How to use the plaso.lib.errors.UnableToParseFile function in plaso

To help you get started, we’ve selected a few plaso examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github log2timeline / plaso / tests / parsers / cups_ipp.py View on Github external
parser._ParseHeader(parser_mediator, file_object)

    # Test with header data too small.
    file_object = io.BytesIO(header_data[:-1])

    with self.assertRaises(errors.UnableToParseFile):
      parser._ParseHeader(parser_mediator, file_object)

    # Test with unsupported format version.
    header = header_map.CreateStructureValues(
        major_version=99, minor_version=1, operation_identifier=5,
        request_identifier=0)
    header_data = header_map.FoldByteStream(header)
    file_object = io.BytesIO(header_data)

    with self.assertRaises(errors.UnableToParseFile):
      parser._ParseHeader(parser_mediator, file_object)

    # Test with unsupported operation identifier.
    header = header_map.CreateStructureValues(
        major_version=1, minor_version=1, operation_identifier=99,
        request_identifier=0)
    header_data = header_map.FoldByteStream(header)
    file_object = io.BytesIO(header_data)

    parser._ParseHeader(parser_mediator, file_object)
github log2timeline / plaso / tests / parsers / firefox_cache.py View on Github external
def testParseInvalidCache2Entry(self):
    """Test file with valid filename and invalid content."""
    parser = firefox_cache.FirefoxCache2Parser()
    path_segments = [
        'firefox_cache', 'cache2',
        'C966EB70794E44E7E3E8A260106D0C72439AF65B']

    with self.assertRaises(errors.UnableToParseFile):
      self._ParseFile(path_segments, parser)
github log2timeline / plaso / plaso / parsers / asl.py View on Github external
Raises:
      UnableToParseFile: when the file cannot be parsed.
    """
    file_header_map = self._GetDataTypeMap('asl_file_header')

    try:
      file_header, _ = self._ReadStructureFromFileObject(
          file_object, 0, file_header_map)
    except (ValueError, errors.ParseError) as exception:
      raise errors.UnableToParseFile(
          'Unable to parse file header with error: {0!s}'.format(
              exception))

    if file_header.signature != self._FILE_SIGNATURE:
      raise errors.UnableToParseFile('Invalid file signature.')

    # TODO: generate event for creation time.

    file_size = file_object.get_size()

    if file_header.first_log_entry_offset > 0:
      last_log_entry_offset = 0
      file_offset = file_header.first_log_entry_offset

      while file_offset < file_size:
        last_log_entry_offset = file_offset

        try:
          file_offset = self._ParseRecord(
              parser_mediator, file_object, file_offset)
        except errors.ParseError as exception:
github log2timeline / plaso / plaso / parsers / hachoir.py View on Github external
file_object (dfvfs.FileIO): a file-like object.

    Raises:
      UnableToParseFile: when the file cannot be parsed.
    """
    file_name = parser_mediator.GetDisplayName()

    try:
      fstream = hachoir_core.stream.InputIOStream(file_object, None, tags=[])
    except hachoir_core.error.HachoirError as exception:
      raise errors.UnableToParseFile(
          '[{0:s}] unable to parse file {1:s}: {2:s}'.format(
              self.NAME, file_name, exception))

    if not fstream:
      raise errors.UnableToParseFile(
          '[{0:s}] unable to parse file {1:s}: {2:s}'.format(
              self.NAME, file_name, 'Not fstream'))

    try:
      doc_parser = hachoir_parser.guessParser(fstream)
    except hachoir_core.error.HachoirError as exception:
      raise errors.UnableToParseFile(
          '[{0:s}] unable to parse file {1:s}: {2:s}'.format(
              self.NAME, file_name, exception))

    if not doc_parser:
      raise errors.UnableToParseFile(
          '[{0:s}] unable to parse file {1:s}: {2:s}'.format(
              self.NAME, file_name, 'Not parser'))

    try:
github log2timeline / plaso / plaso / parsers / hachoir.py View on Github external
if not doc_parser:
      raise errors.UnableToParseFile(
          '[{0:s}] unable to parse file {1:s}: {2:s}'.format(
              self.NAME, file_name, 'Not parser'))

    try:
      metadata = hachoir_metadata.extractMetadata(doc_parser)
    except (AssertionError, AttributeError) as exception:
      raise errors.UnableToParseFile(
          '[{0:s}] unable to parse file {1:s}: {2:s}'.format(
              self.NAME, file_name, exception))

    try:
      metatext = metadata.exportPlaintext(human=False)
    except AttributeError as exception:
      raise errors.UnableToParseFile(
          '[{0:s}] unable to parse file {1:s}: {2:s}'.format(
              self.NAME, file_name, exception))

    if not metatext:
      raise errors.UnableToParseFile(
          '[{0:s}] unable to parse file {1:s}: No metadata'.format(
              self.NAME, file_name))

    attributes = {}
    extracted_events = []
    for meta in metatext:
      if not meta.startswith('-'):
        continue

      if len(meta) < 3:
        continue
github log2timeline / plaso / plaso / parsers / winrestore.py View on Github external
parser_mediator (ParserMediator): mediates interactions between parsers
          and other components, such as storage and dfvfs.
      file_object (dfvfs.FileIO): file-like object.

    Raises:
      UnableToParseFile: when the file cannot be parsed.
    """
    file_size = file_object.get_size()

    file_header_map = self._GetDataTypeMap('rp_log_file_header')

    try:
      file_header, _ = self._ReadStructureFromFileObject(
          file_object, 0, file_header_map)
    except (ValueError, errors.ParseError) as exception:
      raise errors.UnableToParseFile(
          'Unable to parse file header with error: {0!s}'.format(
              exception))

    file_footer_map = self._GetDataTypeMap('rp_log_file_footer')

    file_footer_offset = file_size - file_footer_map.GetByteSize()

    try:
      file_footer, _ = self._ReadStructureFromFileObject(
          file_object, file_footer_offset, file_footer_map)
    except (ValueError, errors.ParseError) as exception:
      parser_mediator.ProduceExtractionWarning(
          'unable to parse file footer with error: {0!s}'.format(exception))
      return

    # The description in the file header includes the end-of-string character
github log2timeline / plaso / plaso / parsers / docker.py View on Github external
Args:
      parser_mediator (ParserMediator): mediates interactions between parsers
          and other components, such as storage and dfvfs.
      file_object (dfvfs.FileIO): a file-like object.

    Raises:
      UnableToParseFile: when the file is not a valid container config file.
    """
    file_content = file_object.read()
    file_content = codecs.decode(file_content, self._ENCODING)

    json_dict = json.loads(file_content)

    if 'Driver' not in json_dict:
      raise errors.UnableToParseFile(
          'not a valid Docker container configuration file, ' 'missing '
          '\'Driver\' key.')

    container_id_from_path = self._GetIdentifierFromPath(parser_mediator)
    container_id_from_json = json_dict.get('ID', None)
    if not container_id_from_json:
      raise errors.UnableToParseFile(
          'not a valid Docker layer configuration file, the \'ID\' key is '
          'missing from the JSON dict (should be {0:s})'.format(
              container_id_from_path))

    if container_id_from_json != container_id_from_path:
      raise errors.UnableToParseFile(
          'not a valid Docker container configuration file. The \'ID\' key of '
          'the JSON dict ({0:s}) is different from the layer ID taken from the'
          ' path to the file ({1:s}) JSON file.)'.format(
github log2timeline / plaso / plaso / parsers / docker.py View on Github external
Args:
      parser_mediator (ParserMediator): mediates interactions between parsers
          and other components, such as storage and dfvfs.
      file_object (dfvfs.FileIO): a file-like object.

    Raises:
      UnableToParseFile: when the file is not a valid layer config file.
    """
    file_content = file_object.read()
    file_content = codecs.decode(file_content, self._ENCODING)

    json_dict = json.loads(file_content)

    if 'docker_version' not in json_dict:
      raise errors.UnableToParseFile(
          'not a valid Docker layer configuration file, missing '
          '\'docker_version\' key.')

    if 'created' in json_dict:
      layer_creation_command_array = [
          x.strip() for x in json_dict['container_config']['Cmd']]
      layer_creation_command = ' '.join(layer_creation_command_array).replace(
          '\t', '')

      event_data = DockerJSONLayerEventData()
      event_data.command = layer_creation_command
      event_data.layer_id = self._GetIdentifierFromPath(parser_mediator)

      timestamp = timelib.Timestamp.FromTimeString(json_dict['created'])
      event = time_events.TimestampEvent(
          timestamp, definitions.TIME_DESCRIPTION_ADDED)
github log2timeline / plaso / plaso / parsers / text_parser.py View on Github external
Raises:
      UnableToParseFile: when the file cannot be parsed.
    """
    # TODO: self._line_structures is a work-around and this needs
    # a structural fix.
    if not self._line_structures:
      raise errors.UnableToParseFile(
          'Line structure undeclared, unable to proceed.')

    encoding = self._ENCODING or parser_mediator.codepage
    text_file_object = text_file.TextFile(file_object, encoding=encoding)

    try:
      line = self._ReadLine(text_file_object, max_len=self.MAX_LINE_LENGTH)
    except UnicodeDecodeError:
      raise errors.UnableToParseFile(
          'Not a text file or encoding not supported.')

    if not line:
      raise errors.UnableToParseFile('Not a text file.')

    if len(line) == self.MAX_LINE_LENGTH or len(
        line) == self.MAX_LINE_LENGTH - 1:
      logger.debug((
          'Trying to read a line and reached the maximum allowed length of '
          '{0:d}. The last few bytes of the line are: {1:s} [parser '
          '{2:s}]').format(
              self.MAX_LINE_LENGTH, repr(line[-10:]), self.NAME))

    if not self._IsText(line):
      raise errors.UnableToParseFile('Not a text file, unable to proceed.')
github log2timeline / plaso / plaso / parsers / recycler.py View on Github external
UnableToParseFile: when the file cannot be parsed.
    """
    # We may have to rely on filenames since this header is very generic.

    # TODO: Rethink this and potentially make a better test.
    filename = parser_mediator.GetFilename()
    if not filename.startswith('$I'):
      raise errors.UnableToParseFile('Filename must start with $I.')

    file_header_map = self._GetDataTypeMap('recycle_bin_metadata_file_header')

    try:
      file_header, _ = self._ReadStructureFromFileObject(
          file_object, 0, file_header_map)
    except (ValueError, errors.ParseError) as exception:
      raise errors.UnableToParseFile((
          'Unable to parse Windows Recycle.Bin metadata file header with '
          'error: {0!s}').format(exception))

    if file_header.format_version not in self._SUPPORTED_FORMAT_VERSIONS:
      raise errors.UnableToParseFile(
          'Unsupported format version: {0:d}.'.format(
              file_header.format_version))

    if file_header.deletion_time == 0:
      date_time = dfdatetime_semantic_time.SemanticTime('Not set')
    else:
      date_time = dfdatetime_filetime.Filetime(
          timestamp=file_header.deletion_time)

    event_data = WinRecycleBinEventData()
    try: