dissect.target 3.19.dev58__py3-none-any.whl → 3.20__py3-none-any.whl

dissect/target/helpers/configutil.py

@@ -2,6 +2,7 @@ from __future__ import annotations
 
 import io
 import json
+import logging
 import re
 import sys
 from collections import deque
@@ -47,6 +48,9 @@ except ImportError:
     HAS_TOML = False
 
 
+log = logging.getLogger(__name__)
+
+
 def _update_dictionary(current: dict[str, Any], key: str, value: Any) -> None:
     if prev_value := current.get(key):
         if isinstance(prev_value, dict):
@@ -65,9 +69,7 @@ def _update_dictionary(current: dict[str, Any], key: str, value: Any) -> None:
 
 
 class PeekableIterator:
-    """Source gotten from:
-    https://more-itertools.readthedocs.io/en/stable/_modules/more_itertools/more.html#peekable
-    """
+    # https://more-itertools.readthedocs.io/en/stable/_modules/more_itertools/more.html#peekable
 
     def __init__(self, iterable):
         self._iterator = iter(iterable)
@@ -94,9 +96,6 @@ class PeekableIterator:
 class ConfigurationParser:
     """A configuration parser where you can configure certain aspects of the parsing mechanism.
 
-    Attributes:
-        parsed_data: The resulting dictionary after parsing.
-
     Args:
         collapse: A ``bool`` or an ``Iterator``:
           If ``True``: it will collapse all the resulting dictionary values.
@@ -161,7 +160,7 @@ class ConfigurationParser:
     def get(self, item: str, default: Optional[Any] = None) -> Any:
         return self.parsed_data.get(item, default)
 
-    def read_file(self, fh: TextIO) -> None:
+    def read_file(self, fh: TextIO | io.BytesIO) -> None:
         """Parse a configuration file.
 
         Raises:
@@ -191,6 +190,8 @@ class Default(ConfigurationParser):
 
     This parser splits only on the first ``separator`` it finds:
 
+    .. code-block::
+
         key<separator>value     -> {"key": "value"}
 
         key<separator>value\n
@@ -303,8 +304,16 @@ class Txt(ConfigurationParser):
         self.parsed_data = {"content": fh.read(), "size": str(fh.tell())}
 
 
+class Bin(ConfigurationParser):
+
+    """Read the file into ``binary`` and show the number of bytes read"""
+
+    def parse_file(self, fh: io.BytesIO) -> None:
+        self.parsed_data = {"binary": fh.read(), "size": str(fh.tell())}
+
+
 class Xml(ConfigurationParser):
-    """Parses an XML file. Ignores any constructor parameters passed from ``ConfigurationParser`."""
+    """Parses an XML file. Ignores any constructor parameters passed from ``ConfigurationParser``."""
 
     def _tree(self, tree: ElementTree, root: bool = False) -> dict:
         """Very simple but robust xml -> dict implementation, see comments."""
@@ -383,8 +392,9 @@ class ListUnwrapper:
     def unwrap(data: Union[dict, list]) -> Union[dict, list]:
         """Transforms a list with dictionaries to a dictionary.
 
-        The order of the list is preserved. If no dictionary is found,
-        the list remains untouched:
+        The order of the list is preserved. If no dictionary is found, the list remains untouched:
+
+        .. code-block::
 
             ["value1", "value2"]    -> ["value1", "value2"]
 
@@ -457,6 +467,76 @@ class Toml(ConfigurationParser):
             raise ConfigurationParsingError("Failed to parse file, please install tomli.")
 
 
+class Env(ConfigurationParser):
+    """Parses ``.env`` file contents according to Docker and bash specification.
+
+    Does not apply interpolation of substituted values, eg. ``foo=${bar}`` and does not attempt
+    to parse list or dict strings. Does not support dynamic env files, eg. `` foo=`bar` ``. Also
+    does not support multi-line key/value assignments (yet).
+
+    Resources:
+        - https://docs.docker.com/compose/environment-variables/variable-interpolation/#env-file-syntax
+        - https://github.com/theskumar/python-dotenv/blob/main/src/dotenv/parser.py
+    """
+
+    RE_KV = re.compile(r"^(?P<key>.+?)=(?P<value>(\".+?\")|(\'.+?\')|(.*?))?(?P<comment> \#.+?)?$")
+
+    def __init__(self, comments: bool = True, *args, **kwargs) -> None:
+        super().__init__(*args, **kwargs)
+        self.comments = comments
+        self.parsed_data: dict | tuple[dict, str | None] = {}
+
+    def parse_file(self, fh: TextIO) -> None:
+        for line in fh.readlines():
+            # Blank lines are ignored.
+            # Lines beginning with ``#`` are processed as comments and ignored.
+            if not line or line[0] == "#" or "=" not in line:
+                continue
+
+            # Each line represents a key-value pair. Values can optionally be quoted.
+            # Inline comments for unquoted values must be preceded with a space.
+            # Value may be empty.
+            match = self.RE_KV.match(line)
+
+            # Line could be invalid
+            if not match:
+                log.warning("Could not parse line in %s: '%s'", fh, line)
+                continue
+
+            key = match.groupdict()["key"]
+            value = match.groupdict().get("value") or ""
+            value = value.strip()
+            comment = match.groupdict().get("comment")
+            comment = comment.replace(" # ", "", 1) if comment else None
+
+            # Surrounding whitespace characters are removed, unless quoted.
+            if value and ((value[0] == '"' and value[-1] == '"') or (value[0] == "'" and value[-1] == "'")):
+                is_quoted = True
+                value = value.strip("\"'")
+            else:
+                is_quoted = False
+                value = value.strip()
+
+            # Unquoted values may start with a quote if they are properly escaped.
+            if not is_quoted and value[:2] in ["\\'", '\\"']:
+                value = value[1:]
+
+            # Interpret boolean values
+            if value.lower() in ["1", "true"]:
+                value = True
+            elif value.lower() in ["0", "false"]:
+                value = False
+
+            # Interpret integer values
+            if isinstance(value, str) and re.match(r"^[0-9]{1,}$", value):
+                value = int(value)
+
+            if key.strip() in self.parsed_data:
+                log.warning("Duplicate environment key '%s' in file %s", key.strip(), fh)
+
+            self.parsed_data[key.strip()] = (value, comment) if self.comments else value
+
+
 class ScopeManager:
     """A (context)manager for dictionary scoping.
 
@@ -540,6 +620,8 @@ class Indentation(Default):
 
     The parser parses this as the following:
 
+    .. code-block::
+
       key value
         key2 value2
                        -> {"key value": {"key2": "value2"}}
@@ -562,7 +644,7 @@ class Indentation(Default):
         Args:
             manager: A :class:`ScopeManager` that contains the logic to ``push`` and ``pop`` scopes. And keeps state.
             line: The line to be parsed.
-            key: The key that should be updated during a :method:`ScopeManager.push``.
+            key: The key that should be updated during a :method:`ScopeManager.push`.
             next_line: The next line to be parsed.
 
         Returns:
@@ -612,26 +694,28 @@ class SystemD(Indentation):
     """A :class:`ConfigurationParser` that specifically parses systemd configuration files.
 
     Examples:
-        >>> systemd_data = textwrap.dedent(
-                '''
-                [Section1]
-                Key=Value
-                [Section2]
-                Key2=Value 2\\
-                    Value 2 continued
-                '''
-            )
-        >>> parser = SystemD(io.StringIO(systemd_data))
-        >>> parser.parser_items
-        {
-            "Section1": {
-                "Key": "Value
-            },
-            "Section2": {
-                "Key2": "Value2 Value 2 continued
-            }
-        }
 
+        .. code-block::
+
+            >>> systemd_data = textwrap.dedent(
+                    '''
+                    [Section1]
+                    Key=Value
+                    [Section2]
+                    Key2=Value 2\\
+                        Value 2 continued
+                    '''
+                )
+            >>> parser = SystemD(io.StringIO(systemd_data))
+            >>> parser.parser_items
+            {
+                "Section1": {
+                    "Key": "Value
+                },
+                "Section2": {
+                    "Key2": "Value2 Value 2 continued
+                }
+            }
     """
 
     def _change_scope(
@@ -733,6 +817,8 @@ MATCH_MAP: dict[str, ParserConfig] = {
     "*/sysconfig/network-scripts/ifcfg-*": ParserConfig(Default),
     "*/sysctl.d/*.conf": ParserConfig(Default),
     "*/xml/*": ParserConfig(Xml),
+    "*.bashrc": ParserConfig(Txt),
+    "*/vim/vimrc*": ParserConfig(Txt),
 }
 
 CONFIG_MAP: dict[tuple[str, ...], ParserConfig] = {
@@ -744,6 +830,13 @@ CONFIG_MAP: dict[tuple[str, ...], ParserConfig] = {
     "cnf": ParserConfig(Default),
     "conf": ParserConfig(Default, separator=(r"\s",)),
     "sample": ParserConfig(Txt),
+    "sh": ParserConfig(Txt),
+    "key": ParserConfig(Txt),
+    "crt": ParserConfig(Txt),
+    "pem": ParserConfig(Txt),
+    "pl": ParserConfig(Txt),  # various admin panels
+    "lua": ParserConfig(Txt),  # wireshark etc.
+    "txt": ParserConfig(Txt),
     "systemd": ParserConfig(SystemD),
     "template": ParserConfig(Txt),
     "toml": ParserConfig(Toml),
@@ -759,6 +852,7 @@ KNOWN_FILES: dict[str, type[ConfigurationParser]] = {
     "nsswitch.conf": ParserConfig(Default, separator=(":",)),
     "lsb-release": ParserConfig(Default),
     "catalog": ParserConfig(Xml),
+    "ld.so.cache": ParserConfig(Bin),
     "fstab": ParserConfig(
         CSVish,
         separator=(r"\s",),
@@ -832,9 +926,11 @@ def parse_config(
     parser_type = _select_parser(entry, hint)
 
     parser = parser_type.create_parser(options)
-
     with entry.open() as fh:
-        open_file = io.TextIOWrapper(fh, encoding="utf-8")
+        if not isinstance(parser, Bin):
+            open_file = io.TextIOWrapper(fh, encoding="utf-8")
+        else:
+            open_file = io.BytesIO(fh.read())
         parser.read_file(open_file)
 
     return parser

dissect/target/helpers/cyber.py

@@ -52,6 +52,8 @@ MATRIX_REVEAL_SECONDS = 4
 
 
 class Color(Enum):
+    """Cyber colors."""
+
     BLACK = 30
     RED = 31
     GREEN = 32

dissect/target/helpers/data/windowsZones.xml

@@ -5,8 +5,9 @@ Copyright © 1991-2013 Unicode, Inc.
 CLDR data files are interpreted according to the LDML specification (http://unicode.org/reports/tr35/)
 For terms of use, see http://www.unicode.org/copyright.html
 
-NOTE: This file should be updated every ~6 months.
-Source: https://github.com/unicode-org/cldr/blob/main/common/supplemental/windowsZones.xml
+NOTE:       This file should be updated every ~6 months.
+Updated at: 2024-10-28
+Source:     https://github.com/unicode-org/cldr/blob/main/common/supplemental/windowsZones.xml
 -->
 
 <supplementalData>
@@ -33,7 +34,6 @@ Source: https://github.com/unicode-org/cldr/blob/main/common/supplemental/window
 			<mapZone other="Hawaiian Standard Time" territory="001" type="Pacific/Honolulu"/>
 			<mapZone other="Hawaiian Standard Time" territory="CK" type="Pacific/Rarotonga"/>
 			<mapZone other="Hawaiian Standard Time" territory="PF" type="Pacific/Tahiti"/>
-			<mapZone other="Hawaiian Standard Time" territory="UM" type="Pacific/Johnston"/>
 			<mapZone other="Hawaiian Standard Time" territory="US" type="Pacific/Honolulu"/>
 			<mapZone other="Hawaiian Standard Time" territory="ZZ" type="Etc/GMT+10"/>
 
@@ -52,7 +52,7 @@ Source: https://github.com/unicode-org/cldr/blob/main/common/supplemental/window
 
 			<!-- (UTC-08:00) Baja California -->
 			<mapZone other="Pacific Standard Time (Mexico)" territory="001" type="America/Tijuana"/>
-			<mapZone other="Pacific Standard Time (Mexico)" territory="MX" type="America/Tijuana America/Santa_Isabel"/>
+			<mapZone other="Pacific Standard Time (Mexico)" territory="MX" type="America/Tijuana"/>
 
 			<!-- (UTC-08:00) Coordinated Universal Time-08 -->
 			<mapZone other="UTC-08" territory="001" type="Etc/GMT+8"/>
@@ -63,7 +63,6 @@ Source: https://github.com/unicode-org/cldr/blob/main/common/supplemental/window
 			<mapZone other="Pacific Standard Time" territory="001" type="America/Los_Angeles"/>
 			<mapZone other="Pacific Standard Time" territory="CA" type="America/Vancouver"/>
 			<mapZone other="Pacific Standard Time" territory="US" type="America/Los_Angeles"/>
-			<mapZone other="Pacific Standard Time" territory="ZZ" type="PST8PDT"/>
 
 			<!-- (UTC-07:00) Arizona -->
 			<mapZone other="US Mountain Standard Time" territory="001" type="America/Phoenix"/>
@@ -73,15 +72,14 @@ Source: https://github.com/unicode-org/cldr/blob/main/common/supplemental/window
 			<mapZone other="US Mountain Standard Time" territory="ZZ" type="Etc/GMT+7"/>
 
 			<!-- (UTC-07:00) Chihuahua, La Paz, Mazatlan -->
-			<mapZone other="Mountain Standard Time (Mexico)" territory="001" type="America/Chihuahua"/>
-			<mapZone other="Mountain Standard Time (Mexico)" territory="MX" type="America/Chihuahua America/Mazatlan"/>
+			<mapZone other="Mountain Standard Time (Mexico)" territory="001" type="America/Mazatlan"/>
+			<mapZone other="Mountain Standard Time (Mexico)" territory="MX" type="America/Mazatlan"/>
 
 			<!-- (UTC-07:00) Mountain Time (US & Canada) -->
 			<mapZone other="Mountain Standard Time" territory="001" type="America/Denver"/>
-			<mapZone other="Mountain Standard Time" territory="CA" type="America/Edmonton America/Cambridge_Bay America/Inuvik America/Yellowknife"/>
-			<mapZone other="Mountain Standard Time" territory="MX" type="America/Ojinaga"/>
+			<mapZone other="Mountain Standard Time" territory="CA" type="America/Edmonton America/Cambridge_Bay America/Inuvik"/>
+			<mapZone other="Mountain Standard Time" territory="MX" type="America/Ciudad_Juarez"/>
 			<mapZone other="Mountain Standard Time" territory="US" type="America/Denver America/Boise"/>
-			<mapZone other="Mountain Standard Time" territory="ZZ" type="MST7MDT"/>
 
 			<!-- (UTC-07:00) Yukon -->
 			<mapZone other="Yukon Standard Time" territory="001" type="America/Whitehorse"/>
@@ -100,10 +98,9 @@ Source: https://github.com/unicode-org/cldr/blob/main/common/supplemental/window
 
 			<!-- (UTC-06:00) Central Time (US & Canada) -->
 			<mapZone other="Central Standard Time" territory="001" type="America/Chicago"/>
-			<mapZone other="Central Standard Time" territory="CA" type="America/Winnipeg America/Rainy_River America/Rankin_Inlet America/Resolute"/>
-			<mapZone other="Central Standard Time" territory="MX" type="America/Matamoros"/>
+			<mapZone other="Central Standard Time" territory="CA" type="America/Winnipeg America/Rankin_Inlet America/Resolute"/>
+			<mapZone other="Central Standard Time" territory="MX" type="America/Matamoros America/Ojinaga"/>
 			<mapZone other="Central Standard Time" territory="US" type="America/Chicago America/Indiana/Knox America/Indiana/Tell_City America/Menominee America/North_Dakota/Beulah America/North_Dakota/Center America/North_Dakota/New_Salem"/>
-			<mapZone other="Central Standard Time" territory="ZZ" type="CST6CDT"/>
 
 			<!-- (UTC-06:00) Easter Island -->
 			<mapZone other="Easter Island Standard Time" territory="001" type="Pacific/Easter"/>
@@ -111,7 +108,7 @@ Source: https://github.com/unicode-org/cldr/blob/main/common/supplemental/window
 
 			<!-- (UTC-06:00) Guadalajara, Mexico City, Monterrey -->
 			<mapZone other="Central Standard Time (Mexico)" territory="001" type="America/Mexico_City"/>
-			<mapZone other="Central Standard Time (Mexico)" territory="MX" type="America/Mexico_City America/Bahia_Banderas America/Merida America/Monterrey"/>
+			<mapZone other="Central Standard Time (Mexico)" territory="MX" type="America/Mexico_City America/Bahia_Banderas America/Merida America/Monterrey America/Chihuahua "/>
 
 			<!-- (UTC-06:00) Saskatchewan -->
 			<mapZone other="Canada Central Standard Time" territory="001" type="America/Regina"/>
@@ -136,9 +133,8 @@ Source: https://github.com/unicode-org/cldr/blob/main/common/supplemental/window
 			<!-- (UTC-05:00) Eastern Time (US & Canada) -->
 			<mapZone other="Eastern Standard Time" territory="001" type="America/New_York"/>
 			<mapZone other="Eastern Standard Time" territory="BS" type="America/Nassau"/>
-			<mapZone other="Eastern Standard Time" territory="CA" type="America/Toronto America/Iqaluit America/Montreal America/Nipigon America/Pangnirtung America/Thunder_Bay"/>
+			<mapZone other="Eastern Standard Time" territory="CA" type="America/Toronto America/Iqaluit"/>
 			<mapZone other="Eastern Standard Time" territory="US" type="America/New_York America/Detroit America/Indiana/Petersburg America/Indiana/Vincennes America/Indiana/Winamac America/Kentucky/Monticello America/Louisville"/>
-			<mapZone other="Eastern Standard Time" territory="ZZ" type="EST5EDT"/>
 
 			<!-- (UTC-05:00) Haiti -->
 			<mapZone other="Haiti Standard Time" territory="001" type="America/Port-au-Prince"/>
@@ -424,7 +420,7 @@ Source: https://github.com/unicode-org/cldr/blob/main/common/supplemental/window
 			<mapZone other="FLE Standard Time" territory="FI" type="Europe/Helsinki"/>
 			<mapZone other="FLE Standard Time" territory="LT" type="Europe/Vilnius"/>
 			<mapZone other="FLE Standard Time" territory="LV" type="Europe/Riga"/>
-			<mapZone other="FLE Standard Time" territory="UA" type="Europe/Kiev Europe/Uzhgorod Europe/Zaporozhye"/>
+			<mapZone other="FLE Standard Time" territory="UA" type="Europe/Kiev"/>
 
 			<!-- (UTC+02:00) Jerusalem -->
 			<mapZone other="Israel Standard Time" territory="001" type="Asia/Jerusalem"/>
@@ -541,7 +537,8 @@ Source: https://github.com/unicode-org/cldr/blob/main/common/supplemental/window
 			<!-- (UTC+05:00) Ashgabat, Tashkent -->
 			<mapZone other="West Asia Standard Time" territory="001" type="Asia/Tashkent"/>
 			<mapZone other="West Asia Standard Time" territory="AQ" type="Antarctica/Mawson"/>
-			<mapZone other="West Asia Standard Time" territory="KZ" type="Asia/Oral Asia/Aqtau Asia/Aqtobe Asia/Atyrau"/>
+			<!-- Microsoft may create a new zone dedicated for Almaty and Qostanay. -->
+			<mapZone other="West Asia Standard Time" territory="KZ" type="Asia/Oral Asia/Almaty Asia/Aqtau Asia/Aqtobe Asia/Atyrau Asia/Qostanay"/>
 			<mapZone other="West Asia Standard Time" territory="MV" type="Indian/Maldives"/>
 			<mapZone other="West Asia Standard Time" territory="TF" type="Indian/Kerguelen"/>
 			<mapZone other="West Asia Standard Time" territory="TJ" type="Asia/Dushanbe"/>
@@ -573,13 +570,12 @@ Source: https://github.com/unicode-org/cldr/blob/main/common/supplemental/window
 			<mapZone other="Nepal Standard Time" territory="001" type="Asia/Katmandu"/>
 			<mapZone other="Nepal Standard Time" territory="NP" type="Asia/Katmandu"/>
 
-			<!-- (UTC+06:00) Astana -->
-			<mapZone other="Central Asia Standard Time" territory="001" type="Asia/Almaty"/>
+			<!-- (UTC+06:00) Astana --> <!-- Microsoft probably keeps Central Asia Standard Time, but change Astana to something else. -->
+			<mapZone other="Central Asia Standard Time" territory="001" type="Asia/Bishkek"/>
 			<mapZone other="Central Asia Standard Time" territory="AQ" type="Antarctica/Vostok"/>
 			<mapZone other="Central Asia Standard Time" territory="CN" type="Asia/Urumqi"/>
 			<mapZone other="Central Asia Standard Time" territory="IO" type="Indian/Chagos"/>
 			<mapZone other="Central Asia Standard Time" territory="KG" type="Asia/Bishkek"/>
-			<mapZone other="Central Asia Standard Time" territory="KZ" type="Asia/Almaty Asia/Qostanay"/>
 			<mapZone other="Central Asia Standard Time" territory="ZZ" type="Etc/GMT-6"/>
 
 			<!-- (UTC+06:00) Dhaka -->
@@ -656,7 +652,7 @@ Source: https://github.com/unicode-org/cldr/blob/main/common/supplemental/window
 
 			<!-- (UTC+08:00) Ulaanbaatar -->
 			<mapZone other="Ulaanbaatar Standard Time" territory="001" type="Asia/Ulaanbaatar"/>
-			<mapZone other="Ulaanbaatar Standard Time" territory="MN" type="Asia/Ulaanbaatar Asia/Choibalsan"/>
+			<mapZone other="Ulaanbaatar Standard Time" territory="MN" type="Asia/Ulaanbaatar"/>
 
 			<!-- (UTC+08:45) Eucla -->
 			<mapZone other="Aus Central W. Standard Time" territory="001" type="Australia/Eucla"/>
@@ -713,7 +709,7 @@ Source: https://github.com/unicode-org/cldr/blob/main/common/supplemental/window
 
 			<!-- (UTC+10:00) Hobart -->
 			<mapZone other="Tasmania Standard Time" territory="001" type="Australia/Hobart"/>
-			<mapZone other="Tasmania Standard Time" territory="AU" type="Australia/Hobart Australia/Currie Antarctica/Macquarie"/>
+			<mapZone other="Tasmania Standard Time" territory="AU" type="Australia/Hobart Antarctica/Macquarie"/>
 
 			<!-- (UTC+10:00) Vladivostok -->
 			<mapZone other="Vladivostok Standard Time" territory="001" type="Asia/Vladivostok"/>

dissect/target/helpers/docs.py

@@ -46,7 +46,7 @@ def get_real_func_obj(func: Callable) -> Tuple[Type, Callable]:
     return (klass, func)
 
 
-def get_docstring(obj: Any, placeholder=NO_DOCS) -> str:
+def get_docstring(obj: Any, placeholder: str = NO_DOCS) -> str:
     """Get object's docstring or a placeholder if no docstring found"""
     # Use of `inspect.cleandoc()` is preferred to `textwrap.dedent()` here
     # because many multi-line docstrings in the codebase

dissect/target/helpers/keychain.py

@@ -8,6 +8,8 @@ log = logging.getLogger(__name__)
 
 
 class KeyType(Enum):
+    """Valid key types."""
+
     RAW = "raw"
     PASSPHRASE = "passphrase"
     RECOVERY_KEY = "recovery_key"

dissect/target/helpers/mount.py

@@ -8,7 +8,6 @@ from dissect.util.feature import Feature, feature_enabled
 
 from dissect.target.filesystem import Filesystem, FilesystemEntry
 
-HAS_FUSE3 = False
 if feature_enabled(Feature.BETA):
     from fuse3 import FuseOSError, Operations
     from fuse3.c_fuse import fuse_config_p, fuse_conn_info_p
@@ -20,6 +19,8 @@ else:
     fuse_config_p = c_void_p
     fuse_conn_info_p = c_void_p
 
+    HAS_FUSE3 = False
+
 
 log = logging.getLogger(__name__)
 

dissect/target/helpers/record.py

@@ -165,8 +165,13 @@ WindowsInterfaceRecord = TargetRecordDescriptor(
     [
         *COMMON_INTERFACE_ELEMENTS,
         ("varint", "vlan"),
-        ("string", "metric"),
+        ("net.ipnetwork[]", "network"),
+        ("varint", "metric"),
+        ("stringlist", "search_domain"),
+        ("datetime", "first_connected"),
         ("datetime", "last_connected"),
+        ("net.ipaddress[]", "subnetmask"),
+        ("boolean", "dhcp"),
     ],
 )
 
@@ -175,7 +180,29 @@ MacInterfaceRecord = TargetRecordDescriptor(
     [
         *COMMON_INTERFACE_ELEMENTS,
         ("varint", "vlan"),
-        ("string", "proxy"),
+        ("net.ipnetwork[]", "network"),
         ("varint", "interface_service_order"),
+        ("boolean", "dhcp"),
     ],
 )
+
+
+COMMON_APPLICATION_FIELDS = [
+    ("datetime", "ts_modified"),
+    ("datetime", "ts_installed"),
+    ("string", "name"),
+    ("string", "version"),
+    ("string", "author"),
+    ("string", "type"),
+    ("path", "path"),
+]
+
+UnixApplicationRecord = TargetRecordDescriptor(
+    "unix/application",
+    COMMON_APPLICATION_FIELDS,
+)
+
+WindowsApplicationRecord = TargetRecordDescriptor(
+    "windows/application",
+    COMMON_APPLICATION_FIELDS,
+)

dissect/target/helpers/record_modifier.py

@@ -1,3 +1,4 @@
+import logging
 from functools import partial
 from typing import Callable, Iterable, Iterator
 
@@ -95,13 +96,16 @@ def modify_record(target: Target, record: Record, modifier_function: ModifierFun
         try:
             _record = modifier_function(field_name, resolved_path)
         except FilesystemError as e:
-            target.log.warning(
+            level = logging.INFO if isinstance(e, FileNotFoundError) else logging.WARNING
+            target.log.log(
+                level,
                 "Unable to modify record '%s' with function '%s': %s",
                 record._desc.name,
                 modifier_function.__name__,
                 e,
             )
             target.log.debug("", exc_info=e)
+
         else:
             additional_records.append(_record)