Skip to content

Feature/parquet arrow renderer #1861

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: develop
Choose a base branch
from
Open

Feature/parquet arrow renderer #1861

wants to merge 13 commits into from

Conversation

kyrre
Copy link

@kyrre kyrre commented Jun 27, 2025

This adds Parquet and arrow renderers and closes #1860

kyrre and others added 5 commits June 27, 2025 16:33
@kyrre
add arrow and parquet renderers
50767ff
@kyrre
formatting with ruff
a0b0076
@kyrre
linting
1c78562
@machinelearningdesignpatterns
Fix: Avoid import-time errors if pyarrow is missing
0389596 
- Use string type annotations for pa.* types in Arrow/Parquet renderers.
- Ensure pyarrow dependency is checked only in __init__.
@machinelearningdesignpatterns
fix: handle layerdata to pyarrow conversion
78d5653
ikelos
ikelos reviewed Jun 29, 2025
View reviewed changes
Copy link
Member

@ikelos ikelos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks very much, this looks really nice. I still want to check through a few more bits and pieces, but generally it looks good.

At the moment text_renderer is looking a little full though, I was wondering if you could test whether this still works, if all the new classes are moved into a file like volatility3/plugins/parquet_renderer.py or similar? We should automatically import all python files under plugins, and I believe we do it before we choose any renderers, which means it should still show up in the available options. We'll probably want to make a renderers directory that people can drop things into, this would just allow users to drop in their own renderers (and might therefore act as a good example of how to write new ones when people want).

Anyway, just some thoughts. I'll give it a full review over the coming week and add in any comments of anything else, but I'm really pleased someone else has written a renderer for a very different format finally! Thanks! 5:)

@kyrre
Copy link
Author

kyrre commented Jun 30, 2025

At the moment text_renderer is looking a little full though, I was wondering if you could test whether this still works, if all the new classes are moved into a file like volatility3/plugins/parquet_renderer.py or similar? We should automatically import all python files under plugins, and I believe we do it before we choose any renderers, which means it should still show up in the available options. We'll probably want to make a renderers directory that people can drop things into, this would just allow users to drop in their own renderers (and might therefore act as a good example of how to write new ones when people want).

I really like the structure you're proposing here. However, it does not work at the moment because the plugins are imported after the list of available renderers is generated:

volatility3/volatility3/cli/__init__.py

Lines 109 to 115 in 997f2a4

renderers = dict(
[
(x.name.lower(), x)
for x in framework.class_subclasses(text_renderer.CLIRenderer)
]
)

volatility3/volatility3/cli/__init__.py

Lines 196 to 203 in 997f2a4

parser.add_argument(
"-r",
"--renderer",
metavar="RENDERER",
help=f"Determines how to render the output ({', '.join(list(renderers))})",
default="quick",
choices=list(renderers),
)

and then

volatility3/volatility3/cli/__init__.py

Lines 336 to 338 in 997f2a4

failures = framework.import_files(
volatility3.plugins, True
) # Will not log as console's default level is WARNING

@ikelos
Copy link
Member

ikelos commented Jun 30, 2025 via email

@kyrre
Copy link
Author

kyrre commented Jul 14, 2025
edited
Loading

Ok, thanks for investigating, I'll take a look into it... 5:)

I created a new file in the plugin directory parquet_renderer.py and moved all the code related to the renderers in cli/__init__.py to after the plugins have been imported. What I moved:

  • creating the list of renderers
  • cli parsing and validation for the renderer arg
  • display banner output redirection

How do you feel about this @ikelos - is this something you can work with? I agree that it is cleaner to create a renderer directory, but maybe this is OK for now? 🤔

ikelos
ikelos reviewed Jul 21, 2025
View reviewed changes
Copy link
Member

@ikelos ikelos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry to be so indecisive (and to take so long to rereview it). I think it's much closer and I'm pretty happy with the changes to the main CLI, which is likely the biggest hurdle. The trick now is to get this renderer right (since it'll likely be used as the template for everybody's future renderers). As such, could we try putting it inside of volatility3/plugins/renderers please? I don't think there's any functionality that will decide it's only for renderer OSes, but best to check it now rather than trying to change it later. Other than that and the other comment I posted, I think it could be ready for prime time?

@kyrre
Copy link
Author

kyrre commented Aug 1, 2025
edited
Loading

Sorry to be so indecisive (and to take so long to rereview it). I think it's much closer and I'm pretty happy with the changes to the main CLI, which is likely the biggest hurdle. The trick now is to get this renderer right (since it'll likely be used as the template for everybody's future renderers). As such, could we try putting it inside of volatility3/plugins/renderers please? I don't think there's any functionality that will decide it's only for renderer OSes, but best to check it now rather than trying to change it later. Other than that and the other comment I posted, I think it could be ready for prime time?

I think we should be set! What do you think @ikelos ? Another thing we could add is a test suite perhaps 🤔

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ikelos ikelos ikelos left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add Arrow and Parquet renderers for efficient data export
3 participants
@kyrre @ikelos @machinelearningdesignpatterns