dissect.target 3.20.dev48__py3-none-any.whl → 3.20.dev49__py3-none-any.whl

dissect/target/plugins/os/unix/_os.py

@@ -4,7 +4,6 @@ import logging
 import re
 import uuid
 from pathlib import Path
-from struct import unpack
 from typing import Iterator
 
 from flow.record.fieldtypes import posix_path
@@ -19,6 +18,25 @@ from dissect.target.target import Target
 log = logging.getLogger(__name__)
 
 
+# https://en.wikipedia.org/wiki/Executable_and_Linkable_Format#ISA
+ARCH_MAP = {
+    0x00: "unknown",
+    0x02: "sparc",
+    0x03: "x86",
+    0x08: "mips",
+    0x14: "powerpc32",
+    0x15: "powerpc64",
+    0x16: "s390",  # and s390x
+    0x28: "aarch32",  # armv7
+    0x2A: "superh",
+    0x32: "ia-64",
+    0x3E: "x86_64",
+    0xB7: "aarch64",  # armv8
+    0xF3: "riscv64",
+    0xF7: "bpf",
+}
+
+
 class UnixPlugin(OSPlugin):
     def __init__(self, target: Target):
         super().__init__(target)
@@ -301,37 +319,30 @@ class UnixPlugin(OSPlugin):
                                 continue
         return os_release
 
-    def _get_architecture(self, os: str = "unix", path: str = "/bin/ls") -> str | None:
-        arch_strings = {
-            0x00: "Unknown",
-            0x02: "SPARC",
-            0x03: "x86",
-            0x08: "MIPS",
-            0x14: "PowerPC",
-            0x16: "S390",
-            0x28: "ARM",
-            0x2A: "SuperH",
-            0x32: "IA-64",
-            0x3E: "x86_64",
-            0xB7: "AArch64",
-            0xF3: "RISC-V",
-        }
-
-        for fs in self.target.filesystems:
-            if fs.exists(path):
-                fh = fs.open(path)
-                fh.seek(4)
-                # ELF - e_ident[EI_CLASS]
-                bits = unpack("B", fh.read(1))[0]
-                fh.seek(18)
-                # ELF - e_machine
-                arch = unpack("H", fh.read(2))[0]
-                arch = arch_strings.get(arch)
-
-                if bits == 1:  # 32 bit system
-                    return f"{arch}_32-{os}"
-                else:
-                    return f"{arch}-{os}"
+    def _get_architecture(self, os: str = "unix", path: Path | str = "/bin/ls") -> str | None:
+        """Determine architecture by reading an ELF header of a binary on the target.
+
+        Resources:
+            - https://en.wikipedia.org/wiki/Executable_and_Linkable_Format#ISA
+        """
+
+        if not isinstance(path, TargetPath):
+            for fs in [self.target.fs, *self.target.filesystems]:
+                if (path := fs.path(path)).exists():
+                    break
+
+        if not path.exists():
+            return
+
+        fh = path.open("rb")
+        fh.seek(4)  # ELF - e_ident[EI_CLASS]
+        bits = fh.read(1)[0]
+
+        fh.seek(18)  # ELF - e_machine
+        e_machine = int.from_bytes(fh.read(2), "little")
+        arch = ARCH_MAP.get(e_machine, "unknown")
+
+        return f"{arch}_32-{os}" if bits == 1 and not arch[-2:] == "32" else f"{arch}-{os}"
 
 
 def parse_fstab(

dissect/target/plugins/os/unix/linux/fortios/_os.py

@@ -6,7 +6,7 @@ from base64 import b64decode
 from datetime import datetime
 from io import BytesIO
 from tarfile import ReadError
-from typing import BinaryIO, Iterator, Optional, TextIO, Union
+from typing import BinaryIO, Iterator, TextIO
 
 from dissect.util import cpio
 from dissect.util.compression import xz
@@ -73,10 +73,11 @@ class FortiOSPlugin(LinuxPlugin):
         return config
 
     @classmethod
-    def detect(cls, target: Target) -> Optional[Filesystem]:
+    def detect(cls, target: Target) -> Filesystem | None:
         for fs in target.filesystems:
-            # Tested on FortiGate and FortiAnalyzer, other Fortinet devices may look different.
-            if fs.exists("/rootfs.gz") and (fs.exists("/.fgtsum") or fs.exists("/.fmg_sign") or fs.exists("/flatkc")):
+            # Tested on FortiGate, FortiAnalyzer and FortiManager.
+            # Other Fortinet devices may look different.
+            if fs.exists("/rootfs.gz") and (any(map(fs.exists, (".fgtsum", ".fmg_sign", "flatkc", "system.conf")))):
                 return fs
 
     @classmethod
@@ -212,7 +213,7 @@ class FortiOSPlugin(LinuxPlugin):
         return "FortiOS Unknown"
 
     @export(record=FortiOSUserRecord)
-    def users(self) -> Iterator[Union[FortiOSUserRecord, UnixUserRecord]]:
+    def users(self) -> Iterator[FortiOSUserRecord | UnixUserRecord]:
         """Return local users of the FortiOS system."""
 
         # Possible unix-like users
@@ -224,7 +225,7 @@ class FortiOSPlugin(LinuxPlugin):
                 yield FortiOSUserRecord(
                     name=username,
                     password=":".join(entry.get("password", [])),
-                    groups=[entry["accprofile"][0]],
+                    groups=list(entry.get("accprofile", [])),
                     home="/root",
                     _target=self.target,
                 )
@@ -233,69 +234,72 @@ class FortiOSPlugin(LinuxPlugin):
             self.target.log.debug("", exc_info=e)
 
         # FortiManager administrative users
-        try:
-            for username, entry in self._config["global-config"]["system"]["admin"]["user"].items():
-                yield FortiOSUserRecord(
-                    name=username,
-                    password=":".join(entry.get("password", [])),
-                    groups=[entry["profileid"][0]],
-                    home="/root",
-                    _target=self.target,
-                )
-        except KeyError as e:
-            self.target.log.warning("Exception while parsing FortiManager admin users")
-            self.target.log.debug("", exc_info=e)
-
-        # Local users
-        try:
-            local_groups = local_groups_to_users(self._config["root-config"]["user"]["group"])
-            for username, entry in self._config["root-config"]["user"].get("local", {}).items():
-                try:
-                    password = decrypt_password(entry["passwd"][-1])
-                except (ValueError, RuntimeError):
-                    password = ":".join(entry.get("passwd", []))
-
-                yield FortiOSUserRecord(
-                    name=username,
-                    password=password,
-                    groups=local_groups.get(username, []),
-                    home=None,
-                    _target=self.target,
-                )
-        except KeyError as e:
-            self.target.log.warning("Exception while parsing FortiOS local users")
-            self.target.log.debug("", exc_info=e)
-
-        # Temporary guest users
-        try:
-            for _, entry in self._config["root-config"]["user"]["group"].get("guestgroup", {}).get("guest", {}).items():
-                try:
-                    password = decrypt_password(entry.get("password")[-1])
-                except (ValueError, RuntimeError):
-                    password = ":".join(entry.get("password"))
-
-                yield FortiOSUserRecord(
-                    name=entry["user-id"][0],
-                    password=password,
-                    groups=["guestgroup"],
-                    home=None,
-                    _target=self.target,
-                )
-        except KeyError as e:
-            self.target.log.warning("Exception while parsing FortiOS temporary guest users")
-            self.target.log.debug("", exc_info=e)
+        if self._config.get("global-config", {}).get("system", {}).get("admin", {}).get("user"):
+            try:
+                for username, entry in self._config["global-config"]["system"]["admin"]["user"].items():
+                    yield FortiOSUserRecord(
+                        name=username,
+                        password=":".join(entry.get("password", [])),
+                        groups=list(entry.get("profileid", [])),
+                        home="/root",
+                        _target=self.target,
+                    )
+            except KeyError as e:
+                self.target.log.warning("Exception while parsing FortiManager admin users")
+                self.target.log.debug("", exc_info=e)
+
+        if self._config.get("root-config"):
+            # Local users
+            try:
+                local_groups = local_groups_to_users(self._config["root-config"]["user"]["group"])
+                for username, entry in self._config["root-config"]["user"].get("local", {}).items():
+                    try:
+                        password = decrypt_password(entry["passwd"][-1])
+                    except (ValueError, RuntimeError):
+                        password = ":".join(entry.get("passwd", []))
+
+                    yield FortiOSUserRecord(
+                        name=username,
+                        password=password,
+                        groups=local_groups.get(username, []),
+                        home=None,
+                        _target=self.target,
+                    )
+            except KeyError as e:
+                self.target.log.warning("Exception while parsing FortiOS local users")
+                self.target.log.debug("", exc_info=e)
+
+            # Temporary guest users
+            try:
+                for _, entry in (
+                    self._config["root-config"]["user"]["group"].get("guestgroup", {}).get("guest", {}).items()
+                ):
+                    try:
+                        password = decrypt_password(entry.get("password")[-1])
+                    except (ValueError, RuntimeError):
+                        password = ":".join(entry.get("password"))
+
+                    yield FortiOSUserRecord(
+                        name=entry["user-id"][0],
+                        password=password,
+                        groups=["guestgroup"],
+                        home=None,
+                        _target=self.target,
+                    )
+            except KeyError as e:
+                self.target.log.warning("Exception while parsing FortiOS temporary guest users")
+                self.target.log.debug("", exc_info=e)
 
     @export(property=True)
     def os(self) -> str:
         return OperatingSystem.FORTIOS.value
 
     @export(property=True)
-    def architecture(self) -> Optional[str]:
+    def architecture(self) -> str | None:
         """Return architecture FortiOS runs on."""
-        paths = ["/lib/libav.so", "/bin/ctr"]
-        for path in paths:
-            if self.target.fs.path(path).exists():
-                return self._get_architecture(path=path)
+        for path in ["/lib/libav.so", "/bin/ctr", "/bin/grep"]:
+            if (bin := self.target.fs.path(path)).exists():
+                return self._get_architecture(path=bin)
 
 
 class ConfigNode(dict):
@@ -528,7 +532,7 @@ def decrypt_rootfs(fh: BinaryIO, key: bytes, iv: bytes) -> BinaryIO:
     return BytesIO(result)
 
 
-def _kdf_7_4_x(key_data: Union[str, bytes]) -> tuple[bytes, bytes]:
+def _kdf_7_4_x(key_data: str | bytes) -> tuple[bytes, bytes]:
     """Derive 32 byte key and 16 byte IV from 32 byte seed.
 
     As the IV needs to be 16 bytes, we return the first 16 bytes of the sha256 hash.
@@ -542,7 +546,7 @@ def _kdf_7_4_x(key_data: Union[str, bytes]) -> tuple[bytes, bytes]:
     return key, iv
 
 
-def get_kernel_hash(sysvol: Filesystem) -> Optional[str]:
+def get_kernel_hash(sysvol: Filesystem) -> str | None:
     """Return the SHA256 hash of the (compressed) kernel."""
     kernel_files = ["flatkc", "vmlinuz", "vmlinux"]
     for k in kernel_files:

dissect/target/plugins/os/windows/_os.py

@@ -12,6 +12,14 @@ from dissect.target.helpers.record import WindowsUserRecord
 from dissect.target.plugin import OperatingSystem, OSPlugin, export
 from dissect.target.target import Target
 
+ARCH_MAP = {
+    "x86": 32,
+    "IA64": 64,
+    "ARM64": 64,
+    "EM64T": 64,
+    "AMD64": 64,
+}
+
 
 class WindowsPlugin(OSPlugin):
     CURRENT_VERSION_KEY = "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion"
@@ -265,19 +273,11 @@ class WindowsPlugin(OSPlugin):
             Dict: arch: architecture, bitness: bits
         """
 
-        arch_strings = {
-            "x86": 32,
-            "IA64": 64,
-            "ARM64": 64,
-            "EM64T": 64,
-            "AMD64": 64,
-        }
-
         key = "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment"
 
         try:
             arch = self.target.registry.key(key).value("PROCESSOR_ARCHITECTURE").value
-            bits = arch_strings.get(arch)
+            bits = ARCH_MAP.get(arch)
 
             # return {"arch": arch, "bitness": bits}
             if bits == 64:

{dissect.target-3.20.dev48.dist-info → dissect.target-3.20.dev49.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.20.dev48
+Version: 3.20.dev49
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.20.dev48.dist-info → dissect.target-3.20.dev49.dist-info}/RECORD

@@ -196,7 +196,7 @@ dissect/target/plugins/general/scrape.py,sha256=Fz7BNXflvuxlnVulyyDhLpyU8D_hJdH6
 dissect/target/plugins/general/users.py,sha256=yy9gvRXfN9BT71v4Xqo5hpwfgN9he9Otu8TBPZ_Tegs,3009
 dissect/target/plugins/os/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/os/unix/_os.py,sha256=prvcuIkJ1jmbb_g1CtgHmmJUcGjFaZn3yU6VPNMJ27k,15061
+dissect/target/plugins/os/unix/_os.py,sha256=mk2yxWGqdZMzdr8hyYT5nyjSIEN3F5JuoPaaiz0Rvf8,15311
 dissect/target/plugins/os/unix/applications.py,sha256=AUgZRP35FzswGyFyChj2o4dfGO34Amc6nqHgiMEaqdI,3129
 dissect/target/plugins/os/unix/cronjobs.py,sha256=tgWQ3BUZpfyvRzodMwGtwFUdPjZ17k7ZRbZ9Q8wmXPk,3393
 dissect/target/plugins/os/unix/datetime.py,sha256=gKfBdPyUirt3qmVYfOJ1oZXRPn8wRzssbZxR_ARrtk8,1518
@@ -251,7 +251,7 @@ dissect/target/plugins/os/unix/linux/debian/vyos/__init__.py,sha256=47DEQpj8HBSa
 dissect/target/plugins/os/unix/linux/debian/vyos/_os.py,sha256=TPjcfv1n68RCe3Er4aCVQwQDCZwJT-NLvje3kPjDfhk,1744
 dissect/target/plugins/os/unix/linux/fortios/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/linux/fortios/_keys.py,sha256=jDDHObfsUn9BGoIir9p4J_-rg9rI1rgoOfnL3R3lg4o,123358
-dissect/target/plugins/os/unix/linux/fortios/_os.py,sha256=Cyw6KyGNc-uZn2WDlD-7G9K7swe_ofxwykIZeQRGYKU,19416
+dissect/target/plugins/os/unix/linux/fortios/_os.py,sha256=381VI9TDMR2-XPwLsvCU8hcRgTz1H5yJ-q_sCNQzSiM,19790
 dissect/target/plugins/os/unix/linux/fortios/generic.py,sha256=dc6YTDLV-VZq9k8IWmY_PE0sTGkkp3yamR-cYNUCtes,1265
 dissect/target/plugins/os/unix/linux/fortios/locale.py,sha256=Pe7Bdj8UemCiktLeQnQ50TpY_skARAzRJA0ewAB4710,5243
 dissect/target/plugins/os/unix/linux/redhat/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -274,7 +274,7 @@ dissect/target/plugins/os/unix/log/lastlog.py,sha256=Wr3-2n1-GwckN9mSx-yM55N6_L0
 dissect/target/plugins/os/unix/log/messages.py,sha256=XtjZ0a2budgQm_K5JT3fMf7JcjuD0AelcD3zOFN2xpI,5732
 dissect/target/plugins/os/unix/log/utmp.py,sha256=k2A69s2qUT2JunJrH8GO6nQ0zMDotXMTaj8OzQ7ljj8,7336
 dissect/target/plugins/os/windows/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/os/windows/_os.py,sha256=-Bsp9696JqU7luh_AbqojzG9BxVdYIFl5Ma-LiFBQBo,12505
+dissect/target/plugins/os/windows/_os.py,sha256=WoXSq-HVOKqI9p3CMXrOFAjsi9MlVmxE2JVHzN7RH0s,12441
 dissect/target/plugins/os/windows/activitiescache.py,sha256=BbGD-vETHm1IRMoazVer_vqSJIoQxxhWcJ_xlBeOMds,6899
 dissect/target/plugins/os/windows/adpolicy.py,sha256=ul8lKlG9ExABnd6yVLMPFFgVxN74CG4T3MvcRuBLHJc,7158
 dissect/target/plugins/os/windows/amcache.py,sha256=1jq-S80_FIzGegrqQ6HqrjmaAPTyxyn69HxnbRBlaUc,27608
@@ -378,10 +378,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.20.dev48.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.20.dev48.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.20.dev48.dist-info/METADATA,sha256=coXjiskalhbUYyedrn0Fe49ZmJvIbeAaMYawTB3Q9QQ,12897
-dissect.target-3.20.dev48.dist-info/WHEEL,sha256=P9jw-gEje8ByB7_hXoICnHtVCrEwMQh-630tKvQWehc,91
-dissect.target-3.20.dev48.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
-dissect.target-3.20.dev48.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.20.dev48.dist-info/RECORD,,
+dissect.target-3.20.dev49.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.20.dev49.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.20.dev49.dist-info/METADATA,sha256=cyNr191yNPZoEE1uGY1DqaExAYn8H9NCuOL2OUWn1oM,12897
+dissect.target-3.20.dev49.dist-info/WHEEL,sha256=P9jw-gEje8ByB7_hXoICnHtVCrEwMQh-630tKvQWehc,91
+dissect.target-3.20.dev49.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
+dissect.target-3.20.dev49.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.20.dev49.dist-info/RECORD,,