dissect.target.tools.diff¶
Module Contents¶
Classes¶
Signifies a change for a FilesystemEntry between two versions of a target. |
|
For a given directory, contains the unchanged, created, modified and deleted entries, as well as a list of |
|
This class wraps functionality that for two given targets can identify similarities and differences between them. |
|
CLI for browsing the differential between two or more targets. |
Functions¶
Determine whether or not, based on the file stats, we can assume a file hasn't been changed. |
|
Command exection helper for target plugins. Highly similar to target-shell's _exec_target, however this function |
|
Make 'pairs' of targets that we are going to compare against one another. A list of targets can be treated in two |
|
Given a list of targets, compare targets against one another and yield File[Created|Modified|Deleted]Records |
|
Given a list of targets, yielding records indicating which records from this plugin are new, unmodified or |
|
Attributes¶
- dissect.target.tools.diff.log¶
- dissect.target.tools.diff.BLOCK_SIZE = 2048¶
- dissect.target.tools.diff.FILE_LIMIT = 32768¶
- dissect.target.tools.diff.FILE_DIFF_RECORD_FIELDS = [('string', 'src_target'), ('string', 'dst_target'), ('string', 'path')]¶
- dissect.target.tools.diff.RECORD_DIFF_RECORD_FIELDS = [('string', 'src_target'), ('string', 'dst_target'), ('record', 'record')]¶
- dissect.target.tools.diff.FileDeletedRecord¶
- dissect.target.tools.diff.FileCreatedRecord¶
- dissect.target.tools.diff.FileModifiedRecord¶
- dissect.target.tools.diff.RecordCreatedRecord¶
- dissect.target.tools.diff.RecordDeletedRecord¶
- dissect.target.tools.diff.RecordUnchangedRecord¶
- class dissect.target.tools.diff.DifferentialEntry¶
Signifies a change for a FilesystemEntry between two versions of a target.
- path: str¶
- name: str¶
- src_target_entry: dissect.target.filesystem.FilesystemEntry¶
- dst_target_entry: dissect.target.filesystem.FilesystemEntry¶
- class dissect.target.tools.diff.DirectoryDifferential¶
For a given directory, contains the unchanged, created, modified and deleted entries, as well as a list of subdirectories.
- directory: str¶
- unchanged: list[dissect.target.filesystem.FilesystemEntry] = []¶
- created: list[dissect.target.filesystem.FilesystemEntry] = []¶
- modified: list[DifferentialEntry] = []¶
- deleted: list[dissect.target.filesystem.FilesystemEntry] = []¶
- dissect.target.tools.diff.likely_unchanged(src: dissect.target.helpers.fsutil.stat_result, dst: dissect.target.helpers.fsutil.stat_result) bool¶
Determine whether or not, based on the file stats, we can assume a file hasn’t been changed.
- dissect.target.tools.diff.get_plugin_output_records(plugin_name: str, plugin_arg_parts: list[str], target: dissect.target.Target) Iterable[flow.record.Record]¶
Command exection helper for target plugins. Highly similar to target-shell’s _exec_target, however this function only accepts plugins that outputs records, and returns an iterable of records rather than a function that outputs to stdout.
- class dissect.target.tools.diff.TargetComparison(src_target: dissect.target.Target, dst_target: dissect.target.Target, deep: bool = False, file_limit: int = FILE_LIMIT)¶
This class wraps functionality that for two given targets can identify similarities and differences between them. Currently supports differentiating between the target filesystems, and between plugin outputs.
- src_target¶
- dst_target¶
- deep = False¶
- file_limit = 32768¶
- scandir(path: str) DirectoryDifferential¶
Scan a given directory for files that have been unchanged, modified, created or deleted from one target to the next. Add these results (as well as subdirectories) to a DirectoryDifferential object.
- walkdir(path: str, exclude: list[str] | str | None = None, already_iterated: list[str] = None) Iterator[DirectoryDifferential]¶
Recursively iterate directories and yield DirectoryDifferentials.
- differentiate_plugin_outputs(plugin_name: str, plugin_arg_parts: list[str], only_changed: bool = False) Iterator[flow.record.Record]¶
Run a plugin on the source and destination targets and yield RecordUnchanged, RecordCreated and RecordDeleted records. There is no equivalent for the FileModifiedRecord. For files and directories, we can use the path to reliably track changes from one target to the next. There is no equivalent for plugin outputs, so we just assume that all records are either deleted (only on src), created (only on dst) or unchanged (on both).
- class dissect.target.tools.diff.DifferentialCli(*targets: tuple[dissect.target.Target], deep: bool = False, limit: int = FILE_LIMIT)¶
Bases:
dissect.target.tools.shell.ExtendedCmdCLI for browsing the differential between two or more targets.
- doc_header_prefix = Multiline-String¶
Show Value
"""target-diff ========== """
- doc_header_suffix = Multiline-String¶
Show Value
""" Documented commands (type help <topic>):"""
- doc_header_multiple_targets = "Use 'list', 'prev' and 'next' to list and select targets to differentiate between."¶
- targets = ()¶
- deep = False¶
- limit = 32768¶
- src_index = 0¶
- dst_index = 0¶
- comparison: TargetComparison = None¶
- cwd = '/'¶
- alt_separator = '/'¶
- doc_header = Multiline-String¶
Show Value
"""target-diff ========== Documented commands (type help <topic>):"""
- property src_target: dissect.target.Target¶
- property dst_target: dissect.target.Target¶
- property prompt: str¶
Determine the prompt of the cli.
- completedefault(text: str, line: str, begidx: int, endidx: int) list[str]¶
Autocomplete based on files / directories found in the current path.
- do_list(line: str) bool¶
Prints a list of targets to differentiate between. Useful when differentiating between three or more targets. Looks quite bad on small terminal screens.
- cmd_previous(args: argparse.Namespace, line: str) bool¶
When three or more targets are available, move the ‘comparison window’ one position back.
- cmd_next(args: argparse.Namespace, line: str) bool¶
When three or more targets are available, move the ‘comparison window’ one position forward.
- do_cd(path: str) bool¶
Change directory to the given path.
- cmd_ls(args: argparse.Namespace, stdout: TextIO) bool¶
List contents of a directory for two targets.
- cmd_cat(args: argparse.Namespace, stdout: TextIO) bool¶
Output the contents of a file.
- cmd_diff(args: argparse.Namespace, stdout: TextIO) bool¶
Output the difference in file contents between two targets.
- cmd_hexdump(args: argparse.Namespace, stdout: TextIO) bool¶
Output difference of the given file between targets in hexdump.
- cmd_set(args: argparse.Namespace, stdout: TextIO) bool¶
Change either the source or destination target for differentiation. Index can be given relative (when prefixed with ‘+’ or ‘-’, e.g. “set dst +1”) or absolute (e.g. set src 0).
- cmd_enter(args: argparse.Namespace, stdout: TextIO) bool¶
Open a subshell for the source or destination target.
- cmd_find(args: argparse.Namespace, stdout: TextIO) bool¶
Search for files in a directory hierarchy.
- do_plugin(line: str) bool¶
Yield RecordCreated, RecordUnchanged and RecordDeleted Records by comparing plugin outputs for two targets.
- do_python(line: str) bool¶
drop into a Python shell.
- dissect.target.tools.diff.make_target_pairs(targets: tuple[dissect.target.Target], absolute: bool = False) list[tuple[dissect.target.Target, dissect.target.Target]]¶
Make ‘pairs’ of targets that we are going to compare against one another. A list of targets can be treated in two ways: compare every target with the one that came before it, or compare all targets against a ‘base’ target (which has to be supplied as initial target in the list).
- dissect.target.tools.diff.differentiate_target_filesystems(*targets: tuple[dissect.target.Target], deep: bool = False, limit: int = FILE_LIMIT, absolute: bool = False, include: list[str] = None, exclude: list[str] = None) Iterator[flow.record.Record]¶
Given a list of targets, compare targets against one another and yield File[Created|Modified|Deleted]Records indicating the differences between them.
- dissect.target.tools.diff.differentiate_target_plugin_outputs(*targets: tuple[dissect.target.Target], absolute: bool = False, only_changed: bool = False, plugin: str, plugin_args: str = '') Iterator[flow.record.Record]¶
Given a list of targets, yielding records indicating which records from this plugin are new, unmodified or deleted.
- dissect.target.tools.diff.main() None¶