Changes to log2timeline.py storage file option #510

log2timeline · May 15, 2021 · 4f9ce07 · 4f9ce07
1 parent bd99ca5
commit 4f9ce07
Show file tree

Hide file tree

Showing 12 changed files with 159 additions and 216 deletions.
diff --git a/plaso/cli/extraction_tool.py b/plaso/cli/extraction_tool.py
@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 """The extraction CLI tool."""
 
+import datetime
 import os
 import pytz
 
@@ -173,6 +174,36 @@ def _CreateProcessingConfiguration(self, knowledge_base):
 
     return configuration
 
+  def _GenerateStorageFileName(self):
+    """Generates a name for the storage file.
+
+    The result use a timestamp and the basename of the source path.
+
+    Returns:
+      str: a filename for the storage file in the form <time>-<source>.plaso
+
+    Raises:
+      BadConfigOption: raised if the source path is not set.
+    """
+    if not self._source_path:
+      raise errors.BadConfigOption('Please define a source (--source).')
+
+    timestamp = datetime.datetime.now()
+    datetime_string = timestamp.strftime('%Y%m%dT%H%M%S')
+
+    source_path = os.path.abspath(self._source_path)
+
+    if source_path.endswith(os.path.sep):
+      source_path = os.path.dirname(source_path)
+
+    source_name = os.path.basename(source_path)
+
+    if not source_name or source_name in ('/', '\\'):
+      # The user passed the filesystem's root as source
+      source_name = 'ROOT'
+
+    return '{0:s}-{1:s}.plaso'.format(datetime_string, source_name)
+
   def _IsArchiveFile(self, path_spec):
     """Determines if a path specification references an archive file.
 

diff --git a/plaso/cli/helpers/__init__.py b/plaso/cli/helpers/__init__.py
@@ -21,7 +21,6 @@
 from plaso.cli.helpers import process_resources
 from plaso.cli.helpers import sessionize_analysis
 from plaso.cli.helpers import status_view
-from plaso.cli.helpers import storage_file
 from plaso.cli.helpers import storage_format
 from plaso.cli.helpers import tagging_analysis
 from plaso.cli.helpers import temporary_directory

diff --git a/plaso/cli/helpers/storage_file.py b/plaso/cli/helpers/storage_file.py
diff --git a/plaso/cli/log2timeline_tool.py b/plaso/cli/log2timeline_tool.py
@@ -128,6 +128,28 @@ def _GetPluginData(self):
 
     return return_dict
 
+  def AddLegacyStorageOptions(self, argument_parser):
+    """Adds the legacy storage options to the argument group.
+
+    Args:
+      argument_parser (argparse.ArgumentParser): argparse argument parser.
+    """
+    argument_parser.add_argument(
+        'storage_file_legacy', metavar='PATH', nargs='?', type=str,
+        default=None, help='Path to a storage file.')
+
+  def AddStorageOptions(self, argument_group):
+    """Adds the storage options to the argument group.
+
+    Args:
+      argument_group (argparse._ArgumentGroup): argparse argument group.
+    """
+    argument_group.add_argument(
+        '--storage_file', '--storage-file', dest='storage_file', metavar='PATH',
+        type=str, default=None, help=(
+            'The path of the storage file. If not specified, one will be made '
+            'in the form <timestamp>-<source>.plaso'))
+
   def ParseArguments(self, arguments):
     """Parses the command line arguments.
 
@@ -145,8 +167,7 @@ def ParseArguments(self, arguments):
 
     self.AddBasicOptions(argument_parser)
 
-    helpers_manager.ArgumentHelperManager.AddCommandLineArguments(
-        argument_parser, names=['storage_file'])
+    self.AddLegacyStorageOptions(argument_parser)
 
     data_location_group = argument_parser.add_argument_group(
         'data location arguments')
@@ -240,15 +261,10 @@ def ParseArguments(self, arguments):
 
     # Properly prepare the attributes according to local encoding.
     if self.preferred_encoding == 'ascii':
-      logger.warning(
-          'The preferred encoding of your system is ASCII, which is not '
+      self._PrintUserWarning((
+          'the preferred encoding of your system is ASCII, which is not '
           'optimal for the typically non-ASCII characters that need to be '
-          'parsed and processed. The tool will most likely crash and die, '
-          'perhaps in a way that may not be recoverable. A five second delay '
-          'is introduced to give you time to cancel the runtime and '
-          'reconfigure your preferred encoding, otherwise continue at own '
-          'risk.')
-      time.sleep(5)
+          'parsed and processed. This will most likely result in an error.'))
 
     if self._process_archives:
       logger.warning(
@@ -317,18 +333,37 @@ def ParseOptions(self, options):
 
     argument_helper_names = [
         'artifact_definitions', 'artifact_filters', 'extraction',
-        'filter_file', 'status_view', 'storage_file', 'storage_format',
-        'text_prepend', 'yara_rules']
+        'filter_file', 'status_view', 'storage_format', 'text_prepend',
+        'yara_rules']
     helpers_manager.ArgumentHelperManager.ParseOptions(
         options, self, names=argument_helper_names)
 
     self._ParseLogFileOptions(options)
 
+    if (hasattr(options, 'storage_file_legacy') and
+        not getattr(options, self._SOURCE_OPTION, None)):
+      source_option = getattr(options, 'storage_file_legacy', None)
+      setattr(options, self._SOURCE_OPTION, source_option)
+      delattr(options, 'storage_file_legacy')
+
     self._ParseStorageMediaOptions(options)
 
     self._ParsePerformanceOptions(options)
     self._ParseProcessingOptions(options)
 
+    storage_file_legacy = self.ParseStringOption(options, 'storage_file_legacy')
+    if storage_file_legacy and self._source_path:
+      self._PrintUserWarning((
+          'the storage file option has been deprecated you can now safely '
+          'omit it or use "--storage_file" instead.'))
+
+    if storage_file_legacy:
+      self._storage_file_path = storage_file_legacy
+    else:
+      self._storage_file_path = self.ParseStringOption(options, 'storage_file')
+      if not self._storage_file_path:
+        self._storage_file_path = self._GenerateStorageFileName()
+
     if not self._storage_file_path:
       raise errors.BadConfigOption('Missing storage file option.')
 

diff --git a/plaso/cli/pinfo_tool.py b/plaso/cli/pinfo_tool.py
@@ -987,12 +987,11 @@ def ParseArguments(self, arguments):
         formatter_class=argparse.RawDescriptionHelpFormatter)
 
     self.AddBasicOptions(argument_parser)
+    self.AddStorageOptions(argument_parser)
 
-    argument_helper_names = ['storage_file']
     if self._CanEnforceProcessMemoryLimit():
-      argument_helper_names.append('process_resources')
-    helpers_manager.ArgumentHelperManager.AddCommandLineArguments(
-        argument_parser, names=argument_helper_names)
+      helpers_manager.ArgumentHelperManager.AddCommandLineArguments(
+          argument_parser, names=['process_resources'])
 
     argument_parser.add_argument(
         '--compare', dest='compare_storage_file', type=str,
@@ -1074,11 +1073,11 @@ def ParseOptions(self, options):
 
     self._output_filename = getattr(options, 'write', None)
 
-    argument_helper_names = ['process_resources', 'storage_file']
     helpers_manager.ArgumentHelperManager.ParseOptions(
-        options, self, names=argument_helper_names)
+        options, self, names=['process_resources'])
 
     # TODO: move check into _CheckStorageFile.
+    self._storage_file_path = self.ParseStringOption(options, 'storage_file')
     if not self._storage_file_path:
       raise errors.BadConfigOption('Missing storage file option.')
 

diff --git a/plaso/cli/psort_tool.py b/plaso/cli/psort_tool.py
@@ -4,7 +4,6 @@
 import argparse
 import collections
 import os
-import time
 
 from dfdatetime import posix_time as dfdatetime_posix_time
 
@@ -307,9 +306,7 @@ def ParseArguments(self, arguments):
         formatter_class=argparse.RawDescriptionHelpFormatter)
 
     self.AddBasicOptions(argument_parser)
-
-    helpers_manager.ArgumentHelperManager.AddCommandLineArguments(
-        argument_parser, names=['storage_file'])
+    self.AddStorageOptions(argument_parser)
 
     analysis_group = argument_parser.add_argument_group('Analysis Arguments')
 
@@ -374,15 +371,10 @@ def ParseArguments(self, arguments):
 
     # Properly prepare the attributes according to local encoding.
     if self.preferred_encoding == 'ascii':
-      logger.warning(
-          'The preferred encoding of your system is ASCII, which is not '
+      self._PrintUserWarning((
+          'the preferred encoding of your system is ASCII, which is not '
           'optimal for the typically non-ASCII characters that need to be '
-          'parsed and processed. The tool will most likely crash and die, '
-          'perhaps in a way that may not be recoverable. A five second delay '
-          'is introduced to give you time to cancel the runtime and '
-          'reconfigure your preferred encoding, otherwise continue at own '
-          'risk.')
-      time.sleep(5)
+          'parsed and processed. This will most likely result in an error.'))
 
     try:
       self.ParseOptions(options)
@@ -463,9 +455,8 @@ def ParseOptions(self, options):
 
     self._command_line_arguments = self.GetCommandLineArguments()
 
-    helpers_manager.ArgumentHelperManager.ParseOptions(
-        options, self, names=['storage_file'])
-
+    # TODO: move check into _CheckStorageFile.
+    self._storage_file_path = self.ParseStringOption(options, 'storage_file')
     self._CheckStorageFile(self._storage_file_path)
 
     self._EnforceProcessMemoryLimit(self._process_memory_limit)

diff --git a/plaso/cli/psteal_tool.py b/plaso/cli/psteal_tool.py
@@ -3,7 +3,6 @@
 
 import argparse
 import collections
-import datetime
 import os
 import textwrap
 
@@ -122,36 +121,6 @@ def __init__(self, input_reader=None, output_writer=None):
     self.list_output_modules = False
     self.list_parsers_and_plugins = False
 
-  def _GenerateStorageFileName(self):
-    """Generates a name for the storage file.
-
-    The result use a timestamp and the basename of the source path.
-
-    Returns:
-      str: a filename for the storage file in the form <time>-<source>.plaso
-
-    Raises:
-      BadConfigOption: raised if the source path is not set.
-    """
-    if not self._source_path:
-      raise errors.BadConfigOption('Please define a source (--source).')
-
-    timestamp = datetime.datetime.now()
-    datetime_string = timestamp.strftime('%Y%m%dT%H%M%S')
-
-    source_path = os.path.abspath(self._source_path)
-
-    if source_path.endswith(os.path.sep):
-      source_path = os.path.dirname(source_path)
-
-    source_name = os.path.basename(source_path)
-
-    if not source_name or source_name in ('/', '\\'):
-      # The user passed the filesystem's root as source
-      source_name = 'ROOT'
-
-    return '{0:s}-{1:s}.plaso'.format(datetime_string, source_name)
-
   def _PrintAnalysisReportsDetails(
       self, storage_reader, number_of_analysis_reports):
     """Prints the details of the analysis reports.
@@ -188,6 +157,18 @@ def _PrintAnalysisReportsDetails(
 
       table_view.Write(self._output_writer)
 
+  def AddStorageOptions(self, argument_group):
+    """Adds the storage options to the argument group.
+
+    Args:
+      argument_group (argparse._ArgumentGroup): argparse argument group.
+    """
+    argument_group.add_argument(
+        '--storage_file', '--storage-file', dest='storage_file', metavar='PATH',
+        type=str, default=None, help=(
+            'The path of the storage file. If not specified, one will be made '
+            'in the form <timestamp>-<source>.plaso'))
+
   def AnalyzeEvents(self):
     """Analyzes events from a plaso storage file and generate a report.
 
@@ -410,12 +391,7 @@ def ParseArguments(self, arguments):
     helpers_manager.ArgumentHelperManager.AddCommandLineArguments(
         extraction_group, names=argument_helper_names)
 
-    extraction_group.add_argument(
-        '--storage_file', '--storage-file', metavar='PATH', type=str,
-        default=None, help=(
-            'The path of the storage file. If not specified, one will be made '
-            'in the form <timestamp>-<source>.plaso'))
-
+    self.AddStorageOptions(extraction_group)
     self.AddStorageMediaImageOptions(extraction_group)
     self.AddTimeZoneOption(extraction_group)
     self.AddVSSProcessingOptions(extraction_group)
@@ -466,6 +442,13 @@ def ParseArguments(self, arguments):
       self._output_writer.Write(argument_parser.format_help())
       return False
 
+    # Properly prepare the attributes according to local encoding.
+    if self.preferred_encoding == 'ascii':
+      self._PrintUserWarning((
+          'the preferred encoding of your system is ASCII, which is not '
+          'optimal for the typically non-ASCII characters that need to be '
+          'parsed and processed. This will most likely result in an error.'))
+
     try:
       self.ParseOptions(options)
     except errors.BadConfigOption as exception:
@@ -547,7 +530,7 @@ def ParseOptions(self, options):
     self._ParsePerformanceOptions(options)
     self._ParseProcessingOptions(options)
 
-    self._storage_file_path = getattr(options, 'storage_file', None)
+    self._storage_file_path = self.ParseStringOption(options, 'storage_file')
     if not self._storage_file_path:
       self._storage_file_path = self._GenerateStorageFileName()
 

diff --git a/plaso/cli/tool_options.py b/plaso/cli/tool_options.py
@@ -408,3 +408,13 @@ def _CheckStorageFile(self, storage_file_path, warn_about_existing=False):
     if not os.access(dirname, os.W_OK):
       raise errors.BadConfigOption(
           'Unable to write to storage file: {0:s}'.format(storage_file_path))
+
+  def AddStorageOptions(self, argument_parser):
+    """Adds the storage options to the argument group.
+
+    Args:
+      argument_parser (argparse.ArgumentParser): argparse argument parser.
+    """
+    argument_parser.add_argument(
+        'storage_file', metavar='PATH', nargs='?', type=str, default=None,
+        help='Path to a storage file.')