Skip to content

Commit

Permalink
Merge pull request #302 from target/scan-iso-timezone
Browse files Browse the repository at this point in the history 
ScanIso Timezone Removal
  • Loading branch information
@phutelmyer
phutelmyer authored Jan 30, 2023
2 parents 436ff35 + 799f6d4 commit c6a5c26
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 34 deletions.
84 changes: 53 additions & 31 deletions src/python/strelka/scanners/scan_iso.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,12 @@ class ScanIso(strelka.Scanner):
"""Extracts files from ISO files."""

def scan(self, data, file, options, expire_at):
file_limit = options.get('limit', 1000)
file_limit = options.get("limit", 1000)

self.event['total'] = {'files': 0, 'extracted': 0}
self.event['files'] = []
self.event['hidden_dirs'] = []
self.event['meta'] = {}
self.event["total"] = {"files": 0, "extracted": 0}
self.event["files"] = []
self.event["hidden_dirs"] = []
self.event["meta"] = {}

try:
# ISO must be opened as a byte stream
Expand All @@ -26,38 +26,51 @@ def scan(self, data, file, options, expire_at):

# Attempt to get Meta
try:
self.event['meta']['date_created'] = self._datetime_from_volume_date(iso.pvd.volume_creation_date)
self.event['meta']['date_effective'] = self._datetime_from_volume_date(iso.pvd.volume_effective_date)
self.event['meta']['date_expiration'] = self._datetime_from_volume_date(iso.pvd.volume_expiration_date)
self.event['meta']['date_modification'] = self._datetime_from_volume_date(iso.pvd.volume_modification_date)
self.event['meta']['volume_identifier'] = iso.pvd.volume_identifier.decode()
self.event["meta"][
"date_created"
] = self._datetime_from_volume_date(iso.pvd.volume_creation_date)
self.event["meta"][
"date_effective"
] = self._datetime_from_volume_date(iso.pvd.volume_effective_date)
self.event["meta"][
"date_expiration"
] = self._datetime_from_volume_date(iso.pvd.volume_expiration_date)
self.event["meta"][
"date_modification"
] = self._datetime_from_volume_date(
iso.pvd.volume_modification_date
)
self.event["meta"][
"volume_identifier"
] = iso.pvd.volume_identifier.decode()
except strelka.ScannerTimeout:
raise
except Exception:
pass

if iso.has_udf():
pathname = 'udf_path'
pathname = "udf_path"
elif iso.has_rock_ridge():
pathname = 'rr_path'
pathname = "rr_path"
elif iso.has_joliet():
pathname = 'joliet_path'
pathname = "joliet_path"
else:
pathname = 'iso_path'
pathname = "iso_path"

root_entry = iso.get_record(**{pathname: '/'})
root_entry = iso.get_record(**{pathname: "/"})

# Iterate through ISO file tree
dirs = collections.deque([root_entry])
while dirs:
dir_record = dirs.popleft()
ident_to_here = iso.full_path_from_dirrecord(dir_record,
rockridge=pathname == 'rr_path')
ident_to_here = iso.full_path_from_dirrecord(
dir_record, rockridge=pathname == "rr_path"
)
if dir_record.is_dir():
# Try to get hidden files, not applicable to all iso types
try:
if dir_record.file_flags == 3:
self.event['hidden_dirs'].append(ident_to_here)
self.event["hidden_dirs"].append(ident_to_here)

except strelka.ScannerTimeout:
raise
Expand All @@ -73,38 +86,47 @@ def scan(self, data, file, options, expire_at):
else:
try:
# Collect File Metadata
self.event['files'].append({'filename': ident_to_here,
'size': iso.get_record(**{pathname: ident_to_here}).data_length,
'date_utc': self._datetime_from_iso_date(
iso.get_record(**{pathname: ident_to_here}).date)})
self.event["files"].append(
{
"filename": ident_to_here,
"size": iso.get_record(
**{pathname: ident_to_here}
).data_length,
"date_utc": self._datetime_from_iso_date(
iso.get_record(**{pathname: ident_to_here}).date
),
}
)

# Extract ISO Files (If Below Option Limit)
if self.event['total']['extracted'] < file_limit:
if self.event["total"]["extracted"] < file_limit:
try:
self.event['total']['files'] += 1
self.event["total"]["files"] += 1
file_io = io.BytesIO()
iso.get_file_from_iso_fp(file_io, **{pathname: ident_to_here})
iso.get_file_from_iso_fp(
file_io, **{pathname: ident_to_here}
)

file_io.seek(0)
extract_data = file_io.read()

# Send extracted file back to Strelka
self.emit_file(extract_data, name=ident_to_here)

self.event['total']['extracted'] += 1
self.event["total"]["extracted"] += 1
except strelka.ScannerTimeout:
raise
except Exception as e:
self.flags.append(f'iso_extract_error: {e}')
self.flags.append(f"iso_extract_error: {e}")
except strelka.ScannerTimeout:
raise
except Exception:
self.flags.append('iso_read_error')
self.flags.append("iso_read_error")
iso.close()
except strelka.ScannerTimeout:
raise
except Exception:
self.flags.append('iso_read_error')
self.flags.append("iso_read_error")

@staticmethod
def _datetime_from_volume_date(volume_date):
Expand All @@ -125,7 +147,7 @@ def _datetime_from_volume_date(volume_date):
minute,
second,
)
return dt.strftime('%Y-%m-%dT%H:%M:%SZ')
return dt.strftime("%Y-%m-%dT%H:%M:%S")
except strelka.ScannerTimeout:
raise
except Exception:
Expand Down Expand Up @@ -160,7 +182,7 @@ def _datetime_from_iso_date(iso_date):
iso_date.minute,
iso_date.second,
)
dt = dt.strftime('%Y-%m-%dT%H:%M:%SZ')
dt = dt.strftime("%Y-%m-%dT%H:%M:%S")
except strelka.ScannerTimeout:
raise
except Exception:
Expand Down
6 changes: 3 additions & 3 deletions src/python/strelka/tests/test_scan_iso.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,14 @@ def test_scan_iso(mocker):
"flags": [],
"total": {"files": 1, "extracted": 1},
"files": [
{"filename": "/lorem.txt", "size": 4015, "date_utc": "2022-12-11T18:44:49Z"}
{"filename": "/lorem.txt", "size": 4015, "date_utc": "2022-12-11T18:44:49"}
],
"hidden_dirs": [],
"meta": {
"date_created": "2022-12-11T18:42:00Z",
"date_created": "2022-12-11T18:42:00",
"date_effective": None,
"date_expiration": None,
"date_modification": "2022-12-11T18:42:00Z",
"date_modification": "2022-12-11T18:42:00",
"volume_identifier": "NEW_VOLUME ",
},
}
Expand Down

0 comments on commit c6a5c26

Please sign in to comment.