Add esxi (#62)

.github/workflows/ci.yml

@@ -4,7 +4,7 @@ on:
     branches: [ master ]
   pull_request:
   schedule:
-    - cron:  '0 0 * * *'
+    - cron:  '0 0 * * 0'
 
 jobs:
 

cmd/artifactvalidator/main.go

@@ -26,10 +26,12 @@
 // that can validate artifact definition files and search for errors, possible
 // inconsistencies and other flaws.
 //
-// Usage
+// # Usage
 //
 // To run just provide the location of the forensic artifact definition files:
-//     artifactvalidator -v -s artifacts/data/*.yaml
+//
+//	artifactvalidator -v -s artifacts/data/*.yaml
+//
 // The output is a list of potential issues in those files.
 package main
 

cmd/artifactvalidator/validator.go

@@ -316,6 +316,7 @@ func (r *validator) validateParametersProvided(artifactDefinitions []goartifacts
 		"Windows": {},
 		"Darwin":  {},
 		"Linux":   {},
+		"ESXi":    {},
 	}
 	var regex = regexp.MustCompile(`%?%(.*?)%?%`)
 
@@ -343,6 +344,7 @@ func (r *validator) validateParametersProvided(artifactDefinitions []goartifacts
 		"Windows": {},
 		"Darwin":  {},
 		"Linux":   {},
+		"ESXi":    {},
 	}
 
 	for _, artifactDefinition := range artifactDefinitions {
@@ -494,7 +496,10 @@ func (r *validator) validateOSSpecific(filename string, artifactDefinition goart
 
 func (r *validator) validateNameCase(filename string, artifactDefinition goartifacts.ArtifactDefinition) {
 	if len(artifactDefinition.Name) < 2 { //nolint:gomnd
-		r.addErrorf(filename, artifactDefinition.Name, "Artifact names be longer than 2 characters")
+		r.addErrorf(filename, artifactDefinition.Name, "Artifact names need be longer than 2 characters")
+		return
+	}
+	if strings.HasPrefix(artifactDefinition.Name, "vSphere") || strings.HasPrefix(artifactDefinition.Name, "vCenter") {
 		return
 	}
 	if strings.ToUpper(artifactDefinition.Name[:1]) != artifactDefinition.Name[:1] {
@@ -858,14 +863,16 @@ var supportedOS = struct {
 	Darwin  string
 	Linux   string
 	Windows string
+	ESXi    string
 }{
 	Darwin:  "Darwin",
 	Linux:   "Linux",
 	Windows: "Windows",
+	ESXi:    "ESXi",
 }
 
 func listOSS() []string {
-	return []string{supportedOS.Darwin, supportedOS.Linux, supportedOS.Windows}
+	return []string{supportedOS.Darwin, supportedOS.Linux, supportedOS.Windows, supportedOS.ESXi}
 }
 
 // listTypes returns a list of all artifact definition source types.

cmd/artifactvalidator/validator_test.go

@@ -314,9 +314,11 @@ func Test_validator_validateParametersProvided(t *testing.T) {
 			{Warning, "Parameter CURRENT_CONTROL_SET is not provided for Windows", "TestProvided", ""},
 			{Warning, "Parameter CURRENT_CONTROL_SET is not provided for Linux", "TestProvided", ""},
 			{Warning, "Parameter CURRENT_CONTROL_SET is not provided for Darwin", "TestProvided", ""},
+			{Warning, "Parameter CURRENT_CONTROL_SET is not provided for ESXi", "TestProvided", ""},
 		}},
 		{"No provides 2", "not_provided_2.yaml", []Flaw{
 			{Warning, "Parameter CURRENT_CONTROL_SET is not provided for Windows", "TestProvided2", ""},
+			{Warning, "Parameter CURRENT_CONTROL_SET is not provided for ESXi", "TestProvided2", ""},
 		}},
 	}
 	for _, tt := range tests {

go.mod

@@ -5,13 +5,21 @@ go 1.19
 require (
 	github.com/forensicanalysis/fsdoublestar v0.1.0
 	github.com/forensicanalysis/fslib v0.15.1
-	github.com/go-stack/stack v1.8.0 // indirect
 	github.com/inconshreveable/log15 v0.0.0-20201112154412-8562bdadbbac
 	github.com/looplab/tarjan v0.1.0
+	github.com/olekukonko/tablewriter v0.0.5
+	gopkg.in/yaml.v2 v2.4.0
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/djherbis/times v1.5.0 // indirect
+	github.com/go-stack/stack v1.8.0 // indirect
+	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/mattn/go-colorable v0.1.8 // indirect
+	github.com/mattn/go-isatty v0.0.12 // indirect
 	github.com/mattn/go-runewidth v0.0.10 // indirect
-	github.com/olekukonko/tablewriter v0.0.5
 	github.com/rivo/uniseg v0.2.0 // indirect
 	golang.org/x/sys v0.0.0-20210218155724-8ebf48af031b // indirect
-	gopkg.in/yaml.v2 v2.4.0
+	www.velocidex.com/golang/go-ntfs v0.1.1 // indirect
 )

goartifacts/artifactdefinition.go

@@ -54,13 +54,13 @@ type Provide struct {
 // The Source type objects define the source of the artifact data. Currently
 // the following source types are defined:
 //
-//     * artifact; the source is one or more artifact definitions;
-//     * file; the source is one or more files;
-//     * path; the source is one or more paths;
-//     * directory; the source is one or more directories;
-//     * Windows Registry key; the source is one or more Windows Registry keys;
-//     * Windows Registry value; the source is one or more Windows Registry values;
-//     * WMI query; the source is a Windows Management Instrumentation query.
+//   - artifact; the source is one or more artifact definitions;
+//   - file; the source is one or more files;
+//   - path; the source is one or more paths;
+//   - directory; the source is one or more directories;
+//   - Windows Registry key; the source is one or more Windows Registry keys;
+//   - Windows Registry value; the source is one or more Windows Registry values;
+//   - WMI query; the source is a Windows Management Instrumentation query.
 //
 // The difference between the file and path source types are that file should
 // be used to define file entries that contain data and path, file entries that

goartifacts/expansion_unix_test.go

@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package goartifacts