1. Advisor
  2. artifacts
  3. functions
  4. artifacts.source_type
View all artifacts analysis

How to use the artifacts.source_type function in artifacts

To help you get started, we’ve selected a few artifacts examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github ForensicArtifacts / artifacts / tests / source_type.py View on Github external
def testInitialize(self):
    """Tests the __init__ function."""
    source_type.WMIQuerySourceType(query=u'test')
github ForensicArtifacts / artifacts / tests / source_type.py View on Github external
def testInitialize(self):
    """Tests the __init__ function."""
    source_type.WindowsRegistryValueSourceType(
        key_value_pairs=[{'key': u'test', 'value': u'test'}])

    with self.assertRaises(errors.FormatError):
      source_type.WindowsRegistryValueSourceType(
          key_value_pairs=[{'bad': u'test', 'value': u'test'}])

    with self.assertRaises(errors.FormatError):
      source_type.WindowsRegistryValueSourceType(
          key_value_pairs={'bad': u'test', 'value': u'test'})
github ForensicArtifacts / artifacts / tests / source_type.py View on Github external
def testInitialize(self):
    """Tests the __init__ function."""
    source_type.ArtifactSourceType(names=[u'test'])
github scudette / rekall-agent-server / applications / Rekall / modules / api / forensic_artifacts.py View on Github external
from artifacts import registry
from artifacts import source_type

from gluon import http
from rekall_lib.rekall_types import artifacts

import re
import yaml




TYPE_INDICATOR_REKALL_EFILTER = "REKALL_EFILTER"


class RekallEfilter(source_type.SourceType):

    TYPE_INDICATOR = TYPE_INDICATOR_REKALL_EFILTER

    def __init__(self, query=None, type_name=None, fields=None):
        if not query:
            raise errors.FormatError(u'Missing query value.')

        super(RekallEfilter, self).__init__()
        self.type_name = type_name
        self.fields = fields or []

    def AsDict(self):
        source_type_attributes = dict(query=self.query)
        if self.type_name:
            source_type_attributes["type_name"] = self.type_name
github ForensicArtifacts / artifacts / artifacts / registry.py View on Github external
# -*- coding: utf-8 -*-
"""The artifact definitions registry."""

from __future__ import unicode_literals

from artifacts import definitions
from artifacts import errors
from artifacts import source_type


class ArtifactDefinitionsRegistry(object):
  """Artifact definitions registry."""

  _source_type_classes = {
      definitions.TYPE_INDICATOR_ARTIFACT_GROUP:
          source_type.ArtifactGroupSourceType,
      definitions.TYPE_INDICATOR_COMMAND: source_type.CommandSourceType,
      definitions.TYPE_INDICATOR_DIRECTORY: source_type.DirectorySourceType,
      definitions.TYPE_INDICATOR_FILE: source_type.FileSourceType,
      definitions.TYPE_INDICATOR_PATH: source_type.PathSourceType,
      definitions.TYPE_INDICATOR_WINDOWS_REGISTRY_KEY:
          source_type.WindowsRegistryKeySourceType,
      definitions.TYPE_INDICATOR_WINDOWS_REGISTRY_VALUE:
          source_type.WindowsRegistryValueSourceType,
      definitions.TYPE_INDICATOR_WMI_QUERY: source_type.WMIQuerySourceType,
  }

  def __init__(self):
    """Initializes an artifact definitions registry."""
    super(ArtifactDefinitionsRegistry, self).__init__()
    self._artifact_definitions = {}
    self._artifact_name_references = set()

artifacts

ForensicArtifacts.com Artifact Repository.

GitHub
Apache-2.0
Latest version published 8 months ago

Package Health Score

68 / 100
Full package analysis

Popular artifacts functions

Similar packages