dissect.target 3.20.dev64__py3-none-any.whl → 3.20.1__py3-none-any.whl

dissect/target/helpers/configutil.py

@@ -891,7 +891,7 @@ KNOWN_FILES: dict[str, type[ConfigurationParser]] = {
 }
 
 
-def parse(path: Union[FilesystemEntry, TargetPath], hint: Optional[str] = None, *args, **kwargs) -> ConfigParser:
+def parse(path: Union[FilesystemEntry, TargetPath], hint: Optional[str] = None, *args, **kwargs) -> ConfigurationParser:
     """Parses the content of an ``path`` or ``entry`` to a dictionary.
 
     Args:
@@ -922,7 +922,7 @@ def parse_config(
     entry: FilesystemEntry,
     hint: Optional[str] = None,
     options: Optional[ParserOptions] = None,
-) -> ConfigParser:
+) -> ConfigurationParser:
     parser_type = _select_parser(entry, hint)
 
     parser = parser_type.create_parser(options)

dissect/target/helpers/record.py

@@ -145,33 +145,40 @@ EmptyRecord = RecordDescriptor(
 
 COMMON_INTERFACE_ELEMENTS = [
     ("string", "name"),
+    ("string[]", "mac"),
     ("string", "type"),
     ("boolean", "enabled"),
-    ("string", "mac"),
     ("net.ipaddress[]", "dns"),
     ("net.ipaddress[]", "ip"),
     ("net.ipaddress[]", "gateway"),
+    ("net.ipnetwork[]", "network"),
     ("string", "source"),
 ]
 
 
 UnixInterfaceRecord = TargetRecordDescriptor(
     "unix/network/interface",
-    COMMON_INTERFACE_ELEMENTS,
+    [
+        *COMMON_INTERFACE_ELEMENTS,
+        ("boolean", "dhcp_ipv4"),  # NetworkManager allows for dual-stack configurations.
+        ("boolean", "dhcp_ipv6"),
+        ("datetime", "last_connected"),
+        ("varint[]", "vlan"),
+        ("string", "configurator"),
+    ],
 )
 
 WindowsInterfaceRecord = TargetRecordDescriptor(
     "windows/network/interface",
     [
         *COMMON_INTERFACE_ELEMENTS,
-        ("varint", "vlan"),
-        ("net.ipnetwork[]", "network"),
         ("varint", "metric"),
         ("stringlist", "search_domain"),
         ("datetime", "first_connected"),
         ("datetime", "last_connected"),
         ("net.ipaddress[]", "subnetmask"),
         ("boolean", "dhcp"),
+        ("varint", "vlan"),
     ],
 )
 
@@ -179,10 +186,9 @@ MacInterfaceRecord = TargetRecordDescriptor(
     "macos/network/interface",
     [
         *COMMON_INTERFACE_ELEMENTS,
-        ("varint", "vlan"),
-        ("net.ipnetwork[]", "network"),
         ("varint", "interface_service_order"),
         ("boolean", "dhcp"),
+        ("varint", "vlan"),
     ],
 )
 

dissect/target/helpers/regutil.py

@@ -12,7 +12,7 @@ from io import BytesIO
 from pathlib import Path
 from typing import BinaryIO, Iterator, Optional, TextIO, Union
 
-from dissect.regf import regf
+from dissect.regf import c_regf, regf
 
 from dissect.target.exceptions import (
     RegistryError,
@@ -31,16 +31,33 @@ ValueType = Union[int, str, bytes, list[str]]
 
 
 class RegistryValueType(IntEnum):
-    NONE = regf.REG_NONE
-    SZ = regf.REG_SZ
-    EXPAND_SZ = regf.REG_EXPAND_SZ
-    BINARY = regf.REG_BINARY
-    DWORD = regf.REG_DWORD
-    DWORD_BIG_ENDIAN = regf.REG_DWORD_BIG_ENDIAN
-    MULTI_SZ = regf.REG_MULTI_SZ
-    FULL_RESOURCE_DESCRIPTOR = regf.REG_FULL_RESOURCE_DESCRIPTOR
-    RESOURCE_REQUIREMENTS_LIST = regf.REG_RESOURCE_REQUIREMENTS_LIST
-    QWORD = regf.REG_QWORD
+    """Registry value types as defined in ``winnt.h``.
+
+    Resources:
+        - https://learn.microsoft.com/en-us/windows/win32/sysinfo/registry-value-types
+        - https://github.com/fox-it/dissect.regf/blob/main/dissect/regf/c_regf.py
+    """
+
+    NONE = c_regf.REG_NONE
+    SZ = c_regf.REG_SZ
+    EXPAND_SZ = c_regf.REG_EXPAND_SZ
+    BINARY = c_regf.REG_BINARY
+    DWORD = c_regf.REG_DWORD
+    DWORD_BIG_ENDIAN = c_regf.REG_DWORD_BIG_ENDIAN
+    LINK = c_regf.REG_LINK
+    MULTI_SZ = c_regf.REG_MULTI_SZ
+    RESOURCE_LIST = c_regf.REG_RESOURCE_LIST
+    FULL_RESOURCE_DESCRIPTOR = c_regf.REG_FULL_RESOURCE_DESCRIPTOR
+    RESOURCE_REQUIREMENTS_LIST = c_regf.REG_RESOURCE_REQUIREMENTS_LIST
+    QWORD = c_regf.REG_QWORD
+
+    @classmethod
+    def _missing_(cls, value: int) -> IntEnum:
+        # Allow values other than defined members
+        member = int.__new__(cls, value)
+        member._name_ = None
+        member._value_ = value
+        return member
 
 
 class RegistryHive:

dissect/target/helpers/utils.py

@@ -1,10 +1,12 @@
+from __future__ import annotations
+
 import logging
 import re
 import urllib.parse
 from datetime import datetime, timezone, tzinfo
 from enum import Enum
 from pathlib import Path
-from typing import BinaryIO, Callable, Iterator, Optional, Union
+from typing import BinaryIO, Callable, Iterator, Optional, TypeVar, Union
 
 from dissect.util.ts import from_unix
 
@@ -24,6 +26,23 @@ def findall(buf: bytes, needle: bytes) -> Iterator[int]:
         offset += 1
 
 
+T = TypeVar("T")
+
+
+def to_list(value: T | list[T]) -> list[T]:
+    """Convert a single value or a list of values to a list.
+
+    Args:
+        value: The value to convert.
+
+    Returns:
+        A list of values.
+    """
+    if not isinstance(value, list):
+        return [value]
+    return value
+
+
 class StrEnum(str, Enum):
     """Sortable and serializible string-based enum"""
 

dissect/target/plugins/general/network.py

@@ -79,7 +79,7 @@ class NetworkPlugin(Plugin):
     @internal
     def with_mac(self, mac: str) -> Iterator[InterfaceRecord]:
         for interface in self.interfaces():
-            if interface.mac == mac:
+            if mac in interface.mac:
                 yield interface
 
     @internal

dissect/target/plugins/os/unix/bsd/osx/network.py

@@ -84,9 +84,10 @@ class MacNetworkPlugin(NetworkPlugin):
                     network=network,
                     interface_service_order=interface_service_order,
                     dhcp=dhcp,
+                    mac=[],
                     _target=self.target,
                 )
 
             except Exception as e:
-                self.target.log.warning("Error reading configuration for network device %s: %s", name, e)
+                self.target.log.warning("Error reading configuration for network device %s", name, exc_info=e)
                 continue

dissect/target/plugins/os/unix/etc/etc.py

@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import fnmatch
 import re
 from pathlib import Path
@@ -30,9 +32,10 @@ class EtcTree(ConfigurationTreePlugin):
     def __init__(self, target: Target):
         super().__init__(target, "/etc")
 
-    def _sub(self, items: ConfigurationEntry, entry: Path, pattern: str) -> Iterator[UnixConfigTreeRecord]:
+    def _sub(
+        self, items: ConfigurationEntry | dict, entry: Path, orig_path: Path, pattern: str
+    ) -> Iterator[UnixConfigTreeRecord]:
         index = 0
-        config_entry = items
         if not isinstance(items, dict):
             items = items.as_dict()
 
@@ -41,7 +44,7 @@ class EtcTree(ConfigurationTreePlugin):
             path = Path(entry) / Path(key)
 
             if isinstance(value, dict):
-                yield from self._sub(value, path, pattern)
+                yield from self._sub(value, path, orig_path, pattern)
                 continue
 
             if not isinstance(value, list):
@@ -50,7 +53,7 @@ class EtcTree(ConfigurationTreePlugin):
             if fnmatch.fnmatch(path, pattern):
                 data = {
                     "_target": self.target,
-                    "source": self.target.fs.path(config_entry.entry.path),
+                    "source": self.target.fs.path(orig_path),
                     "path": path,
                     "key": key,
                     "value": value,
@@ -71,8 +74,11 @@ class EtcTree(ConfigurationTreePlugin):
         for entry, subs, items in self.config_fs.walk(root):
             for item in items:
                 try:
-                    config_object = self.get(str(Path(entry) / Path(item)))
-                    yield from self._sub(config_object, Path(entry) / Path(item), pattern)
+                    path = Path(entry) / item
+                    config_object = self.get(str(path))
+
+                    if isinstance(config_object, ConfigurationEntry):
+                        yield from self._sub(config_object, path, orig_path=path, pattern=pattern)
                 except Exception:
                     self.target.log.warning("Could not open configuration item: %s", item)
                     pass