1. Advisor
  2. artifacts
  3. functions
  4. artifacts.errors.FormatError
View all artifacts analysis

How to use the artifacts.errors.FormatError function in artifacts

To help you get started, we’ve selected a few artifacts examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github ForensicArtifacts / artifacts / tests / source_type.py View on Github external
def testInitialize(self):
    """Tests the __init__ function."""
    source_type.WindowsRegistryValueSourceType(
        key_value_pairs=[{'key': u'test', 'value': u'test'}])

    with self.assertRaises(errors.FormatError):
      source_type.WindowsRegistryValueSourceType(
          key_value_pairs=[{'bad': u'test', 'value': u'test'}])

    with self.assertRaises(errors.FormatError):
      source_type.WindowsRegistryValueSourceType(
          key_value_pairs={'bad': u'test', 'value': u'test'})
github ForensicArtifacts / artifacts / artifacts / source_type.py View on Github external
def ValidateKey(cls, key_path):
    """Validates this key against supported key names.

    Args:
      key_path (str): path of a Windows Registry key.

    Raises:
      FormatError: when key is not supported.
    """
    for prefix in cls.VALID_PREFIXES:
      if key_path.startswith(prefix):
        return

    # TODO: move check to validator.
    if key_path.startswith('HKEY_CURRENT_USER\\'):
      raise errors.FormatError(
          'HKEY_CURRENT_USER\\ is not supported instead use: '
          'HKEY_USERS\\%%users.sid%%\\')

    raise errors.FormatError(
        'Unupported Registry key path: {0:s}'.format(key_path))
github google / rekall / rekall-core / rekall / plugins / response / forensic_artifacts.py View on Github external
def SupportedOS(self, art_definition):
        supported_os = art_definition.get(
            "supported_os", definitions.SUPPORTED_OS)

        undefined_supported_os = set(supported_os).difference(
            definitions.SUPPORTED_OS)

        if undefined_supported_os:
            raise errors.FormatError(
                u'supported operating system: {} '
                u'not defined.'.format(
                    u', '.join(undefined_supported_os)))

        return supported_os
github google / rekall / rekall-core / rekall / plugins / response / forensic_artifacts.py View on Github external
def _LoadDefinition(self, data):
        if not isinstance(data, dict):
            raise errors.FormatError(
                "Artifact definition must be a dict.")

        different_keys = set(data) - definitions.TOP_LEVEL_KEYS
        if different_keys:
            raise errors.FormatError(u'Undefined keys: {}'.format(
                different_keys))

        self._LoadFieldDefinitions(data, self._field_definitions)
github ForensicArtifacts / artifacts / artifacts / source_type.py View on Github external
key_value_pairs (Optional[list[tuple[str, str]]]): key path and value
          name pairs, where key paths are relative to the root of the Windows
          Registry.

    Raises:
      FormatError: when key value pairs is not set.
    """
    if not key_value_pairs:
      raise errors.FormatError('Missing key value pairs value.')

    if not isinstance(key_value_pairs, list):
      raise errors.FormatError('key_value_pairs must be a list')

    for pair in key_value_pairs:
      if not isinstance(pair, dict):
        raise errors.FormatError('key_value_pair must be a dict')

      if set(pair.keys()) != set(['key', 'value']):
        key_value_pairs = ', '.join([
            '{0:s}: {1:s}'.format(key, value) for key, value in key_value_pairs
        ])
        error_message = (
            'key_value_pair missing "key" and "value" keys, got: '
            '{0:s}').format(key_value_pairs)
        raise errors.FormatError(error_message)

      WindowsRegistryKeySourceType.ValidateKey(pair['key'])

    super(WindowsRegistryValueSourceType, self).__init__()
    self.key_value_pairs = key_value_pairs
github ForensicArtifacts / artifacts / artifacts / source_type.py View on Github external
key_path (str): path of a Windows Registry key.

    Raises:
      FormatError: when key is not supported.
    """
    for prefix in cls.VALID_PREFIXES:
      if key_path.startswith(prefix):
        return

    # TODO: move check to validator.
    if key_path.startswith('HKEY_CURRENT_USER\\'):
      raise errors.FormatError(
          'HKEY_CURRENT_USER\\ is not supported instead use: '
          'HKEY_USERS\\%%users.sid%%\\')

    raise errors.FormatError(
        'Unupported Registry key path: {0:s}'.format(key_path))
github ForensicArtifacts / artifacts / artifacts / source_type.py View on Github external
def __init__(self, base_object=None, query=None):
    """Initializes a source type.

    Args:
      base_object (Optional[str]): WMI base object.
      query (Optional[str]): WMI query.

    Raises:
      FormatError: when query is not set.
    """
    if not query:
      raise errors.FormatError('Missing query value.')

    super(WMIQuerySourceType, self).__init__()
    self.base_object = base_object
    self.query = query
github google / rekall / rekall-core / rekall / plugins / response / forensic_artifacts.py View on Github external
def BuildSources(self, art_definition):
        sources = art_definition["sources"]
        result = []
        self.unsupported_source_types = []
        for source in sources:
            if not isinstance(source, dict):
                raise errors.FormatError("Source is not a dict.")

            source_type_name = source.get("type")
            if source_type_name is None:
                raise errors.FormatError("Source has no type.")

            source_cls = self.source_types.get(source_type_name)
            if source_cls:
                result.append(source_cls(source, artifact=self))
            else:
                self.unsupported_source_types.append(source_type_name)

        if not result:
            if self.unsupported_source_types:
                raise errors.FormatError(
                    "No supported sources: %s" % (
                        self.unsupported_source_types,))

            raise errors.FormatError("No available sources.")

        return result
github ForensicArtifacts / artifacts / artifacts / reader.py View on Github external
Returns:
      ArtifactDefinition: an artifact definition.

    Raises:
      FormatError: if the format of the artifact definition is not set
          or incorrect.
    """
    if not artifact_definition_values:
      raise errors.FormatError('Missing artifact definition values.')

    different_keys = (
        set(artifact_definition_values) - definitions.TOP_LEVEL_KEYS)
    if different_keys:
      different_keys = ', '.join(different_keys)
      raise errors.FormatError('Undefined keys: {0:s}'.format(different_keys))

    name = artifact_definition_values.get('name', None)
    if not name:
      raise errors.FormatError('Invalid artifact definition missing name.')

    # The description is assumed to be mandatory.
    description = artifact_definition_values.get('doc', None)
    if not description:
      raise errors.FormatError(
          'Invalid artifact definition: {0:s} missing description.'.format(
              name))

    artifact_definition = artifact.ArtifactDefinition(
        name, description=description)

    if artifact_definition_values.get('collectors', []):

artifacts

ForensicArtifacts.com Artifact Repository.

GitHub
Apache-2.0
Latest version published 6 months ago

Package Health Score

69 / 100
Full package analysis

Popular artifacts functions

Similar packages