dissect.target 3.13.dev26__py3-none-any.whl → 3.14__py3-none-any.whl

dissect/target/plugins/os/unix/_os.py

@@ -6,11 +6,10 @@ import uuid
 from struct import unpack
 from typing import Iterator, Optional, Union
 
-from flow.record.fieldtypes import posix_path
-
 from dissect.target.filesystem import Filesystem
 from dissect.target.helpers.fsutil import TargetPath
 from dissect.target.helpers.record import UnixUserRecord
+from dissect.target.helpers.utils import parse_options_string
 from dissect.target.plugin import OperatingSystem, OSPlugin, arg, export
 from dissect.target.target import Target
 
@@ -61,7 +60,7 @@ class UnixPlugin(OSPlugin):
                         uid=pwent.get(2),
                         gid=pwent.get(3),
                         gecos=pwent.get(4),
-                        home=posix_path(pwent.get(5)),
+                        home=self.target.fs.path(pwent.get(5)),
                         shell=pwent.get(6),
                         source=passwd_file,
                         _target=self.target,
@@ -177,33 +176,41 @@ class UnixPlugin(OSPlugin):
     def _add_mounts(self) -> None:
         fstab = self.target.fs.path("/etc/fstab")
 
-        volumes_to_mount = [v for v in self.target.volumes if v.fs]
-
-        for dev_id, volume_name, _, mount_point in parse_fstab(fstab, self.target.log):
-            for volume in volumes_to_mount:
+        for dev_id, volume_name, mount_point, _, options in parse_fstab(fstab, self.target.log):
+            opts = parse_options_string(options)
+            subvol = opts.get("subvol", None)
+            subvolid = opts.get("subvolid", None)
+            for fs in self.target.filesystems:
                 fs_id = None
+                fs_subvol = None
+                fs_subvolid = None
+                fs_volume_name = fs.volume.name if fs.volume and not isinstance(fs.volume, list) else None
                 last_mount = None
 
                 if dev_id:
-                    if volume.fs.__fstype__ == "xfs":
-                        fs_id = volume.fs.xfs.uuid
-                    elif volume.fs.__fstype__ == "ext":
-                        fs_id = volume.fs.extfs.uuid
-                        last_mount = volume.fs.extfs.last_mount
-                    elif volume.fs.__fstype__ == "fat":
-                        fs_id = volume.fs.fatfs.volume_id
+                    if fs.__type__ == "xfs":
+                        fs_id = fs.xfs.uuid
+                    elif fs.__type__ == "ext":
+                        fs_id = fs.extfs.uuid
+                        last_mount = fs.extfs.last_mount
+                    elif fs.__type__ == "btrfs":
+                        fs_id = fs.btrfs.uuid
+                        fs_subvol = fs.subvolume.path
+                        fs_subvolid = fs.subvolume.objectid
+                    elif fs.__type__ == "fat":
+                        fs_id = fs.fatfs.volume_id
                         # This normalizes fs_id to comply with libblkid generated UUIDs
                         # This is needed because FAT filesystems don't have a real UUID,
                         # but instead a volume_id which is not case-sensitive
                         fs_id = fs_id[:4].upper() + "-" + fs_id[4:].upper()
 
                 if (
-                    (fs_id and (fs_id == dev_id))
-                    or (volume.name and (volume.name == volume_name))
+                    (fs_id and (fs_id == dev_id and (subvol == fs_subvol or subvolid == fs_subvolid)))
+                    or (fs_volume_name and (fs_volume_name == volume_name))
                     or (last_mount and (last_mount == mount_point))
                 ):
-                    self.target.log.debug("Mounting %s at %s", volume, mount_point)
-                    self.target.fs.mount(mount_point, volume.fs)
+                    self.target.log.debug("Mounting %s (%s) at %s", fs, fs.volume, mount_point)
+                    self.target.fs.mount(mount_point, fs)
 
     def _parse_os_release(self, glob: Optional[str] = None) -> dict[str, str]:
         """Parse files containing Unix version information.
@@ -283,7 +290,7 @@ class UnixPlugin(OSPlugin):
 def parse_fstab(
     fstab: TargetPath,
     log: logging.Logger = log,
-) -> Iterator[tuple[Union[uuid.UUID, str], str, str, str]]:
+) -> Iterator[tuple[Union[uuid.UUID, str], str, str, str, str]]:
     """Parse fstab file and return a generator that streams the details of entries,
     with unsupported FS types and block devices filtered away.
     """
@@ -310,7 +317,7 @@ def parse_fstab(
         if len(entry_parts) != 6:
             continue
 
-        dev, mount_point, fs_type, _, _, _ = entry_parts
+        dev, mount_point, fs_type, options, _, _ = entry_parts
 
         if fs_type in SKIP_FS_TYPES:
             log.warning("Skipped FS type: %s, %s, %s", fs_type, dev, mount_point)
@@ -341,4 +348,4 @@ def parse_fstab(
             except ValueError:
                 pass
 
-        yield dev_id, volume_name, fs_type, mount_point
+        yield dev_id, volume_name, mount_point, fs_type, options

dissect/target/plugins/os/unix/bsd/osx/user.py

@@ -1,8 +1,6 @@
 import plistlib
 from typing import Iterator
 
-from flow.record.fieldtypes import posix_path
-
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
 from dissect.target.helpers.record import create_extended_descriptor
@@ -49,7 +47,7 @@ class UserPlugin(Plugin):
                         password_last_time=account_policy.get("passwordLastSetTime"),
                         failed_login_count=account_policy.get("failedLoginCount"),
                         failed_login_time=account_policy.get("failedLoginTimestamp"),
-                        source=posix_path(user_details.user.source),
+                        source=self.target.fs.path(user_details.user.source),
                         _user=user_details.user,
                         _target=self.target,
                     )

dissect/target/plugins/os/unix/cronjobs.py

@@ -4,7 +4,7 @@ from dissect.target.helpers.record import TargetRecordDescriptor
 from dissect.target.plugin import Plugin, export
 
 CronjobRecord = TargetRecordDescriptor(
-    "linux/cronjob",
+    "unix/cronjob",
     [
         ("string", "minute"),
         ("string", "hour"),
@@ -12,13 +12,13 @@ CronjobRecord = TargetRecordDescriptor(
         ("string", "month"),
         ("string", "weekday"),
         ("string", "user"),
-        ("wstring", "command"),
+        ("string", "command"),
         ("path", "source"),
     ],
 )
 
 EnvironmentVariableRecord = TargetRecordDescriptor(
-    "linux/environmentvariable",
+    "unix/environmentvariable",
     [
         ("string", "key"),
         ("string", "value"),
@@ -31,19 +31,6 @@ class CronjobPlugin(Plugin):
     def check_compatible(self) -> None:
         pass
 
-    def get_record(self, minute, hour, day, month, weekday, usr, cmd, path):
-        return CronjobRecord(
-            minute=minute,
-            hour=hour,
-            day=day,
-            month=month,
-            weekday=weekday,
-            user=usr,
-            command=cmd,
-            source=self.resolver.resolve(path),
-            _target=self.target,
-        )
-
     def parse_crontab(self, file_path):
         for line in file_path.open("rt"):
             line = line.strip()
@@ -93,6 +80,7 @@ class CronjobPlugin(Plugin):
             "/var/spool/cron",
             "/var/spool/cron/crontabs",
             "/etc/cron.d",
+            "/usr/local/etc/cron.d",  # FreeBSD
         ]
         for path in crontab_dirs:
             fspath = self.target.fs.path(path)

dissect/target/plugins/os/unix/{linux/esxi → esxi}/_os.py

@@ -12,7 +12,6 @@ from typing import Any, BinaryIO, Iterator, Optional, TextIO
 from defusedxml import ElementTree
 from dissect.hypervisor.util import vmtar
 from dissect.sql import sqlite3
-from flow.record.fieldtypes import path
 
 try:
     from dissect.hypervisor.util.envelope import Envelope, KeyStore
@@ -25,7 +24,7 @@ from dissect.target.filesystem import Filesystem, VirtualFilesystem
 from dissect.target.filesystems import tar
 from dissect.target.helpers.record import TargetRecordDescriptor
 from dissect.target.plugin import OperatingSystem, arg, export, internal
-from dissect.target.plugins.os.unix.linux._os import LinuxPlugin
+from dissect.target.plugins.os.unix._os import UnixPlugin
 from dissect.target.target import Target
 
 VirtualMachineRecord = TargetRecordDescriptor(
@@ -36,7 +35,7 @@ VirtualMachineRecord = TargetRecordDescriptor(
 )
 
 
-class ESXiPlugin(LinuxPlugin):
+class ESXiPlugin(UnixPlugin):
     """ESXi OS plugin
 
     ESXi partitioning varies between versions. Generally, specific partition numbers have special meaning.
@@ -159,7 +158,7 @@ class ESXiPlugin(LinuxPlugin):
         root = ElementTree.fromstring(inv_file.read_text("utf-8"))
         for entry in root.iter("ConfigEntry"):
             yield VirtualMachineRecord(
-                path=path.from_posix(entry.findtext("vmxCfgPath")),
+                path=self.target.fs.path(entry.findtext("vmxCfgPath")),
                 _target=self.target,
             )
 
@@ -241,7 +240,7 @@ def _mount_filesystems(target: Target, sysvol: Filesystem, cfg: dict[str, str]):
     osdata_fs = None
     locker_fs = None
     for fs in target.filesystems:
-        if fs.__fstype__ == "fat":
+        if fs.__type__ == "fat":
             fs.volume.seek(512)
             magic, uuid1, uuid2, uuid3, uuid4 = struct.unpack("<16sIIH6s", fs.volume.read(32))
             if magic != b"VMWARE FAT16    ":
@@ -273,7 +272,7 @@ def _mount_filesystems(target: Target, sysvol: Filesystem, cfg: dict[str, str]):
                     target.fs.symlink(f"/vmfs/volumes/{fs_uuid}", "/store")
                     target.fs.symlink("/store", "/locker")
 
-        elif fs.__fstype__ == "vmfs":
+        elif fs.__type__ == "vmfs":
             target.fs.mount(f"/vmfs/volumes/{fs.vmfs.uuid}", fs)
             target.fs.symlink(f"/vmfs/volumes/{fs.vmfs.uuid}", f"/vmfs/volumes/{fs.vmfs.label}")
 

dissect/target/plugins/os/unix/generic.py

@@ -20,6 +20,8 @@ class GenericPlugin(Plugin):
 
         last_seen = 0
         for f in var_log.iterdir():
+            if not f.exists():
+                continue
             if f.stat().st_mtime > last_seen:
                 last_seen = f.stat().st_mtime
 
@@ -30,16 +32,18 @@ class GenericPlugin(Plugin):
     def install_date(self) -> Optional[datetime]:
         """Return the likely install date of the operating system."""
 
+        # Although this purports to be a generic function for Unix targets,
+        # these paths are Linux specific.
         files = [
             # Debian
             "/var/log/installer/install-journal.txt",
             "/var/log/installer/syslog",
+            "/var/lib/dpkg/arch",
             # RedHat
             "/root/anaconda-ks.cfg",
             # Generic
             "/etc/hostname",
             "/etc/machine-id",
-            "/var/lib/dpkg/arch",
         ]
         dates = []
 

dissect/target/plugins/os/unix/history.py

@@ -11,7 +11,7 @@ from dissect.target.helpers.record import UnixUserRecord, create_extended_descri
 from dissect.target.plugin import Plugin, export, internal
 
 CommandHistoryRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
-    "linux/history",
+    "unix/history",
     [
         ("datetime", "ts"),
         ("string", "command"),
@@ -35,6 +35,7 @@ class CommandHistoryPlugin(Plugin):
         ("python", ".python_history"),
         ("sqlite", ".sqlite_history"),
         ("zsh", ".zsh_history"),
+        ("ash", ".ash_history"),
     )
 
     def __init__(self, target: Target):

dissect/target/plugins/os/unix/linux/_os.py

@@ -69,13 +69,20 @@ class LinuxPlugin(UnixPlugin, LinuxNetworkManager):
 
     @export(property=True)
     def version(self) -> str:
-        if distrib_description := self._os_release.get("DISTRIB_DESCRIPTION"):
+        distrib_description = self._os_release.get("DISTRIB_DESCRIPTION", "")
+        name = self._os_release.get("NAME", "") or self._os_release.get("DISTRIB_ID", "")
+        version = (
+            self._os_release.get("VERSION", "")
+            or self._os_release.get("VERSION_ID", "")
+            or self._os_release.get("DISTRIB_RELEASE", "")
+        )
+
+        if len(f"{name} {version}") > len(distrib_description):
+            return f"{name} {version}"
+
+        else:
             return distrib_description
 
-        name = self._os_release.get("NAME") or self._os_release.get("DISTRIB_ID")
-        version = self._os_release.get("VERSION") or self._os_release.get("DISTRIB_RELEASE")
-        return f"{name} {version}"
-
     @export(property=True)
     def os(self) -> str:
         return OperatingSystem.LINUX.value

dissect/target/plugins/os/unix/linux/services.py

@@ -0,0 +1,112 @@
+from itertools import chain
+from typing import Iterator
+
+from dissect.target.exceptions import FileNotFoundError, UnsupportedPluginError
+from dissect.target.helpers.record import TargetRecordDescriptor
+from dissect.target.plugin import Plugin, export, internal
+
+RECORD_NAME = "linux/service"
+
+DEFAULT_ELEMENTS = [
+    ("datetime", "ts"),
+    ("string", "type"),
+    ("string", "name"),
+    ("path", "source"),
+]
+
+LinuxServiceRecord = TargetRecordDescriptor(RECORD_NAME, DEFAULT_ELEMENTS)
+
+
+class ServicesPlugin(Plugin):
+    SYSTEMD_PATHS = [
+        "/etc/systemd/system",
+        "/lib/systemd/system",
+        "/usr/lib/systemd/system",
+    ]
+
+    INITD_PATHS = ["/etc/rc.d/init.d", "/etc/init.d"]
+
+    def check_compatible(self) -> None:
+        if not any([self.target.fs.path(p).exists() for p in self.SYSTEMD_PATHS + self.INITD_PATHS]):
+            raise UnsupportedPluginError("No supported service directories found")
+
+    @export(record=LinuxServiceRecord)
+    def services(self) -> Iterator[LinuxServiceRecord]:
+        """Return information about all installed systemd and init.d services.
+
+        References:
+        - https://geeksforgeeks.org/what-is-init-d-in-linux-service-management
+        - http://0pointer.de/blog/projects/systemd-for-admins-3.html
+        - https://www.freedesktop.org/software/systemd/man/systemd.syntax.html
+        """
+
+        return chain(self.systemd(), self.initd())
+
+    @internal
+    def systemd(self) -> Iterator[LinuxServiceRecord]:
+        ignored_suffixes = [".wants", ".requires", ".d"]
+
+        for systemd_path in self.SYSTEMD_PATHS:
+            path = self.target.fs.path(systemd_path)
+            if not path.exists() or not path.is_dir():
+                continue
+
+            for service_file in path.iterdir():
+                if should_ignore_file(service_file.name, ignored_suffixes):
+                    continue
+
+                try:
+                    parsed_file = self.target.config_tree(service_file, as_dict=True)
+                    config = {}
+                    types = []
+                    for segment, configuration in parsed_file.items():
+                        for key, value in configuration.items():
+                            _value = value or None
+                            _key = f"{segment}_{key}"
+                            types.append(("string", _key))
+                            config.update({_key: _value})
+                except FileNotFoundError:
+                    # The service is registered but the symlink is broken.
+                    yield LinuxServiceRecord(
+                        ts=service_file.stat(follow_symlinks=False).st_mtime,
+                        type="systemd",
+                        name=service_file.name,
+                        source=service_file,
+                        _target=self.target,
+                    )
+                    continue
+
+                record = TargetRecordDescriptor(RECORD_NAME, DEFAULT_ELEMENTS + types)
+                yield record(
+                    ts=service_file.stat().st_mtime,
+                    type="systemd",
+                    name=service_file.name,
+                    source=service_file,
+                    **config,
+                    _target=self.target,
+                )
+
+    @internal
+    def initd(self) -> Iterator[LinuxServiceRecord]:
+        ignored_suffixes = ["README"]
+
+        for initd_path in self.INITD_PATHS:
+            path = self.target.fs.path(initd_path)
+
+            if not path.exists():
+                continue
+            for file_ in path.iterdir():
+                if should_ignore_file(file_.name, ignored_suffixes):
+                    continue
+
+                yield LinuxServiceRecord(
+                    ts=file_.stat().st_mtime,
+                    type="initd",
+                    name=file_.name,
+                    source=file_,
+                    _target=self.target,
+                )
+
+
+def should_ignore_file(needle: str, haystack: list) -> bool:
+    return needle.endswith(tuple(haystack))

dissect/target/plugins/os/unix/linux/suse/zypper.py

@@ -28,17 +28,17 @@ class ZypperPlugin(plugin.Plugin):
         Example log format::
 
             2022-12-16 12:56:23|command|root@ec9fa6d67dda|'zypper' 'install' 'unzip'|
-            2022-12-16 12:56:23|install|update-alternatives|1.21.8-1.4|x86_64||repo-oss|b4d6389437e306d6104559c82d09fce15c4486fbc7fd215cc33d265ff729aaf1|  # noqa
+            2022-12-16 12:56:23|install|update-alternatives|1.21.8-1.4|x86_64||repo-oss|b4d6389437e306d6104559c82d09fce15c4486fbc7fd215cc33d265ff729aaf1|
             # 2022-12-16 12:56:23 unzip-6.00-41.1.x86_64.rpm installed ok
             # Additional rpm output:
             # update-alternatives: using /usr/bin/unzip-plain to provide /usr/bin/unzip (unzip) in auto mode
             #
-            2022-12-16 12:56:23|install|unzip|6.00-41.1|x86_64|root@ec9fa6d67dda|repo-oss|d7e42c9d83f97cf3b7eceb4d3fa64e445a33a7a33f387366734c444d5571cb3a|  # noqa
+            2022-12-16 12:56:23|install|unzip|6.00-41.1|x86_64|root@ec9fa6d67dda|repo-oss|d7e42c9d83f97cf3b7eceb4d3fa64e445a33a7a33f387366734c444d5571cb3a|
             2022-12-16 12:57:50|command|root@ec9fa6d67dda|'zypper' 'remove' 'unzip'|
             # 2022-12-16 12:57:50 unzip-6.00-41.1.x86_64 removed ok
             # Additional rpm output:
-            # update-alternatives: warning: alternative /usr/bin/unzipsfx-plain (part of link group unzipsfx) doesn't exist; removing from list of alternatives  # noqa
-            # update-alternatives: warning: alternative /usr/bin/zipgrep-plain (part of link group zipgrep) doesn't exist; removing from list of alternatives  # noqa
+            # update-alternatives: warning: alternative /usr/bin/unzipsfx-plain (part of link group unzipsfx) doesn't exist; removing from list of alternatives
+            # update-alternatives: warning: alternative /usr/bin/zipgrep-plain (part of link group zipgrep) doesn't exist; removing from list of alternatives
             #
             2022-12-16 12:57:50|remove |unzip|6.00-41.1|x86_64|root@ec9fa6d67dda|
             2022-12-16 12:58:49|command|root@ec9fa6d67dda|'zypper' 'install' 'unzip'|

dissect/target/plugins/os/unix/locale.py

@@ -5,7 +5,7 @@ from dissect.target.helpers.record import TargetRecordDescriptor
 from dissect.target.plugin import Plugin, export
 
 UnixKeyboardRecord = TargetRecordDescriptor(
-    "linux/keyboard",
+    "unix/keyboard",
     [
         ("string", "layout"),
         ("string", "model"),
@@ -64,6 +64,8 @@ class LocalePlugin(Plugin):
     @export(property=True)
     def language(self):
         """Get the configured locale(s) of the system."""
+        # Although this purports to be a generic function for Unix targets,
+        # these paths are Linux specific.
         locale_paths = ["/etc/default/locale", "/etc/locale.conf"]
 
         found_languages = []

dissect/target/plugins/os/unix/log/journal.py

@@ -5,7 +5,6 @@ import zstandard
 from dissect.cstruct import Instance, cstruct
 from dissect.util import ts
 from dissect.util.compression import lz4
-from flow.record.fieldtypes import path
 
 from dissect.target import Target
 from dissect.target.exceptions import UnsupportedPluginError
@@ -394,6 +393,8 @@ class JournalPlugin(Plugin):
             - https://github.com/systemd/systemd/blob/9203abf79f1d05fdef9b039e7addf9fc5a27752d/man/systemd.journal-fields.xml
         """  # noqa: E501
 
+        path_function = self.target.fs.path
+
         for _path in self.journal_paths:
             fh = _path.open()
 
@@ -409,7 +410,7 @@ class JournalPlugin(Plugin):
                     message=entry.get("message"),
                     message_id=entry.get("message_id"),
                     priority=get_optional(entry.get("priority"), int),
-                    code_file=get_optional(entry.get("code_file"), path.from_posix),
+                    code_file=get_optional(entry.get("code_file"), path_function),
                     code_line=get_optional(entry.get("code_line"), int),
                     code_func=entry.get("code_func"),
                     errno=get_optional(entry.get("errno"), int),
@@ -427,12 +428,12 @@ class JournalPlugin(Plugin):
                     uid=get_optional(entry.get("uid"), int),
                     gid=get_optional(entry.get("gid"), int),
                     comm=entry.get("comm"),
-                    exe=get_optional(entry.get("exe"), path.from_posix),
+                    exe=get_optional(entry.get("exe"), path_function),
                     cmdline=entry.get("cmdline"),
                     cap_effective=entry.get("cap_effective"),
                     audit_session=get_optional(entry.get("audit_session"), int),
                     audit_loginuid=get_optional(entry.get("audit_loginuid"), int),
-                    systemd_cgroup=get_optional(entry.get("systemd_cgroup"), path.from_posix),
+                    systemd_cgroup=get_optional(entry.get("systemd_cgroup"), path_function),
                     systemd_slice=entry.get("systemd_slice"),
                     systemd_unit=entry.get("systemd_unit"),
                     systemd_user_unit=entry.get("systemd_user_unit"),
@@ -451,8 +452,8 @@ class JournalPlugin(Plugin):
                     kernel_device=entry.get("kernel_device"),
                     kernel_subsystem=entry.get("kernel_subsystem"),
                     udev_sysname=entry.get("udev_sysname"),
-                    udev_devnode=get_optional(entry.get("udev_devnode"), path.from_posix),
-                    udev_devlink=get_optional(entry.get("udev_devlink"), path.from_posix),
+                    udev_devnode=get_optional(entry.get("udev_devnode"), path_function),
+                    udev_devlink=get_optional(entry.get("udev_devlink"), path_function),
                     journal_hostname=entry.get("hostname"),
                     filepath=_path,
                     _target=self.target,

dissect/target/plugins/os/unix/packagemanager.py

@@ -9,7 +9,7 @@ from dissect.target.helpers.record import TargetRecordDescriptor
 from dissect.target.plugin import Plugin, export
 
 PackageManagerLogRecord = TargetRecordDescriptor(
-    "linux/log/packagemanager",
+    "unix/log/packagemanager",
     [
         ("datetime", "ts"),
         ("string", "package_manager"),
@@ -61,7 +61,7 @@ class PackageManagerPlugin(Plugin):
         for entry in self.TOOLS:
             try:
                 self._plugins.append(getattr(self.target, entry))
-            except Exception:  # noqa
+            except Exception:
                 target.log.exception(f"Failed to load tool plugin: {entry}")
 
     def check_compatible(self) -> None:
@@ -77,5 +77,5 @@ class PackageManagerPlugin(Plugin):
 
     @export(record=PackageManagerLogRecord)
     def logs(self) -> Iterator[PackageManagerLogRecord]:
-        """Returns logs from apt, yum and zypper package managers."""
+        """Returns logs from all available Unix package managers."""
         yield from self._func("logs")

dissect/target/plugins/os/unix/shadow.py

@@ -5,7 +5,7 @@ from dissect.target.helpers.record import TargetRecordDescriptor
 from dissect.target.plugin import Plugin, export
 
 UnixShadowRecord = TargetRecordDescriptor(
-    "linux/shadow",
+    "unix/shadow",
     [
         ("string", "name"),
         ("string", "crypt"),

dissect/target/plugins/os/windows/_os.py

@@ -77,7 +77,8 @@ class WindowsPlugin(OSPlugin):
                                             self.target.fs.mount(drive, volume.fs)
                                             break
         except Exception as e:
-            self.target.log.warning("Failed to map drive letters", exc_info=e)
+            self.target.log.warning("Failed to map drive letters")
+            self.target.log.debug("", exc_info=e)
 
     @export(property=True)
     def hostname(self) -> Optional[str]:

dissect/target/plugins/os/windows/amcache.py

@@ -1,7 +1,6 @@
 from datetime import datetime, timezone
 
 from dissect.util.ts import wintimestamp
-from flow.record.fieldtypes import path
 
 from dissect.target.exceptions import RegistryKeyNotFoundError, UnsupportedPluginError
 from dissect.target.helpers import regutil
@@ -220,7 +219,7 @@ class AmcachePluginOldMixin:
                     created_timestamp=parse_win_timestamp(subkey_data.get("created_timestamp")),
                     mtime_regf=subkey.timestamp,
                     reference=int(subkey.name, 16),
-                    path=path.from_windows(subkey_data["full_path"]) if subkey_data.get("full_path") else None,
+                    path=self.target.fs.path(subkey_data["full_path"]) if subkey_data.get("full_path") else None,
                     language_code=subkey_data.get("language_code"),
                     digests=[None, subkey_data["sha1"][-40:] if subkey_data.get("sha1") else None, None],
                     program_id=subkey_data.get("program_id"),
@@ -265,7 +264,7 @@ class AmcachePluginOldMixin:
                         language_code=entry_data.get("LanguageCode"),
                         entry_type=entry_data.get("EntryType"),
                         uninstall_key=entry_data.get("UninstallKey"),
-                        path=path.from_windows(file_path_entry),
+                        path=self.target.fs.path(file_path_entry),
                         product_code=entry_data.get("ProductCode"),
                         package_code=entry_data.get("PackageCode"),
                         msi_package_code=entry_data.get("MsiPackageCode"),
@@ -284,7 +283,7 @@ class AmcachePluginOldMixin:
                         language_code=entry_data.get("LanguageCode"),
                         entry_type=entry_data.get("EntryType"),
                         uninstall_key=entry_data.get("UninstallKey"),
-                        path=path.from_windows(file_entry),
+                        path=self.target.fs.path(file_entry),
                         product_code=entry_data.get("ProductCode"),
                         package_code=entry_data.get("PackageCode"),
                         msi_package_code=entry_data.get("MsiPackageCode"),
@@ -416,7 +415,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
                 program_instance_id=entry_data.get("ProgramInstanceId"),
                 publisher=entry_data.get("Publisher"),
                 registry_key_path=entry_data.get("RegistryKeyPath"),
-                root_dir_path=path.from_windows(entry_data.get("RootDirPath")),
+                root_dir_path=self.target.fs.path(entry_data.get("RootDirPath")),
                 source=entry_data.get("Source"),
                 uninstall_string=entry_data.get("UninstallString"),
                 type=entry_data.get("Type"),
@@ -467,7 +466,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
                 mtime_regf=entry.timestamp,
                 program_id=entry_data.get("ProgramId"),
                 digests=[None, sha1_digest, None],
-                path=path.from_windows(entry_data.get("LowerCaseLongPath")),
+                path=self.target.fs.path(entry_data.get("LowerCaseLongPath")),
                 link_date=parse_win_datetime(entry_data.get("LinkDate")),
                 hash_path=entry_data.get("LongPathHash"),
                 name=entry_data.get("Name"),
@@ -492,8 +491,8 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
 
             yield BinaryAppcompatRecord(
                 mtime_regf=entry.timestamp,
-                driver_name=path.from_windows(entry_data.get("DriverName")),
-                inf=path.from_windows(entry_data.get("Inf")),
+                driver_name=self.target.fs.path(entry_data.get("DriverName")),
+                inf=self.target.fs.path(entry_data.get("Inf")),
                 driver_version=entry_data.get("DriverVersion"),
                 product=entry_data.get("Product"),
                 product_version=entry_data.get("ProductVersion"),
@@ -515,7 +514,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
         for entry in self.read_key_subkeys(key):
             yield ShortcutAppcompatRecord(
                 mtime_regf=entry.timestamp,
-                path=path.from_windows(entry.value("ShortCutPath").value),
+                path=self.target.fs.path(entry.value("ShortCutPath").value),
                 _target=self.target,
             )
 
@@ -637,7 +636,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
                 parts = line.rstrip().split("|")
                 yield AppLaunchAppcompatRecord(
                     ts=datetime.strptime(parts[-1], "%Y-%m-%d %H:%M:%S.%f").replace(tzinfo=timezone.utc),
-                    path=path.from_windows(parts[0]),
+                    path=self.target.fs.path(parts[0]),
                     _target=self.target,
                 )
 

dissect/target/plugins/os/windows/catroot.py

@@ -1,5 +1,5 @@
 from asn1crypto import algos, core
-from flow.record.fieldtypes import digest, path
+from flow.record.fieldtypes import digest
 
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.record import TargetRecordDescriptor
@@ -118,7 +118,7 @@ class CatrootPlugin(Plugin):
 
                             yield CatrootRecord(
                                 digest=fdigest,
-                                hint=path.from_windows(filehint) if filehint else None,
+                                hint=self.target.fs.path(filehint) if filehint else None,
                                 source=f,
                                 _target=self.target,
                             )