Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SQLite parser for Files by Google (files_master_database) file #4938

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Add SQLite parser for Files by Google (files_master_database) file #4938

wants to merge 8 commits into from

Conversation

gustino7
Copy link

@gustino7 gustino7 commented Dec 5, 2024

One line description of pull request

Add SQLite parser for Files by Google (files_master_database) file

Description:

I add/edit several files:

  • Add import files_by_google to plaso/parsers/sqlite_plugins/init.py
  • Add a new parser plugin files_by_google.py to plaso/parsers/sqlite_plugins/
  • Add files_master_database file to test_data/
  • Add unit test files_by_google.py to tests/parsers/sqlite_plugins/
  • Modify android.yaml to support Files by Google parser plugin (plaso/data/formatters/android.yaml)
  • Modify timeliner.yaml to support Files by Google parser plugin (plaso/data/timeliner.yaml)

Notes:

All contributions to Plaso undergo code review.
This makes sure that the code has appropriate test coverage and conforms to the
Plaso style guide.

One of the maintainers will examine your code, and may request changes. Check off the items below in
order, and then a maintainer will review your code.

Checklist:

  • Automated checks (GitHub Actions, AppVeyor) pass
  • No new new dependencies are required or l2tdevtools has been updated
  • Reviewer assigned

“ino” and others added 8 commits November 2, 2024 11:21
add: parser Files by Google
9dadbec
add: init.py sqlite plugin
737dda1
@jundi77
fix: wrong table in required structure files_by_google
f0e8f5d
@jundi77
add: files_by_google to plaso timeliner
c998fe1
@jundi77
add: files_by_google to plaso timeliner
1afc814 
TODO: both timeliner and formatters MUST be reviewed for a better output on sentencing and description
@jundi77
Files by google parser unit test (#1)
072eec9 
* Create files_by_google.py

* Add files_master_database for files_by_google unit test

* Update db filename used in files_by_google unit test

* Fix unit test files_by_google

Fix unit test files_by_google:
- Renamed class to conform with other test class
- Wrong class used in plugin variable used for testing
- Event data is mistakenly written in AM/PM mode, now is written in 24H format
- Fix some value `expected_event_values` is in number type
- Mistakenly assumed in GetAttributeContainerByIndex that 1 is the first event_data, now changed to 0
@gustino7
fix: linting with pylint
baaf527
@jundi77
fix wrong query in files_by_google parser
fb0aee7
@jundi77
Copy link

jundi77 commented Dec 9, 2024

Is the cause of continuous-integration/appveyor/pr failing because lack of appveyor quota?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gustino7 @jundi77