dissect.target 3.11.dev4__py3-none-any.whl → 3.11.dev6__py3-none-any.whl

dissect/target/loaders/dir.py

@@ -11,18 +11,27 @@ from dissect.target.plugin import OperatingSystem
 if TYPE_CHECKING:
     from dissect.target import Target
 
+PREFIXES = ["", "fs"]
+
 
 class DirLoader(Loader):
     """Load a directory as a filesystem."""
 
     @staticmethod
     def detect(path: Path) -> bool:
-        return find_dirs(path)[0] is not None
+        return find_entry_path(path) is not None
 
     def map(self, target: Target) -> None:
+        self.path /= find_entry_path(self.path)
         find_and_map_dirs(target, self.path)
 
 
+def find_entry_path(path: Path) -> str | None:
+    for prefix in PREFIXES:
+        if find_dirs(path / prefix)[0] is not None:
+            return prefix
+
+
 def map_dirs(target: Target, dirs: list[Path], os_type: str, **kwargs) -> None:
     """Map directories as filesystems into the given target.
 
@@ -81,7 +90,7 @@ def find_dirs(path: Path) -> tuple[str, list[Path]]:
     if path.is_dir():
         for p in path.iterdir():
             # Look for directories like C or C:
-            if p.is_dir() and is_drive_letter_path(p):
+            if p.is_dir() and (is_drive_letter_path(p) or p.name in ("sysvol", "$rootfs$")):
                 dirs.append(p)
 
                 if not os_type:

dissect/target/plugins/os/windows/task_helpers/tasks_xml.py

@@ -19,11 +19,50 @@ from dissect.target.plugins.os.windows.task_helpers.tasks_records import (
     TimeTriggerRecord,
     TriggerRecord,
 )
-from dissect.target.target import Target
 
 warnings.simplefilter(action="ignore", category=FutureWarning)
 
 
+class ScheduledTasks:
+    def __init__(self, xml_file: TargetPath):
+        try:
+            self.xml_data = self.strip_namespace(ElementTree.fromstring(xml_file.open().read(), forbid_dtd=True))
+        except Exception as e:
+            raise InvalidTaskError(e)
+
+        self.task_path = xml_file
+        self.tasks = self.get_tasks()
+
+    def strip_namespace(self, data: Element) -> Element:
+        """Strip namespace from XML data.
+
+        If the data has a namespace, it will be removed from all the XML tags.
+
+        Args:
+            data: The XML data as an Element object.
+
+        Returns:
+            The XML data with the stripped namespace.
+        """
+        if data.tag.startswith("{"):
+            ns_length = data.tag.find("}")
+            ns = data.tag[0 : ns_length + 1]
+            for element in data.iter():
+                if element.tag.startswith(ns):
+                    element.tag = element.tag[len(ns) :]
+        return data
+
+    def get_tasks(self):
+        tasks = []
+        if self.xml_data.tag == "Task":
+            tasks.append(XmlTask(self.xml_data, self.task_path))
+        else:
+            for task_element in self.xml_data.findall(".//{*}Task"):
+                tasks.append(XmlTask(task_element, self.task_path))
+
+        return tasks
+
+
 class XmlTask:
     """Initialize the XmlTask class for open XML-based task files.
 
@@ -32,13 +71,21 @@ class XmlTask:
         target: the target system.
     """
 
-    def __init__(self, xml_file: TargetPath, target: Target):
-        try:
-            self.xml_data = self.strip_namespace(ElementTree.fromstring(xml_file.open().read(), forbid_dtd=True))
-        except Exception as e:
-            raise InvalidTaskError(e)
+    def __init__(self, task_element: Element, task_path: TargetPath):
+        self.task_path = task_path
+        self.task_element = task_element
+
+        # Properties
+        self.task_name = self.get_element("Properties", attribute="name")
+        self.app_name = self.get_element("Properties", attribute="appName")
+        self.args = self.get_element("Properties", attribute="args")
+        self.start_in = self.get_element("Properties", attribute="startIn")
+        self.comment = self.get_element("Properties", attribute="comment")
+        self.run_as = self.get_element("Properties", attribute="runAs")
+        self.cpassword = self.get_element("Properties", attribute="cpassword")
+        self.enabled = self.get_element("Properties", attribute="enabled")
+        self.action = self.get_element("Properties", attribute="action")
 
-        self.task_path = xml_file
         self.uri = self.get_element("RegistrationInfo/URI")
         self.security_descriptor = self.get_element("RegistrationInfo/SecurityDescriptor")
         self.source = self.get_element("RegistrationInfo/Source")
@@ -88,6 +135,8 @@ class XmlTask:
         # Data
         self.data = self.get_raw("Data")
 
+        self.raw_data = self.get_raw()
+
     def strip_namespace(self, data: Element) -> Element:
         """Strip namespace from XML data.
 
@@ -120,7 +169,7 @@ class XmlTask:
         Returns:
             str: The value of the XML element if found, otherwise None.
         """
-        xml_data = xml_data or self.xml_data
+        xml_data = xml_data or self.task_element
         data = xml_data.find(xml_path)
 
         if data is None:
@@ -130,7 +179,7 @@ class XmlTask:
 
         return data.text
 
-    def get_raw(self, xml_path: str) -> str:
+    def get_raw(self, xml_path: Optional[str] = None) -> str:
         """Get the raw XML data of the specified element.
 
         Args:
@@ -139,9 +188,9 @@ class XmlTask:
         Returns:
             bytes: The raw XML data as string of the element if found, otherwise None.
         """
-        data = self.xml_data.find(xml_path)
+        data = self.task_element.find(xml_path) if xml_path else self.task_element
         if data:
-            return ElementTree.tostring(data, encoding="utf-8")
+            return ElementTree.tostring(data, encoding="utf-8").strip()
 
     def get_triggers(self) -> Iterator[GroupedRecord]:
         """Get the triggers from the XML task data.
@@ -149,7 +198,7 @@ class XmlTask:
         Yields:
             GroupedRecord: The grouped record representing a trigger.
         """
-        for trigger in self.xml_data.findall("Triggers/*"):
+        for trigger in self.task_element.findall("Triggers/*"):
             trigger_type = trigger.tag
             enabled = self.get_element("Enabled", trigger)
             start_boundary = self.get_element("StartBoundary", trigger)
@@ -233,7 +282,7 @@ class XmlTask:
         Yields:
             ActionRecord: The action record representing an action.
         """
-        for action in self.xml_data.findall("Actions/*"):
+        for action in self.task_element.findall("Actions/*"):
             action_type = action.tag
             if action_type == "Exec":
                 command = self.get_element("Actions/Exec/Command")

dissect/target/plugins/os/windows/tasks.py

@@ -7,7 +7,7 @@ from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.record import DynamicDescriptor, TargetRecordDescriptor
 from dissect.target.plugin import Plugin, export
 from dissect.target.plugins.os.windows.task_helpers.tasks_job import AtTask
-from dissect.target.plugins.os.windows.task_helpers.tasks_xml import XmlTask
+from dissect.target.plugins.os.windows.task_helpers.tasks_xml import ScheduledTasks
 from dissect.target.target import Target
 
 warnings.simplefilter(action="ignore", category=FutureWarning)
@@ -25,6 +25,15 @@ TaskRecord = TargetRecordDescriptor(
         ("string", "version"),
         ("string", "description"),
         ("string", "documentation"),
+        ("string", "task_name"),
+        ("string", "app_name"),
+        ("string", "args"),
+        ("string", "start_in"),
+        ("string", "comment"),
+        ("string", "run_as"),
+        ("string", "cpassword"),
+        ("string", "enabled"),
+        ("string", "action"),
         ("string", "principal_id"),
         ("string", "user_id"),
         ("string", "logon_type"),
@@ -59,6 +68,7 @@ TaskRecord = TargetRecordDescriptor(
         ("string", "unified_scheduling_engine"),
         ("string", "disallow_start_on_remote_app_session"),
         ("string", "data"),
+        ("string", "raw_data"),
     ],
 )
 
@@ -119,23 +129,24 @@ class TasksPlugin(Plugin):
         """
         for task_file in self.task_files:
             if not task_file.suffix or task_file.suffix == ".xml":
-                task_object = XmlTask(task_file, self.target)
+                task_objects = ScheduledTasks(task_file).tasks
             else:
-                task_object = AtTask(task_file, self.target)
+                task_objects = [AtTask(task_file, self.target)]
 
-            record_kwargs = {}
-            for attr in TaskRecord.fields.keys():
-                record_kwargs[attr] = getattr(task_object, attr, None)
+            for task_object in task_objects:
+                record_kwargs = {}
+                for attr in TaskRecord.fields.keys():
+                    record_kwargs[attr] = getattr(task_object, attr, None)
 
-            record = TaskRecord(**record_kwargs, _target=self.target)
-            yield record
+                record = TaskRecord(**record_kwargs, _target=self.target)
+                yield record
 
-            # Actions
-            for action in task_object.get_actions():
-                grouped = GroupedRecord("filesystem/windows/task/grouped", [record, action])
-                yield grouped
+                # Actions
+                for action in task_object.get_actions():
+                    grouped = GroupedRecord("filesystem/windows/task/grouped", [record, action])
+                    yield grouped
 
-            # Triggers
-            for trigger in task_object.get_triggers():
-                grouped = GroupedRecord("filesystem/windows/task/grouped", [record, trigger])
-                yield grouped
+                # Triggers
+                for trigger in task_object.get_triggers():
+                    grouped = GroupedRecord("filesystem/windows/task/grouped", [record, trigger])
+                    yield grouped

{dissect.target-3.11.dev4.dist-info → dissect.target-3.11.dev6.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.11.dev4
+Version: 3.11.dev6
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.11.dev4.dist-info → dissect.target-3.11.dev6.dist-info}/RECORD

@@ -57,7 +57,7 @@ dissect/target/loaders/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3
 dissect/target/loaders/ad1.py,sha256=k0bkY0L6NKuQBboua-jM_KgeyIcXAo59NjExDZHMy0o,572
 dissect/target/loaders/asdf.py,sha256=oNmfsMpQw143FW3eeYDGCn4V-t2PC-4oBKs7U5d-DEQ,941
 dissect/target/loaders/cb.py,sha256=pNFk185tfC-PDJjSrTEsdFgnH5DhY-xPXZkwrFMyJ30,3962
-dissect/target/loaders/dir.py,sha256=y-bbLGmHhzjRBEGp9w7mfUcFAIsLy_a6WssqVJy6Lco,4453
+dissect/target/loaders/dir.py,sha256=44eQZsCG0WBm0heZV4uNfOc0EHmudEQFG5q3PJ5IWMQ,4720
 dissect/target/loaders/ewf.py,sha256=6v0ROnXBHp9JiuGjJTBeG_qQQ1rYEUueiILuUcl_PYc,505
 dissect/target/loaders/hyperv.py,sha256=_IOUJEO0BXaCBZ6sjIX0DZTkG9UNW5Vs9VcNHYv073w,5928
 dissect/target/loaders/itunes.py,sha256=69aMTQiiGYpmD_EYSmf9mO1re8C3jAZIEStmwlMxdAk,13146
@@ -215,7 +215,7 @@ dissect/target/plugins/os/windows/services.py,sha256=p2v4z4YM-K3G2cnWIHVyPgsJgfr
 dissect/target/plugins/os/windows/sru.py,sha256=4Vybz3_RJYNbLZXKYGOouUKZNWyOUSgSTf4JAGN2O7w,16808
 dissect/target/plugins/os/windows/startupinfo.py,sha256=foGO8NLLjMCDEUu0x3f_2GX-1dNN-D67WFX_3ykbL_8,3407
 dissect/target/plugins/os/windows/syscache.py,sha256=G3nB3TZpDKNUWXUozlPijkgRWfUmYNXf6IVYj72wAJw,3457
-dissect/target/plugins/os/windows/tasks.py,sha256=vfBsURCmxAQPlDk5TMzdaNtW4uIEbBAx_0crrM9aU24,5256
+dissect/target/plugins/os/windows/tasks.py,sha256=YIFkco-zrUbNukKBQC66jdIYu3r1-J3ZRb_9gnWeQFA,5676
 dissect/target/plugins/os/windows/thumbcache.py,sha256=noIpYTcqPk_zRV-DspSUjkhKoHkqiz0OJGOXPRRt6QQ,4141
 dissect/target/plugins/os/windows/ual.py,sha256=vVGt5eW6axgIupYmJ_j0mAfBSoGmMqjDheLCFR5eGks,9779
 dissect/target/plugins/os/windows/wer.py,sha256=vQBbUfZtgYeKg46hK_-R95aMHkm-AI2QUz3UMzQPwD4,7574
@@ -249,7 +249,7 @@ dissect/target/plugins/os/windows/regf/userassist.py,sha256=u0vOLZiLhGZLCy6L-EoZ
 dissect/target/plugins/os/windows/task_helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/windows/task_helpers/tasks_job.py,sha256=-dCkJnyEiWG9nCK378-GswM5EXelrA_g3zDHLhSQMu0,21199
 dissect/target/plugins/os/windows/task_helpers/tasks_records.py,sha256=vpCyKqLQSzI5ymD1h5P6RncLEE47YtmjDFwKA16dVZ4,4046
-dissect/target/plugins/os/windows/task_helpers/tasks_xml.py,sha256=zWDxYNJ_Hel0w0QdyzLz1YPwq7ahITjm7trotingphk,13347
+dissect/target/plugins/os/windows/task_helpers/tasks_xml.py,sha256=Xyt69OvUteov7rIEYK6b0AhFvN8kUun0k1uIAanCx6A,15250
 dissect/target/tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/tools/build_pluginlist.py,sha256=5fomcuMwsVzcnYx5Htf5f9lSwsLeUUvomLUXNA4t7m4,849
 dissect/target/tools/dd.py,sha256=Nlh2CFOCV0ksxyedFp7BuyoQ3tBFi6rK6UO0_k5GR_8,1758
@@ -270,10 +270,10 @@ dissect/target/volumes/bde.py,sha256=gYGg5yF9MNARwNzEkrEfZmKkxyZW4rhLkpdnPJCbhGk
 dissect/target/volumes/disk.py,sha256=95grSsPt1BLVpKwTclwQYzPFGKTkFFqapIk0RoGWf38,968
 dissect/target/volumes/lvm.py,sha256=_kIB1mdRs1OFhRgoT4VEP5Fv8imQnI7oQ_ie4x710tQ,1814
 dissect/target/volumes/vmfs.py,sha256=mlAJ8278tYaoRjk1u6tFFlCaDQUrVu5ZZE4ikiFvxi8,1707
-dissect.target-3.11.dev4.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.11.dev4.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.11.dev4.dist-info/METADATA,sha256=l47jC7Ke9Oc6nERaHVolbiwpd4asbl6fBLegbyVinI4,10683
-dissect.target-3.11.dev4.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
-dissect.target-3.11.dev4.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.11.dev4.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.11.dev4.dist-info/RECORD,,
+dissect.target-3.11.dev6.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.11.dev6.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.11.dev6.dist-info/METADATA,sha256=sR-MwTH-UuIh5xHWbx51ZFeANVcbNo4AC-8289muhXk,10683
+dissect.target-3.11.dev6.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
+dissect.target-3.11.dev6.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.11.dev6.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.11.dev6.dist-info/RECORD,,