1. Advisor
  2. artifacts
  3. functions
  4. artifacts.source_type.SourceType
View all artifacts analysis

How to use the artifacts.source_type.SourceType function in artifacts

To help you get started, we’ve selected a few artifacts examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github ForensicArtifacts / artifacts / artifacts / source_type.py View on Github external
WindowsRegistryKeySourceType.ValidateKey(pair['key'])

    super(WindowsRegistryValueSourceType, self).__init__()
    self.key_value_pairs = key_value_pairs

  def AsDict(self):
    """Represents a source type as a dictionary.

    Returns:
      dict[str, str]: source type attributes.
    """
    return {'key_value_pairs': self.key_value_pairs}


class WMIQuerySourceType(SourceType):
  """WMI query source type.

  Attributes:
    base_object (str): WMI base object.
    query (str): WMI query.
  """

  TYPE_INDICATOR = definitions.TYPE_INDICATOR_WMI_QUERY

  def __init__(self, base_object=None, query=None):
    """Initializes a source type.

    Args:
      base_object (Optional[str]): WMI base object.
      query (Optional[str]): WMI query.
github ForensicArtifacts / artifacts / artifacts / source_type.py View on Github external
def __init__(self):
    """Initializes an artifact definition source type.

    Raises:
      FormatError: if the indicator is not defined.
    """
    super(SourceType, self).__init__()

    if not self.TYPE_INDICATOR:
      raise errors.FormatError('Missing type indicator.')
github ForensicArtifacts / artifacts / artifacts / source_type.py View on Github external
"""
    for prefix in cls.VALID_PREFIXES:
      if key_path.startswith(prefix):
        return

    # TODO: move check to validator.
    if key_path.startswith('HKEY_CURRENT_USER\\'):
      raise errors.FormatError(
          'HKEY_CURRENT_USER\\ is not supported instead use: '
          'HKEY_USERS\\%%users.sid%%\\')

    raise errors.FormatError(
        'Unupported Registry key path: {0:s}'.format(key_path))


class WindowsRegistryValueSourceType(SourceType):
  """Windows Registry value source type."""

  TYPE_INDICATOR = definitions.TYPE_INDICATOR_WINDOWS_REGISTRY_VALUE

  def __init__(self, key_value_pairs=None):
    """Initializes a source type.

    Args:
      key_value_pairs (Optional[list[tuple[str, str]]]): key path and value
          name pairs, where key paths are relative to the root of the Windows
          Registry.

    Raises:
      FormatError: when key value pairs is not set.
    """
    if not key_value_pairs:
github ForensicArtifacts / artifacts / artifacts / source_type.py View on Github external
if not names:
      raise errors.FormatError('Missing names value.')

    super(ArtifactGroupSourceType, self).__init__()
    self.names = names

  def AsDict(self):
    """Represents a source type as a dictionary.

    Returns:
      dict[str, str]: source type attributes.
    """
    return {'names': self.names}


class CommandSourceType(SourceType):
  """Command source type."""

  TYPE_INDICATOR = definitions.TYPE_INDICATOR_COMMAND

  def __init__(self, args=None, cmd=None):
    """Initializes a source type.

    Args:
      args (list[str]): arguments to the command to run.
      cmd (str): command to run.

    Raises:
      FormatError: when args or cmd is not set.
    """
    if args is None or cmd is None:
      raise errors.FormatError('Missing args or cmd value.')
github ForensicArtifacts / artifacts / artifacts / source_type.py View on Github external
raise errors.FormatError('Missing args or cmd value.')

    super(CommandSourceType, self).__init__()
    self.args = args
    self.cmd = cmd

  def AsDict(self):
    """Represents a source type as a dictionary.

    Returns:
      dict[str, str]: source type attributes.
    """
    return {'cmd': self.cmd, 'args': self.args}


class DirectorySourceType(SourceType):
  """Directory source type."""

  TYPE_INDICATOR = definitions.TYPE_INDICATOR_DIRECTORY

  def __init__(self, paths=None, separator='/'):
    """Initializes a source type.

    Args:
      paths (Optional[str]): paths relative to the root of the file system.
      separator (Optional[str]): path segment separator.

    Raises:
      FormatError: when paths is not set or not a list type.
    """
    if not paths:
      raise errors.FormatError('Missing paths value.')
github ForensicArtifacts / artifacts / artifacts / source_type.py View on Github external
  @property
  def type_indicator(self):
    """str: type indicator."""
    return self.TYPE_INDICATOR

  @abc.abstractmethod
  def AsDict(self):
    """Represents a source type as a dictionary.

    Returns:
      dict[str, str]: source type attributes.
    """


class ArtifactGroupSourceType(SourceType):
  """Artifact group source type."""

  TYPE_INDICATOR = definitions.TYPE_INDICATOR_ARTIFACT_GROUP

  def __init__(self, names=None):
    """Initializes a source type.

    Args:
      names (Optional[str]): artifact definition names.

    Raises:
      FormatError: when artifact names is not set.
    """
    if not names:
      raise errors.FormatError('Missing names value.')
github ForensicArtifacts / artifacts / artifacts / source_type.py View on Github external
self.separator = separator

  def AsDict(self):
    """Represents a source type as a dictionary.

    Returns:
      dict[str, str]: source type attributes.
    """
    source_type_attributes = {'paths': self.paths}
    if self.separator != '/':
      source_type_attributes['separator'] = self.separator

    return source_type_attributes


class FileSourceType(SourceType):
  """File source type."""

  TYPE_INDICATOR = definitions.TYPE_INDICATOR_FILE

  def __init__(self, paths=None, separator='/'):
    """Initializes a source type.

    Args:
      paths (Optional[str]): paths relative to the root of the file system.
      separator (Optional[str]): path segment separator.

    Raises:
      FormatError: when paths is not set or not a list type.
    """
    if not paths:
      raise errors.FormatError('Missing paths value.')
github ForensicArtifacts / artifacts / artifacts / source_type.py View on Github external
self.separator = separator

  def AsDict(self):
    """Represents a source type as a dictionary.

    Returns:
      dict[str, str]: source type attributes.
    """
    source_type_attributes = {'paths': self.paths}
    if self.separator != '/':
      source_type_attributes['separator'] = self.separator

    return source_type_attributes


class PathSourceType(SourceType):
  """Path source type."""

  TYPE_INDICATOR = definitions.TYPE_INDICATOR_PATH

  def __init__(self, paths=None, separator='/'):
    """Initializes a source type.

    Args:
      paths (Optional[str]): paths relative to the root of the file system.
      separator (Optional[str]): path segment separator.

    Raises:
      FormatError: when paths is not set or not a list type.
    """
    if not paths:
      raise errors.FormatError('Missing paths value.')
github ForensicArtifacts / artifacts / artifacts / source_type.py View on Github external
self.separator = separator

  def AsDict(self):
    """Represents a source type as a dictionary.

    Returns:
      dict[str, str]: source type attributes.
    """
    source_type_attributes = {'paths': self.paths}
    if self.separator != '/':
      source_type_attributes['separator'] = self.separator

    return source_type_attributes


class WindowsRegistryKeySourceType(SourceType):
  """Windows Registry key source type."""

  TYPE_INDICATOR = definitions.TYPE_INDICATOR_WINDOWS_REGISTRY_KEY

  VALID_PREFIXES = [
      r'HKEY_LOCAL_MACHINE',
      r'HKEY_USERS',
      r'HKEY_CLASSES_ROOT',
      r'%%current_control_set%%',
  ]

  def __init__(self, keys=None):
    """Initializes a source type.

    Args:
      keys (Optional[list[str]]): key paths relative to the root of

artifacts

ForensicArtifacts.com Artifact Repository.

GitHub
Apache-2.0
Latest version published 4 days ago

Package Health Score

81 / 100
Full package analysis

Popular artifacts functions

Similar packages