Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ELF File Format Parsing #1576

Merged
merged 1 commit into from
Dec 6, 2024
+514 −0
Merged

ELF File Format Parsing #1576

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added test_data/elf-3.tgz
View file
Open in desktop
Binary file not shown.
5 changes: 5 additions & 0 deletions turbinia/config/turbinia_config_tmpl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,11 @@
'programs': ['de.py'],
'docker_image': None,
'timeout': 1200
}, {
'job': 'ElfAnalysisJob',
'programs': ['grep'],
'docker_image': None,
'timeout': 3600
}, {
'job': 'FileArtifactExtractionJob',
'programs': ['image_export'],
Expand Down
5 changes: 5 additions & 0 deletions turbinia/evidence.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1201,6 +1201,11 @@ class BinaryExtraction(CompressedDirectory):
pass


class ElfExtraction(CompressedDirectory):
"""ELF details extracted from evidence."""
pass


class MachoExtraction(CompressedDirectory):
"""Mach-O details extracted from evidence."""
pass
Expand Down
1 change: 1 addition & 0 deletions turbinia/jobs/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
from turbinia.jobs import containerd
from turbinia.jobs import dfdewey
from turbinia.jobs import docker
from turbinia.jobs import elf
from turbinia.jobs import file_system_timeline
from turbinia.jobs import finalize_request
from turbinia.jobs import fsstat
Expand Down
31 changes: 31 additions & 0 deletions turbinia/jobs/elf.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
"""Job to execute elf analysis task."""

from turbinia.evidence import ElfExtraction
from turbinia.evidence import Directory
from turbinia.evidence import RawDisk
from turbinia.evidence import ReportText
from turbinia.jobs import interface
from turbinia.jobs import manager
from turbinia.workers.analysis import elf


class ElfAnalysisJob(interface.TurbiniaJob):
"""ELF analysis job."""

evidence_input = [ElfExtraction]
evidence_output = [ReportText]

NAME = 'ElfAnalysisJob'

def create_tasks(self, evidence):
"""Create task.
Args:
evidence: List of evidence objects to process
Returns:
A list of tasks to schedule.
"""
tasks = [elf.ElfAnalysisTask() for _ in evidence]
return tasks


manager.JobsManager.RegisterJob(ElfAnalysisJob)
2 changes: 2 additions & 0 deletions turbinia/task_utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ class TaskLoader():
'ChromeCredsAnalysisTask',
'DfdeweyTask',
'DockerContainersEnumerationTask',
'ElfAnalysisTask',
'FileArtifactExtractionTask',
'FileSystemTimelineTask',
'FinalizeRequestTask',
Expand Down Expand Up @@ -103,6 +104,7 @@ def get_task(self, task_name):
# Late imports to minimize what loads all Tasks
from turbinia.workers.abort import AbortTask
from turbinia.workers.analysis.chromecreds import ChromeCredsAnalysisTask
from turbinia.workers.analysis.elf import ElfAnalysisTask
from turbinia.workers.analysis.jenkins import JenkinsAnalysisTask
from turbinia.workers.analysis.jupyter import JupyterAnalysisTask
from turbinia.workers.analysis.linux_acct import LinuxAccountAnalysisTask
Expand Down
Loading