Merge branch 'main' into fix/velociraptor_zip

dissect/target/helpers/configutil.py

@@ -891,7 +891,7 @@ def create_parser(self, options: Optional[ParserOptions] = None) -> Configuratio
 }
 
 
-def parse(path: Union[FilesystemEntry, TargetPath], hint: Optional[str] = None, *args, **kwargs) -> ConfigParser:
+def parse(path: Union[FilesystemEntry, TargetPath], hint: Optional[str] = None, *args, **kwargs) -> ConfigurationParser:
     """Parses the content of an ``path`` or ``entry`` to a dictionary.
 
     Args:
@@ -922,7 +922,7 @@ def parse_config(
     entry: FilesystemEntry,
     hint: Optional[str] = None,
     options: Optional[ParserOptions] = None,
-) -> ConfigParser:
+) -> ConfigurationParser:
     parser_type = _select_parser(entry, hint)
 
     parser = parser_type.create_parser(options)

dissect/target/helpers/record.py

@@ -145,44 +145,50 @@ def DynamicDescriptor(types):  # noqa
 
 COMMON_INTERFACE_ELEMENTS = [
     ("string", "name"),
+    ("string[]", "mac"),
     ("string", "type"),
     ("boolean", "enabled"),
-    ("string", "mac"),
     ("net.ipaddress[]", "dns"),
     ("net.ipaddress[]", "ip"),
     ("net.ipaddress[]", "gateway"),
+    ("net.ipnetwork[]", "network"),
     ("string", "source"),
 ]
 
 
 UnixInterfaceRecord = TargetRecordDescriptor(
     "unix/network/interface",
-    COMMON_INTERFACE_ELEMENTS,
+    [
+        *COMMON_INTERFACE_ELEMENTS,
+        ("boolean", "dhcp_ipv4"),  # NetworkManager allows for dual-stack configurations.
+        ("boolean", "dhcp_ipv6"),
+        ("datetime", "last_connected"),
+        ("varint[]", "vlan"),
+        ("string", "configurator"),
+    ],
 )
 
 WindowsInterfaceRecord = TargetRecordDescriptor(
     "windows/network/interface",
     [
         *COMMON_INTERFACE_ELEMENTS,
-        ("varint", "vlan"),
-        ("net.ipnetwork[]", "network"),
         ("varint", "metric"),
         ("stringlist", "search_domain"),
         ("datetime", "first_connected"),
         ("datetime", "last_connected"),
         ("net.ipaddress[]", "subnetmask"),
         ("boolean", "dhcp"),
+        ("varint", "vlan"),
     ],
 )
 
 MacInterfaceRecord = TargetRecordDescriptor(
     "macos/network/interface",
     [
         *COMMON_INTERFACE_ELEMENTS,
-        ("varint", "vlan"),
-        ("net.ipnetwork[]", "network"),
         ("varint", "interface_service_order"),
         ("boolean", "dhcp"),
+        ("varint", "vlan"),
     ],
 )
 

dissect/target/helpers/utils.py

@@ -1,10 +1,12 @@
+from __future__ import annotations
+
 import logging
 import re
 import urllib.parse
 from datetime import datetime, timezone, tzinfo
 from enum import Enum
 from pathlib import Path
-from typing import BinaryIO, Callable, Iterator, Optional, Union
+from typing import BinaryIO, Callable, Iterator, Optional, TypeVar, Union
 
 from dissect.util.ts import from_unix
 
@@ -24,6 +26,23 @@ def findall(buf: bytes, needle: bytes) -> Iterator[int]:
         offset += 1
 
 
+T = TypeVar("T")
+
+
+def to_list(value: T | list[T]) -> list[T]:
+    """Convert a single value or a list of values to a list.
+
+    Args:
+        value: The value to convert.
+
+    Returns:
+        A list of values.
+    """
+    if not isinstance(value, list):
+        return [value]
+    return value
+
+
 class StrEnum(str, Enum):
     """Sortable and serializible string-based enum"""
 

dissect/target/plugins/general/network.py

@@ -79,7 +79,7 @@ def with_ip(self, ip_addr: str) -> Iterator[InterfaceRecord]:
     @internal
     def with_mac(self, mac: str) -> Iterator[InterfaceRecord]:
         for interface in self.interfaces():
-            if interface.mac == mac:
+            if mac in interface.mac:
                 yield interface
 
     @internal

dissect/target/plugins/os/unix/bsd/osx/network.py

@@ -84,9 +84,10 @@ def _interfaces(self) -> Iterator[MacInterfaceRecord]:
                     network=network,
                     interface_service_order=interface_service_order,
                     dhcp=dhcp,
+                    mac=[],
                     _target=self.target,
                 )
 
             except Exception as e:
-                self.target.log.warning("Error reading configuration for network device %s: %s", name, e)
+                self.target.log.warning("Error reading configuration for network device %s", name, exc_info=e)
                 continue

dissect/target/plugins/os/unix/etc/etc.py

@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 import fnmatch
 import re
 from pathlib import Path
@@ -30,9 +32,10 @@ class EtcTree(ConfigurationTreePlugin):
     def __init__(self, target: Target):
         super().__init__(target, "/etc")
 
-    def _sub(self, items: ConfigurationEntry, entry: Path, pattern: str) -> Iterator[UnixConfigTreeRecord]:
+    def _sub(
+        self, items: ConfigurationEntry | dict, entry: Path, orig_path: Path, pattern: str
+    ) -> Iterator[UnixConfigTreeRecord]:
         index = 0
-        config_entry = items
         if not isinstance(items, dict):
             items = items.as_dict()
 
@@ -41,7 +44,7 @@ def _sub(self, items: ConfigurationEntry, entry: Path, pattern: str) -> Iterator
             path = Path(entry) / Path(key)
 
             if isinstance(value, dict):
-                yield from self._sub(value, path, pattern)
+                yield from self._sub(value, path, orig_path, pattern)
                 continue
 
             if not isinstance(value, list):
@@ -50,7 +53,7 @@ def _sub(self, items: ConfigurationEntry, entry: Path, pattern: str) -> Iterator
             if fnmatch.fnmatch(path, pattern):
                 data = {
                     "_target": self.target,
-                    "source": self.target.fs.path(config_entry.entry.path),
+                    "source": self.target.fs.path(orig_path),
                     "path": path,
                     "key": key,
                     "value": value,
@@ -71,8 +74,11 @@ def etc(self, pattern: str, root: str) -> Iterator[UnixConfigTreeRecord]:
         for entry, subs, items in self.config_fs.walk(root):
             for item in items:
                 try:
-                    config_object = self.get(str(Path(entry) / Path(item)))
-                    yield from self._sub(config_object, Path(entry) / Path(item), pattern)
+                    path = Path(entry) / item
+                    config_object = self.get(str(path))
+
+                    if isinstance(config_object, ConfigurationEntry):
+                        yield from self._sub(config_object, path, orig_path=path, pattern=pattern)
                 except Exception:
                     self.target.log.warning("Could not open configuration item: %s", item)
                     pass