Added script to export artifact definitions (#24)

ForensicArtifacts · Jan 14, 2024 · 008e204 · 008e204
1 parent 74c36a6
commit 008e204
Show file tree

Hide file tree

Showing 5 changed files with 131 additions and 3 deletions.
diff --git a/data/checks.yaml → artifactsrc/data/checks.yaml b/data/checks.yaml → artifactsrc/data/checks.yaml
diff --git a/artifactsrc/volume_scanner.py b/artifactsrc/volume_scanner.py
@@ -43,6 +43,9 @@ class ArtifactDefinitionsVolumeScanner(dfvfs_volume_scanner.VolumeScanner):
 
   # Preserve the absolute path value of __file__ in case it is changed
   # at run-time.
+  _CHECKS_DEFINITIONS_FILE = (
+      os.path.join(os.path.dirname(__file__), 'data', 'checks.yaml'))
+
   _DEFINITION_FILES_PATH = os.path.dirname(__file__)
 
   _SYSTEM_DIRECTORY_FIND_SPECS = [
@@ -223,8 +226,8 @@ def _ReadChecksDefinitions(self):
     """
     check_definitions = {}
 
-    path = os.path.join(self._data_location, 'checks.yaml')
-    with open(path, 'r', encoding='utf-8') as file_object:
+    with open(self._CHECKS_DEFINITIONS_FILE, 'r',
+              encoding='utf-8') as file_object:
       for check_definition in yaml.safe_load_all(file_object):
         name = check_definition.get('name', None)
         if name:

diff --git a/setup.cfg b/setup.cfg
@@ -29,6 +29,7 @@ scripts =
 [options.package_data]
 artifactsrc =
   *.yaml
+  data/*.yaml
 
 [options.packages.find]
 exclude =

diff --git a/tools/export.py b/tools/export.py
@@ -0,0 +1,124 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+"""Script to export Digital Forensics artifact definitions as documentation."""
+
+import argparse
+import logging
+import os
+import sys
+
+import artifacts
+
+from artifacts import reader as artifacts_reader
+from artifacts import registry as artifacts_registry
+
+
+class StdoutOutputWriter(object):
+  """Stdout output writer."""
+
+  def Close(self):
+    """Closes the output writer."""
+    return
+
+  def Open(self):
+    """Opens the output writer.
+
+    Returns:
+      bool: True if successful or False if not.
+    """
+    return True
+
+  def WriteDefinition(self, artifact_definition):
+    """Writes an artifact definition.
+
+    Args:
+      artifact_definition (ArtifactDefinition): artifact definition.
+    """
+    print(artifact_definition.name)
+
+
+def Main():
+  """The main program function.
+
+  Returns:
+    bool: True if successful or False if not.
+  """
+  argument_parser = argparse.ArgumentParser(description=(
+      'Export Digital Forensics artifact definitions as documentation.'))
+
+  argument_parser.add_argument(
+      '--artifact_definitions', '--artifact-definitions',
+      dest='artifact_definitions', type=str, metavar='PATH', action='store',
+      help=('Path to a directory or file containing the artifact definition '
+            '.yaml files.'))
+
+  argument_parser.add_argument(
+      '--output', dest='output', action='store', metavar='./artifacts-kb/',
+      default=None, help='Directory to write the output to.')
+
+  options = argument_parser.parse_args()
+
+  artifact_definitions = options.artifact_definitions
+  if not artifact_definitions:
+    artifact_definitions = os.path.join(
+        os.path.dirname(artifacts.__file__), 'data')
+    if not os.path.exists(artifact_definitions):
+      artifact_definitions = os.path.join('/', 'usr', 'share', 'artifacts')
+    if not os.path.exists(artifact_definitions):
+      artifact_definitions = None
+
+  if not artifact_definitions:
+    print('Path to artifact definitions is missing.')
+    print('')
+    argument_parser.print_help()
+    print('')
+    return False
+
+  if options.output:
+    if not os.path.exists(options.output):
+      os.mkdir(options.output)
+
+    if not os.path.isdir(options.output):
+      print(f'{options.output:s} must be a directory')
+      print('')
+      return False
+
+  logging.basicConfig(
+      level=logging.INFO, format='[%(levelname)s] %(message)s')
+
+  registry = artifacts_registry.ArtifactDefinitionsRegistry()
+  reader = artifacts_reader.YamlArtifactsReader()
+
+  if os.path.isdir(artifact_definitions):
+    registry.ReadFromDirectory(reader, artifact_definitions)
+  elif os.path.isfile(artifact_definitions):
+    registry.ReadFromFile(reader, artifact_definitions)
+
+  # TODO: add document output writer.
+
+  output_writer = StdoutOutputWriter()
+
+  if not output_writer.Open():
+    print('Unable to open output writer.')
+    print('')
+    return False
+
+  try:
+    for artifact_definition in sorted(
+        registry.GetDefinitions(),
+        key=lambda definition: definition.name.lower()):
+      output_writer.WriteDefinition(artifact_definition)
+
+      # TODO: output artifact definition details.
+
+  finally:
+    output_writer.Close()
+
+  return True
+
+
+if __name__ == '__main__':
+  if not Main():
+    sys.exit(1)
+  else:
+    sys.exit(0)
diff --git a/tox.ini b/tox.ini
@@ -51,4 +51,4 @@ commands =
   pylint --version
   yamllint -v
   pylint --rcfile=.pylintrc artifactsrc setup.py tests tools
-  yamllint -c .yamllint.yaml artifactsrc data
+  yamllint -c .yamllint.yaml artifactsrc artifactsrc/data