Changes to GetFieldValues in output module (log2timeline#4853)

joachimmetz · Mar 29, 2024 · 89f5efa · 89f5efa
1 parent 1dbec7a
commit 89f5efa
Show file tree

Hide file tree

Showing 23 changed files with 152 additions and 170 deletions.
diff --git a/plaso/output/interface.py b/plaso/output/interface.py
@@ -21,23 +21,6 @@ class OutputModule(object):
   # Value to indicate the output module writes to an output file.
   WRITES_OUTPUT_FILE = False
 
-  @abc.abstractmethod
-  def _GetFieldValues(
-      self, output_mediator, event, event_data, event_data_stream, event_tag):
-    """Retrieves the output field values.
-
-    Args:
-      output_mediator (OutputMediator): mediates interactions between output
-          modules and other components, such as storage and dfVFS.
-      event (EventObject): event.
-      event_data (EventData): event data.
-      event_data_stream (EventDataStream): event data stream.
-      event_tag (EventTag): event tag.
-
-    Returns:
-      dict[str, str]: output field values per name.
-    """
-
   def _ReportEventError(self, event, event_data, error_message):
     """Reports an event related error.
 
@@ -62,6 +45,7 @@ def Close(self):
     """Closes the output."""
     return
 
+  @abc.abstractmethod
   def GetFieldValues(
       self, output_mediator, event, event_data, event_data_stream, event_tag):
     """Retrieves the output field values.
@@ -77,8 +61,6 @@ def GetFieldValues(
     Returns:
       dict[str, str]: output field values per name.
     """
-    return self._GetFieldValues(
-        output_mediator, event, event_data, event_data_stream, event_tag)
 
   def GetMissingArguments(self):
     """Retrieves arguments required by the module that have not been specified.
@@ -114,7 +96,7 @@ def WriteFieldValuesOfMACBGroup(self, output_mediator, macb_group):
           with identical timestamps, attributes and values.
     """
     for event, event_data, event_data_stream, event_tag in macb_group:
-      field_values = self._GetFieldValues(
+      field_values = self.GetFieldValues(
           output_mediator, event, event_data, event_data_stream, event_tag)
       self.WriteFieldValues(output_mediator, field_values)
 

diff --git a/plaso/output/null.py b/plaso/output/null.py
@@ -13,7 +13,7 @@ class NullOutputModule(interface.OutputModule):
 
   # pylint: disable=unused-argument
 
-  def _GetFieldValues(
+  def GetFieldValues(
       self, output_mediator, event, event_data, event_data_stream, event_tag):
     """Retrieves the output field values.
 

diff --git a/plaso/output/rawpy.py b/plaso/output/rawpy.py
@@ -49,7 +49,71 @@ def __init__(self):
     super(NativePythonOutputModule, self).__init__()
     self._field_formatting_helper = dynamic.DynamicFieldFormattingHelper()
 
-  def _GetFieldValues(
+  def _GetString(self, field_values):
+    """Retrieves an output string.
+
+    Args:
+      field_values (dict[str, str]): output field values per name.
+
+    Returns:
+      str: output string.
+    """
+    reserved_attributes = []
+    additional_attributes = []
+
+    for field_name, field_value in sorted(field_values.items()):
+      if field_name in (
+          '_event_identifier', '_event_tag_labels', '_timestamp', 'path_spec'):
+        continue
+
+      field_string = '  {{{0!s}}} {1!s}'.format(field_name, field_value)
+
+      if field_name in self._RESERVED_FIELDS:
+        reserved_attributes.append(field_string)
+      else:
+        additional_attributes.append(field_string)
+
+    lines_of_text = [
+        '+-' * 40,
+        '[Timestamp]:',
+        '  {0:s}'.format(field_values['_timestamp'])]
+
+    path_specification = field_values.get('path_spec', None)
+    if path_specification:
+      lines_of_text.extend([
+          '',
+          '[Pathspec]:'])
+      lines_of_text.extend([
+          '  {0:s}'.format(line)
+          for line in path_specification.comparable.split('\n')])
+
+      # Remove additional empty line.
+      lines_of_text.pop()
+
+    lines_of_text.extend([
+        '',
+        '[Reserved attributes]:'])
+    lines_of_text.extend(reserved_attributes)
+
+    lines_of_text.extend([
+        '',
+        '[Additional attributes]:'])
+    lines_of_text.extend(additional_attributes)
+
+    event_tag_labels = field_values.get('_event_tag_labels', None)
+    if event_tag_labels:
+      labels = ', '.join([
+          '\'{0:s}\''.format(label) for label in event_tag_labels])
+      lines_of_text.extend([
+          '',
+          '[Tag]:',
+          '  {{labels}} [{0:s}]'.format(labels)])
+
+    lines_of_text.append('')
+
+    return '\n'.join(lines_of_text)
+
+  def GetFieldValues(
       self, output_mediator, event, event_data, event_data_stream, event_tag):
     """Retrieves the output field values.
 
@@ -123,70 +187,6 @@ def _GetFieldValues(
 
     return field_values
 
-  def _GetString(self, field_values):
-    """Retrieves an output string.
-
-    Args:
-      field_values (dict[str, str]): output field values per name.
-
-    Returns:
-      str: output string.
-    """
-    reserved_attributes = []
-    additional_attributes = []
-
-    for field_name, field_value in sorted(field_values.items()):
-      if field_name in (
-          '_event_identifier', '_event_tag_labels', '_timestamp', 'path_spec'):
-        continue
-
-      field_string = '  {{{0!s}}} {1!s}'.format(field_name, field_value)
-
-      if field_name in self._RESERVED_FIELDS:
-        reserved_attributes.append(field_string)
-      else:
-        additional_attributes.append(field_string)
-
-    lines_of_text = [
-        '+-' * 40,
-        '[Timestamp]:',
-        '  {0:s}'.format(field_values['_timestamp'])]
-
-    path_specification = field_values.get('path_spec', None)
-    if path_specification:
-      lines_of_text.extend([
-          '',
-          '[Pathspec]:'])
-      lines_of_text.extend([
-          '  {0:s}'.format(line)
-          for line in path_specification.comparable.split('\n')])
-
-      # Remove additional empty line.
-      lines_of_text.pop()
-
-    lines_of_text.extend([
-        '',
-        '[Reserved attributes]:'])
-    lines_of_text.extend(reserved_attributes)
-
-    lines_of_text.extend([
-        '',
-        '[Additional attributes]:'])
-    lines_of_text.extend(additional_attributes)
-
-    event_tag_labels = field_values.get('_event_tag_labels', None)
-    if event_tag_labels:
-      labels = ', '.join([
-          '\'{0:s}\''.format(label) for label in event_tag_labels])
-      lines_of_text.extend([
-          '',
-          '[Tag]:',
-          '  {{labels}} [{0:s}]'.format(labels)])
-
-    lines_of_text.append('')
-
-    return '\n'.join(lines_of_text)
-
   def WriteFieldValues(self, output_mediator, field_values):
     """Writes field values to the output.
 

diff --git a/plaso/output/shared_json.py b/plaso/output/shared_json.py
@@ -108,7 +108,7 @@ def __init__(self):
     super(SharedJSONOutputModule, self).__init__()
     self._field_formatting_helper = JSONFieldFormattingHelper()
 
-  def _GetFieldValues(
+  def GetFieldValues(
       self, output_mediator, event, event_data, event_data_stream, event_tag):
     """Retrieves the output field values.
 

diff --git a/plaso/output/shared_opensearch.py b/plaso/output/shared_opensearch.py
@@ -327,7 +327,7 @@ def Close(self):
 
     self._client = None
 
-  def _GetFieldValues(
+  def GetFieldValues(
       self, output_mediator, event, event_data, event_data_stream, event_tag):
     """Retrieves the output field values.
 

diff --git a/plaso/output/text_file.py b/plaso/output/text_file.py
@@ -72,8 +72,14 @@ def __init__(self):
     super(TextFileOutputModule, self).__init__()
     self._file_object = None
 
+  def Close(self):
+    """Closes the output file."""
+    if self._file_object:
+      self._file_object.close()
+      self._file_object = None
+
   @abc.abstractmethod
-  def _GetFieldValues(
+  def GetFieldValues(
       self, output_mediator, event, event_data, event_data_stream, event_tag):
     """Retrieves the output field values.
 
@@ -89,12 +95,6 @@ def _GetFieldValues(
       dict[str, str]: output field values per name.
     """
 
-  def Close(self):
-    """Closes the output file."""
-    if self._file_object:
-      self._file_object.close()
-      self._file_object = None
-
   def Open(self, path=None, **kwargs):  # pylint: disable=arguments-differ
     """Opens the output file.
 
@@ -166,7 +166,20 @@ def _FlushSortedStringsHeap(self):
 
     self._last_primary_sort_key = None
 
-  def _GetFieldValues(
+  @abc.abstractmethod
+  def _GetString(self, output_mediator, field_values):
+    """Retrieves an output string.
+
+    Args:
+      output_mediator (OutputMediator): mediates interactions between output
+          modules and other components, such as storage and dfVFS.
+      field_values (dict[str, str]): output field values per name.
+
+    Returns:
+      str: output string.
+    """
+
+  def GetFieldValues(
       self, output_mediator, event, event_data, event_data_stream, event_tag):
     """Retrieves the output field values.
 
@@ -184,19 +197,6 @@ def _GetFieldValues(
     return self._event_formatting_helper.GetFieldValues(
         output_mediator, event, event_data, event_data_stream, event_tag)
 
-  @abc.abstractmethod
-  def _GetString(self, output_mediator, field_values):
-    """Retrieves an output string.
-
-    Args:
-      output_mediator (OutputMediator): mediates interactions between output
-          modules and other components, such as storage and dfVFS.
-      field_values (dict[str, str]): output field values per name.
-
-    Returns:
-      str: output string.
-    """
-
   def WriteFieldValues(self, output_mediator, field_values):
     """Writes field values to the output.
 

diff --git a/plaso/output/xlsx.py b/plaso/output/xlsx.py
@@ -81,7 +81,29 @@ def _FormatDateTime(self, output_mediator, event, event_data):  # pylint: disabl
               event.timestamp, exception))
       return 'ERROR'
 
-  def _GetFieldValues(
+  def _SanitizeField(self, field):
+    """Sanitizes a field for output.
+
+    This method replaces any illegal XML string characters with the Unicode
+    replacement character (\ufffd).
+
+    Args:
+      field (str): value of the field to sanitize.
+
+    Returns:
+      str: sanitized value of the field.
+    """
+    return self._ILLEGAL_XML_RE.sub('\ufffd', field)
+
+  def Close(self):
+    """Closes the workbook."""
+    for column_index, column_width in enumerate(self._column_widths):
+      self._sheet.set_column(column_index, column_index, column_width)
+
+    self._workbook.close()
+    self._workbook = None
+
+  def GetFieldValues(
       self, output_mediator, event, event_data, event_data_stream, event_tag):
     """Retrieves the output field values.
 
@@ -119,28 +141,6 @@ def _GetFieldValues(
 
     return field_values
 
-  def _SanitizeField(self, field):
-    """Sanitizes a field for output.
-
-    This method replaces any illegal XML string characters with the Unicode
-    replacement character (\ufffd).
-
-    Args:
-      field (str): value of the field to sanitize.
-
-    Returns:
-      str: sanitized value of the field.
-    """
-    return self._ILLEGAL_XML_RE.sub('\ufffd', field)
-
-  def Close(self):
-    """Closes the workbook."""
-    for column_index, column_width in enumerate(self._column_widths):
-      self._sheet.set_column(column_index, column_index, column_width)
-
-    self._workbook.close()
-    self._workbook = None
-
   def Open(self, path=None, **kwargs):  # pylint: disable=arguments-differ
     """Creates a new workbook.
 

diff --git a/tests/multi_process/output_engine.py b/tests/multi_process/output_engine.py
@@ -38,7 +38,7 @@ def __init__(self):
     self.events = []
     self.macb_groups = []
 
-  def _GetFieldValues(
+  def GetFieldValues(
       self, output_mediator_object, event, event_data, event_data_stream,
       event_tag):
     """Retrieves the output field values.

diff --git a/tests/output/dynamic.py b/tests/output/dynamic.py
@@ -124,7 +124,7 @@ class DynamicOutputModuleTest(test_lib.OutputModuleTestCase):
        'timestamp_desc': definitions.TIME_DESCRIPTION_METADATA_MODIFICATION}]
 
   def testGetFieldValues(self):
-    """Tests the _GetFieldValues function."""
+    """Tests the GetFieldValues function."""
     output_mediator = self._CreateOutputMediator()
 
     formatters_directory_path = self._GetTestFilePath(['formatters'])
@@ -166,7 +166,7 @@ def testGetFieldValues(self):
         'type': 'Metadata Modification Time',
         'user': '-'}
 
-    field_values = output_module._GetFieldValues(
+    field_values = output_module.GetFieldValues(
         output_mediator, event, event_data, event_data_stream, event_tag)
 
     self.assertEqual(field_values, expected_field_values)
@@ -206,7 +206,7 @@ def testWriteFieldValues(self):
     event_tag = events.EventTag()
     event_tag.AddLabels(['Malware', 'Printed'])
 
-    field_values = output_module._GetFieldValues(
+    field_values = output_module.GetFieldValues(
         output_mediator, event, event_data, event_data_stream, event_tag)
 
     output_module.WriteFieldValues(output_mediator, field_values)
@@ -249,7 +249,7 @@ def testWriteFieldValues(self):
     event_tag = events.EventTag()
     event_tag.AddLabels(['Malware', 'Printed'])
 
-    field_values = output_module._GetFieldValues(
+    field_values = output_module.GetFieldValues(
         output_mediator, event, event_data, event_data_stream, event_tag)
 
     output_module.WriteFieldValues(output_mediator, field_values)