dissect.target 3.19.dev16__py3-none-any.whl → 3.19.dev18__py3-none-any.whl

dissect/target/helpers/configutil.py

@@ -240,6 +240,33 @@ class Default(ConfigurationParser):
         self.parsed_data = information_dict
 
 
+class CSVish(Default):
+    """Parses CSV-ish config files (does not confirm to CSV standard!)"""
+
+    def __init__(self, *args, fields: tuple[str], **kwargs) -> None:
+        self.fields = fields
+        self.num_fields = len(self.fields)
+        self.maxsplit = self.num_fields - 1
+        super().__init__(*args, **kwargs)
+
+    def parse_file(self, fh: TextIO) -> None:
+        information_dict = {}
+
+        for i, raw_line in enumerate(self.line_reader(fh, strip_comments=True)):
+            line = raw_line.strip()
+            columns = re.split(self.SEPARATOR, line, maxsplit=self.maxsplit)
+
+            if len(columns) < self.num_fields:
+                # keep unparsed lines separate (often env vars)
+                data = {"line": line}
+            else:
+                data = dict(zip(self.fields, columns))
+
+            information_dict[str(i)] = data
+
+        self.parsed_data = information_dict
+
+
 class Ini(ConfigurationParser):
     """Parses an ini file according using the built-in python ConfigParser"""
 
@@ -688,11 +715,12 @@ class ParserConfig:
     collapse_inverse: Optional[bool] = None
     separator: Optional[tuple[str]] = None
     comment_prefixes: Optional[tuple[str]] = None
+    fields: Optional[tuple[str]] = None
 
     def create_parser(self, options: Optional[ParserOptions] = None) -> ConfigurationParser:
         kwargs = {}
 
-        for field_name in ["collapse", "collapse_inverse", "separator", "comment_prefixes"]:
+        for field_name in ["collapse", "collapse_inverse", "separator", "comment_prefixes", "fields"]:
             value = getattr(options, field_name, None) or getattr(self, field_name)
             if value:
                 kwargs.update({field_name: value})
@@ -721,6 +749,7 @@ CONFIG_MAP: dict[tuple[str, ...], ParserConfig] = {
     "toml": ParserConfig(Toml),
 }
 
+
 KNOWN_FILES: dict[str, type[ConfigurationParser]] = {
     "ulogd.conf": ParserConfig(Ini),
     "sshd_config": ParserConfig(Indentation, separator=(r"\s",)),
@@ -730,6 +759,41 @@ KNOWN_FILES: dict[str, type[ConfigurationParser]] = {
     "nsswitch.conf": ParserConfig(Default, separator=(":",)),
     "lsb-release": ParserConfig(Default),
     "catalog": ParserConfig(Xml),
+    "fstab": ParserConfig(
+        CSVish,
+        separator=(r"\s",),
+        comment_prefixes=("#",),
+        fields=("device", "mount", "type", "options", "dump", "pass"),
+    ),
+    "crontab": ParserConfig(
+        CSVish,
+        separator=(r"\s",),
+        comment_prefixes=("#",),
+        fields=("minute", "hour", "day", "month", "weekday", "user", "command"),
+    ),
+    "shadow": ParserConfig(
+        CSVish,
+        separator=(r"\:",),
+        comment_prefixes=("#",),
+        fields=(
+            "username",
+            "password",
+            "lastchange",
+            "minpassage",
+            "maxpassage",
+            "warning",
+            "inactive",
+            "expire",
+            "rest",
+        ),
+    ),
+    "passwd": ParserConfig(
+        CSVish,
+        separator=(r"\:",),
+        comment_prefixes=("#",),
+        fields=("username", "password", "uid", "gid", "gecos", "homedir", "shell"),
+    ),
+    "mime.types": ParserConfig(CSVish, separator=(r"\s+",), comment_prefixes=("#",), fields=("name", "extensions")),
 }
 
 

dissect/target/plugins/os/windows/lnk.py

@@ -45,9 +45,9 @@ class LnkPlugin(Plugin):
                 return None
         raise UnsupportedPluginError("No folders containing link files found")
 
-    @arg("--directory", "-d", dest="directory", default=None, help="Path to .lnk file in target")
+    @arg("--path", "-p", dest="path", default=None, help="Path to directory or .lnk file in target")
     @export(record=LnkRecord)
-    def lnk(self, directory: Optional[str] = None) -> Iterator[LnkRecord]:
+    def lnk(self, path: Optional[str] = None) -> Iterator[LnkRecord]:
         """Parse all .lnk files in /ProgramData, /Users, and /Windows or from a specified path in record format.
 
         Yields a LnkRecord record with the following fields:
@@ -77,7 +77,7 @@ class LnkPlugin(Plugin):
         # we need to get the active codepage from the system to properly decode some values
         codepage = self.target.codepage or "ascii"
 
-        for entry in self.lnk_entries(directory):
+        for entry in self.lnk_entries(path):
             lnk_file = Lnk(entry.open())
             lnk_net_name = lnk_device_name = None
 
@@ -168,7 +168,15 @@ class LnkPlugin(Plugin):
 
     def lnk_entries(self, path: Optional[str] = None) -> Iterator[TargetPath]:
         if path:
-            yield self.target.fs.path(path)
+            target_path = self.target.fs.path(path)
+            if not target_path.exists():
+                self.target.log.error("Provided path %s does not exist on target", target_path)
+                return
+
+            if target_path.is_file():
+                yield target_path
+            else:
+                yield from target_path.rglob("*.lnk")
         else:
             for folder in self.folders:
                 yield from self.target.fs.path("sysvol").joinpath(folder).rglob("*.lnk")

{dissect.target-3.19.dev16.dist-info → dissect.target-3.19.dev18.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.19.dev16
+Version: 3.19.dev18
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.19.dev16.dist-info → dissect.target-3.19.dev18.dist-info}/RECORD

@@ -46,7 +46,7 @@ dissect/target/filesystems/zip.py,sha256=WT1bQhzX_1MXXVZTKrJniae4xqRqMZ8FsfbvhgG
 dissect/target/helpers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/helpers/cache.py,sha256=TXlJBdFRz6V9zKs903am4Yawr0maYw5kZY0RqklDQJM,8568
 dissect/target/helpers/config.py,sha256=6917CZ6eDHaK_tOoiVEIndyhRXO6r6eCBIleq6f47PQ,2346
-dissect/target/helpers/configutil.py,sha256=wUVnfygXKargH1cAojGbTfgLffXYhbMZOrDP0BUwzdI,25638
+dissect/target/helpers/configutil.py,sha256=SLJFt_k5ezm7CIr_mcZqVrV-2YrcX5D48KgyC9oyWGw,27645
 dissect/target/helpers/cyber.py,sha256=WnJlk-HqAETmDAgLq92JPxyDLxvzSoFV_WrO-odVKBI,16805
 dissect/target/helpers/descriptor_extensions.py,sha256=uT8GwznfDAiIgMM7JKKOY0PXKMv2c0GCqJTCkWFgops,2605
 dissect/target/helpers/docs.py,sha256=J5U65Y3yOTqxDEZRCdrEmO63XQCeDzOJea1PwPM6Cyc,5146
@@ -266,7 +266,7 @@ dissect/target/plugins/os/windows/datetime.py,sha256=YKHUZU6lkKJocq15y0yCwvIIOb1
 dissect/target/plugins/os/windows/defender.py,sha256=zh3brEvJmknD5ef0PGuLZ1G95Fgdh-dlgi-ZEbADKXo,32716
 dissect/target/plugins/os/windows/env.py,sha256=-u9F9xWy6PUbQmu5Tv_MDoVmy6YB-7CbHokIK_T3S44,13891
 dissect/target/plugins/os/windows/generic.py,sha256=BSvDPfB9faU0uquMj0guw5tnR_97Nn0XAEE4k05BFSQ,22273
-dissect/target/plugins/os/windows/lnk.py,sha256=On1k0PODYggQM1j514qFepBACCV2Z2u61Q4Ba6e3Y2c,8179
+dissect/target/plugins/os/windows/lnk.py,sha256=2zpzpPbxL1qrxdbiZfhOGWKNujcj9tMy75_KrBXB1QE,8485
 dissect/target/plugins/os/windows/locale.py,sha256=yXVdclpUqss9h8Nq7N4kg3OHwWGDfjdfiLiUZR3wqv8,2324
 dissect/target/plugins/os/windows/notifications.py,sha256=T1CIvQgpW__qDR0Rq5zpeWmRWwjNDpvdMnvJJ_6tZXs,17378
 dissect/target/plugins/os/windows/prefetch.py,sha256=v4OgSKMwcihz0SOuA0o0Ec8wsAKuiuEmJolqZmHFgJA,10491
@@ -344,10 +344,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.19.dev16.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.19.dev16.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.19.dev16.dist-info/METADATA,sha256=1FP5TC7cQxQzrnIsKcUESZJZigSYAQFFwvZgrbl60TY,12719
-dissect.target-3.19.dev16.dist-info/WHEEL,sha256=Wyh-_nZ0DJYolHNn1_hMa4lM7uDedD_RGVwbmTjyItk,91
-dissect.target-3.19.dev16.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.19.dev16.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.19.dev16.dist-info/RECORD,,
+dissect.target-3.19.dev18.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.19.dev18.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.19.dev18.dist-info/METADATA,sha256=5gfwL4PP7a_vTLYBnbyfy1keo11MDR4aYuyMlPMv5Vs,12719
+dissect.target-3.19.dev18.dist-info/WHEEL,sha256=R0nc6qTxuoLk7ShA2_Y-UWkN8ZdfDBG2B6Eqpz2WXbs,91
+dissect.target-3.19.dev18.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.19.dev18.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.19.dev18.dist-info/RECORD,,

{dissect.target-3.19.dev16.dist-info → dissect.target-3.19.dev18.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (71.1.0)
+Generator: setuptools (72.1.0)
 Root-Is-Purelib: true
 Tag: py3-none-any