plaso.storage.fake package

Submodules

plaso.storage.fake.event_heap module

Heap to sort events in chronological order.

class plaso.storage.fake.event_heap.EventHeap[source]

Bases: object

Event heap.

PopEvent()[source]

Pops an event from the heap.

Returns

event.

Return type

EventObject

PopEvents()[source]

Pops events from the heap.

Yields

EventObject – event.

PushEvent(event, event_index)[source]

Pushes an event onto the heap.

Parameters

  • event (EventObject) – event.

  • event_index (int) – index of the event in the storage.

property number_of_events

number of serialized events on the heap.

Type

int

plaso.storage.fake.fake_store module

Fake (in-memory only) store for testing.

class plaso.storage.fake.fake_store.FakeStore(*args: Any, **kwargs: Any)[source]

Bases: FakeAttributeContainerStore

Fake (in-memory only) store for testing.

serialization_format

serialization format.

Type

str

GetSortedEvents(time_range=None)[source]

Retrieves the events in increasing chronological order.

Parameters

time_range (Optional[TimeRange]) – time range used to filter events that fall in a specific period.

Returns

event generator.

Return type

generator(EventObject)

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

SetSerializersProfiler(serializers_profiler)[source]

Sets the serializers profiler.

Parameters

serializers_profiler (SerializersProfiler) – serializers profiler.

plaso.storage.fake.writer module

Fake (in-memory only) storage writer for testing.

class plaso.storage.fake.writer.FakeStorageWriter(storage_type='session')[source]

Bases: StorageWriter

Fake (in-memory only) storage writer object.

task_completion

task completion attribute container.

Type

TaskCompletion

task_start

task start attribute container.

Type

TaskStart

GetFirstWrittenEventData()[source]

Retrieves the first event data that was written after open.

Using GetFirstWrittenEventData and GetNextWrittenEventData newly added event data can be retrieved in order of addition.

Returns

event data or None if there are no newly written ones.

Return type

EventData

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

GetFirstWrittenEventSource()[source]

Retrieves the first event source that was written after open.

Using GetFirstWrittenEventSource and GetNextWrittenEventSource newly added event sources can be retrieved in order of addition.

Returns

event source or None if there are no newly written ones.

Return type

EventSource

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

GetNextWrittenEventData()[source]

Retrieves the next event data that was written after open.

Returns

event data or None if there are no newly written ones.

Return type

EventData

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

GetNextWrittenEventSource()[source]

Retrieves the next event source that was written after open.

Returns

event source or None if there are no newly written ones.

Return type

EventSource

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

Open(**unused_kwargs)[source]

Opens the storage writer.

Raises

  • IOError – if the storage writer is already opened.

  • OSError – if the storage writer is already opened.

Module contents