plaso.storage.fake package

Submodules

plaso.storage.fake.writer module

Fake storage writer for testing.

class plaso.storage.fake.writer.FakeStorageWriter(session, storage_type='session', task=None)[source]

Bases: plaso.storage.interface.StorageWriter

Fake storage writer object.

analysis_reports

analysis reports.

Type

list[AnalysisReport]

session_completion

session completion attribute container.

Type

SessionCompletion

session_start

session start attribute container.

Type

SessionStart

task_completion

task completion attribute container.

Type

TaskCompletion

task_start

task start attribute container.

Type

TaskStart

AddAnalysisReport(analysis_report, serialized_data=None)[source]

Adds an analysis report.

Parameters

  • analysis_report (AnalysisReport) – analysis report.

  • serialized_data (Optional[bytes]) – serialized form of the analysis report.

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

AddEvent(event, serialized_data=None)[source]

Adds an event.

Parameters

  • event (EventObject) – event.

  • serialized_data (bytes) – serialized form of the event.

Raises

  • IOError – when the storage writer is closed or if the event data identifier type is not supported.

  • OSError – when the storage writer is closed or if the event data identifier type is not supported.

AddEventData(event_data, serialized_data=None)[source]

Adds event data.

Parameters

  • event_data (EventData) – event data.

  • serialized_data (bytes) – serialized form of the event data.

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

AddEventSource(event_source, serialized_data=None)[source]

Adds an event source.

Parameters

  • event_source (EventSource) – event source.

  • serialized_data (Optional[bytes]) – serialized form of the event source.

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

AddEventTag(event_tag, serialized_data=None)[source]

Adds an event tag.

Parameters

  • event_tag (EventTag) – event tag.

  • serialized_data (Optional[bytes]) – serialized form of the event tag.

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

AddWarning(warning, serialized_data=None)[source]

Adds a warnings.

Parameters

  • warning (ExtractionWarning) – warning.

  • serialized_data (Optional[bytes]) – serialized form of the warning.

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

CheckTaskReadyForMerge(task)[source]

Checks if a task is ready for merging into the session store.

Parameters

task (Task) – task.

Returns

True if the task is ready to be merged.

Return type

bool

Raises

  • IOError – if the task storage type is not supported or the storage writer for the task does not exist.

  • OSError – if the task storage type is not supported or the storage writer for the task does not exist.

Close()[source]

Closes the storage writer.

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

CreateTaskStorage(task, task_storage_format)[source]

Creates a task storage.

Parameters

  • task (Task) – task.

  • task_storage_format (str) – storage format to store task results.

Returns

storage writer.

Return type

FakeStorageWriter

Raises

  • IOError – if the task storage already exists.

  • OSError – if the task storage already exists.

FinalizeTaskStorage(task)[source]

Finalizes a processed task storage.

Parameters

task (Task) – task.

Raises

  • IOError – if the task storage does not exist.

  • OSError – if the task storage does not exist.

GetEventData()[source]

Retrieves the event data.

Returns

event data generator.

Return type

generator(EventData)

GetEventDataByIdentifier(identifier)[source]

Retrieves specific event data.

Parameters

identifier (AttributeContainerIdentifier) – event data identifier.

Returns

event data or None if not available.

Return type

EventData

GetEventSources()[source]

Retrieves the event sources.

Returns

event source generator.

Return type

generator(EventSource)

GetEventTags()[source]

Retrieves the event tags.

Returns

event tag generator.

Return type

generator(EventTags)

GetEvents()[source]

Retrieves the events.

Returns

event generator.

Return type

generator(EventObject)

GetFirstWrittenEventSource()[source]

Retrieves the first event source that was written after open.

Using GetFirstWrittenEventSource and GetNextWrittenEventSource newly added event sources can be retrieved in order of addition.

Returns

event source or None if there are no newly written ones.

Return type

EventSource

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

GetNextWrittenEventSource()[source]

Retrieves the next event source that was written after open.

Returns

event source or None if there are no newly written ones.

Return type

EventSource

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

GetSortedEvents(time_range=None)[source]

Retrieves the events in increasing chronological order.

Parameters

time_range (Optional[TimeRange]) – time range used to filter events that fall in a specific period.

Returns

event generator.

Return type

generator(EventObject)

Raises

  • IOError – when the storage writer is closed.

  • OSError – when the storage writer is closed.

GetWarnings()[source]

Retrieves the warnings.

Returns

warning generator.

Return type

generator(ExtractionWarning)

Open()[source]

Opens the storage writer.

Raises

  • IOError – if the storage writer is already opened.

  • OSError – if the storage writer is already opened.

PrepareMergeTaskStorage(task)[source]

Prepares a task storage for merging.

Parameters

task (Task) – task.

Raises

  • IOError – if the task storage does not exist.

  • OSError – if the task storage does not exist.

ReadPreprocessingInformation(knowledge_base)[source]

Reads preprocessing information.

The preprocessing information contains the system configuration which contains information about various system specific configuration data, for example the user accounts.

Parameters

knowledge_base (KnowledgeBase) – is used to store the preprocessing information.

Raises

  • IOError – if the storage type does not support writing preprocessing information or when the storage writer is closed.

  • OSError – if the storage type does not support writing preprocessing information or when the storage writer is closed.

RemoveProcessedTaskStorage(task)[source]

Removes a processed task storage.

Parameters

task (Task) – task.

Raises

  • IOError – if the task storage does not exist.

  • OSError – if the task storage does not exist.

SetSerializersProfiler(serializers_profiler)[source]

Sets the serializers profiler.

Parameters

serializers_profiler (SerializersProfiler) – serializers profiler.

SetStorageProfiler(storage_profiler)[source]

Sets the storage profiler.

Parameters

storage_profiler (StorageProfiler) – storage profiler.

WritePreprocessingInformation(knowledge_base)[source]

Writes preprocessing information.

Parameters

knowledge_base (KnowledgeBase) – used to store the preprocessing information.

Raises

  • IOError – if the storage type does not support writing preprocessing information or when the storage writer is closed.

  • OSError – if the storage type does not support writing preprocessing information or when the storage writer is closed.

WriteSessionCompletion(aborted=False)[source]

Writes session completion information.

Parameters

aborted (Optional[bool]) – True if the session was aborted.

Raises

  • IOError – if the storage type does not support writing a session completion or when the storage writer is closed.

  • OSError – if the storage type does not support writing a session completion or when the storage writer is closed.

WriteSessionStart()[source]

Writes session start information.

Raises

  • IOError – if the storage type does not support writing a session start or when the storage writer is closed.

  • OSError – if the storage type does not support writing a session start or when the storage writer is closed.

WriteTaskCompletion(aborted=False)[source]

Writes task completion information.

Parameters

aborted (Optional[bool]) – True if the session was aborted.

Raises

  • IOError – if the storage type does not support writing a task completion or when the storage writer is closed.

  • OSError – if the storage type does not support writing a task completion or when the storage writer is closed.

WriteTaskStart()[source]

Writes task start information.

Raises

  • IOError – if the storage type does not support writing a task start or when the storage writer is closed.

  • OSError – if the storage type does not support writing a task start or when the storage writer is closed.

Module contents