From fd6cab6337099076a1824a7062a231b614c8d27b Mon Sep 17 00:00:00 2001 From: Ramiz Polic Date: Fri, 9 Feb 2024 11:00:36 +0100 Subject: [PATCH] feat: fix windows mounts errs and test --- cli/analyzer/windows/registry.go | 17 +++++++++++------ cli/analyzer/windows/registry_test.go | 2 +- ...RE => W10_21H2_Pro_20211012_19044.SOFTWARE} | Bin 3 files changed, 12 insertions(+), 7 deletions(-) rename cli/analyzer/windows/testdata/{W10_21H2_Pro/SOFTWARE => W10_21H2_Pro_20211012_19044.SOFTWARE} (100%) diff --git a/cli/analyzer/windows/registry.go b/cli/analyzer/windows/registry.go index c53e5de010..76700ebf0c 100644 --- a/cli/analyzer/windows/registry.go +++ b/cli/analyzer/windows/registry.go @@ -16,6 +16,7 @@ package windows import ( + "errors" "fmt" "os" "path" @@ -48,7 +49,7 @@ import ( // - system apps: WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* // // User NTUSER.DAT registry keys accessed: -// - user apps: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall +// - user apps: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* var defaultRegistryRootPaths = []string{ "/Windows/System32/config/SOFTWARE", // Windows Vista and newer @@ -64,20 +65,23 @@ type Registry struct { func NewRegistryForMount(mountPath string, logger *log.Entry) (*Registry, error) { // The registry key structure is identical for all Windows NT distributions, so - // try all registry combinations. If the registry is not under found under the - // default path, it might be a custom system installation or unsupported version. + // try all registry combinations. If the registry is not found under any default + // paths, it might be a custom system installation or unsupported version. + var errs error for _, defaultRootPath := range defaultRegistryRootPaths { registryFilePath := path.Join(mountPath, defaultRootPath) registry, err := NewRegistry(registryFilePath, logger) if err == nil { return registry, nil // found, return } + errs = errors.Join(errs, err) // collect errors, might be file-related } - return nil, fmt.Errorf("cannot find registry for mount %s", mountPath) + return nil, fmt.Errorf("cannot find registry in mount %s: %w", mountPath, errs) } func NewRegistry(registryFilePath string, logger *log.Entry) (*Registry, error) { + // Use filepath clean to ensure path is platform-independent registryFile, err := os.Open(filepath.Clean(registryFilePath)) if err != nil { return nil, fmt.Errorf("cannot open registry file: %w", err) @@ -125,7 +129,7 @@ func (r *Registry) GetPlatform() (map[string]string, error) { // Extract all platform data from the registry platform := getValuesMap(platformKey) - // Strip information about the product key + // Strip information about the product key hash delete(platform, "DigitalProductId") delete(platform, "DigitalProductId4") @@ -210,7 +214,8 @@ func (r *Registry) GetUsersApps() ([]map[string]string, error) { return // silent skip, not a user profile } - // Open profile registry file to access profile-specific registry + // Open profile registry file to access profile-specific registry. + // Use filepath clean to ensure path is platform-independent. profileRegPath := path.Join(profileLocation, "NTUSER.DAT") profileRegFile, err := os.Open(filepath.Clean(profileRegPath)) if err != nil { diff --git a/cli/analyzer/windows/registry_test.go b/cli/analyzer/windows/registry_test.go index e326ade5e8..816576baf5 100644 --- a/cli/analyzer/windows/registry_test.go +++ b/cli/analyzer/windows/registry_test.go @@ -35,7 +35,7 @@ import ( func TestRegistry(t *testing.T) { // from https://github.com/AndrewRathbun/VanillaWindowsRegistryHives/tree/d12ba60d8dd283a4a17b1a02295356a6bed093cf/Windows10/21H2/W10_21H2_Pro_20211012_19044.1288 - registryFilePath := "testdata/W10_21H2_Pro/SOFTWARE" + registryFilePath := "testdata/W10_21H2_Pro_20211012_19044.SOFTWARE" // when reg, err := NewRegistry(registryFilePath, log.NewEntry(&log.Logger{})) diff --git a/cli/analyzer/windows/testdata/W10_21H2_Pro/SOFTWARE b/cli/analyzer/windows/testdata/W10_21H2_Pro_20211012_19044.SOFTWARE similarity index 100% rename from cli/analyzer/windows/testdata/W10_21H2_Pro/SOFTWARE rename to cli/analyzer/windows/testdata/W10_21H2_Pro_20211012_19044.SOFTWARE