Merge remote-tracking branch 'origin/docstring_check' into docstring_…

…check # Conflicts: # plaso/analysis/windows_services.py # plaso/cli/helpers/manager.py # plaso/engine/zeromq_queue.py # plaso/formatters/chrome.py # plaso/formatters/chrome_extension_activity.py # plaso/formatters/chrome_preferences.py # plaso/formatters/default.py # plaso/formatters/file_system.py # plaso/formatters/firefox.py # plaso/formatters/fseventsd.py # plaso/formatters/gdrive.py # plaso/formatters/hachoir.py # plaso/formatters/imessage.py # plaso/formatters/interface.py # plaso/formatters/kik_ios.py # plaso/formatters/msiecf.py # plaso/formatters/olecf.py # plaso/formatters/recycler.py # plaso/formatters/safari_cookies.py # plaso/formatters/shell_items.py # plaso/formatters/shutdown.py # plaso/formatters/symantec.py # plaso/formatters/trendmicroav.py # plaso/formatters/twitter_ios.py # plaso/formatters/utmp.py # plaso/formatters/utmpx.py # plaso/formatters/winjob.py # plaso/formatters/winlnk.py # plaso/formatters/winprefetch.py # plaso/formatters/winreg.py # plaso/formatters/winrestore.py # plaso/lib/lexer.py # plaso/lib/objectfilter.py # plaso/lib/timelib.py # plaso/output/null.py # plaso/parsers/bash_history.py # plaso/parsers/cups_ipp.py # plaso/parsers/docker.py # plaso/parsers/firefox_cache.py # plaso/parsers/iis.py # plaso/parsers/interface.py # plaso/parsers/java_idx.py # plaso/parsers/mac_keychain.py # plaso/parsers/mactime.py # plaso/parsers/mediator.py # plaso/parsers/plugins.py # plaso/parsers/sqlite.py # plaso/parsers/syslog.py # plaso/parsers/text_parser.py # plaso/parsers/winfirewall.py # plaso/parsers/winreg_plugins/mrulist.py # plaso/parsers/winreg_plugins/mrulistex.py # plaso/serializer/json_serializer.py # plaso/storage/fake/writer.py
Onager · Aug 1, 2018 · face521 · face521
2 parents 06ed337 + c6ff5f5
commit face521
Show file tree

Hide file tree

Showing 54 changed files with 800 additions and 107 deletions.
diff --git a/.pylintrc b/.pylintrc
@@ -67,6 +67,7 @@ disable=
     useless-suppression,
     deprecated-pragma,
     no-absolute-import,
+    missing-param-doc,
     metaclass-assignment,
     eq-without-hash,
     fixme,

diff --git a/docs/conf.py b/docs/conf.py
@@ -77,11 +77,11 @@ def __add__(self, other):
 modules_to_mock = list(dependencies.PYTHON_DEPENDENCIES.keys())
 
 # We also need to mock some modules that we don't have explicit dependencies on
-# so that we can generated documentation for those components. We also need
+# so that we can generate documentation for those components. We also need
 # to explicitly mock each submodule.
 # TODO: Find a better way to do this
 ADDITIONAL_MODULES = set([
-    'artifacts.knowledge_base', 'dateutil.parser', 'dfvfs.analyzer',
+    'artifacts.knowledge_base', 'dateutil.parser', 'dtfabric.runtime', 'dfvfs.analyzer',
     'dfvfs.credentials', 'dfvfs.file_io', 'dfvfs.helpers', 'dfvfs.lib',
     'dfvfs.path', 'dfvfs.resolver', 'dfvfs.serializer',
     'dfvfs.serializer.json_serializer', 'dfvfs.vfs', 'dfvfs.volume',
@@ -91,7 +91,7 @@ def __add__(self, other):
     'pyelasticsearch', 'timesketch', 'timesketch.lib',
     'timesketch.lib.datastores', 'timesketch.lib.datastores.elastic',
     'timesketch.models', 'timesketch.models.sketch',
-    'timesketch.models.user'])
+    'timesketch.models.user', 'lz4.block'])
 modules_to_mock = set(modules_to_mock).union(ADDITIONAL_MODULES)
 
 # Readthedocs has it's own install of chardet, requests and urllib3, so remove

diff --git a/plaso/analysis/manager.py b/plaso/analysis/manager.py
@@ -103,7 +103,7 @@ def GetPlugins(cls):
     """Retrieves the registered analysis plugin classes.
 
     Yields:
-      tuple: contains:
+      tuple: containing:
 
         str: name of the plugin
         type: plugin class

diff --git a/plaso/cli/image_export_tool.py b/plaso/cli/image_export_tool.py
@@ -349,7 +349,7 @@ def _GetSourceFileSystem(self, source_path_spec, resolver_context=None):
       resolver_context (dfvfs.Context): resolver context.
 
     Returns:
-      tuple: contains:
+      tuple: containing:
 
         dfvfs.FileSystem: file system.
         dfvfs.PathSpec: mount point path specification that refers

diff --git a/plaso/cli/tool_options.py b/plaso/cli/tool_options.py
@@ -231,7 +231,7 @@ def _GetParserPresetsInformation(self):
     """Retrieves the parser presets information.
 
     Returns:
-      list[tuple]: contains:
+      list[tuple]: containing:
 
         str: parser preset name
         str: parsers names corresponding to the preset

diff --git a/plaso/engine/tagging_file.py b/plaso/engine/tagging_file.py
@@ -45,7 +45,7 @@ def _ParseDefinitions(self, tagging_file_path):
       tagging_file_path (str): path to the tagging file.
 
     Yields:
-      tuple: contains:
+      tuple: containing:
 
         str: label name.
         list[efilter.query.Query]: efilter queries.

diff --git a/plaso/engine/zeromq_queue.py b/plaso/engine/zeromq_queue.py
@@ -98,7 +98,7 @@ def _SendItem(self, zmq_socket, item, block=True):
       zmq_socket (zmq.Socket): used to the send the item.
       item (object): sent on the queue. Will be pickled prior to sending.
       block (Optional[bool]): whether the push should be performed in blocking
-          or non-block mode.
+          or non-blocking mode.
 
     Returns:
       bool: whether the item was sent successfully.
@@ -299,7 +299,7 @@ def PushItem(self, item, block=True):
     Args:
       item (object): item to push on the queue.
       block (Optional[bool]): whether the push should be performed in blocking
-          or non-block mode.
+          or non-blocking mode.
 
     Raises:
       QueueAlreadyClosed: If the queue is closed.
@@ -314,7 +314,7 @@ def PopItem(self):
       object: item from the queue.
 
     Raises:
-      QueueEmpty: If the queue is empty, and no item could be popped within the
+      QueueEmpty: if the queue is empty, and no item could be popped within the
           queue timeout.
     """
 
@@ -378,7 +378,7 @@ def PushItem(self, item, block=True):
     Args:
       item (object): item to push on the queue.
       block (Optional[bool]): whether the push should be performed in blocking
-          or non-block mode.
+          or non-blocking mode.
 
     Raises:
       WrongQueueType: As Push is not supported this queue.
@@ -425,7 +425,7 @@ def PushItem(self, item, block=True):
     Args:
       item (object): item to push on the queue.
       block (Optional[bool]): whether the push should be performed in blocking
-          or non-block mode.
+          or non-blocking mode.
 
     Raises:
       KeyboardInterrupt: if the process is sent a KeyboardInterrupt while
@@ -540,7 +540,7 @@ def PushItem(self, item, block=True):
     Args:
       item (object): item to push on the queue.
       block (Optional[bool]): whether the push should be performed in blocking
-          or non-block mode.
+          or non-blocking mode.
 
     Raises:
       WrongQueueType: As Push is not supported this queue.
@@ -757,7 +757,7 @@ def PushItem(self, item, block=True):
     Args:
       item (object): item to push on the queue.
       block (Optional[bool]): whether the push should be performed in blocking
-          or non-block mode.
+          or non-blocking mode.
 
     Raises:
       QueueAlreadyClosed: If the queue is closed.

diff --git a/plaso/filters/filter_list.py b/plaso/filters/filter_list.py
@@ -32,11 +32,11 @@ def _IncludeKeyword(self, loader, node):
     http://pyyaml.org/wiki/PyYAMLDocumentation
 
     Args:
-      loader: the YAML loader object (instance of yaml.Loader).
-      node: a YAML node (instance of yaml.TODO).
+      loader (yaml.Loader): the YAML loader object (instance of yaml.Loader).
+      node (yaml.node): a YAML node.
 
     Returns:
-      A Python object or None.
+      object: a Python object or None.
     """
     filename = loader.construct_scalar(node)
     if not os.path.isfile(filename):
@@ -55,7 +55,8 @@ def _ParseEntry(self, entry):
     """Parses a single filter entry.
 
     Args:
-      entry: YAML string that defines a single object filter entry.
+      entry (dict[str, dict(str, object)]): dictionary containing one more
+        filter rules and associated metadata.
 
     Raises:
       WrongPlugin: if the entry cannot be parsed.
@@ -82,7 +83,7 @@ def CompileFilter(self, filter_expression):
     The filter expression contains the name of a YAML file.
 
     Args:
-      filter_expression: string that contains the filter expression.
+      filter_expression (str): filter expression.
 
     Raises:
       WrongPlugin: if the filter could not be compiled.

diff --git a/plaso/formatters/__init__.py b/plaso/formatters/__init__.py
@@ -33,11 +33,13 @@
 from plaso.formatters import gdrive
 from plaso.formatters import gdrive_synclog
 from plaso.formatters import hachoir
+from plaso.formatters import hangouts_messages
 from plaso.formatters import iis
 from plaso.formatters import imessage
 from plaso.formatters import ipod
 from plaso.formatters import java_idx
 from plaso.formatters import kik_ios
+from plaso.formatters import kodi
 from plaso.formatters import ls_quarantine
 from plaso.formatters import mac_appfirewall
 from plaso.formatters import mac_document_versions
@@ -55,8 +57,8 @@
 from plaso.formatters import oxml
 from plaso.formatters import pe
 from plaso.formatters import plist
-from plaso.formatters import popcontest
 from plaso.formatters import pls_recall
+from plaso.formatters import popcontest
 from plaso.formatters import recycler
 from plaso.formatters import safari
 from plaso.formatters import safari_cookies
@@ -68,8 +70,8 @@
 from plaso.formatters import skydrivelog
 from plaso.formatters import skype
 from plaso.formatters import sophos_av
-from plaso.formatters import ssh
 from plaso.formatters import srum
+from plaso.formatters import ssh
 from plaso.formatters import symantec
 from plaso.formatters import syslog
 from plaso.formatters import systemd_journal

diff --git a/plaso/formatters/asl.py b/plaso/formatters/asl.py
@@ -51,9 +51,9 @@ def GetMessages(self, formatter_mediator, event):
     """Determines the formatted message strings for an event object.
 
     Args:
-      formatter_mediator (FormatterMediator): mediates the interactions between
-          formatters and other components, such as storage and Windows EventLog
-          resources.
+      unused_formatter_mediator (FormatterMediator): mediates the interactions
+          between formatters and other components, such as storage and Windows
+          EventLog resources.
       event (EventObject): event.
 
     Returns:

diff --git a/plaso/formatters/chrome.py b/plaso/formatters/chrome.py
@@ -85,8 +85,7 @@ class ChromePageVisitedFormatter(interface.ConditionalEventFormatter):
       4: 'SOURCE_IE_IMPORTED',
       5: 'SOURCE_SAFARI_IMPORTED'}
 
-  # pylint: disable=unused-argument
-  def GetMessages(self, formatter_mediator, event):
+  def GetMessages(self, unused_formatter_mediator, event):
     """Determines the formatted message strings for an event object.
 
     Args:

diff --git a/plaso/formatters/hangouts_messages.py b/plaso/formatters/hangouts_messages.py
@@ -0,0 +1,75 @@
+# -*- coding: utf-8 -*-
+"""The Google Hangouts messages database event formatter."""
+
+from __future__ import unicode_literals
+
+from plaso.formatters import interface
+from plaso.formatters import manager
+from plaso.lib import errors
+
+
+_MESSAGE_TYPES = {
+    1: 'SENT',
+    2: 'RECEIVED'}
+
+_MESSAGE_STATUSES = {
+    0: 'UNREAD',
+    4: 'READ'}
+
+
+class HangoutsFormatter(interface.ConditionalEventFormatter):
+  """Formatter for an Hangouts message event."""
+
+  DATA_TYPE = 'android:messaging:hangouts'
+
+  FORMAT_STRING_PIECES = [
+      'Sender: {sender}',
+      'Body: {body}',
+      'Status: {message_status}',
+      'Type: {message_type}']
+
+  FORMAT_STRING_SHORT_PIECES = ['{body}']
+
+  SOURCE_LONG = 'Google Hangouts Message'
+  SOURCE_SHORT = 'HANGOUTS'
+
+  # VALUE_FORMATTERS contains formatting functions for event values that are
+  # not ready for human consumption.
+  # These functions replace the integer codes for scan types and scan results
+  # (a.k.a. actions) with human-readable strings.
+  VALUE_FORMATTERS = {
+      'message_type': lambda message_type: _MESSAGE_TYPES[message_type],
+      'message_status':
+          lambda message_status: _MESSAGE_STATUSES[message_status]}
+
+  def GetMessages(self, unused_formatter_mediator, event):
+    """Determines the formatted message strings for an event object.
+
+    If any event values have a matching formatting function in VALUE_FORMATTERS,
+    they are run through that function; then the dictionary is passed to the
+    superclass's formatting method.
+
+    Args:
+      unused_formatter_mediator (FormatterMediator): not used.
+      event (EventObject): event.
+
+    Returns:
+      tuple(str, str): formatted message string and short message string.
+
+    Raises:
+      WrongFormatter: if the event object cannot be formatted by the formatter.
+    """
+    if self.DATA_TYPE != event.data_type:
+      raise errors.WrongFormatter(
+          'Unsupported data type: {0:s}.'.format(event.data_type))
+
+    event_values = event.CopyToDict()
+    for formattable_value_name, formatter in self.VALUE_FORMATTERS.items():
+      if formattable_value_name in event_values:
+        value = event_values[formattable_value_name]
+        event_values[formattable_value_name] = formatter(value)
+
+    return self._ConditionalFormatMessages(event_values)
+
+
+manager.FormattersManager.RegisterFormatter(HangoutsFormatter)
diff --git a/plaso/formatters/kodi.py b/plaso/formatters/kodi.py
@@ -0,0 +1,25 @@
+# -*- coding: utf-8 -*-
+"""The Kodi MyVideos database event formatter."""
+
+from __future__ import unicode_literals
+
+from plaso.formatters import interface
+from plaso.formatters import manager
+
+
+class KodiFormatter(interface.ConditionalEventFormatter):
+  """Formatter for an Kodi Video event."""
+
+  DATA_TYPE = 'kodi:videos:viewing'
+
+  FORMAT_STRING_PIECES = [
+      'Video: {filename}',
+      'Play Count: {play_count}']
+
+  FORMAT_STRING_SHORT_PIECES = ['{filename}']
+
+  SOURCE_LONG = 'Kodi Video Viewed'
+  SOURCE_SHORT = 'KODI'
+
+
+manager.FormattersManager.RegisterFormatter(KodiFormatter)
diff --git a/plaso/lib/timelib.py b/plaso/lib/timelib.py
@@ -25,7 +25,6 @@
 # pylint: disable=missing-type-doc,missing-return-type-doc
 
 
-
 MONTH_DICT = {
     'jan': 1,
     'feb': 2,

diff --git a/plaso/multi_processing/base_process.py b/plaso/multi_processing/base_process.py
@@ -115,8 +115,8 @@ def _SigSegvHandler(self, signal_number, stack_frame):
     """Signal handler for the SIGSEGV signal.
 
     Args:
-      signal_number (int): numeric representation of the signal.
-      stack_frame (frame): current stack frame or None.
+      unused_signal_number (int): numeric representation of the signal.
+      unused_stack_frame (frame): current stack frame or None.
     """
     self._OnCriticalError()
 
@@ -131,8 +131,8 @@ def _SigTermHandler(self, signal_number, stack_frame):
     """Signal handler for the SIGTERM signal.
 
     Args:
-      signal_number (int): numeric representation of the signal.
-      stack_frame (frame): current stack frame or None.
+      unused_signal_number (int): numeric representation of the signal.
+      unused_stack_frame (frame): current stack frame or None.
     """
     self.SignalAbort()
 

diff --git a/plaso/multi_processing/psort.py b/plaso/multi_processing/psort.py
@@ -68,7 +68,7 @@ def _GetEventIdentifiers(self, event):
       event (EventObject): event.
 
     Returns:
-      tuple: contains:
+      tuple: containing:
 
         str: identifier of the event MACB group or None if the event cannot
             be grouped.
@@ -127,7 +127,7 @@ def PopEvent(self):
     """Pops an event from the heap.
 
     Returns:
-      tuple: contains:
+      tuple: containing:
 
         str: identifier of the event MACB group or None if the event cannot
             be grouped.

diff --git a/plaso/output/dynamic.py b/plaso/output/dynamic.py
@@ -273,7 +273,7 @@ def _FormatZone(self, event):
     """Formats the time zone.
 
     Args:
-      event (EventObject): event.
+      unused_event (EventObject): event.
 
     Returns:
       str: time zone field.