Use the tool

Installation

The first step is to install the tool. Follow the instructions here

Preparation

Once the tool is installed you’ll need to first fetch the source of whatever project you are adding code to, eg. Plaso. The way log2timeline development is done is that you need to first create a fork of the main project into your own account, clone your fork and then work from that one. Here is an example of fetching and syncing your personal fork:

$ git clone https://github.com/kiddinn/plaso.git
$ cd plaso
$ git remote add upstream https://github.com/log2timeline/plaso.git
$ git pull --rebase upstream master
$ git push

Once this is ready you can start using the l2t_scaffolder tool.

Using the Tool

The tool will guide you through its use, the parameters are fairly simple:

l2t_scaffolder.py [DEFINITION]

Where definition is an optional parameter of the name of the project, eg. plaso, timesketch, etc.

The simplest way to run the tool is to run it without any parameters and then follow the questions asked.

$ l2t_scaffolder.py
   == Starting the scaffolder ==
Gathering all required information.

Available definitions:
  [0] plaso
  [1] timesketch
Definition choice: 0
plaso chosen.

Path to the project root: plaso
Path [plaso] set as the project path.

Name of the module to be generated. This can be something like "foobar sqlite"
or "event analytics".

This will be used for class name generation and file name prefixes.
Module Name:
...

After that it is a simple manner of following the instructions given by the tool.

Some notes:

  • Name of the module”: this is used to create both the name of the class as well as filenames of the generated files, so if you choose something like: “New Awesome Parser” you’ll end up with a parser/plugin file with the name of new_awesome_parser.py and a class name on the lines of NewAwesomeParserParser (depending on the scaffolder some text may be appended to the class name).
  • Each scaffolder will determine what questions need to be asked in order to successfully generate files, some may ask more than others, eg. the SQLite plugin will ask for SQL commands, and names of functions. That will be used to generate the skeleton of the code.
  • Once the tool has collected all answers to questions it will generate the required files, what it will do is:
    • Create a feature branch inside the git repository
    • Generate all the necessary files
    • Add those files to the git client

Once the tool completes it’s run, you can go to the git repo of the project you just generated the files and start completing them. The tool uses a template, often filled with TODOs or missing parts that need to be completed before the plugin/parser is ready for use. However it should get you started by generating all the necessary files as well as filling out the boiler plate code that is often needed.