Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Registry plugins spread across directories. Needs standardization #1471

Open
atcuno opened this issue Dec 27, 2024 · 4 comments · May be fixed by #1707
Open

Registry plugins spread across directories. Needs standardization #1471

atcuno opened this issue Dec 27, 2024 · 4 comments · May be fixed by #1707
Assignees
@superponible @ikelos
Labels
parity-release

Comments

@atcuno
Copy link
Contributor

atcuno commented Dec 27, 2024
edited
Loading

We have a sub directory 'registry' under framework/plugins/windows that holds two registry related plugins.

We then have amcache (https://github.com/volatilityfoundation/volatility3/blob/develop/volatility3/framework/plugins/windows/amcache.py), cachedump (https://github.com/volatilityfoundation/volatility3/blob/develop/volatility3/framework/plugins/windows/cachedump.py), lsadump (https://github.com/volatilityfoundation/volatility3/blob/b1a42d9510046377a426d62f7cbde1ce1a4ad528/volatility3/framework/plugins/windows/lsadump.py), hashdump (

volatility3/volatility3/framework/plugins/windows/hashdump.py

Line 330 in b1a42d9

def get_hive_key(cls, hive: registry.RegistryHive, key: str):
), and maybe others which use the registry, outside the folder.

There are 20+ new and useful plugins that can be written that target the registry, and I was talking to some college students about them as an easy intro to learning the framework - but then I realized we have plugins in multiple places and need to standardize this before it gets worse and before parity.

@ikelos @superponible - I assume these should all be under registry? What needs to happen version wise when we move plugins? These plugins also triggered many bugs in mass testing so we need to get them moved rather quickly so the bugs can be then be patched also.
@atcuno atcuno changed the title Registry plugins spread across directories. Needs standarization Registry plugins spread across directories. Needs standardization Dec 27, 2024
@ikelos
Copy link
Member

ikelos commented Dec 30, 2024

Generally plugins that are specifically designed to act upon the registry, should live under the registry group (it was supposed to be an example of how we could categorize plugins, but then no one ever really did it with any of the other plugins). As to moving a plugin, I guess you leave a class that inherits under the old name, but with a deprecation warning? Then two or three releases later (after people are using the new one), we can ditch the old one. Since it's a new plugin, technically it can have its version bumped back to 1.0.0, but I might leave it at whatever it's at for simplicity? All core plugins should be updated to use the new one (not the deprecated one). Does that answer all the corner cases, or have I missed some?

@atcuno
Copy link
Contributor Author

atcuno commented Dec 30, 2024

That sounds good. I was make sure the test cases are valid for the new ones.

As for the deprecation -- if the current file inherits from the new file under registry/, where would the deprecation warning go.?I assume we want it in run(), so would the existing file override run to be the same except adding the warning?

@ikelos
Copy link
Member

ikelos commented Dec 30, 2024

Yeah, basically run would be:

def run(self, *args, **kwargs):
    warnings.warn(DeprecationWarning('This plugin is now called BLAH'))
    return super().run(*args, **kwargs)

@ikelos
Copy link
Member

ikelos commented Dec 30, 2024

Actually, thinking about it, we probably want it under __getattr__ or something, so that class methods would get caught? warning.warn would ensure the warning's only issued once, but just so we get visibility over dependencies. We'd probably need to leave out get_requirements but otherwise...

superponible pushed a commit that referenced this issue Mar 12, 2025
#1471 - move registry plugins to registry directory
c8791c2
superponible pushed a commit that referenced this issue Mar 12, 2025
#1471 - import from correct location
54f1f74
superponible pushed a commit that referenced this issue Mar 12, 2025
#1471 - add deprecated plugins in old location
Loading
Loading status checks…
474e8e6
@superponible superponible linked a pull request Mar 12, 2025 that will close this issue
1471 registry plugins spread across directories needs standardization #1707
Open
@superponible superponible linked a pull request Mar 12, 2025 that will close this issue
Open
superponible pushed a commit that referenced this issue Mar 12, 2025
#1471 - change DeprecationWarning to FutureWarning
Loading
Loading status checks…
3a6063f
superponible pushed a commit that referenced this issue Mar 12, 2025
#1471 - getattribute instead of getattr, and removal date
Loading
Loading status checks…
f0991a9
superponible pushed a commit that referenced this issue Mar 13, 2025
#1471 - use standard date format
Loading
Loading status checks…
1549994
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@superponible superponible

@ikelos ikelos

Labels
parity-release
Projects
None yet
Milestone
No milestone
3 participants
@atcuno @superponible @ikelos