is flat. - return match - keys = set(keys) - - if depth == 1: - for key in keys: - match[key] = top_level.get(key, None) - else: - for _, parsed_key, parsed_value in RecurseKey(top_level, depth=depth): - if parsed_key in keys: - match[parsed_key] = parsed_value - if set(match.keys()) == keys: - return match - return match - - -def GetKeysDefaultEmpty(top_level, keys, depth=1): - """Return keys nested in a plist dict, defaulting to an empty value. - - The method GetKeys fails if the supplied key does not exist within the - plist object. This alternate method behaves the same way as GetKeys - except that instead of raising an error if the key doesn't exist it will - assign a default empty value ('') to the field. - - Args: - top_level: Plist in dictionary form. - keys: A list of keys that should be returned. - depth: Defines how many levels deep to check for a match. - - Returns: - A dictionary with just the keys requested. - """ - keys = set(keys) - match = {} - - if depth == 1: - for key in keys: - value = top_level.get(key, None) - if value is not None: - match[key] = value - else: - for _, parsed_key, parsed_value in RecurseKey(top_level, depth=depth): - if parsed_key in keys: - match[parsed_key] = parsed_value - if set(match.keys()) == keys: - return match - return match + subkey_path = u'{0:s}/{1:s}'.format(key_path, subkey) + for tuple_value in RecurseKey( + item, depth=depth - 1, key_path=subkey_path): + yield tuple_value diff --git a/plaso/preprocessors/interface.py b/plaso/preprocessors/interface.py index 944ac418a0..375fdbc339 100644 --- a/plaso/preprocessors/interface.py +++ b/plaso/preprocessors/interface.py @@ -56,6 +56,7 @@ def plugin_name(self): """Return the name of the plugin.""" return self.__class__.__name__ + # TODO: refactor to PathPreprocessPlugin or equivalent. def _FindFileEntry(self, searcher, path): """Searches for a file entry that matches the path. @@ -71,21 +72,33 @@ def _FindFileEntry(self, searcher, path): Raises: errors.PreProcessFail: if the file entry cannot be found or opened. """ - find_spec = file_system_searcher.FindSpec( - location=path, case_sensitive=False) - - path_specs = list(searcher.Find(find_specs=[find_spec])) + path_specs = self._FindPathSpecs(searcher, path) if not path_specs or len(path_specs) != 1: raise errors.PreProcessFail(u'Unable to find: {0:s}'.format(path)) try: - file_entry = searcher.GetFileEntryByPathSpec(path_specs[0]) + return searcher.GetFileEntryByPathSpec(path_specs[0]) except IOError as exception: raise errors.PreProcessFail( u'Unable to retrieve file entry: {0:s} with error: {1:s}'.format( path, exception)) - return file_entry + # TODO: refactor to PathPreprocessPlugin or equivalent. + def _FindPathSpecs(self, searcher, path): + """Searches for path specifications that matches the path. + + Args: + searcher: The file system searcher object (instance of + dfvfs.FileSystemSearcher). + path: The location of the file entry relative to the file system + of the searcher. + + Returns: + A list of path specifcations. + """ + find_spec = file_system_searcher.FindSpec( + location_regex=path, case_sensitive=False) + return list(searcher.Find(find_specs=[find_spec])) @abc.abstractmethod def GetValue(self, searcher, knowledge_base): @@ -143,10 +156,7 @@ def GetValue(self, searcher, unused_knowledge_base): Raises: PreProcessFail: if the path could not be found. """ - find_spec = file_system_searcher.FindSpec( - location_regex=self.PATH, case_sensitive=False) - path_specs = list(searcher.Find(find_specs=[find_spec])) - + path_specs = self._FindPathSpecs(searcher, self.PATH) if not path_specs: raise errors.PreProcessFail( u'Unable to find path: {0:s}'.format(self.PATH)) diff --git a/plaso/preprocessors/macosx.py b/plaso/preprocessors/macosx.py index 48d2861d9b..ca03c9525e 100644 --- a/plaso/preprocessors/macosx.py +++ b/plaso/preprocessors/macosx.py @@ -1,14 +1,12 @@ # -*- coding: utf-8 -*- """This file contains preprocessors for Mac OS X.""" +import abc import logging - -from binplist import binplist -from dfvfs.helpers import file_system_searcher -from xml.etree import ElementTree +import plistlib from plaso.lib import errors -from plaso.lib import utils +from plaso.lib import plist from plaso.parsers.plist_plugins import interface as plist_interface from plaso.preprocessors import interface from plaso.preprocessors import manager @@ -17,17 +15,86 @@ class PlistPreprocessPlugin(interface.PreprocessPlugin): """Class that defines the plist preprocess plugin object.""" - SUPPORTED_OS = ['MacOSX'] + def _GetPlistRootKey(self, file_entry): + """Open a plist file entry. + + Args: + file_entry: The plist file entry (instance of dfvfs.FileEntry). + + Returns: + The plist root key (instance of plistlib._InternalDict). + + Raises: + errors.PreProcessFail: if the preprocessing fails. + """ + file_object = file_entry.GetFileObject() + + plist_file = plist.PlistFile() + try: + plist_file.Read(file_object) + + except IOError as exception: + location = getattr(file_entry.path_spec, u'location', u'') + raise errors.PreProcessFail( + u'Unable to read plist file: {0:s} with error: {1:s}'.format( + location, exception)) + + finally: + file_object.close() + + return plist_file.root_key + + @abc.abstractmethod + def GetValue(self, searcher, knowledge_base): + """Return the value for the attribute. + + Args: + searcher: The file system searcher object (instance of + dfvfs.FileSystemSearcher). + knowledge_base: A knowledge base object (instance of KnowledgeBase), + which contains information from the source data needed + for parsing. + """ + raise NotImplementedError + + +class PlistKeyPreprocessPlugin(PlistPreprocessPlugin): + """Class that defines the plist key preprocess plugin object. + + The plist key preprocess plugin retieves values from key names, + defined in PLIST_KEYS, from a specific plist file, defined in + PLIST_PATH. + """ + + SUPPORTED_OS = [u'MacOSX'] WEIGHT = 2 # Path to the plist file to be parsed, can depend on paths discovered # in previous preprocessors. - PLIST_PATH = '' + PLIST_PATH = u'' # The key that's value should be returned back. It is an ordered list # of preference. If the first value is found it will be returned and no # others will be searched. - PLIST_KEYS = [''] + PLIST_KEYS = [u''] + + def _FindKeys(self, key, names, matches): + """Searches the plist key hierarchy for keys with matching names. + + If a match is found a tuple of the key name and value is added to + the matches list. + + Args: + key: a plist key (instance of plistlib._InternalDict). + names: list of names of the keys to match. + matches: a list to add the keys with matching names. + """ + for name, subkey in key.iteritems(): + if name in names: + matches.append((name, subkey)) + + if isinstance(subkey, plistlib._InternalDict): + self._FindKeys(subkey, names, matches) def GetValue(self, searcher, unused_knowledge_base): """Returns a value retrieved from keys within a plist file. @@ -52,175 +119,89 @@ def GetValue(self, searcher, unused_knowledge_base): raise errors.PreProcessFail( u'Unable to open file: {0:s}'.format(self.PLIST_PATH)) - file_object = file_entry.GetFileObject() - try: - value = self.ParseFile(file_entry, file_object) - finally: - file_object.close() - - return value - - def ParseFile(self, file_entry, file_object): - """Parses the plist file and returns the parsed key. - - Args: - file_entry: The file entry (instance of dfvfs.FileEntry). - file_object: The file-like object. - - Returns: - The value of the first key defined by PLIST_KEYS that is found. - - Raises: - errors.PreProcessFail: if the preprocessing fails. - """ - try: - plist_file = binplist.BinaryPlist(file_object) - top_level_object = plist_file.Parse() - - except binplist.FormatError as exception: + root_key = self._GetPlistRootKey(file_entry) + if not root_key: + location = getattr(file_entry.path_spec, u'location', u'') raise errors.PreProcessFail( - u'File is not a plist: {0:s} with error: {1:s}'.format( - file_entry.path_spec.comparable, exception)) + u'Missing root key in plist: {0:s}'.format(location)) - except OverflowError as exception: - raise errors.PreProcessFail( - u'Unable to process plist: {0:s} with error: {1:s}'.format( - file_entry.path_spec.comparable, exception)) + matches = [] - if not plist_file: - raise errors.PreProcessFail( - u'File is not a plist: {0:s}'.format(file_entry.path_spec.comparable)) + self._FindKeys(root_key, self.PLIST_KEYS, matches) + if not matches: + raise errors.PreProcessFail(u'No such keys: {0:s}.'.format( + u', '.join(self.PLIST_KEYS))) - match = None - key_name = '' - for plist_key in self.PLIST_KEYS: - try: - match = plist_interface.GetKeys( - top_level_object, frozenset([plist_key])) - except KeyError: - continue - if match: - key_name = plist_key + key_name = None + key_value = None + for key_name, key_value in matches: + if key_value: break - if not match: - raise errors.PreProcessFail( - u'Keys not found inside plist file: {0:s}.'.format( - u','.join(self.PLIST_KEYS))) + if key_value is None: + raise errors.PreProcessFail(u'No values found for keys: {0:s}.'.format( + u', '.join(self.PLIST_KEYS))) - return self.ParseKey(match, key_name) + return self.ParseValue(key_name, key_value) - def ParseKey(self, key, key_name): - """Retrieves a specific value from the key. + def ParseValue(self, unused_key_name, key_value): + """Parses a key value. Args: - key: The key object (instance of dict). key_name: The name of the key. + key_value: The value of the key. Returns: - The value of the key defined by key_name. + The parsed value. Raises: - errors.PreProcessFail: if the preprocessing fails. + errors.PreProcessFail: if the value cannot be parsed. """ - value = key.get(key_name, None) - if not value: - raise errors.PreProcessFail( - u'Value of key: {0:s} not found.'.format(key_name)) - - return value - - -class XMLPlistPreprocessPlugin(PlistPreprocessPlugin): - """Class that defines the Mac OS X XML plist preprocess plugin object.""" - - def _GetKeys(self, xml_root, key_name): - """Return a dict with the requested keys.""" - match = {} - - generator = xml_root.iter() - for key in generator: - if 'key' in key.tag and key_name in key.text: - value_key = generator.next() - value = '' - for subkey in value_key.iter(): - if 'string' in subkey.tag: - value = subkey.text - match[key.text] = value - - # Now we need to go over the match dict and retrieve values. - return match - - def ParseFile(self, file_entry, file_object): - """Parse the file and return parsed key. - - Args: - file_entry: The file entry (instance of dfvfs.FileEntry). - file_object: The file-like object. - - Returns: - The value of the first key defined by PLIST_KEYS that is found. - - Raises: - errors.PreProcessFail: if the preprocessing fails. - """ - # TODO: Move to defusedxml for safer XML parsing. - try: - xml = ElementTree.parse(file_object) - except ElementTree.ParseError: - raise errors.PreProcessFail(u'File is not a XML file.') - except IOError: - raise errors.PreProcessFail(u'File is not a XML file.') - - xml_root = xml.getroot() - key_name = '' - match = None - for key in self.PLIST_KEYS: - match = self._GetKeys(xml_root, key) - if match: - key_name = key - break - - if not match: - raise errors.PreProcessFail( - u'Keys not found inside plist file: {0:s}.'.format( - u','.join(self.PLIST_KEYS))) - - return self.ParseKey(match, key_name) + return key_value -class MacOSXBuild(XMLPlistPreprocessPlugin): +class MacOSXBuild(PlistKeyPreprocessPlugin): """Fetches build information about a Mac OS X system.""" - ATTRIBUTE = 'build' - PLIST_PATH = '/System/Library/CoreServices/SystemVersion.plist' + ATTRIBUTE = u'build' + PLIST_PATH = u'/System/Library/CoreServices/SystemVersion.plist' - PLIST_KEYS = ['ProductUserVisibleVersion'] + PLIST_KEYS = [u'ProductUserVisibleVersion'] -class MacOSXHostname(XMLPlistPreprocessPlugin): +class MacOSXHostname(PlistKeyPreprocessPlugin): """Fetches hostname information about a Mac OS X system.""" - ATTRIBUTE = 'hostname' - PLIST_PATH = '/Library/Preferences/SystemConfiguration/preferences.plist' + ATTRIBUTE = u'hostname' + PLIST_PATH = u'/Library/Preferences/SystemConfiguration/preferences.plist' - PLIST_KEYS = ['ComputerName', 'LocalHostName'] + PLIST_KEYS = [u'ComputerName', u'LocalHostName'] -class MacOSXKeyboard(PlistPreprocessPlugin): +class MacOSXKeyboard(PlistKeyPreprocessPlugin): """Fetches keyboard information from a Mac OS X system.""" - ATTRIBUTE = 'keyboard_layout' - PLIST_PATH = '/Library/Preferences/com.apple.HIToolbox.plist' + ATTRIBUTE = u'keyboard_layout' + PLIST_PATH = u'/Library/Preferences/com.apple.HIToolbox.plist' - PLIST_KEYS = ['AppleCurrentKeyboardLayoutInputSourceID'] + PLIST_KEYS = [u'AppleCurrentKeyboardLayoutInputSourceID'] - def ParseKey(self, key, key_name): - """Determines the keyboard layout.""" - value = super(MacOSXKeyboard, self).ParseKey(key, key_name) - if type(value) in (list, tuple): - value = value[0] - _, _, keyboard_layout = value.rpartition('.') + def ParseValue(self, unused_key_name, key_value): + """Parses a key value. + + Args: + key_name: The name of the key. + key_value: The value of the key. + + Returns: + The parsed value. + + Raises: + errors.PreProcessFail: if the value cannot be parsed. + """ + if isinstance(key_value, (list, tuple)): + key_value = key_value[0] + _, _, keyboard_layout = key_value.rpartition(u'.') return keyboard_layout @@ -228,8 +209,8 @@ def ParseKey(self, key, key_name): class MacOSXTimeZone(interface.PreprocessPlugin): """Gather timezone information from a Mac OS X system.""" - ATTRIBUTE = 'time_zone_str' - SUPPORTED_OS = ['MacOSX'] + ATTRIBUTE = u'time_zone_str' + SUPPORTED_OS = [u'MacOSX'] WEIGHT = 1 @@ -265,53 +246,50 @@ def GetValue(self, searcher, unused_knowledge_base): return zone -class MacOSXUsers(interface.PreprocessPlugin): +class MacOSXUsers(PlistPreprocessPlugin): """Get information about user accounts on a Mac OS X system.""" - SUPPORTED_OS = ['MacOSX'] - ATTRIBUTE = 'users' + SUPPORTED_OS = [u'MacOSX'] + ATTRIBUTE = u'users' WEIGHT = 1 # Define the path to the user account information. - USER_PATH = '/private/var/db/dslocal/nodes/Default/users/[^_].+.plist' + USER_PATH = u'/private/var/db/dslocal/nodes/Default/users/[^_].+.plist' + + _KEYS = frozenset([u'name', u'uid', u'home', u'realname']) - _KEYS = frozenset(['name', 'uid', 'home', 'realname']) + def _GetKeysDefaultEmpty(self, top_level, keys, depth=1): + """Return keys nested in a plist dict, defaulting to an empty value. - def _OpenPlistFile(self, searcher, path_spec): - """Open a Plist file given a path and returns a plist top level object. + The method GetKeys fails if the supplied key does not exist within the + plist object. This alternate method behaves the same way as GetKeys + except that instead of raising an error if the key doesn't exist it will + assign an empty string value ('') to the field. Args: - searcher: The file system searcher object (instance of - dfvfs.FileSystemSearcher). - path_spec: The path specification (instance of dfvfs.PathSpec) - of the plist file. + top_level: Plist in dictionary form. + keys: A list of keys that should be returned. + depth: Defines how many levels deep to check for a match. - Raises: - errors.PreProcessFail: if the preprocessing fails. + Returns: + A dictionary with just the keys requested. """ - plist_file_location = getattr(path_spec, 'location', u'') - file_entry = searcher.GetFileEntryByPathSpec(path_spec) - file_object = file_entry.GetFileObject() - - try: - plist_file = binplist.BinaryPlist(file_object) - top_level_object = plist_file.Parse() - - except binplist.FormatError as exception: - exception = utils.GetUnicodeString(exception) - raise errors.PreProcessFail( - u'File is not a plist: {0:s}'.format(exception)) - - except OverflowError as exception: - raise errors.PreProcessFail( - u'Error processing: {0:s} with error: {1:s}'.format( - plist_file_location, exception)) - - if not plist_file: - raise errors.PreProcessFail( - u'File is not a plist: {0:s}'.format(plist_file_location)) + keys = set(keys) + match = {} - return top_level_object + if depth == 1: + for key in keys: + value = top_level.get(key, None) + if value is not None: + match[key] = value + else: + for _, parsed_key, parsed_value in plist_interface.RecurseKey( + top_level, depth=depth): + if parsed_key in keys: + match[parsed_key] = parsed_value + if set(match.keys()) == keys: + return match + return match def GetValue(self, searcher, unused_knowledge_base): """Determines the user accounts. @@ -329,41 +307,35 @@ def GetValue(self, searcher, unused_knowledge_base): Raises: errors.PreProcessFail: if the preprocessing fails. """ - find_spec = file_system_searcher.FindSpec( - location_regex=self.USER_PATH, case_sensitive=False) - - path_specs = list(searcher.Find(find_specs=[find_spec])) + path_specs = self._FindPathSpecs(searcher, self.USER_PATH) if not path_specs: raise errors.PreProcessFail(u'Unable to find user plist files.') users = [] for path_spec in path_specs: - plist_file_location = getattr(path_spec, 'location', u'') - if not plist_file_location: - raise errors.PreProcessFail(u'Missing user plist file location.') + file_entry = searcher.GetFileEntryByPathSpec(path_spec) - try: - top_level_object = self._OpenPlistFile(searcher, path_spec) - except IOError: - logging.warning(u'Unable to parse user plist file: {0:s}'.format( - plist_file_location)) + root_key = self._GetPlistRootKey(file_entry) + if not root_key: + location = getattr(path_spec, u'location', u'') + logging.warning(u'Missing root key in plist: {0:s}'.format(location)) continue try: - match = plist_interface.GetKeysDefaultEmpty( - top_level_object, self._KEYS) + match = self._GetKeysDefaultEmpty(root_key, self._KEYS) except KeyError as exception: + location = getattr(path_spec, u'location', u'') logging.warning( u'Unable to read user plist file: {0:s} with error: {1:s}'.format( - plist_file_location, exception)) + location, exception)) continue # TODO: as part of artifacts, create a proper object for this. user = { - 'uid': match.get('uid', [-1])[0], - 'path': match.get('home', [u''])[0], - 'name': match.get('name', [u''])[0], - 'realname': match.get('realname', [u'N/A'])[0]} + u'uid': match.get(u'uid', [-1])[0], + u'path': match.get(u'home', [u''])[0], + u'name': match.get(u'name', [u''])[0], + u'realname': match.get(u'realname', [u'N/A'])[0]} users.append(user) if not users: diff --git a/tests/lib/binary.py b/tests/lib/binary.py index ec138b7b7a..a84dee8ee0 100644 --- a/tests/lib/binary.py +++ b/tests/lib/binary.py @@ -1,5 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- +"""Tests for the binary library functions.""" + import os import unittest @@ -9,60 +11,60 @@ class BinaryTests(unittest.TestCase): """A unit test for the binary helper functions.""" + # Show full diff results, part of TestCase so does not follow our naming + # conventions. + maxDiff = None + def setUp(self): - """Set up the needed variables used througout.""" + """Set up the needed variables used througout tests.""" # String: "þrándur" - uses surrogate pairs to test four byte character # decoding. self._unicode_string_1 = ( - '\xff\xfe\xfe\x00\x72\x00\xe1\x00\x6E\x00\x64\x00\x75\x00\x72\x00') + b'\xff\xfe\xfe\x00\x72\x00\xe1\x00\x6E\x00\x64\x00\x75\x00\x72\x00') # String: "What\x00is". self._ascii_string_1 = ( - '\x57\x00\x68\x00\x61\x00\x74\x00\x00\x00\x69\x00\x73\x00') + b'\x57\x00\x68\x00\x61\x00\x74\x00\x00\x00\x69\x00\x73\x00') # String: "What is this?". self._ascii_string_2 = ( - '\x57\x00\x68\x00\x61\x00\x74\x00\x20\x00\x69\x00\x73\x00' - '\x20\x00\x74\x00\x68\x00\x69\x00\x73\x00\x3F\x00') - - # Show full diff results, part of TestCase so does not follow our naming - # conventions. - self.maxDiff = None + b'\x57\x00\x68\x00\x61\x00\x74\x00\x20\x00\x69\x00\x73\x00' + b'\x20\x00\x74\x00\x68\x00\x69\x00\x73\x00\x3F\x00') def testReadUtf16Stream(self): """Test reading an UTF-16 stream from a file-like object.""" - path = os.path.join('test_data', 'PING.EXE-B29F6629.pf') - with open(path, 'rb') as fh: + path = os.path.join(u'test_data', u'PING.EXE-B29F6629.pf') + with open(path, 'rb') as file_object: # Read a null char terminated string. - fh.seek(0x10) - self.assertEqual(binary.ReadUtf16Stream(fh), 'PING.EXE') + file_object.seek(0x10) + self.assertEqual(binary.ReadUtf16Stream(file_object), u'PING.EXE') # Read a fixed size string. - fh.seek(0x27f8) + file_object.seek(0x27f8) expected_string = u'\\DEVICE\\HARDDISKVOLUME' - string = binary.ReadUtf16Stream(fh, byte_size=44) + string = binary.ReadUtf16Stream(file_object, byte_size=44) self.assertEqual(string, expected_string) - fh.seek(0x27f8) + file_object.seek(0x27f8) expected_string = u'\\DEVICE\\HARDDISKVOLUME1' - string = binary.ReadUtf16Stream(fh, byte_size=46) + string = binary.ReadUtf16Stream(file_object, byte_size=46) self.assertEqual(string, expected_string) # Read another null char terminated string. - fh.seek(7236) + file_object.seek(7236) self.assertEqual( - binary.ReadUtf16Stream(fh), + binary.ReadUtf16Stream(file_object), u'\\DEVICE\\HARDDISKVOLUME1\\WINDOWS\\SYSTEM32\\NTDLL.DLL') def testUt16StreamCopyToString(self): """Test copying an UTF-16 byte stream to a string.""" - path = os.path.join('test_data', 'PING.EXE-B29F6629.pf') - with open(path, 'rb') as fh: - byte_stream = fh.read() + path = os.path.join(u'test_data', u'PING.EXE-B29F6629.pf') + with open(path, 'rb') as file_object: + byte_stream = file_object.read() # Read a null char terminated string. self.assertEqual( - binary.Ut16StreamCopyToString(byte_stream[0x10:]), 'PING.EXE') + binary.Ut16StreamCopyToString(byte_stream[0x10:]), u'PING.EXE') # Read a fixed size string. expected_string = u'\\DEVICE\\HARDDISKVOLUME' @@ -84,9 +86,9 @@ def testUt16StreamCopyToString(self): def testArrayOfUt16StreamCopyToString(self): """Test copying an array of UTF-16 byte streams to strings.""" - path = os.path.join('test_data', 'PING.EXE-B29F6629.pf') - with open(path, 'rb') as fh: - byte_stream = fh.read() + path = os.path.join(u'test_data', u'PING.EXE-B29F6629.pf') + with open(path, 'rb') as file_object: + byte_stream = file_object.read() strings_array = binary.ArrayOfUt16StreamCopyToString( byte_stream[0x1c44:], byte_stream_size=2876) @@ -123,9 +125,9 @@ def testArrayOfUt16StreamCopyToString(self): def testArrayOfUt16StreamCopyToStringTable(self): """Test copying an array of UTF-16 byte streams to a string table.""" - path = os.path.join('test_data', 'PING.EXE-B29F6629.pf') - with open(path, 'rb') as fh: - byte_stream = fh.read() + path = os.path.join(u'test_data', u'PING.EXE-B29F6629.pf') + with open(path, 'rb') as file_object: + byte_stream = file_object.read() string_table = binary.ArrayOfUt16StreamCopyToStringTable( byte_stream[0x1c44:], byte_stream_size=2876) @@ -164,9 +166,9 @@ def testArrayOfUt16StreamCopyToStringTable(self): def testStringParsing(self): """Test parsing the ASCII string.""" - self.assertEqual(binary.ReadUtf16(self._ascii_string_1), 'Whatis') + self.assertEqual(binary.ReadUtf16(self._ascii_string_1), u'Whatis') - self.assertEqual(binary.ReadUtf16(self._ascii_string_2), 'What is this?') + self.assertEqual(binary.ReadUtf16(self._ascii_string_2), u'What is this?') uni_text = binary.ReadUtf16(self._unicode_string_1) self.assertEqual(uni_text, u'þrándur') @@ -175,14 +177,14 @@ def testHex(self): """Test the hexadecimal representation of data.""" hex_string_1 = binary.HexifyBuffer(self._ascii_string_1) hex_compare = ( - '\\x57\\x00\\x68\\x00\\x61\\x00\\x74\\x00\\x00\\x00\\x69\\x00' - '\\x73\\x00') + b'\\x57\\x00\\x68\\x00\\x61\\x00\\x74\\x00\\x00\\x00\\x69\\x00' + b'\\x73\\x00') self.assertEqual(hex_string_1, hex_compare) hex_string_2 = binary.HexifyBuffer(self._unicode_string_1) hex_compare_unicode = ( - '\\xff\\xfe\\xfe\\x00\\x72\\x00\\xe1\\x00\\x6e\\x00\\x64\\x00' - '\\x75\\x00\\x72\\x00') + b'\\xff\\xfe\\xfe\\x00\\x72\\x00\\xe1\\x00\\x6e\\x00\\x64\\x00' + b'\\x75\\x00\\x72\\x00') self.assertEqual(hex_string_2, hex_compare_unicode) diff --git a/tests/lib/objectfilter.py b/tests/lib/objectfilter.py index 0d50df6c9d..192d311a65 100644 --- a/tests/lib/objectfilter.py +++ b/tests/lib/objectfilter.py @@ -1,6 +1,6 @@ #!/usr/bin/python -#!/usr/bin/env python -# +# -*- coding: utf-8 -*- +"""Tests for the object filter functions.""" import unittest diff --git a/tests/lib/plist.py b/tests/lib/plist.py new file mode 100644 index 0000000000..7573f9f892 --- /dev/null +++ b/tests/lib/plist.py @@ -0,0 +1,51 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +"""Tests for the plist library functions.""" + +import os +import unittest + +from plaso.lib import plist + + +class PlistTests(unittest.TestCase): + """Class to test the plist file.""" + + # Show full diff results, part of TestCase so does not follow our naming + # conventions. + maxDiff = None + + def testGetValueByPath(self): + """Tests the GetValueByPath function.""" + path = os.path.join(u'test_data', u'com.apple.HIToolbox.plist') + with open(path, 'rb') as file_object: + plist_file = plist.PlistFile() + plist_file.Read(file_object) + + path_segments = [ + u'AppleEnabledInputSources', u'0', u'KeyboardLayout Name'] + + plist_value = plist_file.GetValueByPath(path_segments) + self.assertEqual(plist_value, u'U.S.') + + def testReadBinary(self): + """Tests the Read function on a binary plist file.""" + path = os.path.join(u'test_data', u'com.apple.HIToolbox.plist') + with open(path, 'rb') as file_object: + plist_file = plist.PlistFile() + plist_file.Read(file_object) + + self.assertNotEqual(plist_file.root_key, None) + + def testReadXML(self): + """Tests the Read function on a XML plist file.""" + path = os.path.join(u'test_data', u'com.apple.iPod.plist') + with open(path, 'rb') as file_object: + plist_file = plist.PlistFile() + plist_file.Read(file_object) + + self.assertNotEqual(plist_file.root_key, None) + + +if __name__ == '__main__': + unittest.main() diff --git a/tests/parsers/plist_plugins/interface.py b/tests/parsers/plist_plugins/interface.py index 2abbef918d..9494d93d08 100644 --- a/tests/parsers/plist_plugins/interface.py +++ b/tests/parsers/plist_plugins/interface.py @@ -50,6 +50,25 @@ def testGetPluginNames(self): self.assertTrue(u'plist_default' in plugin_names) + def testGetKeys(self): + """Tests the _GetKeys function.""" + # Ensure the plugin only processes if both filename and keys exist. + plugin_object = MockPlugin() + + # Match DeviceCache from the root level. + key = [u'DeviceCache'] + result = plugin_object._GetKeys(self._top_level_dict, key) + self.assertEqual(len(result), 1) + + # Look for a key nested a layer beneath DeviceCache from root level. + # Note: overriding the default depth to look deeper. + key = [u'44-00-00-00-00-02'] + result = plugin_object._GetKeys(self._top_level_dict, key, depth=2) + self.assertEqual(len(result), 1) + + # Check the value of the result was extracted as expected. + self.assertTrue(u'test-macpro' == result[key[0]][u'Name']) + def testProcess(self): """Tests the Process function.""" # Ensure the plugin only processes if both filename and keys exist. @@ -100,22 +119,6 @@ def testRecurseKey(self): expected = {u'DeviceCache', u'44-00-00-00-00-04', u'44-00-00-00-00-02'} self.assertTrue(expected == set(my_keys)) - def testGetKeys(self): - """Tests the GetKeys function.""" - # Match DeviceCache from the root level. - key = [u'DeviceCache'] - result = interface.GetKeys(self._top_level_dict, key) - self.assertEqual(len(result), 1) - - # Look for a key nested a layer beneath DeviceCache from root level. - # Note: overriding the default depth to look deeper. - key = [u'44-00-00-00-00-02'] - result = interface.GetKeys(self._top_level_dict, key, depth=2) - self.assertEqual(len(result), 1) - - # Check the value of the result was extracted as expected. - self.assertTrue(u'test-macpro' == result[key[0]][u'Name']) - if __name__ == '__main__': unittest.main()