dissect.target 3.20.dev36__py3-none-any.whl → 3.20.dev38__py3-none-any.whl

dissect/target/plugins/os/unix/log/lastlog.py

@@ -1,4 +1,4 @@
-from typing import BinaryIO
+from typing import BinaryIO, Iterator
 
 from dissect.cstruct import cstruct
 from dissect.util import ts
@@ -52,13 +52,15 @@ class LastLogFile:
 
 
 class LastLogPlugin(Plugin):
+    """Unix lastlog plugin."""
+
     def check_compatible(self) -> None:
         lastlog = self.target.fs.path("/var/log/lastlog")
         if not lastlog.exists():
             raise UnsupportedPluginError("No lastlog file found")
 
-    @export(record=[LastLogRecord])
-    def lastlog(self):
+    @export(record=LastLogRecord)
+    def lastlog(self) -> Iterator[LastLogRecord]:
         """Return last logins information from /var/log/lastlog.
 
         The lastlog file contains the most recent logins of all users on a Unix based operating system.

dissect/target/plugins/os/unix/log/messages.py

@@ -34,6 +34,8 @@ RE_CLOUD_INIT_LINE = re.compile(
 
 
 class MessagesPlugin(Plugin):
+    """Unix messages log plugin."""
+
     def __init__(self, target: Target):
         super().__init__(target)
         self.log_files = set(self._find_log_files())

dissect/target/plugins/os/unix/log/utmp.py

@@ -168,6 +168,8 @@ class UtmpFile:
 
 
 class UtmpPlugin(Plugin):
+    """Unix utmp log plugin."""
+
     WTMP_GLOB = "/var/log/wtmp*"
     BTMP_GLOB = "/var/log/btmp*"
 
@@ -180,7 +182,7 @@ class UtmpPlugin(Plugin):
         ):
             raise UnsupportedPluginError("No WTMP or BTMP log files found")
 
-    @export(record=[BtmpRecord])
+    @export(record=BtmpRecord)
     def btmp(self) -> Iterator[BtmpRecord]:
         """Return failed login attempts stored in the btmp file.
 
@@ -207,7 +209,7 @@ class UtmpPlugin(Plugin):
                     _target=self.target,
                 )
 
-    @export(record=[WtmpRecord])
+    @export(record=WtmpRecord)
     def wtmp(self) -> Iterator[WtmpRecord]:
         """Return the content of the wtmp log files.
 

dissect/target/plugins/os/unix/packagemanager.py

@@ -1,12 +1,9 @@
 from __future__ import annotations
 
 from enum import Enum
-from typing import Iterator
 
-from dissect.target import Target
-from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.record import TargetRecordDescriptor
-from dissect.target.plugin import Plugin, export
+from dissect.target.plugin import NamespacePlugin
 
 PackageManagerLogRecord = TargetRecordDescriptor(
     "unix/log/packagemanager",
@@ -22,6 +19,8 @@ PackageManagerLogRecord = TargetRecordDescriptor(
 
 
 class OperationTypes(Enum):
+    """Valid operation types."""
+
     Install = "install"
     Update = "update"
     Downgrade = "downgrade"
@@ -45,37 +44,5 @@ class OperationTypes(Enum):
         return OperationTypes.Other
 
 
-class PackageManagerPlugin(Plugin):
+class PackageManagerPlugin(NamespacePlugin):
     __namespace__ = "packagemanager"
-    __findable__ = False
-
-    TOOLS = [
-        "apt",
-        "yum",
-        "zypper",
-    ]
-
-    def __init__(self, target: Target):
-        super().__init__(target)
-        self._plugins = []
-        for entry in self.TOOLS:
-            try:
-                self._plugins.append(getattr(self.target, entry))
-            except Exception:
-                target.log.exception(f"Failed to load tool plugin: {entry}")
-
-    def check_compatible(self) -> None:
-        if not len(self._plugins):
-            raise UnsupportedPluginError("No compatible plugins found")
-
-    def _func(self, f: str) -> Iterator[PackageManagerLogRecord]:
-        for p in self._plugins:
-            try:
-                yield from getattr(p, f)()
-            except Exception:
-                self.target.log.exception("Failed to execute package manager plugin: %s.%s", p._name, f)
-
-    @export(record=PackageManagerLogRecord)
-    def logs(self) -> Iterator[PackageManagerLogRecord]:
-        """Returns logs from all available Unix package managers."""
-        yield from self._func("logs")

dissect/target/plugins/os/unix/shadow.py

@@ -25,6 +25,8 @@ UnixShadowRecord = TargetRecordDescriptor(
 
 
 class ShadowPlugin(Plugin):
+    """Unix shadow passwords plugin."""
+
     def check_compatible(self) -> None:
         if not self.target.fs.path("/etc/shadow").exists():
             raise UnsupportedPluginError("No shadow file found")
@@ -36,7 +38,7 @@ class ShadowPlugin(Plugin):
         """Yield shadow records from /etc/shadow files.
 
         Resources:
-            - https://manpages.ubuntu.com/manpages/oracular/en/man5/passwd.5.html#file:/etc/shadow
+            - https://manpages.ubuntu.com/manpages/oracular/en/man5/passwd.5.html
         """
 
         seen_hashes = set()

dissect/target/plugins/os/unix/trash.py

@@ -59,7 +59,7 @@ class GnomeTrashPlugin(Plugin):
             - https://github.com/GNOME/glib/blob/main/gio/glocalfile.c
             - https://specifications.freedesktop.org/basedir-spec/latest/
 
-        Yields ``TrashRecord``s with the following fields:
+        Yields ``TrashRecord`` records with the following fields:
 
         .. code-block:: text
 

dissect/target/plugins/os/windows/activitiescache.py

@@ -1,3 +1,8 @@
+from __future__ import annotations
+
+from datetime import datetime
+from typing import Iterator
+
 from dissect.sql import sqlite3
 from dissect.util.ts import from_unix
 
@@ -42,8 +47,8 @@ class ActivitiesCachePlugin(Plugin):
     """Plugin that parses the ActivitiesCache.db on newer Windows 10 machines.
 
     References:
-        https://www.cclsolutionsgroup.com/resources/technical-papers
-        https://salt4n6.com/2018/05/03/windows-10-timeline-forensic-artefacts/
+        - https://www.cclsolutionsgroup.com/resources/technical-papers
+        - https://salt4n6.com/2018/05/03/windows-10-timeline-forensic-artefacts/
     """
 
     def __init__(self, target):
@@ -62,7 +67,7 @@ class ActivitiesCachePlugin(Plugin):
             raise UnsupportedPluginError("No ActiviesCache.db files found")
 
     @export(record=ActivitiesCacheRecord)
-    def activitiescache(self):
+    def activitiescache(self) -> Iterator[ActivitiesCacheRecord]:
         """Return ActivitiesCache.db database content.
 
         The Windows Activities Cache database keeps track of activity on a device, such as application and services
@@ -143,7 +148,7 @@ class ActivitiesCachePlugin(Plugin):
                 )
 
 
-def mkts(ts):
+def mkts(ts: int) -> datetime | None:
     """Timestamps inside ActivitiesCache.db are stored in a Unix-like format.
 
     Source: https://salt4n6.com/2018/05/03/windows-10-timeline-forensic-artefacts/

dissect/target/plugins/os/windows/adpolicy.py

@@ -1,4 +1,5 @@
 from struct import unpack
+from typing import Iterator
 
 from defusedxml import ElementTree
 from dissect.cstruct import cstruct
@@ -90,7 +91,7 @@ class ADPolicyPlugin(Plugin):
                 self.target.log.warning("Unable to read XML policy file: %s", error)
 
     @export(record=ADPolicyRecord)
-    def adpolicy(self):
+    def adpolicy(self) -> Iterator[ADPolicyRecord]:
         """Return all AD policies (also known as GPOs or Group Policy Objects).
 
         An Active Directory (AD) maintains global policies that should be adhered by all systems in the domain.

dissect/target/plugins/os/windows/amcache.py

@@ -1,4 +1,7 @@
+from __future__ import annotations
+
 from datetime import datetime, timezone
+from typing import Iterator
 
 from dissect.util.ts import wintimestamp
 
@@ -292,13 +295,13 @@ class AmcachePluginOldMixin:
                     )
 
     @export(record=ProgramsAppcompatRecord)
-    def programs(self):
+    def programs(self) -> Iterator[ProgramsAppcompatRecord]:
         """Return Programs records from Amcache hive."""
         if self.amcache:
             yield from self.parse_programs()
 
     @export(record=FileAppcompatRecord)
-    def files(self):
+    def files(self) -> Iterator[FileAppcompatRecord]:
         """Return File records from Amcache hive."""
         if self.amcache:
             yield from self.parse_file()
@@ -321,9 +324,9 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
         * InventoryApplicationShortcut
 
     References:
-        https://binaryforay.blogspot.com/2015/04/appcompatcache-changes-in-windows-10.html
-        https://www.ssi.gouv.fr/uploads/2019/01/anssi-coriin_2019-analysis_amcache.pdf
-        https://aboutdfir.com/new-windows-11-pro-22h2-evidence-of-execution-artifact/
+        - https://binaryforay.blogspot.com/2015/04/appcompatcache-changes-in-windows-10.html
+        - https://cyber.gouv.fr/sites/default/files/2019/01/anssi-coriin_2019-analysis_amcache.pdf
+        - https://aboutdfir.com/new-windows-11-pro-22h2-evidence-of-execution-artifact/
 
     """
 
@@ -545,7 +548,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
             )
 
     @export(record=ApplicationAppcompatRecord)
-    def applications(self):
+    def applications(self) -> Iterator[ApplicationAppcompatRecord]:
         """Return InventoryApplication records from Amcache hive.
 
         Amcache is a registry hive that stores information about executed programs. The InventoryApplication key holds
@@ -559,7 +562,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
             yield from self.parse_inventory_application()
 
     @export(record=ApplicationFileAppcompatRecord)
-    def application_files(self):
+    def application_files(self) -> Iterator[ApplicationFileAppcompatRecord]:
         """Return InventoryApplicationFile records from Amcache hive.
 
         Amcache is a registry hive that stores information about executed programs. The InventoryApplicationFile key
@@ -573,7 +576,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
             yield from self.parse_inventory_application_file()
 
     @export(record=BinaryAppcompatRecord)
-    def drivers(self):
+    def drivers(self) -> Iterator[BinaryAppcompatRecord]:
         """Return InventoryDriverBinary records from Amcache hive.
 
         Amcache is a registry hive that stores information about executed programs. The InventoryDriverBinary key holds
@@ -588,7 +591,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
             yield from self.parse_inventory_driver_binary()
 
     @export(record=ShortcutAppcompatRecord)
-    def shortcuts(self):
+    def shortcuts(self) -> Iterator[ShortcutAppcompatRecord]:
         """Return InventoryApplicationShortcut records from Amcache hive.
 
         Amcache is a registry hive that stores information about executed programs. The InventoryApplicationShortcut
@@ -604,7 +607,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
             yield from self.parse_inventory_application_shortcut()
 
     @export(record=ContainerAppcompatRecord)
-    def device_containers(self):
+    def device_containers(self) -> Iterator[ContainerAppcompatRecord]:
         """Return InventoryDeviceContainer records from Amcache hive.
 
         Amcache is a registry hive that stores information about executed programs. The InventoryDeviceContainer key
@@ -619,7 +622,7 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
             yield from self.parse_inventory_device_container()
 
     @export(record=AppLaunchAppcompatRecord)
-    def applaunches(self):
+    def applaunches(self) -> Iterator[AppLaunchAppcompatRecord]:
         """Return AppLaunchAppcompatRecord records from Amcache applaunch files (Windows 11 22H2 or later).
 
         TODO: Research C:\\Windows\\appcompat\\pca\\PcaGeneralDb0.txt and
@@ -641,11 +644,11 @@ class AmcachePlugin(AmcachePluginOldMixin, Plugin):
                 )
 
 
-def parse_win_datetime(value: str):
+def parse_win_datetime(value: str) -> datetime | None:
     if value:
         return datetime.strptime(value, "%m/%d/%Y %H:%M:%S")
 
 
-def parse_win_timestamp(value: str):
+def parse_win_timestamp(value: str) -> datetime | None:
     if value:
         return wintimestamp(value)

dissect/target/plugins/os/windows/defender.py

@@ -4,7 +4,7 @@ import re
 from datetime import datetime, timezone
 from io import BytesIO
 from pathlib import Path
-from typing import Any, BinaryIO, Generator, Iterable, Iterator, TextIO, Union
+from typing import Any, BinaryIO, Iterable, Iterator, TextIO
 
 import dissect.util.ts as ts
 from dissect.cstruct import cstruct
@@ -434,7 +434,7 @@ class MicrosoftDefenderPlugin(plugin.Plugin):
             raise UnsupportedPluginError("No Defender objects found")
 
     @plugin.export(record=DefenderLogRecord)
-    def evtx(self) -> Generator[Record, None, None]:
+    def evtx(self) -> Iterator[DefenderLogRecord]:
         """Parse Microsoft Defender evtx log files"""
 
         defender_evtx_field_names = [field_name for _, field_name in DEFENDER_EVTX_FIELDS]
@@ -458,7 +458,7 @@ class MicrosoftDefenderPlugin(plugin.Plugin):
             yield DefenderLogRecord(**record_fields, _target=self.target)
 
     @plugin.export(record=[DefenderQuarantineRecord, DefenderFileQuarantineRecord])
-    def quarantine(self) -> Iterator[Union[DefenderQuarantineRecord, DefenderFileQuarantineRecord]]:
+    def quarantine(self) -> Iterator[DefenderQuarantineRecord | DefenderFileQuarantineRecord]:
         """Parse the quarantine folder of Microsoft Defender for quarantine entry resources.
 
         Quarantine entry resources contain metadata about detected threats that Microsoft Defender has placed in

dissect/target/plugins/os/windows/dpapi/keyprovider/credhist.py

@@ -8,6 +8,8 @@ from dissect.target.plugins.os.windows.dpapi.keyprovider.keyprovider import (
 
 
 class CredHistKeyProviderPlugin(KeyProviderPlugin):
+    """Windows CREDHIST SHA1-hash key provider plugin."""
+
     __namespace__ = "_dpapi_keyprovider_credhist"
 
     def check_compatible(self) -> None:
@@ -16,6 +18,7 @@ class CredHistKeyProviderPlugin(KeyProviderPlugin):
 
     @export(output="yield")
     def keys(self) -> Iterator[tuple[str, str]]:
+        """Yield Windows CREDHIST SHA1 hashes."""
         for credhist in self.target.credhist():
             if value := getattr(credhist, "sha1"):
                 yield self.__namespace__, value

dissect/target/plugins/os/windows/dpapi/keyprovider/empty.py

@@ -7,6 +7,8 @@ from dissect.target.plugins.os.windows.dpapi.keyprovider.keyprovider import (
 
 
 class EmptyKeyProviderPlugin(KeyProviderPlugin):
+    """Empty key provider plugin."""
+
     __namespace__ = "_dpapi_keyprovider_empty"
 
     def check_compatible(self) -> None:
@@ -14,4 +16,5 @@ class EmptyKeyProviderPlugin(KeyProviderPlugin):
 
     @export(output="yield")
     def keys(self) -> Iterator[tuple[str, str]]:
+        """Yield an empty string."""
         yield self.__namespace__, ""

dissect/target/plugins/os/windows/dpapi/keyprovider/keychain.py

@@ -8,6 +8,8 @@ from dissect.target.plugins.os.windows.dpapi.keyprovider.keyprovider import (
 
 
 class KeychainKeyProviderPlugin(KeyProviderPlugin):
+    """Keychain key provider plugin."""
+
     __namespace__ = "_dpapi_keyprovider_keychain"
 
     def check_compatible(self) -> None:
@@ -15,6 +17,7 @@ class KeychainKeyProviderPlugin(KeyProviderPlugin):
 
     @export(output="yield")
     def keys(self) -> Iterator[tuple[str, str]]:
+        """Yield keychain passphrases."""
         for key in keychain.get_keys_for_provider("user") + keychain.get_keys_without_provider():
             if key.key_type == keychain.KeyType.PASSPHRASE:
                 yield self.__namespace__, key.value

dissect/target/plugins/os/windows/dpapi/keyprovider/lsa.py

@@ -21,6 +21,8 @@ c_defaultpassword = cstruct().load(defaultpassword_def)
 
 
 class LSADefaultPasswordKeyProviderPlugin(KeyProviderPlugin):
+    """Windows LSA DefaultPassword key provider plugin."""
+
     __namespace__ = "_dpapi_keyprovider_lsa_defaultpassword"
 
     def check_compatible(self) -> None:
@@ -29,6 +31,7 @@ class LSADefaultPasswordKeyProviderPlugin(KeyProviderPlugin):
 
     @export(output="yield")
     def keys(self) -> Iterator[tuple[str, str]]:
+        """Yield Windows LSA DefaultPassword strings."""
         if default_pass := self.target.lsa._secrets.get("DefaultPassword"):
             try:
                 value = c_defaultpassword.DefaultPassword(default_pass).data

dissect/target/plugins/os/windows/env.py

@@ -314,8 +314,7 @@ class EnvironmentVariablePlugin(Plugin):
     def user_env(self, user_sid: Optional[str] = None) -> OrderedDict[str, str]:
         """Return a dict of all found (user) environment variables.
 
-        If no ``user_sid` is provided, this function will return just the
-        system environment variables.
+        If no ``user_sid`` is provided, this function will return just the system environment variables.
         """
         return self._get_user_env_vars(user_sid)
 

dissect/target/plugins/os/windows/exchange/exchange.py

@@ -3,13 +3,15 @@ from dissect.target.plugin import Plugin, export
 
 
 class ExchangePlugin(Plugin):
+    """Microsoft Exchange Server plugin."""
+
     __namespace__ = "exchange"
 
     def check_compatible(self) -> None:
         if not len(self.install_paths()):
             raise UnsupportedPluginError("No Exchange install path found")
 
-    def install_paths(self):
+    def install_paths(self) -> list[str]:
         paths = []
         key = "HKLM\\SOFTWARE\\Microsoft\\ExchangeServer"
         for reg_key in self.target.registry.keys(key):
@@ -23,9 +25,9 @@ class ExchangePlugin(Plugin):
 
         return paths
 
-    @export
-    def transport_agents(self):
-        """Return the content of the config file for Transport Agents for Microsoft Exchange.
+    @export(output="none")
+    def transport_agents(self) -> None:
+        """Print the content of the config file for Transport Agents for Microsoft Exchange.
 
         A Transport Agent is additional software on a Microsoft Exchange server that allows for custom processing of
         email messages that go through the transport pipeline.

dissect/target/plugins/os/windows/generic.py

@@ -1,5 +1,7 @@
+from __future__ import annotations
+
 from datetime import datetime
-from typing import Optional
+from typing import Iterator
 
 from dissect.util.ts import from_unix
 
@@ -123,12 +125,12 @@ class GenericPlugin(Plugin):
             raise UnsupportedPluginError("Unsupported Plugin")
 
     @export(property=True)
-    def ntversion(self):
+    def ntversion(self) -> str | None:
         """Return the Windows NT version."""
         return self.target._os._nt_version()
 
     @export(output="yield")
-    def pathenvironment(self):
+    def pathenvironment(self) -> Iterator[str]:
         """Return the content of the Windows PATH environment variable.
 
         PATH is an environment variable on an operating system that specifies a set of directories where executable
@@ -142,7 +144,7 @@ class GenericPlugin(Plugin):
             yield r.value("Path").value
 
     @export(property=True)
-    def domain(self):
+    def domain(self) -> str | None:
         """Return the domain name.
 
         Corporate Windows systems are usually connected to a domain (active directory).
@@ -167,7 +169,7 @@ class GenericPlugin(Plugin):
                 continue
 
     @export(property=True)
-    def activity(self) -> Optional[datetime]:
+    def activity(self) -> datetime | None:
         """Return last seen activity based on filesystem timestamps."""
         last_seen = 0
 
@@ -193,7 +195,7 @@ class GenericPlugin(Plugin):
         return from_unix(last_seen)
 
     @export(property=True)
-    def install_date(self) -> Optional[datetime]:
+    def install_date(self) -> datetime | None:
         """Returns the install date of the system.
 
         The value of the registry key is stored as a Unix epoch timestamp.
@@ -211,7 +213,7 @@ class GenericPlugin(Plugin):
             return
 
     @export(record=AppInitRecord)
-    def appinit(self):
+    def appinit(self) -> Iterator[AppInitRecord]:
         """Return all available Application Initial (AppInit) DLLs registry key values.
 
         AppInit_DLLs is a mechanism that allows an arbitrary list of DLLs to be loaded into each user mode process on
@@ -258,7 +260,7 @@ class GenericPlugin(Plugin):
                     continue
 
     @export(record=KnownDllRecord)
-    def knowndlls(self):
+    def knowndlls(self) -> Iterator[KnownDllRecord]:
         """Return all available KnownDLLs registry key values.
 
         The KnownDLLs registry key values are used to cache frequently used system DLLs. Initially, it was added to
@@ -287,7 +289,7 @@ class GenericPlugin(Plugin):
             pass
 
     @export(record=SessionManagerRecord)
-    def sessionmanager(self):
+    def sessionmanager(self) -> Iterator[SessionManagerRecord]:
         """Return interesting Session Manager (Smss.exe) registry key entries.
 
         Session Manager (Smss.exe) is the first user-mode process started by the kernel and performs several tasks,
@@ -339,7 +341,7 @@ class GenericPlugin(Plugin):
                     )
 
     @export(record=NullSessionPipeRecord)
-    def nullsessionpipes(self):
+    def nullsessionpipes(self) -> Iterator[NullSessionPipeRecord]:
         """Return the NullSessionPipes registry key value.
 
         The NullSessionPipes registry key value specifies server pipes and shared folders that are excluded from the
@@ -367,7 +369,7 @@ class GenericPlugin(Plugin):
                 continue
 
     @export(record=NdisRecord)
-    def ndis(self):
+    def ndis(self) -> Iterator[NdisRecord]:
         """Return network registry key entries."""
         key = "HKLM\\System\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}"
         for r in self.target.registry.keys(key):
@@ -401,7 +403,7 @@ class GenericPlugin(Plugin):
                     )
 
     @export(record=CommandProcAutoRunRecord)
-    def commandprocautorun(self):
+    def commandprocautorun(self) -> Iterator[CommandProcAutoRunRecord]:
         """Return all available Command Processor (cmd.exe) AutoRun registry key values.
 
         The Command Processor AutoRun registry key values contain commands that are run each time the Command Processor
@@ -435,7 +437,7 @@ class GenericPlugin(Plugin):
                     continue
 
     @export(record=AlternateShellRecord)
-    def alternateshell(self):
+    def alternateshell(self) -> Iterator[AlternateShellRecord]:
         """Return the AlternateShell registry key value.
 
         The AlternateShell registry key, HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Safeboot, specifies the
@@ -459,7 +461,7 @@ class GenericPlugin(Plugin):
             )
 
     @export(record=BootShellRecord)
-    def bootshell(self):
+    def bootshell(self) -> Iterator[BootShellRecord]:
         """Return the BootShell registry key entry.
 
         Usually contains a path to bootim.exe which is Windows's recovery menu.
@@ -483,7 +485,7 @@ class GenericPlugin(Plugin):
             )
 
     @export(record=FileRenameOperationRecord)
-    def filerenameop(self):
+    def filerenameop(self) -> Iterator[FileRenameOperationRecord]:
         """Return all pending file rename operations.
 
         The PendingFileRenameOperations registry key value contains information about files that will be renamed on
@@ -513,7 +515,7 @@ class GenericPlugin(Plugin):
                 )
 
     @export(record=WinRarRecord)
-    def winrar(self):
+    def winrar(self) -> Iterator[WinRarRecord]:
         """Return all available WinRAR history registry key values."""
         keys = [
             "HKEY_CURRENT_USER\\Software\\WinRAR\\ArcHistory",
@@ -534,7 +536,7 @@ class GenericPlugin(Plugin):
                     )
 
     @export(record=WinSockNamespaceProviderRecord)
-    def winsocknamespaceprovider(self):
+    def winsocknamespaceprovider(self) -> Iterator[WinSockNamespaceProviderRecord]:
         """Return available protocols stored in the Winsock catalog database.
 
         References:
@@ -562,7 +564,7 @@ class GenericPlugin(Plugin):
                     )
 
     @export(property=True)
-    def codepage(self) -> Optional[str]:
+    def codepage(self) -> str | None:
         """Returns the current active codepage on the system."""
 
         key = "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CodePage"

dissect/target/plugins/os/windows/lnk.py

@@ -118,6 +118,8 @@ def parse_lnk_file(target: Target, lnk_file: Lnk, lnk_path: TargetPath) -> Itera
 
 
 class LnkPlugin(Plugin):
+    """Windows lnk plugin."""
+
     def __init__(self, target: Target) -> None:
         super().__init__(target)
         self.folders = ["programdata", "users", "windows"]

dissect/target/plugins/os/windows/locale.py

@@ -1,3 +1,7 @@
+from __future__ import annotations
+
+from typing import Iterator
+
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.localeutil import normalize_language, normalize_timezone
 from dissect.target.helpers.record import TargetRecordDescriptor
@@ -13,6 +17,8 @@ WindowsKeyboardRecord = TargetRecordDescriptor(
 
 
 class LocalePlugin(Plugin):
+    """Windows locale plugin."""
+
     def __init__(self, target):
         super().__init__(target)
         self.LANG_DICT = {
@@ -26,7 +32,7 @@ class LocalePlugin(Plugin):
             raise UnsupportedPluginError("Unsupported Plugin")
 
     @export(record=WindowsKeyboardRecord)
-    def keyboard(self):
+    def keyboard(self) -> Iterator[WindowsKeyboardRecord]:
         """Yield records of installed keyboards on the system."""
         found_keyboards = []
         for key in self.target.registry.keys("HKCU\\Keyboard Layout\\Preload"):
@@ -41,7 +47,7 @@ class LocalePlugin(Plugin):
                     )
 
     @export(property=True)
-    def language(self):
+    def language(self) -> str | None:
         """Get a list of installed languages on the system."""
         # HKCU\\Control Panel\\International\\User Profile" Languages
         found_languages = []
@@ -53,6 +59,6 @@ class LocalePlugin(Plugin):
         return found_languages
 
     @export(property=True)
-    def timezone(self):
+    def timezone(self) -> str | None:
         """Get the configured timezone of the system in IANA TZ standard format."""
         return normalize_timezone(self.target.datetime.tzinfo.name)