Ability to append data to extraction file
nyuware opened this issue · 2 comments
Is your feature request related to a problem? Please describe.
I'm currently writing a handler for the EWF file format, this format is usually used for single disk images destined to be used in recoveries or criminal investigations. While using the FileSystem class, it's currently not possible to extract a single file using fs.carve or fs.write_bytes or fs.write_chunks.
Doing this entry_path = Path("ewf.decrypted") would result into Errno 17: file already exists
Describe the solution you'd like
The ability to create a single file, perhaps re-adjusting the flags of those functions to allow the creation of a single file
Perhaps giving the ability of using "ab" instead of "wb" while opening a file ?
Additional context
Here is my current code, I'm using the offset of the chunks I'm currently extracting, because there is no other way to name it
for _ in range(header.number_of_entries):
entry = self._struct_parser.parse("table_entry_t", file, Endian.LITTLE)
entry_path = Path(f"{str(entry.offset)}.bin")
entries.append((Path(entry_path.name),entry.offset,))
for i, (carve_path, start_offset) in enumerate(entries):
if i < len(entries) - 1:
next_offset = entries[i + 1][1]
size = int.from_bytes(next_offset, byteorder="little") - int.from_bytes(start_offset, byteorder="little")
if file.read(2) in (magic.value for magic in zlibmagic):
fs.write_bytes(carve_path,zlib.decompress(file.read(size)))
else:
fs.carve(carve_path, file, position + int.from_bytes(start_offset, byteorder="little"), size)
paging the Filesystem API designer @e3krisztian to get their take on this
I would not complicate carve and friends with append functionality, as those are specialized convenience functions.
I think FileSystem.open() should cover this more generic usage.
open will return a normal file object for random access. If you need to open the same file several times, just seek to the end before writing, but I think you can get by with a single open in this case.