dissect.target 3.14.dev29__py3-none-any.whl → 3.15__py3-none-any.whl

Sign up to get free protection for your applications and to get access to all the features.
Files changed (86) hide show
  1. dissect/target/containers/ewf.py +1 -1
  2. dissect/target/containers/vhd.py +5 -2
  3. dissect/target/filesystem.py +36 -18
  4. dissect/target/filesystems/dir.py +10 -4
  5. dissect/target/filesystems/jffs.py +122 -0
  6. dissect/target/helpers/compat/path_310.py +506 -0
  7. dissect/target/helpers/compat/path_311.py +539 -0
  8. dissect/target/helpers/compat/path_312.py +443 -0
  9. dissect/target/helpers/compat/path_39.py +545 -0
  10. dissect/target/helpers/compat/path_common.py +223 -0
  11. dissect/target/helpers/cyber.py +512 -0
  12. dissect/target/helpers/fsutil.py +128 -666
  13. dissect/target/helpers/hashutil.py +17 -57
  14. dissect/target/helpers/keychain.py +9 -3
  15. dissect/target/helpers/loaderutil.py +1 -1
  16. dissect/target/helpers/mount.py +47 -4
  17. dissect/target/helpers/polypath.py +73 -0
  18. dissect/target/helpers/record_modifier.py +100 -0
  19. dissect/target/loader.py +2 -1
  20. dissect/target/loaders/asdf.py +2 -0
  21. dissect/target/loaders/cyber.py +37 -0
  22. dissect/target/loaders/log.py +14 -3
  23. dissect/target/loaders/raw.py +2 -0
  24. dissect/target/loaders/remote.py +12 -0
  25. dissect/target/loaders/tar.py +13 -0
  26. dissect/target/loaders/targetd.py +2 -0
  27. dissect/target/loaders/velociraptor.py +12 -3
  28. dissect/target/loaders/vmwarevm.py +2 -0
  29. dissect/target/plugin.py +272 -143
  30. dissect/target/plugins/apps/ssh/openssh.py +11 -54
  31. dissect/target/plugins/apps/ssh/opensshd.py +4 -3
  32. dissect/target/plugins/apps/ssh/putty.py +236 -0
  33. dissect/target/plugins/apps/ssh/ssh.py +58 -0
  34. dissect/target/plugins/apps/vpn/openvpn.py +6 -0
  35. dissect/target/plugins/apps/webserver/apache.py +309 -95
  36. dissect/target/plugins/apps/webserver/caddy.py +5 -2
  37. dissect/target/plugins/apps/webserver/citrix.py +82 -0
  38. dissect/target/plugins/apps/webserver/iis.py +9 -12
  39. dissect/target/plugins/apps/webserver/nginx.py +5 -2
  40. dissect/target/plugins/apps/webserver/webserver.py +25 -41
  41. dissect/target/plugins/child/wsl.py +1 -1
  42. dissect/target/plugins/filesystem/ntfs/mft.py +10 -0
  43. dissect/target/plugins/filesystem/ntfs/mft_timeline.py +10 -0
  44. dissect/target/plugins/filesystem/ntfs/usnjrnl.py +10 -0
  45. dissect/target/plugins/filesystem/ntfs/utils.py +28 -5
  46. dissect/target/plugins/filesystem/resolver.py +6 -4
  47. dissect/target/plugins/general/default.py +0 -2
  48. dissect/target/plugins/general/example.py +0 -1
  49. dissect/target/plugins/general/loaders.py +3 -5
  50. dissect/target/plugins/os/unix/_os.py +3 -3
  51. dissect/target/plugins/os/unix/bsd/citrix/_os.py +68 -28
  52. dissect/target/plugins/os/unix/bsd/citrix/history.py +130 -0
  53. dissect/target/plugins/os/unix/generic.py +17 -12
  54. dissect/target/plugins/os/unix/linux/fortios/__init__.py +0 -0
  55. dissect/target/plugins/os/unix/linux/fortios/_os.py +534 -0
  56. dissect/target/plugins/os/unix/linux/fortios/generic.py +30 -0
  57. dissect/target/plugins/os/unix/linux/fortios/locale.py +109 -0
  58. dissect/target/plugins/os/windows/log/evt.py +1 -1
  59. dissect/target/plugins/os/windows/log/schedlgu.py +155 -0
  60. dissect/target/plugins/os/windows/regf/firewall.py +1 -1
  61. dissect/target/plugins/os/windows/regf/shimcache.py +1 -1
  62. dissect/target/plugins/os/windows/regf/trusteddocs.py +1 -1
  63. dissect/target/plugins/os/windows/registry.py +1 -1
  64. dissect/target/plugins/os/windows/sam.py +3 -0
  65. dissect/target/plugins/os/windows/sru.py +41 -28
  66. dissect/target/plugins/os/windows/tasks.py +5 -2
  67. dissect/target/target.py +7 -3
  68. dissect/target/tools/dd.py +7 -1
  69. dissect/target/tools/fs.py +8 -1
  70. dissect/target/tools/info.py +22 -16
  71. dissect/target/tools/mount.py +28 -3
  72. dissect/target/tools/query.py +146 -117
  73. dissect/target/tools/reg.py +21 -16
  74. dissect/target/tools/shell.py +30 -6
  75. dissect/target/tools/utils.py +28 -0
  76. dissect/target/volumes/bde.py +14 -10
  77. dissect/target/volumes/luks.py +18 -10
  78. {dissect.target-3.14.dev29.dist-info → dissect.target-3.15.dist-info}/METADATA +4 -3
  79. {dissect.target-3.14.dev29.dist-info → dissect.target-3.15.dist-info}/RECORD +85 -67
  80. dissect/target/plugins/os/unix/linux/fortigate/_os.py +0 -175
  81. /dissect/target/{plugins/os/unix/linux/fortigate → helpers/compat}/__init__.py +0 -0
  82. {dissect.target-3.14.dev29.dist-info → dissect.target-3.15.dist-info}/COPYRIGHT +0 -0
  83. {dissect.target-3.14.dev29.dist-info → dissect.target-3.15.dist-info}/LICENSE +0 -0
  84. {dissect.target-3.14.dev29.dist-info → dissect.target-3.15.dist-info}/WHEEL +0 -0
  85. {dissect.target-3.14.dev29.dist-info → dissect.target-3.15.dist-info}/entry_points.txt +0 -0
  86. {dissect.target-3.14.dev29.dist-info → dissect.target-3.15.dist-info}/top_level.txt +0 -0
@@ -19,7 +19,7 @@ class EwfContainer(Container):
19
19
  if hasattr(fhs[0], "read"):
20
20
  self.ewf = EWF(fhs)
21
21
  else:
22
- self.ewf = EWF([path.open("rb") for path in find_files(fhs[0])])
22
+ self.ewf = EWF(find_files(fhs[0]))
23
23
 
24
24
  self._stream = self.ewf.open()
25
25
  super().__init__(fh, self.ewf.size, *args, **kwargs)
@@ -20,8 +20,11 @@ class VhdContainer(Container):
20
20
 
21
21
  @staticmethod
22
22
  def _detect_fh(fh: BinaryIO, original: Union[list, BinaryIO]) -> bool:
23
- fh.seek(-512, io.SEEK_END)
24
- return b"conectix" in fh.read(9)
23
+ try:
24
+ fh.seek(-512, io.SEEK_END)
25
+ return b"conectix" in fh.read(9)
26
+ except OSError:
27
+ return False
25
28
 
26
29
  @staticmethod
27
30
  def detect_path(path: Path, original: Union[list, BinaryIO]) -> bool:
@@ -13,7 +13,6 @@ from typing import (
13
13
  BinaryIO,
14
14
  Callable,
15
15
  Iterator,
16
- List,
17
16
  Optional,
18
17
  Type,
19
18
  Union,
@@ -217,7 +216,7 @@ class Filesystem:
217
216
  """
218
217
  return self.get(path).scandir()
219
218
 
220
- def listdir(self, path: str) -> List[str]:
219
+ def listdir(self, path: str) -> list[str]:
221
220
  """List the contents of a directory as strings.
222
221
 
223
222
  Args:
@@ -228,7 +227,7 @@ class Filesystem:
228
227
  """
229
228
  return list(self.iterdir(path))
230
229
 
231
- def listdir_ext(self, path: str) -> List[FilesystemEntry]:
230
+ def listdir_ext(self, path: str) -> list[FilesystemEntry]:
232
231
  """List the contents of a directory as FilesystemEntry's.
233
232
 
234
233
  Args:
@@ -487,7 +486,7 @@ class Filesystem:
487
486
  """
488
487
  return self.get(path).sha256()
489
488
 
490
- def hash(self, path: str, algos: Optional[Union[List[str], List[Callable]]] = None) -> tuple[str]:
489
+ def hash(self, path: str, algos: Optional[Union[list[str], list[Callable]]] = None) -> tuple[str]:
491
490
  """Calculate the digest of the contents of ``path``, using the ``algos`` algorithms.
492
491
 
493
492
  Args:
@@ -574,7 +573,7 @@ class FilesystemEntry:
574
573
  """
575
574
  raise NotImplementedError()
576
575
 
577
- def listdir(self) -> List[str]:
576
+ def listdir(self) -> list[str]:
578
577
  """List the contents of a directory as strings.
579
578
 
580
579
  Returns:
@@ -582,7 +581,7 @@ class FilesystemEntry:
582
581
  """
583
582
  return list(self.iterdir())
584
583
 
585
- def listdir_ext(self) -> List[FilesystemEntry]:
584
+ def listdir_ext(self) -> list[FilesystemEntry]:
586
585
  """List the contents of a directory as FilesystemEntry's.
587
586
 
588
587
  Returns:
@@ -823,7 +822,7 @@ class FilesystemEntry:
823
822
  """
824
823
  return hashutil.sha256(self.open())
825
824
 
826
- def hash(self, algos: Optional[Union[List[str], List[Callable]]] = None) -> tuple[str]:
825
+ def hash(self, algos: Optional[Union[list[str], list[Callable]]] = None) -> tuple[str]:
827
826
  """Calculate the digest of this entry, using the ``algos`` algorithms.
828
827
 
829
828
  Args:
@@ -906,7 +905,7 @@ class VirtualDirectory(FilesystemEntry):
906
905
 
907
906
  def _stat(self) -> fsutil.stat_result:
908
907
  path_addr = fsutil.generate_addr(self.path, alt_separator=self.fs.alt_separator)
909
- return fsutil.stat_result([stat.S_IFDIR, path_addr, id(self.fs), 0, 0, 0, 0, 0, 0, 0])
908
+ return fsutil.stat_result([stat.S_IFDIR, path_addr, id(self.fs), 1, 0, 0, 0, 0, 0, 0])
910
909
 
911
910
  def stat(self, follow_symlinks: bool = True) -> fsutil.stat_result:
912
911
  if self.top:
@@ -928,10 +927,10 @@ class VirtualDirectory(FilesystemEntry):
928
927
  return False
929
928
 
930
929
  def readlink(self) -> str:
931
- raise NotASymlinkError()
930
+ raise NotASymlinkError(self.path)
932
931
 
933
932
  def readlink_ext(self) -> FilesystemEntry:
934
- raise NotASymlinkError()
933
+ raise NotASymlinkError(self.path)
935
934
 
936
935
 
937
936
  class VirtualFileHandle(io.RawIOBase):
@@ -994,10 +993,10 @@ class VirtualFile(FilesystemEntry):
994
993
  return False
995
994
 
996
995
  def readlink(self) -> str:
997
- raise FilesystemError(f"{self.__class__.__name__} does not support symlinks.")
996
+ raise NotASymlinkError(self.path)
998
997
 
999
998
  def readlink_ext(self) -> FilesystemEntry:
1000
- raise FilesystemError(f"{self.__class__.__name__} does not support symlinks.")
999
+ raise NotASymlinkError(self.path)
1001
1000
 
1002
1001
 
1003
1002
  class MappedFile(VirtualFile):
@@ -1073,13 +1072,19 @@ class VirtualSymlink(FilesystemEntry):
1073
1072
  if not follow_symlinks:
1074
1073
  return False
1075
1074
 
1076
- return self.readlink_ext().is_dir()
1075
+ try:
1076
+ return self.readlink_ext().is_dir()
1077
+ except FileNotFoundError:
1078
+ return False
1077
1079
 
1078
1080
  def is_file(self, follow_symlinks: bool = True) -> bool:
1079
1081
  if not follow_symlinks:
1080
1082
  return False
1081
1083
 
1082
- return self.readlink_ext().is_file()
1084
+ try:
1085
+ return self.readlink_ext().is_file()
1086
+ except FileNotFoundError:
1087
+ return False
1083
1088
 
1084
1089
  def is_symlink(self) -> bool:
1085
1090
  return True
@@ -1234,12 +1239,22 @@ class VirtualFilesystem(Filesystem):
1234
1239
  directory.add(entry_name, entry)
1235
1240
 
1236
1241
  def link(self, src: str, dst: str) -> None:
1237
- """Hard link a FilesystemEntry to another location."""
1242
+ """Hard link a FilesystemEntry to another location.
1243
+
1244
+ Args:
1245
+ src: The path to the target of the link.
1246
+ dst: The path to the link.
1247
+ """
1238
1248
  self.map_file_entry(dst, self.get(src))
1239
1249
 
1240
1250
  def symlink(self, src: str, dst: str) -> None:
1241
- """Create a symlink to another location."""
1242
- src = fsutil.normalize(src, alt_separator=self.alt_separator).strip("/")
1251
+ """Create a symlink to another location.
1252
+
1253
+ Args:
1254
+ src: The path to the target of the symlink.
1255
+ dst: The path to the symlink.
1256
+ """
1257
+ src = fsutil.normalize(src, alt_separator=self.alt_separator).rstrip("/")
1243
1258
  dst = fsutil.normalize(dst, alt_separator=self.alt_separator).strip("/")
1244
1259
  self.map_file_entry(dst, VirtualSymlink(self, dst, src))
1245
1260
 
@@ -1471,7 +1486,7 @@ class RootFilesystemEntry(FilesystemEntry):
1471
1486
  def readlink(self) -> str:
1472
1487
  self.fs.target.log.debug("%r::readlink()", self)
1473
1488
  if not self.is_symlink():
1474
- raise FilesystemError(f"Not a link: {self}")
1489
+ raise NotASymlinkError(f"Not a link: {self}")
1475
1490
  return self._exec("readlink")
1476
1491
 
1477
1492
  def stat(self, follow_symlinks: bool = True) -> fsutil.stat_result:
@@ -1533,6 +1548,8 @@ def open(fh: BinaryIO, *args, **kwargs) -> Filesystem:
1533
1548
  except ImportError as e:
1534
1549
  log.info("Failed to import %s", filesystem)
1535
1550
  log.debug("", exc_info=e)
1551
+ except Exception as e:
1552
+ raise FilesystemError(f"Failed to open filesystem for {fh}", cause=e)
1536
1553
  finally:
1537
1554
  fh.seek(offset)
1538
1555
 
@@ -1572,3 +1589,4 @@ register("exfat", "ExfatFilesystem")
1572
1589
  register("squashfs", "SquashFSFilesystem")
1573
1590
  register("zip", "ZipFilesystem")
1574
1591
  register("ad1", "AD1Filesystem")
1592
+ register("jffs", "JFFSFilesystem")
@@ -60,9 +60,12 @@ class DirectoryFilesystemEntry(FilesystemEntry):
60
60
  return self.fs.get(path)
61
61
 
62
62
  def open(self) -> BinaryIO:
63
- if self.is_dir():
64
- raise IsADirectoryError(self.path)
65
- return self._resolve().entry.open("rb")
63
+ try:
64
+ if self.is_dir():
65
+ raise IsADirectoryError(self.path)
66
+ return self._resolve().entry.open("rb")
67
+ except (PermissionError, OSError) as e:
68
+ raise FilesystemError from e
66
69
 
67
70
  def iterdir(self) -> Iterator[str]:
68
71
  if not self.is_dir():
@@ -104,7 +107,10 @@ class DirectoryFilesystemEntry(FilesystemEntry):
104
107
  return False
105
108
 
106
109
  def is_symlink(self) -> bool:
107
- return self.entry.is_symlink()
110
+ try:
111
+ return self.entry.is_symlink()
112
+ except (FilesystemError, OSError):
113
+ return False
108
114
 
109
115
  def readlink(self) -> str:
110
116
  return os.readlink(self.entry) # Python 3.7 compatibility
@@ -0,0 +1,122 @@
1
+ from typing import BinaryIO, Iterator, Optional
2
+
3
+ from dissect.jffs import jffs2
4
+ from dissect.jffs.c_jffs2 import c_jffs2
5
+
6
+ from dissect.target.exceptions import (
7
+ FileNotFoundError,
8
+ FilesystemError,
9
+ IsADirectoryError,
10
+ NotADirectoryError,
11
+ NotASymlinkError,
12
+ )
13
+ from dissect.target.filesystem import Filesystem, FilesystemEntry
14
+ from dissect.target.helpers import fsutil
15
+
16
+
17
+ class JFFSFilesystem(Filesystem):
18
+ __type__ = "jffs"
19
+
20
+ def __init__(self, fh: BinaryIO, *args, **kwargs):
21
+ super().__init__(fh, *args, **kwargs)
22
+ self.jffs2 = jffs2.JFFS2(fh)
23
+
24
+ @staticmethod
25
+ def _detect(fh: BinaryIO) -> bool:
26
+ return int.from_bytes(fh.read(2), "little") in (
27
+ c_jffs2.JFFS2_MAGIC_BITMASK,
28
+ c_jffs2.JFFS2_OLD_MAGIC_BITMASK,
29
+ )
30
+
31
+ def get(self, path: str) -> FilesystemEntry:
32
+ return JFFSFilesystemEntry(self, path, self._get_node(path))
33
+
34
+ def _get_node(self, path: str, node: Optional[jffs2.INode] = None) -> jffs2.INode:
35
+ try:
36
+ return self.jffs2.get(path, node)
37
+ except jffs2.FileNotFoundError as e:
38
+ raise FileNotFoundError(path, cause=e)
39
+ except jffs2.NotADirectoryError as e:
40
+ raise NotADirectoryError(path, cause=e)
41
+ except jffs2.NotASymlinkError as e:
42
+ raise NotASymlinkError(path, cause=e)
43
+ except jffs2.Error as e:
44
+ raise FileNotFoundError(path, cause=e)
45
+
46
+
47
+ class JFFSFilesystemEntry(FilesystemEntry):
48
+ fs: JFFSFilesystem
49
+ entry: jffs2.INode
50
+
51
+ def get(self, path: str) -> FilesystemEntry:
52
+ entry_path = fsutil.join(self.path, path, alt_separator=self.fs.alt_separator)
53
+ entry = self.fs._get_node(path, self.entry)
54
+ return JFFSFilesystemEntry(self.fs, entry_path, entry)
55
+
56
+ def open(self) -> BinaryIO:
57
+ if self.is_dir():
58
+ raise IsADirectoryError(self.path)
59
+ return self._resolve().entry.open()
60
+
61
+ def _iterdir(self) -> Iterator[tuple[str, jffs2.INode]]:
62
+ if not self.is_dir():
63
+ raise NotADirectoryError(self.path)
64
+
65
+ if self.is_symlink():
66
+ yield from self.readlink_ext().iterdir()
67
+ else:
68
+ yield from self.entry.iterdir()
69
+
70
+ def iterdir(self) -> Iterator[str]:
71
+ for name, _ in self._iterdir():
72
+ yield name
73
+
74
+ def scandir(self) -> Iterator[FilesystemEntry]:
75
+ for name, entry in self._iterdir():
76
+ entry_path = fsutil.join(self.path, name, alt_separator=self.fs.alt_separator)
77
+ yield JFFSFilesystemEntry(self.fs, entry_path, entry)
78
+
79
+ def is_dir(self, follow_symlinks: bool = False) -> bool:
80
+ try:
81
+ return self._resolve(follow_symlinks).entry.is_dir()
82
+ except FilesystemError:
83
+ return False
84
+
85
+ def is_file(self, follow_symlinks: bool = False) -> bool:
86
+ try:
87
+ return self._resolve(follow_symlinks).entry.is_file()
88
+ except FilesystemError:
89
+ return False
90
+
91
+ def is_symlink(self) -> bool:
92
+ return self.entry.is_symlink()
93
+
94
+ def readlink(self) -> str:
95
+ if not self.is_symlink():
96
+ raise NotASymlinkError()
97
+
98
+ return self.entry.link
99
+
100
+ def stat(self, follow_symlinks: bool = False) -> fsutil.stat_result:
101
+ return self._resolve(follow_symlinks).lstat()
102
+
103
+ def lstat(self) -> fsutil.stat_result:
104
+ node = self.entry.inode
105
+
106
+ # mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime
107
+ st_info = fsutil.stat_result(
108
+ [
109
+ self.entry.mode,
110
+ self.entry.inum,
111
+ id(self.fs),
112
+ 1, # TODO: properly calculate nlink in dissect.jffs
113
+ node.uid,
114
+ node.gid,
115
+ node.isize,
116
+ self.entry.atime.timestamp(),
117
+ self.entry.mtime.timestamp(),
118
+ self.entry.ctime.timestamp(),
119
+ ]
120
+ )
121
+
122
+ return st_info