# -*- coding: utf-8 -*-
"""Processing configuration classes."""
from acstore.containers import interface
[docs]
class CredentialConfiguration(interface.AttributeContainer):
"""Configuration settings for a credential.
Attributes:
credential_data (bytes): credential data.
credential_type (str): credential type.
path_spec (dfvfs.PathSpec): path specification.
"""
CONTAINER_TYPE = 'credential_configuration'
[docs]
def __init__(
self, credential_data=None, credential_type=None, path_spec=None):
"""Initializes a credential configuration object.
Args:
credential_data (Optional[bytes]): credential data.
credential_type (Optional[str]): credential type.
path_spec (Optional[dfvfs.PathSpec]): path specification.
"""
super(CredentialConfiguration, self).__init__()
self.credential_data = credential_data
self.credential_type = credential_type
self.path_spec = path_spec
[docs]
class ProfilingConfiguration(interface.AttributeContainer):
"""Configuration settings for profiling.
Attributes:
directory (str): path to the directory where the profiling sample files
should be stored.
profilers (set(str)): names of the profilers to enable.
Supported profilers are:
* 'format_checks', which profiles CPU time consumed per format check;
* 'memory', which profiles memory usage;
* 'parsers', which profiles CPU time consumed by individual parsers;
* 'processing', which profiles CPU time consumed by different parts of
processing;
* 'serializers', which profiles CPU time consumed by individual
serializers.
* 'storage', which profiles storage reads and writes.
sample_rate (int): the profiling sample rate. Contains the number of event
sources processed.
"""
CONTAINER_TYPE = 'profiling_configuration'
[docs]
def __init__(self):
"""Initializes a profiling configuration object."""
super(ProfilingConfiguration, self).__init__()
self.directory = None
self.profilers = set()
self.sample_rate = 1000
[docs]
def HaveProfileAnalyzers(self):
"""Determines if analyzers profiling is configured.
Returns:
bool: True if analyzers profiling is configured.
"""
return 'analyzers' in self.profilers
[docs]
def HaveProfileMemory(self):
"""Determines if memory profiling is configured.
Returns:
bool: True if memory profiling is configured.
"""
return 'memory' in self.profilers
[docs]
def HaveProfileParsers(self):
"""Determines if parsers profiling is configured.
Returns:
bool: True if parsers profiling is configured.
"""
return 'parsers' in self.profilers
[docs]
def HaveProfileProcessing(self):
"""Determines if processing profiling is configured.
Returns:
bool: True if processing profiling is configured.
"""
return 'processing' in self.profilers
[docs]
def HaveProfileSerializers(self):
"""Determines if serializers profiling is configured.
Returns:
bool: True if serializers profiling is configured.
"""
return 'serializers' in self.profilers
[docs]
def HaveProfileStorage(self):
"""Determines if storage profiling is configured.
Returns:
bool: True if storage profiling is configured.
"""
return 'storage' in self.profilers
[docs]
def HaveProfileTaskQueue(self):
"""Determines if task queue profiling is configured.
Returns:
bool: True if task queue profiling is configured.
"""
return 'task_queue' in self.profilers
[docs]
def HaveProfileTasks(self):
"""Determines if tasks profiling is configured.
Returns:
bool: True if task queue profiling is configured.
"""
return 'tasks' in self.profilers
[docs]
class ProcessingConfiguration(interface.AttributeContainer):
"""Configuration settings for processing.
Attributes:
artifact_definitions_path (str): path to artifact definitions directory
or file.
artifact_filters (Optional list[str]): names of artifact
definitions that are used for filtering file system and Windows
Registry key paths.
credentials (list[CredentialConfiguration]): credential configurations.
custom_artifacts_path (str): path to custom artifact definitions
directory or file.
custom_formatters_path (str): path to custom formatter definitions file.
data_location (str): path to the data files.
debug_output (bool): True if debug output should be enabled.
dynamic_time (bool): True if date and time values should be represented
in their granularity or semantically.
event_extraction (EventExtractionConfiguration): event extraction
configuration.
extraction (ExtractionConfiguration): extraction configuration.
filter_file (str): path to a file with find specifications.
force_parser (bool): True if a specified parser should be forced to be used
to extract events.
log_filename (str): name of the log file.
parser_filter_expression (str): parser filter expression,
where None represents all parsers and plugins.
preferred_codepage (str): preferred codepage.
preferred_encoding (str): preferred output encoding.
preferred_language (str): preferred language.
preferred_time_zone (str): preferred time zone.
preferred_year (int): preferred initial year value for year-less date and
time values.
profiling (ProfilingConfiguration): profiling configuration.
task_storage_format (str): format to use for storing task results.
task_storage_path (str): path of the directory containing SQLite task
storage files.
temporary_directory (str): path of the directory for temporary files.
"""
CONTAINER_TYPE = 'processing_configuration'
[docs]
def __init__(self):
"""Initializes a process configuration object."""
super(ProcessingConfiguration, self).__init__()
self.artifact_definitions_path = None
self.artifact_filters = None
self.credentials = []
self.custom_artifacts_path = None
self.custom_formatters_path = None
self.data_location = None
self.debug_output = False
self.dynamic_time = False
self.event_extraction = EventExtractionConfiguration()
self.extraction = ExtractionConfiguration()
self.filter_file = None
self.force_parser = None
self.log_filename = None
self.parser_filter_expression = None
self.preferred_codepage = None
self.preferred_encoding = None
self.preferred_language = None
self.preferred_time_zone = None
self.preferred_year = None
self.profiling = ProfilingConfiguration()
self.task_storage_format = None
self.task_storage_path = None
self.temporary_directory = None