Parse the StartupItems plist and hash its program argument
(StartupItemsPath)
| 420 | DbConnection.close() |
| 421 | |
| 422 | def ParseStartupItems(StartupItemsPath): |
| 423 | ''' Parse the StartupItems plist and hash its program argument ''' |
| 424 | |
| 425 | StartupItemsPlist = False |
| 426 | NbStartupItems = 0 |
| 427 | |
| 428 | for StartupItems in os.listdir(StartupItemsPath): |
| 429 | StartupItemsPlistPath = os.path.join(StartupItemsPath, StartupItems, 'StartupParameters.plist') |
| 430 | |
| 431 | PrintAndLog(StartupItemsPlistPath, 'DEBUG') |
| 432 | StartupItemsPlist = UniversalReadPlist(StartupItemsPlistPath) |
| 433 | |
| 434 | if StartupItemsPlist: |
| 435 | if 'Provides' in StartupItemsPlist: |
| 436 | FilePath = os.path.join(StartupItemsPath, StartupItems, StartupItemsPlist['Provides'][0]) |
| 437 | Md5 = BigFileMd5(FilePath) |
| 438 | if Md5: |
| 439 | if Md5 not in HASHES: |
| 440 | HASHES.append(Md5) |
| 441 | PrintAndLog(Md5 + u' '+ FilePath.decode('utf-8') + u' - ' + time.ctime(os.path.getmtime(FilePath)) + u' - ' + time.ctime(os.path.getctime(FilePath))+ u'\n', 'INFO') |
| 442 | NbStartupItems += 1 |
| 443 | if NbStartupItems == 0: |
| 444 | PrintAndLog(StartupItemsPath.decode('utf-8') + u' is empty', 'INFO') |
| 445 | |
| 446 | def ParseLaunchAgents(AgentsPath): |
| 447 | ''' Parse a LanchAgent plist and hash its program argument. Also look for suspicious keywords in the plist itself ''' |
no test coverage detected