fox-it · Matthijsy · Nov 5, 2024 · Nov 18, 2024 · Jan 3, 2025 · Jan 3, 2025
diff --git a/dissect/target/loaders/acquire.py b/dissect/target/loaders/acquire.py
@@ -13,6 +13,7 @@
 log = logging.getLogger(__name__)
 
 FILESYSTEMS_ROOT = "fs"
+FILESYSTEMS_LEGACY_ROOT = "sysvol"
 
 
 def _get_root(path: Path):
@@ -41,10 +42,15 @@ def detect(path: Path) -> bool:
         if not root:
             return False
 
-        return root.joinpath(FILESYSTEMS_ROOT).exists()
+        return root.joinpath(FILESYSTEMS_ROOT).exists() or root.joinpath(FILESYSTEMS_LEGACY_ROOT).exists()
 
     def map(self, target: Target) -> None:
+        # Handle both root dir 'fs' and 'sysvol' (legacy)
+        fs_root = self.root
+        if fs_root.joinpath(FILESYSTEMS_ROOT).exists():
+            fs_root = fs_root.joinpath(FILESYSTEMS_ROOT)
+
         find_and_map_dirs(
             target,
-            self.root.joinpath(FILESYSTEMS_ROOT)
+            fs_root
         )
diff --git a/dissect/target/loaders/dir.py b/dissect/target/loaders/dir.py
@@ -135,7 +135,10 @@ def find_dirs(path: Path) -> tuple[str, list[Path]]:
         for p in path.iterdir():
             # Look for directories like C or C:
             if p.is_dir() and (is_drive_letter_path(p) or p.name in ("sysvol", "$rootfs$")):
-                dirs.append(p)
+                if p.name == "sysvol":
+                    dirs.append(('c', p))
+                else:
+                    dirs.append(p)
 
                 if not os_type:
                     os_type = os_type_from_path(p)

diff --git a/...ata/loaders/tar/test-anon-filesystems.tar → ...loaders/acquire/test-anon-filesystems.tar b/...ata/loaders/tar/test-anon-filesystems.tar → ...loaders/acquire/test-anon-filesystems.tar
diff --git a/...oaders/tar/test-windows-fs-c-absolute.tar → ...rs/acquire/test-windows-fs-c-absolute.tar b/...oaders/tar/test-windows-fs-c-absolute.tar → ...rs/acquire/test-windows-fs-c-absolute.tar
diff --git a/...oaders/tar/test-windows-fs-c-relative.tar → ...rs/acquire/test-windows-fs-c-relative.tar b/...oaders/tar/test-windows-fs-c-relative.tar → ...rs/acquire/test-windows-fs-c-relative.tar
diff --git a/...s/_data/loaders/tar/test-windows-fs-x.tar → ...ata/loaders/acquire/test-windows-fs-x.tar b/...s/_data/loaders/tar/test-windows-fs-x.tar → ...ata/loaders/acquire/test-windows-fs-x.tar
diff --git a/...ders/tar/test-windows-sysvol-absolute.tar → .../acquire/test-windows-sysvol-absolute.tar b/...ders/tar/test-windows-sysvol-absolute.tar → .../acquire/test-windows-sysvol-absolute.tar
diff --git a/...ders/tar/test-windows-sysvol-relative.tar → .../acquire/test-windows-sysvol-relative.tar b/...ders/tar/test-windows-sysvol-relative.tar → .../acquire/test-windows-sysvol-relative.tar
diff --git a/...ata/loaders/tar/uppercase_driveletter.tar → ...loaders/acquire/uppercase_driveletter.tar b/...ata/loaders/tar/uppercase_driveletter.tar → ...loaders/acquire/uppercase_driveletter.tar
diff --git a/tests/loaders/test_acquire.py b/tests/loaders/test_acquire.py
@@ -0,0 +1,70 @@
+from pathlib import Path
+
+import pytest
+
+from dissect.target import Target
+from dissect.target.loaders.acquire import AcquireLoader
+from dissect.target.loaders.tar import TarLoader
+from dissect.target.plugins.os.windows._os import WindowsPlugin
+from tests._utils import absolute_path
+
+
+
+# def test_tar_sensitive_drive_letter(target_bare: Target) -> None:
+#     # TODO: determine if we need this test
+#     tar_file = absolute_path("_data/loaders/acquire/uppercase_driveletter.tar")
+#
+#     loader = AcquireLoader(Path(tar_file))
+#     loader.map(target_bare)
+#
+#     # mounts = / and c:
+#     assert sorted(target_bare.fs.mounts.keys()) == ["/", "c:"]
+#     assert "C:" not in target_bare.fs.mounts.keys()
+#
+#     # Initialize our own WindowsPlugin to override the detection
+#     target_bare._os_plugin = WindowsPlugin.create(target_bare, target_bare.fs.mounts["c:"])
+#     target_bare._init_os()
+#
+#     # sysvol is now added
+#     assert sorted(target_bare.fs.mounts.keys()) == ["/", "c:", "sysvol"]
+#
+#     # WindowsPlugin sets the case sensitivity to False
+#     assert target_bare.fs.get("C:/test.file").open().read() == b"hello_world"
+#     assert target_bare.fs.get("c:/test.file").open().read() == b"hello_world"
+
+
+@pytest.mark.parametrize(
+    "archive, expected_drive_letter",
+    [
+        ("_data/loaders/acquire/test-windows-sysvol-absolute.tar", "c:"),  # C: due to backwards compatibility
+        ("_data/loaders/acquire/test-windows-sysvol-relative.tar", "c:"),  # C: due to backwards compatibility
+        ("_data/loaders/acquire/test-windows-fs-c-relative.tar", "c:"),
+        ("_data/loaders/acquire/test-windows-fs-c-absolute.tar", "c:"),
+        ("_data/loaders/acquire/test-windows-fs-x.tar", "x:"),
+        ("_data/loaders/acquire/test-windows-fs-c.zip", "c:"),
+    ],
+)
+def test_tar_loader_windows_sysvol_formats(target_default: Target, archive: str, expected_drive_letter: str) -> None:
+    loader = AcquireLoader(Path(absolute_path(archive)))
+    loader.map(target_default)
+
+    assert WindowsPlugin.detect(target_default)
+    # NOTE: for the sysvol archives, this also tests the backwards compatibility
+    assert sorted(target_default.fs.mounts.keys()) == [expected_drive_letter]
+    assert target_default.fs.get(f"{expected_drive_letter}/Windows/System32/foo.txt")
+
+
+# TODO check this one
+# def test_tar_anonymous_filesystems(target_default: Target) -> None:
+#     tar_file = absolute_path("_data/loaders/tar/test-anon-filesystems.tar")
+#
+#     loader = AcquireLoader(Path(tar_file))
+#     loader.map(target_default)
+#
+#     # mounts = $fs$/fs0, $fs$/fs1 and /
+#     assert len(target_default.fs.mounts) == 3
+#     assert "$fs$/fs0" in target_default.fs.mounts.keys()
+#     assert "$fs$/fs1" in target_default.fs.mounts.keys()
+#     assert "/" in target_default.fs.mounts.keys()
+#     assert target_default.fs.get("$fs$/fs0/foo").open().read() == b"hello world\n"
+#     assert target_default.fs.get("$fs$/fs1/bar").open().read() == b"hello world\n"
diff --git a/tests/loaders/test_tar.py b/tests/loaders/test_tar.py
@@ -2,12 +2,18 @@
 
 from dissect.target import Target
 from dissect.target.loaders.tar import TarLoader
-from dissect.target.plugins.os.windows._os import WindowsPlugin
 from tests._utils import absolute_path
 
 
-def test_tar_loader_compressed_tar_file(target_win: Target) -> None:
-    archive_path = absolute_path("_data/loaders/tar/test-archive.tar.gz")
+@pytest.mark.parametrize(
+    "archive",
+    [
+        "_data/loaders/tar/test-archive.tar",
+        "_data/loaders/tar/test-archive.tar.gz",
+    ],
+)
+def test_tar_loader_compressed_tar_file(target_win: Target, archive) -> None:
+    archive_path = absolute_path(archive)
 
     loader = TarLoader(archive_path)
     loader.map(target_win)
@@ -20,28 +26,6 @@ def test_tar_loader_compressed_tar_file(target_win: Target) -> None:
     assert test_file.open().read() == b"test-value\n"
 
 
-def test_tar_sensitive_drive_letter(target_bare: Target) -> None:
-    tar_file = absolute_path("_data/loaders/tar/uppercase_driveletter.tar")
-
-    loader = TarLoader(tar_file)
-    loader.map(target_bare)
-
-    # mounts = / and c:
-    assert sorted(target_bare.fs.mounts.keys()) == ["/", "c:"]
-    assert "C:" not in target_bare.fs.mounts.keys()
-
-    # Initialize our own WindowsPlugin to override the detection
-    target_bare._os_plugin = WindowsPlugin.create(target_bare, target_bare.fs.mounts["c:"])
-    target_bare._init_os()
-
-    # sysvol is now added
-    assert sorted(target_bare.fs.mounts.keys()) == ["/", "c:", "sysvol"]
-
-    # WindowsPlugin sets the case sensitivity to False
-    assert target_bare.fs.get("C:/test.file").open().read() == b"hello_world"
-    assert target_bare.fs.get("c:/test.file").open().read() == b"hello_world"
-
-
 def test_tar_loader_compressed_tar_file_with_empty_dir(target_unix: Target) -> None:
     archive_path = absolute_path("_data/loaders/tar/test-archive-empty-folder.tgz")
     loader = TarLoader(archive_path)
@@ -55,37 +39,3 @@ def test_tar_loader_compressed_tar_file_with_empty_dir(target_unix: Target) -> N
     empty_folder = target_unix.fs.path("test/empty_dir")
     assert empty_folder.exists()
     assert empty_folder.is_dir()
-
-
-@pytest.mark.parametrize(
-    "archive, expected_drive_letter",
-    [
-        ("_data/loaders/tar/test-windows-sysvol-absolute.tar", "c:"),  # C: due to backwards compatibility
-        ("_data/loaders/tar/test-windows-sysvol-relative.tar", "c:"),  # C: due to backwards compatibility
-        ("_data/loaders/tar/test-windows-fs-c-relative.tar", "c:"),
-        ("_data/loaders/tar/test-windows-fs-c-absolute.tar", "c:"),
-        ("_data/loaders/tar/test-windows-fs-x.tar", "x:"),
-    ],
-)
-def test_tar_loader_windows_sysvol_formats(target_default: Target, archive: str, expected_drive_letter: str) -> None:
-    loader = TarLoader(absolute_path(archive))
-    loader.map(target_default)
-
-    assert WindowsPlugin.detect(target_default)
-    # NOTE: for the sysvol archives, this also tests the backwards compatibility
-    assert sorted(target_default.fs.mounts.keys()) == [expected_drive_letter]
-
-
-def test_tar_anonymous_filesystems(target_default: Target) -> None:
-    tar_file = absolute_path("_data/loaders/tar/test-anon-filesystems.tar")
-
-    loader = TarLoader(tar_file)
-    loader.map(target_default)
-
-    # mounts = $fs$/fs0, $fs$/fs1 and /
-    assert len(target_default.fs.mounts) == 3
-    assert "$fs$/fs0" in target_default.fs.mounts.keys()
-    assert "$fs$/fs1" in target_default.fs.mounts.keys()
-    assert "/" in target_default.fs.mounts.keys()
-    assert target_default.fs.get("$fs$/fs0/foo").open().read() == b"hello world\n"
-    assert target_default.fs.get("$fs$/fs1/bar").open().read() == b"hello world\n"