#!/usr/bin/env python3
"""Script to list file entries that contain an ESE database."""
import argparse
import logging
import sys
from dfimagetools import helpers as dfimagetools_helpers
from dfvfs.helpers import command_line as dfvfs_command_line
from dfvfs.helpers import volume_scanner as dfvfs_volume_scanner
from dfvfs.lib import errors as dfvfs_errors
from esedbrc import file_entry_lister
[docs]
def Main():
"""Entry point of console script to list ESE database file entries.
Returns:
int: exit code that is provided to sys.exit().
"""
argument_parser = argparse.ArgumentParser(
description=("Lists file entries that contain an ESE database.")
)
# TODO: add source group
argument_parser.add_argument(
"--back_end",
"--back-end",
dest="back_end",
action="store",
metavar="NTFS",
default=None,
help="preferred dfVFS back-end.",
)
argument_parser.add_argument(
"--partitions",
"--partition",
dest="partitions",
action="store",
type=str,
default=None,
help=(
"Define partitions to be processed. A range of partitions can be "
'defined as: "3..5". Multiple partitions can be defined as: "1,3,5" '
"(a list of comma separated values). Ranges and lists can also be "
'combined as: "1,3..5". The first partition is 1. All partitions '
'can be specified with: "all".'
),
)
argument_parser.add_argument(
"--snapshots",
"--snapshot",
dest="snapshots",
action="store",
type=str,
default=None,
help=(
"Define snapshots to be processed. A range of snapshots can be "
'defined as: "3..5". Multiple snapshots can be defined as: "1,3,5" '
"(a list of comma separated values). Ranges and lists can also be "
'combined as: "1,3..5". The first snapshot is 1. All snapshots can '
'be specified with: "all".'
),
)
argument_parser.add_argument(
"--volumes",
"--volume",
dest="volumes",
action="store",
type=str,
default=None,
help=(
"Define volumes to be processed. A range of volumes can be defined "
'as: "3..5". Multiple volumes can be defined as: "1,3,5" (a list '
"of comma separated values). Ranges and lists can also be combined "
'as: "1,3..5". The first volume is 1. All volumes can be specified '
'with: "all".'
),
)
argument_parser.add_argument(
"source",
nargs="?",
action="store",
metavar="image.raw",
default=None,
help="path of the storage media image.",
)
options = argument_parser.parse_args()
if not options.source:
print("Source value is missing.")
print("")
argument_parser.print_help()
print("")
return 1
dfimagetools_helpers.SetDFVFSBackEnd(options.back_end)
logging.basicConfig(level=logging.INFO, format="[%(levelname)s] %(message)s")
mediator = dfvfs_command_line.CLIVolumeScannerMediator()
volume_scanner_options = dfvfs_volume_scanner.VolumeScannerOptions()
volume_scanner_options.partitions = mediator.ParseVolumeIdentifiersString(
options.partitions
)
if options.snapshots == "none":
volume_scanner_options.snapshots = ["none"]
else:
volume_scanner_options.snapshots = mediator.ParseVolumeIdentifiersString(
options.snapshots
)
volume_scanner_options.volumes = mediator.ParseVolumeIdentifiersString(
options.volumes
)
entry_lister = file_entry_lister.ESEDatabaseFileEntryLister(mediator=mediator)
try:
base_path_specs = entry_lister.GetBasePathSpecs(
options.source, options=volume_scanner_options
)
if not base_path_specs:
print("No supported file system found in source.")
print("")
return 1
for _, path_segments in entry_lister.ListDatabaseFileEntries(base_path_specs):
# TODO: map path to artifact definition.
print("/".join(path_segments))
except dfvfs_errors.ScannerError as exception:
print(f"[ERROR] {exception!s}", file=sys.stderr)
print("")
return 1
except KeyboardInterrupt:
print("Aborted by user.", file=sys.stderr)
print("")
return 1
return 0
if __name__ == "__main__":
sys.exit(Main())