plaso.storage.fake package

Submodules

plaso.storage.fake.event_heap module

Heap to sort events in chronological order.

class plaso.storage.fake.event_heap.EventHeap[source]

Bases: object

Event heap.

PopEvent()[source]

Pops an event from the heap.

Returns:

event.

Return type:

EventObject

PopEvents()[source]

Pops events from the heap.

Yields:

EventObject – event.

PushEvent(event, event_index)[source]

Pushes an event onto the heap.

Parameters:

  • event (EventObject) – event.

  • event_index (int) – index of the event in the storage.

__init__()[source]

Initializes an event heap.

property number_of_events

number of serialized events on the heap.

Type:

int

plaso.storage.fake.fake_store module

Fake (in-memory only) store for testing.

class plaso.storage.fake.fake_store.FakeStore(*args: Any, **kwargs: Any)[source]

Bases: FakeAttributeContainerStore

Fake (in-memory only) store for testing.

serialization_format

serialization format.

Type:

str

GetSortedEvents(time_range=None)[source]

Retrieves the events in increasing chronological order.

Parameters:

time_range (Optional[TimeRange]) – time range used to filter events that fall in a specific period.

Returns:

event generator.

Return type:

generator(EventObject)

Raises:

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

SetSerializersProfiler(serializers_profiler)[source]

Sets the serializers profiler.

Parameters:

serializers_profiler (SerializersProfiler) – serializers profiler.

__init__()[source]

Initializes a fake (in-memory only) store.

plaso.storage.fake.writer module

Fake (in-memory only) storage writer for testing.

class plaso.storage.fake.writer.FakeStorageWriter(storage_type='session')[source]

Bases: StorageWriter

Fake (in-memory only) storage writer object.

task_completion

task completion attribute container.

Type:

TaskCompletion

task_start

task start attribute container.

Type:

TaskStart

GetFirstWrittenEventData()[source]

Retrieves the first event data that was written after open.

Using GetFirstWrittenEventData and GetNextWrittenEventData newly added event data can be retrieved in order of addition.

Returns:

event data or None if there are no newly written ones.

Return type:

EventData

Raises:

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

GetFirstWrittenEventSource()[source]

Retrieves the first event source that was written after open.

Using GetFirstWrittenEventSource and GetNextWrittenEventSource newly added event sources can be retrieved in order of addition.

Returns:

event source or None if there are no newly written ones.

Return type:

EventSource

Raises:

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

GetNextWrittenEventData()[source]

Retrieves the next event data that was written after open.

Returns:

event data or None if there are no newly written ones.

Return type:

EventData

Raises:

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

GetNextWrittenEventSource()[source]

Retrieves the next event source that was written after open.

Returns:

event source or None if there are no newly written ones.

Return type:

EventSource

Raises:

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

Open(**unused_kwargs)[source]

Opens the storage writer.

Raises:

  • IOError – if the storage writer is already opened.

  • OSError – if the storage writer is already opened.

__init__(storage_type='session')[source]

Initializes a storage writer object.

Parameters:

storage_type (Optional[str]) – storage type.

Module contents