From b9a532ca32c23d3748a0ce2fe73ff13f77ae5bcc Mon Sep 17 00:00:00 2001 From: Joachim Metz Date: Tue, 29 Dec 2020 20:29:19 +0100 Subject: [PATCH] Added CPIO archive support #883 --- config/dpkg/control | 2 +- dependencies.ini | 2 +- plaso/dependencies.py | 2 +- plaso/engine/worker.py | 7 ++++++- requirements.txt | 2 +- setup.cfg | 2 +- 6 files changed, 11 insertions(+), 6 deletions(-) diff --git a/config/dpkg/control b/config/dpkg/control index c73787fa68..c4e2317120 100644 --- a/config/dpkg/control +++ b/config/dpkg/control @@ -17,7 +17,7 @@ Description: Data files for plaso (log2timeline) Package: python3-plaso Architecture: all -Depends: plaso-data (>= ${binary:Version}), libbde-python3 (>= 20140531), libcreg-python3 (>= 20200725), libesedb-python3 (>= 20150409), libevt-python3 (>= 20191104), libevtx-python3 (>= 20141112), libewf-python3 (>= 20131210), libfsapfs-python3 (>= 20201107), libfsext-python3 (>= 20200819), libfshfs-python3 (>= 20201103), libfsntfs-python3 (>= 20200805), libfsxfs-python3 (>= 20201114), libfvde-python3 (>= 20160719), libfwnt-python3 (>= 20180117), libfwsi-python3 (>= 20150606), liblnk-python3 (>= 20150830), libluksde-python3 (>= 20200101), libmsiecf-python3 (>= 20150314), libolecf-python3 (>= 20151223), libqcow-python3 (>= 20131204), libregf-python3 (>= 20201002), libscca-python3 (>= 20190605), libsigscan-python3 (>= 20190629), libsmdev-python3 (>= 20140529), libsmraw-python3 (>= 20140612), libvhdi-python3 (>= 20131210), libvmdk-python3 (>= 20140421), libvshadow-python3 (>= 20160109), libvslvm-python3 (>= 20160109), python3-artifacts (>= 20190305), python3-bencode, python3-certifi (>= 2016.9.26), python3-cffi-backend (>= 1.9.1), python3-chardet (>= 2.0.1), python3-cryptography (>= 2.0.2), python3-dateutil (>= 1.5), python3-defusedxml (>= 0.5.0), python3-dfdatetime (>= 20200824), python3-dfvfs (>= 20201114), python3-dfwinreg (>= 20201002), python3-dtfabric (>= 20200621), python3-elasticsearch (>= 7.0), python3-future (>= 0.16.0), python3-idna (>= 2.5), python3-lz4 (>= 0.10.0), python3-pefile (>= 2018.8.8), python3-psutil (>= 5.4.3), python3-pyparsing (>= 2.3.0), python3-pytsk3 (>= 20160721), python3-redis (>= 3.4), python3-requests (>= 2.18.0), python3-six (>= 1.1.0), python3-tz, python3-urllib3 (>= 1.21.1), python3-xlsxwriter (>= 0.9.3), python3-yaml (>= 3.10), python3-yara (>= 3.4.0), python3-zmq (>= 2.1.11), ${python3:Depends}, ${misc:Depends} +Depends: plaso-data (>= ${binary:Version}), libbde-python3 (>= 20140531), libcreg-python3 (>= 20200725), libesedb-python3 (>= 20150409), libevt-python3 (>= 20191104), libevtx-python3 (>= 20141112), libewf-python3 (>= 20131210), libfsapfs-python3 (>= 20201107), libfsext-python3 (>= 20200819), libfshfs-python3 (>= 20201103), libfsntfs-python3 (>= 20200805), libfsxfs-python3 (>= 20201114), libfvde-python3 (>= 20160719), libfwnt-python3 (>= 20180117), libfwsi-python3 (>= 20150606), liblnk-python3 (>= 20150830), libluksde-python3 (>= 20200101), libmsiecf-python3 (>= 20150314), libolecf-python3 (>= 20151223), libqcow-python3 (>= 20131204), libregf-python3 (>= 20201002), libscca-python3 (>= 20190605), libsigscan-python3 (>= 20190629), libsmdev-python3 (>= 20140529), libsmraw-python3 (>= 20140612), libvhdi-python3 (>= 20131210), libvmdk-python3 (>= 20140421), libvshadow-python3 (>= 20160109), libvslvm-python3 (>= 20160109), python3-artifacts (>= 20190305), python3-bencode, python3-certifi (>= 2016.9.26), python3-cffi-backend (>= 1.9.1), python3-chardet (>= 2.0.1), python3-cryptography (>= 2.0.2), python3-dateutil (>= 1.5), python3-defusedxml (>= 0.5.0), python3-dfdatetime (>= 20200824), python3-dfvfs (>= 20201231), python3-dfwinreg (>= 20201002), python3-dtfabric (>= 20200621), python3-elasticsearch (>= 7.0), python3-future (>= 0.16.0), python3-idna (>= 2.5), python3-lz4 (>= 0.10.0), python3-pefile (>= 2018.8.8), python3-psutil (>= 5.4.3), python3-pyparsing (>= 2.3.0), python3-pytsk3 (>= 20160721), python3-redis (>= 3.4), python3-requests (>= 2.18.0), python3-six (>= 1.1.0), python3-tz, python3-urllib3 (>= 1.21.1), python3-xlsxwriter (>= 0.9.3), python3-yaml (>= 3.10), python3-yara (>= 3.4.0), python3-zmq (>= 2.1.11), ${python3:Depends}, ${misc:Depends} Description: Python 3 module of plaso (log2timeline) Plaso (log2timeline) is a framework to create super timelines. Its purpose is to extract timestamps from various files found on typical diff --git a/dependencies.ini b/dependencies.ini index 1b060bdb93..f01a7afc82 100644 --- a/dependencies.ini +++ b/dependencies.ini @@ -56,7 +56,7 @@ version_property: __version__ [dfvfs] dpkg_name: python3-dfvfs -minimum_version: 20201114 +minimum_version: 20201231 rpm_name: python3-dfvfs version_property: __version__ diff --git a/plaso/dependencies.py b/plaso/dependencies.py index e7994fbb33..d39d4db3e2 100644 --- a/plaso/dependencies.py +++ b/plaso/dependencies.py @@ -27,7 +27,7 @@ 'dateutil': ('__version__', '1.5', None, True), 'defusedxml': ('__version__', '0.5.0', None, True), 'dfdatetime': ('__version__', '20200824', None, True), - 'dfvfs': ('__version__', '20201114', None, True), + 'dfvfs': ('__version__', '20201231', None, True), 'dfwinreg': ('__version__', '20201002', None, True), 'dtfabric': ('__version__', '20200621', None, True), 'elasticsearch': ('__versionstr__', '7.0', None, False), diff --git a/plaso/engine/worker.py b/plaso/engine/worker.py index c17bab1ae3..575c8bc4fe 100644 --- a/plaso/engine/worker.py +++ b/plaso/engine/worker.py @@ -499,7 +499,12 @@ def _ProcessArchiveTypes(self, mediator, path_spec, type_indicators): 'archive file: {1:s}').format(type_indicators, display_name)) for type_indicator in type_indicators: - if type_indicator == dfvfs_definitions.TYPE_INDICATOR_TAR: + if type_indicator == dfvfs_definitions.TYPE_INDICATOR_CPIO: + archive_path_spec = path_spec_factory.Factory.NewPathSpec( + dfvfs_definitions.TYPE_INDICATOR_CPIO, location='/', + parent=path_spec) + + elif type_indicator == dfvfs_definitions.TYPE_INDICATOR_TAR: archive_path_spec = path_spec_factory.Factory.NewPathSpec( dfvfs_definitions.TYPE_INDICATOR_TAR, location='/', parent=path_spec) diff --git a/requirements.txt b/requirements.txt index b5e1681eaa..b12d57082f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,7 +9,7 @@ chardet >= 2.0.1 cryptography >= 2.0.2 defusedxml >= 0.5.0 dfdatetime >= 20200824 -dfvfs >= 20201114 +dfvfs >= 20201231 dfwinreg >= 20201002 dtfabric >= 20200621 elasticsearch >= 7.0 diff --git a/setup.cfg b/setup.cfg index be2e7e9817..8cc22cc277 100644 --- a/setup.cfg +++ b/setup.cfg @@ -55,7 +55,7 @@ requires = libbde-python3 >= 20140531 python3-dateutil >= 1.5 python3-defusedxml >= 0.5.0 python3-dfdatetime >= 20200824 - python3-dfvfs >= 20201114 + python3-dfvfs >= 20201231 python3-dfwinreg >= 20201002 python3-dtfabric >= 20200621 python3-elasticsearch >= 7.0