Added session configuration attribute container log2timeline#109

plaso/cli/log2timeline_tool.py

@@ -434,14 +434,15 @@ def ExtractEventsFromSources(self):
       logger.debug('Starting extraction in single process mode.')
 
       processing_status = extraction_engine.ProcessSources(
-          self._source_path_specs, storage_writer, self._resolver_context,
-          configuration, status_update_callback=status_update_callback)
+          session, self._source_path_specs, storage_writer,
+          self._resolver_context, configuration,
+          status_update_callback=status_update_callback)
 
     else:
       logger.debug('Starting extraction in multi process mode.')
 
       processing_status = extraction_engine.ProcessSources(
-          session.identifier, self._source_path_specs, storage_writer,
+          session, self._source_path_specs, storage_writer,
           configuration, enable_sigsegv_handler=self._enable_sigsegv_handler,
           number_of_worker_processes=self._number_of_extraction_workers,
           status_update_callback=status_update_callback,

plaso/cli/pinfo_tool.py

@@ -16,7 +16,6 @@
 from plaso.cli import tools
 from plaso.cli import views
 from plaso.cli.helpers import manager as helpers_manager
-from plaso.engine import knowledge_base
 from plaso.lib import definitions
 from plaso.lib import errors
 from plaso.lib import loggers
@@ -436,27 +435,16 @@ def _PrintParsersCounter(self, parsers_counter, session_identifier=None):
 
     table_view.Write(self._output_writer)
 
-  def _PrintPreprocessingInformation(
-      self, storage_reader, session_identifier=None):
-    """Prints the details of the preprocessing information.
+  def _PrintSourceConfiguration(
+      self, source_configuration, session_identifier=None):
+    """Prints the details of a source configuration.
 
     Args:
-      storage_reader (StorageReader): storage reader.
+      source_configuration (SourceConfiguration): source configuration.
       session_identifier (Optional[str]): session identifier, formatted as
           a UUID.
     """
-    knowledge_base_object = knowledge_base.KnowledgeBase()
-
-    storage_reader.ReadPreprocessingInformation(knowledge_base_object)
-
-    lookup_identifier = session_identifier
-    if lookup_identifier:
-      # The knowledge base requires the session identifier to be formatted in
-      # hexadecimal representation.
-      lookup_identifier = lookup_identifier.replace('-', '')
-
-    system_configuration = knowledge_base_object.GetSystemConfigurationArtifact(
-        session_identifier=lookup_identifier)
+    system_configuration = source_configuration.system_configuration
     if not system_configuration:
       return
 
@@ -574,8 +562,9 @@ def _PrintSessionsDetails(self, storage_reader):
       table_view.Write(self._output_writer)
 
       if self._verbose:
-        self._PrintPreprocessingInformation(
-            storage_reader, session_identifier=session_identifier)
+        for source_configuration in session.source_configurations:
+          self._PrintSourceConfiguration(
+              source_configuration, session_identifier=session_identifier)
 
         self._PrintParsersCounter(
             session.parsers_counter, session_identifier=session_identifier)

plaso/cli/psort_tool.py

@@ -520,6 +520,15 @@ def ProcessStorage(self):
           'Format of storage file: {0:s} not supported'.format(
               self._storage_file_path))
 
+    for session in storage_reader.GetSessions():
+      if not session.source_configurations:
+        storage_reader.ReadSystemConfiguration(self._knowledge_base)
+      else:
+        for source_configuration in session.source_configurations:
+          self._knowledge_base.ReadSystemConfigurationArtifact(
+              source_configuration.system_configuration,
+              session_identifier=session.identifier)
+
     self._number_of_analysis_reports = (
         storage_reader.GetNumberOfAnalysisReports())
     storage_reader.Close()

plaso/cli/psteal_tool.py

@@ -327,15 +327,15 @@ def ExtractEventsFromSources(self):
       logger.debug('Starting extraction in single process mode.')
 
       processing_status = extraction_engine.ProcessSources(
-          self._source_path_specs, storage_writer, self._resolver_context,
-          configuration, status_update_callback=status_update_callback)
+          session, self._source_path_specs, storage_writer,
+          self._resolver_context, configuration,
+          status_update_callback=status_update_callback)
 
     else:
       logger.debug('Starting extraction in multi process mode.')
 
       processing_status = extraction_engine.ProcessSources(
-          session.identifier, self._source_path_specs, storage_writer,
-          configuration,
+          session, self._source_path_specs, storage_writer, configuration,
           enable_sigsegv_handler=self._enable_sigsegv_handler,
           number_of_worker_processes=self._number_of_extraction_workers,
           status_update_callback=status_update_callback)

plaso/containers/artifacts.py

@@ -219,6 +219,34 @@ def IsEquivalent(self, other):
     return False
 
 
+class SourceConfigurationArtifact(ArtifactAttributeContainer):
+  """Source configuration artifact attribute container.
+
+  The source configuration contains the configuration data of a source
+  that is (or going to be) processed such as volume in a storage media
+  image or a mounted directory.
+
+  Attributes:
+    path_spec (dfvfs.PathSpec): path specification of the source that is
+        processed.
+    system_configuration (SystemConfigurationArtifact): system configuration of
+        a specific system installation, such as Windows or Linux, detected by
+        the pre-processing on the source.
+  """
+  CONTAINER_TYPE = 'source_configuration'
+
+  def __init__(self, path_spec=None):
+    """Initializes a source configuration artifact.
+
+    Args:
+      path_spec (Optional[dfvfs.PathSpec]): path specification of the source
+          that is processed.
+    """
+    super(SourceConfigurationArtifact, self).__init__()
+    self.path_spec = path_spec
+    self.system_configuration = None
+
+
 class SystemConfigurationArtifact(ArtifactAttributeContainer):
   """System configuration artifact attribute container.
 
@@ -331,5 +359,5 @@ def GetUserDirectoryPathSegments(self):
 
 
 manager.AttributeContainersManager.RegisterAttributeContainers([
-    EnvironmentVariableArtifact, HostnameArtifact, SystemConfigurationArtifact,
-    TimeZoneArtifact, UserAccountArtifact])
+    EnvironmentVariableArtifact, HostnameArtifact, SourceConfigurationArtifact,
+    SystemConfigurationArtifact, TimeZoneArtifact, UserAccountArtifact])

plaso/containers/sessions.py

@@ -39,6 +39,8 @@ class Session(interface.AttributeContainer):
     product_name (str): name of the product that created the session for
         example "log2timeline".
     product_version (str): version of the product that created the session.
+    source_configurations (list[SourceConfiguration]): configuration of sources
+        that are (or going to be) processed.
     start_time (int): time that the session was started. Contains the number
         of micro seconds since January 1, 1970, 00:00:00 UTC.
   """
@@ -64,6 +66,7 @@ def __init__(self):
     self.preferred_year = None
     self.product_name = 'plaso'
     self.product_version = plaso.__version__
+    self.source_configurations = None
     self.start_time = int(time.time() * 1000000)
 
   def CopyAttributesFromSessionCompletion(self, session_completion):
@@ -94,25 +97,62 @@ def CopyAttributesFromSessionCompletion(self, session_completion):
     if session_completion.parsers_counter:
       self.parsers_counter = session_completion.parsers_counter
 
+  def CopyAttributesFromSessionConfiguration(self, session_configuration):
+    """Copies attributes from a session configuration.
+
+    Args:
+      session_configuration (SessionConfiguration): session configuration
+          attribute container.
+
+    Raises:
+      ValueError: if the identifier of the session configuration does not match
+          that of the session.
+    """
+    if self.identifier != session_configuration.identifier:
+      raise ValueError('Session identifier mismatch.')
+
+    self.artifact_filters = session_configuration.artifact_filters
+    self.command_line_arguments = session_configuration.command_line_arguments
+    self.debug_mode = session_configuration.debug_mode
+    self.enabled_parser_names = session_configuration.enabled_parser_names
+    self.filter_file = session_configuration.filter_file
+    self.parser_filter_expression = (
+        session_configuration.parser_filter_expression)
+    self.preferred_encoding = session_configuration.preferred_encoding
+    self.preferred_time_zone = session_configuration.preferred_time_zone
+    self.source_configurations = session_configuration.source_configurations
+
   def CopyAttributesFromSessionStart(self, session_start):
     """Copies attributes from a session start.
 
     Args:
       session_start (SessionStart): session start attribute container.
     """
-    self.artifact_filters = session_start.artifact_filters
-    self.command_line_arguments = session_start.command_line_arguments
-    self.debug_mode = session_start.debug_mode
-    self.enabled_parser_names = session_start.enabled_parser_names
-    self.filter_file = session_start.filter_file
     self.identifier = session_start.identifier
-    self.parser_filter_expression = session_start.parser_filter_expression
-    self.preferred_encoding = session_start.preferred_encoding
-    self.preferred_time_zone = session_start.preferred_time_zone
     self.product_name = session_start.product_name
     self.product_version = session_start.product_version
     self.start_time = session_start.timestamp
 
+    # The following is for backward compatibility with older session start
+    # attribute containers.
+    self.artifact_filters = getattr(
+        session_start, 'artifact_filters', self.artifact_filters)
+    self.command_line_arguments = getattr(
+        session_start, 'command_line_arguments', self.command_line_arguments)
+    self.debug_mode = getattr(
+        session_start, 'debug_mode', self.debug_mode)
+    self.enabled_parser_names = getattr(
+        session_start, 'enabled_parser_names', self.enabled_parser_names)
+    self.filter_file = getattr(
+        session_start, 'filter_file', self.filter_file)
+    self.parser_filter_expression = getattr(
+        session_start, 'parser_filter_expression',
+        self.parser_filter_expression)
+    self.preferred_encoding = getattr(
+        session_start, 'preferred_encoding', self.preferred_encoding)
+    self.preferred_time_zone = getattr(
+        session_start, 'preferred_time_zone', self.preferred_time_zone)
+
   def CreateSessionCompletion(self):
     """Creates a session completion.
 
@@ -130,22 +170,34 @@ def CreateSessionCompletion(self):
     session_completion.timestamp = self.completion_time
     return session_completion
 
+  def CreateSessionConfiguration(self):
+    """Creates a session configuration.
+
+    Returns:
+      SessionConfiguration: session configuration attribute container.
+    """
+    session_configuration = SessionConfiguration()
+    session_configuration.artifact_filters = self.artifact_filters
+    session_configuration.command_line_arguments = self.command_line_arguments
+    session_configuration.debug_mode = self.debug_mode
+    session_configuration.enabled_parser_names = self.enabled_parser_names
+    session_configuration.filter_file = self.filter_file
+    session_configuration.identifier = self.identifier
+    session_configuration.parser_filter_expression = (
+        self.parser_filter_expression)
+    session_configuration.preferred_encoding = self.preferred_encoding
+    session_configuration.preferred_time_zone = self.preferred_time_zone
+    session_configuration.source_configurations = self.source_configurations
+    return session_configuration
+
   def CreateSessionStart(self):
     """Creates a session start.
 
     Returns:
       SessionStart: session start attribute container.
     """
     session_start = SessionStart()
-    session_start.artifact_filters = self.artifact_filters
-    session_start.command_line_arguments = self.command_line_arguments
-    session_start.debug_mode = self.debug_mode
-    session_start.enabled_parser_names = self.enabled_parser_names
-    session_start.filter_file = self.filter_file
     session_start.identifier = self.identifier
-    session_start.parser_filter_expression = self.parser_filter_expression
-    session_start.preferred_encoding = self.preferred_encoding
-    session_start.preferred_time_zone = self.preferred_time_zone
     session_start.product_name = self.product_name
     session_start.product_version = self.product_version
     session_start.timestamp = self.start_time
@@ -185,8 +237,8 @@ def __init__(self, identifier=None):
     self.timestamp = None
 
 
-class SessionStart(interface.AttributeContainer):
-  """Session start attribute container.
+class SessionConfiguration(interface.AttributeContainer):
+  """Session configuration attribute container.
 
   Attributes:
     artifact_filters (list[str]): names of artifact definitions that are
@@ -201,23 +253,20 @@ class SessionStart(interface.AttributeContainer):
     preferred_encoding (str): preferred encoding.
     preferred_time_zone (str): preferred time zone.
     preferred_year (int): preferred year.
-    product_name (str): name of the product that created the session for
-        example "log2timeline".
-    product_version (str): version of the product that created the session.
-    timestamp (int): time that the session was started. Contains the number
-        of micro seconds since January 1, 1970, 00:00:00 UTC.
+    source_configurations (list[SourceConfiguration]): configuration of sources
+        that are (or going to be) processed.
   """
-  CONTAINER_TYPE = 'session_start'
+  CONTAINER_TYPE = 'session_configuration'
 
   def __init__(self, identifier=None):
-    """Initializes a session start attribute container.
+    """Initializes a session configuration attribute container.
 
     Args:
       identifier (Optional[str]): unique identifier of the session.
           The identifier should match that of the corresponding
-          session completion information.
+          session start information.
     """
-    super(SessionStart, self).__init__()
+    super(SessionConfiguration, self).__init__()
     self.artifact_filters = None
     self.command_line_arguments = None
     self.debug_mode = False
@@ -228,10 +277,36 @@ def __init__(self, identifier=None):
     self.preferred_encoding = None
     self.preferred_time_zone = None
     self.preferred_year = None
+    self.source_configurations = None
+
+
+class SessionStart(interface.AttributeContainer):
+  """Session start attribute container.
+
+  Attributes:
+    identifier (str): unique identifier of the session.
+    product_name (str): name of the product that created the session for
+        example "log2timeline".
+    product_version (str): version of the product that created the session.
+    timestamp (int): time that the session was started. Contains the number
+        of micro seconds since January 1, 1970, 00:00:00 UTC.
+  """
+  CONTAINER_TYPE = 'session_start'
+
+  def __init__(self, identifier=None):
+    """Initializes a session start attribute container.
+
+    Args:
+      identifier (Optional[str]): unique identifier of the session.
+          The identifier should match that of the corresponding
+          session completion information.
+    """
+    super(SessionStart, self).__init__()
+    self.identifier = identifier
     self.product_name = None
     self.product_version = None
     self.timestamp = None
 
 
 manager.AttributeContainersManager.RegisterAttributeContainers([
-    Session, SessionCompletion, SessionStart])
+    Session, SessionCompletion, SessionConfiguration, SessionStart])

plaso/engine/knowledge_base.py

@@ -172,7 +172,26 @@ def GetHostname(self, session_identifier=None):
 
     return hostname_artifact.name or ''
 
-  def GetSystemConfigurationArtifact(self, session_identifier=None):
+  def GetSourceConfigurationArtifacts(self, session_identifier=None):
+    """Retrieves the knowledge base as a source configuration artifacts.
+
+    Args:
+      session_identifier (Optional[str])): session identifier, where
+          None represents the active session.
+
+    Returns:
+      list[SourceConfigurationArtifact]: source configuration artifacts.
+    """
+    source_configuration = artifacts.SourceConfigurationArtifact()
+
+    # TODO: set path_spec
+    source_configuration.system_configuration = (
+        self._GetSystemConfigurationArtifact(
+            session_identifier=session_identifier))
+
+    return [source_configuration]
+
+  def _GetSystemConfigurationArtifact(self, session_identifier=None):
     """Retrieves the knowledge base as a system configuration artifact.
 
     Args: