How to use the plaso.lib.errors.UnableToParseFile function in plaso
To help you get started, we’ve selected a few plaso examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
log2timeline / plaso / tests / parsers / cups_ipp.py View on Github 
parser._ParseHeader(parser_mediator, file_object)
# Test with header data too small.
file_object = io.BytesIO(header_data[:-1])
with self.assertRaises(errors.UnableToParseFile):
parser._ParseHeader(parser_mediator, file_object)
# Test with unsupported format version.
header = header_map.CreateStructureValues(
major_version=99, minor_version=1, operation_identifier=5,
request_identifier=0)
header_data = header_map.FoldByteStream(header)
file_object = io.BytesIO(header_data)
with self.assertRaises(errors.UnableToParseFile):
parser._ParseHeader(parser_mediator, file_object)
# Test with unsupported operation identifier.
header = header_map.CreateStructureValues(
major_version=1, minor_version=1, operation_identifier=99,
request_identifier=0)
header_data = header_map.FoldByteStream(header)
file_object = io.BytesIO(header_data)
parser._ParseHeader(parser_mediator, file_object)def testParseInvalidCache2Entry(self):
"""Test file with valid filename and invalid content."""
parser = firefox_cache.FirefoxCache2Parser()
path_segments = [
'firefox_cache', 'cache2',
'C966EB70794E44E7E3E8A260106D0C72439AF65B']
with self.assertRaises(errors.UnableToParseFile):
self._ParseFile(path_segments, parser)Raises:
UnableToParseFile: when the file cannot be parsed.
"""
file_header_map = self._GetDataTypeMap('asl_file_header')
try:
file_header, _ = self._ReadStructureFromFileObject(
file_object, 0, file_header_map)
except (ValueError, errors.ParseError) as exception:
raise errors.UnableToParseFile(
'Unable to parse file header with error: {0!s}'.format(
exception))
if file_header.signature != self._FILE_SIGNATURE:
raise errors.UnableToParseFile('Invalid file signature.')
# TODO: generate event for creation time.
file_size = file_object.get_size()
if file_header.first_log_entry_offset > 0:
last_log_entry_offset = 0
file_offset = file_header.first_log_entry_offset
while file_offset < file_size:
last_log_entry_offset = file_offset
try:
file_offset = self._ParseRecord(
parser_mediator, file_object, file_offset)
except errors.ParseError as exception:file_object (dfvfs.FileIO): a file-like object.
Raises:
UnableToParseFile: when the file cannot be parsed.
"""
file_name = parser_mediator.GetDisplayName()
try:
fstream = hachoir_core.stream.InputIOStream(file_object, None, tags=[])
except hachoir_core.error.HachoirError as exception:
raise errors.UnableToParseFile(
'[{0:s}] unable to parse file {1:s}: {2:s}'.format(
self.NAME, file_name, exception))
if not fstream:
raise errors.UnableToParseFile(
'[{0:s}] unable to parse file {1:s}: {2:s}'.format(
self.NAME, file_name, 'Not fstream'))
try:
doc_parser = hachoir_parser.guessParser(fstream)
except hachoir_core.error.HachoirError as exception:
raise errors.UnableToParseFile(
'[{0:s}] unable to parse file {1:s}: {2:s}'.format(
self.NAME, file_name, exception))
if not doc_parser:
raise errors.UnableToParseFile(
'[{0:s}] unable to parse file {1:s}: {2:s}'.format(
self.NAME, file_name, 'Not parser'))
try:if not doc_parser:
raise errors.UnableToParseFile(
'[{0:s}] unable to parse file {1:s}: {2:s}'.format(
self.NAME, file_name, 'Not parser'))
try:
metadata = hachoir_metadata.extractMetadata(doc_parser)
except (AssertionError, AttributeError) as exception:
raise errors.UnableToParseFile(
'[{0:s}] unable to parse file {1:s}: {2:s}'.format(
self.NAME, file_name, exception))
try:
metatext = metadata.exportPlaintext(human=False)
except AttributeError as exception:
raise errors.UnableToParseFile(
'[{0:s}] unable to parse file {1:s}: {2:s}'.format(
self.NAME, file_name, exception))
if not metatext:
raise errors.UnableToParseFile(
'[{0:s}] unable to parse file {1:s}: No metadata'.format(
self.NAME, file_name))
attributes = {}
extracted_events = []
for meta in metatext:
if not meta.startswith('-'):
continue
if len(meta) < 3:
continueparser_mediator (ParserMediator): mediates interactions between parsers
and other components, such as storage and dfvfs.
file_object (dfvfs.FileIO): file-like object.
Raises:
UnableToParseFile: when the file cannot be parsed.
"""
file_size = file_object.get_size()
file_header_map = self._GetDataTypeMap('rp_log_file_header')
try:
file_header, _ = self._ReadStructureFromFileObject(
file_object, 0, file_header_map)
except (ValueError, errors.ParseError) as exception:
raise errors.UnableToParseFile(
'Unable to parse file header with error: {0!s}'.format(
exception))
file_footer_map = self._GetDataTypeMap('rp_log_file_footer')
file_footer_offset = file_size - file_footer_map.GetByteSize()
try:
file_footer, _ = self._ReadStructureFromFileObject(
file_object, file_footer_offset, file_footer_map)
except (ValueError, errors.ParseError) as exception:
parser_mediator.ProduceExtractionWarning(
'unable to parse file footer with error: {0!s}'.format(exception))
return
# The description in the file header includes the end-of-string characterArgs:
parser_mediator (ParserMediator): mediates interactions between parsers
and other components, such as storage and dfvfs.
file_object (dfvfs.FileIO): a file-like object.
Raises:
UnableToParseFile: when the file is not a valid container config file.
"""
file_content = file_object.read()
file_content = codecs.decode(file_content, self._ENCODING)
json_dict = json.loads(file_content)
if 'Driver' not in json_dict:
raise errors.UnableToParseFile(
'not a valid Docker container configuration file, ' 'missing '
'\'Driver\' key.')
container_id_from_path = self._GetIdentifierFromPath(parser_mediator)
container_id_from_json = json_dict.get('ID', None)
if not container_id_from_json:
raise errors.UnableToParseFile(
'not a valid Docker layer configuration file, the \'ID\' key is '
'missing from the JSON dict (should be {0:s})'.format(
container_id_from_path))
if container_id_from_json != container_id_from_path:
raise errors.UnableToParseFile(
'not a valid Docker container configuration file. The \'ID\' key of '
'the JSON dict ({0:s}) is different from the layer ID taken from the'
' path to the file ({1:s}) JSON file.)'.format(Args:
parser_mediator (ParserMediator): mediates interactions between parsers
and other components, such as storage and dfvfs.
file_object (dfvfs.FileIO): a file-like object.
Raises:
UnableToParseFile: when the file is not a valid layer config file.
"""
file_content = file_object.read()
file_content = codecs.decode(file_content, self._ENCODING)
json_dict = json.loads(file_content)
if 'docker_version' not in json_dict:
raise errors.UnableToParseFile(
'not a valid Docker layer configuration file, missing '
'\'docker_version\' key.')
if 'created' in json_dict:
layer_creation_command_array = [
x.strip() for x in json_dict['container_config']['Cmd']]
layer_creation_command = ' '.join(layer_creation_command_array).replace(
'\t', '')
event_data = DockerJSONLayerEventData()
event_data.command = layer_creation_command
event_data.layer_id = self._GetIdentifierFromPath(parser_mediator)
timestamp = timelib.Timestamp.FromTimeString(json_dict['created'])
event = time_events.TimestampEvent(
timestamp, definitions.TIME_DESCRIPTION_ADDED)Raises:
UnableToParseFile: when the file cannot be parsed.
"""
# TODO: self._line_structures is a work-around and this needs
# a structural fix.
if not self._line_structures:
raise errors.UnableToParseFile(
'Line structure undeclared, unable to proceed.')
encoding = self._ENCODING or parser_mediator.codepage
text_file_object = text_file.TextFile(file_object, encoding=encoding)
try:
line = self._ReadLine(text_file_object, max_len=self.MAX_LINE_LENGTH)
except UnicodeDecodeError:
raise errors.UnableToParseFile(
'Not a text file or encoding not supported.')
if not line:
raise errors.UnableToParseFile('Not a text file.')
if len(line) == self.MAX_LINE_LENGTH or len(
line) == self.MAX_LINE_LENGTH - 1:
logger.debug((
'Trying to read a line and reached the maximum allowed length of '
'{0:d}. The last few bytes of the line are: {1:s} [parser '
'{2:s}]').format(
self.MAX_LINE_LENGTH, repr(line[-10:]), self.NAME))
if not self._IsText(line):
raise errors.UnableToParseFile('Not a text file, unable to proceed.')
UnableToParseFile: when the file cannot be parsed.
"""
# We may have to rely on filenames since this header is very generic.
# TODO: Rethink this and potentially make a better test.
filename = parser_mediator.GetFilename()
if not filename.startswith('$I'):
raise errors.UnableToParseFile('Filename must start with $I.')
file_header_map = self._GetDataTypeMap('recycle_bin_metadata_file_header')
try:
file_header, _ = self._ReadStructureFromFileObject(
file_object, 0, file_header_map)
except (ValueError, errors.ParseError) as exception:
raise errors.UnableToParseFile((
'Unable to parse Windows Recycle.Bin metadata file header with '
'error: {0!s}').format(exception))
if file_header.format_version not in self._SUPPORTED_FORMAT_VERSIONS:
raise errors.UnableToParseFile(
'Unsupported format version: {0:d}.'.format(
file_header.format_version))
if file_header.deletion_time == 0:
date_time = dfdatetime_semantic_time.SemanticTime('Not set')
else:
date_time = dfdatetime_filetime.Filetime(
timestamp=file_header.deletion_time)
event_data = WinRecycleBinEventData()
try:plaso
Plaso (log2timeline) - Super timeline all the things
Package Health Score
81 / 100Popular plaso functions
- plaso.containers.events
- plaso.containers.events.EventData
- plaso.containers.sessions.Session
- plaso.containers.time_events
- plaso.containers.time_events.DateTimeValuesEvent
- plaso.engine.knowledge_base.KnowledgeBase
- plaso.formatters.interface
- plaso.formatters.interface.ConditionalEventFormatter
- plaso.formatters.manager
- plaso.formatters.manager.FormattersManager
- plaso.formatters.manager.FormattersManager.RegisterFormatter
- plaso.lib.definitions
- plaso.lib.errors
- plaso.lib.errors.BadConfigObject
- plaso.lib.errors.BadConfigOption
- plaso.lib.errors.ParseError
- plaso.lib.errors.UnableToParseFile
- plaso.lib.py2to3
- plaso.lib.timelib.Timestamp.CopyFromString
- plaso.parsers.manager.ParsersManager.RegisterParser