search

fkie-cad / fact_extractor

Standalone Utility for FACT-like extraction
GNU General Public License v3.0
81 stars 31 forks source link

Fixing edge case in multipartition images #77

Closed Caesurus closed 3 years ago

Caesurus commented 3 years ago

This PR addresses issue https://github.com/fkie-cad/fact_extractor/issues/76

Modified the mbr.img file to have an additional partition, and then truncated the file so that the kpartx throws an error. Additionally I compressed the mbr.img file to mbr.img.xz like the other files while I was at it.

Did some additional changes, like converting .format() strings to f'' style. There was also an edge case where a failing image caused the partitions to stay mapped, and the losetup -d would complete but not actually remove the loopback. This resulted in multiple /dev/loop devices sticking around unnecessarily until they were exhausted on my system (/dev/loop9) and no more loopbacks could be mounted. This was fixed with a dmsetup remove command.

Additionally i encounter an error with shutil.move where there was an edge case when moving files/symlinks across filesystems and the file already exists, it would throw an error. This cause an outright failure, while we really just want to ignore that specific error and still get all the other files.

Added additional tests to improve coverage

codecov[bot] commented 3 years ago

Codecov Report

Merging #77 (01fd0f2) into master (fb14c01) will increase coverage by 0.25%. The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #77      +/-   ##
==========================================
+ Coverage   89.56%   89.81%   +0.25%     
==========================================
  Files         124      124              
  Lines        3748     3772      +24     
==========================================
+ Hits         3357     3388      +31     
+ Misses        391      384       -7
Impacted Files Coverage Δ
...or/plugins/unpacking/generic_fs/code/generic_fs.py 97.91% <100.00%> (+2.08%) :arrow_up:
...npacking/generic_fs/test/test_plugin_generic_fs.py 100.00% <100.00%> (ø)
...t_extractor/test/unit/unpacker/test_carved_area.py 100.00% <100.00%> (ø)
fact_extractor/test/unit/unpacker/test_unpacker.py 100.00% <100.00%> (ø)
fact_extractor/unpacker/unpack.py 95.58% <100.00%> (+3.28%) :arrow_up:
fact_extractor/unpacker/helper/carving.py 97.36% <0.00%> (+10.52%) :arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update fb14c01...01fd0f2. Read the comment docs.

Caesurus commented 3 years ago

My bad... I'll go back and update the unit test for unpack.py