dissect.target.plugins.os.windows.task_helpers.tasks_xml#

Module Contents#

Classes#

ScheduledTasks

XmlTask

Initialize the XmlTask class for open XML-based task files.
class dissect.target.plugins.os.windows.task_helpers.tasks_xml.ScheduledTasks(xml_file: dissect.target.helpers.fsutil.TargetPath)#
strip_namespace(data: xml.etree.ElementTree.Element) xml.etree.ElementTree.Element#

Strip namespace from XML data.

If the data has a namespace, it will be removed from all the XML tags.

Parameters:

data – The XML data as an Element object.

Returns:

The XML data with the stripped namespace.

get_tasks()#
class dissect.target.plugins.os.windows.task_helpers.tasks_xml.XmlTask(task_element: xml.etree.ElementTree.Element, task_path: dissect.target.helpers.fsutil.TargetPath)#

Initialize the XmlTask class for open XML-based task files.

Parameters:

  • xml_file – the file to be parsed.

  • target – the target system.

strip_namespace(data: xml.etree.ElementTree.Element) xml.etree.ElementTree.Element#

Strip namespace from XML data.

If the data has a namespace, it will be removed from all the XML tags.

Parameters:

data – The XML data as an Element object.

Returns:

The XML data with the stripped namespace.

get_element(xml_path: str, xml_data: xml.etree.ElementTree.Element | None = None, attribute: str | None = None) str | None#

Get the value of the specified XML element.

Parameters:

  • xml_path – The string used to locate the element.

  • xml_data – The XML data to search in. If not provided, use self.xml_data.

  • attribute – The name of a specific attribute from an element that should be returned.

Returns:

The value of the XML element if found, otherwise None.

Return type:

str

get_raw(xml_path: str | None = None) str#

Get the raw XML data of the specified element.

Parameters:

xml_path – The string used to locate the element.

Returns:

The raw XML data as string of the element if found, otherwise None.

Return type:

bytes

get_triggers() Iterator[flow.record.GroupedRecord]#

Get the triggers from the XML task data.

Yields:

GroupedRecord – The grouped record representing a trigger.

get_actions() Iterator[flow.record.RecordDescriptor]#

Get the actions from the XML task data.

Yields:

ActionRecord – The action record representing an action.