Make collection report consistent (#75)

Remove the successful execution of the glob from the report, this makes the output report of dissect more consistent.

(DIS-1935)

Author: Miauwkeru

acquire/acquire.py

@@ -868,20 +868,20 @@ class AV(Module):
         ("glob", "sysvol/ProgramData/Emsisoft/Reports/scan*.txt"),
         # F-Secure
         ("dir", "sysvol/ProgramData/F-Secure/Log"),
-        ("dir", "sysvol/Users*/AppData/Local/F-Secure/Log"),
+        ("dir", "AppData/Local/F-Secure/Log", from_user_home),
         ("dir", "sysvol/ProgramData/F-Secure/Antivirus/ScheduledScanReports"),
         # HitmanPro
         ("dir", "sysvol/ProgramData/HitmanPro/Logs"),
         ("dir", "sysvol/ProgramData/HitmanPro.Alert/Logs"),
         ("file", "sysvol/ProgramData/HitmanPro.Alert/excalibur.db"),
-        ("glob", "sysvol/ProgramData/HitmanPro/Quarantine"),
+        ("dir", "sysvol/ProgramData/HitmanPro/Quarantine"),
         # Malwarebytes
         ("glob", "sysvol/ProgramData/Malwarebytes/Malwarebytes Anti-Malware/Logs/mbam-log-*.xml"),
         ("glob", "sysvol/ProgramData/Malwarebytes/MBAMService/logs/mbamservice.log*"),
-        ("dir", "sysvol/Users*/AppData/Roaming/Malwarebytes/Malwarebytes Anti-Malware/Logs"),
+        ("dir", "AppData/Roaming/Malwarebytes/Malwarebytes Anti-Malware/Logs", from_user_home),
         ("dir", "sysvol/ProgramData/Malwarebytes/MBAMService/ScanResults"),
         # McAfee
-        ("dir", "sysvol/Users/All Users/Application Data/McAfee/DesktopProtection"),
+        ("dir", "Application Data/McAfee/DesktopProtection", from_user_home),
         ("dir", "sysvol/ProgramData/McAfee/DesktopProtection"),
         ("dir", "sysvol/ProgramData/McAfee/Endpoint Security/Logs"),
         ("dir", "sysvol/ProgramData/McAfee/Endpoint Security/Logs_Old"),
@@ -891,7 +891,7 @@ class AV(Module):
         # RogueKiller
         ("glob", "sysvol/ProgramData/RogueKiller/logs/AdliceReport_*.json"),
         # SUPERAntiSpyware
-        ("dir", "sysvol/Users*/AppData/Roaming/SUPERAntiSpyware/Logs"),
+        ("dir", "AppData/Roaming/SUPERAntiSpyware/Logs", from_user_home),
         # SecureAge
         ("dir", "sysvol/ProgramData/SecureAge Technology/SecureAge/log"),
         # SentinelOne
@@ -972,7 +972,7 @@ class History(Module):
         ("dir", "AppData/Local/Microsoft/Internet Explorer/Recovery", from_user_home),
         ("file", "AppData/Local/Microsoft/Windows/History/History.IE5/index.dat", from_user_home),
         (
-            "file",
+            "glob",
             "AppData/Local/Microsoft/Windows/History/History.IE5/MSHist*/index.dat",
             from_user_home,
         ),
@@ -982,7 +982,7 @@ class History(Module):
             from_user_home,
         ),
         (
-            "file",
+            "glob",
             "AppData/Local/Microsoft/Windows/History/Low/History.IE5/MSHist*/index.dat",
             from_user_home,
         ),

acquire/collector.py

@@ -114,9 +114,6 @@ def add_file_failed(self, module: str, failed_path: Path) -> None:
     def add_file_missing(self, module: str, missing_path: Path) -> None:
         self._register(module, Outcome.MISSING, ArtifactType.FILE, missing_path)
 
-    def add_glob_collected(self, module: str, pattern: str) -> None:
-        self._register(module, Outcome.SUCCESS, ArtifactType.GLOB, pattern)
-
     def add_glob_failed(self, module: str, failed_pattern: str) -> None:
         exc = get_formatted_exception()
         self._register(module, Outcome.FAILURE, ArtifactType.GLOB, failed_pattern, exc)
@@ -367,7 +364,7 @@ def collect_glob(self, pattern: str, module_name: Optional[str] = None) -> None:
             if glob_is_empty:
                 self.report.add_glob_empty(module_name, pattern)
             else:
-                self.report.add_glob_collected(module_name, pattern)
+                log.info("- Collecting glob %s succeeded", pattern)
 
     def collect_path(
         self,

tests/test_acquire_modules.py

@@ -0,0 +1,20 @@
+from textwrap import indent
+
+import pytest
+
+from acquire.acquire import MODULES
+
+
+@pytest.mark.parametrize("module", MODULES.keys())
+def test_validate_module_spec(module):
+    data_in_spec = []
+    for spec in MODULES[module].SPEC:
+        type, collectable, *_ = spec
+        if type == "glob":
+            data_in_spec.append(spec + ("*" in collectable,))
+        else:
+            data_in_spec.append(spec + ("*" not in collectable,))
+
+    faulty_specs = list(filter(lambda x: x[-1] is False, data_in_spec))
+    formatted_specs = "\n".join([f"({spec[0]!r}, {spec[1]!r}) was faulty" for spec in faulty_specs])
+    assert len(faulty_specs) == 0, f"{module}:\n{indent(formatted_specs, prefix='    ')}"