The Sleuth Kit Framework
4.1
|
The Pipeline class controls the processing of data through an ordered list of dynamic library or executable modules. More...
#include <TskPipeline.h>
Public Member Functions | |
virtual TskPluginModule * | createPluginModule ()=0 |
Create a module for the given pipeline type. More... | |
void | initialize (const std::string &pipelineConfig) |
Parses the XML config file. More... | |
bool | isEmpty () const |
void | logModuleExecutionTimes () const |
Logs the recorded execution times of the modules in the pipeline. | |
virtual void | run (const uint64_t fileId)=0 |
Run a file analysis pipeline on a file with the given ID. More... | |
virtual void | run (TskFile *file)=0 |
Run a file analysis pipeline on the given file object. More... | |
virtual void | run ()=0 |
Run a reporting / post-analysis pipeline. More... | |
TskPipeline () | |
Default constructor. | |
void | validate (const std::string &pipelineConfig) |
Validate a Pipeline based on the given XML configuration string. More... | |
~TskPipeline () | |
Destructor. | |
Static Public Attributes | |
static const std::string | MODULE_ARGS_ATTR = "arguments" |
attribute for module arguments in XML config file | |
static const std::string | MODULE_ELEMENT = "MODULE" |
module element in XML config file | |
static const std::string | MODULE_EXECUTABLE_TYPE = "executable" |
value of MODULE_TYPE_ATTR for executable modules | |
static const std::string | MODULE_LOCATION_ATTR = "location" |
attribute for module location in XML config file | |
static const std::string | MODULE_ORDER_ATTR = "order" |
attribute for module order in XML config file | |
static const std::string | MODULE_OUTPUT_ATTR = "output" |
attribute for module output in XML config file | |
static const std::string | MODULE_PLUGIN_TYPE = "plugin" |
value of MODULE_TYPE_ATTR for library modules | |
static const std::string | MODULE_TYPE_ATTR = "type" |
attribute for module type in XML config file | |
Protected Member Functions | |
bool | excludeFile (const TskFile *) |
Determine whether a particular file should be processed. More... | |
void | updateModuleExecutionTime (int moduleId, const Poco::Timespan::TimeDiff &executionTime) |
Updates the recorded execution time of a module in the pipeline. More... | |
Protected Attributes | |
bool | m_hasExeModule |
True if any module is an executable module. | |
std::vector< TskModule * > | m_modules |
Collection of modules in the pipeline. | |
The Pipeline class controls the processing of data through an ordered list of dynamic library or executable modules.
Different types of pipeline implementations exist for the different types of data. Pipelines are created by the TskPipelineManager class.
|
pure virtual |
Create a module for the given pipeline type.
Implemented in TskReportPipeline, and TskFileAnalysisPipeline.
|
protected |
Determine whether a particular file should be processed.
References TskFile::isDirectory(), TskFile::isVirtual(), and LOGERROR.
Referenced by TskFileAnalysisPipeline::run().
void TskPipeline::initialize | ( | const std::string & | pipelineConfig) |
Parses the XML config file.
Modules are loaded if m_loadDll is set to true.
pipelineConfig | String of a config file for the specific type of pipeline. |
TskException | in case of error. |
References TskModule::getDescription(), TskServices::getImgDB(), TskModule::getModuleId(), TskModule::getName(), TskServices::Instance(), LOGWARN, m_modules, MODULE_ELEMENT, MODULE_ORDER_ATTR, and TskModule::setModuleId().
Referenced by TskPipelineManager::createPipeline(), and validate().
|
pure virtual |
Run a file analysis pipeline on a file with the given ID.
fileId | Id of file to run pipeilne on. |
exceptions | on errors |
Implemented in TskReportPipeline, and TskFileAnalysisPipeline.
|
pure virtual |
Run a file analysis pipeline on the given file object.
file | TskFile object to run pipeilne on. |
exceptions | on errors |
Implemented in TskReportPipeline, and TskFileAnalysisPipeline.
|
pure virtual |
Run a reporting / post-analysis pipeline.
exceptions | on errors |
Implemented in TskReportPipeline, and TskFileAnalysisPipeline.
|
protected |
Updates the recorded execution time of a module in the pipeline.
moduleId | Module ID of the module. |
executionTime | Time increment to add to totasl execution time of the module. |
References LOGERROR.
Referenced by TskFileAnalysisPipeline::run(), and TskReportPipeline::run().
void TskPipeline::validate | ( | const std::string & | pipelineConfig) |
Validate a Pipeline based on the given XML configuration string.
pipelineConfig | String of config file for the specific type of pipeline. |
TskException | in case of error. |
References initialize().
Copyright © 2011-2013 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.