dissect.target 3.16.dev31__py3-none-any.whl → 3.16.dev33__py3-none-any.whl

dissect/target/filesystems/tar.py

@@ -60,7 +60,10 @@ class TarFilesystem(Filesystem):
     @staticmethod
     def _detect(fh: BinaryIO) -> bool:
         """Detect a tar file on a given file-like object."""
-        return tarfile.is_tarfile(fh)
+        fh = fsutil.open_decompress(fileobj=fh)
+
+        fh.seek(257)
+        return fh.read(8) in (tarfile.GNU_MAGIC, tarfile.POSIX_MAGIC)
 
     def get(self, path: str, relentry: Optional[FilesystemEntry] = None) -> FilesystemEntry:
         """Returns a TarFilesystemEntry object corresponding to the given path."""

dissect/target/plugins/os/windows/wer.py

@@ -14,69 +14,6 @@ from dissect.target.target import Target
 camel_case_patterns = [re.compile(r"(\S)([A-Z][a-z]+)"), re.compile(r"([a-z0-9])([A-Z])"), re.compile(r"(\w)[.\s](\w)")]
 
 
-def _collect_wer_data(wer_file: Path) -> tuple[list[tuple[str, str]], dict[str, str]]:
-    """Parse data from a .wer file."""
-    record_values = {}
-    record_fields = []
-    key = None
-
-    # Default encoding when no BOM is present
-    encoding = "utf-16-le"
-
-    # If a BOM header is present we can decode it using utf-16
-    with wer_file.open("rb") as fh:
-        if fh.read(len(codecs.BOM)) in (codecs.BOM_UTF16_LE, codecs.BOM_UTF16_BE):
-            encoding = "utf-16"
-
-    for line in wer_file.read_text(encoding).splitlines():
-        if len(line_split := line.rstrip().split("=", 1)) == 2:
-            name, value = line_split
-            record_type = "string"
-
-            # dynamic entry with key and value on separate lines
-            if "].Name" in name and not key:
-                key = value
-                # set key and continue to get value on the next line
-                continue
-
-            # dynamic entry with key and value on the same line
-            elif "]." in name and not key:
-                category, name = name.split(".", 1)
-                key = f"{category.split('[')[0]}{name}"
-
-            if "EventTime" in name:
-                value = wintimestamp(int(value))
-                record_type = "datetime"
-                key = "ts"
-
-            key = _key_to_snake_case(key if key else name)
-
-            record_values[key] = value
-            record_fields.append((record_type, key)) if key != "ts" else record_fields.insert(0, (record_type, key))
-            # reset key necessary for dynamic entries and ts
-            key = None
-
-    return record_fields, record_values
-
-
-def _collect_wer_metadata(metadata_xml_file: Path) -> tuple[list[tuple[str, str]], dict[str, str]]:
-    """Parse data from a metadata .xml file linked to a .wer file."""
-    record_fields = []
-    record_values = {}
-    file = metadata_xml_file.read_text("utf-16")
-
-    tree = ElementTree.fromstring(file)
-    for metadata in tree.iter("WERReportMetadata"):
-        for category in metadata:
-            for value in category:
-                if record_value := value.text.strip("\t\n"):
-                    key = _key_to_snake_case(f"{category.tag}{value.tag}")
-                    record_fields.append(("string", key))
-                    record_values[key] = record_value
-
-    return record_fields, record_values
-
-
 def _create_record_descriptor(record_name: str, record_fields: list[tuple[str, str]]) -> TargetRecordDescriptor:
     record_fields.extend(
         [
@@ -87,12 +24,6 @@ def _create_record_descriptor(record_name: str, record_fields: list[tuple[str, s
     return TargetRecordDescriptor(record_name, record_fields)
 
 
-def _key_to_snake_case(key: str) -> str:
-    for pattern in camel_case_patterns:
-        key = pattern.sub(r"\1_\2", key)
-    return key.lower()
-
-
 class WindowsErrorReportingPlugin(Plugin):
     """Plugin for parsing Windows Error Reporting files."""
 
@@ -116,6 +47,98 @@ class WindowsErrorReportingPlugin(Plugin):
         if not self.wer_files:
             raise UnsupportedPluginError("No Windows Error Reporting directories found.")
 
+    def _sanitize_key(self, key: str) -> str:
+        # Convert camel case to snake case
+        for pattern in camel_case_patterns:
+            key = pattern.sub(r"\1_\2", key)
+
+        # Keep only basic characters in key
+        key = re.sub(r"[^a-zA-Z0-9_]", "", key)
+
+        return key.lower()
+
+    def _collect_wer_data(self, wer_file: Path) -> tuple[list[tuple[str, str]], dict[str, str]]:
+        """Parse data from a .wer file."""
+        record_values = {}
+        record_fields = []
+        key = None
+
+        # Default encoding when no BOM is present
+        encoding = "utf-16-le"
+
+        # If a BOM header is present we can decode it using utf-16
+        with wer_file.open("rb") as fh:
+            if fh.read(len(codecs.BOM)) in (codecs.BOM_UTF16_LE, codecs.BOM_UTF16_BE):
+                encoding = "utf-16"
+
+        for line in wer_file.read_text(encoding).splitlines():
+            if len(line_split := line.rstrip().split("=", 1)) != 2:
+                continue
+
+            name, value = line_split
+            record_type = "string"
+
+            # Dynamic entry with key and value on separate lines
+            if "].Name" in name and not key:
+                key = value
+                # Set key and continue to get value on the next line
+                continue
+
+            # Dynamic entry with key and value on the same line
+            elif "]." in name and not key:
+                category, name = name.split(".", 1)
+                key = f"{category.split('[')[0]}{name}"
+
+            if "EventTime" in name:
+                value = wintimestamp(int(value))
+                record_type = "datetime"
+                key = "ts"
+
+            key = self._sanitize_key(key if key else name)
+            if not key:
+                self.target.log.warning(f"Sanitizing key resulted in empty key, skipping line '{line}'.")
+                key = None
+                continue
+
+            if key in record_values:
+                self.target.log.warning(f"Key does already exist, skipping line '{line}'.")
+                key = None
+                continue
+
+            record_values[key] = value
+            record_fields.append((record_type, key)) if key != "ts" else record_fields.insert(0, (record_type, key))
+            # Reset key necessary for dynamic entries and ts
+            key = None
+
+        return record_fields, record_values
+
+    def _collect_wer_metadata(self, metadata_xml_file: Path) -> tuple[list[tuple[str, str]], dict[str, str]]:
+        """Parse data from a metadata .xml file linked to a .wer file."""
+        record_fields = []
+        record_values = {}
+        file = metadata_xml_file.read_text("utf-16")
+
+        tree = ElementTree.fromstring(file)
+        for metadata in tree.iter("WERReportMetadata"):
+            for category in metadata:
+                for value in category:
+                    if not (record_value := value.text.strip("\t\n")):
+                        continue
+
+                    key = self._sanitize_key(f"{category.tag}{value.tag}")
+                    if not key:
+                        self.target.log.warning(f"Sanitizing key resulted in empty key, skipping value '{value}'.")
+                        continue
+
+                    if key in record_values:
+                        self.target.log.warning(f"Key already exists, skipping value '{value}'.")
+                        continue
+
+                    record_fields.append(("string", key))
+                    record_values[key] = record_value
+
+        return record_fields, record_values
+
     @export(record=DynamicDescriptor(["path", "string", "datetime"]))
     def wer(self) -> Iterator[DynamicDescriptor]:
         """Return information from Windows Error Reporting (WER) files.
@@ -158,13 +181,13 @@ class WindowsErrorReportingPlugin(Plugin):
             for file in files:
                 if file.suffix == ".wer":
                     record_values["wer_file_path"] = file
-                    wer_report_fields, wer_report_values = _collect_wer_data(file)
+                    wer_report_fields, wer_report_values = self._collect_wer_data(file)
                     # make sure wer_report_fields are the first entries in the list
                     record_fields = wer_report_fields + record_fields
                     record_values = record_values | wer_report_values
                 elif ".WERInternalMetadata" in file.suffixes:
                     record_values["metadata_file_path"] = file
-                    metadata_fields, metadata_values = _collect_wer_metadata(file)
+                    metadata_fields, metadata_values = self._collect_wer_metadata(file)
                     record_fields.extend(metadata_fields)
                     record_values = metadata_values | record_values
 

{dissect.target-3.16.dev31.dist-info → dissect.target-3.16.dev33.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.16.dev31
+Version: 3.16.dev33
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.16.dev31.dist-info → dissect.target-3.16.dev33.dist-info}/RECORD

@@ -36,7 +36,7 @@ dissect/target/filesystems/jffs.py,sha256=Ceqa5Em2pepnXMH_XZFmSNjQyWPo1uWTthBFSM
 dissect/target/filesystems/ntfs.py,sha256=fGgCKjdO5GrPC21DDr0SwIxmwR7KruNIqGUzysboirA,7068
 dissect/target/filesystems/smb.py,sha256=uxfcOWwEoDCw8Qpsa94T5Pn-SKd4WXs4OOrzVVI55d8,6406
 dissect/target/filesystems/squashfs.py,sha256=ehzlThXB7n96XUvQnsK5tWLsA9HIxYN-Zxl7aO9D7ts,3921
-dissect/target/filesystems/tar.py,sha256=Tg9XqLJajqxt11wlnDAdkf-ufiJwlGvtkV1oKqeuf8k,5590
+dissect/target/filesystems/tar.py,sha256=kQNhcEDPX005svse039OeR2AGSDigGuGz2AKoVrgg84,5692
 dissect/target/filesystems/vmfs.py,sha256=sRtYBUAKTKcHrjCXqpFJ8GIVU-ERjqxhB2zXBndtcXU,4955
 dissect/target/filesystems/xfs.py,sha256=kIyFGKYlyFYC7H3jaEv-lNKtBW4ZkD92H0WpfGcr1ww,4498
 dissect/target/filesystems/zip.py,sha256=WT1bQhzX_1MXXVZTKrJniae4xqRqMZ8FsfbvhgGQRTQ,4462
@@ -270,7 +270,7 @@ dissect/target/plugins/os/windows/syscache.py,sha256=WBDx6rixaVnCRsJHLLN_9YWoTDb
 dissect/target/plugins/os/windows/tasks.py,sha256=8DRsIAuIJPaH_G18l8RYfnK_WkEqVx2xDJ1FnIc_i0g,5716
 dissect/target/plugins/os/windows/thumbcache.py,sha256=23YjOjTNoE7BYITmg8s9Zs8Wih2e73BkJJEaKlfotcI,4133
 dissect/target/plugins/os/windows/ual.py,sha256=TYF-R46klEa_HHb86UJd6mPrXwHlAMOUTzC0pZ8uiq0,9787
-dissect/target/plugins/os/windows/wer.py,sha256=OId9gnqU-z2D_Xl51J9THWTIegre06QsftWnGz7IQb4,7563
+dissect/target/plugins/os/windows/wer.py,sha256=1kwkBvgmEU1QRCLWVmUFNIWAqXEEGtAj2c8uj0iusOE,8625
 dissect/target/plugins/os/windows/dpapi/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/windows/dpapi/blob.py,sha256=oFhksgx2BAaeAbpPwOM-o0Dw5MKaMLGMF6ETdxIS708,5051
 dissect/target/plugins/os/windows/dpapi/crypto.py,sha256=Xd15dFLYOQtvk9SlkdM1XX0c2vxSj9j4RFEwV70eP5Y,9074
@@ -331,10 +331,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.16.dev31.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.16.dev31.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.16.dev31.dist-info/METADATA,sha256=bQJydAA40PRNfKgAuW4LJCissMW3rELgyfBIyapzadU,11107
-dissect.target-3.16.dev31.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-dissect.target-3.16.dev31.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.16.dev31.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.16.dev31.dist-info/RECORD,,
+dissect.target-3.16.dev33.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.16.dev33.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.16.dev33.dist-info/METADATA,sha256=CslSUR0Z9B6LGdHxl0SzzwC405b76fEMiaTuFa24Myk,11107
+dissect.target-3.16.dev33.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
+dissect.target-3.16.dev33.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.16.dev33.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.16.dev33.dist-info/RECORD,,