Merge pull request #274 from mkorman90/cleanup

Cleanup
mkorman90 · Aug 13, 2024 · 602ef14 · 602ef14
2 parents d84c307 + e3b66c3
commit 602ef14
Show file tree

Hide file tree

Showing 35 changed files with 414 additions and 371 deletions.
diff --git a/regipy/__init__.py b/regipy/__init__.py
@@ -1,4 +1,5 @@
+ # flake8: noqa 
 from .registry import *
 
 __title__ = "regipy"
-__version__ = "4.3.1"
+__version__ = "4.9.0"
diff --git a/regipy/cli.py b/regipy/cli.py
@@ -1,22 +1,19 @@
-import binascii
 import csv
 import json
 import logging
 import os
 import time
-from typing import Generator, Iterator
 
 
 import attr
 import click
-import pytz
 from tabulate import tabulate
 
 from regipy.plugins.plugin import PLUGINS
 from regipy.recovery import apply_transaction_logs
 from regipy.regdiff import compare_hives
 from regipy.plugins.utils import run_relevant_plugins
-from regipy.registry import NKRecord, RegistryHive
+from regipy.registry import RegistryHive
 from regipy.exceptions import RegistryKeyNotFoundException
 from regipy.utils import calculate_xor32_checksum, _setup_logging
 from regipy.cli_utils import get_filtered_subkeys, _normalize_subkey_fields

diff --git a/regipy/cli_utils.py b/regipy/cli_utils.py
@@ -25,8 +25,10 @@ def get_filtered_subkeys(
     Get records filtered by the specified timestamps
     :param registry_hive: A RegistryHive object
     :param name_key_entry: A list of paths as strings
-    :param start_date: Include only subkeys modified after the specified date, in isoformat UTC, for example: 2020-02-18T14:15:00.000000
-    :param end_date: Include only subkeys modified before the specified date, in isoformat UTC, for example: 2020-02-20T14:15:00.000000
+    :param start_date: Include only subkeys modified after the specified date
+                     in isoformat UTC, for example: 2020-02-18T14:15:00.000000
+    :param end_date: Include only subkeys modified before the specified date
+                     in isoformat UTC, for example: 2020-02-20T14:15:00.000000
     """
     skipped_entries_count = 0
     if start_date:

diff --git a/regipy/exceptions.py b/regipy/exceptions.py
@@ -44,9 +44,3 @@ class RegistryParsingException(RegipyException):
     """
 
     pass
-
-
-class NtSidDecodingException(RegipyException):
-    """
-    Raised when the binary Windows NT SID representation can not be decoded
-    """
diff --git a/regipy/plugins/__init__.py b/regipy/plugins/__init__.py
@@ -1,3 +1,4 @@
+# flake8: noqa
 from .amcache.amcache import AmCachePlugin
 from .bcd.boot_entry_list import BootEntryListPlugin
 from .ntuser.installed_programs_ntuser import InstalledProgramsNTUserPlugin

diff --git a/regipy/plugins/ntuser/shellbags_ntuser.py b/regipy/plugins/ntuser/shellbags_ntuser.py
@@ -35,9 +35,9 @@ def _get_shell_item_type(shell_item):
             import pyfwsi
         except ModuleNotFoundError as ex:
             logger.exception(
-                f"Plugin `shellbag_plugin` has missing modules, install regipy using"
-                f" `pip install regipy[full]` in order to install plugin dependencies. "
-                f"This might take some time... "
+                "Plugin `shellbag_plugin` has missing modules, install regipy using"
+                " `pip install regipy[full]` in order to install plugin dependencies. "
+                "This might take some time... "
             )
             raise ex
 
@@ -319,12 +319,13 @@ def iter_sk(self, key, reg_path, codepage=DEFAULT_CODEPAGE, base_path="", path="
     def run(self, codepage=DEFAULT_CODEPAGE):
 
         try:
+            # flake8: noqa
             import pyfwsi
         except ModuleNotFoundError as ex:
             logger.exception(
-                f"Plugin `shellbag_plugin` has missing modules, install regipy using"
-                f" `pip install regipy[full]` in order to install plugin dependencies. "
-                f"This might take some time... "
+                "Plugin `shellbag_plugin` has missing modules, install regipy using"
+                " `pip install regipy[full]` in order to install plugin dependencies. "
+                "This might take some time... "
             )
             raise ex
 

diff --git a/regipy/plugins/ntuser/user_assist.py b/regipy/plugins/ntuser/user_assist.py
@@ -1,9 +1,8 @@
-import binascii
 import codecs
 
 import logging
 
-from construct import *
+from construct import Bytes, Const, ConstError, Int32ul, Int64ul, Struct
 
 from regipy.exceptions import RegistryKeyNotFoundException
 from regipy.hive_types import NTUSER_HIVE_TYPE

diff --git a/regipy/plugins/ntuser/winscp_saved_sessions.py b/regipy/plugins/ntuser/winscp_saved_sessions.py
@@ -1,7 +1,5 @@
 import logging
 
-from inflection import underscore
-
 from regipy import RegistryKeyNotFoundException
 from regipy.hive_types import NTUSER_HIVE_TYPE
 from regipy.plugins.plugin import Plugin

diff --git a/regipy/plugins/ntuser/word_wheel_query.py b/regipy/plugins/ntuser/word_wheel_query.py
@@ -1,9 +1,6 @@
-import binascii
-import codecs
-
 import logging
 
-from construct import *
+from construct import CString, GreedyRange, Int32ul
 
 from regipy.exceptions import RegistryKeyNotFoundException
 from regipy.hive_types import NTUSER_HIVE_TYPE

diff --git a/regipy/plugins/plugin.py b/regipy/plugins/plugin.py
@@ -1,6 +1,6 @@
 import logging
 
-from typing import Any, Dict, List, Optional
+from typing import Any, Dict, List
 
 from regipy.registry import RegistryHive
 

diff --git a/regipy/plugins/plugin_template.py b/regipy/plugins/plugin_template.py
@@ -2,7 +2,6 @@
 
 from regipy.hive_types import NTUSER_HIVE_TYPE
 from regipy.plugins.plugin import Plugin
-from regipy.utils import get_subkey_values_from_list
 
 logger = logging.getLogger(__name__)
 

diff --git a/regipy/plugins/software/image_file_execution_options.py b/regipy/plugins/software/image_file_execution_options.py
@@ -2,7 +2,7 @@
 
 from regipy.hive_types import SOFTWARE_HIVE_TYPE
 from regipy.plugins.plugin import Plugin
-from regipy.utils import get_subkey_values_from_list, convert_wintime
+from regipy.utils import convert_wintime
 
 logger = logging.getLogger(__name__)
 

diff --git a/regipy/plugins/software/profilelist.py b/regipy/plugins/software/profilelist.py
@@ -1,11 +1,8 @@
-import pytz
-import datetime
 import logging
 
-from regipy.exceptions import RegistryKeyNotFoundException, NoRegistryValuesException
+from regipy.exceptions import RegistryKeyNotFoundException
 from regipy.hive_types import SOFTWARE_HIVE_TYPE
 from regipy.plugins.plugin import Plugin
-from regipy.utils import get_subkey_values_from_list
 from regipy.utils import convert_wintime, convert_filetime
 
 

diff --git a/regipy/plugins/system/computer_name.py b/regipy/plugins/system/computer_name.py
@@ -1,5 +1,4 @@
 import logging
-import attr
 
 from regipy.exceptions import RegistryValueNotFoundException
 from regipy.hive_types import SYSTEM_HIVE_TYPE
@@ -12,7 +11,7 @@
 
 
 class ComputerNamePlugin(Plugin):
-    NAME = "computer_name"
+    NAME: str = "computer_name"
     DESCRIPTION = "Get the computer name"
     COMPATIBLE_HIVE = SYSTEM_HIVE_TYPE
 
@@ -31,5 +30,6 @@ def run(self):
                         ),
                     }
                 )
-            except RegistryValueNotFoundException as ex:
+            except RegistryValueNotFoundException:
+                logger.exception("Could not get computer name")
                 continue
diff --git a/regipy/plugins/system/external/ShimCacheParser.py b/regipy/plugins/system/external/ShimCacheParser.py
@@ -195,10 +195,10 @@ def get_shimcache_entries(cachebin, as_json=False):
     # This is a Windows 7/2k8-R2 Shim Cache.
     elif magic == CACHE_MAGIC_NT6_1:
         test_size = struct.unpack(
-            "<H", cachebin[CACHE_HEADER_SIZE_NT6_1 : CACHE_HEADER_SIZE_NT6_1 + 2]
+            "<H", cachebin[CACHE_HEADER_SIZE_NT6_1: CACHE_HEADER_SIZE_NT6_1 + 2]
         )[0]
         test_max_size = struct.unpack(
-            "<H", cachebin[CACHE_HEADER_SIZE_NT6_1 + 2 : CACHE_HEADER_SIZE_NT6_1 + 4]
+            "<H", cachebin[CACHE_HEADER_SIZE_NT6_1 + 2: CACHE_HEADER_SIZE_NT6_1 + 4]
         )[0]
 
         # Shim Cache types can come in 32-bit or 64-bit formats.
@@ -209,7 +209,7 @@ def get_shimcache_entries(cachebin, as_json=False):
             test_max_size - test_size == 2
             and struct.unpack(
                 "<L",
-                cachebin[CACHE_HEADER_SIZE_NT6_1 + 4 : CACHE_HEADER_SIZE_NT6_1 + 8],
+                cachebin[CACHE_HEADER_SIZE_NT6_1 + 4: CACHE_HEADER_SIZE_NT6_1 + 8],
             )[0]
         ) == 0:
             logger.debug("[+] Found 64bit Windows 7/2k8-R2 Shim Cache data...")
@@ -228,31 +228,31 @@ def get_shimcache_entries(cachebin, as_json=False):
     # Check the data set to see if it matches the Windows 8 format.
     elif (
         len(cachebin) > WIN8_STATS_SIZE
-        and cachebin[WIN8_STATS_SIZE : WIN8_STATS_SIZE + 4] == WIN8_MAGIC
+        and cachebin[WIN8_STATS_SIZE: WIN8_STATS_SIZE + 4] == WIN8_MAGIC
     ):
         logger.debug("[+] Found Windows 8/2k12 Apphelp Cache data...")
         yield from read_win8_entries(cachebin, WIN8_MAGIC, as_json=as_json)
 
     # Windows 8.1 will use a different magic dword, check for it
     elif (
         len(cachebin) > WIN8_STATS_SIZE
-        and cachebin[WIN8_STATS_SIZE : WIN8_STATS_SIZE + 4] == WIN81_MAGIC
+        and cachebin[WIN8_STATS_SIZE: WIN8_STATS_SIZE + 4] == WIN81_MAGIC
     ):
         logger.debug("[+] Found Windows 8.1 Apphelp Cache data...")
         yield from read_win8_entries(cachebin, WIN81_MAGIC, as_json=as_json)
 
     # Windows 10 will use a different magic dword, check for it
     elif (
         len(cachebin) > WIN10_STATS_SIZE
-        and cachebin[WIN10_STATS_SIZE : WIN10_STATS_SIZE + 4] == WIN10_MAGIC
+        and cachebin[WIN10_STATS_SIZE: WIN10_STATS_SIZE + 4] == WIN10_MAGIC
     ):
         logger.debug("[+] Found Windows 10 Apphelp Cache data...")
         yield from read_win10_entries(cachebin, WIN10_MAGIC, as_json=as_json)
 
     # Windows 10 creators update moved the damn magic 4 bytes forward...
     elif (
         len(cachebin) > WIN10_STATS_SIZE
-        and cachebin[WIN10_STATS_SIZE + 4 : WIN10_STATS_SIZE + 8] == WIN10_MAGIC
+        and cachebin[WIN10_STATS_SIZE + 4: WIN10_STATS_SIZE + 8] == WIN10_MAGIC
     ):
         logger.debug("[+] Found Windows 10 Apphelp Cache data... (creators update)")
         yield from read_win10_entries(
@@ -269,7 +269,6 @@ def get_shimcache_entries(cachebin, as_json=False):
 def read_win8_entries(bin_data, ver_magic, as_json=False):
 
     entry_meta_len = 12
-    entry_list = []
 
     # Skip past the stats in the header
     cache_data = bin_data[WIN8_STATS_SIZE:]
@@ -328,11 +327,10 @@ def read_win8_entries(bin_data, ver_magic, as_json=False):
 def read_win10_entries(bin_data, ver_magic, creators_update=False, as_json=False):
 
     entry_meta_len = 12
-    entry_list = []
 
     # Skip past the stats in the header
     if creators_update:
-        cache_data = bin_data[WIN10_STATS_SIZE + 4 :]
+        cache_data = bin_data[WIN10_STATS_SIZE + 4:]
     else:
         cache_data = bin_data[WIN10_STATS_SIZE:]
 
@@ -377,7 +375,6 @@ def read_win10_entries(bin_data, ver_magic, creators_update=False, as_json=False
 
 # Read Windows 2k3/Vista/2k8 Shim Cache entry formats.
 def read_nt5_entries(bin_data, entry, as_json=False):
-    entry_list = []
     contains_file_size = False
     entry_size = entry.size()
 
@@ -394,7 +391,7 @@ def read_nt5_entries(bin_data, entry, as_json=False):
         entry_size,
     ):
 
-        entry.update(bin_data[offset : offset + entry_size])
+        entry.update(bin_data[offset: offset + entry_size])
 
         if entry.dw_file_size_low > 3:
             contains_file_size = True
@@ -407,12 +404,12 @@ def read_nt5_entries(bin_data, entry, as_json=False):
         entry_size,
     ):
 
-        entry.update(bin_data[offset : offset + entry_size])
+        entry.update(bin_data[offset: offset + entry_size])
 
         last_mod_date = convert_filetime(
             entry.dw_low_date_time, entry.dw_high_date_time
         )
-        path = bin_data[entry.offset : entry.offset + entry.w_length].decode(
+        path = bin_data[entry.offsets: entry.offset + entry.w_length].decode(
             "utf-16le", "replace"
         )
 
@@ -460,11 +457,11 @@ def read_nt6_entries(bin_data, entry, as_json=False):
         entry_size,
     ):
 
-        entry.update(bin_data[offset : offset + entry_size])
+        entry.update(bin_data[offset: offset + entry_size])
         last_mod_date = convert_filetime(
             entry.dw_low_date_time, entry.dw_high_date_time
         )
-        path = bin_data[entry.offset : entry.offset + entry.w_length].decode(
+        path = bin_data[entry.offset: entry.offset + entry.w_length].decode(
             "utf-16le", "replace"
         )
 
@@ -484,7 +481,6 @@ def read_nt6_entries(bin_data, entry, as_json=False):
 # Read the WinXP Shim Cache data. Some entries can be missing data but still
 # contain useful information, so try to get as much as we can.
 def read_winxp_entries(bin_data, as_json=False):
-    entry_list = []
 
     num_entries = struct.unpack("<L", bin_data[8:12])[0]
     if num_entries == 0:
@@ -496,29 +492,29 @@ def read_winxp_entries(bin_data, as_json=False):
         WINXP_ENTRY_SIZE32,
     ):
         # No size values are included in these entries, so search for utf-16 terminator.
-        path_len = bin_data[offset : offset + (MAX_PATH + 8)].find(b"\x00\x00")
+        path_len = bin_data[offset: offset + (MAX_PATH + 8)].find(b"\x00\x00")
 
         # if path is corrupt, procede to next entry.
         if path_len == 0:
             continue
-        path = bin_data[offset : offset + path_len + 1].decode("utf-16le")
+        path = bin_data[offset: offset + path_len + 1].decode("utf-16le")
 
         if len(path) == 0:
             continue
 
         entry_data = offset + (MAX_PATH + 8)
 
         # Get last mod time.
-        last_mod_time = struct.unpack("<2L", bin_data[entry_data : entry_data + 8])
+        last_mod_time = struct.unpack("<2L", bin_data[entry_data: entry_data + 8])
         last_mod_time = convert_filetime(last_mod_time[0], last_mod_time[1])
 
         # Get last file size.
-        file_size = struct.unpack("<2L", bin_data[entry_data + 8 : entry_data + 16])[0]
+        file_size = struct.unpack("<2L", bin_data[entry_data + 8: entry_data + 16])[0]
         if file_size == 0:
             file_size = BAD_ENTRY_DATA
 
         # Get last update time.
-        exec_time = struct.unpack("<2L", bin_data[entry_data + 16 : entry_data + 24])
+        exec_time = struct.unpack("<2L", bin_data[entry_data + 16: entry_data + 24])
         exec_time = convert_filetime(exec_time[0], exec_time[1])
 
         yield {

diff --git a/regipy/plugins/system/services.py b/regipy/plugins/system/services.py
@@ -3,7 +3,6 @@
 import attr
 from regipy.exceptions import (
     RegistryKeyNotFoundException,
-    NoRegistryValuesException,
     RegistryParsingException,
 )
 from regipy.hive_types import SYSTEM_HIVE_TYPE

diff --git a/regipy/plugins/system/wdigest.py b/regipy/plugins/system/wdigest.py
@@ -33,4 +33,5 @@ def run(self):
                     }
                 )
             except RegistryValueNotFoundException as ex:
+                logger.exception(f"Could not find Wdigest for registry hive: {ex}")
                 continue