dissect.target 3.19.dev58__py3-none-any.whl → 3.20__py3-none-any.whl

dissect/target/plugins/os/unix/linux/debian/dpkg.py

@@ -1,6 +1,6 @@
 import gzip
 from datetime import datetime
-from typing import Dict, Generator, List, TextIO
+from typing import Dict, Generator, Iterator, List, TextIO
 
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.record import TargetRecordDescriptor
@@ -59,7 +59,7 @@ class DpkgPlugin(Plugin):
             raise UnsupportedPluginError("No DPKG files found")
 
     @export(record=DpkgPackageStatusRecord)
-    def status(self):
+    def status(self) -> Iterator[DpkgPackageStatusRecord]:
         """Yield records for packages in dpkg's status database"""
 
         status_file_path = self.target.fs.path(STATUS_FILE_NAME)
@@ -82,7 +82,7 @@ class DpkgPlugin(Plugin):
             yield DpkgPackageStatusRecord(_target=self.target, **record_fields)
 
     @export(record=DpkgPackageLogRecord)
-    def log(self):
+    def log(self) -> Iterator[DpkgPackageLogRecord]:
         """Yield records for actions logged in dpkg's logs"""
 
         for log_file in self.target.fs.glob(LOG_FILES_GLOB):

dissect/target/plugins/os/unix/linux/debian/proxmox/_os.py

@@ -0,0 +1,141 @@
+from __future__ import annotations
+
+import stat
+from io import BytesIO
+from typing import BinaryIO
+
+from dissect.sql import sqlite3
+from dissect.util.stream import BufferedStream
+
+from dissect.target.filesystem import (
+    Filesystem,
+    VirtualDirectory,
+    VirtualFile,
+    VirtualFilesystem,
+)
+from dissect.target.helpers import fsutil
+from dissect.target.plugins.os.unix._os import OperatingSystem, export
+from dissect.target.plugins.os.unix.linux.debian._os import DebianPlugin
+from dissect.target.target import Target
+
+
+class ProxmoxPlugin(DebianPlugin):
+    @classmethod
+    def detect(cls, target: Target) -> Filesystem | None:
+        for fs in target.filesystems:
+            if fs.exists("/etc/pve") or fs.exists("/var/lib/pve"):
+                return fs
+
+        return None
+
+    @classmethod
+    def create(cls, target: Target, sysvol: Filesystem) -> ProxmoxPlugin:
+        obj = super().create(target, sysvol)
+
+        if (config_db := target.fs.path("/var/lib/pve-cluster/config.db")).exists():
+            with config_db.open("rb") as fh:
+                vfs = _create_pmxcfs(fh, obj.hostname)
+
+            target.fs.mount("/etc/pve", vfs)
+
+        return obj
+
+    @export(property=True)
+    def version(self) -> str:
+        """Returns Proxmox VE version with underlying OS release."""
+
+        for pkg in self.target.dpkg.status():
+            if pkg.name == "proxmox-ve":
+                distro_name = self._os_release.get("PRETTY_NAME", "")
+                return f"{pkg.name} {pkg.version} ({distro_name})"
+
+    @export(property=True)
+    def os(self) -> str:
+        return OperatingSystem.PROXMOX.value
+
+
+DT_DIR = 4
+DT_REG = 8
+
+
+def _create_pmxcfs(fh: BinaryIO, hostname: str | None = None) -> VirtualFilesystem:
+    # https://pve.proxmox.com/wiki/Proxmox_Cluster_File_System_(pmxcfs)
+    db = sqlite3.SQLite3(fh)
+
+    entries = {row.inode: row for row in db.table("tree")}
+
+    vfs = VirtualFilesystem()
+    for entry in entries.values():
+        if entry.type == DT_DIR:
+            cls = ProxmoxConfigDirectoryEntry
+        elif entry.type == DT_REG:
+            cls = ProxmoxConfigFileEntry
+        else:
+            raise ValueError(f"Unknown pmxcfs file type: {entry.type}")
+
+        parts = []
+        current = entry
+        while current.parent != 0:
+            parts.append(current.name)
+            current = entries[current.parent]
+        parts.append(current.name)
+
+        path = "/".join(parts[::-1])
+        vfs.map_file_entry(path, cls(vfs, path, entry))
+
+    if hostname:
+        node_root = vfs.path(f"nodes/{hostname}")
+        vfs.symlink(str(node_root), "local")
+        vfs.symlink(str(node_root / "lxc"), "lxc")
+        vfs.symlink(str(node_root / "openvz"), "openvz")
+        vfs.symlink(str(node_root / "qemu-server"), "qemu-server")
+
+    # TODO: .version, .members, .vmlist, maybe .clusterlog and .rrd?
+
+    return vfs
+
+
+class ProxmoxConfigFileEntry(VirtualFile):
+    def open(self) -> BinaryIO:
+        return BufferedStream(BytesIO(self.entry.data or b""))
+
+    def lstat(self) -> fsutil.stat_result:
+        # ['mode', 'addr', 'dev', 'nlink', 'uid', 'gid', 'size', 'atime', 'mtime', 'ctime']
+        return fsutil.stat_result(
+            [
+                stat.S_IFREG | 0o640,
+                self.entry.inode,
+                id(self.fs),
+                1,
+                0,
+                0,
+                len(self.entry.data) if self.entry.data else 0,
+                0,
+                self.entry.mtime,
+                0,
+            ]
+        )
+
+
+class ProxmoxConfigDirectoryEntry(VirtualDirectory):
+    def __init__(self, fs: VirtualFilesystem, path: str, entry: sqlite3.Row):
+        super().__init__(fs, path)
+        self.entry = entry
+
+    def lstat(self) -> fsutil.stat_result:
+        """Return the stat information of the given path, without resolving links."""
+        # ['mode', 'addr', 'dev', 'nlink', 'uid', 'gid', 'size', 'atime', 'mtime', 'ctime']
+        return fsutil.stat_result(
+            [
+                stat.S_IFDIR | 0o755,
+                self.entry.inode,
+                id(self.fs),
+                1,
+                0,
+                0,
+                0,
+                0,
+                self.entry.mtime,
+                0,
+            ]
+        )

dissect/target/plugins/os/unix/linux/debian/proxmox/vm.py

@@ -0,0 +1,29 @@
+from typing import Iterator
+
+from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.helpers.record import TargetRecordDescriptor
+from dissect.target.plugin import Plugin, export
+
+VirtualMachineRecord = TargetRecordDescriptor(
+    "proxmox/vm",
+    [
+        ("string", "path"),
+    ],
+)
+
+
+class VirtualMachinePlugin(Plugin):
+    """Plugin to list Proxmox virtual machines."""
+
+    def check_compatible(self) -> None:
+        if self.target.os != "proxmox":
+            raise UnsupportedPluginError("Not a Proxmox operating system")
+
+    @export(record=VirtualMachineRecord)
+    def vmlist(self) -> Iterator[VirtualMachineRecord]:
+        """List Proxmox virtual machines on this node."""
+        for config in self.target.fs.path("/etc/pve/qemu-server").iterdir():
+            yield VirtualMachineRecord(
+                path=config,
+                _target=self.target,
+            )

dissect/target/plugins/os/unix/linux/debian/snap.py

@@ -0,0 +1,79 @@
+from typing import Iterator
+
+from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.filesystems.squashfs import SquashFSFilesystem
+from dissect.target.helpers import configutil
+from dissect.target.helpers.fsutil import TargetPath
+from dissect.target.helpers.record import UnixApplicationRecord
+from dissect.target.plugin import Plugin, alias, export
+from dissect.target.target import Target
+
+
+class SnapPlugin(Plugin):
+    """Canonical Linux Snapcraft plugin."""
+
+    PATHS = [
+        "/var/lib/snapd/snaps",
+    ]
+
+    def __init__(self, target: Target):
+        super().__init__(target)
+        self.installs = list(self._find_installs())
+
+    def check_compatible(self) -> None:
+        if not configutil.HAS_YAML:
+            raise UnsupportedPluginError("Missing required dependency ruamel.yaml")
+
+        if not self.installs:
+            raise UnsupportedPluginError("No snapd install folder(s) found")
+
+    def _find_installs(self) -> Iterator[TargetPath]:
+        for str_path in self.PATHS:
+            if (path := self.target.fs.path(str_path)).exists():
+                yield path
+
+    @export(record=UnixApplicationRecord)
+    @alias("snaps")
+    def snap(self) -> Iterator[UnixApplicationRecord]:
+        """Yields installed Canonical Linux Snapcraft (snaps) applications on the target system.
+
+        Reads information from installed SquashFS ``*.snap`` files found in ``/var/lib/snapd/snaps``.
+        Logs of the ``snapd`` daemon can be parsed using the ``journal`` or ``syslog`` plugins.
+
+        Resources:
+            - https://github.com/canonical/snapcraft
+            - https://en.wikipedia.org/wiki/Snap_(software)
+
+        Yields ``UnixApplicationRecord`` records with the following fields:
+
+        .. code-block:: text
+
+            ts_modified  (datetime): timestamp when the installation was modified
+            name         (string):   name of the application
+            version      (string):   version of the application
+            path         (string):   path to the application snap file
+        """
+
+        for install_path in self.installs:
+            for snap in install_path.glob("*.snap"):
+                try:
+                    squashfs = SquashFSFilesystem(snap.open())
+
+                except (ValueError, NotImplementedError) as e:
+                    self.target.log.warning("Unable to open snap file %s", snap)
+                    self.target.log.debug("", exc_info=e)
+                    continue
+
+                if not (meta := squashfs.path("meta/snap.yaml")).exists():
+                    self.target.log.warning("Snap %s has no meta/snap.yaml file")
+                    continue
+
+                meta_data = configutil.parse(meta, hint="yaml")
+
+                yield UnixApplicationRecord(
+                    ts_modified=meta.lstat().st_mtime,
+                    name=meta_data.get("name"),
+                    version=meta_data.get("version"),
+                    path=snap,
+                    _target=self.target,
+                )

dissect/target/plugins/os/unix/linux/environ.py

@@ -16,6 +16,8 @@ EnvironmentVariableRecord = TargetRecordDescriptor(
 
 
 class EnvironPlugin(Plugin):
+    """Linux volatile proc environment plugin."""
+
     def check_compatible(self) -> None:
         self.target.proc
 

dissect/target/plugins/os/unix/linux/fortios/_os.py

@@ -6,7 +6,7 @@ from base64 import b64decode
 from datetime import datetime
 from io import BytesIO
 from tarfile import ReadError
-from typing import BinaryIO, Iterator, Optional, TextIO, Union
+from typing import BinaryIO, Iterator, TextIO
 
 from dissect.util import cpio
 from dissect.util.compression import xz
@@ -73,10 +73,11 @@ class FortiOSPlugin(LinuxPlugin):
         return config
 
     @classmethod
-    def detect(cls, target: Target) -> Optional[Filesystem]:
+    def detect(cls, target: Target) -> Filesystem | None:
         for fs in target.filesystems:
-            # Tested on FortiGate and FortiAnalyzer, other Fortinet devices may look different.
-            if fs.exists("/rootfs.gz") and (fs.exists("/.fgtsum") or fs.exists("/.fmg_sign") or fs.exists("/flatkc")):
+            # Tested on FortiGate, FortiAnalyzer and FortiManager.
+            # Other Fortinet devices may look different.
+            if fs.exists("/rootfs.gz") and (any(map(fs.exists, (".fgtsum", ".fmg_sign", "flatkc", "system.conf")))):
                 return fs
 
     @classmethod
@@ -212,7 +213,7 @@ class FortiOSPlugin(LinuxPlugin):
         return "FortiOS Unknown"
 
     @export(record=FortiOSUserRecord)
-    def users(self) -> Iterator[Union[FortiOSUserRecord, UnixUserRecord]]:
+    def users(self) -> Iterator[FortiOSUserRecord | UnixUserRecord]:
         """Return local users of the FortiOS system."""
 
         # Possible unix-like users
@@ -224,7 +225,7 @@ class FortiOSPlugin(LinuxPlugin):
                 yield FortiOSUserRecord(
                     name=username,
                     password=":".join(entry.get("password", [])),
-                    groups=[entry["accprofile"][0]],
+                    groups=list(entry.get("accprofile", [])),
                     home="/root",
                     _target=self.target,
                 )
@@ -233,69 +234,79 @@ class FortiOSPlugin(LinuxPlugin):
             self.target.log.debug("", exc_info=e)
 
         # FortiManager administrative users
-        try:
-            for username, entry in self._config["global-config"]["system"]["admin"]["user"].items():
-                yield FortiOSUserRecord(
-                    name=username,
-                    password=":".join(entry.get("password", [])),
-                    groups=[entry["profileid"][0]],
-                    home="/root",
-                    _target=self.target,
-                )
-        except KeyError as e:
-            self.target.log.warning("Exception while parsing FortiManager admin users")
-            self.target.log.debug("", exc_info=e)
-
-        # Local users
-        try:
-            local_groups = local_groups_to_users(self._config["root-config"]["user"]["group"])
-            for username, entry in self._config["root-config"]["user"].get("local", {}).items():
-                try:
-                    password = decrypt_password(entry["passwd"][-1])
-                except (ValueError, RuntimeError):
-                    password = ":".join(entry.get("passwd", []))
-
-                yield FortiOSUserRecord(
-                    name=username,
-                    password=password,
-                    groups=local_groups.get(username, []),
-                    home=None,
-                    _target=self.target,
-                )
-        except KeyError as e:
-            self.target.log.warning("Exception while parsing FortiOS local users")
-            self.target.log.debug("", exc_info=e)
-
-        # Temporary guest users
-        try:
-            for _, entry in self._config["root-config"]["user"]["group"].get("guestgroup", {}).get("guest", {}).items():
-                try:
-                    password = decrypt_password(entry.get("password")[-1])
-                except (ValueError, RuntimeError):
-                    password = ":".join(entry.get("password"))
+        if self._config.get("global-config", {}).get("system", {}).get("admin", {}).get("user"):
+            try:
+                for username, entry in self._config["global-config"]["system"]["admin"]["user"].items():
+                    yield FortiOSUserRecord(
+                        name=username,
+                        password=":".join(entry.get("password", [])),
+                        groups=list(entry.get("profileid", [])),
+                        home="/root",
+                        _target=self.target,
+                    )
+            except KeyError as e:
+                self.target.log.warning("Exception while parsing FortiManager admin users")
+                self.target.log.debug("", exc_info=e)
+
+        if self._config.get("root-config", {}).get("user", {}).get("local"):
+            # Local users
+            try:
+                local_groups = local_groups_to_users(self._config["root-config"]["user"]["group"])
+            except KeyError as e:
+                self.target.log.warning("Unable to get local user groups in root config")
+                self.target.log.debug("", exc_info=e)
+                local_groups = {}
 
-                yield FortiOSUserRecord(
-                    name=entry["user-id"][0],
-                    password=password,
-                    groups=["guestgroup"],
-                    home=None,
-                    _target=self.target,
-                )
-        except KeyError as e:
-            self.target.log.warning("Exception while parsing FortiOS temporary guest users")
-            self.target.log.debug("", exc_info=e)
+            try:
+                for username, entry in self._config["root-config"]["user"].get("local", {}).items():
+                    try:
+                        password = decrypt_password(entry["passwd"][-1])
+                    except (ValueError, RuntimeError):
+                        password = ":".join(entry.get("passwd", []))
+
+                    yield FortiOSUserRecord(
+                        name=username,
+                        password=password,
+                        groups=local_groups.get(username, []),
+                        home=None,
+                        _target=self.target,
+                    )
+            except KeyError as e:
+                self.target.log.warning("Exception while parsing FortiOS local users")
+                self.target.log.debug("", exc_info=e)
+
+        if self._config.get("root-config", {}).get("user", {}).get("group", {}).get("guestgroup"):
+            # Temporary guest users
+            try:
+                for _, entry in (
+                    self._config["root-config"]["user"]["group"].get("guestgroup", {}).get("guest", {}).items()
+                ):
+                    try:
+                        password = decrypt_password(entry.get("password")[-1])
+                    except (ValueError, RuntimeError):
+                        password = ":".join(entry.get("password"))
+
+                    yield FortiOSUserRecord(
+                        name=entry["user-id"][0],
+                        password=password,
+                        groups=["guestgroup"],
+                        home=None,
+                        _target=self.target,
+                    )
+            except KeyError as e:
+                self.target.log.warning("Exception while parsing FortiOS temporary guest users")
+                self.target.log.debug("", exc_info=e)
 
     @export(property=True)
     def os(self) -> str:
         return OperatingSystem.FORTIOS.value
 
     @export(property=True)
-    def architecture(self) -> Optional[str]:
+    def architecture(self) -> str | None:
         """Return architecture FortiOS runs on."""
-        paths = ["/lib/libav.so", "/bin/ctr"]
-        for path in paths:
-            if self.target.fs.path(path).exists():
-                return self._get_architecture(path=path)
+        for path in ["/lib/libav.so", "/bin/ctr", "/bin/grep"]:
+            if (bin := self.target.fs.path(path)).exists():
+                return self._get_architecture(path=bin)
 
 
 class ConfigNode(dict):
@@ -528,7 +539,7 @@ def decrypt_rootfs(fh: BinaryIO, key: bytes, iv: bytes) -> BinaryIO:
     return BytesIO(result)
 
 
-def _kdf_7_4_x(key_data: Union[str, bytes]) -> tuple[bytes, bytes]:
+def _kdf_7_4_x(key_data: str | bytes) -> tuple[bytes, bytes]:
     """Derive 32 byte key and 16 byte IV from 32 byte seed.
 
     As the IV needs to be 16 bytes, we return the first 16 bytes of the sha256 hash.
@@ -542,7 +553,7 @@ def _kdf_7_4_x(key_data: Union[str, bytes]) -> tuple[bytes, bytes]:
     return key, iv
 
 
-def get_kernel_hash(sysvol: Filesystem) -> Optional[str]:
+def get_kernel_hash(sysvol: Filesystem) -> str | None:
     """Return the SHA256 hash of the (compressed) kernel."""
     kernel_files = ["flatkc", "vmlinuz", "vmlinux"]
     for k in kernel_files:

dissect/target/plugins/os/unix/linux/fortios/generic.py

@@ -9,6 +9,8 @@ from dissect.target.plugins.os.unix.generic import calculate_last_activity
 
 
 class GenericPlugin(Plugin):
+    """Generic FortiOS plugin."""
+
     def check_compatible(self) -> None:
         if self.target.os != "fortios":
             raise UnsupportedPluginError("FortiOS specific plugin loaded on non-FortiOS target")

dissect/target/plugins/os/unix/linux/fortios/locale.py

@@ -5,6 +5,8 @@ from dissect.target.plugin import Plugin, export
 
 
 class LocalePlugin(Plugin):
+    """FortiOS locale plugin."""
+
     def check_compatible(self) -> None:
         if self.target.os != "fortios":
             raise UnsupportedPluginError("FortiOS specific plugin loaded on non-FortiOS target")

dissect/target/plugins/os/unix/linux/modules.py

@@ -28,6 +28,8 @@ class Module:
 
 
 class ModulePlugin(Plugin):
+    """Linux volatile kernel ``/sys/module`` plugin."""
+
     def __init__(self, target: Target):
         super().__init__(target)
         self._module_base_path = self.target.fs.path("/sys/module")

dissect/target/plugins/os/unix/linux/netstat.py

@@ -8,6 +8,8 @@ NETSTAT_TEMPLATE = "{protocol:<12}{receive_queue:<10}{transmit_queue:<11}{local_
 
 
 class NetstatPlugin(Plugin):
+    """Linux volatile netstat plugin."""
+
     def check_compatible(self) -> None:
         self.target.proc
 

dissect/target/{helpers → plugins/os/unix/linux}/network_managers.py

@@ -7,15 +7,17 @@ from configparser import ConfigParser, MissingSectionHeaderError
 from io import StringIO
 from itertools import chain
 from re import compile, sub
-from typing import Any, Callable, Iterable, Iterator, Match, Optional
+from typing import TYPE_CHECKING, Any, Callable, Iterable, Iterator, Match
 
 from defusedxml import ElementTree
 
 from dissect.target.exceptions import PluginError
-from dissect.target.helpers.fsutil import TargetPath
-from dissect.target.plugins.os.unix.log.journal import JournalRecord
-from dissect.target.plugins.os.unix.log.messages import MessagesRecord
-from dissect.target.target import Target
+
+if TYPE_CHECKING:
+    from dissect.target.helpers.fsutil import TargetPath
+    from dissect.target.plugins.os.unix.log.journal import JournalRecord
+    from dissect.target.plugins.os.unix.log.messages import MessagesRecord
+    from dissect.target.target import Target
 
 log = logging.getLogger(__name__)
 
@@ -57,7 +59,7 @@ class Template:
         """Sets the name of the the used parsing template to the name of the discovered network manager."""
         self.name = name
 
-    def create_config(self, path: TargetPath) -> Optional[dict]:
+    def create_config(self, path: TargetPath) -> dict | None:
         """Create a network config dictionary based on the configured template and supplied path.
 
         Args:
@@ -81,7 +83,7 @@ class Template:
             config = self._parse_configparser_config(path)
         return config
 
-    def _parse_netplan_config(self, path: TargetPath) -> Optional[dict]:
+    def _parse_netplan_config(self, path: TargetPath) -> dict | None:
         """Internal function to parse a netplan YAML based configuration file into a dict.
 
         Args:
@@ -286,7 +288,7 @@ class Parser:
             if option in translation_values and value:
                 return translation_key
 
-    def _get_option(self, config: dict, option: str, section: Optional[str] = None) -> Optional[str | Callable]:
+    def _get_option(self, config: dict, option: str, section: str | None = None) -> str | Callable | None:
         """Internal function to get arbitrary options values from a parsed (non-translated) dictionary.
 
         Args:
@@ -334,7 +336,7 @@ class NetworkManager:
         self.config_globs = (config_globs,) if isinstance(config_globs, str) else config_globs
         self.detection_globs = (detection_globs,) if isinstance(detection_globs, str) else detection_globs
 
-    def detect(self, target: Optional[Target] = None) -> bool:
+    def detect(self, target: Target | None = None) -> bool:
         """Detects if the network manager is active on the target
 
         Returns:

dissect/target/plugins/os/unix/linux/processes.py

@@ -18,6 +18,8 @@ ProcProcessRecord = TargetRecordDescriptor(
 
 
 class ProcProcesses(Plugin):
+    """Linux ``/proc`` process volatile plugin."""
+
     def check_compatible(self) -> None:
         self.target.proc
 

dissect/target/plugins/os/unix/linux/redhat/yum.py

@@ -7,13 +7,16 @@ from dissect.target.helpers.utils import year_rollover_helper
 from dissect.target.plugins.os.unix.packagemanager import (
     OperationTypes,
     PackageManagerLogRecord,
+    PackageManagerPlugin,
 )
 
 YUM_LOG_KEYWORDS = ["Installed", "Updated", "Erased", "Obsoleted"]
 RE_TS = re.compile(r"(\w+\s{1,2}\d+\s\d{2}:\d{2}:\d{2})")
 
 
-class YumPlugin(plugin.Plugin):
+class YumPlugin(PackageManagerPlugin):
+    """Yum package manager plugin."""
+
     __namespace__ = "yum"
 
     LOG_DIR_PATH = "/var/log"

dissect/target/plugins/os/unix/linux/services.py

@@ -18,6 +18,8 @@ LinuxServiceRecord = TargetRecordDescriptor(RECORD_NAME, DEFAULT_ELEMENTS)
 
 
 class ServicesPlugin(Plugin):
+    """Linux services plugin."""
+
     SYSTEMD_PATHS = [
         "/etc/systemd/system",
         "/lib/systemd/system",
@@ -35,9 +37,9 @@ class ServicesPlugin(Plugin):
         """Return information about all installed systemd and init.d services.
 
         References:
-        - https://geeksforgeeks.org/what-is-init-d-in-linux-service-management
-        - http://0pointer.de/blog/projects/systemd-for-admins-3.html
-        - https://www.freedesktop.org/software/systemd/man/systemd.syntax.html
+            - https://geeksforgeeks.org/what-is-init-d-in-linux-service-management
+            - http://0pointer.de/blog/projects/systemd-for-admins-3.html
+            - https://www.freedesktop.org/software/systemd/man/latest/systemd.syntax.html
         """
 
         return chain(self.systemd(), self.initd())

dissect/target/plugins/os/unix/linux/sockets.py

@@ -64,6 +64,8 @@ PacketSocketRecord = TargetRecordDescriptor(
 
 
 class NetSocketPlugin(Plugin):
+    """Linux volatile net sockets plugin."""
+
     __namespace__ = "sockets"
 
     def __init__(self, target: Target):

dissect/target/plugins/os/unix/linux/suse/zypper.py

@@ -7,10 +7,13 @@ from dissect.target.helpers.fsutil import open_decompress
 from dissect.target.plugins.os.unix.packagemanager import (
     OperationTypes,
     PackageManagerLogRecord,
+    PackageManagerPlugin,
 )
 
 
-class ZypperPlugin(plugin.Plugin):
+class ZypperPlugin(PackageManagerPlugin):
+    """Zypper package manager plugin."""
+
     __namespace__ = "zypper"
 
     LOG_DIR_PATH = "/var/log/zypp"