Migrated to tcell for UI. Code cleanup. Features in progress. See prev version for working copy.

Author: tgmars

.gitignore

@@ -4,6 +4,7 @@
 *.dll
 *.so
 *.dylib
+flshell
 
 # Test binary, build with `go test -c`
 *.test
@@ -14,3 +15,4 @@
 #Random
 *.txt
 .vscode/
+

README.md

@@ -1,6 +1,11 @@
 # FLShell
 
-### Usage: ./flshell imagename offset(in sectors)
+### Usage: ./flshell -d=imagename -o=offset(in sectors)
+
+```
+FLShell is being rewritten to use tcell rather than termbox-go, to improve modularity and code quality. 
+Currently doesn't operate as advertised, see previous version for an operational version.
+```
 
 FLShell is designed to decrease the time taken to navigate through a disk image using The Sleuthkit's fls tool by providing an interactive shell.
 
@@ -24,9 +29,9 @@ go build ./...
 2. Unable to enter unallocated directories.
 
 ### Coming features/To do
-1. Dump directories utilising tsk recover
-2. Do error handling
-3. Confirmation prior to dumping files
-4. Gather more information on current directory and display it back to the user (timestamps, filesize?)
-5. Huge code cleanup 
+1. listChildren() to return on a string slice rather than string to save effort & memory expanding functionality.
+2. Gather more information on current directory and display it back to the user (timestamps, filesize?).
+3. Search for files by timestamps.
+4. Add method to Item struct to get a 'pwd' equivalent.
+
 

cache.go

@@ -5,7 +5,7 @@ import (
 	"strings"
 )
 
-// Item ... Basic struct for all items in file system.
+// Item ... Basic struct for all items in file system. Type describes if the item is a directory or file.
 type Item struct {
 	Type     string
 	Inode    string
@@ -52,7 +52,7 @@ func (f *Item) sortChildrenByAlphaDescending() {
 func (f *Item) listChildren() string {
 	var msg strings.Builder
 	for _, child := range f.Children {
-		msg.WriteString(child.Type + " " + child.Inode + ":\t" + child.Name + "\n")
+		msg.WriteString(child.Type + " " + child.Inode + "    " + child.Name + "\n")
 	}
 	return msg.String()
 
@@ -93,3 +93,8 @@ func (f *Item) goDown(parent Item, itemType string, inode string) *Item {
 	}
 	return nil
 }
+
+// getPath ... TODO - Return a string containing the path of the current directory
+func (f *Item) getPath() string {
+	return ""
+}

cmdcontroller.go

@@ -0,0 +1,90 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+)
+
+//Reading executer.go
+// This file flows in building blocks, initially constructing the arguments that are passed.
+// Then the struct that is used to execute a command
+// The code that enables execution of the given struct
+
+// argsUpdater ... Updates the slice of arguments that are passed with the command to be executed.
+// if there are less than 4 arguments (ie, a path to an image, -o, and an offset (with no inode))
+// Then the arguments are updated and the inode string is appended. Otherwise, just update the inode
+// value to the requested one.
+func argsUpdater(arguments []string, inode string) []string {
+	if len(arguments) < 4 {
+		arguments = append(arguments, inode)
+	}
+	arguments[3] = inode
+	return arguments
+}
+
+// argsUpdaterRecover ... Updates the slice of arguments that are passed with the command to be executed.
+// if there are less than 5 arguments (ie, a path to an image, -o, an offset, -d and no inode)
+// Then the arguments are updated and the inode string is appended. Otherwise, just update the inode
+// value to the requested one.
+func argsUpdaterRecover(arguments []string, inode string, carveunallocated bool) []string {
+	if len(arguments) < 6 {
+		arguments = append(arguments, inode, "a")
+	}
+	if carveunallocated {
+		arguments[5] = "e"
+	} else {
+		arguments[5] = "a"
+	}
+	arguments[4] = inode
+	return arguments
+}
+
+// executeFLS ... Pass the command to be executed and its arguments as a slice of strings.
+// fills an item object with the current items for fls, for icat and tsk_recover it writes to a file.
+func executeFLS(args []string) bool {
+	cmdStruct := exec.Command("fls", args...)
+	cmdOutput := commandExecuter(cmdStruct)
+
+	// Only attempt to populate the directory if the output of the fls command run contains stuff.
+	if len(cmdOutput) > 0 {
+		directory.populate(cmdOutput)
+		return true
+	}
+
+	return false
+}
+
+// executeCarvers ... Pass the command to be executed and its arguments as a slice of strings.
+// Writes a directory or file and its mft information to a file specified by itemname.
+// Returns true on successful completion, false if no cases are met.
+func executeCarvers(cmd string, args []string, itemname string) bool {
+	switch cmd {
+	case "icat":
+		icatstruct := exec.Command(cmd, args...)
+		writeCmdToFile(itemname, icatstruct)
+		istatstruct := exec.Command(cmd, args...)
+		writeCmdToFile(itemname+".mft", istatstruct)
+		return true
+	case "tsk_recover":
+		recoverstruct := exec.Command(cmd, args...)
+		writeCmdToFile(itemname, recoverstruct)
+		return true
+	}
+	return false
+}
+
+// commandExecuter ... Executes a command on the host given a command structure and
+// returns the output as a string.
+func commandExecuter(cmdstruct *exec.Cmd) string {
+	// Define vars that will be used to store output and error of running the command.
+	var (
+		cmdOutput []byte
+		cmdErr    error
+	)
+	if cmdOutput, cmdErr = cmdstruct.Output(); cmdErr != nil {
+		fmt.Fprintln(os.Stderr, cmdErr)
+		os.Exit(1)
+	}
+	return string(cmdOutput)
+}

debug

@@ -0,0 +1,42 @@
+// interfacecontroller.go contains functions to manage the execution of programs interacting with the OS
+// it handles the conditions under which certain calls to functions within executer.go are made and returns
+// messages avaiable for use in view.go
+
+package main
+
+// messageRetrieve ... Pass the users selection as an inode for fls or command+inode for carving and a slice of the current
+// directory to retrieve a single element of the slice.
+func messageRetrieve(selection string, input []string) string {
+
+	//Pull the inode and name from the selection.
+	// TODO Test this on selection without a slice to determine how robust the regex is.
+	selectionInode := inodeMatcher(selection)
+	selectionName := nameMatcher(selection)
+
+	// Does not matter that this is not robust logic, input will be locked down by line selection in tcell version.
+	// References to global executionArgs and the unallocatedRecover command line parameter
+	// Return a success message if executeCarvers completes successfully, else return a failure message to the user.
+	if selection[0] == 't' {
+		if executeCarvers("tsk_recover", argsUpdaterRecover(executionArgsRecover, selectionInode, *unallocatedRecover), selectionName) {
+			return "Successfully carved " + selectionName
+		}
+		return "Failed to carve " + selectionName
+	}
+
+	if selection[0] == 'i' {
+		if executeCarvers("icat", argsUpdater(executionArgs, selectionInode), selectionName) {
+			return "Successfully carved " + selectionName
+		}
+		return "Failed to carve " + selectionName
+	} else {
+		// If there's nothing in the selection string providing direction to carve,
+		// then iterate through input and return a line that has an inode matching to the
+		// selectionInode.
+		for _, inputLine := range input {
+			if selectionInode == inodeMatcher(inputLine) {
+				return inputLine
+			}
+		}
+	}
+	return "Unable to find a line in the input that matches the input string."
+}

executer.go

@@ -13,6 +13,7 @@ func check(e error) {
 	}
 }
 
+// writeCmdToFile ... Writes the output of a command passed to the OS to a file in the current directory.
 func writeCmdToFile(filename string, cmdstruct *exec.Cmd) {
 	outfile, err := os.Create("./" + filename)
 	check(err)
@@ -32,6 +33,7 @@ func writeCmdToFile(filename string, cmdstruct *exec.Cmd) {
 	cmdstruct.Wait()
 }
 
+// writeStringToFile ... Writes a string to a file in the current directory.
 func writeStringToFile(filename string, input string) {
 	f, err := os.Create("./" + filename)
 	check(err)