How to use the plaso.lib.errors.ParseError function in plaso
To help you get started, we’ve selected a few plaso examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
log2timeline / plaso / plaso / filters / expression_parser.py View on Github 
string (Optional[str]): argument string.
Returns:
str: state or None if the argument could not be added to the current
expression.
Raises:
ParseError: if the operator does not support negation.
"""
# Note that "string" is not necessarily of type string.
logging.debug('Storing argument: {0!s}'.format(string))
if self._have_negate_keyword:
operator = self._current_expression.operator
if operator and operator.lower() not in self._OPERATORS_WITH_NEGATION:
raise errors.ParseError(
'Operator: {0:s} does not support negation (not).'.format(operator))
# This expression is complete
if self._current_expression.AddArg(string):
self._stack.append(self._current_expression)
self._current_expression = expressions.EventExpression()
# We go to the BINARY state, to find if there's an AND or OR operator
return 'BINARY'
return None
Raises:
ParseError: if the value data could not be parsed.
"""
value_data = registry_value.data
value_data_size = len(value_data)
if value_data_size < 4:
return
header_map = self._GetDataTypeMap('programscache_header')
try:
header = self._ReadStructureFromByteStream(
value_data, 0, header_map)
except (ValueError, errors.ParseError) as exception:
parser_mediator.ProduceExtractionWarning(
'unable to parse header value with error: {0!s}'.format(
exception))
return
if header.format_version not in (1, 9, 12, 19):
parser_mediator.ProduceExtractionWarning(
'unsupported format version: {0:d}'.format(header.format_version))
return
known_folder_identifier = None
if header.format_version == 1:
value_data_offset = 8
elif header.format_version == 9:
value_data_offset = 6Raises:
ParseError: if the structure cannot be read.
ValueError: if file-like object or data type map is missing.
"""
if not byte_stream:
raise ValueError('Missing byte stream.')
if not data_type_map:
raise ValueError('Missing data type map.')
try:
return data_type_map.MapByteStream(byte_stream, context=context)
except (dtfabric_errors.ByteStreamTooSmallError,
dtfabric_errors.MappingError) as exception:
raise errors.ParseError((
'Unable to map {0:s} data at offset: 0x{1:08x} with error: '
'{2!s}').format(data_type_map.name or '', file_offset, exception))
Args:
lhs (Expression): left hand side expression.
rhs (Expression): right hand side expression.
Raises:
ParseError: if either left hand side or right hand side expression
is not an instance of Expression.
"""
# TODO: add information about what lhs and rhs are to these error messages.
# https://github.com/log2timeline/plaso/pull/2498
if not isinstance(lhs, Expression):
raise errors.ParseError('Left hand side is not an expression')
if not isinstance(rhs, Expression):
raise errors.ParseError('Right hand side is not an expression')
self.args = [lhs, rhs]
Args:
string (Optional[str]): expression string.
Returns:
str: token.
"""
logging.debug('Storing attribute {0:s}'.format(repr(string)))
self.flipped = False
# TODO: Update the expected number_of_args
try:
self.current_expression.SetAttribute(string)
except AttributeError:
raise errors.ParseError('Invalid attribute \'{0:s}\''.format(string))
return 'OPERATOR'
byte_stream (bytes): byte stream.
Returns:
dfdatetime.Filetime: FILETIME date and time value or None if no
value is set.
Raises:
ParseError: if the FILETIME could not be parsed.
"""
filetime_map = self._GetDataTypeMap('filetime')
try:
filetime = self._ReadStructureFromByteStream(
byte_stream, 0, filetime_map)
except (ValueError, errors.ParseError) as exception:
raise errors.ParseError(
'Unable to parse FILETIME value with error: {0!s}'.format(
exception))
if filetime == 0:
return None
try:
return dfdatetime_filetime.Filetime(timestamp=filetime)
except ValueError:
raise errors.ParseError(
'Invalid FILETIME value: 0x{0:08x}'.format(filetime))
ParseError: if the original filename cannot be read.
"""
file_offset = file_object.tell()
if format_version == 1:
data_type_map = self._GetDataTypeMap(
'recycle_bin_metadata_utf16le_string')
else:
data_type_map = self._GetDataTypeMap(
'recycle_bin_metadata_utf16le_string_with_size')
try:
original_filename, _ = self._ReadStructureFromFileObject(
file_object, file_offset, data_type_map)
except (ValueError, errors.ParseError) as exception:
raise errors.ParseError(
'Unable to parse original filename with error: {0!s}'.format(
exception))
if format_version == 1:
return original_filename.rstrip('\x00')
return original_filename.string.rstrip('\x00')
ParseError: if the Windows Registry key does not contain an F value or
F value cannot be parsed.
"""
registry_value = registry_key.GetValueByName('F')
if not registry_value:
raise errors.ParseError(
'missing value: "F" in Windows Registry key: {0:s}.'.format(
registry_key.name))
f_value_map = self._GetDataTypeMap('f_value')
try:
return self._ReadStructureFromByteStream(
registry_value.data, 0, f_value_map)
except (ValueError, errors.ParseError) as exception:
raise errors.ParseError(exception)
if attribute_value_offset == 0:
return None
data_type_map = self._GetDataTypeMap('keychain_string')
file_offset = (
record_offset + attribute_values_data_offset + attribute_value_offset)
attribute_value_offset -= attribute_values_data_offset + 1
attribute_value_data = attribute_values_data[attribute_value_offset:]
try:
string_attribute_value = self._ReadStructureFromByteStream(
attribute_value_data, file_offset, data_type_map)
except (ValueError, errors.ParseError) as exception:
raise errors.ParseError((
'Unable to map string attribute value data at offset: 0x{0:08x} '
'with error: {1!s}').format(file_offset, exception))
return string_attribute_value.stringfile_object (dfvfs.FileIO): file-like object.
Returns:
tuple[str, object]: attribute name and value.
Raises:
ParseError: if the attribute cannot be parsed.
"""
file_offset = file_object.tell()
attribute_map = self._GetDataTypeMap('cups_ipp_attribute')
try:
attribute, _ = self._ReadStructureFromFileObject(
file_object, file_offset, attribute_map)
except (ValueError, errors.ParseError) as exception:
raise errors.ParseError(
'Unable to parse attribute with error: {0!s}'.format(exception))
value = None
if attribute.tag_value in self._INTEGER_TAG_VALUES:
# TODO: correct file offset to point to the start of value_data.
value = self._ParseIntegerValue(attribute.value_data, file_offset)
elif attribute.tag_value == self._TAG_VALUE_BOOLEAN:
value = self._ParseBooleanValue(attribute.value_data)
elif attribute.tag_value == self._TAG_VALUE_DATE_TIME:
# TODO: correct file offset to point to the start of value_data.
value = self._ParseDateTimeValue(attribute.value_data, file_offset)
elif attribute.tag_value in self._STRING_WITHOUT_LANGUAGE_VALUES:
value = attribute.value_data.decode(self._last_charset_attribute)plaso
Plaso (log2timeline) - Super timeline all the things
Package Health Score
78 / 100Popular plaso functions
- plaso.containers.events
- plaso.containers.events.EventData
- plaso.containers.sessions.Session
- plaso.containers.time_events
- plaso.containers.time_events.DateTimeValuesEvent
- plaso.engine.knowledge_base.KnowledgeBase
- plaso.formatters.interface
- plaso.formatters.interface.ConditionalEventFormatter
- plaso.formatters.manager
- plaso.formatters.manager.FormattersManager
- plaso.formatters.manager.FormattersManager.RegisterFormatter
- plaso.lib.definitions
- plaso.lib.errors
- plaso.lib.errors.BadConfigObject
- plaso.lib.errors.BadConfigOption
- plaso.lib.errors.ParseError
- plaso.lib.errors.UnableToParseFile
- plaso.lib.py2to3
- plaso.lib.timelib.Timestamp.CopyFromString
- plaso.parsers.manager.ParsersManager.RegisterParser