Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Analysis plugin nsrlsvr: KeyError in plaso/analysis/interface.py

See original GitHub issue

Plaso version:

1.5.0 Release

Operating system Plaso is running on:

XUbuntu 64 bit

Installation method:

Installed from GiFT

Description of problem:

Tagging events using the --analysis nsrlsvr option throws an exception.

Debug output/tracebacks:

The following error is shown in the debug log:

[ERROR] (nsrlsvr   ) PID:XXXXX <analysis_process> <dfvfs.path.os_path_spec.OSPathSpec object at 0xXXXXXXXXXXXX>
Traceback (most recent call last):                                                                                                     
  File "/usr/lib/python2.7/dist-packages/plaso/multi_processing/analysis_process.py", line 138, in _Main                               
    self._analysis_mediator.ProduceAnalysisReport(self._analysis_plugin)                                                               
  File "/usr/lib/python2.7/dist-packages/plaso/analysis/mediator.py", line 95, in ProduceAnalysisReport                                
    analysis_report = plugin.CompileReport(self)                                                                                       
  File "/usr/lib/python2.7/dist-packages/plaso/analysis/interface.py", line 280, in CompileReport                                      
    hash_analysis)                                                                                                                     
  File "/usr/lib/python2.7/dist-packages/plaso/analysis/interface.py", line 187, in _HandleHashAnalysis                                
    event_uuids = self._event_uuids_by_pathspec.pop(pathspec)                                                                          
KeyError: <dfvfs.path.os_path_spec.OSPathSpec object at 0xXXXXXXXXXXXX>

Source data:

The exception is caused by popping from _event_uuids_by_pathspec. This is a defaultdict, so retrieving an unexisting entry from the dict using the key would be no problem. A pop() is, though.

Problem can be fixed by catching a KeyError on line 187 of plaso/analysis/interface.py and set event_uuids to an empty list.

  try:
    event_uuids = self._event_uuids_by_pathspec.pop(pathspec)
  except KeyError:
    event_uuids = []

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:9 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
joachimmetzcommented, Oct 15, 2016
0reactions
joachimmetzcommented, Oct 22, 2016

changes merged

Read more comments on GitHub >

github_iconTop Results From Across the Web

plaso.analysis package
Analysis plugin to gather information about Chrome extensions. ... KeyError – if an analysis plugin class is not set for the corresponding name....
Read more >
Plaso Documentation - Read the Docs
Raises KeyError – if an analysis plugin class is not set for the ... Analysis plugin to look up files in nsrlsvr and...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Analysis plugin nsrlsvr: Incorrect results

Next page

Plaso hangs with error "IndexError: pop from empty list"