dissect.target 3.19.dev57__py3-none-any.whl → 3.20__py3-none-any.whl

dissect/target/plugins/os/unix/_os.py

@@ -3,8 +3,10 @@ from __future__ import annotations
 import logging
 import re
 import uuid
-from struct import unpack
-from typing import Iterator, Optional, Union
+from pathlib import Path
+from typing import Iterator
+
+from flow.record.fieldtypes import posix_path
 
 from dissect.target.filesystem import Filesystem
 from dissect.target.helpers.fsutil import TargetPath
@@ -16,16 +18,36 @@ from dissect.target.target import Target
 log = logging.getLogger(__name__)
 
 
+# https://en.wikipedia.org/wiki/Executable_and_Linkable_Format#ISA
+ARCH_MAP = {
+    0x00: "unknown",
+    0x02: "sparc",
+    0x03: "x86",
+    0x08: "mips",
+    0x14: "powerpc32",
+    0x15: "powerpc64",
+    0x16: "s390",  # and s390x
+    0x28: "aarch32",  # armv7
+    0x2A: "superh",
+    0x32: "ia-64",
+    0x3E: "x86_64",
+    0xB7: "aarch64",  # armv8
+    0xF3: "riscv64",
+    0xF7: "bpf",
+}
+
+
 class UnixPlugin(OSPlugin):
     def __init__(self, target: Target):
         super().__init__(target)
         self._add_mounts()
+        self._add_devices()
         self._hostname_dict = self._parse_hostname_string()
         self._hosts_dict = self._parse_hosts_string()
         self._os_release = self._parse_os_release()
 
     @classmethod
-    def detect(cls, target: Target) -> Optional[Filesystem]:
+    def detect(cls, target: Target) -> Filesystem | None:
         for fs in target.filesystems:
             if fs.exists("/var") and fs.exists("/etc"):
                 return fs
@@ -71,7 +93,7 @@ class UnixPlugin(OSPlugin):
                         uid=pwent.get(2),
                         gid=pwent.get(3),
                         gecos=pwent.get(4),
-                        home=self.target.fs.path(pwent.get(5)),
+                        home=posix_path(pwent.get(5)),
                         shell=pwent.get(6),
                         source=passwd_file,
                         _target=self.target,
@@ -115,23 +137,23 @@ class UnixPlugin(OSPlugin):
 
                 yield UnixUserRecord(
                     name=user["name"],
-                    home=user["home"],
+                    home=posix_path(user["home"]),
                     shell=user["shell"],
                     source="/var/log/syslog",
                     _target=self.target,
                 )
 
     @export(property=True)
-    def architecture(self) -> Optional[str]:
+    def architecture(self) -> str | None:
         return self._get_architecture(self.os)
 
     @export(property=True)
-    def hostname(self) -> Optional[str]:
+    def hostname(self) -> str | None:
         hosts_string = self._hosts_dict.get("hostname", "localhost")
         return self._hostname_dict.get("hostname", hosts_string)
 
     @export(property=True)
-    def domain(self) -> Optional[str]:
+    def domain(self) -> str | None:
         domain = self._hostname_dict.get("domain", "localhost")
         if domain == "localhost":
             domain = self._hosts_dict["hostname", "localhost"]
@@ -143,7 +165,7 @@ class UnixPlugin(OSPlugin):
     def os(self) -> str:
         return OperatingSystem.UNIX.value
 
-    def _parse_rh_legacy(self, path):
+    def _parse_rh_legacy(self, path: Path) -> str | None:
         hostname = None
         file_contents = path.open("rt").readlines()
         for line in file_contents:
@@ -152,7 +174,7 @@ class UnixPlugin(OSPlugin):
             _, _, hostname = line.rstrip().partition("=")
         return hostname
 
-    def _parse_hostname_string(self, paths: Optional[list[str]] = None) -> Optional[dict[str, str]]:
+    def _parse_hostname_string(self, paths: list[str] | None = None) -> dict[str, str] | None:
         """
         Returns a dict containing the hostname and domain name portion of the path(s) specified
 
@@ -184,7 +206,7 @@ class UnixPlugin(OSPlugin):
             break  # break whenever a valid hostname is found
         return hostname_dict
 
-    def _parse_hosts_string(self, paths: Optional[list[str]] = None) -> dict[str, str]:
+    def _parse_hosts_string(self, paths: list[str] | None = None) -> dict[str, str]:
         paths = paths or ["/etc/hosts"]
         hosts_string = {"ip": None, "hostname": None}
 
@@ -244,7 +266,18 @@ class UnixPlugin(OSPlugin):
                     self.target.log.debug("Mounting %s (%s) at %s", fs, fs.volume, mount_point)
                     self.target.fs.mount(mount_point, fs)
 
-    def _parse_os_release(self, glob: Optional[str] = None) -> dict[str, str]:
+    def _add_devices(self) -> None:
+        """Add some virtual block devices to the target.
+
+        Currently only adds LVM devices.
+        """
+        vfs = self.target.fs.append_layer()
+
+        for volume in self.target.volumes:
+            if volume.vs and volume.vs.__type__ == "lvm":
+                vfs.map_file_fh(f"/dev/{volume.raw.vg.name}/{volume.raw.name}", volume)
+
+    def _parse_os_release(self, glob: str | None = None) -> dict[str, str]:
         """Parse files containing Unix version information.
 
         Not all these files are equal. Generally speaking these files are
@@ -286,43 +319,36 @@ class UnixPlugin(OSPlugin):
                                 continue
         return os_release
 
-    def _get_architecture(self, os: str = "unix", path: str = "/bin/ls") -> Optional[str]:
-        arch_strings = {
-            0x00: "Unknown",
-            0x02: "SPARC",
-            0x03: "x86",
-            0x08: "MIPS",
-            0x14: "PowerPC",
-            0x16: "S390",
-            0x28: "ARM",
-            0x2A: "SuperH",
-            0x32: "IA-64",
-            0x3E: "x86_64",
-            0xB7: "AArch64",
-            0xF3: "RISC-V",
-        }
-
-        for fs in self.target.filesystems:
-            if fs.exists(path):
-                fh = fs.open(path)
-                fh.seek(4)
-                # ELF - e_ident[EI_CLASS]
-                bits = unpack("B", fh.read(1))[0]
-                fh.seek(18)
-                # ELF - e_machine
-                arch = unpack("H", fh.read(2))[0]
-                arch = arch_strings.get(arch)
-
-                if bits == 1:  # 32 bit system
-                    return f"{arch}_32-{os}"
-                else:
-                    return f"{arch}-{os}"
+    def _get_architecture(self, os: str = "unix", path: Path | str = "/bin/ls") -> str | None:
+        """Determine architecture by reading an ELF header of a binary on the target.
+
+        Resources:
+            - https://en.wikipedia.org/wiki/Executable_and_Linkable_Format#ISA
+        """
+
+        if not isinstance(path, TargetPath):
+            for fs in [self.target.fs, *self.target.filesystems]:
+                if (path := fs.path(path)).exists():
+                    break
+
+        if not path.exists():
+            return
+
+        fh = path.open("rb")
+        fh.seek(4)  # ELF - e_ident[EI_CLASS]
+        bits = fh.read(1)[0]
+
+        fh.seek(18)  # ELF - e_machine
+        e_machine = int.from_bytes(fh.read(2), "little")
+        arch = ARCH_MAP.get(e_machine, "unknown")
+
+        return f"{arch}_32-{os}" if bits == 1 and not arch[-2:] == "32" else f"{arch}-{os}"
 
 
 def parse_fstab(
     fstab: TargetPath,
     log: logging.Logger = log,
-) -> Iterator[tuple[Union[uuid.UUID, str], str, str, str, str]]:
+) -> Iterator[tuple[uuid.UUID | str, str, str, str, str]]:
     """Parse fstab file and return a generator that streams the details of entries,
     with unsupported FS types and block devices filtered away.
     """

dissect/target/plugins/os/unix/applications.py

@@ -0,0 +1,78 @@
+from typing import Iterator
+
+from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.helpers import configutil
+from dissect.target.helpers.fsutil import TargetPath
+from dissect.target.helpers.record import UnixApplicationRecord
+from dissect.target.plugin import Plugin, export
+from dissect.target.target import Target
+
+
+class UnixApplicationsPlugin(Plugin):
+    """Unix Applications plugin."""
+
+    SYSTEM_PATHS = [
+        "/usr/share/applications/",
+        "/usr/local/share/applications/",
+        "/var/lib/snapd/desktop/applications/",
+        "/var/lib/flatpak/exports/share/applications/",
+    ]
+
+    USER_PATHS = [
+        ".local/share/applications/",
+    ]
+
+    SYSTEM_APPS = ("org.gnome.",)
+
+    def __init__(self, target: Target):
+        super().__init__(target)
+        self.desktop_files = list(self._find_desktop_files())
+
+    def _find_desktop_files(self) -> Iterator[TargetPath]:
+        for dir in self.SYSTEM_PATHS:
+            for file in self.target.fs.path(dir).glob("*.desktop"):
+                yield file
+
+        for user_details in self.target.user_details.all_with_home():
+            for dir in self.USER_PATHS:
+                for file in user_details.home_path.joinpath(dir).glob("*.desktop"):
+                    yield file
+
+    def check_compatible(self) -> None:
+        if not self.desktop_files:
+            raise UnsupportedPluginError("No application .desktop files found")
+
+    @export(record=UnixApplicationRecord)
+    def applications(self) -> Iterator[UnixApplicationRecord]:
+        """Yield installed Unix GUI applications from GNOME and XFCE.
+
+        Resources:
+            - https://wiki.archlinux.org/title/Desktop_entries
+            - https://specifications.freedesktop.org/desktop-entry-spec/latest/
+            - https://unix.stackexchange.com/questions/582928/where-gnome-apps-are-installed
+
+        Yields ``UnixApplicationRecord`` records with the following fields:
+
+        .. code-block:: text
+
+            ts_modified  (datetime): timestamp when the installation was modified
+            ts_installed (datetime): timestamp when the application was installed on the system
+            name         (string):   name of the application
+            version      (string):   version of the application
+            author       (string):   author of the application
+            type         (string):   type of the application, either user or system
+            path         (string):   path to the desktop file entry of the application
+        """
+        for file in self.desktop_files:
+            config = configutil.parse(file, hint="ini").get("Desktop Entry") or {}
+            stat = file.lstat()
+
+            yield UnixApplicationRecord(
+                ts_modified=stat.st_mtime,
+                ts_installed=stat.st_btime if hasattr(stat, "st_btime") else None,
+                name=config.get("Name"),
+                version=config.get("Version"),
+                path=config.get("Exec"),
+                type="system" if config.get("Icon", "").startswith(self.SYSTEM_APPS) else "user",
+                _target=self.target,
+            )

dissect/target/plugins/os/unix/bsd/citrix/history.py

@@ -44,6 +44,8 @@ CITRIX_NETSCALER_BASH_HISTORY_RE = re.compile(
 
 
 class CitrixCommandHistoryPlugin(CommandHistoryPlugin):
+    """Citrix command history plugin."""
+
     COMMAND_HISTORY_ABSOLUTE_PATHS = (("citrix-netscaler-bash", "/var/log/bash.log*"),)
     COMMAND_HISTORY_RELATIVE_PATHS = CommandHistoryPlugin.COMMAND_HISTORY_RELATIVE_PATHS + (
         ("citrix-netscaler-cli", ".nscli_history"),

dissect/target/plugins/os/unix/bsd/osx/_os.py

@@ -3,6 +3,8 @@ from __future__ import annotations
 import plistlib
 from typing import Iterator, Optional
 
+from flow.record.fieldtypes import posix_path
+
 from dissect.target.filesystem import Filesystem
 from dissect.target.helpers.record import UnixUserRecord
 from dissect.target.plugin import OperatingSystem, export
@@ -39,26 +41,7 @@ class MacPlugin(BsdPlugin):
 
     @export(property=True)
     def ips(self) -> Optional[list[str]]:
-        ips = set()
-
-        # Static configured IP-addresses
-        if (preferences := self.target.fs.path(self.SYSTEM)).exists():
-            network = plistlib.load(preferences.open()).get("NetworkServices")
-
-            for interface in network.values():
-                for addresses in [interface.get("IPv4"), interface.get("IPv6")]:
-                    ips.update(addresses.get("Addresses", []))
-
-        # IP-addresses configured by DHCP
-        if (dhcp := self.target.fs.path("/private/var/db/dhcpclient/leases")).exists():
-            for lease in dhcp.iterdir():
-                if lease.is_file():
-                    lease = plistlib.load(lease.open())
-
-                    if ip := lease.get("IPAddress"):
-                        ips.add(ip)
-
-        return list(ips)
+        return list(set(map(str, self.target.network.ips())))
 
     @export(property=True)
     def version(self) -> Optional[str]:
@@ -87,7 +70,7 @@ class MacPlugin(BsdPlugin):
                         uid=user.get("uid", [None])[0],
                         gid=user.get("gid", [None])[0],
                         gecos=user.get("realname", [None])[0],
-                        home=home_dir,
+                        home=posix_path(home_dir) if home_dir else None,
                         shell=user.get("shell", [None])[0],
                         source=path,
                     )

dissect/target/plugins/os/unix/bsd/osx/network.py

@@ -0,0 +1,92 @@
+from __future__ import annotations
+
+import plistlib
+from functools import cache, lru_cache
+from typing import Iterator
+
+from dissect.target.helpers.record import MacInterfaceRecord
+from dissect.target.plugins.general.network import NetworkPlugin
+from dissect.target.target import Target
+
+
+class MacNetworkPlugin(NetworkPlugin):
+    """macOS network interface plugin."""
+
+    def __init__(self, target: Target):
+        super().__init__(target)
+        self._plistnetwork = cache(self._plistnetwork)
+        self._plistlease = lru_cache(32)(self._plistlease)
+
+    def _plistlease(self, devname: str) -> dict:
+        for lease in self.target.fs.glob_ext(f"/private/var/db/dhcpclient/leases/{devname}*"):
+            return plistlib.load(lease.open())
+        return {}
+
+    def _plistnetwork(self) -> dict:
+        if (preferences := self.target.fs.path("/Library/Preferences/SystemConfiguration/preferences.plist")).exists():
+            return plistlib.load(preferences.open())
+
+    def _interfaces(self) -> Iterator[MacInterfaceRecord]:
+        plistnetwork = self._plistnetwork()
+        current_set = plistnetwork.get("CurrentSet")
+        sets = plistnetwork.get("Sets", {})
+        for name, _set in sets.items():
+            if f"/Sets/{name}" == current_set:
+                item = _set
+                for key in ["Network", "Global", "IPv4", "ServiceOrder"]:
+                    item = item.get(key, {})
+                service_order = item
+                break
+
+        network = plistnetwork.get("NetworkServices", {})
+        vlans = plistnetwork.get("VirtualNetworkInterfaces", {}).get("VLAN", {})
+
+        vlan_lookup = {key: vlan.get("Tag") for key, vlan in vlans.items()}
+
+        for _id, interface in network.items():
+            dns = set()
+            gateways = set()
+            ips = set()
+            device = interface.get("Interface", {})
+            name = device.get("DeviceName")
+            _type = device.get("Type")
+            vlan = vlan_lookup.get(name)
+            dhcp = False
+            subnetmask = []
+            network = []
+            interface_service_order = service_order.index(_id) if _id in service_order else None
+            try:
+                for addr in interface.get("DNS", {}).get("ServerAddresses", {}):
+                    dns.add(addr)
+                for addresses in [interface.get("IPv4", {}), interface.get("IPv6", {})]:
+                    subnetmask += filter(lambda mask: mask != "", addresses.get("SubnetMasks", []))
+                    if router := addresses.get("Router"):
+                        gateways.add(router)
+                    if addresses.get("ConfigMethod", "") == "DHCP":
+                        ips.add(self._plistlease(name).get("IPAddress"))
+                        dhcp = True
+                    else:
+                        for addr in addresses.get("Addresses", []):
+                            ips.add(addr)
+
+                if subnetmask:
+                    network = self.calculate_network(ips, subnetmask)
+
+                yield MacInterfaceRecord(
+                    name=name,
+                    type=_type,
+                    enabled=not interface.get("__INACTIVE__", False),
+                    dns=list(dns),
+                    ip=list(ips),
+                    gateway=list(gateways),
+                    source="NetworkServices",
+                    vlan=vlan,
+                    network=network,
+                    interface_service_order=interface_service_order,
+                    dhcp=dhcp,
+                    _target=self.target,
+                )
+
+            except Exception as e:
+                self.target.log.warning("Error reading configuration for network device %s: %s", name, e)
+                continue

dissect/target/plugins/os/unix/bsd/osx/user.py

@@ -20,6 +20,8 @@ AccountPolicyRecord = create_extended_descriptor([UserRecordDescriptorExtension]
 
 
 class UserPlugin(Plugin):
+    """MacOS / OSX user plugin."""
+
     # TODO: Parse additional user data like: HeimdalSRPKey, KerberosKeys, ShadowHashData, LinkedIdentity,
     # inputSources, smartCardSecureTokenData, smartCardSecureTokenUUID, unlockOptions, smb_sid
 
@@ -31,6 +33,8 @@ class UserPlugin(Plugin):
 
     @export(record=AccountPolicyRecord)
     def account_policy(self) -> Iterator[AccountPolicyRecord]:
+        """Yield user account policy information"""
+
         # The data is not retrieved from the home folder of the user
         for user_details in self.target.user_details.all():
             user = plistlib.load(self.target.fs.path(user_details.user.source).open())

dissect/target/plugins/os/unix/cronjobs.py

@@ -1,4 +1,7 @@
+from __future__ import annotations
+
 import re
+from typing import Iterator
 
 from dissect.target.helpers.record import TargetRecordDescriptor
 from dissect.target.plugin import Plugin, export
@@ -28,10 +31,12 @@ EnvironmentVariableRecord = TargetRecordDescriptor(
 
 
 class CronjobPlugin(Plugin):
+    """Unix cronjob plugin."""
+
     def check_compatible(self) -> None:
         pass
 
-    def parse_crontab(self, file_path):
+    def parse_crontab(self, file_path) -> Iterator[CronjobRecord | EnvironmentVariableRecord]:
         for line in file_path.open("rt"):
             line = line.strip()
             if line.startswith("#") or not len(line):
@@ -67,9 +72,8 @@ class CronjobPlugin(Plugin):
                 )
 
     @export(record=[CronjobRecord, EnvironmentVariableRecord])
-    def cronjobs(self):
-        """
-        Return all cronjobs.
+    def cronjobs(self) -> Iterator[CronjobRecord | EnvironmentVariableRecord]:
+        """Yield cronjobs on the unix system.
 
         A cronjob is a scheduled task/command on a Unix based system. Adversaries may use cronjobs to gain
         persistence on the system.

dissect/target/plugins/os/unix/etc/etc.py

@@ -23,6 +23,8 @@ UnixConfigTreeRecord = TargetRecordDescriptor(
 
 
 class EtcTree(ConfigurationTreePlugin):
+    """Unix etc configuration tree plugin."""
+
     __namespace__ = "etc"
 
     def __init__(self, target: Target):
@@ -64,6 +66,8 @@ class EtcTree(ConfigurationTreePlugin):
     @arg("--glob", dest="pattern", required=False, default="*", type=str, help="Glob-style pattern to search for")
     @arg("--root", dest="root", required=False, default="/", type=str, help="Path to use as root for search")
     def etc(self, pattern: str, root: str) -> Iterator[UnixConfigTreeRecord]:
+        """Yield etc configuration records."""
+
         for entry, subs, items in self.config_fs.walk(root):
             for item in items:
                 try:

dissect/target/plugins/os/unix/generic.py

@@ -9,6 +9,8 @@ from dissect.target.plugin import Plugin, export
 
 
 class GenericPlugin(Plugin):
+    """Generic plugin for Unix targets."""
+
     def check_compatible(self) -> None:
         pass
 

dissect/target/plugins/os/unix/history.py

@@ -26,6 +26,8 @@ RE_FISH = re.compile(r"- cmd: (?P<command>.+?)\s+when: (?P<ts>\d+)")
 
 
 class CommandHistoryPlugin(Plugin):
+    """Unix command history plugin."""
+
     COMMAND_HISTORY_RELATIVE_PATHS = (
         ("bash", ".bash_history"),
         ("fish", ".local/share/fish/fish_history"),
@@ -59,7 +61,7 @@ class CommandHistoryPlugin(Plugin):
 
     @alias("bashhistory")
     @export(record=CommandHistoryRecord)
-    def commandhistory(self):
+    def commandhistory(self) -> Iterator[CommandHistoryRecord]:
         """Return shell history for all users.
 
         When using a shell, history of the used commands is kept on the system.
@@ -81,12 +83,12 @@ class CommandHistoryPlugin(Plugin):
     def parse_generic_history(self, file, user: UnixUserRecord, shell: str) -> Iterator[CommandHistoryRecord]:
         """Parse bash_history contents.
 
-        Regular .bash_history files contain one plain command per line.
-        An extended .bash_history file may look like this:
-        ```
-        #1648598339
-        echo "this is a test"
-        ```
+        Regular .bash_history files contain one plain command per line. Extended ``.bash_history`` files look like this:
+
+        .. code-block::
+
+            #1648598339
+            echo "this is a test"
 
         Resources:
             - http://git.savannah.gnu.org/cgit/bash.git/tree/bashhist.c
@@ -121,12 +123,12 @@ class CommandHistoryPlugin(Plugin):
     def parse_zsh_history(self, file, user: UnixUserRecord) -> Iterator[CommandHistoryRecord]:
         """Parse zsh_history contents.
 
-        Regular .zsh_history lines are just the plain commands.
-        Extended .zsh_history files may look like this:
-        ```
-        : 1673860722:0;sudo apt install sl
-        : :;
-        ```
+        Regular ``.zsh_history`` lines are just the plain commands. Extended ``.zsh_history`` files look like this:
+
+        .. code-block::
+
+            : 1673860722:0;sudo apt install sl
+            : :;
 
         Resources:
             - https://sourceforge.net/p/zsh/code/ci/master/tree/Src/hist.c
@@ -157,18 +159,18 @@ class CommandHistoryPlugin(Plugin):
     def parse_fish_history(self, history_file: TargetPath, user: UnixUserRecord) -> Iterator[CommandHistoryRecord]:
         """Parses the history file of the fish shell.
 
-        The fish history file is formatted as pseudo-YAML.
-        An example of such a file:
-        ```
-        - cmd: ls
-          when: 1688642435
-        - cmd: cd home/
-          when: 1688642441
-          paths:
-            - home/
-        - cmd: echo "test: test"
-          when: 1688986629
-        ```
+        The fish history file is formatted as pseudo-YAML. An example of such a file:
+
+        .. code-block::
+
+            - cmd: ls
+            when: 1688642435
+            - cmd: cd home/
+            when: 1688642441
+            paths:
+                - home/
+            - cmd: echo "test: test"
+            when: 1688986629
 
         Note that the last `- cmd: echo "test: test"` is not valid YAML,
         which is why we cannot safely use the Python yaml module.

dissect/target/plugins/os/unix/linux/_os.py

@@ -3,13 +3,13 @@ from __future__ import annotations
 import logging
 
 from dissect.target.filesystem import Filesystem
-from dissect.target.helpers.network_managers import (
-    LinuxNetworkManager,
-    parse_unix_dhcp_log_messages,
-)
 from dissect.target.plugin import OperatingSystem, export
 from dissect.target.plugins.os.unix._os import UnixPlugin
 from dissect.target.plugins.os.unix.bsd.osx._os import MacPlugin
+from dissect.target.plugins.os.unix.linux.network_managers import (
+    LinuxNetworkManager,
+    parse_unix_dhcp_log_messages,
+)
 from dissect.target.plugins.os.windows._os import WindowsPlugin
 from dissect.target.target import Target
 
@@ -34,17 +34,15 @@ class LinuxPlugin(UnixPlugin, LinuxNetworkManager):
     @export(property=True)
     def ips(self) -> list[str]:
         """Returns a list of static IP addresses and DHCP lease IP addresses found on the host system."""
-        ips = []
+        ips = set()
 
         for ip_set in self.network_manager.get_config_value("ips"):
-            for ip in ip_set:
-                ips.append(ip)
+            ips.update(ip_set)
 
         for ip in parse_unix_dhcp_log_messages(self.target, iter_all=False):
-            if ip not in ips:
-                ips.append(ip)
+            ips.add(ip)
 
-        return ips
+        return list(ips)
 
     @export(property=True)
     def dns(self) -> list[str]:

dissect/target/plugins/os/unix/linux/cmdline.py

@@ -16,6 +16,8 @@ CmdlineRecord = TargetRecordDescriptor(
 
 
 class CmdlinePlugin(Plugin):
+    """Linux volatile proc commandline plugin."""
+
     def check_compatible(self) -> None:
         self.target.proc
 

dissect/target/plugins/os/unix/linux/debian/apt.py

@@ -10,13 +10,16 @@ from dissect.target.helpers.fsutil import open_decompress
 from dissect.target.plugins.os.unix.packagemanager import (
     OperationTypes,
     PackageManagerLogRecord,
+    PackageManagerPlugin,
 )
 
 APT_LOG_OPERATIONS = ["Install", "Reinstall", "Upgrade", "Downgrade", "Remove", "Purge"]
 REGEX_PACKAGE_NAMES = re.compile(r"(.*?\)),?")
 
 
-class AptPlugin(plugin.Plugin):
+class AptPlugin(PackageManagerPlugin):
+    """Apt package manager plugin."""
+
     __namespace__ = "apt"
 
     LOG_DIR_PATH = "/var/log/apt"