Improve ApachePlugin log file discovery

[JSCU-CNI]

This PR improves the log file discovery of the ApachePlugin on targets.

• We now parse Include and IncludeOptional directives in all apache .conf files (mods, sites and confs) and extract ErrorLog and CustomLog from those configuration files.
• We now substitute Apache envvars from those log file location directives (e.g. ${APACHE_LOG_DIR}).

Fixes #1013.

[JSCU-CNI]

Could this issue be assigned a reviewer @EinatFox? This PR should improve log file detection for the Apache plugin significantly.

[Copilot]

PR Overview

This pull request improves ApachePlugin log file discovery by enhancing configuration file parsing, including support for processing Include/IncludeOptional directives and substituting Apache environment variables within log file paths.

• Parses Include and IncludeOptional directives in Apache configuration files
• Substitutes Apache envvars in log file locations
• Updates test cases and refactors plugin initialization and log discovery routines

Reviewed Changes

File	Description
tests/plugins/apps/webserver/test_apache.py	Adjusted tests to use the new plugin registration and log discovery
dissect/target/plugins/apps/webserver/apache.py	Refactored log discovery logic and added environment variable support
tests/plugins/apps/webserver/test_citrix.py	Updated test to verify unsupported plugin registration for Citrix

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

Comments suppressed due to low confidence (1)

dissect/target/plugins/apps/webserver/apache.py:409

• The word 'occured' is misspelled; consider using 'occurred'.

self.target.log.warning("An error occured parsing Apache log file %s: %s", path, str(e))

[JSCU-CNI]

The tests test_custom_config, test_config_commented_logs, test_config_vhosts_httpd and test_config_vhosts_apache2 seem to interfere with each other. Disabling the first two makes the last two pass. Do you have a clue how we can fix this @Schamper?

[JSCU-CNI]

It seems like some form of plugin caching is interfering with the tests here. We have ruled out object bleeding by switching to a factory in 8e127b8.

If we make the ApachePlugin.find_logs() method log the seen argument, we can see that fresh target_unix, fs_unix and ApachePlugin objects are populated with values from previous tests (test_custom_config and test_config_commented_logs).

We can refactor the Apache plugin to prevent this situation from happening, however this seems like a dissect caching bug to us.

    def _process_conf_file(self, path: Path, seen: set[Path] | None = set()) -> None:
        """Process an Apache ``.conf`` file for ``ServerRoot``, ``CustomLog``, ``Include``
        and ``OptionalInclude`` directives. Populates ``self.access_paths`` and ``self.error_paths``.
        """
        self.target.log.warning("Parsing %s", path)
        self.target.log.warning("Current seen %s", seen)

$ pytest tests/plugins/apps/webserver/test_apache.py -vv
...
tests/plugins/apps/webserver/test_apache.py::test_custom_config PASSED                                                                                                                                                                                                                                                                   [ 70%]
tests/plugins/apps/webserver/test_apache.py::test_config_commented_logs PASSED                                                                                                                                                                                                                                                           [ 76%]
tests/plugins/apps/webserver/test_apache.py::test_config_vhosts_httpd FAILED                                                                                                                                                                                                                                                             [ 82%]
tests/plugins/apps/webserver/test_apache.py::test_config_vhosts_apache2 FAILED 
...
test_config_vhosts_httpd
...
WARNING  dissect.target.target:apache.py:274 <Target /tmp/pytest-of-user/pytest-22/test_config_vhosts_apache20/MockTarget-19g2hmxv>: Parsing /etc/apache2/apache2.conf
WARNING  dissect.target.target:apache.py:275 <Target /tmp/pytest-of-user/pytest-22/test_config_vhosts_apache20/MockTarget-19g2hmxv>: Current seen {TargetPath('/etc/apache2/apache2.conf'), TargetPath('/etc/httpd/conf/httpd.conf')}
WARNING  dissect.target.target:apache.py:278 <Target /tmp/pytest-of-user/pytest-22/test_config_vhosts_apache20/MockTarget-19g2hmxv>: Detected recursion in Apache configuration, file already parsed: /etc/apache2/apache2.conf
...
test_config_vhosts_apache2
...
WARNING  dissect.target.target:apache.py:274 <Target /tmp/pytest-of-user/pytest-23/test_config_vhosts_apache20/MockTarget-3s13z1rn>: Parsing /etc/apache2/apache2.conf
WARNING  dissect.target.target:apache.py:275 <Target /tmp/pytest-of-user/pytest-23/test_config_vhosts_apache20/MockTarget-3s13z1rn>: Current seen {TargetPath('/etc/httpd/conf/httpd.conf'), TargetPath('/etc/apache2/apache2.conf')}
WARNING  dissect.target.target:apache.py:278 <Target /tmp/pytest-of-user/pytest-23/test_config_vhosts_apache20/MockTarget-3s13z1rn>: Detected recursion in Apache configuration, file already parsed: /etc/apache2/apache2.conf

---

Explicitly setting the seen argument to None is a dirty workaround for the caching bug: d86bd33.

[Schamper]

See the comment, I think this makes the change to a factory redundant.

[codecov]

Codecov Report

Attention: Patch coverage is 84.37500% with 15 lines in your changes missing coverage. Please review.

Project coverage is 79.11%. Comparing base (67742a2) to head (c60b21e).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
dissect/target/plugins/apps/webserver/apache.py	84.37%	15 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #980   +/-   ##
=======================================
  Coverage   79.10%   79.11%           
=======================================
  Files         341      341           
  Lines       30091    30155   +64     
=======================================
+ Hits        23804    23856   +52     
- Misses       6287     6299   +12     

Flag	Coverage Δ
unittests	79.11% <84.37%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[JSCU-CNI]

Is this PR good to go? We have another PR ready that depends on this branch :)