How to use the artifacts.source_type.SourceType function in artifacts
To help you get started, we’ve selected a few artifacts examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
ForensicArtifacts / artifacts / artifacts / source_type.py View on Github 
WindowsRegistryKeySourceType.ValidateKey(pair['key'])
super(WindowsRegistryValueSourceType, self).__init__()
self.key_value_pairs = key_value_pairs
def AsDict(self):
"""Represents a source type as a dictionary.
Returns:
dict[str, str]: source type attributes.
"""
return {'key_value_pairs': self.key_value_pairs}
class WMIQuerySourceType(SourceType):
"""WMI query source type.
Attributes:
base_object (str): WMI base object.
query (str): WMI query.
"""
TYPE_INDICATOR = definitions.TYPE_INDICATOR_WMI_QUERY
def __init__(self, base_object=None, query=None):
"""Initializes a source type.
Args:
base_object (Optional[str]): WMI base object.
query (Optional[str]): WMI query.
def __init__(self):
"""Initializes an artifact definition source type.
Raises:
FormatError: if the indicator is not defined.
"""
super(SourceType, self).__init__()
if not self.TYPE_INDICATOR:
raise errors.FormatError('Missing type indicator.')"""
for prefix in cls.VALID_PREFIXES:
if key_path.startswith(prefix):
return
# TODO: move check to validator.
if key_path.startswith('HKEY_CURRENT_USER\\'):
raise errors.FormatError(
'HKEY_CURRENT_USER\\ is not supported instead use: '
'HKEY_USERS\\%%users.sid%%\\')
raise errors.FormatError(
'Unupported Registry key path: {0:s}'.format(key_path))
class WindowsRegistryValueSourceType(SourceType):
"""Windows Registry value source type."""
TYPE_INDICATOR = definitions.TYPE_INDICATOR_WINDOWS_REGISTRY_VALUE
def __init__(self, key_value_pairs=None):
"""Initializes a source type.
Args:
key_value_pairs (Optional[list[tuple[str, str]]]): key path and value
name pairs, where key paths are relative to the root of the Windows
Registry.
Raises:
FormatError: when key value pairs is not set.
"""
if not key_value_pairs:if not names:
raise errors.FormatError('Missing names value.')
super(ArtifactGroupSourceType, self).__init__()
self.names = names
def AsDict(self):
"""Represents a source type as a dictionary.
Returns:
dict[str, str]: source type attributes.
"""
return {'names': self.names}
class CommandSourceType(SourceType):
"""Command source type."""
TYPE_INDICATOR = definitions.TYPE_INDICATOR_COMMAND
def __init__(self, args=None, cmd=None):
"""Initializes a source type.
Args:
args (list[str]): arguments to the command to run.
cmd (str): command to run.
Raises:
FormatError: when args or cmd is not set.
"""
if args is None or cmd is None:
raise errors.FormatError('Missing args or cmd value.')raise errors.FormatError('Missing args or cmd value.')
super(CommandSourceType, self).__init__()
self.args = args
self.cmd = cmd
def AsDict(self):
"""Represents a source type as a dictionary.
Returns:
dict[str, str]: source type attributes.
"""
return {'cmd': self.cmd, 'args': self.args}
class DirectorySourceType(SourceType):
"""Directory source type."""
TYPE_INDICATOR = definitions.TYPE_INDICATOR_DIRECTORY
def __init__(self, paths=None, separator='/'):
"""Initializes a source type.
Args:
paths (Optional[str]): paths relative to the root of the file system.
separator (Optional[str]): path segment separator.
Raises:
FormatError: when paths is not set or not a list type.
"""
if not paths:
raise errors.FormatError('Missing paths value.') @property
def type_indicator(self):
"""str: type indicator."""
return self.TYPE_INDICATOR
@abc.abstractmethod
def AsDict(self):
"""Represents a source type as a dictionary.
Returns:
dict[str, str]: source type attributes.
"""
class ArtifactGroupSourceType(SourceType):
"""Artifact group source type."""
TYPE_INDICATOR = definitions.TYPE_INDICATOR_ARTIFACT_GROUP
def __init__(self, names=None):
"""Initializes a source type.
Args:
names (Optional[str]): artifact definition names.
Raises:
FormatError: when artifact names is not set.
"""
if not names:
raise errors.FormatError('Missing names value.')self.separator = separator
def AsDict(self):
"""Represents a source type as a dictionary.
Returns:
dict[str, str]: source type attributes.
"""
source_type_attributes = {'paths': self.paths}
if self.separator != '/':
source_type_attributes['separator'] = self.separator
return source_type_attributes
class FileSourceType(SourceType):
"""File source type."""
TYPE_INDICATOR = definitions.TYPE_INDICATOR_FILE
def __init__(self, paths=None, separator='/'):
"""Initializes a source type.
Args:
paths (Optional[str]): paths relative to the root of the file system.
separator (Optional[str]): path segment separator.
Raises:
FormatError: when paths is not set or not a list type.
"""
if not paths:
raise errors.FormatError('Missing paths value.')self.separator = separator
def AsDict(self):
"""Represents a source type as a dictionary.
Returns:
dict[str, str]: source type attributes.
"""
source_type_attributes = {'paths': self.paths}
if self.separator != '/':
source_type_attributes['separator'] = self.separator
return source_type_attributes
class PathSourceType(SourceType):
"""Path source type."""
TYPE_INDICATOR = definitions.TYPE_INDICATOR_PATH
def __init__(self, paths=None, separator='/'):
"""Initializes a source type.
Args:
paths (Optional[str]): paths relative to the root of the file system.
separator (Optional[str]): path segment separator.
Raises:
FormatError: when paths is not set or not a list type.
"""
if not paths:
raise errors.FormatError('Missing paths value.')self.separator = separator
def AsDict(self):
"""Represents a source type as a dictionary.
Returns:
dict[str, str]: source type attributes.
"""
source_type_attributes = {'paths': self.paths}
if self.separator != '/':
source_type_attributes['separator'] = self.separator
return source_type_attributes
class WindowsRegistryKeySourceType(SourceType):
"""Windows Registry key source type."""
TYPE_INDICATOR = definitions.TYPE_INDICATOR_WINDOWS_REGISTRY_KEY
VALID_PREFIXES = [
r'HKEY_LOCAL_MACHINE',
r'HKEY_USERS',
r'HKEY_CLASSES_ROOT',
r'%%current_control_set%%',
]
def __init__(self, keys=None):
"""Initializes a source type.
Args:
keys (Optional[list[str]]): key paths relative to the root ofartifacts
ForensicArtifacts.com Artifact Repository.
Package Health Score
69 / 100Popular artifacts functions
- artifacts.collector.CollectorDefinition
- artifacts.definitions
- artifacts.definitions.SUPPORTED_OS
- artifacts.definitions.TYPE_INDICATOR_ARTIFACT_GROUP
- artifacts.definitions.TYPE_INDICATOR_FILE
- artifacts.definitions.TYPE_INDICATOR_PATH
- artifacts.definitions.TYPE_INDICATOR_WINDOWS_REGISTRY_KEY
- artifacts.definitions.TYPE_INDICATOR_WINDOWS_REGISTRY_VALUE
- artifacts.errors
- artifacts.errors.FormatError
- artifacts.reader
- artifacts.reader.YamlArtifactsReader
- artifacts.registry
- artifacts.source_type
- artifacts.source_type.FileSourceType
- artifacts.source_type.PathSourceType
- artifacts.source_type.SourceType
- artifacts.source_type.WindowsRegistryKeySourceType
- artifacts.win_artifacts.AbstractWMIArtifact