stefan/plaso-rubanetra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
master
plaso-rubanetra/plaso/engine/utils.py
Stefan 0da6783a45 Import from old repository
2020-04-06 18:48:34 +02:00

76 lines
2.4 KiB
Python
Raw Permalink Blame History

#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright 2014 The Plaso Project Authors.
# Please see the AUTHORS file for details on individual authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Engine utility functions."""
import logging
from dfvfs.helpers import file_system_searcher
from plaso.winreg import path_expander
def BuildFindSpecsFromFile(filter_file_path, pre_obj=None):
"""Returns a list of find specification from a filter file.
Args:
filter_file_path: A path to a file that contains find specifications.
pre_obj: A preprocessing object (instance of PreprocessObject). This is
optional but when provided takes care of expanding each segment.
"""
find_specs = []
if pre_obj:
expander = path_expander.WinRegistryKeyPathExpander()
with open(filter_file_path, 'rb') as file_object:
for line in file_object:
line = line.strip()
if line.startswith(u'#'):
continue
if pre_obj:
try:
line = expander.ExpandPath(line, pre_obj=pre_obj)
except KeyError as exception:
logging.error((
u'Unable to use collection filter line: {0:s} with error: '
u'{1:s}').format(line, exception))
continue
if not line.startswith(u'/'):
logging.warning((
u'The filter string must be defined as an abolute path: '
u'{0:s}').format(line))
continue
_, _, file_path = line.rstrip().rpartition(u'/')
if not file_path:
logging.warning(
u'Unable to parse the filter string: {0:s}'.format(line))
continue
# Convert the filter paths into a list of path segments and strip
# the root path segment.
path_segments = line.split(u'/')
path_segments.pop(0)
find_specs.append(file_system_searcher.FindSpec(
location_regex=path_segments, case_sensitive=False))
return find_specs
Reference in New Issue View Git Blame Copy Permalink