From e728a2ccb3a40850ee8d53e67e4d5d6a5b8a6ed6 Mon Sep 17 00:00:00 2001 From: Computer Network Investigation <121175071+JSCU-CNI@users.noreply.github.com> Date: Wed, 4 Dec 2024 04:09:29 -0500 Subject: [PATCH] Improve lnk plugin exception handling (#963) --- dissect/target/plugins/os/windows/lnk.py | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/dissect/target/plugins/os/windows/lnk.py b/dissect/target/plugins/os/windows/lnk.py index eb65f6030..ceb0cb584 100644 --- a/dissect/target/plugins/os/windows/lnk.py +++ b/dissect/target/plugins/os/windows/lnk.py @@ -1,4 +1,6 @@ -from typing import Iterator, Optional +from __future__ import annotations + +from typing import Iterator from dissect.shellitem.lnk import Lnk from dissect.util import ts @@ -34,7 +36,7 @@ ) -def parse_lnk_file(target: Target, lnk_file: Lnk, lnk_path: TargetPath) -> Iterator[LnkRecord]: +def parse_lnk_file(target: Target, lnk_file: Lnk, lnk_path: TargetPath) -> LnkRecord: # we need to get the active codepage from the system to properly decode some values codepage = target.codepage or "ascii" @@ -132,7 +134,7 @@ def check_compatible(self) -> None: @arg("--path", "-p", dest="path", default=None, help="Path to directory or .lnk file in target") @export(record=LnkRecord) - def lnk(self, path: Optional[str] = None) -> Iterator[LnkRecord]: + def lnk(self, path: str | None = None) -> Iterator[LnkRecord]: """Parse all .lnk files in /ProgramData, /Users, and /Windows or from a specified path in record format. Yields a LnkRecord record with the following fields: @@ -160,10 +162,14 @@ def lnk(self, path: Optional[str] = None) -> Iterator[LnkRecord]: """ for entry in self.lnk_entries(path): - lnk_file = Lnk(entry.open()) - yield parse_lnk_file(self.target, lnk_file, entry) - - def lnk_entries(self, path: Optional[str] = None) -> Iterator[TargetPath]: + try: + lnk_file = Lnk(entry.open()) + yield parse_lnk_file(self.target, lnk_file, entry) + except Exception as e: + self.target.log.warning("Failed to parse link file %s", lnk_file) + self.target.log.debug("", exc_info=e) + + def lnk_entries(self, path: str | None = None) -> Iterator[TargetPath]: if path: target_path = self.target.fs.path(path) if not target_path.exists():