volatility3.framework.interfaces.automagic module

Defines the automagic interfaces for populating the context before a plugin runs.

Automagic objects attempt to automatically fill configuration values that a user has not filled.

class AutomagicInterface(context, config_path, *args, **kwargs)[source]

Bases: volatility3.framework.interfaces.configuration.ConfigurableInterface

Class that defines an automagic component that can help fulfill Requirements

These classes are callable with the following parameters:

Parameters
  • context (ContextInterface) – The context in which to store configuration data that the automagic might populate

  • config_path (str) – Configuration path where the configurable’s data under the context’s config lives

  • configurable – The top level configurable whose requirements may need satisfying

  • progress_callback – An optional function accepting a percentage and optional description to indicate progress during long calculations

Note

The context provided here may be different to that provided during initialization. The context provided at initialization should be used for local configuration of the automagic itself, the context provided during the call is to be populated by the automagic.

Basic initializer that allows configurables to access their own config settings.

build_configuration()

Constructs a HierarchicalDictionary of all the options required to build this component in the current context.

Ensures that if the class has been created, it can be recreated using the configuration built Inheriting classes must override this to ensure any dependent classes update their configurations too

Return type

HierarchicalDict

property config: volatility3.framework.interfaces.configuration.HierarchicalDict

The Hierarchical configuration Dictionary for this Configurable object.

Return type

HierarchicalDict

property config_path: str

The configuration path on which this configurable lives.

Return type

str

property context: volatility3.framework.interfaces.context.ContextInterface

The context object that this configurable belongs to/configuration is stored in.

Return type

ContextInterface

exclusion_list = []

A list of plugin categories (typically operating systems) which the plugin will not operate on

find_requirements(context, config_path, requirement_root, requirement_type, shortcut=True)[source]

Determines if there is actually an unfulfilled Requirement waiting.

This ensures we do not carry out an expensive search when there is no need for a particular Requirement

Parameters
Return type

List[Tuple[str, RequirementInterface]]

Returns

A list of tuples containing the config_path, sub_config_path and requirement identifying the unsatisfied Requirements

classmethod get_requirements()

Returns a list of RequirementInterface objects required by this object.

Return type

List[RequirementInterface]

classmethod make_subconfig(context, base_config_path, **kwargs)

Convenience function to allow constructing a new randomly generated sub-configuration path, containing each element from kwargs.

Parameters
  • context (ContextInterface) – The context in which to store the new configuration

  • base_config_path (str) – The base configuration path on which to build the new configuration

  • kwargs – Keyword arguments that are used to populate the new configuration path

Returns

The newly generated full configuration path

Return type

str

priority = 10

An ordering to indicate how soon this automagic should be run

classmethod unsatisfied(context, config_path)

Returns a list of the names of all unsatisfied requirements.

Since a satisfied set of requirements will return [], it can be used in tests as follows:

unmet = configurable.unsatisfied(context, config_path)
if unmet:
    raise RuntimeError("Unsatisfied requirements: {}".format(unmet)
Return type

Dict[str, RequirementInterface]

class StackerLayerInterface[source]

Bases: object

Class that takes a lower layer and attempts to build on it.

stack_order determines the order (from low to high) that stacking layers should be attempted lower levels should have lower stack_orders

exclusion_list: List[str] = []

The list operating systems/first-level plugin hierarchy that should exclude this stacker

classmethod stack(context, layer_name, progress_callback=None)[source]

Method to determine whether this builder can operate on the named layer. If so, modify the context appropriately.

Returns the name of any new layer stacked on top of this layer or None. The stacking is therefore strictly linear rather than tree driven.

Configuration options provided by the context are ignored, and defaults are to be used by this method to build a space where possible.

Parameters
  • context (ContextInterface) – Context in which to construct the higher layer

  • layer_name (str) – Name of the layer to stack on top of

  • progress_callback (Optional[Callable[[float, str], None]]) – A callback function to indicate progress through a scan (if one is necessary)

Return type

Optional[DataLayerInterface]

stack_order = 0

The order in which to attempt stacking, the lower the earlier

classmethod stacker_slow_warning()[source]