dissect.target 3.20.dev6__py3-none-any.whl → 3.20.dev8__py3-none-any.whl

dissect/target/helpers/record.py

@@ -144,7 +144,6 @@ EmptyRecord = RecordDescriptor(
 )
 
 COMMON_INTERFACE_ELEMENTS = [
-    ("string", "source"),
     ("string", "name"),
     ("string", "type"),
     ("boolean", "enabled"),
@@ -152,6 +151,7 @@ COMMON_INTERFACE_ELEMENTS = [
     ("net.ipaddress[]", "dns"),
     ("net.ipaddress[]", "ip"),
     ("net.ipaddress[]", "gateway"),
+    ("string", "source"),
 ]
 
 

dissect/target/plugins/apps/container/docker.py

@@ -4,7 +4,7 @@ import json
 import logging
 import re
 from pathlib import Path
-from typing import Iterator, Optional
+from typing import Iterator
 
 from dissect.cstruct import cstruct
 from dissect.util import ts
@@ -128,12 +128,17 @@ class DockerPlugin(Plugin):
         for data_root in self.installs:
             images_path = data_root.joinpath("image/overlay2/repositories.json")
 
-            if images_path.exists():
-                repositories = json.loads(images_path.read_text()).get("Repositories")
-            else:
+            if not images_path.exists():
                 self.target.log.debug("No docker images found, file %s does not exist.", images_path)
                 continue
 
+            try:
+                repositories = json.loads(images_path.read_text()).get("Repositories", {})
+            except (json.JSONDecodeError, UnicodeDecodeError) as e:
+                self.target.log.warning("Unable to parse JSON in: %s", images_path)
+                self.target.log.debug("", exc_info=e)
+                continue
+
             for name, tags in repositories.items():
                 for tag, hash in tags.items():
                     image_metadata_path = data_root.joinpath(
@@ -142,8 +147,12 @@ class DockerPlugin(Plugin):
                     created = None
 
                     if image_metadata_path.exists():
-                        image_metadata = json.loads(image_metadata_path.read_text())
-                        created = convert_timestamp(image_metadata.get("created"))
+                        try:
+                            image_metadata = json.loads(image_metadata_path.read_text())
+                            created = convert_timestamp(image_metadata.get("created"))
+                        except (json.JSONDecodeError, UnicodeDecodeError) as e:
+                            self.target.log.warning("Unable to parse JSON in: %s", image_metadata_path)
+                            self.target.log.debug("", exc_info=e)
 
                     yield DockerImageRecord(
                         name=name,
@@ -160,47 +169,51 @@ class DockerPlugin(Plugin):
 
         for data_root in self.installs:
             for config_path in data_root.joinpath("containers").glob("**/config.v2.json"):
-                config = json.loads(config_path.read_text())
+                try:
+                    config = json.loads(config_path.read_text())
+                except (json.JSONDecodeError, UnicodeDecodeError) as e:
+                    self.target.log.warning("Unable to parse JSON in file: %s", config_path)
+                    self.target.log.debug("", exc_info=e)
+                    continue
+
                 container_id = config.get("ID")
 
                 # determine state
-                running = config.get("State").get("Running")
+                running = config.get("State", {}).get("Running")
                 if running:
-                    ports = config.get("NetworkSettings").get("Ports", {})
-                    pid = config.get("Pid")
-                else:
-                    ports = config.get("Config").get("ExposedPorts", {})
-                    pid = None
+                    ports = config.get("NetworkSettings", {}).get("Ports", {})
+
+                if not running or not ports:
+                    ports = config.get("Config", {}).get("ExposedPorts", {})
 
                 # parse volumes
                 volumes = []
-                if mount_points := config.get("MountPoints"):
-                    for mp in mount_points:
-                        mount_point = mount_points[mp]
+                if mount_points := config.get("MountPoints", {}):
+                    for mount_point in mount_points.values():
                         volumes.append(f"{mount_point.get('Source')}:{mount_point.get('Destination')}")
 
                 # determine mount point
                 mount_path = None
-                if config.get("Driver") == "overlay2":
+                if container_id and config.get("Driver") == "overlay2":
                     mount_path = data_root.joinpath("image/overlay2/layerdb/mounts", container_id)
                     if not mount_path.exists():
-                        self.target.log.warning("Overlay2 mount path for container %s does not exist!", container_id)
+                        self.target.log.warning("Overlay2 mount path does not exist for container: %s", container_id)
 
                 else:
-                    self.target.log.warning("Encountered unsupported container filesystem %s", config.get("Driver"))
+                    self.target.log.warning("Encountered unsupported container filesystem: %s", config.get("Driver"))
 
                 yield DockerContainerRecord(
                     container_id=container_id,
-                    image=config.get("Config").get("Image"),
-                    image_id=config.get("Image").split(":")[-1],
-                    command=config.get("Config").get("Cmd"),
+                    image=config.get("Config", {}).get("Image"),
+                    image_id=config.get("Image", "").split(":")[-1],
+                    command=f"{config.get('Path', '')} {' '.join(config.get('Args', []))}".strip(),
                     created=convert_timestamp(config.get("Created")),
                     running=running,
-                    pid=pid,
-                    started=convert_timestamp(config.get("State").get("StartedAt")),
-                    finished=convert_timestamp(config.get("State").get("FinishedAt")),
+                    pid=config.get("State", {}).get("Pid"),
+                    started=convert_timestamp(config.get("State", {}).get("StartedAt")),
+                    finished=convert_timestamp(config.get("State", {}).get("FinishedAt")),
                     ports=convert_ports(ports),
-                    names=config.get("Name").replace("/", "", 1),
+                    names=config.get("Name", "").replace("/", "", 1),
                     volumes=volumes,
                     mount_path=mount_path,
                     config_path=config_path,
@@ -288,19 +301,19 @@ class DockerPlugin(Plugin):
         for line in open_decompress(path, "rt"):
             try:
                 entry = json.loads(line)
-            except json.JSONDecodeError as e:
-                self.target.log.warning("Could not decode JSON line in file %s", path)
+            except (json.JSONDecodeError, UnicodeDecodeError) as e:
+                self.target.log.warning("Could not decode JSON line in file: %s", path)
                 self.target.log.debug("", exc_info=e)
                 continue
             yield entry
 
 
-def get_data_path(path: Path) -> Optional[str]:
+def get_data_path(path: Path) -> str | None:
     """Returns the configured Docker daemon data-root path."""
     try:
         config = json.loads(path.open("rt").read())
-    except json.JSONDecodeError as e:
-        log.warning("Could not read JSON file '%s'", path)
+    except (json.JSONDecodeError, UnicodeDecodeError) as e:
+        log.warning("Could not read JSON file: %s", path)
         log.debug(exc_info=e)
 
     return config.get("data-root")
@@ -341,7 +354,7 @@ def find_installs(target: Target) -> Iterator[Path]:
                     yield data_root_path
 
 
-def convert_timestamp(timestamp: str) -> str:
+def convert_timestamp(timestamp: str | None) -> str:
     """Docker sometimes uses (unpadded) 9 digit nanosecond precision
     in their timestamp logs, eg. "2022-12-19T13:37:00.123456789Z".
 
@@ -350,6 +363,9 @@ def convert_timestamp(timestamp: str) -> str:
     compatbility with the 6 digit %f microsecond directive.
     """
 
+    if not timestamp:
+        return
+
     timestamp_nanoseconds_plus_postfix = timestamp[19:]
     match = RE_DOCKER_NS.match(timestamp_nanoseconds_plus_postfix)
 

{dissect.target-3.20.dev6.dist-info → dissect.target-3.20.dev8.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.20.dev6
+Version: 3.20.dev8
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.20.dev6.dist-info → dissect.target-3.20.dev8.dist-info}/RECORD

@@ -61,7 +61,7 @@ dissect/target/helpers/mui.py,sha256=i-7XoHbu4WO2fYapK9yGAMW04rFlgRispknc1KQIS5Q
 dissect/target/helpers/network_managers.py,sha256=ByBSe2K3c8hgQC6dokcf-hHdmPcD8PmrOj0xs1C3yhs,25743
 dissect/target/helpers/polypath.py,sha256=h8p7m_OCNiQljGwoZh5Aflr9H2ot6CZr6WKq1OSw58o,2175
 dissect/target/helpers/protobuf.py,sha256=b4DsnqrRLrefcDjx7rQno-_LBcwtJXxuKf5RdOegzfE,1537
-dissect/target/helpers/record.py,sha256=euNDDZi29fo8ENN1gsPycB38OMn35clLM9_K-srZ5E0,5852
+dissect/target/helpers/record.py,sha256=vbsZBUQ5sxsWGaGUJk2yHV5miXvK9HfZgVarM5Cmqto,5852
 dissect/target/helpers/record_modifier.py,sha256=O_Jj7zOi891HIyAYjxxe6LFPYETHdMa5lNjo4NA_T_w,3969
 dissect/target/helpers/regutil.py,sha256=kX-sSZbW8Qkg29Dn_9zYbaQrwLumrr4Y8zJ1EhHXIAM,27337
 dissect/target/helpers/shell_application_ids.py,sha256=hYxrP-YtHK7ZM0ectJFHfoMB8QUXLbYNKmKXMWLZRlA,38132
@@ -127,7 +127,7 @@ dissect/target/plugins/apps/browser/edge.py,sha256=tuuIbm4s8nNstA6nIOEfU0LG0jt20
 dissect/target/plugins/apps/browser/firefox.py,sha256=mZBBagFfIdiz9kUyK4Hi989I4g3CWrClBbmpaGMRKxg,32472
 dissect/target/plugins/apps/browser/iexplore.py,sha256=g_xw0toaiyjevxO8g9XPCOqc-CXZp39FVquRhPFGdTE,8801
 dissect/target/plugins/apps/container/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/apps/container/docker.py,sha256=KxQRbKGgxkf3YFBMa7fjeJ7qo8qjFys7zEmfQhDTnLw,15305
+dissect/target/plugins/apps/container/docker.py,sha256=LTsZplaECSfO1Ysp_Y-9WsnNocsreu_iHO8fbSif3g0,16221
 dissect/target/plugins/apps/remoteaccess/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/remoteaccess/anydesk.py,sha256=IdijK3F6ppaB_IgKL-xDljlEbb8l9S2U0xSWKqK9xRs,4294
 dissect/target/plugins/apps/remoteaccess/remoteaccess.py,sha256=DWXkRDVUpFr1icK2fYwSXdZD204Xz0yRuO7rcJOwIwc,825
@@ -363,10 +363,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=7ShPtusuLGaIv27SvEETtgsuoQyAa4iAAeOR1NEaajI,1689
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.20.dev6.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.20.dev6.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.20.dev6.dist-info/METADATA,sha256=fpn-GHvIaUQ8kWFx0kTIwF9A0-q43fdFymwUWjX-AXQ,12896
-dissect.target-3.20.dev6.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
-dissect.target-3.20.dev6.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
-dissect.target-3.20.dev6.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.20.dev6.dist-info/RECORD,,
+dissect.target-3.20.dev8.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.20.dev8.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.20.dev8.dist-info/METADATA,sha256=VtQsgGmXH9A74YcDFwgv69F90Mk9mrD0-VQTWRKvFQU,12896
+dissect.target-3.20.dev8.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
+dissect.target-3.20.dev8.dist-info/entry_points.txt,sha256=BWuxAb_6AvUAQpIQOQU0IMTlaF6TDht2AIZK8bHd-zE,492
+dissect.target-3.20.dev8.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.20.dev8.dist-info/RECORD,,