dissect.target 3.20.dev64__py3-none-any.whl → 3.20.2.dev11__py3-none-any.whl

dissect/target/helpers/configutil.py

@@ -470,9 +470,9 @@ class Toml(ConfigurationParser):
 class Env(ConfigurationParser):
     """Parses ``.env`` file contents according to Docker and bash specification.
 
-    Does not apply interpolation of substituted values, eg. ``foo=${bar}`` and does not attempt
-    to parse list or dict strings. Does not support dynamic env files, eg. `` foo=`bar` ``. Also
-    does not support multi-line key/value assignments (yet).
+    Does not apply interpolation of substituted values, e.g. ``foo=${bar}`` and does not attempt to parse list or dict
+    strings. Does not support dynamic env files, e.g. ``foo=`bar```. Also does not support multi-line key/value
+    assignments (yet).
 
     Resources:
         - https://docs.docker.com/compose/environment-variables/variable-interpolation/#env-file-syntax
@@ -891,7 +891,7 @@ KNOWN_FILES: dict[str, type[ConfigurationParser]] = {
 }
 
 
-def parse(path: Union[FilesystemEntry, TargetPath], hint: Optional[str] = None, *args, **kwargs) -> ConfigParser:
+def parse(path: Union[FilesystemEntry, TargetPath], hint: Optional[str] = None, *args, **kwargs) -> ConfigurationParser:
     """Parses the content of an ``path`` or ``entry`` to a dictionary.
 
     Args:
@@ -922,7 +922,7 @@ def parse_config(
     entry: FilesystemEntry,
     hint: Optional[str] = None,
     options: Optional[ParserOptions] = None,
-) -> ConfigParser:
+) -> ConfigurationParser:
     parser_type = _select_parser(entry, hint)
 
     parser = parser_type.create_parser(options)

dissect/target/helpers/record.py

@@ -145,33 +145,40 @@ EmptyRecord = RecordDescriptor(
 
 COMMON_INTERFACE_ELEMENTS = [
     ("string", "name"),
+    ("string[]", "mac"),
     ("string", "type"),
     ("boolean", "enabled"),
-    ("string", "mac"),
     ("net.ipaddress[]", "dns"),
     ("net.ipaddress[]", "ip"),
     ("net.ipaddress[]", "gateway"),
+    ("net.ipnetwork[]", "network"),
     ("string", "source"),
 ]
 
 
 UnixInterfaceRecord = TargetRecordDescriptor(
     "unix/network/interface",
-    COMMON_INTERFACE_ELEMENTS,
+    [
+        *COMMON_INTERFACE_ELEMENTS,
+        ("boolean", "dhcp_ipv4"),  # NetworkManager allows for dual-stack configurations.
+        ("boolean", "dhcp_ipv6"),
+        ("datetime", "last_connected"),
+        ("varint[]", "vlan"),
+        ("string", "configurator"),
+    ],
 )
 
 WindowsInterfaceRecord = TargetRecordDescriptor(
     "windows/network/interface",
     [
         *COMMON_INTERFACE_ELEMENTS,
-        ("varint", "vlan"),
-        ("net.ipnetwork[]", "network"),
         ("varint", "metric"),
         ("stringlist", "search_domain"),
         ("datetime", "first_connected"),
         ("datetime", "last_connected"),
         ("net.ipaddress[]", "subnetmask"),
         ("boolean", "dhcp"),
+        ("varint", "vlan"),
     ],
 )
 
@@ -179,10 +186,9 @@ MacInterfaceRecord = TargetRecordDescriptor(
     "macos/network/interface",
     [
         *COMMON_INTERFACE_ELEMENTS,
-        ("varint", "vlan"),
-        ("net.ipnetwork[]", "network"),
         ("varint", "interface_service_order"),
         ("boolean", "dhcp"),
+        ("varint", "vlan"),
     ],
 )
 

dissect/target/helpers/regutil.py

@@ -12,7 +12,7 @@ from io import BytesIO
 from pathlib import Path
 from typing import BinaryIO, Iterator, Optional, TextIO, Union
 
-from dissect.regf import regf
+from dissect.regf import c_regf, regf
 
 from dissect.target.exceptions import (
     RegistryError,
@@ -31,16 +31,33 @@ ValueType = Union[int, str, bytes, list[str]]
 
 
 class RegistryValueType(IntEnum):
-    NONE = regf.REG_NONE
-    SZ = regf.REG_SZ
-    EXPAND_SZ = regf.REG_EXPAND_SZ
-    BINARY = regf.REG_BINARY
-    DWORD = regf.REG_DWORD
-    DWORD_BIG_ENDIAN = regf.REG_DWORD_BIG_ENDIAN
-    MULTI_SZ = regf.REG_MULTI_SZ
-    FULL_RESOURCE_DESCRIPTOR = regf.REG_FULL_RESOURCE_DESCRIPTOR
-    RESOURCE_REQUIREMENTS_LIST = regf.REG_RESOURCE_REQUIREMENTS_LIST
-    QWORD = regf.REG_QWORD
+    """Registry value types as defined in ``winnt.h``.
+
+    Resources:
+        - https://learn.microsoft.com/en-us/windows/win32/sysinfo/registry-value-types
+        - https://github.com/fox-it/dissect.regf/blob/main/dissect/regf/c_regf.py
+    """
+
+    NONE = c_regf.REG_NONE
+    SZ = c_regf.REG_SZ
+    EXPAND_SZ = c_regf.REG_EXPAND_SZ
+    BINARY = c_regf.REG_BINARY
+    DWORD = c_regf.REG_DWORD
+    DWORD_BIG_ENDIAN = c_regf.REG_DWORD_BIG_ENDIAN
+    LINK = c_regf.REG_LINK
+    MULTI_SZ = c_regf.REG_MULTI_SZ
+    RESOURCE_LIST = c_regf.REG_RESOURCE_LIST
+    FULL_RESOURCE_DESCRIPTOR = c_regf.REG_FULL_RESOURCE_DESCRIPTOR
+    RESOURCE_REQUIREMENTS_LIST = c_regf.REG_RESOURCE_REQUIREMENTS_LIST
+    QWORD = c_regf.REG_QWORD
+
+    @classmethod
+    def _missing_(cls, value: int) -> IntEnum:
+        # Allow values other than defined members
+        member = int.__new__(cls, value)
+        member._name_ = None
+        member._value_ = value
+        return member
 
 
 class RegistryHive:

dissect/target/helpers/utils.py

@@ -1,10 +1,12 @@
+from __future__ import annotations
+
 import logging
 import re
 import urllib.parse
 from datetime import datetime, timezone, tzinfo
 from enum import Enum
 from pathlib import Path
-from typing import BinaryIO, Callable, Iterator, Optional, Union
+from typing import BinaryIO, Callable, Iterator, Optional, TypeVar, Union
 
 from dissect.util.ts import from_unix
 
@@ -24,6 +26,23 @@ def findall(buf: bytes, needle: bytes) -> Iterator[int]:
         offset += 1
 
 
+T = TypeVar("T")
+
+
+def to_list(value: T | list[T]) -> list[T]:
+    """Convert a single value or a list of values to a list.
+
+    Args:
+        value: The value to convert.
+
+    Returns:
+        A list of values.
+    """
+    if not isinstance(value, list):
+        return [value]
+    return value
+
+
 class StrEnum(str, Enum):
     """Sortable and serializible string-based enum"""
 

dissect/target/loaders/itunes.py

@@ -163,8 +163,10 @@ class ITunesBackup:
 
     def files(self) -> Iterator[FileInfo]:
         """Iterate all the files in this backup."""
-        for row in self.manifest_db.table("Files").rows():
-            yield FileInfo(self, row.fileID, row.domain, row.relativePath, row.flags, row.file)
+
+        if table := self.manifest_db.table("Files"):
+            for row in table.rows():
+                yield FileInfo(self, row.fileID, row.domain, row.relativePath, row.flags, row.file)
 
 
 class FileInfo:
@@ -288,7 +290,7 @@ def translate_file_path(domain: str, relative_path: str) -> str:
         package_name = ""
 
     domain_path = fsutil.join(DOMAIN_TRANSLATION.get(domain, domain), package_name)
-    return fsutil.join(domain_path, relative_path)
+    return fsutil.join(domain_path, relative_path).rstrip("/")
 
 
 def parse_key_bag(buf: bytes) -> tuple[dict[str, bytes, int], dict[str, ClassKey]]:

dissect/target/plugins/apps/browser/iexplore.py

@@ -36,14 +36,18 @@ class WebCache:
             All ``ContainerId`` values for the requested container name.
         """
         try:
-            for container_record in self.db.table("Containers").records():
+            table = self.db.table("Containers")
+
+            for container_record in table.records():
                 if record_name := container_record.get("Name"):
                     record_name = record_name.rstrip("\00").lower()
                     if record_name == name.lower():
                         container_id = container_record.get("ContainerId")
                         yield self.db.table(f"Container_{container_id}")
-        except KeyError:
-            pass
+
+        except KeyError as e:
+            self.target.log.warning("Exception while parsing EseDB Containers table")
+            self.target.log.debug("", exc_info=e)
 
     def _iter_records(self, name: str) -> Iterator[record.Record]:
         """Yield records from a Webcache container.

dissect/target/plugins/general/network.py

@@ -79,7 +79,7 @@ class NetworkPlugin(Plugin):
     @internal
     def with_mac(self, mac: str) -> Iterator[InterfaceRecord]:
         for interface in self.interfaces():
-            if interface.mac == mac:
+            if mac in interface.mac:
                 yield interface
 
     @internal

dissect/target/plugins/general/plugins.py

@@ -169,7 +169,7 @@ class PluginListPlugin(Plugin):
 
 
 def generate_plugins_json(plugins: list[Plugin]) -> Iterator[dict]:
-    """Generates JSON output of a list of :class:`Plugin`s."""
+    """Generates JSON output of a list of :class:`Plugin`."""
 
     for p in plugins:
         func = getattr(p.class_object, p.method_name)

dissect/target/plugins/os/unix/_os.py

@@ -182,7 +182,7 @@ class UnixPlugin(OSPlugin):
             paths (list): list of paths
         """
         redhat_legacy_path = "/etc/sysconfig/network"
-        paths = paths or ["/etc/hostname", "/etc/HOSTNAME", redhat_legacy_path]
+        paths = paths or ["/etc/hostname", "/etc/HOSTNAME", "/proc/sys/kernel/hostname", redhat_legacy_path]
         hostname_dict = {"hostname": None, "domain": None}
 
         for path in paths:

dissect/target/plugins/os/unix/bsd/osx/network.py

@@ -84,9 +84,10 @@ class MacNetworkPlugin(NetworkPlugin):
                     network=network,
                     interface_service_order=interface_service_order,
                     dhcp=dhcp,
+                    mac=[],
                     _target=self.target,
                 )
 
             except Exception as e:
-                self.target.log.warning("Error reading configuration for network device %s: %s", name, e)
+                self.target.log.warning("Error reading configuration for network device %s", name, exc_info=e)
                 continue

dissect/target/plugins/os/unix/esxi/_os.py

@@ -472,37 +472,39 @@ def parse_config_store(fh: BinaryIO) -> dict[str, Any]:
     db = sqlite3.SQLite3(fh)
 
     store = {}
-    for row in db.table("Config").rows():
-        component_name = row.Component
-        config_group_name = row.ConfigGroup
-        value_group_name = row.Name
-        identifier_name = row.Identifier
-
-        if component_name not in store:
-            store[component_name] = {}
-        component = store[component_name]
-
-        if config_group_name not in component:
-            component[config_group_name] = {}
-        config_group = component[config_group_name]
-
-        if value_group_name not in config_group:
-            config_group[value_group_name] = {}
-        value_group = config_group[value_group_name]
-
-        if identifier_name not in value_group:
-            value_group[identifier_name] = {}
-        identifier = value_group[identifier_name]
-
-        identifier["modified_time"] = row.ModifiedTime
-        identifier["creation_time"] = row.CreationTime
-        identifier["version"] = row.Version
-        identifier["success"] = row.Success
-        identifier["auto_conf_value"] = json.loads(row.AutoConfValue) if row.AutoConfValue else None
-        identifier["user_value"] = json.loads(row.UserValue) if row.UserValue else None
-        identifier["vital_value"] = json.loads(row.VitalValue) if row.VitalValue else None
-        identifier["cached_value"] = json.loads(row.CachedValue) if row.CachedValue else None
-        identifier["desired_value"] = json.loads(row.DesiredValue) if row.DesiredValue else None
-        identifier["revision"] = row.Revision
+
+    if table := db.table("Config"):
+        for row in table.rows():
+            component_name = row.Component
+            config_group_name = row.ConfigGroup
+            value_group_name = row.Name
+            identifier_name = row.Identifier
+
+            if component_name not in store:
+                store[component_name] = {}
+            component = store[component_name]
+
+            if config_group_name not in component:
+                component[config_group_name] = {}
+            config_group = component[config_group_name]
+
+            if value_group_name not in config_group:
+                config_group[value_group_name] = {}
+            value_group = config_group[value_group_name]
+
+            if identifier_name not in value_group:
+                value_group[identifier_name] = {}
+            identifier = value_group[identifier_name]
+
+            identifier["modified_time"] = row.ModifiedTime
+            identifier["creation_time"] = row.CreationTime
+            identifier["version"] = row.Version
+            identifier["success"] = row.Success
+            identifier["auto_conf_value"] = json.loads(row.AutoConfValue) if row.AutoConfValue else None
+            identifier["user_value"] = json.loads(row.UserValue) if row.UserValue else None
+            identifier["vital_value"] = json.loads(row.VitalValue) if row.VitalValue else None
+            identifier["cached_value"] = json.loads(row.CachedValue) if row.CachedValue else None
+            identifier["desired_value"] = json.loads(row.DesiredValue) if row.DesiredValue else None
+            identifier["revision"] = row.Revision
 
     return store

dissect/target/plugins/os/unix/etc/etc.py

@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import fnmatch
 import re
 from pathlib import Path
@@ -30,9 +32,10 @@ class EtcTree(ConfigurationTreePlugin):
     def __init__(self, target: Target):
         super().__init__(target, "/etc")
 
-    def _sub(self, items: ConfigurationEntry, entry: Path, pattern: str) -> Iterator[UnixConfigTreeRecord]:
+    def _sub(
+        self, items: ConfigurationEntry | dict, entry: Path, orig_path: Path, pattern: str
+    ) -> Iterator[UnixConfigTreeRecord]:
         index = 0
-        config_entry = items
         if not isinstance(items, dict):
             items = items.as_dict()
 
@@ -41,7 +44,7 @@ class EtcTree(ConfigurationTreePlugin):
             path = Path(entry) / Path(key)
 
             if isinstance(value, dict):
-                yield from self._sub(value, path, pattern)
+                yield from self._sub(value, path, orig_path, pattern)
                 continue
 
             if not isinstance(value, list):
@@ -50,7 +53,7 @@ class EtcTree(ConfigurationTreePlugin):
             if fnmatch.fnmatch(path, pattern):
                 data = {
                     "_target": self.target,
-                    "source": self.target.fs.path(config_entry.entry.path),
+                    "source": self.target.fs.path(orig_path),
                     "path": path,
                     "key": key,
                     "value": value,
@@ -71,8 +74,11 @@ class EtcTree(ConfigurationTreePlugin):
         for entry, subs, items in self.config_fs.walk(root):
             for item in items:
                 try:
-                    config_object = self.get(str(Path(entry) / Path(item)))
-                    yield from self._sub(config_object, Path(entry) / Path(item), pattern)
+                    path = Path(entry) / item
+                    config_object = self.get(str(path))
+
+                    if isinstance(config_object, ConfigurationEntry):
+                        yield from self._sub(config_object, path, orig_path=path, pattern=pattern)
                 except Exception:
                     self.target.log.warning("Could not open configuration item: %s", item)
                     pass