dissect.target 3.20.dev38__py3-none-any.whl → 3.20.dev39__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,23 @@
1
+ from dissect.target.plugin import NamespacePlugin, export
2
+
3
+ COMMON_EDITOR_FIELDS = [
4
+ ("datetime", "ts"),
5
+ ("string", "editor"),
6
+ ("path", "source"),
7
+ ]
8
+
9
+
10
+ class EditorPlugin(NamespacePlugin):
11
+ """Editor plugin."""
12
+
13
+ __namespace__ = "editor"
14
+
15
+ @export
16
+ def extensions(self) -> None:
17
+ """Yields installed extensions."""
18
+ raise NotImplementedError
19
+
20
+ @export
21
+ def history(self) -> None:
22
+ """Yields history of files."""
23
+ raise NotImplementedError
@@ -16,11 +16,8 @@ from dissect.target.helpers.record import (
16
16
  WindowsUserRecord,
17
17
  create_extended_descriptor,
18
18
  )
19
- from dissect.target.plugin import export
20
- from dissect.target.plugins.apps.texteditor.texteditor import (
21
- GENERIC_TAB_CONTENTS_RECORD_FIELDS,
22
- TexteditorPlugin,
23
- )
19
+ from dissect.target.plugin import alias, export
20
+ from dissect.target.plugins.apps.editor.editor import COMMON_EDITOR_FIELDS, EditorPlugin
24
21
  from dissect.target.target import Target
25
22
 
26
23
  # Thanks to @Nordgaren, @daddycocoaman, @JustArion and @ogmini for their suggestions and feedback in the PR
@@ -94,16 +91,25 @@ struct options_v2 {
94
91
  };
95
92
  """
96
93
 
97
- WINDOWS_SAVED_TABS_EXTRA_FIELDS = [("datetime", "modification_time"), ("digest", "hashes"), ("path", "saved_path")]
94
+ GENERIC_TAB_CONTENTS_RECORD_FIELDS = [
95
+ ("string", "content"),
96
+ ("path", "path"),
97
+ ("string", "deleted_content"),
98
+ ]
98
99
 
99
100
  WindowsNotepadUnsavedTabRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
100
- "texteditor/windowsnotepad/tab/unsaved",
101
- GENERIC_TAB_CONTENTS_RECORD_FIELDS,
101
+ "application/editor/windowsnotepad/tab/unsaved",
102
+ COMMON_EDITOR_FIELDS + GENERIC_TAB_CONTENTS_RECORD_FIELDS,
102
103
  )
103
104
 
104
105
  WindowsNotepadSavedTabRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
105
- "texteditor/windowsnotepad/tab/saved",
106
- GENERIC_TAB_CONTENTS_RECORD_FIELDS + WINDOWS_SAVED_TABS_EXTRA_FIELDS,
106
+ "application/editor/windowsnotepad/tab/saved",
107
+ COMMON_EDITOR_FIELDS
108
+ + GENERIC_TAB_CONTENTS_RECORD_FIELDS
109
+ + [
110
+ ("digest", "digest"),
111
+ ("path", "saved_path"),
112
+ ],
107
113
  )
108
114
 
109
115
  c_windowstab = cstruct().load(windowstab_def)
@@ -264,7 +270,7 @@ class WindowsNotepadTab:
264
270
  self.deleted_content = deleted_content if deleted_content else None
265
271
 
266
272
 
267
- class WindowsNotepadPlugin(TexteditorPlugin):
273
+ class WindowsNotepadPlugin(EditorPlugin):
268
274
  """Windows notepad tab content plugin."""
269
275
 
270
276
  __namespace__ = "windowsnotepad"
@@ -273,28 +279,27 @@ class WindowsNotepadPlugin(TexteditorPlugin):
273
279
 
274
280
  def __init__(self, target: Target):
275
281
  super().__init__(target)
276
- self.users_tabs: list[TargetPath, UnixUserRecord | WindowsUserRecord] = []
282
+ self.users_tabs: set[TargetPath, UnixUserRecord | WindowsUserRecord] = set()
277
283
  for user_details in self.target.user_details.all_with_home():
278
284
  for tab_file in user_details.home_path.glob(self.GLOB):
279
- # These files seem to contain information on different settings / configurations,
280
- # and are skipped for now
285
+ # These files contain information on different settings / configurations, and are skipped for now.
281
286
  if tab_file.name.endswith(".1.bin") or tab_file.name.endswith(".0.bin"):
282
287
  continue
283
288
 
284
- self.users_tabs.append((tab_file, user_details.user))
289
+ self.users_tabs.add((tab_file, user_details.user))
285
290
 
286
291
  def check_compatible(self) -> None:
287
292
  if not self.users_tabs:
288
293
  raise UnsupportedPluginError("No Windows Notepad tab files found")
289
294
 
295
+ @alias("tabs")
290
296
  @export(record=[WindowsNotepadSavedTabRecord, WindowsNotepadUnsavedTabRecord])
291
- def tabs(self) -> Iterator[WindowsNotepadSavedTabRecord | WindowsNotepadUnsavedTabRecord]:
297
+ def history(self) -> Iterator[WindowsNotepadSavedTabRecord | WindowsNotepadUnsavedTabRecord]:
292
298
  """Return contents from Windows 11 Notepad tabs - and its deleted content if available.
293
299
 
294
300
  Windows Notepad application for Windows 11 is now able to restore both saved and unsaved tabs when you re-open
295
301
  the application.
296
302
 
297
-
298
303
  Resources:
299
304
  - https://github.com/fox-it/dissect.target/pull/540
300
305
  - https://github.com/JustArion/Notepad-Tabs
@@ -304,37 +309,41 @@ class WindowsNotepadPlugin(TexteditorPlugin):
304
309
  - https://github.com/Nordgaren/tabstate-util/issues/1
305
310
  - https://medium.com/@mahmoudsoheem/new-digital-forensics-artifact-from-windows-notepad-527645906b7b
306
311
 
307
- Yields a WindowsNotepadSavedTabRecord or WindowsNotepadUnsavedTabRecord. with fields:
312
+ Yields ``WindowsNotepadSavedTabRecord`` or ``WindowsNotepadUnsavedTabRecord`` records:
308
313
 
309
314
  .. code-block:: text
310
315
 
311
- content (string): The content of the tab.
312
- path (path): The path to the tab file.
313
- deleted_content (string): The deleted content of the tab, if available.
314
- hashes (digest): A digest of the tab content.
315
- saved_path (path): The path where the tab was saved.
316
- modification_time (datetime): The modification time of the tab.
316
+ ts (datetime): The modification time of the tab.
317
+ content (string): The content of the tab.
318
+ path (path): The path to the tab file.
319
+ deleted_content (string): The deleted content of the tab, if available.
320
+ digest (digest): A digest of the tab content.
321
+ saved_path (path): The path where the tab was saved.
317
322
  """
318
323
  for file, user in self.users_tabs:
319
- # Parse the file
320
- tab: WindowsNotepadTab = WindowsNotepadTab(file)
324
+ tab = WindowsNotepadTab(file)
321
325
 
322
326
  if tab.is_saved:
323
327
  yield WindowsNotepadSavedTabRecord(
328
+ ts=wintimestamp(tab.tab_header.timestamp),
329
+ editor="windowsnotepad",
324
330
  content=tab.content,
325
331
  path=tab.file,
326
332
  deleted_content=tab.deleted_content,
327
- hashes=digest((None, None, tab.tab_header.sha256.hex())),
333
+ digest=digest((None, None, tab.tab_header.sha256.hex())),
328
334
  saved_path=tab.tab_header.filePath,
329
- modification_time=wintimestamp(tab.tab_header.timestamp),
330
- _target=self.target,
335
+ source=file,
331
336
  _user=user,
337
+ _target=self.target,
332
338
  )
339
+
333
340
  else:
334
341
  yield WindowsNotepadUnsavedTabRecord(
342
+ editor="windowsnotepad",
335
343
  content=tab.content,
344
+ deleted_content=tab.deleted_content,
336
345
  path=tab.file,
337
- _target=self.target,
346
+ source=file,
338
347
  _user=user,
339
- deleted_content=tab.deleted_content,
348
+ _target=self.target,
340
349
  )
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: dissect.target
3
- Version: 3.20.dev38
3
+ Version: 3.20.dev39
4
4
  Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License: Affero General Public License v3
@@ -127,6 +127,9 @@ dissect/target/plugins/apps/browser/firefox.py,sha256=mZBBagFfIdiz9kUyK4Hi989I4g
127
127
  dissect/target/plugins/apps/browser/iexplore.py,sha256=g_xw0toaiyjevxO8g9XPCOqc-CXZp39FVquRhPFGdTE,8801
128
128
  dissect/target/plugins/apps/container/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
129
129
  dissect/target/plugins/apps/container/docker.py,sha256=LTsZplaECSfO1Ysp_Y-9WsnNocsreu_iHO8fbSif3g0,16221
130
+ dissect/target/plugins/apps/editor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
131
+ dissect/target/plugins/apps/editor/editor.py,sha256=yJctXY0XTfwW3GKy6XLO2WaWFQLssdBck9ZOcZSyf80,495
132
+ dissect/target/plugins/apps/editor/windowsnotepad.py,sha256=A9cfFrqbU2zjHRrzYsCnXr-uxKAIsVIKdXXJPYMt6MU,15068
130
133
  dissect/target/plugins/apps/other/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
131
134
  dissect/target/plugins/apps/other/env.py,sha256=_I12S_wjyT18WlUJ5cWOy5OTI140AheH6tq743iiyys,1874
132
135
  dissect/target/plugins/apps/remoteaccess/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -141,9 +144,6 @@ dissect/target/plugins/apps/ssh/openssh.py,sha256=e3bj9fWxvU2K9Gk9JqA2_E-opkzLTv
141
144
  dissect/target/plugins/apps/ssh/opensshd.py,sha256=VL78AuMaacn-pGNoPwvWm_9lbhj-ZNJDmRbL-UlQpIM,5545
142
145
  dissect/target/plugins/apps/ssh/putty.py,sha256=EmsXr2NbOB13-EWS5AkpEPMUhOkVl6FAy8JGUiaDhxk,10133
143
146
  dissect/target/plugins/apps/ssh/ssh.py,sha256=d3U8PJbtMvOV3K0wV_9KzGt2oRs-mfNQz1_Xd6SNx0Y,9320
144
- dissect/target/plugins/apps/texteditor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
145
- dissect/target/plugins/apps/texteditor/texteditor.py,sha256=h-tF1x2hLlgeNM3W-0Z9g0mjjkb9ietT1D5c-9GaMr8,543
146
- dissect/target/plugins/apps/texteditor/windowsnotepad.py,sha256=BXGhcwWIW6zlQyD_nHpc1r5Lxt6WMvhfqY2PWf0A6pw,14852
147
147
  dissect/target/plugins/apps/virtualization/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
148
148
  dissect/target/plugins/apps/virtualization/vmware_workstation.py,sha256=7G-MRZCMN6aSYfs5NpaW2wkezqlx_EXq9-GzdbvtRrk,2088
149
149
  dissect/target/plugins/apps/vpn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -370,10 +370,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
370
370
  dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
371
371
  dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
372
372
  dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
373
- dissect.target-3.20.dev38.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
374
- dissect.target-3.20.dev38.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
375
- dissect.target-3.20.dev38.dist-info/METADATA,sha256=Ex7zBUuPOU3i3WWpjC0GWdIp7kFkai3r89cl9anlJ3A,12897
376
- dissect.target-3.20.dev38.dist-info/WHEEL,sha256=OVMc5UfuAQiSplgO0_WdW7vXVGAt9Hdd6qtN4HotdyA,91
377
- dissect.target-3.20.dev38.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
378
- dissect.target-3.20.dev38.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
379
- dissect.target-3.20.dev38.dist-info/RECORD,,
373
+ dissect.target-3.20.dev39.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
374
+ dissect.target-3.20.dev39.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
375
+ dissect.target-3.20.dev39.dist-info/METADATA,sha256=kytETAlhT5qsu2qAkum-3O6NZxRkd7N0Ytx-GwcMqCE,12897
376
+ dissect.target-3.20.dev39.dist-info/WHEEL,sha256=OVMc5UfuAQiSplgO0_WdW7vXVGAt9Hdd6qtN4HotdyA,91
377
+ dissect.target-3.20.dev39.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
378
+ dissect.target-3.20.dev39.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
379
+ dissect.target-3.20.dev39.dist-info/RECORD,,
@@ -1,13 +0,0 @@
1
- from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
2
- from dissect.target.helpers.record import create_extended_descriptor
3
- from dissect.target.plugin import NamespacePlugin
4
-
5
- GENERIC_TAB_CONTENTS_RECORD_FIELDS = [("string", "content"), ("path", "path"), ("string", "deleted_content")]
6
-
7
- TexteditorTabContentRecord = create_extended_descriptor([UserRecordDescriptorExtension])(
8
- "texteditor/tab", GENERIC_TAB_CONTENTS_RECORD_FIELDS
9
- )
10
-
11
-
12
- class TexteditorPlugin(NamespacePlugin):
13
- __namespace__ = "texteditor"