plaso.storage.redis package

Submodules

plaso.storage.redis.reader module

Redis storage reader.

class plaso.storage.redis.reader.RedisStorageReader(session_identifier, task_identifier, redis_client=None)[source]

Bases: StorageReader

Redis storage file reader.

plaso.storage.redis.redis_store module

Redis store.

Only supports task storage at the moment.

class plaso.storage.redis.redis_store.RedisStore(*args: Any, **kwargs: Any)[source]

Bases: AttributeContainerStore

Redis store.

Attribute containers are stored as Redis Hashes. All keys are prefixed with the session identifier to avoid collisions. Event identifiers are also stored in an index to enable sorting.

Close()[source]

Closes the store.

Raises

  • IOError – if the store is already closed.

  • OSError – if the store is already closed.

DEFAULT_REDIS_URL = 'redis://127.0.0.1/0'
GetAttributeContainerByIdentifier(container_type, identifier)[source]

Retrieves a specific type of container with a specific identifier.

Parameters

  • container_type (str) – container type.

  • identifier (AttributeContainerIdentifier) – attribute container identifier.

Returns

attribute container or None if not available.

Return type

AttributeContainer

Raises

  • IOError – when the store is closed or if an unsupported identifier is provided.

  • OSError – when the store is closed or if an unsupported identifier is provided.

GetAttributeContainerByIndex(container_type, index)[source]

Retrieves a specific attribute container.

Parameters

  • container_type (str) – attribute container type.

  • index (int) – attribute container index.

Returns

attribute container or None if not available.

Return type

AttributeContainer

GetAttributeContainers(container_type, filter_expression=None)[source]

Retrieves attribute containers

Parameters

  • container_type (str) – container type attribute of the container being added.

  • filter_expression (Optional[str]) – expression to filter the resulting attribute containers by.

Yields

AttributeContainer – attribute container.

GetNumberOfAttributeContainers(container_type)[source]

Retrieves the number of a specific type of attribute containers.

Parameters

container_type (str) – attribute container type.

Returns

the number of containers of a specified type.

Return type

int

GetSerializedAttributeContainers(container_type, cursor, maximum_number_of_items)[source]

Fetches serialized attribute containers.

Parameters

  • container_type (str) – attribute container type.

  • cursor (int) – Redis cursor.

  • maximum_number_of_items (int) – maximum number of containers to retrieve, where 0 represent no limit.

Returns

containing:

int: Redis cursor. list[bytes]: serialized attribute containers.

Return type

tuple

GetSortedEvents(time_range=None)[source]

Retrieves the events in increasing chronological order.

Parameters

time_range (Optional[TimeRange]) – This argument is not supported by the Redis store.

Yields

EventObject – event.

Raises

RuntimeError – if a time_range argument is specified.

HasAttributeContainers(container_type)[source]

Determines if the store contains a specific type of attribute container.

Parameters

container_type (str) – attribute container type.

Returns

True if the store contains the specified type of attribute

containers.

Return type

bool

Open(redis_client=None, session_identifier=None, task_identifier=None, url=None, **unused_kwargs)[source]

Opens the store.

Parameters

  • redis_client (Optional[Redis]) – Redis client to query. If specified, no new client will be created. If no client is specified a new client will be opened connected to the Redis instance specified by ‘url’.

  • session_identifier (Optional[str]) – identifier of the session.

  • task_identifier (Optional[str]) – unique identifier of the task the store will store containers for. If not specified, an identifier will be generated.

  • url (Optional[str]) – URL for a Redis database. If not specified, the DEFAULT_REDIS_URL will be used.

Raises

  • IOError – if the store is already connected to a Redis instance.

  • OSError – if the store is already connected to a Redis instance.

SetSerializersProfiler(serializers_profiler)[source]

Sets the serializers profiler.

Parameters

serializers_profiler (SerializersProfiler) – serializers profiler.

plaso.storage.redis.writer module

Storage writer for Redis.

class plaso.storage.redis.writer.RedisStorageWriter(storage_type='session')[source]

Bases: StorageWriter

Redis-based storage writer.

GetFirstWrittenEventData()[source]

Retrieves the first event data that was written after open.

Using GetFirstWrittenEventData and GetNextWrittenEventData newly added event data can be retrieved in order of addition.

Returns

None as there are no newly written event data.

Return type

EventData

Raises

  • IOError – if the storage writer is closed.

  • OSError – if the storage writer is closed.

GetFirstWrittenEventSource()[source]

Retrieves the first event source that was written after open.

Using GetFirstWrittenEventSource and GetNextWrittenEventSource newly added event sources can be retrieved in order of addition.

Returns

None as there are no newly written event sources.

Return type

EventSource

Raises

  • IOError – if the storage writer is closed.

  • OSError – if the storage writer is closed.

GetNextWrittenEventData()[source]

Retrieves the next event data that was written after open.

Returns

None as there are no newly written event data.

Return type

EventData

Raises

  • IOError – if the storage writer is closed.

  • OSError – if the storage writer is closed.

GetNextWrittenEventSource()[source]

Retrieves the next event source that was written after open.

Returns

None as there are no newly written event sources.

Return type

EventSource

Raises

  • IOError – if the storage writer is closed.

  • OSError – if the storage writer is closed.

Open(redis_client=None, session_identifier=None, task_identifier=None, **unused_kwargs)[source]

Opens the storage writer.

Parameters

  • redis_client (Optional[Redis]) – Redis client to query. If specified, no new client will be created. If no client is specified a new client will be opened connected to the Redis instance specified by ‘url’.

  • session_identifier (Optional[str]) – session identifier.

  • task_identifier (Optional[str]) – task identifier.

Raises

  • IOError – if the storage writer is already opened.

  • OSError – if the storage writer is already opened.

WritePreprocessingInformation(knowledge_base)[source]

Writes preprocessing information.

Parameters

knowledge_base (KnowledgeBase) – contains the preprocessing information.

Raises

  • IOError – always as the Redis store does not support preprocessing information.

  • OSError – always as the Redis store does not support preprocessing information.

Module contents