:py:mod:`dissect.target.plugins.filesystem.walkfs`
==================================================

.. py:module:: dissect.target.plugins.filesystem.walkfs




Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.filesystem.walkfs.WalkFsPlugin



Functions
~~~~~~~~~

.. autoapisummary::
   :nosignatures:

   dissect.target.plugins.filesystem.walkfs.generate_record



Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.filesystem.walkfs.FilesystemRecord


.. py:data:: FilesystemRecord

.. py:class:: WalkFsPlugin(target: dissect.target.target.Target)

   Bases: :py:obj:`dissect.target.plugin.Plugin`


   Filesystem agnostic walkfs plugin.


   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with the current target (``self.target``).
      For example, check if a certain file exists. Otherwise it should raise an
      :class:`UnsupportedPluginError`.

      :raises UnsupportedPluginError: If the plugin could not be loaded.



   .. py:method:: walkfs(walkfs_path: str = '/', capability: bool = False, mimetype: bool = False) -> collections.abc.Iterator[FilesystemRecord]

      Walk a target's filesystem and return all filesystem entries.

      .. rubric:: References

      - https://man7.org/linux/man-pages/man2/lstat.2.html
      - https://man7.org/linux/man-pages/man7/inode.7.html
      - https://man7.org/linux/man-pages/man7/xattr.7.html
      - https://man7.org/linux/man-pages/man2/execve.2.html
      - https://steflan-security.com/linux-privilege-escalation-suid-binaries
      - https://github.com/torvalds/linux/blob/master/include/uapi/linux/capability.h

      Yields FilesystemRecords for every filesystem entry and CapabilityRecords if ``xattr`` security
      attributes were found in the filesystem entry and the ``--capability`` flag is set.

      Mimetype lookup can be enabled using the ``--mimetype`` flag.

      .. code-block:: text

          hostname (string): The target hostname.
          domain (string): The target domain.
          mtime (datetime): modified timestamp indicates the last time the contents of a file were modified.
          atime (datetime): access timestamp indicates the last time a file was accessed.
          ctime (datetime): changed timestamp indicates the last time metadata of a file was modified.
          btime (datetime): birth timestamp indicates the time when a file was created.
          ino (varint): number of the corresponding underlying filesystem inode.
          path (path): path location of the entry.
          size (filesize): size of the file in bytes on the filesystem.
          mode (uint32): contains the file type and mode.
          uid (uint32): the user id of the owner of the entry.
          gid (uint32): the group id of the owner of the entry.
          mimetype (string): detected mimetype of the entry.
          is_suid (boolean): denotes if the entry has the set-user-id bit set.
          attr (string[]): list of key-value pair attributes separated by '='.
          fs_types (string[]): list of filesystem type(s) of the entry.



.. py:function:: generate_record(target: dissect.target.target.Target, entry: dissect.target.filesystem.FilesystemEntry, capability: bool, mimetype: bool) -> collections.abc.Iterator[FilesystemRecord]

   Generate a :class:`WalkFsRecord` from the given :class:`FilesystemEntry`.

   :param target: :class:`Target` instance
   :param entry: :class:`FilesystemEntry` instance
   :param capability: bool
   :param mimetype: bool

   :returns: Generator of :class:`FilesystemRecord` for the given :class:`FilesystemEntry`.