Regipy in Docker container not working (AttributeError: module 'importlib' has no attribute 'util')

[moettle]

Hello everybody,

I am trying to use regipy in a script within a Docker container. As soon as my script tries to import the RegistryHive, the following error gets thrown:

Traceback (most recent call last):
  File "/my_project/./Registry/registry.py", line 7, in <module>
    from regipy.registry import RegistryHive
  File "/usr/local/lib/python3.9/site-packages/regipy/__init__.py", line 1, in <module>
    from .registry import *
  File "/usr/local/lib/python3.9/site-packages/regipy/registry.py", line 16, in <module>
    from regipy.structs import REGF_HEADER, HBIN_HEADER, CM_KEY_NODE, LF_LH_SK_ELEMENT, VALUE_KEY, INDEX_ROOT, \
  File "/usr/local/lib/python3.9/site-packages/regipy/structs.py", line 3, in <module>
    REGF_HEADER = Struct(
  File "/usr/local/lib/python3.9/site-packages/construct/core.py", line 444, in compile
    module = importlib.util.module_from_spec(module_spec)
AttributeError: module 'importlib' has no attribute 'util'

It seems like core.py is importing importlib.util the wrong way (based on other articles with similar problems).

I use the following line within my script to import the RegistryHive

from regipy.registry import RegistryHive

The important lines of my Dockerfile are the following:

FROM python:3.9-slim-buster
....
COPY my_project/ .
...
RUN pip3 install -r requirements.txt
...
ENTRYPOINT ["python3", "my_project.py"]

The requirements.txt includes a line "regipy", which installs version 2.0.1 of regipy. I already tried to use older version of python (3.8, 3.7, 3.6), which resulted in the same error.

I am aware that this is not directly an issue of Regipy, but I would appreciate any help/input I can get here.

Thanks in advance and Best Regards Moe

[tincho9]

Which version of construct you have installed?

[moettle]

Here ist the output of pip3 list within the Docker container:

Step 11/12 : RUN pip3 list
Package         Version
--------------- -------
attrs           21.2.0
configparser    4.0.2
construct       2.10.67
hexdump         3.3
inflection      0.5.1
kaleido         0.2.1
more-itertools  5.0.0
numpy           1.21.1
pandas          1.3.0
pip             21.1.3
plotly          5.1.0
pyparsing       2.4.7
python-dateutil 2.8.2
python-evtx     0.7.4
pytz            2021.1
regipy          2.0.1
setuptools      57.0.0
six             1.16.0
tenacity        8.0.1
wheel           0.36.2
zipp            1.0.0

[tincho9]

This is an issue with construct and python 3.9 support. https://github.com/construct/construct/pull/930

I'll update dependencies once it is merged.

[moettle]

Thank you, that's awesome!

I can confirm that the pull request https://github.com/construct/construct/pull/930 fixes the issue when applied manually in the Docker container.

[nrrpinto]

I had this issue just today, tried python 3.7, 3.8 and 3.9, all of them did not work.

I added pull request to the repository of construct. https://github.com/construct/construct/pull/945

I solve it in my environment by editing core.py and just adding it to the imports: import importlib.util in your case it would be file "/usr/local/lib/python3.9/site-packages/construct/core.py"

It is how it is defined in the documentation: https://docs.python.org/3/library/importlib.html

These would solve the issue.

[moettle]

Yes you are right. Like I mentioned in my previous post the changes in https://github.com/construct/construct/pull/930 already fix the issue in Pyhton 3.9. Here are the relevant lines of my Docker file:

FROM python:3.9-slim-buster

RUN sed -i '3 a import importlib.machinery' /usr/local/lib/python3.9/site-packages/construct/core.py
RUN sed -i '4 a import importlib.util' /usr/local/lib/python3.9/site-packages/construct/core.py

Note that this will probably break as soon as the pull requests mentioned above have been accepted.