dissect.target.plugins.os.windows.tasks.xml¶
Module Contents¶
Classes¶
Parses and extracts information from an XML-based Task Scheduler file. |
Functions¶
Convert a string to a boolean value. |
- class dissect.target.plugins.os.windows.tasks.xml.ScheduledTasks(xml_file: dissect.target.helpers.fsutil.TargetPath)¶
- task_path¶
- tasks = []¶
- strip_namespace(data: xml.etree.ElementTree.Element) xml.etree.ElementTree.Element¶
Strip namespace from XML data.
If the data has a namespace, it will be removed from all the XML tags.
- Parameters:
data – The XML data as an Element object.
- Returns:
The XML data with the stripped namespace.
- dissect.target.plugins.os.windows.tasks.xml.str_to_bool(string_to_convert: str) bool | None¶
Convert a string to a boolean value.
The conversion is case-insensitive and only accepts ‘true’ or ‘false’ (with optional surrounding whitespace). Raises a ValueError for any other input.
- Parameters:
string_to_convert – The input string to convert. Should be ‘true’ or ‘false’, case-insensitively.
- Returns:
None for an empty string, True if the input string is ‘true’ (case-insensitive), False if ‘false’.
- class dissect.target.plugins.os.windows.tasks.xml.XmlTask(task_element: xml.etree.ElementTree.Element, task_path: dissect.target.helpers.fsutil.TargetPath)¶
Parses and extracts information from an XML-based Task Scheduler file.
This class is used to extract metadata, triggers, and actions from a task defined in an XML format (used in newer versions of Windows Task Scheduler).
- Parameters:
task_element – The root XML element representing the task.
task_path – The path of the task in the target system.
- task_path¶
- task_element¶
- task_name = None¶
- app_name = None¶
- args = None¶
- start_in = None¶
- comment = None¶
- run_as = None¶
- cpassword = None¶
- action = None¶
- uri = None¶
- security_descriptor = None¶
- source = None¶
- date = None¶
- author = None¶
- version = None¶
- description = None¶
- documentation = None¶
- principal_id = None¶
- user_id = None¶
- logon_type = None¶
- group_id = None¶
- display_name¶
- run_level = None¶
- process_token_sid_type = None¶
- required_privileges = None¶
- allow_start_on_demand = None¶
- restart_on_failure_interval = None¶
- restart_on_failure_count = None¶
- mutiple_instances_policy = None¶
- disallow_start_on_batteries = None¶
- stop_going_on_batteries = None¶
- allow_hard_terminate = None¶
- start_when_available = None¶
- network_profile_name = None¶
- run_only_network_available = None¶
- wake_to_run = None¶
- delete_expired_task_after = None¶
- idle_duration = None¶
- idle_wait_timeout = None¶
- idle_stop_on_idle_end = None¶
- idle_restart_on_idle = None¶
- network_settings_name = None¶
- network_settings_id = None¶
- execution_time_limit = None¶
- priority = None¶
- run_only_idle = None¶
- unified_scheduling_engine = None¶
- disallow_start_on_remote_app_session = None¶
- enabled = None¶
- data¶
- raw_data¶
- strip_namespace(data: xml.etree.ElementTree.Element) xml.etree.ElementTree.Element¶
Strip namespace from XML data.
If the data has a namespace, it will be removed from all the XML tags.
- Parameters:
data – The XML data as an Element object.
- Returns:
The XML data with the stripped namespace.
- get_element(xml_path: str, xml_data: xml.etree.ElementTree.Element | None = None, attribute: str | None = None) str | None¶
Get the value of the specified XML element.
- Parameters:
xml_path – The string used to locate the element.
xml_data – The XML data to search in. If not provided, use self.xml_data.
attribute – The name of a specific attribute from an element that should be returned.
- Returns:
The value of the XML element if found, otherwise None.
- Return type:
str
- get_raw(xml_path: str | None = None) str¶
Get the raw XML data of the specified element.
- Parameters:
xml_path – The string used to locate the element.
- Returns:
The raw XML data as string of the element if found, otherwise None.
- Return type:
- get_triggers() collections.abc.Iterator[flow.record.GroupedRecord]¶
Get the triggers from the XML task data.
- Yields:
GroupedRecord – The grouped record representing a trigger.
- get_actions() collections.abc.Iterator[flow.record.GroupedRecord]¶
Get the actions from the XML task data.
- Yields:
ActionRecord – The action record representing an action.