Changes to make year-less log helper support full dates log2timeline#…

…4697

docs/sources/api/plaso.lib.rst

@@ -20,6 +20,14 @@ plaso.lib.cookie\_plugins\_helper module
    :undoc-members:
    :show-inheritance:
 
+plaso.lib.dateless\_helper module
+---------------------------------
+
+.. automodule:: plaso.lib.dateless_helper
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
 plaso.lib.decorators module
 ---------------------------
 
@@ -84,14 +92,6 @@ plaso.lib.specification module
    :undoc-members:
    :show-inheritance:
 
-plaso.lib.yearless\_helper module
----------------------------------
-
-.. automodule:: plaso.lib.yearless_helper
-   :members:
-   :undoc-members:
-   :show-inheritance:
-
 Module contents
 ---------------
 

docs/sources/api/plaso.parsers.sqlite_plugins.rst

@@ -300,6 +300,14 @@ plaso.parsers.sqlite\_plugins.windows\_eventtranscript module
    :undoc-members:
    :show-inheritance:
 
+plaso.parsers.sqlite\_plugins.windows\_push\_notification module
+----------------------------------------------------------------
+
+.. automodule:: plaso.parsers.sqlite_plugins.windows_push_notification
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
 plaso.parsers.sqlite\_plugins.windows\_timeline module
 ------------------------------------------------------
 

plaso/containers/events.py

@@ -82,6 +82,60 @@ def CalculateEventValuesHash(event_data, event_data_stream):
   return md5_context.hexdigest()
 
 
+class DateLessLogHelper(interface.AttributeContainer):
+  """Attribute container to assist with logs without full dates.
+
+  Attributes:
+    earliest_year (int): earliest possible year the event data stream was
+        created.
+    last_relative_year (int): last relative year determined by the date-less
+        log helper.
+    latest_year (int): latest possible year the event data stream was created.
+  """
+
+  CONTAINER_TYPE = 'date_less_log_helper'
+
+  SCHEMA = {
+      '_event_data_stream_identifier': 'AttributeContainerIdentifier',
+      'earliest_year': 'int',
+      'last_relative_year': 'int',
+      'latest_year': 'int'}
+
+  _SERIALIZABLE_PROTECTED_ATTRIBUTES = [
+      '_event_data_stream_identifier']
+
+  def __init__(self):
+    """Initializes a date-less log helper attribute container."""
+    super(DateLessLogHelper, self).__init__()
+    self._event_data_stream_identifier = None
+    self.earliest_year = None
+    self.last_relative_year = None
+    self.latest_year = None
+
+  def GetEventDataStreamIdentifier(self):
+    """Retrieves the identifier of the associated event data stream.
+
+    The event data stream identifier is a storage specific value that requires
+    special handling during serialization.
+
+    Returns:
+      AttributeContainerIdentifier: event data stream or None when not set.
+    """
+    return self._event_data_stream_identifier
+
+  def SetEventDataStreamIdentifier(self, event_data_stream_identifier):
+    """Sets the identifier of the associated event data stream.
+
+    The event data stream identifier is a storage specific value that requires
+    special handling during serialization.
+
+    Args:
+      event_data_stream_identifier (AttributeContainerIdentifier): event data
+          stream identifier.
+    """
+    self._event_data_stream_identifier = event_data_stream_identifier
+
+
 class EventData(interface.AttributeContainer):
   """Event data attribute container.
 
@@ -384,59 +438,5 @@ def SetEventIdentifier(self, event_identifier):
     self._event_identifier = event_identifier
 
 
-class YearLessLogHelper(interface.AttributeContainer):
-  """Year-less log helper attribute container.
-
-  Attributes:
-    earliest_year (int): earliest possible year the event data stream was
-        created.
-    last_relative_year (int): last relative year determined by the year-less
-        log helper.
-    latest_year (int): latest possible year the event data stream was created.
-  """
-
-  CONTAINER_TYPE = 'year_less_log_helper'
-
-  SCHEMA = {
-      '_event_data_stream_identifier': 'AttributeContainerIdentifier',
-      'earliest_year': 'int',
-      'last_relative_year': 'int',
-      'latest_year': 'int'}
-
-  _SERIALIZABLE_PROTECTED_ATTRIBUTES = [
-      '_event_data_stream_identifier']
-
-  def __init__(self):
-    """Initializes a year-less log helper attribute container."""
-    super(YearLessLogHelper, self).__init__()
-    self._event_data_stream_identifier = None
-    self.earliest_year = None
-    self.last_relative_year = None
-    self.latest_year = None
-
-  def GetEventDataStreamIdentifier(self):
-    """Retrieves the identifier of the associated event data stream.
-
-    The event data stream identifier is a storage specific value that requires
-    special handling during serialization.
-
-    Returns:
-      AttributeContainerIdentifier: event data stream or None when not set.
-    """
-    return self._event_data_stream_identifier
-
-  def SetEventDataStreamIdentifier(self, event_data_stream_identifier):
-    """Sets the identifier of the associated event data stream.
-
-    The event data stream identifier is a storage specific value that requires
-    special handling during serialization.
-
-    Args:
-      event_data_stream_identifier (AttributeContainerIdentifier): event data
-          stream identifier.
-    """
-    self._event_data_stream_identifier = event_data_stream_identifier
-
-
 manager.AttributeContainersManager.RegisterAttributeContainers([
-    EventData, EventDataStream, EventObject, EventTag, YearLessLogHelper])
+    DateLessLogHelper, EventData, EventDataStream, EventObject, EventTag])

plaso/engine/timeliner.py

@@ -39,7 +39,7 @@ def __init__(
 
     Args:
       data_location (Optional[str]): path of the timeliner configuration file.
-      preferred_year (Optional[int]): preferred initial year value for year-less
+      preferred_year (Optional[int]): preferred initial year value for date-less
           date and time values.
       system_configurations (Optional[list[SystemConfigurationArtifact]]):
           system configurations.
@@ -86,7 +86,7 @@ def _GetBaseYear(self, storage_writer, event_data):
       int: base year.
     """
     # If preferred year is set considered it a user override, otherwise try
-    # to determine the year based on the year-less log helper or fallback to
+    # to determine the year based on the date-less log helper or fallback to
     # the current year.
 
     if self._preferred_year:
@@ -103,25 +103,25 @@ def _GetBaseYear(self, storage_writer, event_data):
       return base_year
 
     filter_expression = f'_event_data_stream_identifier == "{lookup_key:s}"'
-    year_less_log_helpers = list(storage_writer.GetAttributeContainers(
-        events.YearLessLogHelper.CONTAINER_TYPE,
+    date_less_log_helpers = list(storage_writer.GetAttributeContainers(
+        events.DateLessLogHelper.CONTAINER_TYPE,
         filter_expression=filter_expression))
-    if not year_less_log_helpers:
+    if not date_less_log_helpers:
       message = (
-          f'missing year-less log helper, defaulting to current year: '
+          f'missing date-less log helper, defaulting to current year: '
           f'{self._current_year:d}')
       self._ProduceTimeliningWarning(storage_writer, event_data, message)
 
       base_year = self._current_year
 
     else:
-      earliest_year = year_less_log_helpers[0].earliest_year
-      last_relative_year = year_less_log_helpers[0].last_relative_year
-      latest_year = year_less_log_helpers[0].latest_year
+      earliest_year = date_less_log_helpers[0].earliest_year
+      last_relative_year = date_less_log_helpers[0].last_relative_year
+      latest_year = date_less_log_helpers[0].latest_year
 
       if earliest_year is None and latest_year is None:
         message = (
-            f'missing earliest and latest year in year-less log helper, '
+            f'missing earliest and latest year in date-less log helper, '
             f'defaulting to current year: {self._current_year:d}')
         self._ProduceTimeliningWarning(storage_writer, event_data, message)
 

plaso/lib/yearless_helper.py → plaso/lib/dateless_helper.py

@@ -1,14 +1,14 @@
 # -*- coding: utf-8 -*-
-"""The year-less log format helper mix-in."""
+"""The date-less log format helper mix-in."""
 
 from dfvfs.lib import definitions as dfvfs_definitions
 from dfvfs.resolver import resolver as path_spec_resolver
 
 from plaso.containers import events
 
 
-class YearLessLogFormatHelper(object):
-  """Year-less log format helper mix-in."""
+class DateLessLogFormatHelper(object):
+  """Date-less log format helper mix-in."""
 
   _MONTH_DICT = {
       'jan': 1,
@@ -27,8 +27,8 @@ class YearLessLogFormatHelper(object):
   _VALID_MONTHS = frozenset(range(1, 13))
 
   def __init__(self):
-    """Initializes the year-less log format helper mix-in."""
-    super(YearLessLogFormatHelper, self).__init__()
+    """Initializes the date-less log format helper mix-in."""
+    super(DateLessLogFormatHelper, self).__init__()
     self._base_year = None
     self._maximum_year = None
     self._month = None
@@ -173,13 +173,13 @@ def _UpdateYear(self, month):
 
     self._month = month
 
-  def GetYearLessLogHelper(self):
-    """Retrieves a year-less log helper attribute container.
+  def GetDateLessLogHelper(self):
+    """Retrieves a date-less log helper attribute container.
 
     Returns:
-      YearLessLogHelper: year-less log helper.
+      DateLessLogHelper: date-less log helper.
     """
-    year_less_log_helper = events.YearLessLogHelper()
+    year_less_log_helper = events.DateLessLogHelper()
     year_less_log_helper.earliest_year = self._base_year
     year_less_log_helper.last_relative_year = self._relative_year
     year_less_log_helper.latest_year = self._maximum_year

plaso/multi_process/extraction_engine.py

@@ -92,10 +92,10 @@ class ExtractionMultiProcessEngine(task_engine.TaskMultiProcessEngine):
   * merge results returned by extraction worker processes.
   """
 
+  _CONTAINER_TYPE_DATE_LESS_LOG_HELPER = events.DateLessLogHelper.CONTAINER_TYPE
   _CONTAINER_TYPE_EVENT_DATA = events.EventData.CONTAINER_TYPE
   _CONTAINER_TYPE_EVENT_DATA_STREAM = events.EventDataStream.CONTAINER_TYPE
   _CONTAINER_TYPE_EVENT_SOURCE = event_sources.EventSource.CONTAINER_TYPE
-  _CONTAINER_TYPE_YEAR_LESS_LOG_HELPER = events.YearLessLogHelper.CONTAINER_TYPE
 
   # Maximum number of dfVFS file system objects to cache in the foreman process.
   _FILE_SYSTEM_CACHE_SIZE = 3
@@ -395,8 +395,8 @@ def _MergeAttributeContainer(self, storage_writer, merge_helper, container):
     self._status = definitions.STATUS_INDICATOR_MERGING
 
     if container.CONTAINER_TYPE in (
-        self._CONTAINER_TYPE_EVENT_DATA,
-        self._CONTAINER_TYPE_YEAR_LESS_LOG_HELPER):
+        self._CONTAINER_TYPE_DATE_LESS_LOG_HELPER,
+        self._CONTAINER_TYPE_EVENT_DATA):
       event_data_stream_identifier = container.GetEventDataStreamIdentifier()
       event_data_stream_lookup_key = None
       if event_data_stream_identifier:

plaso/multi_process/merge_helpers.py

@@ -116,10 +116,10 @@ class ExtractionTaskMergeHelper(BaseTaskMergeHelper):
   _CONTAINER_TYPES = (
       event_sources.EventSource.CONTAINER_TYPE,
       events.EventDataStream.CONTAINER_TYPE,
-      # The year-less log helper is needed to generate event from the event
+      # The date-less log helper is needed to generate event from the event
       # data by the timeliner and therefore needs to be merged before event
       # data containers.
-      events.YearLessLogHelper.CONTAINER_TYPE,
+      events.DateLessLogHelper.CONTAINER_TYPE,
       events.EventData.CONTAINER_TYPE,
       warnings.ExtractionWarning.CONTAINER_TYPE,
       warnings.RecoveryWarning.CONTAINER_TYPE,

plaso/parsers/mediator.py

@@ -200,17 +200,17 @@ def _GetEnvironmentVariablesByPathSpec(self, path_spec):
 
     return self._environment_variables_per_path_spec.get(path_spec.parent, None)
 
-  def AddYearLessLogHelper(self, year_less_log_helper):
-    """Adds a year-less log helper.
+  def AddDateLessLogHelper(self, date_less_log_helper):
+    """Adds a date-less log helper.
 
     Args:
-      year_less_log_helper (YearLessLogHelper): year-less log helper.
+      date_less_log_helper (DateLessLogHelper): date-less log helper.
     """
     if self._event_data_stream_identifier:
-      year_less_log_helper.SetEventDataStreamIdentifier(
+      date_less_log_helper.SetEventDataStreamIdentifier(
           self._event_data_stream_identifier)
 
-    self._storage_writer.AddAttributeContainer(year_less_log_helper)
+    self._storage_writer.AddAttributeContainer(date_less_log_helper)
 
   def AddWindowsEventLogMessageFile(self, message_file):
     """Adds a Windows EventLog message file.

plaso/parsers/text_parser.py

@@ -316,9 +316,9 @@ def ParseFileObject(self, parser_mediator, file_object):
           finally:
             parser_mediator.SampleStopTiming(profiling_name)
 
-          if hasattr(plugin, 'GetYearLessLogHelper'):
-            year_less_log_helper = plugin.GetYearLessLogHelper()
-            parser_mediator.AddYearLessLogHelper(year_less_log_helper)
+          if hasattr(plugin, 'GetDateLessLogHelper'):
+            year_less_log_helper = plugin.GetDateLessLogHelper()
+            parser_mediator.AddDateLessLogHelper(year_less_log_helper)
 
           break
 

plaso/parsers/text_plugins/android_logcat.py

@@ -35,8 +35,8 @@
 from dfdatetime import time_elements as dfdatetime_time_elements
 
 from plaso.containers import events
+from plaso.lib import dateless_helper
 from plaso.lib import errors
-from plaso.lib import yearless_helper
 from plaso.parsers import text_parser
 from plaso.parsers.text_plugins import interface
 
@@ -76,7 +76,7 @@ def __init__(self):
 
 
 class AndroidLogcatTextPlugin(
-    interface.TextPlugin, yearless_helper.YearLessLogFormatHelper):
+    interface.TextPlugin, dateless_helper.DateLessLogFormatHelper):
   """Text parser plugin for Android logcat files."""
 
   NAME = 'android_logcat'
@@ -105,7 +105,7 @@ class AndroidLogcatTextPlugin(
       pyparsing.Word(pyparsing.nums, exact=6))
 
   # Date and time values are formatted as:
-  # 01-02 01:02:04.156 (yearless)
+  # 01-02 01:02:04.156 (year-less)
   # 2022-01-02 01:20:03.171
   # 2022-01-02 11:44:23.183801
   _DATE_TIME = (

plaso/parsers/text_plugins/google_logging.py

@@ -15,8 +15,8 @@
 import pyparsing
 
 from plaso.containers import events
+from plaso.lib import dateless_helper
 from plaso.lib import errors
-from plaso.lib import yearless_helper
 from plaso.parsers import text_parser
 from plaso.parsers.text_plugins import interface
 
@@ -56,7 +56,7 @@ def __init__(self, data_type=DATA_TYPE):
 
 
 class GoogleLogTextPlugin(
-    interface.TextPlugin, yearless_helper.YearLessLogFormatHelper):
+    interface.TextPlugin, dateless_helper.DateLessLogFormatHelper):
   """Text parser plugin for Google-formatted log files."""
 
   NAME = 'googlelog'