Code review: 269460043: Split different parser types log2timeline#378

fabionitto · Dec 31, 2015 · d70c6ce · d70c6ce
1 parent 22f2c5b
commit d70c6ce
Show file tree

Hide file tree

Showing 47 changed files with 269 additions and 361 deletions.
diff --git a/config/dpkg/changelog b/config/dpkg/changelog
@@ -2,4 +2,4 @@ python-plaso (1.3.1-1) unstable; urgency=low
 
   * Auto-generated
 
- -- Log2Timeline <[email protected]>  Fri, 30 Oct 2015 19:48:00 +0100
+ -- Log2Timeline <[email protected]>  Mon, 02 Nov 2015 08:03:19 +0100
diff --git a/plaso/__init__.py b/plaso/__init__.py
@@ -3,7 +3,7 @@
 __version__ = '1.3.1'
 
 VERSION_DEV = True
-VERSION_DATE = '20151030'
+VERSION_DATE = '20151102'
 
 
 def GetVersion():

diff --git a/plaso/engine/worker.py b/plaso/engine/worker.py
@@ -250,11 +250,13 @@ def _ParseFileEntryWithParser(
       self._parsers_profiler.StartTiming(parser_object.NAME)
 
     try:
-      if isinstance(parser_object, parsers_interface.SingleFileBaseParser):
+      if isinstance(parser_object, parsers_interface.FileEntryParser):
+        parser_object.Parse(self._parser_mediator)
+      elif isinstance(parser_object, parsers_interface.FileObjectParser):
         parser_object.Parse(self._parser_mediator, file_object)
       else:
-        parser_object.UpdateChainAndParse(
-            self._parser_mediator, file_object=file_object)
+        logging.warning(
+            u'{0:s} unsupported parser type.'.format(parser_object.NAME))
 
     # We catch the IOError so we can determine the parser that generated
     # the error.

diff --git a/plaso/lib/utils.py b/plaso/lib/utils.py
@@ -4,8 +4,6 @@
 import logging
 import re
 
-from plaso.lib import py2to3
-
 
 # Illegal Unicode characters for XML.
 ILLEGAL_XML_RE = re.compile(
@@ -88,32 +86,6 @@ def GetUnicodeString(string):
   return string
 
 
-def GetInodeValue(inode_raw):
-  """Read in a 'raw' inode value and try to convert it into an integer.
-
-  Args:
-    inode_raw: A string or an int inode value.
-
-  Returns:
-    An integer inode value.
-  """
-  if isinstance(inode_raw, py2to3.INTEGER_TYPES):
-    return inode_raw
-
-  if isinstance(inode_raw, float):
-    return int(inode_raw)
-
-  try:
-    return int(inode_raw)
-  except ValueError:
-    # Let's do one more attempt.
-    inode_string, _, _ = str(inode_raw).partition('-')
-    try:
-      return int(inode_string)
-    except ValueError:
-      return -1
-
-
 def RemoveIllegalXMLCharacters(string, replacement=u'\ufffd'):
   """Removes illegal Unicode characters for XML.
 

diff --git a/plaso/parsers/android_app_usage.py b/plaso/parsers/android_app_usage.py
@@ -33,7 +33,7 @@ def __init__(self, java_time, package_name, component_name):
     self.package = package_name
 
 
-class AndroidAppUsageParser(interface.SingleFileBaseParser):
+class AndroidAppUsageParser(interface.FileObjectParser):
   """Parses the Android usage-history.xml file."""
 
   NAME = u'android_app_usage'

diff --git a/plaso/parsers/asl.py b/plaso/parsers/asl.py
@@ -66,7 +66,7 @@ def __init__(
     self.user_sid = u'{0:d}'.format(record_header.uid)
 
 
-class AslParser(interface.SingleFileBaseParser):
+class AslParser(interface.FileObjectParser):
   """Parser for ASL log files."""
 
   _INITIAL_FILE_OFFSET = None

diff --git a/plaso/parsers/bencode_parser.py b/plaso/parsers/bencode_parser.py
@@ -16,7 +16,7 @@
 from plaso.parsers import manager
 
 
-class BencodeParser(interface.SingleFileBaseParser):
+class BencodeParser(interface.FileObjectParser):
   """Deserializes bencoded file; produces a dictionary containing bencoded data.
 
   The Plaso engine calls parsers by their Parse() method. The Parse() function

diff --git a/plaso/parsers/bsm.py b/plaso/parsers/bsm.py
@@ -103,7 +103,7 @@ def __init__(
     self.offset = offset
 
 
-class BsmParser(interface.SingleFileBaseParser):
+class BsmParser(interface.FileObjectParser):
   """Parser for BSM files."""
 
   _INITIAL_FILE_OFFSET = None

diff --git a/plaso/parsers/chrome_cache.py b/plaso/parsers/chrome_cache.py
@@ -311,7 +311,7 @@ def __init__(self, cache_entry):
     self.original_url = cache_entry.key
 
 
-class ChromeCacheParser(interface.BaseParser):
+class ChromeCacheParser(interface.FileEntryParser):
   """Parses Chrome Cache files."""
 
   NAME = u'chrome_cache'
@@ -357,31 +357,30 @@ def _ParseCacheEntries(self, parser_mediator, index_file, data_block_files):
         cache_address = cache_entry.next
         cache_address_chain_length += 1
 
-  def Parse(self, parser_mediator, **kwargs):
+  def ParseFileEntry(self, parser_mediator, file_entry, **kwargs):
     """Parses Chrome Cache files.
 
     Args:
-      parser_mediator: A parser mediator object (instance of ParserMediator).
+      parser_mediator: a parser mediator object (instance of ParserMediator).
+      file_entry: a file entry object (instance of dfvfs.FileEntry).
 
     Raises:
       UnableToParseFile: when the file cannot be parsed.
     """
-    display_name = parser_mediator.GetDisplayName()
-    file_object = parser_mediator.GetFileObject()
-
     index_file = IndexFile()
+    file_object = file_entry.GetFileObject()
     try:
       index_file.Open(file_object)
     except IOError as exception:
       file_object.close()
+
+      display_name = parser_mediator.GetDisplayName()
       raise errors.UnableToParseFile(
           u'[{0:s}] unable to parse index file {1:s} with error: {2:s}'.format(
               self.NAME, display_name, exception))
 
-    file_entry = parser_mediator.GetFileEntry()
-    file_system = file_entry.GetFileSystem()
-
     try:
+      file_system = file_entry.GetFileSystem()
       self.ParseIndexFile(
           parser_mediator, file_system, file_entry, index_file, **kwargs)
     finally:

diff --git a/plaso/parsers/chrome_preferences.py b/plaso/parsers/chrome_preferences.py
@@ -26,7 +26,7 @@ def __init__(self, timestamp, extension_id, extension_name, path):
     self.path = path
 
 
-class ChromePreferencesParser(interface.SingleFileBaseParser):
+class ChromePreferencesParser(interface.FileObjectParser):
   """Parses Chrome Preferences files."""
 
   NAME = u'chrome_preferences'

diff --git a/plaso/parsers/cups_ipp.py b/plaso/parsers/cups_ipp.py
@@ -108,7 +108,7 @@ def _ListToString(self, values):
           u'Unable to parse log line, with error: {0:s}'.format(exception))
 
 
-class CupsIppParser(interface.SingleFileBaseParser):
+class CupsIppParser(interface.FileObjectParser):
   """Parser for CUPS IPP files. """
 
   NAME = u'cups_ipp'

diff --git a/plaso/parsers/custom_destinations.py b/plaso/parsers/custom_destinations.py
@@ -16,7 +16,7 @@
 from plaso.parsers import winlnk
 
 
-class CustomDestinationsParser(interface.SingleFileBaseParser):
+class CustomDestinationsParser(interface.FileObjectParser):
   """Parses .customDestinations-ms files."""
 
   _INITIAL_FILE_OFFSET = None

diff --git a/plaso/parsers/esedb.py b/plaso/parsers/esedb.py
@@ -29,7 +29,7 @@ def StoreDictInCache(self, attribute_name, dict_object):
     setattr(self, attribute_name, dict_object)
 
 
-class EseDbParser(interface.SingleFileBaseParser):
+class EseDbParser(interface.FileObjectParser):
   """Parses Extensible Storage Engine (ESE) database files (EDB)."""
 
   _INITIAL_FILE_OFFSET = None

diff --git a/plaso/parsers/filestat.py b/plaso/parsers/filestat.py
@@ -9,7 +9,7 @@
 from plaso.parsers import manager
 
 
-class FileStatParser(interface.BaseParser):
+class FileStatParser(interface.FileEntryParser):
   """Class that defines a file system stat object parser."""
 
   NAME = u'filestat'
@@ -27,27 +27,25 @@ def _GetFileSystemTypeFromFileEntry(self, file_entry):
     Returns:
       A string indicating the file system type.
     """
-    file_system = file_entry.GetFileSystem()
-    type_indicator = file_system.type_indicator
-
-    if type_indicator != dfvfs_definitions.TYPE_INDICATOR_TSK:
-      return type_indicator
+    if file_entry.type_indicator != dfvfs_definitions.TYPE_INDICATOR_TSK:
+      return file_entry.type_indicator
 
     # TODO: Implement fs_type in dfVFS and remove this implementation
     # once that is in place.
+    file_system = file_entry.GetFileSystem()
     fs_info = file_system.GetFsInfo()
     if fs_info.info:
       type_string = u'{0:s}'.format(fs_info.info.ftype)
       if type_string.startswith(u'TSK_FS_TYPE'):
         return type_string[12:]
 
-  def Parse(self, parser_mediator, **kwargs):
-    """Extracts event objects from a file system stat entry.
+  def ParseFileEntry(self, parser_mediator, file_entry, **kwargs):
+    """Parses a file entry.
 
     Args:
       parser_mediator: A parser mediator object (instance of ParserMediator).
+      file_entry: A file entry object (instance of dfvfs.FileEntry).
     """
-    file_entry = parser_mediator.GetFileEntry()
     stat_object = file_entry.GetStat()
     if not stat_object:
       return
@@ -58,22 +56,22 @@ def Parse(self, parser_mediator, **kwargs):
     file_size = getattr(stat_object, u'size', None),
 
     for time_attribute in self._TIME_ATTRIBUTES:
-      timestamp = getattr(stat_object, time_attribute, None)
-      if timestamp is None:
+      posix_time = getattr(stat_object, time_attribute, None)
+      if posix_time is None:
         continue
 
       nano_time_attribute = u'{0:s}_nano'.format(time_attribute)
       nano_time_attribute = getattr(stat_object, nano_time_attribute, None)
 
-      timestamp = timelib.Timestamp.FromPosixTime(timestamp)
+      timestamp = timelib.Timestamp.FromPosixTime(posix_time)
       if nano_time_attribute is not None:
         # Note that the _nano values are in intervals of 100th nano seconds.
         micro_time_attribute, _ = divmod(nano_time_attribute, 10)
         timestamp += micro_time_attribute
 
-      # TODO: this also ignores any timestamp that equals 0.
-      # Is this the desired behavior?
-      if not timestamp:
+      # TSK will return 0 if the timestamp is not set.
+      if (file_entry.type_indicator == dfvfs_definitions.TYPE_INDICATOR_TSK and
+          not timestamp):
         continue
 
       event_object = file_system_events.FileStatEvent(

diff --git a/plaso/parsers/firefox_cache.py b/plaso/parsers/firefox_cache.py
@@ -38,7 +38,7 @@ def __init__(self, timestamp, timestamp_type, cache_record_values):
       setattr(self, key, value)
 
 
-class BaseFirefoxCacheParser(interface.SingleFileBaseParser):
+class BaseFirefoxCacheParser(interface.FileObjectParser):
   """Parses Firefox cache files."""
 
   # pylint: disable=abstract-method
@@ -192,11 +192,10 @@ def ParseFileObject(self, parser_mediator, file_object, **kwargs):
     if file_object.get_size() < 4:
       raise errors.UnableToParseFile(u'Not a Firefox cache2 file.')
 
-    file_entry = parser_mediator.GetFileEntry()
-
+    filename = parser_mediator.GetFilename()
     try:
       # Match cache2 filename (SHA-1 hex of cache record key).
-      self._CACHE_FILENAME.parseString(file_entry.name)
+      self._CACHE_FILENAME.parseString(filename)
     except pyparsing.ParseException:
       raise errors.UnableToParseFile(u'Not a Firefox cache2 file.')
 
@@ -425,16 +424,16 @@ def ParseFileObject(self, parser_mediator, file_object, **kwargs):
     Raises:
       UnableToParseFile: when the file cannot be parsed.
     """
-    file_entry = parser_mediator.GetFileEntry()
+    filename = parser_mediator.GetFilename()
     display_name = parser_mediator.GetDisplayName()
 
     try:
       # Match cache filename. Five hex characters + 'm' + two digit
       # number, e.g. '01ABCm02'. 'm' is for metadata. Cache files with 'd'
       # instead contain data only.
-      self._CACHE_FILENAME.parseString(file_entry.name)
+      self._CACHE_FILENAME.parseString(filename)
     except pyparsing.ParseException:
-      if not file_entry.name.startswith(u'_CACHE_00'):
+      if not filename.startswith(u'_CACHE_00'):
         raise errors.UnableToParseFile(u'Not a Firefox cache1 file.')
 
     firefox_config = self._GetFirefoxConfig(file_object, display_name)

diff --git a/plaso/parsers/hachoir.py b/plaso/parsers/hachoir.py
@@ -44,7 +44,7 @@ def __init__(self, dt_timestamp, usage, attributes):
     self.metadata = attributes
 
 
-class HachoirParser(interface.SingleFileBaseParser):
+class HachoirParser(interface.FileObjectParser):
   """Class to parse meta data from files using Hachoir."""
 
   NAME = u'hachoir'
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,4 +2,4 @@ python-plaso (1.3.1-1) unstable; urgency=low

		* Auto-generated

		-- Log2Timeline <[email protected]> Fri, 30 Oct 2015 19:48:00 +0100
		-- Log2Timeline <[email protected]> Mon, 02 Nov 2015 08:03:19 +0100