dissect.target 3.13.dev26__py3-none-any.whl → 3.14__py3-none-any.whl

dissect/target/loaders/asdf.py

@@ -21,7 +21,7 @@ class AsdfLoader(Loader):
         path = path.resolve()
 
         super().__init__(path)
-        self.asdf = AsdfSnapshot(open(path, "rb"))
+        self.asdf = AsdfSnapshot(path.open("rb"))
 
     @staticmethod
     def detect(path) -> bool:

dissect/target/loaders/log.py

@@ -26,12 +26,12 @@ class LogLoader(Loader):
 
     def map(self, target: Target) -> None:
         self.target = target
-        vfs = VirtualFilesystem(case_sensitive=False)
+        vfs = VirtualFilesystem(case_sensitive=False, alt_separator=target.fs.alt_separator)
         for entry in self.path.parent.glob(self.path.name):
             ext = self.options.get("hint", entry.suffix.lower()).strip(".")
             if (mapping := self.LOGS_DIRS.get(ext, None)) is None:
                 continue
-            mapping = str(Path(mapping).joinpath(entry.name))
+            mapping = str(vfs.path(mapping).joinpath(entry.name))
             vfs.map_file(mapping, str(entry))
         target.filesystems.add(vfs)
         target.fs = vfs

dissect/target/loaders/smb.py

@@ -11,6 +11,7 @@ from urllib.parse import ParseResult, parse_qsl
 from dissect.regf import regf
 from dissect.util import ts
 from impacket.dcerpc.v5 import rpcrt, rrp, scmr, transport
+from impacket.dcerpc.v5.rpcrt import DCERPCException
 from impacket.smbconnection import SessionError, SMBConnection
 
 from dissect.target import Target
@@ -189,18 +190,24 @@ class SmbRegistry(RegistryPlugin):
         return False
 
     def _init_registry(self) -> None:
-        self._svcctl = _connect_rpc(self.conn, "ncacn_np:445[\\pipe\\svcctl]", scmr.MSRPC_UUID_SCMR)
-        self._check_service_status()
+        try:
+            self._svcctl = _connect_rpc(self.conn, "ncacn_np:445[\\pipe\\svcctl]", scmr.MSRPC_UUID_SCMR)
+            self._check_service_status()
 
-        self._winreg = _connect_rpc(self.conn, "ncacn_np:445[\\pipe\\winreg]", rrp.MSRPC_UUID_RRP)
+            self._winreg = _connect_rpc(self.conn, "ncacn_np:445[\\pipe\\winreg]", rrp.MSRPC_UUID_RRP)
 
-        hklm_hive = SmbRegistryHive(self._winreg, "HKEY_LOCAL_MACHINE", rrp.hOpenLocalMachine(self._winreg)["phKey"])
-        hku_hive = SmbRegistryHive(self._winreg, "HKEY_USERS", rrp.hOpenUsers(self._winreg)["phKey"])
+            hklm_hive = SmbRegistryHive(
+                self._winreg, "HKEY_LOCAL_MACHINE", rrp.hOpenLocalMachine(self._winreg)["phKey"]
+            )
+            hku_hive = SmbRegistryHive(self._winreg, "HKEY_USERS", rrp.hOpenUsers(self._winreg)["phKey"])
 
-        self._add_hive("HKLM", hklm_hive, TargetPath(self.target.fs, "HKLM"))
-        self._add_hive("HKU", hku_hive, TargetPath(self.target.fs, "HKU"))
-        self._map_hive("HKEY_LOCAL_MACHINE", hklm_hive)
-        self._map_hive("HKEY_USERS", hku_hive)
+            self._add_hive("HKLM", hklm_hive, TargetPath(self.target.fs, "HKLM"))
+            self._add_hive("HKU", hku_hive, TargetPath(self.target.fs, "HKU"))
+            self._map_hive("HKEY_LOCAL_MACHINE", hklm_hive)
+            self._map_hive("HKEY_USERS", hku_hive)
+        except SessionError:
+            self.target.log.info("Failed to open remote registry, registry will not be available")
+            return  # no registry access, probably no access rights
 
     def _init_users(self) -> None:
         pass
@@ -212,15 +219,18 @@ class SmbRegistry(RegistryPlugin):
         if hasattr(self, "_was_disabled") and self._was_disabled:
             scmr.hRChangeServiceConfigW(self._svcctl, self._svc_handle, dwStartType=0x4)
 
-        if hasattr(self, "_svcctl"):
+        if getattr(self, "_svcctl", None):
             self._svcctl.disconnect()
 
-        if hasattr(self, "_winreg"):
+        if getattr(self, "_winreg", None):
             self._winreg.disconnect()
 
     def _check_service_status(self) -> None:
-        manager_handle = scmr.hROpenSCManagerW(self._svcctl)["lpScHandle"]
-        self._svc_handle = scmr.hROpenServiceW(self._svcctl, manager_handle, "RemoteRegistry")["lpServiceHandle"]
+        try:
+            manager_handle = scmr.hROpenSCManagerW(self._svcctl)["lpScHandle"]
+            self._svc_handle = scmr.hROpenServiceW(self._svcctl, manager_handle, "RemoteRegistry")["lpServiceHandle"]
+        except DCERPCException:
+            return
 
         current_state = scmr.hRQueryServiceStatus(self._svcctl, self._svc_handle)["lpServiceStatus"]["dwCurrentState"]
         if current_state == scmr.SERVICE_STOPPED:

dissect/target/loaders/targetd.py

@@ -186,13 +186,23 @@ if TARGETD_AVAILABLE:
         if namespace := kwargs.get("namespace", None):
             obj = getattr(obj, namespace)
 
+        caller.has_output = True
         if targetd.command == "init":
-            caller.has_output = True
+            caller.output = True
+            return
+
+        if targetd.command == "select":
+            targetd.rpcs.select(*args)
+            caller.output = True
+            return
+
+        if targetd.command == "deselect":
+            targetd.rpcs.deselect()
             caller.output = True
             return
 
         func = getattr(obj, targetd.command)
-        caller.has_output = True
+
         result = func(*args, **kwargs)
         if result is not None:
             if targetd.command == "get":

dissect/target/loaders/vma.py

@@ -14,7 +14,7 @@ class VmaLoader(Loader):
     def __init__(self, path, **kwargs):
         path = path.resolve()
         super().__init__(path)
-        self.vma = vma.VMA(open(path, "rb"))
+        self.vma = vma.VMA(path.open("rb"))
 
     @staticmethod
     def detect(path):

dissect/target/loaders/xva.py

@@ -14,7 +14,7 @@ class XvaLoader(Loader):
     def __init__(self, path, **kwargs):
         path = path.resolve()
         super().__init__(path)
-        self.xva = xva.XVA(open(path, "rb"))
+        self.xva = xva.XVA(path.open("rb"))
 
     @staticmethod
     def detect(path):

dissect/target/plugin.py

@@ -1038,6 +1038,7 @@ def find_plugin_functions(
 
     invalid_funcs = set()
     show_hidden = kwargs.get("show_hidden", False)
+    ignore_load_errors = kwargs.get("ignore_load_errors", False)
 
     for pattern in patterns.split(","):
         # backward compatibility fix for namespace-level plugins (i.e. chrome)
@@ -1071,7 +1072,12 @@ def find_plugin_functions(
                 func = functions[index_name]
 
                 method_name = index_name.split(".")[-1]
-                loaded_plugin_object = load(func)
+                try:
+                    loaded_plugin_object = load(func)
+                except Exception:
+                    if ignore_load_errors:
+                        continue
+                    raise
 
                 # Skip plugins that don't want to be found by wildcards
                 if not show_hidden and not loaded_plugin_object.__findable__:
@@ -1120,7 +1126,13 @@ def find_plugin_functions(
                 invalid_funcs.add(pattern)
 
             for description in plugin_descriptions:
-                loaded_plugin_object = load(description)
+                try:
+                    loaded_plugin_object = load(description)
+                except Exception:
+                    if ignore_load_errors:
+                        continue
+                    raise
+
                 fobject = inspect.getattr_static(loaded_plugin_object, funcname)
 
                 if compatibility and not loaded_plugin_object(target).is_compatible():

dissect/target/plugins/apps/av/sophos.py

@@ -3,7 +3,6 @@ from typing import Iterator
 
 from dissect.sql import sqlite3
 from dissect.util.ts import wintimestamp
-from flow.record.fieldtypes import path
 
 from dissect.target import Target
 from dissect.target.exceptions import UnsupportedPluginError
@@ -105,7 +104,7 @@ class SophosPlugin(Plugin):
                     yield SophosLogRecord(
                         ts=ts,
                         description=details.get("threat_name", details),
-                        path=path.from_windows(path_to_infected_file),
+                        path=self.target.fs.path(path_to_infected_file),
                         _target=self.target,
                     )
                 except Exception as error:

dissect/target/plugins/apps/av/symantec.py

@@ -199,10 +199,9 @@ class SymantecPlugin(Plugin):
 
     def check_compatible(self) -> None:
         for log_file in self.LOGS:
-            if self.target.fs.glob(log_file):
-                break
-        else:
-            raise UnsupportedPluginError("No Symantec SEP logs found")
+            if list(self.target.fs.glob(log_file)):
+                return
+        raise UnsupportedPluginError("No Symantec SEP logs found")
 
     def _fw_cell(self, line: list, cell_id: int) -> str:
         return line[cell_id].decode("utf-8")

dissect/target/plugins/apps/av/trendmicro.py

@@ -2,7 +2,6 @@ from typing import Iterator
 
 from dissect import cstruct
 from dissect.util.ts import from_unix
-from flow.record.fieldtypes import path
 
 from dissect.target import Target
 from dissect.target.exceptions import UnsupportedPluginError
@@ -86,7 +85,7 @@ class TrendMicroPlugin(Plugin):
                 yield TrendMicroWFLogRecord(
                     ts=from_unix(int(cells[9])),
                     threat=cells[2],
-                    path=path.from_windows(cells[6] + cells[7]),
+                    path=self.target.fs.path(cells[6] + cells[7]),
                     lineno=lineno,
                 )
 
@@ -115,7 +114,7 @@ class TrendMicroPlugin(Plugin):
                             remote_ip=entry.remote_ip.strip(b"\x00").decode(self.codepage),
                             port=entry.port,
                             direction=("out" if entry.direction == b"\x01" else "in"),
-                            path=path.from_windows(entry.path.strip(b"\x00").decode(self.codepage)),
+                            path=self.target.fs.path(entry.path.strip(b"\x00").decode(self.codepage)),
                             description=entry.description.strip("\x00"),
                         )
                 except EOFError:

dissect/target/plugins/{browsers → apps/browser}/chrome.py

@@ -1,13 +1,16 @@
 from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import export
-from dissect.target.plugins.browsers.browser import (
+from dissect.target.plugins.apps.browser.browser import (
     GENERIC_DOWNLOAD_RECORD_FIELDS,
     GENERIC_EXTENSION_RECORD_FIELDS,
     GENERIC_HISTORY_RECORD_FIELDS,
     BrowserPlugin,
 )
-from dissect.target.plugins.browsers.chromium import ChromiumMixin
+from dissect.target.plugins.apps.browser.chromium import (
+    CHROMIUM_DOWNLOAD_RECORD_FIELDS,
+    ChromiumMixin,
+)
 
 
 class ChromePlugin(ChromiumMixin, BrowserPlugin):
@@ -27,7 +30,7 @@ class ChromePlugin(ChromiumMixin, BrowserPlugin):
         "Library/Application Support/Google/Chrome/Default",
     ]
     BrowserDownloadRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
-        "browser/chrome/download", GENERIC_DOWNLOAD_RECORD_FIELDS
+        "browser/chrome/download", GENERIC_DOWNLOAD_RECORD_FIELDS + CHROMIUM_DOWNLOAD_RECORD_FIELDS
     )
     BrowserExtensionRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
         "browser/chrome/extension", GENERIC_EXTENSION_RECORD_FIELDS

dissect/target/plugins/{browsers → apps/browser}/chromium.py

@@ -6,14 +6,13 @@ from dissect.sql import sqlite3
 from dissect.sql.exceptions import Error as SQLError
 from dissect.sql.sqlite3 import SQLite3
 from dissect.util.ts import webkittimestamp
-from flow.record.fieldtypes import path
 
 from dissect.target.exceptions import FileNotFoundError, UnsupportedPluginError
 from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
 from dissect.target.helpers.fsutil import TargetPath
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import export
-from dissect.target.plugins.browsers.browser import (
+from dissect.target.plugins.apps.browser.browser import (
     GENERIC_DOWNLOAD_RECORD_FIELDS,
     GENERIC_EXTENSION_RECORD_FIELDS,
     GENERIC_HISTORY_RECORD_FIELDS,
@@ -22,13 +21,19 @@ from dissect.target.plugins.browsers.browser import (
 )
 from dissect.target.plugins.general.users import UserDetails
 
+CHROMIUM_DOWNLOAD_RECORD_FIELDS = [
+    ("uri", "tab_url"),
+    ("uri", "tab_referrer_url"),
+    ("string", "mime_type"),
+]
+
 
 class ChromiumMixin:
     """Mixin class with methods for Chromium-based browsers."""
 
     DIRS = []
     BrowserDownloadRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
-        "browser/chromium/download", GENERIC_DOWNLOAD_RECORD_FIELDS
+        "browser/chromium/download", GENERIC_DOWNLOAD_RECORD_FIELDS + CHROMIUM_DOWNLOAD_RECORD_FIELDS
     )
     BrowserExtensionRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
         "browser/chromium/extension", GENERIC_EXTENSION_RECORD_FIELDS
@@ -117,7 +122,10 @@ class ChromiumMixin:
                 id (string): Record ID.
                 path (string): Download path.
                 url (uri): Download URL.
+                tab_url (string): Tab URL.
+                tab_referrer_url (string): Referrer URL.
                 size (varint): Download file size.
+                mime_type (string): MIME type.
                 state (varint): Download state number.
                 source: (path): The source file of the download record.
         Raises:
@@ -133,11 +141,8 @@ class ChromiumMixin:
                     chain.sort(key=lambda row: row.chain_index)
 
                 for row in db.table("downloads").rows():
-                    download_path = row.target_path
-                    if download_path and self.target.os == "windows":
-                        download_path = path.from_windows(download_path)
-                    elif download_path:
-                        download_path = path.from_posix(download_path)
+                    if download_path := row.target_path:
+                        download_path = self.target.fs.path(download_path)
 
                     url = None
                     download_chain = download_chains.get(row.id)
@@ -151,9 +156,12 @@ class ChromiumMixin:
                         ts_end=webkittimestamp(row.end_time) if row.end_time else None,
                         browser=browser_name,
                         id=row.get("id"),
+                        tab_url=try_idna(row.get("tab_url")),
+                        tab_referrer_url=try_idna(row.get("tab_referrer_url")),
                         path=download_path,
                         url=url,
                         size=row.get("total_bytes"),
+                        mime_type=row.get("mime_type"),
                         state=row.get("state"),
                         source=db_file,
                         _target=self.target,
@@ -204,11 +212,8 @@ class ChromiumMixin:
                         if ts_update:
                             ts_update = webkittimestamp(ts_update)
 
-                        ext_path = extension_data.get("path")
-                        if ext_path and self.target.os == "windows":
-                            ext_path = path.from_windows(ext_path)
-                        elif ext_path:
-                            ext_path = path.from_posix(ext_path)
+                        if ext_path := extension_data.get("path"):
+                            ext_path = self.target.fs.path(ext_path)
 
                         manifest = extension_data.get("manifest")
                         if manifest:

dissect/target/plugins/{browsers → apps/browser}/edge.py

@@ -1,13 +1,16 @@
 from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import export
-from dissect.target.plugins.browsers.browser import (
+from dissect.target.plugins.apps.browser.browser import (
     GENERIC_DOWNLOAD_RECORD_FIELDS,
     GENERIC_EXTENSION_RECORD_FIELDS,
     GENERIC_HISTORY_RECORD_FIELDS,
     BrowserPlugin,
 )
-from dissect.target.plugins.browsers.chromium import ChromiumMixin
+from dissect.target.plugins.apps.browser.chromium import (
+    CHROMIUM_DOWNLOAD_RECORD_FIELDS,
+    ChromiumMixin,
+)
 
 
 class EdgePlugin(ChromiumMixin, BrowserPlugin):
@@ -25,7 +28,7 @@ class EdgePlugin(ChromiumMixin, BrowserPlugin):
         "Library/Application Support/Microsoft Edge/Default",
     ]
     BrowserDownloadRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
-        "browser/edge/download", GENERIC_DOWNLOAD_RECORD_FIELDS
+        "browser/edge/download", GENERIC_DOWNLOAD_RECORD_FIELDS + CHROMIUM_DOWNLOAD_RECORD_FIELDS
     )
     BrowserExtensionRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
         "browser/edge/extension", GENERIC_EXTENSION_RECORD_FIELDS

dissect/target/plugins/{browsers → apps/browser}/firefox.py

@@ -5,13 +5,12 @@ from dissect.sql import sqlite3
 from dissect.sql.exceptions import Error as SQLError
 from dissect.sql.sqlite3 import SQLite3
 from dissect.util.ts import from_unix_ms, from_unix_us
-from flow.record.fieldtypes import path
 
 from dissect.target.exceptions import FileNotFoundError, UnsupportedPluginError
 from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import export
-from dissect.target.plugins.browsers.browser import (
+from dissect.target.plugins.apps.browser.browser import (
     GENERIC_DOWNLOAD_RECORD_FIELDS,
     GENERIC_HISTORY_RECORD_FIELDS,
     BrowserPlugin,
@@ -197,12 +196,9 @@ class FirefoxPlugin(BrowserPlugin):
                         state = content.get("state")
 
                     dest_file_info = annotation.get("downloads/destinationFileURI", {})
-                    download_path = dest_file_info.get("content")
 
-                    if download_path and self.target.os == "windows":
-                        download_path = path.from_windows(download_path)
-                    elif download_path:
-                        download_path = path.from_posix(download_path)
+                    if download_path := dest_file_info.get("content"):
+                        download_path = self.target.fs.path(download_path)
 
                     place = places.get(place_id)
                     url = place.get("url")

dissect/target/plugins/{browsers → apps/browser}/iexplore.py

@@ -2,13 +2,14 @@ from pathlib import Path
 from typing import BinaryIO, Iterator, Tuple
 
 from dissect.esedb import esedb, record, table
+from dissect.esedb.exceptions import KeyNotFoundError
 from dissect.util.ts import wintimestamp
 
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import export
-from dissect.target.plugins.browsers.browser import (
+from dissect.target.plugins.apps.browser.browser import (
     GENERIC_DOWNLOAD_RECORD_FIELDS,
     GENERIC_HISTORY_RECORD_FIELDS,
     BrowserPlugin,
@@ -192,12 +193,21 @@ class InternetExplorerPlugin(BrowserPlugin):
         """
         for user, cache_file, cache in self._iter_cache():
             for container_record in cache.downloads():
-                response_headers = container_record.ResponseHeaders.decode("utf-16-le", errors="ignore")
-                ref_url, mime_type, temp_download_path, down_url, down_path = response_headers.split("\x00")[-6:-1]
+                down_path = None
+                down_url = None
+                ts_end = wintimestamp(container_record.AccessedTime) if container_record.AccessedTime else None
+
+                try:
+                    response_headers = container_record.ResponseHeaders.decode("utf-16-le", errors="ignore")
+                    # Not used here, but [-6:-3] should give: ref_url, mime_type, temp_download_path
+                    down_url, down_path = response_headers.split("\x00")[-3:-1]
+                except (AttributeError, KeyNotFoundError) as e:
+                    self.target.log.error("Error parsing response headers: %s", e)
+                    self.target.log.debug("", exc_info=e)
 
                 yield self.BrowserDownloadRecord(
                     ts_start=None,
-                    ts_end=wintimestamp(container_record.AccessedTime),
+                    ts_end=ts_end,
                     browser="iexplore",
                     id=container_record.EntryId,
                     path=down_path,

dissect/target/plugins/apps/remoteaccess/teamviewer.py

@@ -1,3 +1,4 @@
+import re
 from datetime import datetime
 
 from dissect.target.exceptions import UnsupportedPluginError
@@ -7,6 +8,8 @@ from dissect.target.plugins.apps.remoteaccess.remoteaccess import (
     RemoteAccessRecord,
 )
 
+START_PATTERN = re.compile(r"^(\d{2}|\d{4})/")
+
 
 class TeamviewerPlugin(RemoteAccessPlugin):
     """
@@ -54,30 +57,55 @@ class TeamviewerPlugin(RemoteAccessPlugin):
         for logfile, user in self.logfiles:
             logfile = self.target.fs.path(logfile)
 
-            for line in logfile.open("rt"):
-                line = line.strip()
-
-                # Skip empty lines
-                if not line:
-                    continue
-
-                # Sometimes there are weird, mult-line/pretty print log messages.
-                try:
-                    # should be year (%Y)
-                    int(line[0])
-                except ValueError:
-                    continue
-
-                ts_day, ts_time, description = line.split(" ", 2)
-                ts_time = ts_time.split(".")[0]
-
-                timestamp = datetime.strptime(f"{ts_day} {ts_time}", "%Y/%m/%d %H:%M:%S")
-
-                yield RemoteAccessRecord(
-                    tool="teamviewer",
-                    ts=timestamp,
-                    logfile=str(logfile),
-                    description=description,
-                    _target=self.target,
-                    _user=user,
-                )
+            start_date = None
+            with logfile.open("rt") as file:
+                while True:
+                    try:
+                        line = file.readline()
+                    except UnicodeDecodeError:
+                        continue
+
+                    # End of file, quit while loop
+                    if not line:
+                        break
+
+                    line = line.strip()
+
+                    # Skip empty lines
+                    if not line:
+                        continue
+                    # Older logs first mention the start time and then leave out the year
+                    if line.startswith("Start:"):
+                        start_date = datetime.strptime(line.split()[1], "%Y/%m/%d")
+
+                    # Sometimes there are weird, mult-line/pretty print log messages.
+                    # We only parse the start line which starts with year (%Y/) or month (%m/)
+                    if not re.match(START_PATTERN, line):
+                        continue
+
+                    ts_day, ts_time, description = line.split(" ", 2)
+                    ts_time = ts_time.split(".")[0]
+
+                    # Correct for use of : as millisecond separator
+                    if ts_time.count(":") > 2:
+                        ts_time = ":".join(ts_time.split(":")[:3])
+                    # Correct for missing year in date
+                    if ts_day.count("/") == 1:
+                        if not start_date:
+                            self.target.log.debug("Missing year in log line, skipping line.")
+                            continue
+                        ts_day = f"{start_date.year}/{ts_day}"
+                    # Correct for year if short notation for 2000 is used
+                    if ts_day.count("/") == 2 and len(ts_day.split("/")[0]) == 2:
+                        ts_day = "20" + ts_day
+
+                    timestamp = datetime.strptime(f"{ts_day} {ts_time}", "%Y/%m/%d %H:%M:%S")
+
+                    yield RemoteAccessRecord(
+                        tool="teamviewer",
+                        ts=timestamp,
+                        logfile=str(logfile),
+                        description=description,
+                        _target=self.target,
+                        _user=user,
+                    )

dissect/target/plugins/apps/ssh/opensshd.py

@@ -128,45 +128,46 @@ class SSHServerPlugin(Plugin):
         config = {}
         for key, value in sshd_config.items():
             if isinstance(value, dict):
-                # A match statment, ignore for now
+                # A match statement, ignore for now
                 continue
-            _type, value = self._determine_type_and_value(key, value)
+            _type, _value = _determine_type_and_value(key, value)
 
-            config[key] = value
+            config[key] = _value
             record_fields.append((_type, key))
 
         yield TargetRecordDescriptor("application/openssh/sshd_config", record_fields)(
             mtime=self.sshd_config_path.stat().st_mtime, source=self.sshd_config_path, **config, _target=self.target
         )
 
-    def _determine_type_and_value(self, key: str, value: str) -> tuple[str, Any]:
+
+def _determine_type_and_value(key: str, value: str) -> tuple[str, Any]:
+    _type = "string"
+    _value = value
+
+    _unpack = None
+    if key in SSHD_INTEGER_FIELDS:
+        _type = "varint"
+        _unpack = int
+    elif key in SSHD_BOOLEAN_FIELDS and _value.lower() in SSHD_BOOLEAN_VALUES:
+        _type = "boolean"
+        _unpack = _convert_bool
+    else:
         _type = "string"
-        _value = value
-
-        _unpack = None
-        if key in SSHD_INTEGER_FIELDS:
-            _type = "varint"
-            _unpack = int
-        elif key in SSHD_BOOLEAN_FIELDS and _value.lower() in SSHD_BOOLEAN_VALUES:
-            _type = "boolean"
-            _unpack = _convert_bool
-        else:
-            _type = "string"
-
-        if multiple_fields := (key in SSHD_MULTIPLE_DEFINITIONS_ALLOWED_FIELDS):
-            _value = _value if isinstance(_value, list) else [value]
-
-        try:
-            _value = _convert_function(value, _unpack)
-        except Exception:
-            # Something went wrong, restore default type
-            _type = "string"
-
-        if multiple_fields:
-            # The type can still be a list, so in that case, we append `[]`
-            _type = f"{_type}[]"
-
-        return _type, _value
+
+    if multiple_fields := (key in SSHD_MULTIPLE_DEFINITIONS_ALLOWED_FIELDS):
+        _value = _value if isinstance(_value, list) else [_value]
+
+    try:
+        _value = _convert_function(_value, _unpack)
+    except Exception:
+        # Something went wrong, restore default type
+        _type = "string"
+
+    if multiple_fields:
+        # The type can still be a list, so in that case, we append `[]`
+        _type = f"{_type}[]"
+
+    return _type, _value
 
 
 def _convert_function(value: Union[str, list], unpack_function: Optional[Callable]) -> Union[list[Any], Any]:

dissect/target/plugins/apps/{webservers → webserver}/apache.py

@@ -8,7 +8,7 @@ from typing import Iterator, Optional
 from dissect.target import plugin
 from dissect.target.exceptions import FileNotFoundError, UnsupportedPluginError
 from dissect.target.helpers.fsutil import open_decompress
-from dissect.target.plugins.apps.webservers.webservers import WebserverAccessLogRecord
+from dissect.target.plugins.apps.webserver.webserver import WebserverAccessLogRecord
 from dissect.target.target import Target
 
 COMMON_REGEX = r'(?P<remote_ip>.*?) (?P<remote_logname>.*?) (?P<remote_user>.*?) \[(?P<ts>.*)\] "(?P<method>.*?) (?P<uri>.*?) ?(?P<protocol>HTTP\/.*?)?" (?P<status_code>\d{3}) (?P<bytes_sent>-|\d+)'  # noqa: E501

dissect/target/plugins/apps/{webservers → webserver}/caddy.py

@@ -9,7 +9,7 @@ from dissect.util.ts import from_unix
 from dissect.target import plugin
 from dissect.target.exceptions import FileNotFoundError, UnsupportedPluginError
 from dissect.target.helpers.fsutil import basename, open_decompress
-from dissect.target.plugins.apps.webservers.webservers import WebserverAccessLogRecord
+from dissect.target.plugins.apps.webserver.webserver import WebserverAccessLogRecord
 from dissect.target.target import Target
 
 LOG_FILE_REGEX = re.compile(r"(log|output file) (?P<log_file>.*)( \{)?$")