temp

Abyss-W4tcher · Abyss-W4tcher · commit a4ad727c9435 · 2025-01-16T16:34:55.000+01:00
diff --git a/kovid.json b/kovid.json
@@ -0,0 +1,19 @@
+{
+  "check_modules": false,
+  "hidden_modules": false,
+  "kernel.class": "volatility3.framework.contexts.Module",
+  "kernel.layer_name.class": "volatility3.framework.layers.intel.LinuxIntel32e",
+  "kernel.layer_name.kernel_banner": "Linux version 5.15.0-87-generic (buildd@lcy02-amd64-011) (gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #97-Ubuntu SMP Mon Oct 2 21:09:21 UTC 2023 (Ubuntu 5.15.0-87.97-generic 5.15.122)\n\u0000",
+  "kernel.layer_name.kernel_virtual_offset": 310378496,
+  "kernel.layer_name.memory_layer.base_layer.class": "volatility3.framework.layers.physical.FileLayer",
+  "kernel.layer_name.memory_layer.base_layer.location": "file:///mnt/hgfs/memory_samples/x64/linux/Ubuntu-jammy_5.15.0-87-generic_kovid.lime",
+  "kernel.layer_name.memory_layer.class": "volatility3.framework.layers.lime.LimeLayer",
+  "kernel.layer_name.page_map_offset": 385941504,
+  "kernel.offset": 310378496,
+  "kernel.symbol_table_name.class": "volatility3.framework.symbols.linux.LinuxKernelIntermedSymbols",
+  "kernel.symbol_table_name.isf_url": "file:///home/xyz/Desktop/volatility3_2/volatility3/symbols/linux/Ubuntu_5.15.0-87-generic_5.15.0-87.97_amd64.json",
+  "kernel.symbol_table_name.symbol_mask": 281474976710655,
+  "linux-tainting": false,
+  "lsmod": false,
+  "plain_taints": true
+}
diff --git a/result.json b/result.json
diff --git a/volatility3/cli/__init__.py b/volatility3/cli/__init__.py
@@ -499,6 +499,16 @@ def run(self):
                 renderer.filter = text_filter.CLIFilter(grid, args.filters)
                 renderer.column_hide_list = args.hide_columns
                 renderer.render(grid)
+        except exceptions.UnsatisfiedException as excp:
+            output = sys.stderr
+            output.write(
+                "An unsatisfied internal framework requirement was encountered during a plugin run:\n"
+            )
+            self.process_unsatisfied_exceptions(excp)
+            output.write(
+                f"Unable to validate the requirements: {[x for x in excp.unsatisfied]}\n",
+            )
+            sys.exit(1)
         except exceptions.VolatilityException as excp:
             self.process_exceptions(excp)
 
diff --git a/volatility3/framework/configuration/requirements.py b/volatility3/framework/configuration/requirements.py
@@ -13,8 +13,9 @@
 import os
 from typing import Any, ClassVar, Dict, List, Optional, Set, Tuple, Type
 from urllib import parse, request
+from functools import wraps
 
-from volatility3.framework import constants, interfaces
+from volatility3.framework import constants, interfaces, exceptions
 
 vollog = logging.getLogger(__name__)
 
@@ -599,6 +600,30 @@ def matches_required(
             return False
         return True
 
+    @staticmethod
+    def version_requirement_wrapper(**kwargs):
+        """Wrapper to be used as a decorator,
+        to check version requirements dynamically.
+        Useful for classes that cannot produce requirements.
+        """
+
+        def decorator(func):
+            @wraps(func)
+            def wrapper(*func_args, **func_kwargs):
+                req = VersionRequirement(**kwargs)
+                if not req.matches_required(req._version, req._component.version):
+                    full_unsat_req_path = (
+                        func.__module__ + "." + func.__name__ + "." + req.name
+                    )
+                    # Catched by the cli and redirected to process_unsatisfied_exceptions
+                    raise exceptions.UnsatisfiedException({full_unsat_req_path: req})
+                # Call the original function with all its arguments
+                return func(*func_args, **func_kwargs)
+
+            return wrapper
+
+        return decorator
+
 
 class PluginRequirement(VersionRequirement):
     def __init__(
diff --git a/volatility3/framework/interfaces/symbols.py b/volatility3/framework/interfaces/symbols.py
@@ -5,7 +5,7 @@
 import bisect
 import collections.abc
 from abc import ABC, abstractmethod
-from typing import Any, Dict, Iterable, List, Mapping, Optional, Tuple, Type
+from typing import Any, Dict, Iterable, List, Mapping, Optional, Set, Tuple, Type
 
 from volatility3.framework import constants, exceptions, interfaces
 from volatility3.framework.configuration import requirements
@@ -130,8 +130,8 @@ def symbols(self) -> Iterable[str]:
     # ## Required Type functions
 
     @property
-    def types(self) -> Iterable[str]:
-        """Returns an iterator of the Symbol type names."""
+    def types(self) -> Set[str]:
+        """Returns a set containing the symbol type names."""
         raise NotImplementedError(
             "Abstract property types not implemented by subclass."
         )
diff --git a/volatility3/framework/symbols/intermed.py b/volatility3/framework/symbols/intermed.py
@@ -10,6 +10,8 @@
 import os
 import pathlib
 import zipfile
+import collections
+
 from abc import ABCMeta
 from typing import Any, Dict, Generator, Iterable, List, Mapping, Optional, Tuple, Type
 
@@ -410,19 +412,24 @@ def get_symbol(self, name: str) -> interfaces.symbols.SymbolInterface:
         return self._symbol_cache[name]
 
     @property
-    def symbols(self) -> Iterable[str]:
-        """Returns an iterator of the symbol names."""
-        return list(self._json_object.get("symbols", {}))
+    def symbols(self) -> collections.abc.KeysView[str]:
+        """Returns a dictview of the symbol names."""
+        return self._json_object.get("symbols", {}).keys()
 
     @property
-    def enumerations(self) -> Iterable[str]:
-        """Returns an iterator of the available enumerations."""
-        return list(self._json_object.get("enums", {}))
+    def enumerations(self) -> collections.abc.KeysView[str]:
+        """Returns a dictview of the available enumerations."""
+        return self._json_object.get("enums", {}).keys()
 
     @property
-    def types(self) -> Iterable[str]:
-        """Returns an iterator of the symbol type names."""
-        return list(self._json_object.get("user_types", {})) + list(self.natives.types)
+    def types(self) -> collections.abc.KeysView[str]:
+        """Returns a dictview of the symbol type names."""
+        # self.natives.types is very small compared to user_types, so the dict overhead
+        # can be neglected
+        return {
+            **self._json_object.get("user_types", {}),
+            **dict.fromkeys(self.natives.types),
+        }.keys()
 
     def get_type_class(self, name: str) -> Type[interfaces.objects.ObjectInterface]:
         return self._overrides.get(name, objects.AggregateType)
diff --git a/volatility3/framework/symbols/native.py b/volatility3/framework/symbols/native.py
@@ -3,7 +3,7 @@
 #
 
 import copy
-from typing import Any, Dict, Iterable, Optional, Type
+from typing import Any, Dict, Optional, Set, Type
 
 from volatility3.framework import constants, interfaces, objects
 
@@ -29,8 +29,8 @@ def get_type_class(self, name: str) -> Type[interfaces.objects.ObjectInterface]:
         return ntype
 
     @property
-    def types(self) -> Iterable[str]:
-        """Returns an iterator of the symbol type names."""
+    def types(self) -> Set[str]:
+        """Returns a set containing the symbol type names."""
         return self._types
 
     def get_type(self, type_name: str) -> interfaces.objects.Template:
