From b06e12d978eee2985e0abe4fc0dded80b4b9ab41 Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Mon, 4 Nov 2024 16:39:31 -0700 Subject: [PATCH 1/4] refactor: python2 packages --- README.md | 2 ++ sift/python-packages/appcompatprocessor.sls | 3 ++- sift/python-packages/argparse.sls | 1 - sift/python-packages/bitstring.sls | 1 - sift/python-packages/capstone.sls | 3 ++- sift/python-packages/colorama.sls | 1 - sift/python-packages/construct.sls | 1 - sift/python-packages/distorm3.sls | 2 ++ sift/python-packages/docopt.sls | 1 - sift/python-packages/dpapick.sls | 2 -- sift/python-packages/geoip2.sls | 1 - sift/python-packages/indxparse.sls | 3 +-- sift/python-packages/ioc_writer.sls | 1 - sift/python-packages/m2crypto.sls | 5 ++--- sift/python-packages/ntdsxtract.sls | 1 - sift/python-packages/openpyxl.sls | 1 - sift/python-packages/pefile.sls | 1 - sift/python-packages/pillow.sls | 1 - sift/python-packages/poster.sls | 1 - sift/python-packages/pycoin.sls | 1 - sift/python-packages/pycrypto.sls | 5 ++++- sift/python-packages/pydasm.sls | 6 ++++-- sift/python-packages/python-dateutil.sls | 2 +- sift/python-packages/python-magic.sls | 1 - sift/python-packages/python-registry.sls | 1 - sift/python-packages/requests.sls | 1 - sift/python-packages/s2sphere.sls | 1 - sift/python-packages/setuptools.sls | 3 +-- sift/python-packages/shellbags.sls | 1 - sift/python-packages/simplejson.sls | 1 - sift/python-packages/six.sls | 1 - sift/python-packages/unicodecsv.sls | 1 - sift/python-packages/usnparser.sls | 1 - sift/python-packages/volatility.sls | 2 +- sift/python-packages/wheel.sls | 1 - sift/python-packages/windowsprefetch.sls | 1 - sift/python-packages/yara-python.sls | 5 ++++- 37 files changed, 26 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index adf25fc..8ec0cb0 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,8 @@ # SIFT +![GitHub Downloads (all assets, all releases)](https://img.shields.io/github/downloads/teamdfir/sift-saltstack/total) + Built with [SaltStack](https://saltproject.io) installed with [Cast](https://github.com/ekristen/cast) ## Issues diff --git a/sift/python-packages/appcompatprocessor.sls b/sift/python-packages/appcompatprocessor.sls index bc8d246..422a04d 100644 --- a/sift/python-packages/appcompatprocessor.sls +++ b/sift/python-packages/appcompatprocessor.sls @@ -5,16 +5,17 @@ include: - sift.packages.python2-pip - sift.packages.libregf - sift.packages.python2-dev + - sift.packages.build-essential - sift.python-packages.setuptools appcompatprocessor: pip.installed: - name: git+https://github.com/mbevilacqua/appcompatprocessor.git@{{ commit }} - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.git - sls: sift.packages.python2-pip - sls: sift.packages.libregf - sls: sift.packages.python2-dev + - sls: sift.packages.build-essential - sls: sift.python-packages.setuptools diff --git a/sift/python-packages/argparse.sls b/sift/python-packages/argparse.sls index 099631f..22a6d93 100644 --- a/sift/python-packages/argparse.sls +++ b/sift/python-packages/argparse.sls @@ -6,7 +6,6 @@ sift-python-packages-argparse: pip.installed: - name: argparse - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip - sls: sift.python-packages.setuptools diff --git a/sift/python-packages/bitstring.sls b/sift/python-packages/bitstring.sls index e8636e4..1e4aa82 100644 --- a/sift/python-packages/bitstring.sls +++ b/sift/python-packages/bitstring.sls @@ -6,7 +6,6 @@ sift-python-packages-bitstring: pip.installed: - name: bitstring - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip - sls: sift.python-packages.setuptools diff --git a/sift/python-packages/capstone.sls b/sift/python-packages/capstone.sls index 1e79f65..f92238d 100644 --- a/sift/python-packages/capstone.sls +++ b/sift/python-packages/capstone.sls @@ -1,5 +1,6 @@ include: - sift.packages.python2-pip + - sift.packages.build-essential sift-python-packages-pkg-remove: pkg.removed: @@ -9,7 +10,7 @@ sift-python-packages-capstone: pip.installed: - name: capstone - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip + - sls: sift.packages.build-essential - pkg: sift-python-packages-pkg-remove diff --git a/sift/python-packages/colorama.sls b/sift/python-packages/colorama.sls index b9e0447..a7efbbb 100644 --- a/sift/python-packages/colorama.sls +++ b/sift/python-packages/colorama.sls @@ -6,7 +6,6 @@ sift-python-packages-colorama: pip.installed: - name: colorama - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip - sls: sift.python-packages.setuptools diff --git a/sift/python-packages/construct.sls b/sift/python-packages/construct.sls index 921d54f..77a5d08 100644 --- a/sift/python-packages/construct.sls +++ b/sift/python-packages/construct.sls @@ -6,7 +6,6 @@ sift-python-packages-construct: pip.installed: - name: construct == 2.10.54 # note: pinned due to volatility2 - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip - sls: sift.python-packages.setuptools diff --git a/sift/python-packages/distorm3.sls b/sift/python-packages/distorm3.sls index b5353ce..ff070d4 100644 --- a/sift/python-packages/distorm3.sls +++ b/sift/python-packages/distorm3.sls @@ -1,6 +1,7 @@ include: - sift.packages.python2-pip - sift.packages.python2-dev + - sift.packages.build-essential - sift.python-packages.setuptools sift-python-packages-distorm3: @@ -10,4 +11,5 @@ sift-python-packages-distorm3: - require: - sls: sift.packages.python2-pip - sls: sift.packages.python2-dev + - sls: sift.packages.build-essential - sls: sift.python-packages.setuptools diff --git a/sift/python-packages/docopt.sls b/sift/python-packages/docopt.sls index a9fad50..c1c1a17 100644 --- a/sift/python-packages/docopt.sls +++ b/sift/python-packages/docopt.sls @@ -6,7 +6,6 @@ sift-python-packages-docopt: pip.installed: - name: docopt - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip - sls: sift.python-packages.setuptools diff --git a/sift/python-packages/dpapick.sls b/sift/python-packages/dpapick.sls index 20b1550..5e2d50e 100644 --- a/sift/python-packages/dpapick.sls +++ b/sift/python-packages/dpapick.sls @@ -8,9 +8,7 @@ include: dpapick: pip.installed: - name: dpapick - - upgrade: True - bin_env: /usr/bin/python2 - #- install_options: --upgrade-strategy=only-if-needed - require: - sls: sift.packages.libssl-dev - sls: sift.packages.python2-pip diff --git a/sift/python-packages/geoip2.sls b/sift/python-packages/geoip2.sls index 45c1da5..a9c1046 100644 --- a/sift/python-packages/geoip2.sls +++ b/sift/python-packages/geoip2.sls @@ -6,7 +6,6 @@ sift-python-packages-geoip2: pip.installed: - name: geoip2 - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip - sls: sift.python-packages.setuptools diff --git a/sift/python-packages/indxparse.sls b/sift/python-packages/indxparse.sls index be4535a..eb99376 100644 --- a/sift/python-packages/indxparse.sls +++ b/sift/python-packages/indxparse.sls @@ -1,4 +1,4 @@ -{% if grains['oscodename'] != "jammy" %} +{% if grains['oscodename'] == "focal" %} {%- set user = salt['pillar.get']('sift_user', 'sansforensics') -%} {%- set commit = "ca08236b0f70798cb6f89785820c9b82ee0c66ff" -%} @@ -17,7 +17,6 @@ sift-python-packages-indxparse: pip.installed: - name: git+https://github.com/williballenthin/INDXParse.git@{{ commit }} - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.git - sls: sift.packages.g++ diff --git a/sift/python-packages/ioc_writer.sls b/sift/python-packages/ioc_writer.sls index cc0762b..8aba500 100644 --- a/sift/python-packages/ioc_writer.sls +++ b/sift/python-packages/ioc_writer.sls @@ -7,7 +7,6 @@ sift-python-packages-ioc-writer: pip.installed: - name: ioc_writer - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip - sls: sift.python-packages.lxml diff --git a/sift/python-packages/m2crypto.sls b/sift/python-packages/m2crypto.sls index 2bab211..55ac570 100644 --- a/sift/python-packages/m2crypto.sls +++ b/sift/python-packages/m2crypto.sls @@ -3,16 +3,15 @@ include: - sift.packages.swig - sift.packages.python2-dev - sift.packages.libssl-dev - - sift.python-packages.setuptools + - sift.packages.build-essential sift-python-packages-m2crypto: pip.installed: - name: m2crypto==0.40.1 - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip - sls: sift.packages.swig - sls: sift.packages.python2-dev - sls: sift.packages.libssl-dev - - sls: sift.python-packages.setuptools + - sls: sift.packages.build-essential diff --git a/sift/python-packages/ntdsxtract.sls b/sift/python-packages/ntdsxtract.sls index 277841a..4b0a928 100644 --- a/sift/python-packages/ntdsxtract.sls +++ b/sift/python-packages/ntdsxtract.sls @@ -6,7 +6,6 @@ sift-python-ntdsxtract: pip.installed: - name: git+https://github.com/csababarta/ntdsxtract.git@7fa1c8c28cbbf97a42bef40f20009dba85e4c25f - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.git - sls: sift.packages.python2-pip diff --git a/sift/python-packages/openpyxl.sls b/sift/python-packages/openpyxl.sls index 154e5ec..10e7e4b 100644 --- a/sift/python-packages/openpyxl.sls +++ b/sift/python-packages/openpyxl.sls @@ -4,6 +4,5 @@ include: openpyxl==2.1.2: pip.installed: - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/pefile.sls b/sift/python-packages/pefile.sls index 1f148c9..cd914f7 100644 --- a/sift/python-packages/pefile.sls +++ b/sift/python-packages/pefile.sls @@ -5,6 +5,5 @@ sift-python-packages-pefile: pip.installed: - name: pefile - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/pillow.sls b/sift/python-packages/pillow.sls index b59d420..062aba7 100644 --- a/sift/python-packages/pillow.sls +++ b/sift/python-packages/pillow.sls @@ -5,6 +5,5 @@ sift-python-packages-pillow: pip.installed: - name: pillow - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/poster.sls b/sift/python-packages/poster.sls index 5254a0e..b5b0878 100644 --- a/sift/python-packages/poster.sls +++ b/sift/python-packages/poster.sls @@ -5,6 +5,5 @@ sift-python-packages-poster: pip.installed: - name: poster - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/pycoin.sls b/sift/python-packages/pycoin.sls index e5808d1..e808583 100644 --- a/sift/python-packages/pycoin.sls +++ b/sift/python-packages/pycoin.sls @@ -7,6 +7,5 @@ sift-python-packages-pycoin: pip.installed: - name: pycoin - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/pycrypto.sls b/sift/python-packages/pycrypto.sls index 951baf8..40ac65a 100644 --- a/sift/python-packages/pycrypto.sls +++ b/sift/python-packages/pycrypto.sls @@ -2,12 +2,15 @@ include: - sift.packages.python2-pip + - sift.python-packages.setuptools + - sift.packages.build-essential sift-python-packages-pycrypto: pip.installed: - name: pycrypto - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip + - sls: sift.python-packages.setuptools + - sls: sift.packages.build-essential diff --git a/sift/python-packages/pydasm.sls b/sift/python-packages/pydasm.sls index f239c11..ce1024d 100644 --- a/sift/python-packages/pydasm.sls +++ b/sift/python-packages/pydasm.sls @@ -1,13 +1,15 @@ include: - sift.packages.git - sift.packages.python2-pip + - sift.packages.python2-dev + - sift.packages.build-essential pydasm: pip.installed: - name: git+https://github.com/jtpereyda/libdasm.git@68d61b1#egg=version_subpkg&subdirectory=pydasm - bin_env: /usr/bin/python2 -# - editable: git+https://github.com/jtpereyda/libdasm.git@68d61b1#egg=version_subpkg&subdirectory=pydasm - - upgrade: True - require: - sls: sift.packages.git - sls: sift.packages.python2-pip + - sls: sift.packages.python2-dev + - sls: sift.packages.build-essential diff --git a/sift/python-packages/python-dateutil.sls b/sift/python-packages/python-dateutil.sls index 87c5188..987815a 100644 --- a/sift/python-packages/python-dateutil.sls +++ b/sift/python-packages/python-dateutil.sls @@ -3,7 +3,7 @@ include: sift-python-packages-python-dateutil: pip.installed: - - name: python-dateutil >= 2.4.2 + - name: 'python-dateutil>=2.4.2' - bin_env: /usr/bin/python2 - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/python-magic.sls b/sift/python-packages/python-magic.sls index c7ad02f..dda9ed2 100644 --- a/sift/python-packages/python-magic.sls +++ b/sift/python-packages/python-magic.sls @@ -5,6 +5,5 @@ sift-python-packages-python-magic: pip.installed: - name: python-magic - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/python-registry.sls b/sift/python-packages/python-registry.sls index 0b9630e..7c26bcc 100644 --- a/sift/python-packages/python-registry.sls +++ b/sift/python-packages/python-registry.sls @@ -5,6 +5,5 @@ sift-python-packages-python-registry: pip.installed: - name: python-registry - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/requests.sls b/sift/python-packages/requests.sls index 04973f0..07d61f3 100644 --- a/sift/python-packages/requests.sls +++ b/sift/python-packages/requests.sls @@ -5,6 +5,5 @@ sift-python-packages-requests: pip.installed: - name: requests - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/s2sphere.sls b/sift/python-packages/s2sphere.sls index 86909cc..572d570 100644 --- a/sift/python-packages/s2sphere.sls +++ b/sift/python-packages/s2sphere.sls @@ -5,6 +5,5 @@ sift-python-packages-s2sphere: pip.installed: - name: s2sphere - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/setuptools.sls b/sift/python-packages/setuptools.sls index 87d0fcc..02d5e03 100644 --- a/sift/python-packages/setuptools.sls +++ b/sift/python-packages/setuptools.sls @@ -3,8 +3,7 @@ include: sift-python-packages-setuptools: pip.installed: - - name: 'setuptools<66.0.0' + - name: setuptools - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/shellbags.sls b/sift/python-packages/shellbags.sls index b8009bf..694423b 100644 --- a/sift/python-packages/shellbags.sls +++ b/sift/python-packages/shellbags.sls @@ -8,7 +8,6 @@ shellbags: pip.installed: - name: git+https://github.com/williballenthin/shellbags.git@fee76eb - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.git - sls: sift.packages.python2-pip diff --git a/sift/python-packages/simplejson.sls b/sift/python-packages/simplejson.sls index f07428d..f63c4a5 100644 --- a/sift/python-packages/simplejson.sls +++ b/sift/python-packages/simplejson.sls @@ -7,6 +7,5 @@ sift-python-packages-simplejson: pip.installed: - name: simplejson - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/six.sls b/sift/python-packages/six.sls index fef3b73..824f747 100644 --- a/sift/python-packages/six.sls +++ b/sift/python-packages/six.sls @@ -5,6 +5,5 @@ sift-python-packages-six: pip.installed: - name: six - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/unicodecsv.sls b/sift/python-packages/unicodecsv.sls index e4b8776..2901210 100644 --- a/sift/python-packages/unicodecsv.sls +++ b/sift/python-packages/unicodecsv.sls @@ -5,6 +5,5 @@ sift-python-packages-unicodecsv: pip.installed: - name: unicodecsv - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/usnparser.sls b/sift/python-packages/usnparser.sls index b916d2c..2c8f470 100644 --- a/sift/python-packages/usnparser.sls +++ b/sift/python-packages/usnparser.sls @@ -5,6 +5,5 @@ sift-python-packages-usnparser: pip.installed: - name: usnparser - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/volatility.sls b/sift/python-packages/volatility.sls index 17eb3a1..02cbfe0 100644 --- a/sift/python-packages/volatility.sls +++ b/sift/python-packages/volatility.sls @@ -11,6 +11,7 @@ include: - sift.packages.git - sift.packages.python2-pip + - sift.packages.build-essential - sift.python-packages.colorama - sift.python-packages.construct - sift.python-packages.dpapick @@ -31,7 +32,6 @@ sift-python-packages-volatility: pip.installed: - name: git+https://github.com/volatilityfoundation/volatility.git@master - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.git - sls: sift.packages.python2-pip diff --git a/sift/python-packages/wheel.sls b/sift/python-packages/wheel.sls index 72db7e1..f8197cc 100644 --- a/sift/python-packages/wheel.sls +++ b/sift/python-packages/wheel.sls @@ -5,6 +5,5 @@ sift-python-packages-wheel: pip.installed: - name: wheel - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/windowsprefetch.sls b/sift/python-packages/windowsprefetch.sls index 90da6e4..6a9b0bc 100644 --- a/sift/python-packages/windowsprefetch.sls +++ b/sift/python-packages/windowsprefetch.sls @@ -5,6 +5,5 @@ sift-python-packages-windowsprefetch: pip.installed: - name: windowsprefetch - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip diff --git a/sift/python-packages/yara-python.sls b/sift/python-packages/yara-python.sls index cf6c47d..c15549c 100644 --- a/sift/python-packages/yara-python.sls +++ b/sift/python-packages/yara-python.sls @@ -2,11 +2,14 @@ include: - sift.packages.python2-pip + - sift.packages.python2-dev + - sift.packages.build-essential sift-python-packages-yara-python: pip.installed: - name: yara-python - bin_env: /usr/bin/python2 - - upgrade: True - require: - sls: sift.packages.python2-pip + - sls: sift.packages.python2-dev + - sls: sift.packages.build-essential From 9ff4b40cc4de549758f1506122df1f78e611781c Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Mon, 4 Nov 2024 16:43:17 -0700 Subject: [PATCH 2/4] fix: adding python2-dev --- sift/python-packages/pycrypto.sls | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sift/python-packages/pycrypto.sls b/sift/python-packages/pycrypto.sls index 40ac65a..1c9a3f1 100644 --- a/sift/python-packages/pycrypto.sls +++ b/sift/python-packages/pycrypto.sls @@ -2,6 +2,7 @@ include: - sift.packages.python2-pip + - sift.packages.python2-dev - sift.python-packages.setuptools - sift.packages.build-essential @@ -11,6 +12,7 @@ sift-python-packages-pycrypto: - bin_env: /usr/bin/python2 - require: - sls: sift.packages.python2-pip + - sls: sift.packages.python2-dev - sls: sift.python-packages.setuptools - sls: sift.packages.build-essential From c9726a40e734d861ff17f3d32dce1b2ffc612dca Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Mon, 4 Nov 2024 18:09:10 -0700 Subject: [PATCH 3/4] more tweaks more tests --- sift/python3-packages/core.sls | 4 ++-- sift/python3-packages/init.sls | 10 ++------- sift/scripts/exiftool.sls | 39 +++------------------------------- sift/scripts/plutil.sls | 35 ------------------------------ 4 files changed, 7 insertions(+), 81 deletions(-) delete mode 100644 sift/scripts/plutil.sls diff --git a/sift/python3-packages/core.sls b/sift/python3-packages/core.sls index 3b4cd89..07688a1 100644 --- a/sift/python3-packages/core.sls +++ b/sift/python3-packages/core.sls @@ -1,5 +1,5 @@ include: - - sift.python3-packages.pip + #- sift.python3-packages.pip - sift.python3-packages.wheel - sift.python3-packages.setuptools @@ -7,6 +7,6 @@ sift-python3-packages-core: test.nop: - name: python3-packages-core - require: - - sls: sift.python3-packages.pip + #- sls: sift.python3-packages.pip - sls: sift.python3-packages.wheel - sls: sift.python3-packages.setuptools diff --git a/sift/python3-packages/init.sls b/sift/python3-packages/init.sls index 891feec..bbf1f88 100644 --- a/sift/python3-packages/init.sls +++ b/sift/python3-packages/init.sls @@ -1,13 +1,12 @@ include: + - sift.python3-packages.core - sift.python3-packages.analyzemft - - sift.python3-packages.pip - sift.python3-packages.python3-keyring - sift.python3-packages.argparse - sift.python3-packages.bitstring - sift.python3-packages.colorama - sift.python3-packages.geoip2 - sift.python3-packages.ioc_writer -### - sift.python3-packages.imagemounter - sift.python3-packages.keyrings-alt - sift.python3-packages.lxml - sift.python3-packages.machinae @@ -18,28 +17,25 @@ include: - sift.python3-packages.python-evtx - sift.python3-packages.python-magic - sift.python3-packages.python-registry - - sift.python3-packages.setuptools - sift.python3-packages.setuptools-rust - sift.python3-packages.six - sift.python3-packages.stix-validator - sift.python3-packages.stix - sift.python3-packages.virustotal-api - - sift.python3-packages.wheel - sift.python3-packages.yara-python sift-python3-packages: test.nop: - name: sift-python3-packages - require: + - sls: sift.python3-packages.core - sls: sift.python3-packages.analyzemft - - sls: sift.python3-packages.pip - sls: sift.python3-packages.python3-keyring - sls: sift.python3-packages.argparse - sls: sift.python3-packages.bitstring - sls: sift.python3-packages.colorama - sls: sift.python3-packages.geoip2 - sls: sift.python3-packages.ioc_writer -### - sls: sift.python3-packages.imagemounter - sls: sift.python3-packages.keyrings-alt - sls: sift.python3-packages.lxml - sls: sift.python3-packages.machinae @@ -50,11 +46,9 @@ sift-python3-packages: - sls: sift.python3-packages.python-evtx - sls: sift.python3-packages.python-magic - sls: sift.python3-packages.python-registry - - sls: sift.python3-packages.setuptools - sls: sift.python3-packages.setuptools-rust - sls: sift.python3-packages.six - sls: sift.python3-packages.stix-validator - sls: sift.python3-packages.stix - sls: sift.python3-packages.virustotal-api - - sls: sift.python3-packages.wheel - sls: sift.python3-packages.yara-python diff --git a/sift/scripts/exiftool.sls b/sift/scripts/exiftool.sls index a381209..2e98494 100644 --- a/sift/scripts/exiftool.sls +++ b/sift/scripts/exiftool.sls @@ -1,8 +1,8 @@ # source=https://owl.phy.queensu.ca/~phil/exiftool/ # license=free -{% set exiftool_version = '10.60' -%} -{% set exiftool_sha256 = 'df0988f60e1a6c086799e1f2ecd419e8abbad4dfb5dfa66c6080c78a5cb7acfa' -%} +{% set exiftool_version = '13.01' -%} +{% set exiftool_sha256 = 'ab81649054488b6b7bac79c08bf6cfbfd295ecdf2f20f3db67aabdfc07633391' -%} include: - sift.packages.patch @@ -10,7 +10,7 @@ include: sift-exiftool-source: file.managed: - name: /var/cache/sift/archives/Image-ExifTool-{{ exiftool_version }}.tar.gz - - source: https://owl.phy.queensu.ca/~phil/exiftool/Image-ExifTool-{{ exiftool_version }}.tar.gz + - source: https://exiftool.org/Image-ExifTool-{{ exiftool_version }}.tar.gz - source_hash: sha256={{ exiftool_sha256 }} - makedirs: True @@ -22,44 +22,11 @@ sift-exiftool-extracted: - watch: - file: sift-exiftool-source -sift-exiftool-patch-file: - file.managed: - - name: /usr/local/src/exiftool-{{ exiftool_version }}/exiftool.patch - - contents: | - diff --git 1/exiftool 2/exiftool - index eeff10b..a7c1259 100755 - --- 1/exiftool - +++ 2/exiftool - @@ -18,7 +18,7 @@ my $version = '10.60'; - my $exeDir; - BEGIN { - # get exe directory - - $exeDir = ($0 =~ /(.*)[\\\/]/) ? $1 : '.'; - + $exeDir = "/usr/local/share/exiftool-$version/Image-ExifTool-$version"; - # add lib directory at start of include path - unshift @INC, "$exeDir/lib"; - # load or disable config file if specified - - watch: - - archive: sift-exiftool-extracted - -sift-exiftool-patch: - file.patch: - - name: /usr/local/src/exiftool-{{ exiftool_version }}/Image-ExifTool-{{ exiftool_version }}/exiftool - - source: /usr/local/src/exiftool-{{ exiftool_version }}/exiftool.patch - - hash: sha256=8790e165825aa7028d3a71ce656c876f8430d2505c6ca5aa058e74b16faee611 - - require: - - sls: sift.packages.patch - - file: sift-exiftool-patch-file - - watch: - - archive: sift-exiftool-extracted - sift-exiftool-binary: file.managed: - name: /usr/local/bin/exiftool - source: /usr/local/src/exiftool-{{ exiftool_version }}/Image-ExifTool-{{ exiftool_version }}/exiftool - mode: 755 - - watch: - - file: sift-exiftool-patch diff --git a/sift/scripts/plutil.sls b/sift/scripts/plutil.sls deleted file mode 100644 index 48f91af..0000000 --- a/sift/scripts/plutil.sls +++ /dev/null @@ -1,35 +0,0 @@ -# source=https://github.com/HearthSim/extract-scripts -# license=unknown - -{% set commit = "b830f58fe53958c54def0ec66d0617f9cf5c60d9" -%} -{% set hash = "sha256=a1db4dccfa54a41361d11273dfdd88c59b4caca60f4d58e672cc867393a72166" -%} - -include: - - sift.packages.libencode-perl - -sift-scripts-plutil: - file.managed: - - name: /usr/local/src/scripts/plutil.pl - - source: https://raw.githubusercontent.com/HearthSim/extract-scripts/{{ commit }}/plutil.pl - - source_hash: {{ hash }} - - makedirs: True - - require: - - sls: sift.packages.libencode-perl - -sift-scripts-plutil-binary: - file.copy: - - name: /usr/local/bin/plutil.pl - - source: /usr/local/src/scripts/plutil.pl - - force: True - - mode: 755 - - watch: - - file: sift-scripts-plutil - -sift-scripts-plutil-shebang: - file.replace: - - name: /usr/local/bin/plutil.pl - - pattern: '#!/usr/bin/perl' - - repl: '#!/usr/bin/env perl' - - count: 1 - - watch: - - file: sift-scripts-plutil-binary From 336e72e60f15ad9d4e60d4428be18edada426f63 Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Tue, 5 Nov 2024 11:41:05 -0700 Subject: [PATCH 4/4] adding test cases --- sift/tests/python-with-apt-scripts.sls | 15 +++++++++++++++ sift/tests/python-with-apt.sls | 13 +++++++++++++ sift/tests/python.sls | 11 +++++++++++ sift/tests/python2-with-apt.sls | 11 +++++++++++ sift/tests/python3-with-apt.sls | 11 +++++++++++ 5 files changed, 61 insertions(+) create mode 100644 sift/tests/python-with-apt-scripts.sls create mode 100644 sift/tests/python-with-apt.sls create mode 100644 sift/tests/python.sls create mode 100644 sift/tests/python2-with-apt.sls create mode 100644 sift/tests/python3-with-apt.sls diff --git a/sift/tests/python-with-apt-scripts.sls b/sift/tests/python-with-apt-scripts.sls new file mode 100644 index 0000000..3d3a22b --- /dev/null +++ b/sift/tests/python-with-apt-scripts.sls @@ -0,0 +1,15 @@ +include: + - sift.packages + - sift.python-packages + - sift.python3-packages + - sift.scripts + +sift-tests-python-with-apt-scripts: + test.nop: + - name: sift-tests-python-with-apt-scripts + - require: + - sls: sift.packages + - sls: sift.python-packages + - sls: sift.python3-packages + - sls: sift.scripts + diff --git a/sift/tests/python-with-apt.sls b/sift/tests/python-with-apt.sls new file mode 100644 index 0000000..cf51ce2 --- /dev/null +++ b/sift/tests/python-with-apt.sls @@ -0,0 +1,13 @@ +include: + - sift.packages + - sift.python-packages + - sift.python3-packages + +sift-tests-python-with-apt: + test.nop: + - name: sift-tests-python-with-apt + - require: + - sls: sift.packages + - sls: sift.python-packages + - sls: sift.python3-packages + diff --git a/sift/tests/python.sls b/sift/tests/python.sls new file mode 100644 index 0000000..ec4ba4b --- /dev/null +++ b/sift/tests/python.sls @@ -0,0 +1,11 @@ +include: + - sift.python-packages + - sift.python3-packages + +sift-tests-python: + test.nop: + - name: sift-tests-python + - require: + - sls: sift.python-packages + - sls: sift.python3-packages + diff --git a/sift/tests/python2-with-apt.sls b/sift/tests/python2-with-apt.sls new file mode 100644 index 0000000..83c99c9 --- /dev/null +++ b/sift/tests/python2-with-apt.sls @@ -0,0 +1,11 @@ +include: + - sift.packages + - sift.python-packages + +sift-tests-python2-with-apt: + test.nop: + - name: sift-tests-python2-with-apt + - require: + - sls: sift.packages + - sls: sift.python-packages + diff --git a/sift/tests/python3-with-apt.sls b/sift/tests/python3-with-apt.sls new file mode 100644 index 0000000..26d6ef7 --- /dev/null +++ b/sift/tests/python3-with-apt.sls @@ -0,0 +1,11 @@ +include: + - sift.packages + - sift.python3-packages + +sift-tests-python3-with-apt: + test.nop: + - name: sift-tests-python3-with-apt + - require: + - sls: sift.packages + - sls: sift.python3-packages +