dissect.target 3.20.dev38__py3-none-any.whl → 3.20.dev39__py3-none-any.whl

dissect/target/plugins/apps/editor/editor.py

@@ -0,0 +1,23 @@
+from dissect.target.plugin import NamespacePlugin, export
+
+COMMON_EDITOR_FIELDS = [
+    ("datetime", "ts"),
+    ("string", "editor"),
+    ("path", "source"),
+]
+
+
+class EditorPlugin(NamespacePlugin):
+    """Editor plugin."""
+
+    __namespace__ = "editor"
+
+    @export
+    def extensions(self) -> None:
+        """Yields installed extensions."""
+        raise NotImplementedError
+
+    @export
+    def history(self) -> None:
+        """Yields history of files."""
+        raise NotImplementedError

dissect/target/plugins/apps/{texteditor → editor}/windowsnotepad.py

@@ -16,11 +16,8 @@ from dissect.target.helpers.record import (
     WindowsUserRecord,
     create_extended_descriptor,
 )
-from dissect.target.plugin import export
-from dissect.target.plugins.apps.texteditor.texteditor import (
-    GENERIC_TAB_CONTENTS_RECORD_FIELDS,
-    TexteditorPlugin,
-)
+from dissect.target.plugin import alias, export
+from dissect.target.plugins.apps.editor.editor import COMMON_EDITOR_FIELDS, EditorPlugin
 from dissect.target.target import Target
 
 # Thanks to @Nordgaren, @daddycocoaman, @JustArion and @ogmini for their suggestions and feedback in the PR
@@ -94,16 +91,25 @@ struct options_v2 {
 };
 """
 
-WINDOWS_SAVED_TABS_EXTRA_FIELDS = [("datetime", "modification_time"), ("digest", "hashes"), ("path", "saved_path")]
+GENERIC_TAB_CONTENTS_RECORD_FIELDS = [
+    ("string", "content"),
+    ("path", "path"),
+    ("string", "deleted_content"),
+]
 
 WindowsNotepadUnsavedTabRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
-    "texteditor/windowsnotepad/tab/unsaved",
-    GENERIC_TAB_CONTENTS_RECORD_FIELDS,
+    "application/editor/windowsnotepad/tab/unsaved",
+    COMMON_EDITOR_FIELDS + GENERIC_TAB_CONTENTS_RECORD_FIELDS,
 )
 
 WindowsNotepadSavedTabRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
-    "texteditor/windowsnotepad/tab/saved",
-    GENERIC_TAB_CONTENTS_RECORD_FIELDS + WINDOWS_SAVED_TABS_EXTRA_FIELDS,
+    "application/editor/windowsnotepad/tab/saved",
+    COMMON_EDITOR_FIELDS
+    + GENERIC_TAB_CONTENTS_RECORD_FIELDS
+    + [
+        ("digest", "digest"),
+        ("path", "saved_path"),
+    ],
 )
 
 c_windowstab = cstruct().load(windowstab_def)
@@ -264,7 +270,7 @@ class WindowsNotepadTab:
         self.deleted_content = deleted_content if deleted_content else None
 
 
-class WindowsNotepadPlugin(TexteditorPlugin):
+class WindowsNotepadPlugin(EditorPlugin):
     """Windows notepad tab content plugin."""
 
     __namespace__ = "windowsnotepad"
@@ -273,28 +279,27 @@ class WindowsNotepadPlugin(TexteditorPlugin):
 
     def __init__(self, target: Target):
         super().__init__(target)
-        self.users_tabs: list[TargetPath, UnixUserRecord | WindowsUserRecord] = []
+        self.users_tabs: set[TargetPath, UnixUserRecord | WindowsUserRecord] = set()
         for user_details in self.target.user_details.all_with_home():
             for tab_file in user_details.home_path.glob(self.GLOB):
-                # These files seem to contain information on different settings / configurations,
-                # and are skipped for now
+                # These files contain information on different settings / configurations, and are skipped for now.
                 if tab_file.name.endswith(".1.bin") or tab_file.name.endswith(".0.bin"):
                     continue
 
-                self.users_tabs.append((tab_file, user_details.user))
+                self.users_tabs.add((tab_file, user_details.user))
 
     def check_compatible(self) -> None:
         if not self.users_tabs:
             raise UnsupportedPluginError("No Windows Notepad tab files found")
 
+    @alias("tabs")
     @export(record=[WindowsNotepadSavedTabRecord, WindowsNotepadUnsavedTabRecord])
-    def tabs(self) -> Iterator[WindowsNotepadSavedTabRecord | WindowsNotepadUnsavedTabRecord]:
+    def history(self) -> Iterator[WindowsNotepadSavedTabRecord | WindowsNotepadUnsavedTabRecord]:
         """Return contents from Windows 11 Notepad tabs - and its deleted content if available.
 
         Windows Notepad application for Windows 11 is now able to restore both saved and unsaved tabs when you re-open
         the application.
 
-
         Resources:
             - https://github.com/fox-it/dissect.target/pull/540
             - https://github.com/JustArion/Notepad-Tabs
@@ -304,37 +309,41 @@ class WindowsNotepadPlugin(TexteditorPlugin):
             - https://github.com/Nordgaren/tabstate-util/issues/1
             - https://medium.com/@mahmoudsoheem/new-digital-forensics-artifact-from-windows-notepad-527645906b7b
 
-        Yields a WindowsNotepadSavedTabRecord or WindowsNotepadUnsavedTabRecord. with fields:
+        Yields ``WindowsNotepadSavedTabRecord`` or ``WindowsNotepadUnsavedTabRecord`` records:
 
         .. code-block:: text
 
-            content (string): The content of the tab.
-            path (path): The path to the tab file.
-            deleted_content (string): The deleted content of the tab, if available.
-            hashes (digest): A digest of the tab content.
-            saved_path (path): The path where the tab was saved.
-            modification_time (datetime): The modification time of the tab.
+            ts              (datetime): The modification time of the tab.
+            content         (string):   The content of the tab.
+            path            (path):     The path to the tab file.
+            deleted_content (string):   The deleted content of the tab, if available.
+            digest          (digest):   A digest of the tab content.
+            saved_path      (path):     The path where the tab was saved.
         """
         for file, user in self.users_tabs:
-            # Parse the file
-            tab: WindowsNotepadTab = WindowsNotepadTab(file)
+            tab = WindowsNotepadTab(file)
 
             if tab.is_saved:
                 yield WindowsNotepadSavedTabRecord(
+                    ts=wintimestamp(tab.tab_header.timestamp),
+                    editor="windowsnotepad",
                     content=tab.content,
                     path=tab.file,
                     deleted_content=tab.deleted_content,
-                    hashes=digest((None, None, tab.tab_header.sha256.hex())),
+                    digest=digest((None, None, tab.tab_header.sha256.hex())),
                     saved_path=tab.tab_header.filePath,
-                    modification_time=wintimestamp(tab.tab_header.timestamp),
-                    _target=self.target,
+                    source=file,
                     _user=user,
+                    _target=self.target,
                 )
+
             else:
                 yield WindowsNotepadUnsavedTabRecord(
+                    editor="windowsnotepad",
                     content=tab.content,
+                    deleted_content=tab.deleted_content,
                     path=tab.file,
-                    _target=self.target,
+                    source=file,
                     _user=user,
-                    deleted_content=tab.deleted_content,
+                    _target=self.target,
                 )

{dissect.target-3.20.dev38.dist-info → dissect.target-3.20.dev39.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.20.dev38
+Version: 3.20.dev39
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.20.dev38.dist-info → dissect.target-3.20.dev39.dist-info}/RECORD

@@ -127,6 +127,9 @@ dissect/target/plugins/apps/browser/firefox.py,sha256=mZBBagFfIdiz9kUyK4Hi989I4g
 dissect/target/plugins/apps/browser/iexplore.py,sha256=g_xw0toaiyjevxO8g9XPCOqc-CXZp39FVquRhPFGdTE,8801
 dissect/target/plugins/apps/container/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/container/docker.py,sha256=LTsZplaECSfO1Ysp_Y-9WsnNocsreu_iHO8fbSif3g0,16221
+dissect/target/plugins/apps/editor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+dissect/target/plugins/apps/editor/editor.py,sha256=yJctXY0XTfwW3GKy6XLO2WaWFQLssdBck9ZOcZSyf80,495
+dissect/target/plugins/apps/editor/windowsnotepad.py,sha256=A9cfFrqbU2zjHRrzYsCnXr-uxKAIsVIKdXXJPYMt6MU,15068
 dissect/target/plugins/apps/other/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/other/env.py,sha256=_I12S_wjyT18WlUJ5cWOy5OTI140AheH6tq743iiyys,1874
 dissect/target/plugins/apps/remoteaccess/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -141,9 +144,6 @@ dissect/target/plugins/apps/ssh/openssh.py,sha256=e3bj9fWxvU2K9Gk9JqA2_E-opkzLTv
 dissect/target/plugins/apps/ssh/opensshd.py,sha256=VL78AuMaacn-pGNoPwvWm_9lbhj-ZNJDmRbL-UlQpIM,5545
 dissect/target/plugins/apps/ssh/putty.py,sha256=EmsXr2NbOB13-EWS5AkpEPMUhOkVl6FAy8JGUiaDhxk,10133
 dissect/target/plugins/apps/ssh/ssh.py,sha256=d3U8PJbtMvOV3K0wV_9KzGt2oRs-mfNQz1_Xd6SNx0Y,9320
-dissect/target/plugins/apps/texteditor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/apps/texteditor/texteditor.py,sha256=h-tF1x2hLlgeNM3W-0Z9g0mjjkb9ietT1D5c-9GaMr8,543
-dissect/target/plugins/apps/texteditor/windowsnotepad.py,sha256=BXGhcwWIW6zlQyD_nHpc1r5Lxt6WMvhfqY2PWf0A6pw,14852
 dissect/target/plugins/apps/virtualization/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/virtualization/vmware_workstation.py,sha256=7G-MRZCMN6aSYfs5NpaW2wkezqlx_EXq9-GzdbvtRrk,2088
 dissect/target/plugins/apps/vpn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -370,10 +370,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.20.dev38.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.20.dev38.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.20.dev38.dist-info/METADATA,sha256=Ex7zBUuPOU3i3WWpjC0GWdIp7kFkai3r89cl9anlJ3A,12897
-dissect.target-3.20.dev38.dist-info/WHEEL,sha256=OVMc5UfuAQiSplgO0_WdW7vXVGAt9Hdd6qtN4HotdyA,91
-dissect.target-3.20.dev38.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
-dissect.target-3.20.dev38.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.20.dev38.dist-info/RECORD,,
+dissect.target-3.20.dev39.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.20.dev39.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.20.dev39.dist-info/METADATA,sha256=kytETAlhT5qsu2qAkum-3O6NZxRkd7N0Ytx-GwcMqCE,12897
+dissect.target-3.20.dev39.dist-info/WHEEL,sha256=OVMc5UfuAQiSplgO0_WdW7vXVGAt9Hdd6qtN4HotdyA,91
+dissect.target-3.20.dev39.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
+dissect.target-3.20.dev39.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.20.dev39.dist-info/RECORD,,

dissect/target/plugins/apps/texteditor/texteditor.py

@@ -1,13 +0,0 @@
-from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
-from dissect.target.helpers.record import create_extended_descriptor
-from dissect.target.plugin import NamespacePlugin
-
-GENERIC_TAB_CONTENTS_RECORD_FIELDS = [("string", "content"), ("path", "path"), ("string", "deleted_content")]
-
-TexteditorTabContentRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
-    "texteditor/tab", GENERIC_TAB_CONTENTS_RECORD_FIELDS
-)
-
-
-class TexteditorPlugin(NamespacePlugin):
-    __namespace__ = "texteditor"