dissect.target 3.17.dev35__py3-none-any.whl → 3.17.dev37__py3-none-any.whl

dissect/target/helpers/record_modifier.py

@@ -62,13 +62,16 @@ MODIFIER_MAPPING = {
 
 def _resolve_path_types(target: Target, record: Record) -> Iterator[tuple[str, TargetPath]]:
     for field_name, field_type in record._field_types.items():
-        if not issubclass(field_type, fieldtypes.path):
+        if not issubclass(field_type, (fieldtypes.path, fieldtypes.command)):
             continue
 
         path = getattr(record, field_name, None)
         if path is None:
             continue
 
+        if isinstance(path, fieldtypes.command):
+            path = path.executable
+
         yield field_name, target.resolve(str(path))
 
 

dissect/target/plugins/apps/browser/firefox.py

@@ -18,6 +18,7 @@ from dissect.target.plugin import export
 from dissect.target.plugins.apps.browser.browser import (
     GENERIC_COOKIE_FIELDS,
     GENERIC_DOWNLOAD_RECORD_FIELDS,
+    GENERIC_EXTENSION_RECORD_FIELDS,
     GENERIC_HISTORY_RECORD_FIELDS,
     GENERIC_PASSWORD_RECORD_FIELDS,
     BrowserPlugin,
@@ -43,6 +44,7 @@ try:
 except ImportError:
     HAS_CRYPTO = False
 
+FIREFOX_EXTENSION_RECORD_FIELDS = [("uri", "source_uri"), ("string[]", "optional_permissions")]
 
 log = logging.getLogger(__name__)
 
@@ -76,6 +78,10 @@ class FirefoxPlugin(BrowserPlugin):
         "browser/firefox/download", GENERIC_DOWNLOAD_RECORD_FIELDS
     )
 
+    BrowserExtensionRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
+        "browser/firefox/extension", GENERIC_EXTENSION_RECORD_FIELDS + FIREFOX_EXTENSION_RECORD_FIELDS
+    )
+
     BrowserPasswordRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
         "browser/firefox/password", GENERIC_PASSWORD_RECORD_FIELDS
     )
@@ -305,6 +311,72 @@ class FirefoxPlugin(BrowserPlugin):
             except SQLError as e:
                 self.target.log.warning("Error processing history file: %s", db_file, exc_info=e)
 
+    @export(record=BrowserExtensionRecord)
+    def extensions(self) -> Iterator[BrowserExtensionRecord]:
+        """Return browser extension records for Firefox.
+
+        Yields BrowserExtensionRecord with the following fields::
+            ts_install (datetime): Extension install timestamp.
+            ts_update (datetime): Extension update timestamp.
+            browser (string): The browser from which the records are generated.
+            id (string): Extension unique identifier.
+            name (string): Name of the extension.
+            short_name (string): Short name of the extension.
+            default_title (string): Default title of the extension.
+            description (string): Description of the extension.
+            version (string): Version of the extension.
+            ext_path (path): Relative path of the extension.
+            from_webstore (boolean): Extension from webstore.
+            permissions (string[]): Permissions of the extension.
+            manifest (varint): Version of the extensions' manifest.
+            optional_permissions (string[]): Optional permissions of the extension.
+            source_uri (path): Source path from which the extension was downloaded.
+            source (path): The source file of the download record.
+        """
+        for user, _, profile_dir in self._iter_profiles():
+            extension_file = profile_dir.joinpath("extensions.json")
+
+            if not extension_file.exists():
+                self.target.log.warning(
+                    "No 'extensions.json' addon file found for user %s in directory %s", user, profile_dir
+                )
+                continue
+
+            try:
+                extensions = json.load(extension_file.open())
+
+                for extension in extensions.get("addons", []):
+                    yield self.BrowserExtensionRecord(
+                        ts_install=extension.get("installDate", 0) // 1000,
+                        ts_update=extension.get("updateDate", 0) // 1000,
+                        browser="firefox",
+                        id=extension.get("id"),
+                        name=extension.get("defaultLocale", {}).get("name"),
+                        short_name=None,
+                        default_title=None,
+                        description=extension.get("defaultLocale", {}).get("description"),
+                        version=extension.get("version"),
+                        ext_path=extension.get("path"),
+                        from_webstore=None,
+                        permissions=extension.get("userPermissions", {}).get("permissions"),
+                        manifest_version=extension.get("manifestVersion"),
+                        source_uri=extension.get("sourceURI"),
+                        optional_permissions=extension.get("optionalPermissions", {}).get("permissions"),
+                        source=extension_file,
+                        _target=self.target,
+                        _user=user.user,
+                    )
+
+            except FileNotFoundError:
+                self.target.log.info(
+                    "No 'extensions.json' addon file found for user %s in directory %s", user, profile_dir
+                )
+            except json.JSONDecodeError:
+                self.target.log.warning(
+                    "extensions.json file in directory %s is malformed, consider inspecting the file manually",
+                    profile_dir,
+                )
+
     @export(record=BrowserPasswordRecord)
     def passwords(self) -> Iterator[BrowserPasswordRecord]:
         """Return Firefox browser password records.

dissect/target/plugins/os/windows/regf/runkeys.py

@@ -1,3 +1,5 @@
+from typing import Iterator
+
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.descriptor_extensions import (
     RegistryRecordDescriptorExtension,
@@ -11,7 +13,7 @@ RunKeyRecord = create_extended_descriptor([RegistryRecordDescriptorExtension, Us
     [
         ("datetime", "ts"),
         ("wstring", "name"),
-        ("string", "path"),
+        ("command", "command"),
         ("string", "key"),
     ],
 )
@@ -48,7 +50,7 @@ class RunKeysPlugin(Plugin):
             raise UnsupportedPluginError("No registry run key found")
 
     @export(record=RunKeyRecord)
-    def runkeys(self):
+    def runkeys(self) -> Iterator[RunKeyRecord]:
         """Iterate various run key locations. See source for all locations.
 
         Run keys (Run and RunOnce) are registry keys that make a program run when a user logs on. a Run key runs every
@@ -63,7 +65,7 @@ class RunKeysPlugin(Plugin):
             domain (string): The target domain.
             ts (datetime): The registry key last modified timestamp.
             name (string): The run key name.
-            path (string): The run key path.
+            command (command): The run key command.
             key (string): The source key for this run key.
         """
         for key in self.KEYS:
@@ -73,7 +75,7 @@ class RunKeysPlugin(Plugin):
                     yield RunKeyRecord(
                         ts=r.ts,
                         name=entry.name,
-                        path=entry.value,
+                        command=entry.value,
                         key=key,
                         _target=self.target,
                         _key=r,

{dissect.target-3.17.dev35.dist-info → dissect.target-3.17.dev37.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.17.dev35
+Version: 3.17.dev37
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3
@@ -31,7 +31,7 @@ Requires-Dist: dissect.ntfs <4.0.dev,>=3.4.dev
 Requires-Dist: dissect.regf <4.0.dev,>=3.3.dev
 Requires-Dist: dissect.util <4.0.dev,>=3.0.dev
 Requires-Dist: dissect.volume <4.0.dev,>=3.0.dev
-Requires-Dist: flow.record ~=3.14.0
+Requires-Dist: flow.record ~=3.15.0
 Requires-Dist: structlog
 Provides-Extra: cb
 Requires-Dist: dissect.target[full] ; extra == 'cb'

{dissect.target-3.17.dev35.dist-info → dissect.target-3.17.dev37.dist-info}/RECORD

@@ -62,7 +62,7 @@ dissect/target/helpers/network_managers.py,sha256=uRh_P8ICbKke2N7eFJ6AS2-I5DmIRi
 dissect/target/helpers/polypath.py,sha256=h8p7m_OCNiQljGwoZh5Aflr9H2ot6CZr6WKq1OSw58o,2175
 dissect/target/helpers/protobuf.py,sha256=NwKrZD4q9v7J8GnZX9gbzMUMV5pR78eAV17jgWOz_EY,1730
 dissect/target/helpers/record.py,sha256=lWl7k2Mp9Axllm0tXzPGJx2zj2zONsyY_p5g424T0Lc,4826
-dissect/target/helpers/record_modifier.py,sha256=BiZ_gtqVxuByLWrga1lfglk3X-TcMrJC0quxPpXoIRo,3138
+dissect/target/helpers/record_modifier.py,sha256=3I_rC5jqvl0TsW3V8OQ6Dltz_D8J4PU1uhhzbJGKm9c,3245
 dissect/target/helpers/regutil.py,sha256=kX-sSZbW8Qkg29Dn_9zYbaQrwLumrr4Y8zJ1EhHXIAM,27337
 dissect/target/helpers/shell_folder_ids.py,sha256=Behhb8oh0kMxrEk6YYKYigCDZe8Hw5QS6iK_d2hTs2Y,24978
 dissect/target/helpers/ssh.py,sha256=LPssHXyfL8QYmLi2vpa3wElsGboLG_A1Y8kvOehpUr4,6338
@@ -124,7 +124,7 @@ dissect/target/plugins/apps/browser/browser.py,sha256=rBIwcgdl73gm-8APwx2jEUAYXR
 dissect/target/plugins/apps/browser/chrome.py,sha256=hxS8gqpBwoCrPaxNpllIa6K9DtsSGzn6XXcUaHyes6w,3048
 dissect/target/plugins/apps/browser/chromium.py,sha256=1oaQhMN5mJysw0VIVpTEmRCAifgv-mUQxZwrGmGHqAQ,27875
 dissect/target/plugins/apps/browser/edge.py,sha256=woXzZtHPWmfcV8vbxGKHELKru5JRb32MAXs43_b4K4E,2883
-dissect/target/plugins/apps/browser/firefox.py,sha256=Y8QdSgPZktYy4IF36aI1Jfbw_ucysx82PNljnyUCmRY,27025
+dissect/target/plugins/apps/browser/firefox.py,sha256=Msicw-13AJWbXRRF6m_p4L84rXAjsIYGFRve29cPY2M,30806
 dissect/target/plugins/apps/browser/iexplore.py,sha256=MqMonoaM5lj0ZFqGwS4F-P1eLmnLvX7VQGE9S3hxXag,8739
 dissect/target/plugins/apps/container/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/container/docker.py,sha256=67Eih9AfUbqsP-HlnlwoHi4rSAnVCZWM76sEyO_1m18,15316
@@ -307,7 +307,7 @@ dissect/target/plugins/os/windows/regf/muicache.py,sha256=qoA7S8SiZakIreQqxc_QH1
 dissect/target/plugins/os/windows/regf/nethist.py,sha256=QHbG9fmZNmjSVhrgqMvMo12YBaQedzeToS7ZD9eIJ28,3111
 dissect/target/plugins/os/windows/regf/recentfilecache.py,sha256=Wr6u7SajA9BtUiypztak9ASJZuimOtWfQUAlfvskjMg,1838
 dissect/target/plugins/os/windows/regf/regf.py,sha256=IbLnOurtlprXAo12iYRdw6fv5J45SuMAqt-mXVYaZi4,3357
-dissect/target/plugins/os/windows/regf/runkeys.py,sha256=qX-6xOrgBq7_B00C1BoQtI0Ovzou6Sx3XemV0Ra4JMs,4178
+dissect/target/plugins/os/windows/regf/runkeys.py,sha256=f10jOPTJlUVDEhSiH9JSltKQ-V7zfa8iPX0nKl1gBXo,4247
 dissect/target/plugins/os/windows/regf/shellbags.py,sha256=EKBWBjxvSfxc7WFKmICZs8QUJnjhsCKesjl_NHEnSUo,25621
 dissect/target/plugins/os/windows/regf/shimcache.py,sha256=4SHtwh-ajhgcyR2-vsBbjnsyBtEVPwlgk5j8e1TQkWM,9972
 dissect/target/plugins/os/windows/regf/trusteddocs.py,sha256=4g4m1FYljOpYqGG-7NGyj738Tfnz0uEaN2is2YzkMgg,3669
@@ -340,10 +340,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.17.dev35.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.17.dev35.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.17.dev35.dist-info/METADATA,sha256=Dd4TxlQKuWjqnUY6nMqiEvR-YBsmXIbhGN6CLjdsGhI,11300
-dissect.target-3.17.dev35.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-dissect.target-3.17.dev35.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.17.dev35.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.17.dev35.dist-info/RECORD,,
+dissect.target-3.17.dev37.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.17.dev37.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.17.dev37.dist-info/METADATA,sha256=lG1EhM84cgxqVPODtlB_Ruvy2WmoUgjrea3a9pSWu20,11300
+dissect.target-3.17.dev37.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+dissect.target-3.17.dev37.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.17.dev37.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.17.dev37.dist-info/RECORD,,