Worked on attribute container identifiers log2timeline#771

joachimmetz · Aug 10, 2016 · ecb749f · ecb749f
1 parent 0d0bce9
commit ecb749f
Show file tree

Hide file tree

Showing 3 changed files with 69 additions and 48 deletions.
diff --git a/plaso/storage/gzip_file.py b/plaso/storage/gzip_file.py
@@ -7,6 +7,7 @@
 import gzip
 
 from plaso.lib import definitions
+from plaso.storage import identifiers
 from plaso.storage import interface
 
 
@@ -122,7 +123,19 @@ def AddEventTag(self, event_tag):
 
     Args:
       event_tag (EventTag): event tag.
+
+    Raises:
+      IOError: if the event tag event identifier type is not supported.
     """
+    event_identifier = event_tag.GetEventIdentifier()
+    if not isinstance(
+        event_identifier, identifiers.SerializedStreamIdentifier):
+      raise IOError(u'Unsupported event identifier type: {0:s}'.format(
+          type(event_identifier)))
+
+    event_tag.event_stream_number = event_identifier.stream_number
+    event_tag.event_entry_index = event_identifier.entry_index
+
     self._WriteAttributeContainer(event_tag)
 
   def Close(self):
@@ -179,10 +192,15 @@ def GetEventSources(self):
   def GetEventTags(self):
     """Retrieves the event tags.
 
-    Returns:
-      generator(EventTag): event tag generator.
+    Yields:
+      EventTag: event tag.
     """
-    return iter(self._GetAttributeContainerList(u'event_tag'))
+    for event_tag in iter(self._GetAttributeContainerList(u'event_tag')):
+      event_identifier = identifiers.SerializedStreamIdentifier(
+          event_tag.event_stream_number, event_tag.event_entry_index)
+      event_tag.SetEventIdentifier(event_identifier)
+
+      yield event_tag
 
   def HasAnalysisReports(self):
     """Determines if a storage contains analysis reports.

diff --git a/plaso/storage/identifiers.py b/plaso/storage/identifiers.py
@@ -0,0 +1,32 @@
+# -*- coding: utf-8 -*-
+"""Storage attribute container identifier objects."""
+
+from plaso.containers import interface as containers_interface
+
+
+class SerializedStreamIdentifier(
+    containers_interface.AttributeContainerIdentifier):
+  """Class that defines the serialized stream attribute container identifier.
+
+  The identifier is used to uniquely identify attribute containers.
+
+  Attributes:
+    stream_number (int): number of the serialized attribute container stream.
+    entry_index (int): number of the serialized event within the stream.
+  """
+
+  def __init__(self, stream_number, entry_index):
+    """Initializes a serialized stream attribute container identifier.
+
+    Args:
+      stream_number (int): number of the serialized attribute container stream.
+      entry_index (int): number of the serialized event within the stream.
+    """
+    super(SerializedStreamIdentifier, self).__init__()
+    self.entry_index = entry_index
+    self.stream_number = stream_number
+
+  @property
+  def identifier(self):
+    """str: unique identifier or None."""
+    return u'{0:d}.{1:d}'.format(self.stream_number, self.entry_index)
diff --git a/plaso/storage/zip_file.py b/plaso/storage/zip_file.py
@@ -131,42 +131,14 @@
 
 import construct
 
-from plaso.containers import interface as containers_interface
 from plaso.containers import sessions
 from plaso.lib import definitions
 from plaso.serializer import json_serializer
+from plaso.storage import identifiers
 from plaso.storage import interface
 from plaso.storage import gzip_file
 
 
-class _ZIPStorageAttributeContainerIdentifier(
-    containers_interface.AttributeContainerIdentifier):
-  """Class that defines the ZIP storage attribute container identifier.
-
-  The identifier is used to uniquely identify attribute containers.
-
-  Attributes:
-    stream_number (int): number of the serialized attribute container stream.
-    entry_index (int): number of the serialized event within the stream.
-  """
-
-  def __init__(self, stream_number, entry_index):
-    """Initializes a ZIP storage file attribute container identifier.
-
-    Args:
-      stream_number (int): number of the serialized attribute container stream.
-      entry_index (int): number of the serialized event within the stream.
-    """
-    super(_ZIPStorageAttributeContainerIdentifier, self).__init__()
-    self.entry_index = entry_index
-    self.stream_number = stream_number
-
-  @property
-  def identifier(self):
-    """str: unique identifier or None."""
-    return u'{0:d}.{1:d}'.format(self.stream_number, self.entry_index)
-
-
 class _AttributeContainersList(object):
   """Class that defines the attribute containers list.
 
@@ -882,7 +854,7 @@ def _GetEvent(self, stream_number, entry_index=NEXT_AVAILABLE_ENTRY):
 
     event = self._DeserializeAttributeContainer(event_data, u'event')
     if event:
-      event_identifier = _ZIPStorageAttributeContainerIdentifier(
+      event_identifier = identifiers.SerializedStreamIdentifier(
           stream_number, entry_index)
       event.SetIdentifier(event_identifier)
     return event
@@ -966,7 +938,7 @@ def _GetEventSource(self, stream_number, entry_index=NEXT_AVAILABLE_ENTRY):
     event_source = self._DeserializeAttributeContainer(
         event_source_data, u'event_source')
     if event_source:
-      event_source_identifier = _ZIPStorageAttributeContainerIdentifier(
+      event_source_identifier = identifiers.SerializedStreamIdentifier(
           stream_number, entry_index)
       event_source.SetIdentifier(event_source_identifier)
     return event_source
@@ -1058,11 +1030,11 @@ def _GetEventTag(self, stream_number, entry_index=NEXT_AVAILABLE_ENTRY):
     event_tag = self._DeserializeAttributeContainer(
         event_tag_data, u'event_tag')
     if event_tag:
-      event_tag_identifier = _ZIPStorageAttributeContainerIdentifier(
+      event_tag_identifier = identifiers.SerializedStreamIdentifier(
           stream_number, entry_index)
       event_tag.SetIdentifier(event_tag_identifier)
 
-      event_identifier = _ZIPStorageAttributeContainerIdentifier(
+      event_identifier = identifiers.SerializedStreamIdentifier(
           event_tag.event_stream_number, event_tag.event_entry_index)
       event_tag.SetEventIdentifier(event_identifier)
 
@@ -2113,7 +2085,7 @@ def AddError(self, error):
     if self._read_only:
       raise IOError(u'Unable to write to read-only storage file.')
 
-    error_identifier = _ZIPStorageAttributeContainerIdentifier(
+    error_identifier = identifiers.SerializedStreamIdentifier(
         self._error_stream_number,
         self._errors_list.number_of_attribute_containers)
     error.SetIdentifier(error_identifier)
@@ -2143,7 +2115,7 @@ def AddEvent(self, event):
     if self._read_only:
       raise IOError(u'Unable to write to read-only storage file.')
 
-    event_identifier = _ZIPStorageAttributeContainerIdentifier(
+    event_identifier = identifiers.SerializedStreamIdentifier(
         self._event_stream_number,
         self._serialized_events_heap.number_of_events)
     event.SetIdentifier(event_identifier)
@@ -2173,7 +2145,7 @@ def AddEventSource(self, event_source):
     if self._read_only:
       raise IOError(u'Unable to write to read-only storage file.')
 
-    event_source_identifier = _ZIPStorageAttributeContainerIdentifier(
+    event_source_identifier = identifiers.SerializedStreamIdentifier(
         self._event_source_stream_number,
         self._event_sources_list.number_of_attribute_containers)
     event_source.SetIdentifier(event_source_identifier)
@@ -2205,13 +2177,12 @@ def AddEventTag(self, event_tag):
       raise IOError(u'Unable to write to read-only storage file.')
 
     event_identifier = event_tag.GetEventIdentifier()
-
     if not isinstance(
-        event_identifier, _ZIPStorageAttributeContainerIdentifier):
+        event_identifier, identifiers.SerializedStreamIdentifier):
       raise IOError(u'Unsupported event identifier type: {0:s}'.format(
           type(event_identifier)))
 
-    event_tag_identifier = _ZIPStorageAttributeContainerIdentifier(
+    event_tag_identifier = identifiers.SerializedStreamIdentifier(
         self._event_tag_stream_number,
         self._event_tags_list.number_of_attribute_containers)
     event_tag.SetIdentifier(event_tag_identifier)
@@ -2378,7 +2349,7 @@ def GetErrors(self):
 
       generator = self._ReadAttributeContainersFromStream(data_stream, u'error')
       for entry_index, error in enumerate(generator):
-        error_identifier = _ZIPStorageAttributeContainerIdentifier(
+        error_identifier = identifiers.SerializedStreamIdentifier(
             stream_number, entry_index)
         error.SetIdentifier(error_identifier)
         yield error
@@ -2442,7 +2413,7 @@ def GetEventSourceByIndex(self, index):
       event_source = self._ReadAttributeContainerFromStreamEntry(
           data_stream, u'event_source')
       if event_source:
-        event_source_identifier = _ZIPStorageAttributeContainerIdentifier(
+        event_source_identifier = identifiers.SerializedStreamIdentifier(
             stream_number, index)
         event_source.SetIdentifier(event_source_identifier)
       return event_source
@@ -2451,7 +2422,7 @@ def GetEventSourceByIndex(self, index):
     event_source = self._DeserializeAttributeContainer(
         entry_data, u'event_source')
     if event_source:
-      event_source_identifier = _ZIPStorageAttributeContainerIdentifier(
+      event_source_identifier = identifiers.SerializedStreamIdentifier(
           stream_number, index)
       event_source.SetIdentifier(event_source_identifier)
     return event_source
@@ -2476,7 +2447,7 @@ def GetEventSources(self):
       generator = self._ReadAttributeContainersFromStream(
           data_stream, u'event_source')
       for entry_index, event_source in enumerate(generator):
-        event_source_identifier = _ZIPStorageAttributeContainerIdentifier(
+        event_source_identifier = identifiers.SerializedStreamIdentifier(
             stream_number, entry_index)
         event_source.SetIdentifier(event_source_identifier)
         yield event_source
@@ -2501,11 +2472,11 @@ def GetEventTags(self):
       generator = self._ReadAttributeContainersFromStream(
           data_stream, u'event_tag')
       for entry_index, event_tag in enumerate(generator):
-        event_tag_identifier = _ZIPStorageAttributeContainerIdentifier(
+        event_tag_identifier = identifiers.SerializedStreamIdentifier(
             stream_number, entry_index)
         event_tag.SetIdentifier(event_tag_identifier)
 
-        event_identifier = _ZIPStorageAttributeContainerIdentifier(
+        event_identifier = identifiers.SerializedStreamIdentifier(
             event_tag.event_stream_number, event_tag.event_entry_index)
         event_tag.SetEventIdentifier(event_identifier)