add tests and implement review feedback

JSCU-CNI · JSCU-CNI · commit 6c619b1681a7 · 2025-01-20T12:35:02.000+01:00
diff --git a/dissect/target/plugins/os/unix/shadow.py b/dissect/target/plugins/os/unix/shadow.py
@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 from datetime import datetime, timedelta, timezone
 from typing import Iterator
 
@@ -67,10 +69,38 @@ def passwords(self) -> Iterator[UnixShadowRecord]:
                     seen_hashes.add(current_hash)
 
                     # improve readability
-                    last_change = shent.get(2)
-                    min_age = shent.get(3)
-                    max_age = shent.get(4)
-                    expiration_date = shent.get(7)
+                    last_change = None
+                    min_age = None
+                    max_age = None
+                    expiration_date = None
+
+                    try:
+                        last_change = int(shent.get(2)) if shent.get(2) else None
+                    except ValueError as e:
+                        self.target.log.warning(
+                            "Unable to parse last_change shadow value in %s: %s ('%s')", shadow_file, e, shent.get(2)
+                        )
+
+                    try:
+                        min_age = int(shent.get(3)) if shent.get(3) else None
+                    except ValueError as e:
+                        self.target.log.warning(
+                            "Unable to parse last_change shadow value in %s: %s ('%s')", shadow_file, e, shent.get(3)
+                        )
+
+                    try:
+                        max_age = int(shent.get(4)) if shent.get(4) else None
+                    except ValueError as e:
+                        self.target.log.warning(
+                            "Unable to parse last_change shadow value in %s: %s ('%s')", shadow_file, e, shent.get(4)
+                        )
+
+                    try:
+                        expiration_date = int(shent.get(7)) if shent.get(7) else None
+                    except ValueError as e:
+                        self.target.log.warning(
+                            "Unable to parse last_change shadow value in %s: %s ('%s')", shadow_file, e, shent.get(7)
+                        )
 
                     yield UnixShadowRecord(
                         name=shent.get(0),
@@ -79,16 +109,12 @@ def passwords(self) -> Iterator[UnixShadowRecord]:
                         crypt_param=crypt.get("param"),
                         salt=crypt.get("salt"),
                         hash=crypt.get("hash"),
-                        last_change=epoch_days_to_datetime(int(last_change)) if last_change else None,
-                        min_age=epoch_days_to_datetime(int(last_change) + int(min_age))
-                        if last_change and isinstance(min_age, int) and min_age > 0
-                        else None,
-                        max_age=epoch_days_to_datetime(int(last_change) + int(max_age))
-                        if last_change and max_age
-                        else None,
+                        last_change=epoch_days_to_datetime(last_change) if last_change else None,
+                        min_age=epoch_days_to_datetime(last_change + min_age) if last_change and min_age else None,
+                        max_age=epoch_days_to_datetime(last_change + max_age) if last_change and max_age else None,
                         warning_period=shent.get(5) if shent.get(5) else None,
                         inactivity_period=shent.get(6) if shent.get(6) else None,
-                        expiration_date=epoch_days_to_datetime(int(expiration_date)) if expiration_date else None,
+                        expiration_date=epoch_days_to_datetime(expiration_date) if expiration_date else None,
                         unused_field=shent.get(8),
                         _target=self.target,
                     )
diff --git a/tests/plugins/os/unix/test_shadow.py b/tests/plugins/os/unix/test_shadow.py
@@ -1,6 +1,9 @@
 from datetime import datetime, timezone
 from io import BytesIO
 from pathlib import Path
+from textwrap import dedent
+
+import pytest
 
 from dissect.target.filesystem import VirtualFilesystem
 from dissect.target.plugins.os.unix.shadow import ShadowPlugin
@@ -50,3 +53,66 @@ def test_unix_shadow_backup_file(target_unix_users: Target, fs_unix: VirtualFile
     assert results[0].name == "test"
     assert results[1].name == "other-user"
     assert results[0].hash == results[1].hash
+
+
+def test_unix_shadow_invalid_shent(
+    caplog: pytest.LogCaptureFixture, target_unix_users: Target, fs_unix: VirtualFilesystem
+) -> None:
+    """test if we can parse invalid day values in shents."""
+
+    shadow_invalid = """
+    no_last_change:$6$salt$hash1::0:99999:7::123456:
+    no_max_age:$6$salt$hash2:18963:0::7:::
+    only_last_change:$6$salt$hash3:18963::::::
+    no_int_fields:$6$salt$hash4:string::::::
+    daemon:*:18474:0:99999:7:::
+    bin:*:18474:0:99999:7:::
+    nobody:*:18474:0:99999:7:::
+    regular:$6$salt$hash5:1337:0:99999:7::123456:
+    """
+    fs_unix.map_file_fh("/etc/shadow", BytesIO(dedent(shadow_invalid).encode()))
+
+    results = list(target_unix_users.passwords())
+    assert len(results) == 5
+
+    assert [r.name for r in results] == [
+        "no_last_change",
+        "no_max_age",
+        "only_last_change",
+        "no_int_fields",
+        "regular",
+    ]
+
+    assert results[0].name == "no_last_change"
+    assert results[0].last_change is None
+    assert results[0].min_age is None
+    assert results[0].max_age is None
+    assert results[0].warning_period == 7
+    assert results[0].inactivity_period is None
+    assert results[0].expiration_date == datetime(2308, 1, 6, tzinfo=timezone.utc)
+
+    assert results[1].name == "no_max_age"
+    assert results[1].last_change == datetime(2021, 12, 2, tzinfo=timezone.utc)
+    assert results[1].max_age is None
+
+    assert results[2].name == "only_last_change"
+    assert results[2].last_change == datetime(2021, 12, 2, tzinfo=timezone.utc)
+
+    assert results[3].name == "no_int_fields"
+    assert results[3].last_change is None
+    assert (
+        "Unable to parse last_change shadow value in /etc/shadow: invalid literal for int() with base 10: 'string' ('string')"
+        in caplog.text
+    )
+
+    # make sure we parsed the last entry even though the other entries are 'broken'
+    assert results[-1].name == "regular"
+    assert results[-1].salt == "salt"
+    assert results[-1].hash == "hash5"
+    assert results[-1].algorithm == "sha512"
+    assert results[-1].last_change == datetime(1973, 8, 30, tzinfo=timezone.utc)
+    assert results[-1].min_age is None
+    assert results[-1].max_age == datetime(2247, 6, 14, tzinfo=timezone.utc)
+    assert results[-1].warning_period == 7
+    assert results[-1].inactivity_period is None
+    assert results[-1].expiration_date == datetime(2308, 1, 6, tzinfo=timezone.utc)
