Moved environment variables out of preprocess object log2timeline#241

plaso/containers/artifacts.py

@@ -5,7 +5,11 @@
 from plaso.containers import manager
 
 
-class EnvironmentVariableArtifact(interface.AttributeContainer):
+class ArtifactAttributeContainer(interface.AttributeContainer):
+  """Base class to represent an artifact attribute container."""
+
+
+class EnvironmentVariableArtifact(ArtifactAttributeContainer):
   """Class to represent an environment variable artifact attribute container.
 
   Also see:
@@ -14,17 +18,17 @@ class EnvironmentVariableArtifact(interface.AttributeContainer):
   Attributes:
     case_sensitive (bool): True if environment variable name is case sensitive.
     name (str): environment variable name e.g. 'SystemRoot' as in
-                '%SystemRoot%' or 'HOME' in '$HOME'.
+        '%SystemRoot%' or 'HOME' in '$HOME'.
     value (str): environment variable value e.g. 'C:\\Windows' or '/home/user'.
   """
-  CONTAINER_TYPE = u'environment_variable_artifact'
+  CONTAINER_TYPE = u'environment_variable'
 
   def __init__(self, case_sensitive=True, name=None, value=None):
     """Initializes an environment variable artifact.
 
     Args:
       case_sensitive (Optional[bool]): True if environment variable name
-                                       is case sensitive.
+          is case sensitive.
       name (Optional[str]): environment variable name.
       value (Optional[str]): environment variable value.
     """
@@ -34,7 +38,7 @@ def __init__(self, case_sensitive=True, name=None, value=None):
     self.value = value
 
 
-class HostnameArtifact(interface.AttributeContainer):
+class HostnameArtifact(ArtifactAttributeContainer):
   """Class to represent a hostname artifact attribute container.
 
   Also see:
@@ -46,7 +50,7 @@ class HostnameArtifact(interface.AttributeContainer):
     name (str): name of the host according to the naming schema.
     schema (str): naming schema e.g. DNS, NIS, SMB/NetBIOS.
   """
-  CONTAINER_TYPE = u'hostname_artifact'
+  CONTAINER_TYPE = u'hostname'
 
   def __init__(self, name=None, schema=u'DNS'):
     """Initializes a hostname artifact.
@@ -60,15 +64,15 @@ def __init__(self, name=None, schema=u'DNS'):
     self.schema = schema
 
 
-class SystemConfigurationArtifact(interface.AttributeContainer):
+class SystemConfigurationArtifact(ArtifactAttributeContainer):
   """Class to represent a system configuration artifact attribute container.
 
   Attributes:
     code_page (str): system code page.
     time_zone (str): system time zone.
     users (list[UserArtifact]): user
   """
-  CONTAINER_TYPE = u'system_configuration_artifact'
+  CONTAINER_TYPE = u'system_configuration'
 
   def __init__(self, code_page=None, time_zone=None):
     """Initializes a system configuration artifact.
@@ -83,7 +87,7 @@ def __init__(self, code_page=None, time_zone=None):
     self.users = []
 
 
-class UserAccountArtifact(interface.AttributeContainer):
+class UserAccountArtifact(ArtifactAttributeContainer):
   """Class to represent an user account artifact attribute container.
 
   Also see:
@@ -96,7 +100,7 @@ class UserAccountArtifact(interface.AttributeContainer):
     user_directory (str): path of the user (or home or profile) directory.
     username (str): name uniquely identifying the user.
   """
-  CONTAINER_TYPE = u'user_account_artifact'
+  CONTAINER_TYPE = u'user_account'
 
   def __init__(
       self, full_name=None, identifier=None, user_directory=None,
@@ -107,7 +111,7 @@ def __init__(
       full_name (Optional[str]): name describing the user e.g. full name.
       identifier (Optional[str]): user identifier.
       user_directory (Optional[str]): path of the user (or home or profile)
-                                      directory.
+          directory.
       username (Optional[str]): name uniquely identifying the user.
     """
     super(UserAccountArtifact, self).__init__()

plaso/engine/knowledge_base.py

@@ -36,6 +36,7 @@ def __init__(self, pre_obj=None):
 
     self._default_codepage = u'cp1252'
     self._default_timezone = pytz.timezone(u'UTC')
+    self._environment_variables = {}
     self._hostnames = {}
     self._preprocess_objects = {}
 
@@ -79,15 +80,28 @@ def year(self):
     """The year."""
     return getattr(self._pre_obj, u'year', 0)
 
+  def GetEnvironmentVariable(self, name):
+    """Retrieves an environment variable.
+
+    Args:
+      name (str): name of the environment variable.
+
+    Returns:
+      ArtifactAttributeContainer: environment variable artifact or None.
+    """
+    name = name.upper()
+    return self._environment_variables.get(name, None)
+
   def GetPathAttributes(self):
     """Retrieves the path attributes.
 
     Returns:
       dict[str, str]: path attributes, typically environment variables
-                      that are expanded e.g. $HOME or %SystemRoot%.
+          that are expanded e.g. $HOME or %SystemRoot%.
     """
-    # TODO: improve this only return known enviroment variables.
-    return self.pre_obj.__dict__
+    return {
+        environment_variable.name: environment_variable.value
+        for environment_variable in iter(self._environment_variables.values())}
 
   def GetUsernameByIdentifier(self, identifier):
     """Retrieves the username based on an identifier.
@@ -230,6 +244,16 @@ def SetDefaultTimezone(self, timezone):
     # TODO: check if value is sane.
     self._default_timezone = timezone
 
+  def SetEnvironmentVariable(self, enviroment_variable):
+    """Sets an environment variable.
+
+    Args:
+      enviroment_variable (ArtifactAttributeContainer): environment variable
+          artifact.
+    """
+    name = enviroment_variable.name.upper()
+    self._environment_variables[name] = enviroment_variable
+
   def SetValue(self, identifier, value):
     """Sets a value by identifier.
 

plaso/preprocessors/interface.py

@@ -6,6 +6,7 @@
 
 from dfvfs.helpers import file_system_searcher
 
+from plaso.containers import artifacts
 from plaso.lib import definitions
 from plaso.lib import errors
 
@@ -61,13 +62,12 @@ def _FindFileEntry(self, searcher, path):
     """Searches for a file entry that matches the path.
 
     Args:
-      searcher: The file system searcher object (instance of
-                dfvfs.FileSystemSearcher).
-      path: The location of the file entry relative to the file system
-            of the searcher.
+      searcher (dfvfs.FileSystemSearcher): file system searcher.
+      path (str): location of the file entry relative to the file system
+          of the searcher.
 
     Returns:
-      The file entry if successful or None otherwise.
+      dfvfs.FileEntry: file entry if successful or None otherwise.
 
     Raises:
       errors.PreProcessFail: if the file entry cannot be found or opened.
@@ -88,13 +88,12 @@ def _FindPathSpecs(self, searcher, path):
     """Searches for path specifications that matches the path.
 
     Args:
-      searcher: The file system searcher object (instance of
-                dfvfs.FileSystemSearcher).
-      path: The location of the file entry relative to the file system
-            of the searcher.
+      searcher (dfvfs.FileSystemSearcher): file system searcher.
+      path (str): location of the file entry relative to the file system
+          of the searcher.
 
     Returns:
-      A list of path specifcations.
+      list[dfvfs.PathSpec]: path specifcations.
     """
     find_spec = file_system_searcher.FindSpec(
         location_regex=path, case_sensitive=False)
@@ -105,14 +104,12 @@ def GetValue(self, searcher, knowledge_base):
     """Retrieves the attribute value.
 
     Args:
-      searcher: The file system searcher object (instance of
-                dfvfs.FileSystemSearcher).
-      knowledge_base: A knowledge base object (instance of KnowledgeBase),
-                      which contains information from the source data needed
-                      for parsing.
+      searcher (dfvfs.FileSystemSearcher): file system searcher.
+      knowledge_base (KnowledgeBase): knowledge base, which contains
+          information from the source data needed for parsing.
 
     Returns:
-      The attribute value.
+      object: preprocess attribute value or None.
     """
 
   def Run(self, searcher, knowledge_base):
@@ -121,17 +118,20 @@ def Run(self, searcher, knowledge_base):
     The resulting preprocessing attribute value is stored in the knowledge base.
 
     Args:
-      searcher: The file system searcher object (instance of
-                dfvfs.FileSystemSearcher).
-      knowledge_base: A knowledge base object (instance of KnowledgeBase),
-                      which contains information from the source data needed
-                      for parsing.
+      searcher (dfvfs.FileSystemSearcher): file system searcher.
+      knowledge_base (KnowledgeBase): knowledge base, which contains
+          information from the source data needed for parsing.
     """
     value = self.GetValue(searcher, knowledge_base)
-    knowledge_base.SetValue(self.ATTRIBUTE, value)
-    value = knowledge_base.GetValue(self.ATTRIBUTE, default_value=u'N/A')
-    logging.info(u'[PreProcess] Set attribute: {0:s} to {1:s}'.format(
-        self.ATTRIBUTE, value))
+
+    if isinstance(value, artifacts.EnvironmentVariableArtifact):
+      knowledge_base.SetEnvironmentVariable(value)
+
+    else:
+      knowledge_base.SetValue(self.ATTRIBUTE, value)
+      value = knowledge_base.GetValue(self.ATTRIBUTE, default_value=u'N/A')
+      logging.info(u'[PreProcess] Set attribute: {0:s} to {1:s}'.format(
+          self.ATTRIBUTE, value))
 
 
 class PathPreprocessPlugin(PreprocessPlugin):
@@ -143,14 +143,12 @@ def GetValue(self, searcher, unused_knowledge_base):
     """Returns the path as found by the searcher.
 
     Args:
-      searcher: The file system searcher object (instance of
-                dfvfs.FileSystemSearcher).
-      knowledge_base: A knowledge base object (instance of KnowledgeBase),
-                      which contains information from the source data needed
-                      for parsing.
+      searcher (dfvfs.FileSystemSearcher): file system searcher.
+      knowledge_base (KnowledgeBase): knowledge base, which contains
+          information from the source data needed for parsing.
 
     Returns:
-      The first path location string.
+      str: first path location string that is found.
 
     Raises:
       PreProcessFail: if the path could not be found.
@@ -178,11 +176,10 @@ def GuessOS(searcher):
   * Windows
 
   Args:
-    searcher: The file system searcher object (instance of
-              dfvfs.FileSystemSearcher).
+    searcher (dfvfs.FileSystemSearcher): file system searcher.
 
   Returns:
-     A string indicating which OS we are dealing with.
+    str: OS we are dealing with.
   """
   find_specs = [
       file_system_searcher.FindSpec(

plaso/preprocessors/manager.py

@@ -19,16 +19,10 @@ def __init__(self, file_system, mount_point, path_attributes=None):
     """Initializes a Windows Registry file reader object.
 
     Args:
-      file_system: the file system object (instance of vfs.FileSystem).
-      mount_point: the mount point path specification (instance of
-                   path.PathSpec).
-      path_attributes: optional dictionary of path attributes. The path
-                       attributes correspond to environment variable names
-                       that can be used in the Windows paths. E.g. the
-                       systemroot path attribute corresponds to the
-                       %SystemRoot% environment variable. At moment only
-                       the systemroot and userprofile path attributes are
-                       supported.
+      file_system (dfvfs.FileSytem): file system.
+      mount_point (dfvfs.PathSpec): mount point path specification.
+      path_attributes (Optional[dict[str, str]]): path attributes e.g.
+          {'SystemRoot': '\\Windows'}
     """
     super(FileSystemWinRegistryFileReader, self).__init__()
     self._file_system = file_system
@@ -47,20 +41,20 @@ def __init__(self, file_system, mount_point, path_attributes=None):
           self._path_resolver.SetEnvironmentVariable(
               u'UserProfile', attribute_value)
 
-  def _OpenPathSpec(self, path_spec, ascii_codepage=u'cp1252'):
+  def _OpenPathSpec(self, path_specification, ascii_codepage=u'cp1252'):
     """Opens the Windows Registry file specified by the path specification.
 
     Args:
-      path_spec: a path specfication (instance of dfvfs.PathSpec).
-      ascii_codepage: optional ASCII string codepage.
+      path_specification (dfvfs.PathSpec): path specfication.
+      ascii_codepage (Optional[str]): ASCII string codepage.
 
     Returns:
-      The Windows Registry file (instance of WinRegistryFile) or None.
+      WinRegistryFile: Windows Registry file or None.
     """
-    if not path_spec:
+    if not path_specification:
       return
 
-    file_entry = self._file_system.GetFileEntryByPathSpec(path_spec)
+    file_entry = self._file_system.GetFileEntryByPathSpec(path_specification)
     if file_entry is None:
       return
 
@@ -86,17 +80,17 @@ def Open(self, path, ascii_codepage=u'cp1252'):
     """Opens the Windows Registry file specified by the path.
 
     Args:
-      path: string containing the path of the Windows Registry file.
-      ascii_codepage: optional ASCII string codepage.
+      path (str): path of the Windows Registry file.
+      ascii_codepage (Optional[str]): ASCII string codepage.
 
     Returns:
-      The Windows Registry file (instance of WinRegistryFile) or None.
+      WinRegistryFile: Windows Registry file or None.
     """
-    path_spec = self._path_resolver.ResolvePath(path)
-    if path_spec is None:
+    path_specification = self._path_resolver.ResolvePath(path)
+    if path_specification is None:
       return
 
-    return self._OpenPathSpec(path_spec)
+    return self._OpenPathSpec(path_specification)
 
 
 class PreprocessPluginsManager(object):