Rename field digest to digests

fox-it / dissect.target

The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).

GNU Affero General Public License v3.0

38 stars 42 forks source link

Rename field digest to digests #681

Closed Zawadidone closed 2 months ago

Zawadidone commented 2 months ago

It helps when all fields that use the type digest are named digests, where possible. Depending on which search platform is used, e.g. Elasticsearch https://github.com/huntandhackett/ir-automation/blob/a005f5d2ea58a8beabe7c6ae0e25e0c0ae16ce85/logstash-dissect.conf#L54-L62, this field type must be stored as an object compared to the other field types that only contain one value (integer, string, etc.).

Schamper commented 2 months ago

While not a bad consistency change per se, I don't think it's a great idea to depend on the field names for that kind of functionality. E.g. just last week the SSH key fingerprints where added with the field name fingerprint: https://github.com/fox-it/dissect.target/pull/673

Is this not something that can be structurally better solved within perhaps the Elastic adapter in flow.record?

Zawadidone commented 2 months ago

Yes indeed