dissect.target 3.20.dev13__py3-none-any.whl → 3.20.dev15__py3-none-any.whl

dissect/target/plugins/filesystem/ntfs/mft.py

@@ -105,6 +105,7 @@ FilesystemMACBRecord = TargetRecordDescriptor(
         ("filesize", "filesize"),
         ("boolean", "resident"),
         ("boolean", "inuse"),
+        ("boolean", "ads"),
         ("string", "volume_uuid"),
     ],
 )
@@ -151,7 +152,7 @@ class MftPlugin(Plugin):
         "--macb",
         group="fmt",
         action="store_true",
-        help="compacts the MFT entry timestamps into aggregated records with MACB bitfield",
+        help="compacts MFT timestamps into MACB bitfield (format: MACB[standard|ads]/MACB[filename])",
     )
     def mft(
         self, compact: bool = False, fs: int | None = None, start: int = 0, end: int = -1, macb: bool = False
@@ -342,12 +343,13 @@ def macb_aggr(records: list[Record]) -> Iterator[Record]:
     for record in records:
         found = False
 
-        offset_std = int(record._desc.name == "filesystem/ntfs/mft/std") * 5
-        offset_ads = (int(record.ads) * 10) if offset_std == 0 else 0
+        offset = 0
+        if not getattr(record, "ads", False):
+            offset = int(record._desc.name == "filesystem/ntfs/mft/filename") * 5
 
-        field = "MACB".find(record.ts_type) + offset_std + offset_ads
+        field = "MACB".find(record.ts_type) + offset
         for macb in macbs:
-            if macb.ts == record.ts:
+            if macb.ts == record.ts and macb.path == record.path:
                 macb.macb = macb_set(macb.macb, field, record.ts_type)
                 found = True
                 break
@@ -356,7 +358,7 @@ def macb_aggr(records: list[Record]) -> Iterator[Record]:
             continue
 
         macb = FilesystemMACBRecord.init_from_record(record)
-        macb.macb = "..../..../...."
+        macb.macb = "..../...."
         macb.macb = macb_set(macb.macb, field, record.ts_type)
 
         macbs.append(macb)

dissect/target/tools/shell.py

@@ -95,6 +95,7 @@ class ExtendedCmd(cmd.Cmd):
     """
 
     CMD_PREFIX = "cmd_"
+    _runtime_aliases = {}
 
     def __init__(self, cyber: bool = False):
         cmd.Cmd.__init__(self)
@@ -164,6 +165,11 @@ class ExtendedCmd(cmd.Cmd):
         return None
 
     def default(self, line: str) -> bool:
+        com, arg, _ = self.parseline(line)
+        if com in self._runtime_aliases:
+            expanded = " ".join([self._runtime_aliases[com], arg])
+            return self.onecmd(expanded)
+
         if (should_exit := self._handle_command(line)) is not None:
             return should_exit
 
@@ -230,6 +236,43 @@ class ExtendedCmd(cmd.Cmd):
     def complete_man(self, *args) -> list[str]:
         return cmd.Cmd.complete_help(self, *args)
 
+    def do_unalias(self, line: str) -> bool:
+        """delete runtime alias"""
+        aliases = list(shlex.shlex(line, posix=True))
+        for aliased in aliases:
+            if aliased in self._runtime_aliases:
+                del self._runtime_aliases[aliased]
+            else:
+                print(f"alias {aliased} not found")
+        return False
+
+    def do_alias(self, line: str) -> bool:
+        """create a runtime alias"""
+        args = list(shlex.shlex(line, posix=True))
+
+        if not args:
+            for aliased, command in self._runtime_aliases.items():
+                print(f"alias {aliased}={command}")
+            return False
+
+        while args:
+            alias_name = args.pop(0)
+            try:
+                equals = args.pop(0)
+                # our parser works different, so we have to stop this
+                if equals != "=":
+                    raise RuntimeError("Token not allowed")
+                expanded = args.pop(0) if args else ""  # this is how it works in bash
+                self._runtime_aliases[alias_name] = expanded
+            except IndexError:
+                if alias_name in self._runtime_aliases:
+                    print(f"alias {alias_name}={self._runtime_aliases[alias_name]}")
+                else:
+                    print(f"alias {alias_name} not found")
+                pass
+
+        return False
+
     def do_clear(self, line: str) -> bool:
         """clear the terminal screen"""
         os.system("cls||clear")

{dissect.target-3.20.dev13.dist-info → dissect.target-3.20.dev15.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.20.dev13
+Version: 3.20.dev15
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.20.dev13.dist-info → dissect.target-3.20.dev15.dist-info}/RECORD

@@ -170,7 +170,7 @@ dissect/target/plugins/filesystem/resolver.py,sha256=HfyASUFV4F9uD-yFXilFpPTORAs
 dissect/target/plugins/filesystem/walkfs.py,sha256=rklbN805roy2fKAQe5L1JhTvI0qNgGS70ZNGFwevLB0,2740
 dissect/target/plugins/filesystem/yara.py,sha256=zh4hU3L_egddLqDeaHDVuCWYhTlNzPYPVak36Q6IMxI,6621
 dissect/target/plugins/filesystem/ntfs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/filesystem/ntfs/mft.py,sha256=6r2uQrvJsuHGpKxx4vQPBuZ9yGLj-d8RS5y289-VoZI,12384
+dissect/target/plugins/filesystem/ntfs/mft.py,sha256=2YEkdPpMz4WcXHUD4SnB8kCkZgXRgeXgXf827F1nh3w,12429
 dissect/target/plugins/filesystem/ntfs/mft_timeline.py,sha256=vvNFAZbr7s3X2OTYf4ES_L6-XsouTXcTymfxnHfZ1Rw,6791
 dissect/target/plugins/filesystem/ntfs/usnjrnl.py,sha256=uiT1ipmcAo__6VIUi8R_vvIu22vdnjMACKwLSAbzYjs,3704
 dissect/target/plugins/filesystem/ntfs/utils.py,sha256=xG7Lgw9NX4tDDrZVRm0vycFVJTOM7j-HrjqzDh0f4uA,3136
@@ -350,7 +350,7 @@ dissect/target/tools/logging.py,sha256=5ZnumtMWLyslxfrUGZ4ntRyf3obOOhmn8SBjKfdLc
 dissect/target/tools/mount.py,sha256=8GRYnu4xEmFBHxuIZAYhOMyyTGX8fat1Ou07DNiUnW4,3945
 dissect/target/tools/query.py,sha256=e-yAN9zdQjuOiTuoOQoo17mVEQGGcOgaA9YkF4GYpkM,15394
 dissect/target/tools/reg.py,sha256=FDsiBBDxjWVUBTRj8xn82vZe-J_d9piM-TKS3PHZCcM,3193
-dissect/target/tools/shell.py,sha256=dmshIriwdd_UwrdUcTfWkcYD8Z0mjzbDqwyZG-snDdM,50482
+dissect/target/tools/shell.py,sha256=7jur65pFugpZHyfA0MkaMPCYWZPUSFjhkFQZO8IBYXQ,52077
 dissect/target/tools/utils.py,sha256=JJZDSso1CEK2sv4Z3HJNgqxH6G9S5lbmV-C3h-XmcMo,12035
 dissect/target/tools/yara.py,sha256=70k-2VMulf1EdkX03nCACzejaOEcsFHOyX-4E40MdQU,2044
 dissect/target/tools/dump/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -365,10 +365,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.20.dev13.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.20.dev13.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.20.dev13.dist-info/METADATA,sha256=mpZi2V8jF1Sz3fTDHliJKuFMK5T3-EKFajMi30PNUrM,12897
-dissect.target-3.20.dev13.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
-dissect.target-3.20.dev13.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
-dissect.target-3.20.dev13.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.20.dev13.dist-info/RECORD,,
+dissect.target-3.20.dev15.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.20.dev15.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.20.dev15.dist-info/METADATA,sha256=Z0q9VoAwFjPPZnc3S6F_5bAUKanh-79WT4DZbPQ-0cs,12897
+dissect.target-3.20.dev15.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
+dissect.target-3.20.dev15.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
+dissect.target-3.20.dev15.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.20.dev15.dist-info/RECORD,,