add initial support for $I30 index records #11
Conversation
dtformats/indx_directory_entry.py
Outdated
|
|
||
| from dtformats import data_format | ||
| from dtformats.errors import ParseError | ||
|
|
There was a problem hiding this comment.
using the l2t/Plaso style guide here: please add an additional white line
dtformats/indx_directory_entry.py
Outdated
| @@ -0,0 +1,144 @@ | |||
| # -*- coding: utf-8 -*- | |||
| """INDX entries """ | |||
There was a problem hiding this comment.
Are these NTFS $I30 index entries? Note that NTFS support different types of index entries as well, so please be as specific as possible here.
dtformats/indx_directory_entry.py
Outdated
| import os | ||
|
|
||
| from dtformats import data_format | ||
| from dtformats.errors import ParseError |
There was a problem hiding this comment.
Please don't import classes directly see https://github.com/log2timeline/l2tdocs/blob/main/process/Style-guide.md
dtformats/indx_directory_entry.py
Outdated
| """ | ||
|
|
||
| _FABRIC = data_format.BinaryDataFile.ReadDefinitionFile( | ||
| 'indx_directory_entry.yml') |
There was a problem hiding this comment.
style nit: 4 space continuation indentation (repeat elsewhere as well)
dtformats/indx_directory_entry.py
Outdated
| 'indx_directory_entry.yml') | ||
|
|
||
| _DEBUG_INDX_ENTRY_HEADER = [ | ||
| ('signature', 'signature', ''), |
There was a problem hiding this comment.
missing debug value print function
dtformats/indx_directory_entry.py
Outdated
| from dtformats import data_format | ||
| from dtformats.errors import ParseError | ||
|
|
||
| class INDXRecord(data_format.BinaryDataFile): |
There was a problem hiding this comment.
Limit the use of abbreviation, for international audiences these lead to unnecessary additional confusion
dtformats/indx_directory_entry.py
Outdated
| ('filename', 'filename', '_FormatString')] | ||
|
|
||
| def PrintRecord(self, record): | ||
| """ |
There was a problem hiding this comment.
style consistency nit: start on the first line directly after """
dtformats/indx_directory_entry.py
Outdated
| Args: | ||
| record (index_dir_entry): An index_dir_entry structure. | ||
| """ | ||
| if record is not None: |
There was a problem hiding this comment.
I will change this to if record -- I am checking if record has a value other than None
dtformats/indx_directory_entry.py
Outdated
| record.index_key_data, self._DEBUG_FILE_NAME_ATTR) | ||
|
|
||
|
|
||
| def _ParseIndexEntryHeader(self, file_object): |
dtformats/indx_directory_entry.py
Outdated
| record, self._DEBUG_INDX_DIR_RECORD) | ||
| self._DebugPrintStructureObject( | ||
| record.index_key_data, self._DEBUG_FILE_NAME_ATTR) | ||
|
|
dtformats/indx_directory_entry.yml
Outdated
| @@ -0,0 +1,158 @@ | |||
| name: index_record | |||
There was a problem hiding this comment.
index_record > ntfs_i30_index
dtformats/indx_directory_entry.yml
Outdated
| @@ -0,0 +1,158 @@ | |||
| name: index_record | |||
| type: format | |||
| description: Index Directory Entry | |||
There was a problem hiding this comment.
(change to something in line with) NTFS $I30 index, which contains directory entries
dtformats/indx_directory_entry.yml
Outdated
| name: index_record | ||
| type: format | ||
| description: Index Directory Entry | ||
| urls: ["https://github.com/libyal/libfsntfs/blob/83c2f4ce3d16b5535eae9de767adc93fff724004/documentation/New%20Technologies%20File%20System%20(NTFS).asciidoc#index"] |
There was a problem hiding this comment.
please pin to main (latest version of the documentation)
dtformats/indx_directory_entry.yml
Outdated
| description: Index Directory Entry | ||
| urls: ["https://github.com/libyal/libfsntfs/blob/83c2f4ce3d16b5535eae9de767adc93fff724004/documentation/New%20Technologies%20File%20System%20(NTFS).asciidoc#index"] | ||
| metadata: | ||
| authors: ['Joachim Metz <[email protected]>', 'Juan Leaniz <[email protected]'] |
There was a problem hiding this comment.
for multiple entries use:
authors:
- Juan Leaniz <[email protected]'
However you can remove me at this point since I did not author this file
dtformats/indx_directory_entry.yml
Outdated
| - name: index_node_flags | ||
| data_type: uint32 | ||
| --- | ||
| name: index_dir_entry |
|
Renamed .py and .yml file names to use non-abbreviated names. Addressed style and other comments. |
|
@joachimmetz PTAL, minor changes |
joachimmetz
force-pushed
the
main
branch
3 times, most recently
from
1ebe12b to
4524810
Compare
joachimmetz
force-pushed
the
main
branch
8 times, most recently
from
85d9b05 to
00df5f2
Compare
joachimmetz
force-pushed
the
main
branch
6 times, most recently
from
a6c6c05 to
4116264
Compare
joachimmetz
force-pushed
the
main
branch
6 times, most recently
from
05669cf to
f36ac18
Compare
joachimmetz
force-pushed
the
main
branch
13 times, most recently
from
5e1c1c1 to
7f03eae
Compare
joachimmetz
force-pushed
the
main
branch
2 times, most recently
from
f152369 to
2d1d66b
Compare
joachimmetz
force-pushed
the
main
branch
2 times, most recently
from
817df43 to
4b73068
Compare
Added a data structure definition file and supporting class/methods for NTFS INDX directory records