MCPcopy
hub / github.com/jipegit/OSXAuditor / ParsePackagesDir

Function ParsePackagesDir

osxauditor.py:801–849  ·  view source on GitHub ↗

Parse the packages in a directory

(PackagesDirPath)

Source from the content-addressed store, hash-verified

799 ParseChrome()
800
801def ParsePackagesDir(PackagesDirPath):
802 ''' Parse the packages in a directory '''
803
804 plistfile = 'Info.plist'
805 IgnoredFiles = ['.DS_Store', '.localized']
806
807 PackagePlistPath = ''
808 CFBundleExecutablepath = ''
809 NbPackages = 0
810
811 for PackagePath in os.listdir(PackagesDirPath):
812 if PackagePath not in IgnoredFiles:
813 if PackagePath[-4:] == '.app' or PackagePath[-5:] == '.kext':
814 if os.path.isfile(os.path.join(PackagesDirPath, PackagePath, plistfile)):
815 PackagePlistPath = os.path.join(PackagesDirPath, PackagePath, plistfile)
816 CFBundleExecutablepath = ''
817 elif os.path.isfile(os.path.join(PackagesDirPath, PackagePath, 'Contents', plistfile)):
818 PackagePlistPath = os.path.join(PackagesDirPath, PackagePath, 'Contents', plistfile)
819 CFBundleExecutablepath = 'Contents/MacOS/'
820 else:
821 PrintAndLog(os.path.join(PackagesDirPath, PackagePath).decode('utf-8'), 'DEBUG')
822 PrintAndLog(u'Cannot find any Info.plist in ' + PackagePath.decode('utf-8'), 'ERROR')
823 continue
824
825 PrintAndLog(os.path.join(PackagesDirPath, PackagePath).decode('utf-8'), 'DEBUG')
826 PackagePlist = UniversalReadPlist(PackagePlistPath)
827
828 if PackagePlist:
829 if 'CFBundleExecutable' in PackagePlist:
830 if PackagePlist['CFBundleExecutable'] != '':
831 FilePath = os.path.join(PackagesDirPath, PackagePath, CFBundleExecutablepath, PackagePlist['CFBundleExecutable'])
832 Md5 = BigFileMd5(FilePath)
833 if Md5:
834 if Md5 not in HASHES:
835 HASHES.append(Md5)
836 PrintAndLog(Md5 + u' '+ FilePath.decode('utf-8') + u' - ' + time.ctime(os.path.getmtime(FilePath)) + u' - ' + time.ctime(os.path.getctime(FilePath)) + u'\n', 'INFO')
837 else:
838 PrintAndLog(u'The CFBundleExecutable key in ' + PackagePlistPath.decode('utf-8') + u' is empty\n', 'ERROR')
839 else:
840 PrintAndLog(u'Cannot find the CFBundleExecutable key in ' + PackagePlistPath.decode('utf-8') + u'\n', 'ERROR')
841 NbPackages += 1
842
843 if os.path.isdir(os.path.join(PackagesDirPath, PackagePath)) and not os.path.islink(os.path.join(PackagesDirPath, PackagePath)):
844 ParsePackagesDir(os.path.join(PackagesDirPath, PackagePath))
845
846 else: continue
847
848 if NbPackages == 0:
849 PrintAndLog(PackagesDirPath.decode('utf-8') + u' is empty (no package found)', 'INFO')
850
851def ParseKext():
852 ''' Parse the Kernel extensions '''

Callers 3

ParseStartupFunction · 0.85
ParseKextFunction · 0.85
ParseInstalledAppsFunction · 0.85

Calls 3

PrintAndLogFunction · 0.85
UniversalReadPlistFunction · 0.85
BigFileMd5Function · 0.85

Tested by

no test coverage detected