Add Windows Jumplist plugin

[Zawadidone]

target-query -t TARGET -f jumplist  --limit 1 | rdump -L
[reading from stdin]
--[ RECORD 1 ]--
          hostname = WINDEV2401EVAL
            domain = None
              type = customDestinations
    application_id = 590aee7bdd69b59b
  application_name = Powershell Windows 10
          lnk_path = C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
          lnk_name = None
         lnk_mtime = 2024-03-21 17:16:41.027615+00:00
         lnk_atime = 2024-03-21 17:16:40.997318+00:00
         lnk_ctime = 2024-03-21 17:16:29.070940+00:00
  lnk_relativepath = None
       lnk_workdir = None
     lnk_arguments = None
  lnk_iconlocation = %windir%\System32\WindowsPowerShell\v1.0\powershell.exe
   local_base_path = C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
common_path_suffix = 
      lnk_net_name = None
   lnk_device_name = None
     lnk_full_path = C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk
        machine_id = windev2401eval
      target_mtime = 2022-05-07 05:22:32.504461+00:00
      target_atime = 2024-03-21 17:16:28.045404+00:00
      target_ctime = 2024-03-21 17:16:20.202059+00:00
          username = User
           user_id = S-1-5-21-147454635-2304731113-4176578439-1000
        user_group = None
         user_home = C:\Users\User
[...]

[Horofic]

I think additionally exporting the custom_destination and automatic_destination plugins would be nice. So you can choose between them. Something like:

• target-query -f jumplist.automatic_destination for just automatic_destination jumplists,
• target-query -f jumplist.custom_destination for just custom_destination jumplists,
• target-query -f jumplist for both.

[Zawadidone]

Is it a known issue that namespace plugins do not work?

AttributeError: 'JumpListPlugin' object has no attribute 'SUBPLUGINS'

[Horofic]

An issue with nested namespaced plugin was reported here #758 and fixed in this PR #763. Could you try and check-out this PR to see if your issue persists?

[Zawadidone]

The issue persists.

[Horofic]

@Zawadidone I also committed some suggestions directly in your PR, please check if you see anything wrong :).

[codecov]

Codecov Report

Attention: Patch coverage is 79.16667% with 35 lines in your changes missing coverage. Please review.

Project coverage is 75.40%. Comparing base (cf080f6) to head (3fe7986).
Report is 2 commits behind head on main.

Files	Patch %	Lines
dissect/target/plugins/os/windows/jumplist.py	76.98%	29 Missing ⚠️
dissect/target/plugins/os/windows/lnk.py	81.25%	6 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #669      +/-   ##
==========================================
+ Coverage   75.39%   75.40%   +0.01%     
==========================================
  Files         300      302       +2     
  Lines       26023    26152     +129     
==========================================
+ Hits        19620    19720     +100     
- Misses       6403     6432      +29     

Flag	Coverage Δ
unittests	75.40% <79.16%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Zawadidone]

f9fb309 (#669) is based on 6464029 (#669), if this is not preferred I can remove the commit from the branch.

[Horofic]

f9fb309 (#669) is based on 6464029 (#669), if this is not preferred I can remove the commit from the branch.

6464029 (#669) is fine! That actually was the first approach I took :)

[Horofic]

Suggested change

	import io
	import logging
	from struct import error as StructError
	from typing import BinaryIO, Callable, Iterator
	from __future__ import annotations
	import io
	import logging
	from struct import error as StructError
	from typing import BinaryIO, Iterator

[Zawadidone]

Fixed

[Horofic]

Suggested change

	def _generate_records(self, destinations: list, destination_file: Callable) -> Iterator[JumpListRecord]:
	def _generate_records(
	self, destinations: list, destination_file: AutomaticDestinationFile | CustomDestinationFile
	) -> Iterator[JumpListRecord]

[Zawadidone]

Fixed