Skip to content

Add optional extraction of single ZIP input (slow $MFT parsing workaround) #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
einarssonm wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add optional extraction of single ZIP input (slow $MFT parsing workaround) #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
software-properties-common \
python3-pip \
python3-poetry \
p7zip-full \
gpg-agent \
wget \
tzdata \
Expand Down
27 changes: 27 additions & 0 deletions src/log2timeline.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
from celery import signals
from celery.utils.log import get_task_logger
from openrelik_common.logging import Logger
from openrelik_worker_common.archive_utils import extract_archive
from openrelik_worker_common.file_utils import create_output_file
from openrelik_worker_common.task_utils import (
create_task_result,
Expand Down Expand Up @@ -84,6 +85,12 @@
"type": "textarea",
"required": False,
},
{
"name": "extract-single-zip",
"label": "Extract single ZIP input",
"description": "Select if single ZIP input should be extracted (slow $MFT parsing workaround)",
"type": "checkbox",
},
],
}

Expand Down Expand Up @@ -201,6 +208,26 @@ def log2timeline(
filename = os.path.basename(input_file.get("path"))
os.link(input_file.get("path"), f"{temp_dir}/{filename}")
command.append(temp_dir)

# Handle extraction of single ZIP input before launching log2timeline.py (slow $MFT parsing workaround)
elif input_files[0].get("path") and input_files[0].get("path").lower().endswith(".zip") and task_config and task_config.get("extract-single-zip") is True:
logger.info(f"Extracting {input_files[0].get('path')}")
log_file = create_output_file(
output_path,
display_name=f"extract_archives_{input_files[0].get('display_name')}.log",
)

try:
(command_string, temp_dir) = extract_archive(
input_files[0], output_path, log_file.path
)
except Exception as e:
logger.error(f"extract_archive failed: {e}")
raise

logger.info(f"Executed extract_archive command: {command_string}")
command.append(temp_dir)

else:
command.append(input_files[0].get("path"))

Expand Down