diff --git a/dissect/target/plugins/os/unix/history.py b/dissect/target/plugins/os/unix/history.py index edc1910ee..2798cdc98 100644 --- a/dissect/target/plugins/os/unix/history.py +++ b/dissect/target/plugins/os/unix/history.py @@ -52,7 +52,7 @@ def _find_history_files(self) -> List[Tuple[str, TargetPath, UnixUserRecord]]: for user_details in self.target.user_details.all_with_home(): for shell, history_relative_path in self.COMMAND_HISTORY_RELATIVE_PATHS: history_path = user_details.home_path.joinpath(history_relative_path) - if history_path.exists(): + if history_path.is_file(): history_files.append((shell, history_path, user_details.user)) return history_files diff --git a/tests/plugins/os/unix/test_history.py b/tests/plugins/os/unix/test_history.py index 09993c3f0..06e71dae6 100644 --- a/tests/plugins/os/unix/test_history.py +++ b/tests/plugins/os/unix/test_history.py @@ -5,6 +5,8 @@ from dissect.util.ts import from_unix from flow.record.fieldtypes import datetime as dt +from dissect.target import Target +from dissect.target.filesystem import VirtualFilesystem from dissect.target.plugins.os.unix.history import CommandHistoryPlugin @@ -214,3 +216,22 @@ def test_commandhistory_database_history(target_unix_users, fs_unix, db_type, db assert results[i].command == line assert results[i].shell == db_type assert results[i].source.as_posix() == f"/root/{db_file}" + + +def test_commandhistory_is_directory(target_unix_users: Target, fs_unix: VirtualFilesystem) -> None: + commandhistory_data = """test""" + + fs_unix.map_file_fh( + "/root/.zsh_history", + BytesIO(textwrap.dedent(commandhistory_data).encode()), + ) + + fs_unix.makedirs("/root/.bash_history") + results = list(target_unix_users.commandhistory()) + + assert len(results) == 1 + + assert results[0].ts is None + assert results[0].command == "test" + assert results[0].shell == "zsh" + assert results[0].source.as_posix() == "/root/.zsh_history"