l2tscaffolder.scaffolders package¶

Submodules¶

l2tscaffolder.scaffolders.interface module¶

The scaffolder interface classes.

class l2tscaffolder.scaffolders.interface.BaseQuestion(attribute: str, prompt: str)[source]¶

Bases: object

Scaffolder question.

attribute¶

the name of the attribute the question prompts for.

Type:	str

prompt¶

help string that is displayed before the question is asked.

Type:	str

TYPE = None¶

ValidateAnswer(answer: object)[source]¶

Validate an answer to a question.

Parameters:	answer (object) – the answer to the question asked.
Raises:	`errors.UnableToConfigure` – if the answer is invalid.

class l2tscaffolder.scaffolders.interface.DictQuestion(attribute, prompt, key_prompt, value_prompt)[source]¶

Bases: l2tscaffolder.scaffolders.interface.BaseQuestion

Scaffolder dict question.

attribute¶

the name of the attribute the question prompts for.

Type:	str

prompt¶

help string that is displayed before the question is asked.

Type:	str

key_prompt¶

the help string that is displayed before asking for each key.

Type:	str

value_prompt¶

the help string that is displayed before asking for each value in the dict.

Type:	str

TYPE¶: alias of builtins.dict

class l2tscaffolder.scaffolders.interface.IntQuestion(attribute: str, prompt: str)[source]¶

Bases: l2tscaffolder.scaffolders.interface.BaseQuestion

Scaffolder integer question.

TYPE¶: alias of builtins.int

class l2tscaffolder.scaffolders.interface.ListQuestion(attribute: str, prompt: str)[source]¶

Bases: l2tscaffolder.scaffolders.interface.BaseQuestion

Scaffolder list question.

TYPE¶: alias of builtins.list

class l2tscaffolder.scaffolders.interface.Scaffolder[source]¶

Bases: object

The scaffolder interface.

DESCRIPTION = ''¶

GenerateFiles() → Iterator[Tuple[str, str]][source]¶

Generates files this scaffolder provides.

Yields:	list – file name and content of the file to be written to disk.

GetFilesToCopy() → Iterator[Tuple[str, str]][source]¶

Return a list of files that need to be copied.

If not overwritten this will return an emtpy iterator.

Yields:	tuple (str, str) – file name of source and destination.

GetInitFileChanges() → Iterator[Tuple[str, str]][source]¶

Generate a list of init files that need changing and the changes to them.

Yields:	tuple (str, str) – path to the init file and the entry to add to it.

GetJinjaContext() → Dict[str, object][source]¶

Returns a dict that can be used as a context for Jinja2 templates.

Returns:	containing: str: name of Jinja argument. object: Jinja argument value.
Return type:	dict

GetQuestions() → List[l2tscaffolder.scaffolders.interface.BaseQuestion][source]¶

Returns scaffolder questions.

Returns:	questions to prompt the user with.
Return type:	list[BaseQuestion]

NAME = 'base_parser'¶

PROJECT = 'plaso'¶

QUESTIONS = []¶

RaiseIfNotReady()[source]¶

Checks to see if all attributes are set to start generating files.

By default this function only checks to see if all attributes defined in questions and Jinja2 context have values and are not empty.

Raises:	`ScaffolderNotConfigured` – if the scaffolder is not fully configured.

SetAttribute(name: str, value: object, value_type: type)[source]¶

Stores an attribute read from the CLI.

Parameters:	name (str) – the attribute name. value (object) – the attribute value. value_type (type) – the attribute type.
Raises:	`ValueError` – if the value is not of the correct type. `KeyError` – If the attribute is not configured for this scaffolder.

SetOutputName(output_name: str)[source]¶

Sets the name of the output module.

This is the name of the generated output module this scaffolder implements.

Parameters:	output_name (str) – the name of the output that the scaffolder generates, whether that is an output module, plugin, parser, analyzer or something else.

class l2tscaffolder.scaffolders.interface.StringQuestion(attribute: str, prompt: str)[source]¶

Bases: l2tscaffolder.scaffolders.interface.BaseQuestion

Scaffolder string question.

TYPE¶: alias of builtins.str

l2tscaffolder.scaffolders.manager module¶

The scaffolder manager.

class l2tscaffolder.scaffolders.manager.ScaffolderManager[source]¶

Bases: object

The scaffolder manager.

classmethod DeregisterScaffolder(scaffolder_class: Type[l2tscaffolder.scaffolders.interface.Scaffolder])[source]¶

Deregisters a scaffolder class.

The scaffolder classes are identified based on their lower case name.

Parameters:	scaffolder_class (type) – scaffolder class (subclass of Scaffolder).
Raises:	`KeyError` – if scaffolder class is not set for the corresponding name.

classmethod GetScaffolderClasses() → Iterator[Type[l2tscaffolder.scaffolders.interface.Scaffolder]][source]¶: Generates a list of all registered scaffolder classes.

classmethod GetScaffolderInformation() → Iterator[Tuple[str, str]][source]¶

Retrieves the scaffolder information.

Yields:	tuple[str, str] – pairs of scaffolder names and descriptions.

classmethod GetScaffolderNames() → Iterator[str][source]¶

Retrieves the scaffolder names.

Yields:	str – scaffolder names.

classmethod GetScaffolderObjectByName(scaffolder_name) → Optional[l2tscaffolder.scaffolders.interface.Scaffolder][source]¶

Retrieves a specific scaffolder object by its name.

Parameters:	scaffolder_name (str) – name of the scaffolder.
Returns:	scaffolder object or None.
Return type:	Scaffolder

classmethod GetScaffolderObjects() → Dict[str, l2tscaffolder.scaffolders.interface.Scaffolder][source]¶

Retrieves the scaffolder objects.

Returns:	scaffolders per name.
Return type:	dict[str, Scaffolder]

classmethod GetScaffolderQuestionByName(scaffolder_name: str) → List[l2tscaffolder.scaffolders.interface.BaseQuestion][source]¶

Retrieve a list of questions asked by a scaffolder based on name.

Parameters:	scaffolder_name (str) – name of the scaffolder.
Returns:	a list with all the questions needed to setup the scaffolder. If scaffolder_name is not registered an empty list will be returned.
Return type:	list

classmethod GetScaffolderQuestions() → List[l2tscaffolder.scaffolders.interface.BaseQuestion][source]¶

Retrieves all the questions asked by scaffolders.

Returns:	questions asked by all scaffolders.
Return type:	list[interface.BaseQuestion]

classmethod GetScaffolders() → Iterator[Tuple[str, Type[l2tscaffolder.scaffolders.interface.Scaffolder]]][source]¶

Retrieves the registered scaffolders.

Retrieves a dictionary of all registered scaffolders.

Yields:

tuple – contains:

str: name of the scaffolder:
type: scaffolder class (subclass of Scaffolder).

classmethod RegisterScaffolder(scaffolder_class: Type[l2tscaffolder.scaffolders.interface.Scaffolder])[source]¶

Registers a scaffolder class.

The scaffolder classes are identified based on their lower case name.

Parameters:	scaffolder_class (type) – scaffolder class (subclass of Scaffolder).
Raises:	`KeyError` – if scaffolder class is already set for the corresponding name.

classmethod RegisterScaffolders(scaffolder_classes: List[Type[l2tscaffolder.scaffolders.interface.Scaffolder]])[source]¶

Registers scaffolder classes.

The scaffolder classes are identified based on their lower case name.

Parameters:	scaffolder_classes (list[type]) – scaffolders classes (subclasses of Scaffolder).
Raises:	`KeyError` – if scaffolder class is already set for the corresponding name.

l2tscaffolder.scaffolders.plaso module¶

Plaso scaffolder that generates plaso parser and plugins.

class l2tscaffolder.scaffolders.plaso.PlasoBaseScaffolder[source]¶

Bases: l2tscaffolder.scaffolders.interface.Scaffolder

The plaso base scaffolder interface.

class_name¶

class name of the plaso parser or plugin to be generated.

Type:	str

test_file¶

name of the file used for testing the parser or plugin.

Type:	str

test_file_path¶

path to the test file.

Type:	str

DESCRIPTION = 'This is a scaffolder for plaso parsers and/or plugins'¶

GenerateFiles() → Iterator[Tuple[str, str]][source]¶

Generates all the files required for a plaso parser or a plugin.

Yields:

list[tuple] –

containing:: str: file name. str: file content.

GetFilesToCopy() → Iterator[Tuple[str, str]][source]¶

Return a list of files that need to be copied.

Raises:

IOError – when the test file does not exist.

Yields:

tuple –

containing:: str: file name of source. str: file name of destination.

GetInitFileChanges() → Iterator[Tuple[str, str]][source]¶

Generate a list of init files that need changing and the changes to them.

Yields:	Tuple[str, str] – path to the init file and the entry to add to it.

GetJinjaContext() → Dict[str, object][source]¶

Returns a dict that can be used as a context for Jinja2 templates.

Returns:	containing: str: name of Jinja argument. object: Jinja argument value.
Return type:	dict

GetQuestions() → List[l2tscaffolder.scaffolders.interface.BaseQuestion][source]¶

Returns scaffolder questions as well as adding plaso related ones.

Returns:	questions to prompt the user with.
Return type:	list[interface.BaseQuestion]

NAME = 'plaso_base'¶

PROJECT = 'plaso'¶

QUESTIONS = []¶

RaiseIfNotReady()[source]¶

Checks to see if all attributes are set to start generating files.

Raises:	`ScaffolderNotConfigured` – if the scaffolder is not fully configured.

TEMPLATE_FORMATTER_FILE = 'generic__plaso_formatter.jinja2'¶

TEMPLATE_FORMATTER_TEST = 'generic_plaso_formatter_test.jinja2'¶

TEMPLATE_PARSER_FILE = 'generic_plaso_parser.jinja2'¶

TEMPLATE_PARSER_TEST = 'generic_plaso_parser_test.jinja2'¶

class l2tscaffolder.scaffolders.plaso.PlasoParserScaffolder[source]¶

Bases: l2tscaffolder.scaffolders.plaso.PlasoBaseScaffolder

Scaffolder for generating plaso parsers.

parser_name¶

name of the parser to be generated.

Type:	str

GetJinjaContext() → Dict[str, object][source]¶

Returns a dict that can be used as a context for Jinja2 templates.

Returns:	containing: str: name of Jinja argument. object: Jinja argument value.
Return type:	dict

class l2tscaffolder.scaffolders.plaso.PlasoPluginScaffolder[source]¶

Bases: l2tscaffolder.scaffolders.plaso.PlasoBaseScaffolder

Scaffolder for generating plaso plugins.

GetJinjaContext() → Dict[str, object][source]¶

Returns a dict that can be used as a context for Jinja2 templates.

Returns:	containing: str: name of Jinja argument. object: Jinja argument value.
Return type:	dict

class l2tscaffolder.scaffolders.plaso.TestFileQuestion(attribute: str, prompt: str)[source]¶

Bases: l2tscaffolder.scaffolders.interface.StringQuestion

Test file question.

ValidateAnswer(answer: str)[source]¶

Validates the answer to the test file question.

Parameters:	answer (str) – path to a test file.
Raises:	`errors.UnableToConfigure` – if the answer is invalid.

l2tscaffolder.scaffolders.plaso_sqlite module¶

The scaffolder interface classes.

class l2tscaffolder.scaffolders.plaso_sqlite.PlasoSQLiteScaffolder[source]¶

Bases: l2tscaffolder.scaffolders.plaso.PlasoPluginScaffolder

The plaso SQLite plugin scaffolder.

database_name¶

name of the test SQLite database for the plugin.

Type:	str

database_schema¶

a dict containing all table names (keys) and the SQL statement used to create the table (value), derived from the test database.

Type:	dict

data_types¶

a dict containing all the data types generated for the parser, the key is the name for each SQL statement run against the database and the value is the data type used for each generated event resulting from that SQL statement.

Type:	dict

queries¶

a dict containing query name and SQL statements or queries run against the database.

Type:	dict

query_columns¶

for each SQL statement run against the database, with the key being query name and value being a list of all SQL column names that are returned for each query.

Type:	dict

required_tables¶

a list of all required tables needed for the plugin to parse this particular database.

Type:	list

timestamp_columns¶

a dict containing a list of all columns with timestamp values, with query names as the key.

Type:	dict

DESCRIPTION = 'Provides a scaffolder to generate a plaso SQLite plugin.'¶

GenerateFiles() → Iterator[Tuple[str, str]][source]¶

Generates files required for the SQLite plugin.

Yields:	tuple – file name and content of the file to be written to disk.
Raises:	`errors.UnableToConfigure` – if it is not possible to generate the files.

GetJinjaContext() → Dict[str, object][source]¶

Returns a dict that can be used as a context for Jinja2 templates.

Returns:	containing: str: name of Jinja argument. object: Jinja argument value.
Return type:	dict

NAME = 'sqlite'¶

QUESTIONS = [<l2tscaffolder.scaffolders.plaso_sqlite.SQLQuestion object>, <l2tscaffolder.scaffolders.interface.ListQuestion object>]¶

SCHEMA_QUERY = 'SELECT tbl_name, sql FROM sqlite_master WHERE type = "table" AND tbl_name != "xp_proc" AND tbl_name != "sqlite_sequence"'¶

TEMPLATE_FORMATTER_FILE = 'sqlite_plugin_formatter.jinja2'¶

TEMPLATE_FORMATTER_TEST = 'sqlite_plugin_formatter_test.jinja2'¶

TEMPLATE_PARSER_FILE = 'sqlite_plugin.jinja2'¶

TEMPLATE_PARSER_TEST = 'sqlite_plugin_test.jinja2'¶

class l2tscaffolder.scaffolders.plaso_sqlite.SQLQuestion(attribute, prompt, key_prompt, value_prompt)[source]¶

Bases: l2tscaffolder.scaffolders.interface.DictQuestion

SQL Query question.

ValidateAnswer(answer: dict)[source]¶

Validates the answer to the SQL query question.

The answer should be a dict that has query names as key values and valid SQLite commands as values. This function attempts to verify that the SQL commands do not have syntax errors in them by attempting to run it against an empty SQLite database stored in memory.

The function also makes sure the key value confirms to the style guide of plaso, to be in the form of CamelCase, eg. BookmarkRow.

Parameters:	answer (dict) – the answer to the question asked.
Raises:	`errors.UnableToConfigure` – if the answer is invalid.

l2tscaffolder.scaffolders.timesketch module¶

Timesketch scaffolder that generates analyzer plugins.

class l2tscaffolder.scaffolders.timesketch.TimesketchBaseScaffolder[source]¶

Bases: l2tscaffolder.scaffolders.interface.Scaffolder

The Timesketch base scaffolder interface.

class_name¶

class name of the Timesketch analyzer to be generated.

Type:	str

DESCRIPTION = 'This is a scaffolder for Timesketch analyzers'¶

GenerateFiles() → Iterator[Tuple[str, str]][source]¶

Generates all the files required for a Timesketch analyzer plugin.

Yields:

list[tuple] –

containing:: str: file name. str: file content.

GetInitFileChanges() → Iterator[Tuple[str, str]][source]¶

Generate a list of init files that need changing and the changes to them.

Yields:	Tuple[str, str] – path to the init file and the entry to add to it.

GetJinjaContext() → Dict[str, object][source]¶

Returns a dict that can be used as a context for Jinja2 templates.

Returns:	containing: str: name of Jinja argument. object: Jinja argument value.
Return type:	dict

NAME = 'timesketch_base'¶

PROJECT = 'timesketch'¶

QUESTIONS = []¶

TEMPLATE_PLUGIN_FILE = ''¶

TEMPLATE_PLUGIN_TEST = ''¶

l2tscaffolder.scaffolders.timesketch_index module¶

Timesketch index analyzer scaffolder.

class l2tscaffolder.scaffolders.timesketch_index.TimesketchIndexScaffolder[source]¶

Bases: l2tscaffolder.scaffolders.timesketch.TimesketchBaseScaffolder

The Timesketch index analyzer plugin scaffolder.

DESCRIPTION = 'Provides a scaffolder to generate a Timesketch index analyzer plugin.'¶

NAME = 'index_analyzer'¶

TEMPLATE_PLUGIN_FILE = 'ts_index_analyzer.jinja2'¶

TEMPLATE_PLUGIN_TEST = 'ts_index_analyzer_test.jinja2'¶

l2tscaffolder.scaffolders.timesketch_sketch module¶

Timesketch sketch analyzer scaffolder.

class l2tscaffolder.scaffolders.timesketch_sketch.TimesketchSketchScaffolder[source]¶

Bases: l2tscaffolder.scaffolders.timesketch.TimesketchBaseScaffolder

The Timesketch sketch analyzer plugin scaffolder.

DESCRIPTION = 'Provides a scaffolder to generate a Timesketch sketch analyzer plugin.'¶

NAME = 'sketch_analyzer'¶

TEMPLATE_PLUGIN_FILE = 'ts_sketch_analyzer.jinja2'¶

TEMPLATE_PLUGIN_TEST = 'ts_sketch_analyzer_test.jinja2'¶

l2tscaffolder.scaffolders.turbinia module¶

Turbinia component scaffolder.

class l2tscaffolder.scaffolders.turbinia.TurbiniaJobTaskScaffolder[source]¶

Bases: l2tscaffolder.scaffolders.interface.Scaffolder

The Turbinia base scaffolder interface.

class_name¶

class name of the Turbinia job and task to be generated.

Type:	str

DESCRIPTION = 'Provides a scaffolder to generate a Turbinia job and task plugins.'¶

GenerateFiles() → Iterator[Tuple[str, str]][source]¶

Generates all the files required for a Turbinia component.

Yields:

list[tuple] –

containing:: str: file name. str: file content.

GetInitFileChanges() → Iterator[Tuple[str, str]][source]¶

Generate a list of init files that need changing and the changes to them.

Yields:	Tuple[str, str] – path to the init file and the entry to add to it.

GetJinjaContext() → Dict[str, object][source]¶

Returns a dict that can be used as a context for Jinja2 templates.

Returns:	containing: str: name of Jinja argument. object: Jinja argument value.
Return type:	dict

NAME = 'turbinia_job_and_task'¶

PROJECT = 'turbinia'¶

TEMPLATE_JOB_FILE = 'turbinia_job.jinja2'¶

TEMPLATE_TASK_FILE = 'turbinia_task.jinja2'¶

Module contents¶

This file imports Python modules that registers scaffolders.