dissect.target 3.13.dev26__py3-none-any.whl → 3.14__py3-none-any.whl

dissect/target/container.py

@@ -34,6 +34,11 @@ class Container(io.IOBase):
         vs: An optional shorthand to set the underlying volume system, usually set later.
     """
 
+    # Due to lazy importing we generally can't use isinstance(), so we add a short identifying string to each class
+    # This has the added benefit of having a readily available "pretty name" for each implementation
+    __type__: str = None
+    """A short string identifying the type of container."""
+
     def __init__(self, fh: Union[BinaryIO, Path], size: int, vs: VolumeSystem = None):
         self.fh = fh
         self.size = size
@@ -41,7 +46,10 @@ class Container(io.IOBase):
         # Shorthand access to vs
         self.vs = vs
 
-    def __repr__(self):
+        if self.__type__ is None:
+            raise NotImplementedError(f"{self.__class__.__name__} must define __type__")
+
+    def __repr__(self) -> str:
         return f"<{self.__class__.__name__} size={self.size} vs={self.vs}>"
 
     @classmethod

dissect/target/containers/asdf.py

@@ -9,6 +9,8 @@ from dissect.target.container import Container
 
 
 class AsdfContainer(Container):
+    __type__ = "asdf"
+
     def __init__(self, fh: BinaryIO, *args, **kwargs):
         file_container = fh
 

dissect/target/containers/ewf.py

@@ -12,6 +12,8 @@ from dissect.target.container import Container
 class EwfContainer(Container):
     """Expert Witness Disk Image Format"""
 
+    __type__ = "ewf"
+
     def __init__(self, fh: Union[list, BinaryIO, Path], *args, **kwargs):
         fhs = [fh] if not isinstance(fh, list) else fh
         if hasattr(fhs[0], "read"):

dissect/target/containers/hdd.py

@@ -8,6 +8,8 @@ from dissect.target.container import Container
 
 
 class HddContainer(Container):
+    __type__ = "hdd"
+
     def __init__(self, fh: Path, *args, **kwargs):
         if hasattr(fh, "read"):
             raise TypeError("HddContainer can only be opened by path")

dissect/target/containers/hds.py

@@ -9,6 +9,8 @@ from dissect.target.container import Container
 
 
 class HdsContainer(Container):
+    __type__ = "hds"
+
     def __init__(self, fh: Union[BinaryIO, Path], *args, **kwargs):
         f = fh
         if not hasattr(fh, "read"):

dissect/target/containers/qcow2.py

@@ -8,6 +8,8 @@ from dissect.target.container import Container
 
 
 class QCow2Container(Container):
+    __type__ = "qcow2"
+
     def __init__(self, fh: Union[BinaryIO, Path], data_file=None, backing_file=None, *args, **kwargs):
         f = fh
         if not hasattr(fh, "read"):

dissect/target/containers/raw.py

@@ -8,6 +8,8 @@ from dissect.target.container import Container
 
 
 class RawContainer(Container):
+    __type__ = "raw"
+
     def __init__(self, fh: Union[BinaryIO, Path], *args, **kwargs):
         if not hasattr(fh, "read"):
             fh = fh.open("rb")

dissect/target/containers/split.py

@@ -12,6 +12,8 @@ def find_files(path: Path) -> List[Path]:
 
 
 class SplitContainer(Container):
+    __type__ = "split"
+
     def __init__(self, fh: Union[list, BinaryIO, Path], *args, **kwargs):
         self._fhs = []
         self.offsets = [0]

dissect/target/containers/vdi.py

@@ -10,6 +10,8 @@ from dissect.target.container import Container
 class VdiContainer(Container):
     """VirtualBox hard disks"""
 
+    __type__ = "vdi"
+
     def __init__(self, fh: Union[BinaryIO, Path], *args, **kwargs):
         f = fh
         if not hasattr(fh, "read"):

dissect/target/containers/vhd.py

@@ -8,6 +8,8 @@ from dissect.target.container import Container
 
 
 class VhdContainer(Container):
+    __type__ = "vhd"
+
     def __init__(self, fh: Union[BinaryIO, Path], *args, **kwargs):
         f = fh
         if not hasattr(fh, "read"):

dissect/target/containers/vhdx.py

@@ -8,6 +8,8 @@ from dissect.target.container import Container
 
 
 class VhdxContainer(Container):
+    __type__ = "vhdx"
+
     def __init__(self, fh: Union[BinaryIO, Path], *args, **kwargs):
         self.vhdx = vhdx.VHDX(fh)
         super().__init__(fh, self.vhdx.size, *args, **kwargs)

dissect/target/containers/vmdk.py

@@ -10,6 +10,8 @@ from dissect.target.container import Container
 class VmdkContainer(Container):
     """VMWare hard disks"""
 
+    __type__ = "vmdk"
+
     def __init__(self, fh: Union[BinaryIO, Path], *args, **kwargs):
         self.vmdk = vmdk.VMDK(fh)
         super().__init__(fh, self.vmdk.size, *args, **kwargs)

dissect/target/filesystem.py

@@ -5,6 +5,7 @@ import io
 import logging
 import os
 import stat
+import warnings
 from collections import defaultdict
 from typing import (
     TYPE_CHECKING,
@@ -40,12 +41,16 @@ log = logging.getLogger(__name__)
 class Filesystem:
     """Base class for filesystems."""
 
-    __fstype__: str = None
-    """Defines the type of filesystem it is."""
+    # Due to lazy importing we generally can't use isinstance(), so we add a short identifying string to each class
+    # This has the added benefit of having a readily available "pretty name" for each implementation
+    __type__: str = None
+    """A short string identifying the type of filesystem."""
+    __multi_volume__: bool = False
+    """Whether this filesystem supports multiple volumes (disks)."""
 
     def __init__(
         self,
-        volume: Optional[BinaryIO] = None,
+        volume: Optional[Union[BinaryIO, list[BinaryIO]]] = None,
         alt_separator: str = "",
         case_sensitive: bool = True,
     ) -> None:
@@ -53,23 +58,33 @@ class Filesystem:
 
         Args:
             volume: A volume or other file-like object associated with the filesystem.
-            case_sensitive: Defines if the paths in the Filesystem are case sensitive or not.
+            case_sensitive: Defines if the paths in the filesystem are case sensitive or not.
             alt_separator: The alternative separator used to distingish between directories in a path.
 
         Raises:
-            NotImplementedError: When the internal ``__fstype__`` of the class is not defined.
+            NotImplementedError: When the internal ``__type__`` of the class is not defined.
         """
         self.volume = volume
         self.case_sensitive = case_sensitive
         self.alt_separator = alt_separator
-        if self.__fstype__ is None:
-            raise NotImplementedError(f"{self.__class__.__name__} must define __fstype__")
+
+        if self.__type__ is None:
+            raise NotImplementedError(f"{self.__class__.__name__} must define __type__")
 
     def __repr__(self) -> str:
         return f"<{self.__class__.__name__}>"
 
+    @classmethod
+    @property
+    def __fstype__(cls) -> str:
+        warnings.warn(
+            "The __fstype__ attribute is deprecated and will be removed in dissect.target 3.15. Use __type__ instead",
+            category=DeprecationWarning,
+        )
+        return cls.__type__
+
     def path(self, *args) -> fsutil.TargetPath:
-        """Get a specific path from the filesystem."""
+        """Instantiate a new path-like object on this filesystem."""
         return fsutil.TargetPath(self, *args)
 
     @classmethod
@@ -91,7 +106,7 @@ class Filesystem:
         except NotImplementedError:
             raise
         except Exception as e:
-            log.warning("Failed to detect %s filesystem", cls.__fstype__)
+            log.warning("Failed to detect %s filesystem", cls.__type__)
             log.debug("", exc_info=e)
         finally:
             fh.seek(offset)
@@ -112,6 +127,52 @@ class Filesystem:
         """
         raise NotImplementedError()
 
+    @classmethod
+    def detect_id(cls, fh: BinaryIO) -> Optional[bytes]:
+        """Return a filesystem set identifier.
+
+        Only used in filesystems that support multiple volumes (disks) to find all volumes
+        belonging to a single filesystem.
+
+        Args:
+            fh: A file-like object, usually a disk or partition.
+        """
+        if not cls.__multi_volume__:
+            return None
+
+        offset = fh.tell()
+        try:
+            fh.seek(0)
+            return cls._detect_id(fh)
+        except NotImplementedError:
+            raise
+        except Exception as e:
+            log.warning("Failed to detect ID on %s filesystem", cls.__type__)
+            log.debug("", exc_info=e)
+        finally:
+            fh.seek(offset)
+
+        return None
+
+    @staticmethod
+    def _detect_id(fh: BinaryIO) -> Optional[bytes]:
+        """Return a filesystem set identifier.
+
+        This method should be implemented by subclasses of filesystems that support multiple volumes (disks).
+        The position of ``fh`` is guaranteed to be ``0``.
+
+        Args:
+            fh: A file-like object, usually a disk or partition.
+
+        Returns:
+            An identifier that can be used to combine the given ``fh`` with others beloning to the same set.
+        """
+        raise NotImplementedError()
+
+    def iter_subfs(self) -> Iterator[Filesystem]:
+        """Yield possible sub-filesystems."""
+        yield from ()
+
     def get(self, path: str) -> FilesystemEntry:
         """Retrieve a :class:`FilesystemEntry` from the filesystem.
 
@@ -1028,7 +1089,7 @@ class VirtualSymlink(FilesystemEntry):
 
 
 class VirtualFilesystem(Filesystem):
-    __fstype__ = "virtual"
+    __type__ = "virtual"
 
     def __init__(self, **kwargs):
         super().__init__(None, **kwargs)
@@ -1184,7 +1245,7 @@ class VirtualFilesystem(Filesystem):
 
 
 class RootFilesystem(Filesystem):
-    __fstype__ = "root"
+    __type__ = "root"
 
     def __init__(self, target: Target):
         self.target = target
@@ -1448,6 +1509,18 @@ def register(module: str, class_name: str, internal: bool = True) -> None:
     FILESYSTEMS.append(getattr(import_lazy(module), class_name))
 
 
+def is_multi_volume_filesystem(fh: BinaryIO) -> bool:
+    for filesystem in FILESYSTEMS:
+        try:
+            if filesystem.__multi_volume__ and filesystem.detect(fh):
+                return True
+        except ImportError as e:
+            log.info("Failed to import %s", filesystem)
+            log.debug("", exc_info=e)
+
+    return False
+
+
 def open(fh: BinaryIO, *args, **kwargs) -> Filesystem:
     offset = fh.tell()
     fh.seek(0)
@@ -1456,10 +1529,7 @@ def open(fh: BinaryIO, *args, **kwargs) -> Filesystem:
         for filesystem in FILESYSTEMS:
             try:
                 if filesystem.detect(fh):
-                    instance = filesystem(fh, *args, **kwargs)
-                    instance.volume = fh
-
-                    return instance
+                    return filesystem(fh, *args, **kwargs)
             except ImportError as e:
                 log.info("Failed to import %s", filesystem)
                 log.debug("", exc_info=e)
@@ -1469,12 +1539,35 @@ def open(fh: BinaryIO, *args, **kwargs) -> Filesystem:
     raise FilesystemError(f"Failed to open filesystem for {fh}")
 
 
+def open_multi_volume(fhs: list[BinaryIO], *args, **kwargs) -> Filesystem:
+    for filesystem in FILESYSTEMS:
+        try:
+            if not filesystem.__multi_volume__:
+                continue
+
+            volumes = defaultdict(list)
+            for fh in fhs:
+                if not filesystem.detect(fh):
+                    continue
+
+                identifier = filesystem.detect_id(fh)
+                volumes[identifier].append(fh)
+
+            for vols in volumes.values():
+                yield filesystem(vols, *args, **kwargs)
+
+        except ImportError as e:
+            log.info("Failed to import %s", filesystem)
+            log.debug("", exc_info=e)
+
+
 register("ntfs", "NtfsFilesystem")
 register("extfs", "ExtFilesystem")
 register("xfs", "XfsFilesystem")
 register("fat", "FatFilesystem")
 register("ffs", "FfsFilesystem")
 register("vmfs", "VmfsFilesystem")
+register("btrfs", "BtrfsFilesystem")
 register("exfat", "ExfatFilesystem")
 register("squashfs", "SquashFSFilesystem")
 register("zip", "ZipFilesystem")

dissect/target/filesystems/ad1.py

@@ -13,7 +13,7 @@ from dissect.target.helpers import fsutil
 
 
 class AD1Filesystem(Filesystem):
-    __fstype__ = "ad1"
+    __type__ = "ad1"
 
     def __init__(self, fh, *args, **kwargs):
         super().__init__(fh, *args, **kwargs)

dissect/target/filesystems/btrfs.py

@@ -0,0 +1,180 @@
+from __future__ import annotations
+
+from typing import BinaryIO, Iterator, Optional, Union
+
+import dissect.btrfs as btrfs
+from dissect.btrfs.c_btrfs import c_btrfs
+
+from dissect.target.exceptions import (
+    FileNotFoundError,
+    FilesystemError,
+    IsADirectoryError,
+    NotADirectoryError,
+    NotASymlinkError,
+)
+from dissect.target.filesystem import Filesystem, FilesystemEntry
+from dissect.target.helpers import fsutil
+
+
+class BtrfsFilesystem(Filesystem):
+    __type__ = "btrfs"
+    __multi_volume__ = True
+
+    def __init__(self, fh: Union[BinaryIO, list[BinaryIO]], *args, **kwargs):
+        super().__init__(fh, *args, **kwargs)
+        self.btrfs = btrfs.Btrfs(fh)
+        self.subfs = self.open_subvolume()
+        self.subvolume = self.subfs.subvolume
+
+    @staticmethod
+    def _detect(fh: BinaryIO) -> bool:
+        fh.seek(c_btrfs.BTRFS_SUPER_INFO_OFFSET)
+        block = fh.read(4096)
+        magic = int.from_bytes(block[64:72], "little")
+
+        return magic == c_btrfs.BTRFS_MAGIC
+
+    @staticmethod
+    def _detect_id(fh: BinaryIO) -> Optional[bytes]:
+        # First field is csum, followed by fsid
+        fh.seek(c_btrfs.BTRFS_SUPER_INFO_OFFSET + c_btrfs.BTRFS_CSUM_SIZE)
+        return fh.read(c_btrfs.BTRFS_FSID_SIZE)
+
+    def iter_subfs(self) -> Iterator[BtrfsSubvolumeFilesystem]:
+        for subvol in self.btrfs.subvolumes():
+            if subvol.objectid == self.subfs.subvolume.objectid:
+                # Skip the default volume as it's already opened by the main filesystem
+                continue
+            yield self.open_subvolume(subvolid=subvol.objectid)
+
+    def open_subvolume(self, subvol: Optional[str] = None, subvolid: Optional[int] = None) -> BtrfsSubvolumeFilesystem:
+        return BtrfsSubvolumeFilesystem(self, subvol, subvolid)
+
+    def get(self, path: str) -> FilesystemEntry:
+        return self.subfs.get(path)
+
+
+class BtrfsSubvolumeFilesystem(Filesystem):
+    __type__ = "btrfs"
+
+    def __init__(self, fs: BtrfsFilesystem, subvol: Optional[str] = None, subvolid: Optional[int] = None):
+        super().__init__(fs.volume, alt_separator=fs.alt_separator, case_sensitive=fs.case_sensitive)
+        if subvol is not None and subvolid is not None:
+            raise ValueError("Only one of subvol or subvolid is allowed")
+
+        self.fs = fs
+        self.btrfs = fs.btrfs
+        if subvol:
+            self.subvolume = self.btrfs.find_subvolume(subvol)
+        elif subvolid:
+            self.subvolume = self.btrfs.open_subvolume(subvolid)
+        else:
+            self.subvolume = self.btrfs.default_subvolume
+
+    def get(self, path: str) -> FilesystemEntry:
+        return BtrfsFilesystemEntry(self, path, self._get_node(path))
+
+    def _get_node(self, path: str, node: Optional[btrfs.INode] = None) -> btrfs.INode:
+        try:
+            return self.subvolume.get(path, node)
+        except btrfs.FileNotFoundError as e:
+            raise FileNotFoundError(path, cause=e)
+        except btrfs.NotADirectoryError as e:
+            raise NotADirectoryError(path, cause=e)
+        except btrfs.NotASymlinkError as e:
+            raise NotASymlinkError(path, cause=e)
+        except btrfs.Error as e:
+            raise FileNotFoundError(path, cause=e)
+
+
+class BtrfsFilesystemEntry(FilesystemEntry):
+    fs: BtrfsFilesystem
+    entry: btrfs.INode
+
+    def get(self, path: str) -> FilesystemEntry:
+        entry_path = fsutil.join(self.path, path, alt_separator=self.fs.alt_separator)
+        entry = self.fs._get_node(path, self.entry)
+        return BtrfsFilesystemEntry(self.fs, entry_path, entry)
+
+    def open(self) -> BinaryIO:
+        if self.is_dir():
+            raise IsADirectoryError(self.path)
+        return self._resolve().entry.open()
+
+    def _iterdir(self) -> Iterator[btrfs.INode]:
+        if not self.is_dir():
+            raise NotADirectoryError(self.path)
+
+        if self.is_symlink():
+            for entry in self.readlink_ext().iterdir():
+                yield entry
+        else:
+            for name, entry in self.entry.iterdir():
+                if name in (".", ".."):
+                    continue
+
+                yield name, entry
+
+    def iterdir(self) -> Iterator[str]:
+        for name, _ in self._iterdir():
+            yield name
+
+    def scandir(self) -> Iterator[FilesystemEntry]:
+        for name, entry in self._iterdir():
+            entry_path = fsutil.join(self.path, name, alt_separator=self.fs.alt_separator)
+            yield BtrfsFilesystemEntry(self.fs, entry_path, entry)
+
+    def is_dir(self, follow_symlinks: bool = True) -> bool:
+        try:
+            return self._resolve(follow_symlinks=follow_symlinks).entry.is_dir()
+        except FilesystemError:
+            return False
+
+    def is_file(self, follow_symlinks: bool = True) -> bool:
+        try:
+            return self._resolve(follow_symlinks=follow_symlinks).entry.is_file()
+        except FilesystemError:
+            return False
+
+    def is_symlink(self) -> bool:
+        return self.entry.is_symlink()
+
+    def readlink(self) -> str:
+        if not self.is_symlink():
+            raise NotASymlinkError()
+
+        return self.entry.link
+
+    def stat(self, follow_symlinks: bool = True) -> fsutil.stat_result:
+        return self._resolve(follow_symlinks=follow_symlinks).lstat()
+
+    def lstat(self) -> fsutil.stat_result:
+        entry = self.entry
+        node = self.entry.inode
+
+        # mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime
+        st_info = st_info = fsutil.stat_result(
+            [
+                entry.mode,
+                entry.inum,
+                0,
+                node.nlink,
+                entry.uid,
+                entry.gid,
+                entry.size,
+                # timestamp() returns a float which will fill both the integer and float fields
+                entry.atime.timestamp(),
+                entry.mtime.timestamp(),
+                entry.ctime.timestamp(),
+            ]
+        )
+
+        # Set the nanosecond resolution separately
+        st_info.st_atime_ns = entry.atime_ns
+        st_info.st_mtime_ns = entry.mtime_ns
+        st_info.st_ctime_ns = entry.ctime_ns
+
+        # Btrfs has a birth time, called otime
+        st_info.st_birthtime = entry.otime.timestamp()
+
+        return st_info

dissect/target/filesystems/cb.py

@@ -23,7 +23,7 @@ class OS(IntEnum):
 
 
 class CbFilesystem(Filesystem):
-    __fstype__ = "cb"
+    __type__ = "cb"
 
     def __init__(self, session: LiveResponseSession, prefix: str, *args, **kwargs):
         self.session = session
@@ -97,14 +97,14 @@ class CbFilesystemEntry(FilesystemEntry):
         if not self.is_dir():
             raise NotADirectoryError(f"'{self.path}' is not a directory")
 
-        seperator = self.fs.alt_separator or "/"
-        for entry in self.fs.session.list_directory(self.cbpath + seperator):
+        separator = self.fs.alt_separator or "/"
+        for entry in self.fs.session.list_directory(self.cbpath + separator):
             filename = entry["filename"]
             if filename in (".", ".."):
                 continue
 
             path = fsutil.join(self.path, filename, alt_separator=self.fs.alt_separator)
-            cbpath = seperator.join([self.cbpath, filename])
+            cbpath = separator.join([self.cbpath, filename])
             yield CbFilesystemEntry(self.fs, path, entry, cbpath)
 
     def is_dir(self, follow_symlinks: bool = True) -> bool: