Restructure tests and some plugins (fox-it#426)

Matthijsy · Nov 13, 2023 · d4aaddc · d4aaddc
1 parent 3327906
commit d4aaddc
Show file tree

Hide file tree

Showing 402 changed files with 715 additions and 722 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -1,11 +1,11 @@
-tests/data/enc-volume.bin filter=lfs diff=lfs merge=lfs -text
-tests/data/uppercase_driveletter.tar filter=lfs diff=lfs merge=lfs -text
-tests/data/plugins/browsers/iexplore/WebCacheV01.dat.gz filter=lfs diff=lfs merge=lfs -text
-tests/data/plugins/browsers/firefox/places.sqlite filter=lfs diff=lfs merge=lfs -text
-tests/data/plugins/browsers/chrome/History.sqlite filter=lfs diff=lfs merge=lfs -text
-tests/data/plugins/browsers/edge/History.sqlite filter=lfs diff=lfs merge=lfs -text
-tests/data/plugins/browsers/chromium/History.sqlite filter=lfs diff=lfs merge=lfs -text
-tests/data/plugins/os/windows/dpapi/** filter=lfs diff=lfs merge=lfs -text
-tests/data/volumes/md-nested.bin.gz filter=lfs diff=lfs merge=lfs -text
-tests/data/plugins/os/windows/notifications/appdb.dat.v3.gz filter=lfs diff=lfs merge=lfs -text
-tests/data/plugins/os/windows/notifications/wpndatabase.db filter=lfs diff=lfs merge=lfs -text
+tests/_data/loaders/tar/uppercase_driveletter.tar filter=lfs diff=lfs merge=lfs -text
+tests/_data/plugins/apps/browser/iexplore/WebCacheV01.dat.gz filter=lfs diff=lfs merge=lfs -text
+tests/_data/plugins/apps/browser/firefox/places.sqlite filter=lfs diff=lfs merge=lfs -text
+tests/_data/plugins/apps/browser/chrome/History.sqlite filter=lfs diff=lfs merge=lfs -text
+tests/_data/plugins/apps/browser/edge/History.sqlite filter=lfs diff=lfs merge=lfs -text
+tests/_data/plugins/apps/browser/chromium/History.sqlite filter=lfs diff=lfs merge=lfs -text
+tests/_data/plugins/os/windows/dpapi/** filter=lfs diff=lfs merge=lfs -text
+tests/_data/plugins/os/windows/notifications/appdb.dat.v3.gz filter=lfs diff=lfs merge=lfs -text
+tests/_data/plugins/os/windows/notifications/wpndatabase.db filter=lfs diff=lfs merge=lfs -text
+tests/_data/volumes/bde/enc-volume.bin filter=lfs diff=lfs merge=lfs -text
+tests/_data/volumes/md/md-nested.bin.gz filter=lfs diff=lfs merge=lfs -text
diff --git a/.gitignore b/.gitignore
@@ -6,6 +6,6 @@ dist/
 *.pyc
 __pycache__/
 .pytest_cache/
-tests/docs/api
-tests/docs/build
-.tox/
+tests/_docs/api
+tests/_docs/build
+.tox/
diff --git a/MANIFEST.in b/MANIFEST.in
@@ -1,4 +1,4 @@
 exclude .gitattributes
 exclude .gitignore
 recursive-exclude .github/ *
-recursive-exclude tests/data/ *
+recursive-exclude tests/_data/ *
diff --git a/...arget/plugins/apps/containers/__init__.py → ...t/target/plugins/apps/browser/__init__.py b/...arget/plugins/apps/containers/__init__.py → ...t/target/plugins/apps/browser/__init__.py
diff --git a/dissect/target/plugins/browsers/browser.py → ...ct/target/plugins/apps/browser/browser.py b/dissect/target/plugins/browsers/browser.py → ...ct/target/plugins/apps/browser/browser.py
diff --git a/dissect/target/plugins/browsers/chrome.py → ...ect/target/plugins/apps/browser/chrome.py b/dissect/target/plugins/browsers/chrome.py → ...ect/target/plugins/apps/browser/chrome.py
@@ -1,13 +1,13 @@
 from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import export
-from dissect.target.plugins.browsers.browser import (
+from dissect.target.plugins.apps.browser.browser import (
     GENERIC_DOWNLOAD_RECORD_FIELDS,
     GENERIC_EXTENSION_RECORD_FIELDS,
     GENERIC_HISTORY_RECORD_FIELDS,
     BrowserPlugin,
 )
-from dissect.target.plugins.browsers.chromium import (
+from dissect.target.plugins.apps.browser.chromium import (
     CHROMIUM_DOWNLOAD_RECORD_FIELDS,
     ChromiumMixin,
 )

diff --git a/dissect/target/plugins/browsers/chromium.py → ...t/target/plugins/apps/browser/chromium.py b/dissect/target/plugins/browsers/chromium.py → ...t/target/plugins/apps/browser/chromium.py
@@ -13,7 +13,7 @@
 from dissect.target.helpers.fsutil import TargetPath
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import export
-from dissect.target.plugins.browsers.browser import (
+from dissect.target.plugins.apps.browser.browser import (
     GENERIC_DOWNLOAD_RECORD_FIELDS,
     GENERIC_EXTENSION_RECORD_FIELDS,
     GENERIC_HISTORY_RECORD_FIELDS,

diff --git a/dissect/target/plugins/browsers/edge.py → dissect/target/plugins/apps/browser/edge.py b/dissect/target/plugins/browsers/edge.py → dissect/target/plugins/apps/browser/edge.py
@@ -1,13 +1,13 @@
 from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import export
-from dissect.target.plugins.browsers.browser import (
+from dissect.target.plugins.apps.browser.browser import (
     GENERIC_DOWNLOAD_RECORD_FIELDS,
     GENERIC_EXTENSION_RECORD_FIELDS,
     GENERIC_HISTORY_RECORD_FIELDS,
     BrowserPlugin,
 )
-from dissect.target.plugins.browsers.chromium import (
+from dissect.target.plugins.apps.browser.chromium import (
     CHROMIUM_DOWNLOAD_RECORD_FIELDS,
     ChromiumMixin,
 )

diff --git a/dissect/target/plugins/browsers/firefox.py → ...ct/target/plugins/apps/browser/firefox.py b/dissect/target/plugins/browsers/firefox.py → ...ct/target/plugins/apps/browser/firefox.py
@@ -11,7 +11,7 @@
 from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import export
-from dissect.target.plugins.browsers.browser import (
+from dissect.target.plugins.apps.browser.browser import (
     GENERIC_DOWNLOAD_RECORD_FIELDS,
     GENERIC_HISTORY_RECORD_FIELDS,
     BrowserPlugin,

diff --git a/dissect/target/plugins/browsers/iexplore.py → ...t/target/plugins/apps/browser/iexplore.py b/dissect/target/plugins/browsers/iexplore.py → ...t/target/plugins/apps/browser/iexplore.py
@@ -8,7 +8,7 @@
 from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import export
-from dissect.target.plugins.browsers.browser import (
+from dissect.target.plugins.apps.browser.browser import (
     GENERIC_DOWNLOAD_RECORD_FIELDS,
     GENERIC_HISTORY_RECORD_FIELDS,
     BrowserPlugin,

diff --git a/dissect/target/plugins/apps/vpns/__init__.py → ...target/plugins/apps/container/__init__.py b/dissect/target/plugins/apps/vpns/__init__.py → ...target/plugins/apps/container/__init__.py
diff --git a/.../target/plugins/apps/containers/docker.py → ...t/target/plugins/apps/container/docker.py b/.../target/plugins/apps/containers/docker.py → ...t/target/plugins/apps/container/docker.py
diff --git a/...arget/plugins/apps/webservers/__init__.py → dissect/target/plugins/apps/vpn/__init__.py b/...arget/plugins/apps/webservers/__init__.py → dissect/target/plugins/apps/vpn/__init__.py
diff --git a/dissect/target/plugins/apps/vpns/openvpn.py → dissect/target/plugins/apps/vpn/openvpn.py b/dissect/target/plugins/apps/vpns/openvpn.py → dissect/target/plugins/apps/vpn/openvpn.py
diff --git a/...ect/target/plugins/apps/vpns/wireguard.py → dissect/target/plugins/apps/vpn/wireguard.py b/...ect/target/plugins/apps/vpns/wireguard.py → dissect/target/plugins/apps/vpn/wireguard.py
diff --git a/dissect/target/plugins/browsers/__init__.py → ...target/plugins/apps/webserver/__init__.py b/dissect/target/plugins/browsers/__init__.py → ...target/plugins/apps/webserver/__init__.py
diff --git a/.../target/plugins/apps/webservers/apache.py → ...t/target/plugins/apps/webserver/apache.py b/.../target/plugins/apps/webservers/apache.py → ...t/target/plugins/apps/webserver/apache.py
@@ -8,7 +8,7 @@
 from dissect.target import plugin
 from dissect.target.exceptions import FileNotFoundError, UnsupportedPluginError
 from dissect.target.helpers.fsutil import open_decompress
-from dissect.target.plugins.apps.webservers.webservers import WebserverAccessLogRecord
+from dissect.target.plugins.apps.webserver.webserver import WebserverAccessLogRecord
 from dissect.target.target import Target
 
 COMMON_REGEX = r'(?P<remote_ip>.*?) (?P<remote_logname>.*?) (?P<remote_user>.*?) \[(?P<ts>.*)\] "(?P<method>.*?) (?P<uri>.*?) ?(?P<protocol>HTTP\/.*?)?" (?P<status_code>\d{3}) (?P<bytes_sent>-|\d+)'  # noqa: E501

diff --git a/...t/target/plugins/apps/webservers/caddy.py → ...ct/target/plugins/apps/webserver/caddy.py b/...t/target/plugins/apps/webservers/caddy.py → ...ct/target/plugins/apps/webserver/caddy.py
@@ -9,7 +9,7 @@
 from dissect.target import plugin
 from dissect.target.exceptions import FileNotFoundError, UnsupportedPluginError
 from dissect.target.helpers.fsutil import basename, open_decompress
-from dissect.target.plugins.apps.webservers.webservers import WebserverAccessLogRecord
+from dissect.target.plugins.apps.webserver.webserver import WebserverAccessLogRecord
 from dissect.target.target import Target
 
 LOG_FILE_REGEX = re.compile(r"(log|output file) (?P<log_file>.*)( \{)?$")

diff --git a/...ect/target/plugins/apps/webservers/iis.py → dissect/target/plugins/apps/webserver/iis.py b/...ect/target/plugins/apps/webservers/iis.py → dissect/target/plugins/apps/webserver/iis.py
@@ -12,7 +12,7 @@
 from dissect.target.exceptions import PluginError, UnsupportedPluginError
 from dissect.target.helpers import fsutil
 from dissect.target.helpers.record import TargetRecordDescriptor
-from dissect.target.plugins.apps.webservers.webservers import WebserverAccessLogRecord
+from dissect.target.plugins.apps.webserver.webserver import WebserverAccessLogRecord
 
 LOG_RECORD_NAME = "filesystem/windows/iis/logs"
 

diff --git a/...t/target/plugins/apps/webservers/nginx.py → ...ct/target/plugins/apps/webserver/nginx.py b/...t/target/plugins/apps/webservers/nginx.py → ...ct/target/plugins/apps/webserver/nginx.py
@@ -6,7 +6,7 @@
 from dissect.target import plugin
 from dissect.target.exceptions import FileNotFoundError, UnsupportedPluginError
 from dissect.target.helpers.fsutil import open_decompress
-from dissect.target.plugins.apps.webservers.webservers import WebserverAccessLogRecord
+from dissect.target.plugins.apps.webserver.webserver import WebserverAccessLogRecord
 from dissect.target.target import Target
 
 LOG_REGEX = re.compile(

diff --git a/...get/plugins/apps/webservers/webservers.py → ...arget/plugins/apps/webserver/webserver.py b/...get/plugins/apps/webservers/webservers.py → ...arget/plugins/apps/webserver/webserver.py
diff --git a/tests/data/symlink_disk.ext4 → tests/_data/filesystem/symlink_disk.ext4 b/tests/data/symlink_disk.ext4 → tests/_data/filesystem/symlink_disk.ext4
diff --git a/tests/data/helpers/configparser/config → tests/_data/helpers/configutil/config b/tests/data/helpers/configparser/config → tests/_data/helpers/configutil/config
diff --git a/tests/data/helpers/configparser/hosts → tests/_data/helpers/configutil/hosts b/tests/data/helpers/configparser/hosts → tests/_data/helpers/configutil/hosts
diff --git a/tests/data/helpers/configparser/hosts.allow → tests/_data/helpers/configutil/hosts.allow b/tests/data/helpers/configparser/hosts.allow → tests/_data/helpers/configutil/hosts.allow
diff --git a/tests/data/helpers/configparser/hosts.deny → tests/_data/helpers/configutil/hosts.deny b/tests/data/helpers/configparser/hosts.deny → tests/_data/helpers/configutil/hosts.deny
diff --git a/tests/data/helpers/configparser/resolv.conf → tests/_data/helpers/configutil/resolv.conf b/tests/data/helpers/configparser/resolv.conf → tests/_data/helpers/configutil/resolv.conf
diff --git a/tests/data/helpers/configparser/sshd_config → tests/_data/helpers/configutil/sshd_config b/tests/data/helpers/configparser/sshd_config → tests/_data/helpers/configutil/sshd_config
diff --git a/tests/data/keychain.csv → tests/_data/helpers/keychain/keychain.csv b/tests/data/keychain.csv → tests/_data/helpers/keychain/keychain.csv
diff --git a/tests/data/regflex.reg → tests/_data/helpers/regutil/regflex.reg b/tests/data/regflex.reg → tests/_data/helpers/regutil/regflex.reg
diff --git a/tests/data/loaders/asdf/metadata.asdf → tests/_data/loaders/asdf/metadata.asdf b/tests/data/loaders/asdf/metadata.asdf → tests/_data/loaders/asdf/metadata.asdf
diff --git a/...993F7B33-6057-4D1E-A1FE-A1A1D77BE974.vmcx → ...993F7B33-6057-4D1E-A1FE-A1A1D77BE974.vmcx b/...993F7B33-6057-4D1E-A1FE-A1A1D77BE974.vmcx → ...993F7B33-6057-4D1E-A1FE-A1A1D77BE974.vmcx
diff --git a/.../B90AC31B-C6F8-479F-9B91-07B894A6A3F6.xml → .../B90AC31B-C6F8-479F-9B91-07B894A6A3F6.xml b/.../B90AC31B-C6F8-479F-9B91-07B894A6A3F6.xml → .../B90AC31B-C6F8-479F-9B91-07B894A6A3F6.xml
diff --git a/.../D351C151-DAC7-4042-B434-B72D522C1E4A.xml → .../D351C151-DAC7-4042-B434-B72D522C1E4A.xml b/.../D351C151-DAC7-4042-B434-B72D522C1E4A.xml → .../D351C151-DAC7-4042-B434-B72D522C1E4A.xml
diff --git a/...EC04F346-DB96-4700-AF5B-77B3C56C38BD.vmcx → ...EC04F346-DB96-4700-AF5B-77B3C56C38BD.vmcx b/...EC04F346-DB96-4700-AF5B-77B3C56C38BD.vmcx → ...EC04F346-DB96-4700-AF5B-77B3C56C38BD.vmcx
diff --git a/...a/loaders/tar/test-archive-dot-folder.tgz → ...a/loaders/tar/test-archive-dot-folder.tgz b/...a/loaders/tar/test-archive-dot-folder.tgz → ...a/loaders/tar/test-archive-dot-folder.tgz
diff --git a/tests/data/test-archive-empty-folder.tgz → ...loaders/tar/test-archive-empty-folder.tgz b/tests/data/test-archive-empty-folder.tgz → ...loaders/tar/test-archive-empty-folder.tgz
diff --git a/tests/data/test-archive.tar.gz → tests/_data/loaders/tar/test-archive.tar.gz b/tests/data/test-archive.tar.gz → tests/_data/loaders/tar/test-archive.tar.gz
diff --git a/tests/data/test-windows-fs-c-absolute.tar → ...oaders/tar/test-windows-fs-c-absolute.tar b/tests/data/test-windows-fs-c-absolute.tar → ...oaders/tar/test-windows-fs-c-absolute.tar
diff --git a/tests/data/test-windows-fs-c-relative.tar → ...oaders/tar/test-windows-fs-c-relative.tar b/tests/data/test-windows-fs-c-relative.tar → ...oaders/tar/test-windows-fs-c-relative.tar
diff --git a/tests/data/test-windows-sysvol-absolute.tar → ...ders/tar/test-windows-sysvol-absolute.tar b/tests/data/test-windows-sysvol-absolute.tar → ...ders/tar/test-windows-sysvol-absolute.tar
diff --git a/tests/data/test-windows-sysvol-relative.tar → ...ders/tar/test-windows-sysvol-relative.tar b/tests/data/test-windows-sysvol-relative.tar → ...ders/tar/test-windows-sysvol-relative.tar
diff --git a/tests/data/uppercase_driveletter.tar → ...ata/loaders/tar/uppercase_driveletter.tar b/tests/data/uppercase_driveletter.tar → ...ata/loaders/tar/uppercase_driveletter.tar
diff --git a/tests/data/apps/av/mcafee/firewall.log → ..._data/plugins/apps/av/mcafee/firewall.log b/tests/data/apps/av/mcafee/firewall.log → ..._data/plugins/apps/av/mcafee/firewall.log
diff --git a/tests/data/apps/av/mcafee/infect.log → ...s/_data/plugins/apps/av/mcafee/infect.log b/tests/data/apps/av/mcafee/infect.log → ...s/_data/plugins/apps/av/mcafee/infect.log
diff --git a/tests/data/apps/av/sophos/Clean.log → tests/_data/plugins/apps/av/sophos/Clean.log b/tests/data/apps/av/sophos/Clean.log → tests/_data/plugins/apps/av/sophos/Clean.log
diff --git a/tests/data/apps/av/sophos/excalibur.db → ..._data/plugins/apps/av/sophos/excalibur.db b/tests/data/apps/av/sophos/excalibur.db → ..._data/plugins/apps/av/sophos/excalibur.db
diff --git a/tests/data/plugins/apps/av/symantec/cve.log → tests/_data/plugins/apps/av/symantec/cve.log b/tests/data/plugins/apps/av/symantec/cve.log → tests/_data/plugins/apps/av/symantec/cve.log
diff --git a/.../data/plugins/apps/av/symantec/tralog.log → ..._data/plugins/apps/av/symantec/tralog.log b/.../data/plugins/apps/av/symantec/tralog.log → ..._data/plugins/apps/av/symantec/tralog.log
diff --git a/tests/data/apps/av/trendmicro/firewall.log → ...a/plugins/apps/av/trendmicro/firewall.log b/tests/data/apps/av/trendmicro/firewall.log → ...a/plugins/apps/av/trendmicro/firewall.log
diff --git a/tests/data/apps/av/trendmicro/pccnt35.log → ...ta/plugins/apps/av/trendmicro/pccnt35.log b/tests/data/apps/av/trendmicro/pccnt35.log → ...ta/plugins/apps/av/trendmicro/pccnt35.log
diff --git a/...ta/plugins/browsers/chrome/History.sqlite → ...lugins/apps/browser/chrome/History.sqlite b/...ta/plugins/browsers/chrome/History.sqlite → ...lugins/apps/browser/chrome/History.sqlite
diff --git a/...ugins/browsers/chrome/windows/Preferences → ...s/apps/browser/chrome/windows/Preferences b/...ugins/browsers/chrome/windows/Preferences → ...s/apps/browser/chrome/windows/Preferences
diff --git a/...rowsers/chrome/windows/Secure Preferences → ...browser/chrome/windows/Secure Preferences b/...rowsers/chrome/windows/Secure Preferences → ...browser/chrome/windows/Secure Preferences
diff --git a/.../plugins/browsers/chromium/History.sqlite → ...gins/apps/browser/chromium/History.sqlite b/.../plugins/browsers/chromium/History.sqlite → ...gins/apps/browser/chromium/History.sqlite
diff --git a/...ins/browsers/chromium/windows/Preferences → ...apps/browser/chromium/windows/Preferences b/...ins/browsers/chromium/windows/Preferences → ...apps/browser/chromium/windows/Preferences
diff --git a/...wsers/chromium/windows/Secure Preferences → ...owser/chromium/windows/Secure Preferences b/...wsers/chromium/windows/Secure Preferences → ...owser/chromium/windows/Secure Preferences
diff --git a/...data/plugins/browsers/edge/History.sqlite → .../plugins/apps/browser/edge/History.sqlite b/...data/plugins/browsers/edge/History.sqlite → .../plugins/apps/browser/edge/History.sqlite
diff --git a/...plugins/browsers/edge/windows/Preferences → ...ins/apps/browser/edge/windows/Preferences b/...plugins/browsers/edge/windows/Preferences → ...ins/apps/browser/edge/windows/Preferences
diff --git a/.../browsers/edge/windows/Secure Preferences → ...s/browser/edge/windows/Secure Preferences b/.../browsers/edge/windows/Secure Preferences → ...s/browser/edge/windows/Secure Preferences
diff --git a/...ta/plugins/browsers/firefox/places.sqlite → ...lugins/apps/browser/firefox/places.sqlite b/...ta/plugins/browsers/firefox/places.sqlite → ...lugins/apps/browser/firefox/places.sqlite
diff --git a/...gins/browsers/iexplore/WebCacheV01.dat.gz → .../apps/browser/iexplore/WebCacheV01.dat.gz b/...gins/browsers/iexplore/WebCacheV01.dat.gz → .../apps/browser/iexplore/WebCacheV01.dat.gz
diff --git a/.../containers/docker/container_running.json → ...s/container/docker/container_running.json b/.../containers/docker/container_running.json → ...s/container/docker/container_running.json
diff --git a/...pps/containers/docker/image_metadata.json → ...apps/container/docker/image_metadata.json b/...pps/containers/docker/image_metadata.json → ...apps/container/docker/image_metadata.json
diff --git a/.../apps/containers/docker/repositories.json → ...s/apps/container/docker/repositories.json b/.../apps/containers/docker/repositories.json → ...s/apps/container/docker/repositories.json
diff --git a/tests/data/TestAnydesk.trace → ...ps/remoteaccess/anydesk/TestAnydesk.trace b/tests/data/TestAnydesk.trace → ...ps/remoteaccess/anydesk/TestAnydesk.trace
diff --git a/tests/data/TestTeamviewer.log → ...emoteaccess/teamviewer/TestTeamviewer.log b/tests/data/TestTeamviewer.log → ...emoteaccess/teamviewer/TestTeamviewer.log
diff --git a/tests/data/plugins/apps/sshd_config → ...ata/plugins/apps/ssh/opensshd/sshd_config b/tests/data/plugins/apps/sshd_config → ...ata/plugins/apps/ssh/opensshd/sshd_config
diff --git a/tests/data/vpns/openvpn/client.conf → ...data/plugins/apps/vpn/openvpn/client.conf b/tests/data/vpns/openvpn/client.conf → ...data/plugins/apps/vpn/openvpn/client.conf
diff --git a/tests/data/vpns/openvpn/server.conf → ...data/plugins/apps/vpn/openvpn/server.conf b/tests/data/vpns/openvpn/server.conf → ...data/plugins/apps/vpn/openvpn/server.conf
diff --git a/tests/data/vpns/wireguard/wg0.conf → ..._data/plugins/apps/vpn/wireguard/wg0.conf b/tests/data/vpns/wireguard/wg0.conf → ..._data/plugins/apps/vpn/wireguard/wg0.conf
diff --git a/.../plugins/apps/webhosting/cpanel/lastlogin → .../plugins/apps/webhosting/cpanel/lastlogin b/.../plugins/apps/webhosting/cpanel/lastlogin → .../plugins/apps/webhosting/cpanel/lastlogin
diff --git a/tests/data/webservers/apache/access.log → .../plugins/apps/webserver/apache/access.log b/tests/data/webservers/apache/access.log → .../plugins/apps/webserver/apache/access.log
diff --git a/tests/data/webservers/apache/access.log.bz2 → ...gins/apps/webserver/apache/access.log.bz2 b/tests/data/webservers/apache/access.log.bz2 → ...gins/apps/webserver/apache/access.log.bz2
diff --git a/tests/data/webservers/apache/access.log.gz → ...ugins/apps/webserver/apache/access.log.gz b/tests/data/webservers/apache/access.log.gz → ...ugins/apps/webserver/apache/access.log.gz
diff --git a/tests/data/webservers/caddy/Caddyfile → ...ta/plugins/apps/webserver/caddy/Caddyfile b/tests/data/webservers/caddy/Caddyfile → ...ta/plugins/apps/webserver/caddy/Caddyfile
diff --git a/tests/data/webservers/caddy/access.log → ...a/plugins/apps/webserver/caddy/access.log b/tests/data/webservers/caddy/access.log → ...a/plugins/apps/webserver/caddy/access.log
diff --git a/...ervers/iis/iis-applicationHost-iis.config → ...server/iis/iis-applicationHost-iis.config b/...ervers/iis/iis-applicationHost-iis.config → ...server/iis/iis-applicationHost-iis.config
diff --git a/...w3c-logFile-without-directory-attr.config → ...w3c-logFile-without-directory-attr.config b/...w3c-logFile-without-directory-attr.config → ...w3c-logFile-without-directory-attr.config
diff --git a/...ervers/iis/iis-applicationHost-w3c.config → ...server/iis/iis-applicationHost-w3c.config b/...ervers/iis/iis-applicationHost-w3c.config → ...server/iis/iis-applicationHost-w3c.config
diff --git a/...rs/iis/iis-logs-iis/W3SVC1/u_in211001.log → ...er/iis/iis-logs-iis/W3SVC1/u_in211001.log b/...rs/iis/iis-logs-iis/W3SVC1/u_in211001.log → ...er/iis/iis-logs-iis/W3SVC1/u_in211001.log
diff --git a/.../iis/iis-logs-w3c/W3SVC1/u_ex211001_x.log → .../iis/iis-logs-w3c/W3SVC1/u_ex211001_x.log b/.../iis/iis-logs-w3c/W3SVC1/u_ex211001_x.log → .../iis/iis-logs-w3c/W3SVC1/u_ex211001_x.log
diff --git a/tests/data/webservers/nginx/access.log → ...a/plugins/apps/webserver/nginx/access.log b/tests/data/webservers/nginx/access.log → ...a/plugins/apps/webserver/nginx/access.log
diff --git a/tests/data/webservers/nginx/access.log.bz2 → ...ugins/apps/webserver/nginx/access.log.bz2 b/tests/data/webservers/nginx/access.log.bz2 → ...ugins/apps/webserver/nginx/access.log.bz2
diff --git a/tests/data/webservers/nginx/access.log.gz → ...lugins/apps/webserver/nginx/access.log.gz b/tests/data/webservers/nginx/access.log.gz → ...lugins/apps/webserver/nginx/access.log.gz
diff --git a/tests/data/webservers/nginx/nginx.conf → ...a/plugins/apps/webserver/nginx/nginx.conf b/tests/data/webservers/nginx/nginx.conf → ...a/plugins/apps/webserver/nginx/nginx.conf
diff --git a/tests/data/plugins/child/hyperv/data.vmcx → tests/_data/plugins/child/hyperv/data.vmcx b/tests/data/plugins/child/hyperv/data.vmcx → tests/_data/plugins/child/hyperv/data.vmcx
diff --git a/tests/data/test-acquire-handles.tar → .../acquire_handles/test-acquire-handles.tar b/tests/data/test-acquire-handles.tar → .../acquire_handles/test-acquire-handles.tar
diff --git a/tests/data/test-acquire-hash.tar → ...system/acquire_hash/test-acquire-hash.tar b/tests/data/test-acquire-hash.tar → ...system/acquire_hash/test-acquire-hash.tar
diff --git a/tests/data/mft.raw → ..._data/plugins/filesystem/ntfs/mft/mft.raw b/tests/data/mft.raw → ..._data/plugins/filesystem/ntfs/mft/mft.raw
diff --git a/tests/data/usnjrnl.bin → ...ugins/filesystem/ntfs/usnjrnl/usnjrnl.bin b/tests/data/usnjrnl.bin → ...ugins/filesystem/ntfs/usnjrnl/usnjrnl.bin
diff --git a/tests/data/unix/configs/ips/eth0.xml → tests/_data/plugins/os/unix/_os/ips/eth0.xml b/tests/data/unix/configs/ips/eth0.xml → tests/_data/plugins/os/unix/_os/ips/eth0.xml
diff --git a/tests/data/unix/configs/ips/interfaces → .../_data/plugins/os/unix/_os/ips/interfaces b/tests/data/unix/configs/ips/interfaces → .../_data/plugins/os/unix/_os/ips/interfaces
diff --git a/tests/data/unix/configs/passwd → tests/_data/plugins/os/unix/_os/passwd b/tests/data/unix/configs/passwd → tests/_data/plugins/os/unix/_os/passwd
diff --git a/tests/data/unix/logs/passwd-syslog → ...s/_data/plugins/os/unix/_os/passwd-syslog b/tests/data/unix/logs/passwd-syslog → ...s/_data/plugins/os/unix/_os/passwd-syslog
diff --git a/...plugins/os/unix/bsd/citrix/flash/.version → ...ins/os/unix/bsd/citrix/_os/flash/.version b/...plugins/os/unix/bsd/citrix/flash/.version → ...ins/os/unix/bsd/citrix/_os/flash/.version
diff --git a/...os/unix/bsd/citrix/flash/boot/loader.conf → ...nix/bsd/citrix/_os/flash/boot/loader.conf b/...os/unix/bsd/citrix/flash/boot/loader.conf → ...nix/bsd/citrix/_os/flash/boot/loader.conf
diff --git a/...os/unix/bsd/citrix/flash/nsconfig/ns.conf → ...nix/bsd/citrix/_os/flash/nsconfig/ns.conf b/...os/unix/bsd/citrix/flash/nsconfig/ns.conf → ...nix/bsd/citrix/_os/flash/nsconfig/ns.conf
diff --git a/.../unix/bsd/citrix/flash/nsconfig/ns.conf.0 → ...x/bsd/citrix/_os/flash/nsconfig/ns.conf.0 b/.../unix/bsd/citrix/flash/nsconfig/ns.conf.0 → ...x/bsd/citrix/_os/flash/nsconfig/ns.conf.0
diff --git a/.../unix/bsd/freebsd/freebsd-freebsd-version → ...x/bsd/freebsd/_os/freebsd-freebsd-version b/.../unix/bsd/freebsd/freebsd-freebsd-version → ...x/bsd/freebsd/_os/freebsd-freebsd-version
diff --git a/...ns/os/unix/bsd/osx/os/SystemVersion.plist → ...s/os/unix/bsd/osx/_os/SystemVersion.plist b/...ns/os/unix/bsd/osx/os/SystemVersion.plist → ...s/os/unix/bsd/osx/_os/SystemVersion.plist
diff --git a/.../plugins/os/unix/bsd/osx/os/dissect.plist → ...plugins/os/unix/bsd/osx/_os/dissect.plist b/.../plugins/os/unix/bsd/osx/os/dissect.plist → ...plugins/os/unix/bsd/osx/_os/dissect.plist
diff --git a/...data/plugins/os/unix/bsd/osx/os/en0.plist → ...ata/plugins/os/unix/bsd/osx/_os/en0.plist b/...data/plugins/os/unix/bsd/osx/os/en0.plist → ...ata/plugins/os/unix/bsd/osx/_os/en0.plist
diff --git a/...gins/os/unix/bsd/osx/os/preferences.plist → ...ins/os/unix/bsd/osx/_os/preferences.plist b/...gins/os/unix/bsd/osx/os/preferences.plist → ...ins/os/unix/bsd/osx/_os/preferences.plist
diff --git a/...ata/plugins/os/unix/bsd/osx/os/test.plist → ...ta/plugins/os/unix/bsd/osx/_os/test.plist b/...ata/plugins/os/unix/bsd/osx/os/test.plist → ...ta/plugins/os/unix/bsd/osx/_os/test.plist
diff --git a/.../plugins/os/unix/linux/android/build.prop → .../plugins/os/unix/linux/android/build.prop b/.../plugins/os/unix/linux/android/build.prop → .../plugins/os/unix/linux/android/build.prop
diff --git a/...ns/os/unix/linux/debian/debian-os-release → ...s/unix/linux/debian/_os/debian-os-release b/...ns/os/unix/linux/debian/debian-os-release → ...s/unix/linux/debian/_os/debian-os-release
diff --git a/...s/os/unix/linux/debian/ubuntu-lsb-release → .../unix/linux/debian/_os/ubuntu-lsb-release b/...s/os/unix/linux/debian/ubuntu-lsb-release → .../unix/linux/debian/_os/ubuntu-lsb-release
diff --git a/...ns/os/unix/linux/debian/ubuntu-os-release → ...s/unix/linux/debian/_os/ubuntu-os-release b/...ns/os/unix/linux/debian/ubuntu-os-release → ...s/unix/linux/debian/_os/ubuntu-os-release
diff --git a/...gins/os/unix/linux/debian/apt/history.log → ...gins/os/unix/linux/debian/apt/history.log b/...gins/os/unix/linux/debian/apt/history.log → ...gins/os/unix/linux/debian/apt/history.log
diff --git a/...s/unix/linux/debian/apt/history.log.1.bz2 → ...s/unix/linux/debian/apt/history.log.1.bz2 b/...s/unix/linux/debian/apt/history.log.1.bz2 → ...s/unix/linux/debian/apt/history.log.1.bz2
diff --git a/...os/unix/linux/debian/apt/history.log.1.gz → ...os/unix/linux/debian/apt/history.log.1.gz b/...os/unix/linux/debian/apt/history.log.1.gz → ...os/unix/linux/debian/apt/history.log.1.gz
diff --git a/tests/data/unix/logs/dpkg-status → ...ins/os/unix/linux/debian/dpkg/dpkg-status b/tests/data/unix/logs/dpkg-status → ...ins/os/unix/linux/debian/dpkg/dpkg-status
diff --git a/tests/data/unix/logs/dpkg.log → ...lugins/os/unix/linux/debian/dpkg/dpkg.log b/tests/data/unix/logs/dpkg.log → ...lugins/os/unix/linux/debian/dpkg/dpkg.log
diff --git a/tests/data/unix/logs/dpkg.log.2.gz → ...s/os/unix/linux/debian/dpkg/dpkg.log.2.gz b/tests/data/unix/logs/dpkg.log.2.gz → ...s/os/unix/linux/debian/dpkg/dpkg.log.2.gz
diff --git a/...nix/linux/modules/module/modulea/coresize → ...nix/linux/modules/module/modulea/coresize b/...nix/linux/modules/module/modulea/coresize → ...nix/linux/modules/module/modulea/coresize
diff --git a/...ux/modules/module/modulea/holders/holdera → ...ux/modules/module/modulea/holders/holdera b/...ux/modules/module/modulea/holders/holdera → ...ux/modules/module/modulea/holders/holdera
diff --git a/...ix/linux/modules/module/modulea/initstate → ...ix/linux/modules/module/modulea/initstate b/...ix/linux/modules/module/modulea/initstate → ...ix/linux/modules/module/modulea/initstate
diff --git a/.../unix/linux/modules/module/modulea/refcnt → .../unix/linux/modules/module/modulea/refcnt b/.../unix/linux/modules/module/modulea/refcnt → .../unix/linux/modules/module/modulea/refcnt
diff --git a/...nix/linux/modules/module/moduleb/coresize → ...nix/linux/modules/module/moduleb/coresize b/...nix/linux/modules/module/moduleb/coresize → ...nix/linux/modules/module/moduleb/coresize
diff --git a/...ux/modules/module/moduleb/holders/holdera → ...ux/modules/module/moduleb/holders/holdera b/...ux/modules/module/moduleb/holders/holdera → ...ux/modules/module/moduleb/holders/holdera
diff --git a/...ux/modules/module/moduleb/holders/holderb → ...ux/modules/module/moduleb/holders/holderb b/...ux/modules/module/moduleb/holders/holderb → ...ux/modules/module/moduleb/holders/holderb
diff --git a/...ix/linux/modules/module/moduleb/initstate → ...ix/linux/modules/module/moduleb/initstate b/...ix/linux/modules/module/moduleb/initstate → ...ix/linux/modules/module/moduleb/initstate
diff --git a/.../unix/linux/modules/module/moduleb/refcnt → .../unix/linux/modules/module/moduleb/refcnt b/.../unix/linux/modules/module/moduleb/refcnt → .../unix/linux/modules/module/moduleb/refcnt
diff --git a/tests/data/unix/linux/proc/net/packet → ...ata/plugins/os/unix/linux/proc/net/packet b/tests/data/unix/linux/proc/net/packet → ...ata/plugins/os/unix/linux/proc/net/packet
diff --git a/tests/data/unix/linux/proc/net/raw → .../_data/plugins/os/unix/linux/proc/net/raw b/tests/data/unix/linux/proc/net/raw → .../_data/plugins/os/unix/linux/proc/net/raw
diff --git a/tests/data/unix/linux/proc/net/raw6 → ..._data/plugins/os/unix/linux/proc/net/raw6 b/tests/data/unix/linux/proc/net/raw6 → ..._data/plugins/os/unix/linux/proc/net/raw6
diff --git a/tests/data/unix/linux/proc/net/tcp → .../_data/plugins/os/unix/linux/proc/net/tcp b/tests/data/unix/linux/proc/net/tcp → .../_data/plugins/os/unix/linux/proc/net/tcp
diff --git a/tests/data/unix/linux/proc/net/tcp6 → ..._data/plugins/os/unix/linux/proc/net/tcp6 b/tests/data/unix/linux/proc/net/tcp6 → ..._data/plugins/os/unix/linux/proc/net/tcp6
diff --git a/tests/data/unix/linux/proc/net/udp → .../_data/plugins/os/unix/linux/proc/net/udp b/tests/data/unix/linux/proc/net/udp → .../_data/plugins/os/unix/linux/proc/net/udp
diff --git a/tests/data/unix/linux/proc/net/udp6 → ..._data/plugins/os/unix/linux/proc/net/udp6 b/tests/data/unix/linux/proc/net/udp6 → ..._data/plugins/os/unix/linux/proc/net/udp6
diff --git a/tests/data/unix/linux/proc/net/unix → ..._data/plugins/os/unix/linux/proc/net/unix b/tests/data/unix/linux/proc/net/unix → ..._data/plugins/os/unix/linux/proc/net/unix
diff --git a/...ns/os/unix/linux/redhat/centos-os-release → ...s/unix/linux/redhat/_os/centos-os-release b/...ns/os/unix/linux/redhat/centos-os-release → ...s/unix/linux/redhat/_os/centos-os-release
diff --git a/...ns/os/unix/linux/redhat/fedora-os-release → ...s/unix/linux/redhat/_os/fedora-os-release b/...ns/os/unix/linux/redhat/fedora-os-release → ...s/unix/linux/redhat/_os/fedora-os-release
diff --git a/.../plugins/os/unix/linux/redhat/yum/yum.log → .../plugins/os/unix/linux/redhat/yum/yum.log b/.../plugins/os/unix/linux/redhat/yum/yum.log → .../plugins/os/unix/linux/redhat/yum/yum.log
diff --git a/...ns/os/unix/linux/redhat/yum/yum.log.1.bz2 → ...ns/os/unix/linux/redhat/yum/yum.log.1.bz2 b/...ns/os/unix/linux/redhat/yum/yum.log.1.bz2 → ...ns/os/unix/linux/redhat/yum/yum.log.1.bz2
diff --git a/...ins/os/unix/linux/redhat/yum/yum.log.1.gz → ...ins/os/unix/linux/redhat/yum/yum.log.1.gz b/...ins/os/unix/linux/redhat/yum/yum.log.1.gz → ...ins/os/unix/linux/redhat/yum/yum.log.1.gz
diff --git a/...ns/os/unix/linux/suse/opensuse-os-release → ...s/unix/linux/suse/_os/opensuse-os-release b/...ns/os/unix/linux/suse/opensuse-os-release → ...s/unix/linux/suse/_os/opensuse-os-release
diff --git a/...a/plugins/os/unix/linux/suse/zypp/history → ...a/plugins/os/unix/linux/suse/zypp/history b/...a/plugins/os/unix/linux/suse/zypp/history → ...a/plugins/os/unix/linux/suse/zypp/history
diff --git a/...ins/os/unix/linux/suse/zypp/history.1.bz2 → ...ins/os/unix/linux/suse/zypp/history.1.bz2 b/...ins/os/unix/linux/suse/zypp/history.1.bz2 → ...ins/os/unix/linux/suse/zypp/history.1.bz2
diff --git a/...gins/os/unix/linux/suse/zypp/history.1.gz → ...gins/os/unix/linux/suse/zypp/history.1.gz b/...gins/os/unix/linux/suse/zypp/history.1.gz → ...gins/os/unix/linux/suse/zypp/history.1.gz
diff --git a/tests/data/unix/configs/keyboard → tests/_data/plugins/os/unix/locale/keyboard b/tests/data/unix/configs/keyboard → tests/_data/plugins/os/unix/locale/keyboard
diff --git a/tests/data/plugins/os/unix/log/atop/atop → tests/_data/plugins/os/unix/log/atop/atop b/tests/data/plugins/os/unix/log/atop/atop → tests/_data/plugins/os/unix/log/atop/atop
diff --git a/tests/data/unix/logs/audit.log → ..._data/plugins/os/unix/log/audit/audit.log b/tests/data/unix/logs/audit.log → ..._data/plugins/os/unix/log/audit/audit.log
diff --git a/tests/data/unix/logs/auth/auth.log → ...s/_data/plugins/os/unix/log/auth/auth.log b/tests/data/unix/logs/auth/auth.log → ...s/_data/plugins/os/unix/log/auth/auth.log
diff --git a/tests/data/unix/logs/auth/auth.log.bz2 → ...ata/plugins/os/unix/log/auth/auth.log.bz2 b/tests/data/unix/logs/auth/auth.log.bz2 → ...ata/plugins/os/unix/log/auth/auth.log.bz2
diff --git a/tests/data/unix/logs/auth/auth.log.gz → ...data/plugins/os/unix/log/auth/auth.log.gz b/tests/data/unix/logs/auth/auth.log.gz → ...data/plugins/os/unix/log/auth/auth.log.gz
diff --git a/tests/data/unix/logs/auth/secure → tests/_data/plugins/os/unix/log/auth/secure b/tests/data/unix/logs/auth/secure → tests/_data/plugins/os/unix/log/auth/secure
diff --git a/tests/data/plugins/os/unix/log/btmp/btmp → tests/_data/plugins/os/unix/log/btmp/btmp b/tests/data/plugins/os/unix/log/btmp/btmp → tests/_data/plugins/os/unix/log/btmp/btmp
diff --git a/...s/data/plugins/os/unix/log/btmp/btmp-ipv6 → .../_data/plugins/os/unix/log/btmp/btmp-ipv6 b/...s/data/plugins/os/unix/log/btmp/btmp-ipv6 → .../_data/plugins/os/unix/log/btmp/btmp-ipv6
diff --git a/tests/data/empty.log → tests/_data/plugins/os/unix/log/empty.log b/tests/data/empty.log → tests/_data/plugins/os/unix/log/empty.log
diff --git a/tests/data/plugins/os/unix/log/journal → ..._data/plugins/os/unix/log/journal/journal b/tests/data/plugins/os/unix/log/journal → ..._data/plugins/os/unix/log/journal/journal
diff --git a/.../data/plugins/os/unix/log/lastlog/lastlog → ..._data/plugins/os/unix/log/lastlog/lastlog b/.../data/plugins/os/unix/log/lastlog/lastlog → ..._data/plugins/os/unix/log/lastlog/lastlog
diff --git a/tests/data/unix/logs/messages → ...ata/plugins/os/unix/log/messages/messages b/tests/data/unix/logs/messages → ...ata/plugins/os/unix/log/messages/messages
diff --git a/tests/data/plugins/os/unix/log/wtmp/wtmp → tests/_data/plugins/os/unix/log/wtmp/wtmp b/tests/data/plugins/os/unix/log/wtmp/wtmp → tests/_data/plugins/os/unix/log/wtmp/wtmp
diff --git a/...s/data/plugins/os/unix/log/wtmp/wtmp-ipv6 → .../_data/plugins/os/unix/log/wtmp/wtmp-ipv6 b/...s/data/plugins/os/unix/log/wtmp/wtmp-ipv6 → .../_data/plugins/os/unix/log/wtmp/wtmp-ipv6
diff --git a/tests/data/plugins/os/unix/services/initd.sh → ...s/_data/plugins/os/unix/services/initd.sh b/tests/data/plugins/os/unix/services/initd.sh → ...s/_data/plugins/os/unix/services/initd.sh
diff --git a/.../plugins/os/unix/services/systemd.service → .../plugins/os/unix/services/systemd.service b/.../plugins/os/unix/services/systemd.service → .../plugins/os/unix/services/systemd.service
diff --git a/...plugins/os/unix/services/systemd2.service → ...plugins/os/unix/services/systemd2.service b/...plugins/os/unix/services/systemd2.service → ...plugins/os/unix/services/systemd2.service
diff --git a/tests/data/unix/configs/shadow → tests/_data/plugins/os/unix/shadow/shadow b/tests/data/unix/configs/shadow → tests/_data/plugins/os/unix/shadow/shadow
diff --git a/...F340-016D-11D2-945F-00C04FB984F9}/GPT.INI → ...F340-016D-11D2-945F-00C04FB984F9}/GPT.INI b/...F340-016D-11D2-945F-00C04FB984F9}/GPT.INI → ...F340-016D-11D2-945F-00C04FB984F9}/GPT.INI
diff --git a/...HINE/Microsoft/Windows NT/Audit/audit.csv → ...HINE/Microsoft/Windows NT/Audit/audit.csv b/...HINE/Microsoft/Windows NT/Audit/audit.csv → ...HINE/Microsoft/Windows NT/Audit/audit.csv
diff --git a/.../Microsoft/Windows NT/SecEdit/GptTmpl.inf → .../Microsoft/Windows NT/SecEdit/GptTmpl.inf b/.../Microsoft/Windows NT/SecEdit/GptTmpl.inf → .../Microsoft/Windows NT/SecEdit/GptTmpl.inf
diff --git a/...2-945F-00C04FB984F9}/MACHINE/Registry.pol → ...2-945F-00C04FB984F9}/MACHINE/Registry.pol b/...2-945F-00C04FB984F9}/MACHINE/Registry.pol → ...2-945F-00C04FB984F9}/MACHINE/Registry.pol
diff --git a/...2-945F-00C04FB984F9}/MACHINE/comment.cmtx → ...2-945F-00C04FB984F9}/MACHINE/comment.cmtx b/...2-945F-00C04FB984F9}/MACHINE/comment.cmtx → ...2-945F-00C04FB984F9}/MACHINE/comment.cmtx
diff --git a/...A062-30DB-40AC-A15E-E0B12B9F2928}/GPT.INI → ...A062-30DB-40AC-A15E-E0B12B9F2928}/GPT.INI b/...A062-30DB-40AC-A15E-E0B12B9F2928}/GPT.INI → ...A062-30DB-40AC-A15E-E0B12B9F2928}/GPT.INI
diff --git a/...786C-016F-11D2-945F-00C04fB984F9}/GPT.INI → ...786C-016F-11D2-945F-00C04fB984F9}/GPT.INI b/...786C-016F-11D2-945F-00C04fB984F9}/GPT.INI → ...786C-016F-11D2-945F-00C04fB984F9}/GPT.INI
diff --git a/.../Microsoft/Windows NT/SecEdit/GptTmpl.inf → .../Microsoft/Windows NT/SecEdit/GptTmpl.inf b/.../Microsoft/Windows NT/SecEdit/GptTmpl.inf → .../Microsoft/Windows NT/SecEdit/GptTmpl.inf
diff --git a/...erences/ScheduledTasks/ScheduledTasks.xml → ...erences/ScheduledTasks/ScheduledTasks.xml b/...erences/ScheduledTasks/ScheduledTasks.xml → ...erences/ScheduledTasks/ScheduledTasks.xml
diff --git a/tests/data/PcaAppLaunchDic.txt → ...ns/os/windows/amcache/PcaAppLaunchDic.txt b/tests/data/PcaAppLaunchDic.txt → ...ns/os/windows/amcache/PcaAppLaunchDic.txt
diff --git a/tests/data/amcache-new.hve → ...lugins/os/windows/amcache/amcache-new.hve b/tests/data/amcache-new.hve → ...lugins/os/windows/amcache/amcache-new.hve
diff --git a/tests/data/amcache-old.hve → ...lugins/os/windows/amcache/amcache-old.hve b/tests/data/amcache-old.hve → ...lugins/os/windows/amcache/amcache-old.hve
diff --git a/..._594e4eb0-cb0e-4787-99de-3126f8d9e299.txt → ..._594e4eb0-cb0e-4787-99de-3126f8d9e299.txt b/..._594e4eb0-cb0e-4787-99de-3126f8d9e299.txt → ..._594e4eb0-cb0e-4787-99de-3126f8d9e299.txt
diff --git a/...39e70-18c4-11ea-a811-000d3aa4692b}.TM.blf → ...39e70-18c4-11ea-a811-000d3aa4692b}.TM.blf b/...39e70-18c4-11ea-a811-000d3aa4692b}.TM.blf → ...39e70-18c4-11ea-a811-000d3aa4692b}.TM.blf
diff --git a/...Container00000000000000000001.regtrans-ms → ...Container00000000000000000001.regtrans-ms b/...Container00000000000000000001.regtrans-ms → ...Container00000000000000000001.regtrans-ms
diff --git a/tests/data/defender-operational.evtx → ...gins/os/windows/defender/operational.evtx b/tests/data/defender-operational.evtx → ...gins/os/windows/defender/operational.evtx
diff --git a/...es/{800362A7-0000-0000-FB11-12639186E0D6} → ...es/{800362A7-0000-0000-FB11-12639186E0D6} b/...es/{800362A7-0000-0000-FB11-12639186E0D6} → ...es/{800362A7-0000-0000-FB11-12639186E0D6}
diff --git a/.../A6C8322B8A19AEED96EFBD045206966DA4C9619D → .../A6C8322B8A19AEED96EFBD045206966DA4C9619D b/.../A6C8322B8A19AEED96EFBD045206966DA4C9619D → .../A6C8322B8A19AEED96EFBD045206966DA4C9619D
diff --git a/.../A6C8322B8A19AEED96EFBD045206966DA4C9619D → .../A6C8322B8A19AEED96EFBD045206966DA4C9619D b/.../A6C8322B8A19AEED96EFBD045206966DA4C9619D → .../A6C8322B8A19AEED96EFBD045206966DA4C9619D
diff --git a/...keys/d8ef5e00-328a-4919-9ab6-c058f493a6e3 → ...keys/d8ef5e00-328a-4919-9ab6-c058f493a6e3 b/...keys/d8ef5e00-328a-4919-9ab6-c058f493a6e3 → ...keys/d8ef5e00-328a-4919-9ab6-c058f493a6e3
diff --git a/.../plugins/os/windows/dpapi/test_data.dpapi → .../plugins/os/windows/dpapi/test_data.dpapi b/.../plugins/os/windows/dpapi/test_data.dpapi → .../plugins/os/windows/dpapi/test_data.dpapi
diff --git a/.../data/plugins/os/windows/lnk/pestudio.lnk → ..._data/plugins/os/windows/lnk/pestudio.lnk b/.../data/plugins/os/windows/lnk/pestudio.lnk → ..._data/plugins/os/windows/lnk/pestudio.lnk
diff --git a/tests/data/TestLog.evt → ...ta/plugins/os/windows/log/evt/TestLog.evt b/tests/data/TestLog.evt → ...ta/plugins/os/windows/log/evt/TestLog.evt
diff --git a/tests/data/TestLogX.evtx → ...plugins/os/windows/log/evtx/TestLogX.evtx b/tests/data/TestLogX.evtx → ...plugins/os/windows/log/evtx/TestLogX.evtx
diff --git a/.../os/windows/notifications/appdb.dat.v3.gz → .../os/windows/notifications/appdb.dat.v3.gz b/.../os/windows/notifications/appdb.dat.v3.gz → .../os/windows/notifications/appdb.dat.v3.gz
diff --git a/...s/os/windows/notifications/wpndatabase.db → ...s/os/windows/notifications/wpndatabase.db b/...s/os/windows/notifications/wpndatabase.db → ...s/os/windows/notifications/wpndatabase.db
diff --git a/...indows/powershell/ConsoleHost_history.txt → ...indows/powershell/ConsoleHost_history.txt b/...indows/powershell/ConsoleHost_history.txt → ...indows/powershell/ConsoleHost_history.txt
diff --git a/tests/data/SRUDB.dat → tests/_data/plugins/os/windows/sru/SRUDB.dat b/tests/data/SRUDB.dat → tests/_data/plugins/os/windows/sru/SRUDB.dat
diff --git a/tests/data/Syscache.hve → .../plugins/os/windows/syscache/Syscache.hve b/tests/data/Syscache.hve → .../plugins/os/windows/syscache/Syscache.hve
diff --git a/.../data/plugins/os/windows/tasks/AtTask.job → ..._data/plugins/os/windows/tasks/AtTask.job b/.../data/plugins/os/windows/tasks/AtTask.job → ..._data/plugins/os/windows/tasks/AtTask.job
diff --git a/...ta/plugins/os/windows/tasks/MapsToastTask → ...ta/plugins/os/windows/tasks/MapsToastTask b/...ta/plugins/os/windows/tasks/MapsToastTask → ...ta/plugins/os/windows/tasks/MapsToastTask
diff --git a/tests/data/ual/Current.mdb → .../_data/plugins/os/windows/ual/Current.mdb b/tests/data/ual/Current.mdb → .../_data/plugins/os/windows/ual/Current.mdb
diff --git a/tests/data/ual/SystemIdentity.mdb → ...plugins/os/windows/ual/SystemIdentity.mdb b/tests/data/ual/SystemIdentity.mdb → ...plugins/os/windows/ual/SystemIdentity.mdb
diff --git a/.../wer/wer_test.tmp.WERInternalMetadata.xml → .../wer/wer_test.tmp.WERInternalMetadata.xml b/.../wer/wer_test.tmp.WERInternalMetadata.xml → .../wer/wer_test.tmp.WERInternalMetadata.xml
diff --git a/tests/data/wer/wer_test.wer → ..._data/plugins/os/windows/wer/wer_test.wer b/tests/data/wer/wer_test.wer → ..._data/plugins/os/windows/wer/wer_test.wer
diff --git a/tests/data/wer/windows7/wer_test_no_bom.wer → .../windows/wer/windows7/wer_test_no_bom.wer b/tests/data/wer/windows7/wer_test_no_bom.wer → .../windows/wer/windows7/wer_test_no_bom.wer
diff --git a/tests/data/plugin_register/container.py → tests/_data/registration/container.py b/tests/data/plugin_register/container.py → tests/_data/registration/container.py
diff --git a/tests/data/plugin_register/filesystem.py → tests/_data/registration/filesystem.py b/tests/data/plugin_register/filesystem.py → tests/_data/registration/filesystem.py
diff --git a/tests/data/plugin_register/loader.py → tests/_data/registration/loader.py b/tests/data/plugin_register/loader.py → tests/_data/registration/loader.py
diff --git a/tests/data/plugin_register/plugin.py → tests/_data/registration/plugin.py b/tests/data/plugin_register/plugin.py → tests/_data/registration/plugin.py
diff --git a/tests/data/enc-volume.bin → tests/_data/volumes/bde/enc-volume.bin b/tests/data/enc-volume.bin → tests/_data/volumes/bde/enc-volume.bin
diff --git a/tests/data/volumes/md-nested.bin.gz → tests/_data/volumes/md/md-nested.bin.gz b/tests/data/volumes/md-nested.bin.gz → tests/_data/volumes/md/md-nested.bin.gz
diff --git a/tests/docs/Makefile → tests/_docs/Makefile b/tests/docs/Makefile → tests/_docs/Makefile
diff --git a/tests/docs/conf.py → tests/_docs/conf.py b/tests/docs/conf.py → tests/_docs/conf.py
diff --git a/tests/docs/index.rst → tests/_docs/index.rst b/tests/docs/index.rst → tests/_docs/index.rst
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -19,12 +19,11 @@
 from dissect.target.plugins.os.windows import registry
 from dissect.target.plugins.os.windows._os import WindowsPlugin
 from dissect.target.target import Target
-
-from ._utils import absolute_path
+from tests._utils import absolute_path
 
 # Test if the data/ directory is present and if not, as is the case in Python
 # source distributions of dissect.target, we give an error
-data_dir = absolute_path("data")
+data_dir = absolute_path("_data")
 if not pathlib.Path(data_dir).is_dir():
     raise pytest.PytestConfigWarning(
         f"No test data directory {data_dir} found.\n"
@@ -137,7 +136,7 @@ def fs_linux_proc_sockets(fs_linux_proc: VirtualFilesystem) -> VirtualFilesystem
     fs = fs_linux_proc
 
     for filename in ("unix", "packet", "raw6", "raw", "udp6", "udp", "tcp6", "tcp"):
-        fs.map_file(f"/proc/net/{filename}", absolute_path(f"data/unix/linux/proc/net/{filename}"))
+        fs.map_file(f"/proc/net/{filename}", absolute_path(f"_data/plugins/os/unix/linux/proc/net/{filename}"))
 
     yield fs
 
@@ -153,14 +152,14 @@ def fs_osx():
 @pytest.fixture
 def fs_bsd():
     fs = VirtualFilesystem()
-    fs.map_file("/bin/freebsd-version", absolute_path("data/plugins/os/unix/bsd/freebsd/freebsd-freebsd-version"))
+    fs.map_file("/bin/freebsd-version", absolute_path("_data/plugins/os/unix/bsd/freebsd/freebsd-freebsd-version"))
     yield fs
 
 
 @pytest.fixture
 def fs_android() -> VirtualFilesystem:
     fs = VirtualFilesystem()
-    fs.map_file("/build.prop", absolute_path("data/plugins/os/unix/linux/android/build.prop"))
+    fs.map_file("/build.prop", absolute_path("_data/plugins/os/unix/linux/android/build.prop"))
     yield fs
 
 
@@ -250,10 +249,10 @@ def target_osx(fs_osx):
     mock_target.fs.mount("/", fs_osx)
     mock_target.apply()
 
-    version = absolute_path("data/plugins/os/unix/bsd/osx/os/SystemVersion.plist")
+    version = absolute_path("_data/plugins/os/unix/bsd/osx/_os/SystemVersion.plist")
     fs_osx.map_file("/System/Library/CoreServices/SystemVersion.plist", version)
 
-    system = absolute_path("data/plugins/os/unix/bsd/osx/os/preferences.plist")
+    system = absolute_path("_data/plugins/os/unix/bsd/osx/_os/preferences.plist")
     fs_osx.map_file("/Library/Preferences/SystemConfiguration/preferences.plist", system)
 
     yield mock_target
@@ -271,7 +270,7 @@ def target_citrix(fs_bsd):
     mock_target.filesystems.add(var_filesystem)
 
     flash_filesystem = VirtualFilesystem()
-    flash_filesystem.map_dir("/", absolute_path("data/plugins/os/unix/bsd/citrix/flash"))
+    flash_filesystem.map_dir("/", absolute_path("_data/plugins/os/unix/bsd/citrix/_os/flash"))
     mock_target.filesystems.add(flash_filesystem)
 
     mock_target.apply()
@@ -390,10 +389,10 @@ def target_linux_users(target_linux: Target, fs_linux: VirtualFilesystem) -> Tar
 
 @pytest.fixture
 def target_osx_users(target_osx, fs_osx):
-    dissect = absolute_path("data/plugins/os/unix/bsd/osx/os/dissect.plist")
+    dissect = absolute_path("_data/plugins/os/unix/bsd/osx/_os/dissect.plist")
     fs_osx.map_file("/var/db/dslocal/nodes/Default/users/_dissect.plist", dissect)
 
-    test = absolute_path("data/plugins/os/unix/bsd/osx/os/test.plist")
+    test = absolute_path("_data/plugins/os/unix/bsd/osx/_os/test.plist")
     fs_osx.map_file("/var/db/dslocal/nodes/Default/users/_test.plist", test)
 
     yield target_osx

diff --git a/tests/data/unix/logs/empty.log → tests/containers/__init__.py b/tests/data/unix/logs/empty.log → tests/containers/__init__.py
diff --git a/tests/test_containers_split.py → tests/containers/test_split.py b/tests/test_containers_split.py → tests/containers/test_split.py
diff --git a/tests/data/places.sqlite b/tests/data/places.sqlite
diff --git a/tests/filesystems/__init__.py b/tests/filesystems/__init__.py
diff --git a/tests/test_filesystems_cb.py → tests/filesystems/test_cb.py b/tests/test_filesystems_cb.py → tests/filesystems/test_cb.py
diff --git a/tests/test_filesystems_config.py → tests/filesystems/test_config.py b/tests/test_filesystems_config.py → tests/filesystems/test_config.py
@@ -12,15 +12,14 @@
     ConfigurationFilesystem,
 )
 from dissect.target.helpers.configutil import parse_config
-
-from ._utils import absolute_path
+from tests._utils import absolute_path
 
 
 @pytest.fixture
 def etc_directory(tmp_path: Path, fs_unix: VirtualFilesystem) -> VirtualFilesystem:
     tmp_path.joinpath("new/path").mkdir(parents=True, exist_ok=True)
     tmp_path.joinpath("new/config").mkdir(parents=True, exist_ok=True)
-    tmp_path.joinpath("new/path/config").write_text(Path(absolute_path("data/helpers/configparser/config")).read_text())
+    tmp_path.joinpath("new/path/config").write_text(Path(absolute_path("_data/helpers/configutil/config")).read_text())
     fs_unix.map_dir("/etc", tmp_path)
 
     return fs_unix
@@ -38,27 +37,27 @@ def mapped_file(test_file: str, fs_unix: VirtualFilesystem) -> VirtualFilesystem
     "test_file, expected_output",
     [
         (
-            "data/helpers/configparser/hosts",
+            "_data/helpers/configutil/hosts",
             {
                 "127.0.0.1": "localhost",
                 "::1": "localhost",
                 "127.0.1.1": "pop-os.localdomain pop-os",
             },
         ),
         (
-            "data/helpers/configparser/hosts.allow",
+            "_data/helpers/configutil/hosts.allow",
             {"ALL": ["LOCAL @some_netgroup", ".foobar.edu EXCEPT terminalserver.foobar.edu"]},
         ),
         (
-            "data/helpers/configparser/hosts.deny",
+            "_data/helpers/configutil/hosts.deny",
             {"ALL": "PARANOID", "ALL EXCEPT in.fingerd": "other.host.name, .other.domain"},
         ),
         (
-            "data/helpers/configparser/resolv.conf",
+            "_data/helpers/configutil/resolv.conf",
             {"nameserver": "127.0.0.53", "options": "edns0", "search": "local"},
         ),
         (
-            "data/helpers/configparser/sshd_config",
+            "_data/helpers/configutil/sshd_config",
             {
                 "HostKey": [f"__PROGRAMDATA__/ssh/ssh_host_{key}_key" for key in ["rsa", "dsa", "ecdsa", "ed25519"]],
                 "AuthorizedKeysFile": ".ssh/authorized_keys",

diff --git a/tests/test_filesystems_dir.py → tests/filesystems/test_dir.py b/tests/test_filesystems_dir.py → tests/filesystems/test_dir.py
diff --git a/tests/test_filesystems_exfat.py → tests/filesystems/test_exfat.py b/tests/test_filesystems_exfat.py → tests/filesystems/test_exfat.py
diff --git a/tests/test_filesystems_fat.py → tests/filesystems/test_fat.py b/tests/test_filesystems_fat.py → tests/filesystems/test_fat.py
diff --git a/tests/test_filesystems_ntfs.py → tests/filesystems/test_ntfs.py b/tests/test_filesystems_ntfs.py → tests/filesystems/test_ntfs.py
diff --git a/tests/test_filesystems_smb.py → tests/filesystems/test_smb.py b/tests/test_filesystems_smb.py → tests/filesystems/test_smb.py
diff --git a/tests/test_filesystems_tar.py → tests/filesystems/test_tar.py b/tests/test_filesystems_tar.py → tests/filesystems/test_tar.py
diff --git a/tests/test_filesystems_zip.py → tests/filesystems/test_zip.py b/tests/test_filesystems_zip.py → tests/filesystems/test_zip.py
diff --git a/tests/helpers/__init__.py b/tests/helpers/__init__.py
diff --git a/tests/test_helpers_cache.py → tests/helpers/test_cache.py b/tests/test_helpers_cache.py → tests/helpers/test_cache.py
diff --git a/tests/test_helpers_config.py → tests/helpers/test_config.py b/tests/test_helpers_config.py → tests/helpers/test_config.py
diff --git a/tests/test_helpers_configutil.py → tests/helpers/test_configutil.py b/tests/test_helpers_configutil.py → tests/helpers/test_configutil.py
diff --git a/tests/test_helpers_docs.py → tests/helpers/test_docs.py b/tests/test_helpers_docs.py → tests/helpers/test_docs.py
@@ -1,5 +1,5 @@
 from dissect.target.helpers import docs
-from dissect.target.plugins.apps.webservers.iis import IISLogsPlugin
+from dissect.target.plugins.apps.webserver.iis import IISLogsPlugin
 
 
 def get_nonempty_lines_set(paragraph):

diff --git a/tests/test_helpers_fsutil.py → tests/helpers/test_fsutil.py b/tests/test_helpers_fsutil.py → tests/helpers/test_fsutil.py
@@ -3,12 +3,14 @@
 import io
 import os
 import platform
+import tempfile
 from contextlib import contextmanager
 from unittest.mock import Mock, patch
 
 import pytest
 
-from dissect.target.filesystem import VirtualFilesystem
+from dissect.target.filesystem import VirtualFile, VirtualFilesystem
+from dissect.target.filesystems.dir import DirectoryFilesystem
 from dissect.target.helpers import fsutil
 
 
@@ -369,3 +371,52 @@ def no_listxattr():
 def test_fs_attrs_no_os_listxattr():
     with no_listxattr():
         assert fsutil.fs_attrs("/some/path") == {}
+
+
+def test_target_path_checks_dirfs(tmp_path, target_win):
+    with tempfile.NamedTemporaryFile(dir=tmp_path) as tf:
+        tf.write(b"dummy")
+        tf.flush()
+        tmpfile_name = os.path.basename(tf.name)
+
+        fs = DirectoryFilesystem(path=tmp_path)
+        target_win.filesystems.add(fs)
+        target_win.fs.mount("Z:\\", fs)
+        assert target_win.fs.path(f"Z:\\{tmpfile_name}").is_file()
+        assert not target_win.fs.path(f"Z:\\{tmpfile_name}\\some").exists()
+        assert not target_win.fs.path(f"Z:\\{tmpfile_name}\\some").is_file()
+
+
+def test_target_path_checks_mapped_dir(tmp_path, target_win):
+    with tempfile.NamedTemporaryFile(dir=tmp_path) as tf:
+        tf.write(b"dummy")
+        tf.flush()
+        tmpfile_name = os.path.basename(tf.name)
+
+        target_win.filesystems.entries[0].map_dir("test-dir", tmp_path)
+        assert target_win.fs.path("C:\\test-dir\\").is_dir()
+        assert not target_win.fs.path("C:\\test-dir\\").is_file()
+
+        assert target_win.fs.path(f"C:\\test-dir\\{tmpfile_name}").is_file()
+        assert not target_win.fs.path(f"C:\\test-dir\\{tmpfile_name}\\some").is_file()
+
+
+def test_target_path_checks_virtual():
+    vfs = VirtualFilesystem()
+    vfs.map_file_entry("file", VirtualFile(vfs, "file", None))
+    assert not vfs.path("file/test").exists()
+
+
+def test_target_path_backslash_normalisation(target_win, fs_win, tmp_path):
+    with tempfile.NamedTemporaryFile(dir=tmp_path) as tf:
+        tf.write(b"dummy")
+        tf.flush()
+
+        fs_win.map_dir("windows/system32/", tmp_path)
+        fs_win.map_file("windows/system32/somefile.txt", tf.name)
+
+        results = list(target_win.fs.path("/").glob("C:\\windows\\system32\\some*.txt"))
+        assert len(results) == 1
+
+        results = list(target_win.fs.path("/").glob("sysvol/windows/system32/some*.txt"))
+        assert len(results) == 1
diff --git a/tests/test_helpers_hashutil.py → tests/helpers/test_hashutil.py b/tests/test_helpers_hashutil.py → tests/helpers/test_hashutil.py
diff --git a/tests/test_helpers_keychain.py → tests/helpers/test_keychain.py b/tests/test_helpers_keychain.py → tests/helpers/test_keychain.py
@@ -3,8 +3,7 @@
 import pytest
 
 from dissect.target.helpers import keychain
-
-from ._utils import absolute_path
+from tests._utils import absolute_path
 
 
 @pytest.fixture
@@ -15,7 +14,7 @@ def guarded_keychain():
 
 
 def test_keychain_register_keychain_file(guarded_keychain):
-    keychain_file = Path(absolute_path("data/keychain.csv"))
+    keychain_file = Path(absolute_path("_data/helpers/keychain/keychain.csv"))
 
     keychain.register_keychain_file(keychain_file)
 

diff --git a/tests/test_helpers_loaderutil.py → tests/helpers/test_loaderutil.py b/tests/test_helpers_loaderutil.py → tests/helpers/test_loaderutil.py
diff --git a/tests/test_helpers_localeutil.py → tests/helpers/test_localeutil.py b/tests/test_helpers_localeutil.py → tests/helpers/test_localeutil.py
diff --git a/tests/test_record.py → tests/helpers/test_record.py b/tests/test_record.py → tests/helpers/test_record.py
diff --git a/tests/test_helpers_regutil.py → tests/helpers/test_regutil.py b/tests/test_helpers_regutil.py → tests/helpers/test_regutil.py
@@ -16,14 +16,13 @@
     glob_split,
     has_glob_magic,
 )
-
-from ._utils import absolute_path
+from tests._utils import absolute_path
 
 
 def test_regflex() -> None:
     regflex = RegFlex()
 
-    with open(absolute_path("data/regflex.reg"), "rt") as fh:
+    with open(absolute_path("_data/helpers/regutil/regflex.reg"), "rt") as fh:
         regflex.map_definition(fh)
 
     assert "HKEY_CURRENT_USER" in regflex.hives

diff --git a/tests/test_helpers_utils.py → tests/helpers/test_utils.py b/tests/test_helpers_utils.py → tests/helpers/test_utils.py
diff --git a/tests/loaders/__init__.py b/tests/loaders/__init__.py
diff --git a/tests/test_loaders_asdf.py → tests/loaders/test_asdf.py b/tests/test_loaders_asdf.py → tests/loaders/test_asdf.py
@@ -2,12 +2,11 @@
 
 from dissect.target import Target
 from dissect.target.loaders.asdf import AsdfLoader
-
-from ._utils import absolute_path
+from tests._utils import absolute_path
 
 
 def test_asdf_loader_metadata(target_bare: Target):
-    asdf_path = Path(absolute_path("data/loaders/asdf/metadata.asdf"))
+    asdf_path = Path(absolute_path("_data/loaders/asdf/metadata.asdf"))
 
     loader = AsdfLoader(asdf_path)
     loader.map(target_bare)