Merge branch 'develop' into 816-port-cmdscan-and-console-plugins-from-vol2-to-vol3-please

Author: Dave Lassalle

.github/workflows/build-pypi.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-20.04
     strategy:
       matrix:
-        python-version: ["3.7"]
+        python-version: ["3.8"]
     steps:
     - uses: actions/checkout@v4
     - name: Set up Python ${{ matrix.python-version }}

.github/workflows/install.yml

@@ -8,7 +8,7 @@ jobs:
       fail-fast: false
       matrix:
         host: [ ubuntu-latest, windows-latest ]
-        python-version: [ "3.7", "3.8", "3.9", "3.10", "3.11" ]
+        python-version: [ "3.8", "3.9", "3.10", "3.11" ]
     steps:
     - uses: actions/checkout@v4
 

.github/workflows/test.yaml

@@ -6,7 +6,7 @@ jobs:
     runs-on: ubuntu-20.04
     strategy:
       matrix:
-        python-version: ["3.7"]
+        python-version: ["3.8"]
     steps:
     - uses: actions/checkout@v4
     - name: Set up Python ${{ matrix.python-version }}
@@ -46,7 +46,7 @@ jobs:
 
     - name: Clean up post-test
       run: |
-        rm -rf *.lime
+        rm -rf *.bin
         rm -rf *.img
         cd volatility3/symbols
         rm -rf linux

README.md

@@ -20,7 +20,7 @@ more details.
 
 ## Requirements
 
-Volatility 3 requires Python 3.7.3 or later. To install the most minimal set of dependencies (some plugins will not work) use a command such as:
+Volatility 3 requires Python 3.8.0 or later. To install the most minimal set of dependencies (some plugins will not work) use a command such as:
 
 ```shell
 pip3 install -r requirements-minimal.txt

doc/requirements.txt

@@ -4,5 +4,6 @@ sphinx_autodoc_typehints>=1.4.0
 sphinx-rtd-theme>=0.4.3
 
 yara-python
+yara-x
 pycryptodome
 pefile

pyproject.toml

@@ -6,7 +6,7 @@ readme = "README.md"
 authors = [
     { name = "Volatility Foundation", email = "[email protected]" },
 ]
-requires-python = ">=3.7.3"
+requires-python = ">=3.8.0"
 license = { text = "VSL" }
 dynamic = ["dependencies", "optional-dependencies", "version"]
 

test/requirements-testing.txt

@@ -6,5 +6,6 @@ pefile>=2017.8.1 #foo
 
 # This is required for the yara plugins
 yara-python>=3.8.0
+yara-x>=0.5.0
 
 pytest>=7.0.0

volatility3/cli/text_renderer.py

@@ -179,7 +179,14 @@ def render(self, grid: interfaces.renderers.TreeGrid) -> None:
         outfd.write("\n{}\n".format("\t".join(line)))
 
         def visitor(node: interfaces.renderers.TreeNode, accumulator):
-            if self.filter and self.filter.filter(node.values):
+            line = []
+            for column_index, column in enumerate(grid.columns):
+                renderer = self._type_renderers.get(
+                    column.type, self._type_renderers["default"]
+                )
+                line.append(renderer(node.values[column_index]))
+
+            if self.filter and self.filter.filter(line):
                 return accumulator
 
             accumulator.write("\n")
@@ -188,13 +195,6 @@ def visitor(node: interfaces.renderers.TreeNode, accumulator):
                 "*" * max(0, node.path_depth - 1)
                 + ("" if (node.path_depth <= 1) else " ")
             )
-            line = []
-            for column_index in range(len(grid.columns)):
-                column = grid.columns[column_index]
-                renderer = self._type_renderers.get(
-                    column.type, self._type_renderers["default"]
-                )
-                line.append(renderer(node.values[column_index]))
             accumulator.write("{}".format("\t".join(line)))
             accumulator.flush()
             return accumulator
@@ -259,12 +259,17 @@ def render(self, grid: interfaces.renderers.TreeGrid) -> None:
         def visitor(node: interfaces.renderers.TreeNode, accumulator):
             # Nodes always have a path value, giving them a path_depth of at least 1, we use max just in case
             row = {"TreeDepth": str(max(0, node.path_depth - 1))}
-            for column_index in range(len(grid.columns)):
-                column = grid.columns[column_index]
+            line = []
+            for column_index, column in enumerate(grid.columns):
                 renderer = self._type_renderers.get(
                     column.type, self._type_renderers["default"]
                 )
                 row[f"{column.name}"] = renderer(node.values[column_index])
+                line.append(row[f"{column.name}"])
+
+            if self.filter and self.filter.filter(line):
+                return accumulator
+
             accumulator.writerow(row)
             return accumulator
 
@@ -317,12 +322,9 @@ def visitor(
                 max_column_widths.get(tree_indent_column, 0), node.path_depth
             )
 
-            if self.filter and self.filter.filter(node.values):
-                return accumulator
-
             line = {}
-            for column_index in range(len(grid.columns)):
-                column = grid.columns[column_index]
+            rendered_line = []
+            for column_index, column in enumerate(grid.columns):
                 renderer = self._type_renderers.get(
                     column.type, self._type_renderers["default"]
                 )
@@ -334,6 +336,11 @@ def visitor(
                     max_column_widths.get(column.name, len(column.name)), field_width
                 )
                 line[column] = data.split("\n")
+                rendered_line.append(data)
+
+            if self.filter and self.filter.filter(rendered_line):
+                return accumulator
+
             accumulator.append((node.path_depth, line))
             return accumulator
 
@@ -347,8 +354,7 @@ def visitor(
         format_string_list = [
             "{0:<" + str(max_column_widths.get(tree_indent_column, 0)) + "s}"
         ]
-        for column_index in range(len(grid.columns)):
-            column = grid.columns[column_index]
+        for column_index, column in enumerate(grid.columns):
             format_string_list.append(
                 "{"
                 + str(column_index + 1)
@@ -437,15 +443,20 @@ def visitor(
             # Nodes always have a path value, giving them a path_depth of at least 1, we use max just in case
             acc_map, final_tree = accumulator
             node_dict: Dict[str, Any] = {"__children": []}
-            for column_index in range(len(grid.columns)):
-                column = grid.columns[column_index]
+            line = []
+            for column_index, column in enumerate(grid.columns):
                 renderer = self._type_renderers.get(
                     column.type, self._type_renderers["default"]
                 )
                 data = renderer(list(node.values)[column_index])
                 if isinstance(data, interfaces.renderers.BaseAbsentValue):
                     data = None
                 node_dict[column.name] = data
+                line.append(data)
+
+            if self.filter and self.filter.filter(line):
+                return accumulator
+
             if node.parent:
                 acc_map[node.parent.path]["__children"].append(node_dict)
             else:

volatility3/framework/__init__.py

@@ -7,7 +7,7 @@
 import sys
 import zipfile
 
-required_python_version = (3, 7, 3)
+required_python_version = (3, 8, 0)
 if (
     sys.version_info.major != required_python_version[0]
     or sys.version_info.minor < required_python_version[1]

volatility3/framework/configuration/requirements.py

@@ -527,12 +527,14 @@ class VersionRequirement(interfaces.configuration.RequirementInterface):
     def __init__(
         self,
         name: str,
-        description: str = None,
+        description: Optional[str] = None,
         default: bool = False,
         optional: bool = False,
         component: Type[interfaces.configuration.VersionableInterface] = None,
         version: Optional[Tuple[int, ...]] = None,
     ) -> None:
+        if description is None:
+            description = f"Version {'.'.join([str(x) for x in version])} dependency on {component.__module__}.{component.__name__} unmet"
         super().__init__(
             name=name, description=description, default=default, optional=optional
         )
@@ -544,15 +546,51 @@ def __init__(
         self._version = version
 
     def unsatisfied(
-        self, context: interfaces.context.ContextInterface, config_path: str
+        self,
+        context: interfaces.context.ContextInterface,
+        config_path: str,
+        accumulator: Optional[
+            List[interfaces.configuration.VersionableInterface]
+        ] = None,
     ) -> Dict[str, interfaces.configuration.RequirementInterface]:
         # Mypy doesn't appreciate our classproperty implementation, self._plugin.version has no type
         config_path = interfaces.configuration.path_join(config_path, self.name)
         if not self.matches_required(self._version, self._component.version):
             return {config_path: self}
+
+        recurse = True
+        if accumulator is None:
+            accumulator = set([self._component])
+        else:
+            if self._component in accumulator:
+                recurse = False
+            else:
+                accumulator.add(self._component)
+
+        # Check for child requirements
+        if (
+            issubclass(self._component, interfaces.configuration.ConfigurableInterface)
+            and recurse
+        ):
+            result = {}
+            for requirement in self._component.get_requirements():
+                if not requirement.optional and isinstance(
+                    requirement, VersionRequirement
+                ):
+                    result.update(
+                        requirement.unsatisfied(
+                            context, config_path, accumulator.copy()
+                        )
+                    )
+
+            if result:
+                result.update({config_path: self})
+                return result
+
         context.config[interfaces.configuration.path_join(config_path, self.name)] = (
             True
         )
+
         return {}
 
     @classmethod