-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add plugin to parse recentlyused.xbel files from Linux desktops #715
base: main
Are you sure you want to change the base?
Conversation
Because this year will be the year of the Linux desktop.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the name changes are for readability when executing the plugin and parsing what gets done.
from dissect.target.plugin import Plugin, export | ||
|
||
RecentlyUsedRecord = TargetRecordDescriptor( | ||
"unix/linux/recentlyused", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"unix/linux/recentlyused", | |
"unix/linux/recently_used", |
) | ||
|
||
RecentlyUsedIconRecord = TargetRecordDescriptor( | ||
"unix/linux/recentlyusedicon", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"unix/linux/recentlyusedicon", | |
"unix/linux/recently_used_icon", |
) | ||
|
||
RecentlyUsedApplicationRecord = TargetRecordDescriptor( | ||
"unix/linux/recentlyusedapplication", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"unix/linux/recentlyusedapplication", | |
"unix/linux/recently_used_application", |
href=icon.get("href"), | ||
name=icon.get("name"), | ||
) | ||
yield GroupedRecord("unix/linux/recentlyused/grouped", [cur, iconrecord]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yield GroupedRecord("unix/linux/recentlyused/grouped", [cur, iconrecord]) | |
yield GroupedRecord("unix/linux/recently_used/grouped", [cur, iconrecord]) |
exec=app.get("exec"), | ||
count=app.get("count"), | ||
) | ||
yield GroupedRecord("unix/linux/recentlyused/grouped", [cur, apprecord]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yield GroupedRecord("unix/linux/recentlyused/grouped", [cur, apprecord]) | |
yield GroupedRecord("unix/linux/recently_used/grouped", [cur, apprecord]) |
"""Parse recently-used.xbel files on Linux Desktops.""" | ||
|
||
for user, xbel_file in self.users_files: | ||
for record in parse_recentlyused_xbel(user.name, xbel_file): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for record in parse_recentlyused_xbel(user.name, xbel_file): | |
for record in parse_recently_used_xbel(user.name, xbel_file): |
fs_unix.map_file("/home/user/.local/share/recently-used.xbel", data_file) | ||
target_unix_users.add_plugin(RecentlyUsedPlugin) | ||
|
||
results = list(target_unix_users.recentlyused()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
results = list(target_unix_users.recentlyused()) | |
results = list(target_unix_users.recently_used()) |
visited=parse_ts(b.get("visited")), | ||
mimetype=mimetype, | ||
groups=group_list, | ||
private=private, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
private=private, | |
private=private, | |
_target=self.target, |
The TargetRecordDescriptor
provides a field named _target
this will cause the hostname and domain fields to get filled.
That being said, I don't think RecentlyUsedIconRecord
and RecentlyUsedApplicationRecord
need to be a TargetRecordDescriptor
as it would only provide redundant information
private = private_entries is not None and len(private_entries) > 0 | ||
|
||
cur = RecentlyUsedRecord( | ||
ts=parse_ts(b.get("visited")), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are the timestamp fields always available? cause if they are None
the plugin will crash
|
||
# There should be at most one "private" tag, but accept multiple | ||
private_entries = b.findall("./info/metadata/bookmark:private", ns) | ||
private = private_entries is not None and len(private_entries) > 0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe b.findall
always returns a list, so the none check here is redundant.
Because this year will be the year of the Linux desktop.