Improve SQLite table exist checks

dissect/target/loaders/itunes.py

@@ -163,8 +163,10 @@
 
     def files(self) -> Iterator[FileInfo]:
         """Iterate all the files in this backup."""
-        for row in self.manifest_db.table("Files").rows():
-            yield FileInfo(self, row.fileID, row.domain, row.relativePath, row.flags, row.file)
+
+        if table := self.manifest_db.table("Files"):
+            for row in table.rows():
+                yield FileInfo(self, row.fileID, row.domain, row.relativePath, row.flags, row.file)
 
 
 class FileInfo:

dissect/target/plugins/apps/browser/iexplore.py

@@ -36,14 +36,18 @@
             All ``ContainerId`` values for the requested container name.
         """
         try:
-            for container_record in self.db.table("Containers").records():
+            table = self.db.table("Containers")
+
+            for container_record in table.records():
                 if record_name := container_record.get("Name"):
                     record_name = record_name.rstrip("\00").lower()
                     if record_name == name.lower():
                         container_id = container_record.get("ContainerId")
                         yield self.db.table(f"Container_{container_id}")
-        except KeyError:
-            pass
+
+        except KeyError as e:
+            self.target.log.warning("Exception while parsing EseDB Containers table")
+            self.target.log.debug("", exc_info=e)
 
     def _iter_records(self, name: str) -> Iterator[record.Record]:
         """Yield records from a Webcache container.

dissect/target/plugins/os/unix/esxi/_os.py

@@ -472,37 +472,39 @@
     db = sqlite3.SQLite3(fh)
 
     store = {}
-    for row in db.table("Config").rows():
-        component_name = row.Component
-        config_group_name = row.ConfigGroup
-        value_group_name = row.Name
-        identifier_name = row.Identifier
-
-        if component_name not in store:
-            store[component_name] = {}
-        component = store[component_name]
-
-        if config_group_name not in component:
-            component[config_group_name] = {}
-        config_group = component[config_group_name]
-
-        if value_group_name not in config_group:
-            config_group[value_group_name] = {}
-        value_group = config_group[value_group_name]
-
-        if identifier_name not in value_group:
-            value_group[identifier_name] = {}
-        identifier = value_group[identifier_name]
-
-        identifier["modified_time"] = row.ModifiedTime
-        identifier["creation_time"] = row.CreationTime
-        identifier["version"] = row.Version
-        identifier["success"] = row.Success
-        identifier["auto_conf_value"] = json.loads(row.AutoConfValue) if row.AutoConfValue else None
-        identifier["user_value"] = json.loads(row.UserValue) if row.UserValue else None
-        identifier["vital_value"] = json.loads(row.VitalValue) if row.VitalValue else None
-        identifier["cached_value"] = json.loads(row.CachedValue) if row.CachedValue else None
-        identifier["desired_value"] = json.loads(row.DesiredValue) if row.DesiredValue else None
-        identifier["revision"] = row.Revision
+
+    if table := db.table("Config"):
+        for row in table.rows():
+            component_name = row.Component
+            config_group_name = row.ConfigGroup
+            value_group_name = row.Name
+            identifier_name = row.Identifier
+
+            if component_name not in store:
+                store[component_name] = {}
+            component = store[component_name]
+
+            if config_group_name not in component:
+                component[config_group_name] = {}
+            config_group = component[config_group_name]
+
+            if value_group_name not in config_group:
+                config_group[value_group_name] = {}
+            value_group = config_group[value_group_name]
+
+            if identifier_name not in value_group:
+                value_group[identifier_name] = {}
+            identifier = value_group[identifier_name]
+
+            identifier["modified_time"] = row.ModifiedTime
+            identifier["creation_time"] = row.CreationTime
+            identifier["version"] = row.Version
+            identifier["success"] = row.Success
+            identifier["auto_conf_value"] = json.loads(row.AutoConfValue) if row.AutoConfValue else None
+            identifier["user_value"] = json.loads(row.UserValue) if row.UserValue else None
+            identifier["vital_value"] = json.loads(row.VitalValue) if row.VitalValue else None
+            identifier["cached_value"] = json.loads(row.CachedValue) if row.CachedValue else None
+            identifier["desired_value"] = json.loads(row.DesiredValue) if row.DesiredValue else None
+            identifier["revision"] = row.Revision
 
     return store

dissect/target/plugins/os/windows/activitiescache.py

@@ -116,36 +116,38 @@
         for user, cache_file in self.cachefiles:
             fh = cache_file.open()
             db = sqlite3.SQLite3(fh)
-            for r in db.table("Activity").rows():
-                yield ActivitiesCacheRecord(
-                    start_time=mkts(r["[StartTime]"]),
-                    end_time=mkts(r["[EndTime]"]),
-                    last_modified_time=mkts(r["[LastModifiedTime]"]),
-                    last_modified_on_client=mkts(r["[LastModifiedOnClient]"]),
-                    original_last_modified_on_client=mkts(r["[OriginalLastModifiedOnClient]"]),
-                    expiration_time=mkts(r["[ExpirationTime]"]),
-                    app_id=r["[AppId]"],
-                    enterprise_id=r["[EnterpriseId]"],
-                    app_activity_id=r["[AppActivityId]"],
-                    group_app_activity_id=r["[GroupAppActivityId]"],
-                    group=r["[Group]"],
-                    activity_type=r["[ActivityType]"],
-                    activity_status=r["[ActivityStatus]"],
-                    priority=r["[Priority]"],
-                    match_id=r["[MatchId]"],
-                    etag=r["[ETag]"],
-                    tag=r["[Tag]"],
-                    is_local_only=r["[IsLocalOnly]"],
-                    created_in_cloud=r["[CreatedInCloud]"],
-                    platform_device_id=r["[PlatformDeviceId]"],
-                    package_id_hash=r["[PackageIdHash]"],
-                    id=r["[Id]"],
-                    payload=r["[Payload]"],
-                    original_payload=r["[OriginalPayload]"],
-                    clipboard_payload=r["[ClipboardPayload]"],
-                    _target=self.target,
-                    _user=user,
-                )
+
+            if table := db.table("Activity"):
+                for r in table.rows():
+                    yield ActivitiesCacheRecord(
+                        start_time=mkts(r["[StartTime]"]),
+                        end_time=mkts(r["[EndTime]"]),
+                        last_modified_time=mkts(r["[LastModifiedTime]"]),
+                        last_modified_on_client=mkts(r["[LastModifiedOnClient]"]),
+                        original_last_modified_on_client=mkts(r["[OriginalLastModifiedOnClient]"]),
+                        expiration_time=mkts(r["[ExpirationTime]"]),
+                        app_id=r["[AppId]"],
+                        enterprise_id=r["[EnterpriseId]"],
+                        app_activity_id=r["[AppActivityId]"],
+                        group_app_activity_id=r["[GroupAppActivityId]"],
+                        group=r["[Group]"],
+                        activity_type=r["[ActivityType]"],
+                        activity_status=r["[ActivityStatus]"],
+                        priority=r["[Priority]"],
+                        match_id=r["[MatchId]"],
+                        etag=r["[ETag]"],
+                        tag=r["[Tag]"],
+                        is_local_only=r["[IsLocalOnly]"],
+                        created_in_cloud=r["[CreatedInCloud]"],
+                        platform_device_id=r["[PlatformDeviceId]"],
+                        package_id_hash=r["[PackageIdHash]"],
+                        id=r["[Id]"],
+                        payload=r["[Payload]"],
+                        original_payload=r["[OriginalPayload]"],
+                        clipboard_payload=r["[ClipboardPayload]"],
+                        _target=self.target,
+                        _user=user,
+                    )
 
 
 def mkts(ts: int) -> datetime | None:

dissect/target/plugins/os/windows/catroot.py

@@ -217,12 +217,15 @@
             with ese_file.open("rb") as fh:
                 ese_db = EseDB(fh)
 
-                tables = [table.name for table in ese_db.tables()]
                 for hash_type, table_name in [("sha256", "HashCatNameTableSHA256"), ("sha1", "HashCatNameTableSHA1")]:
-                    if table_name not in tables:
+                    try:
+                        table = ese_db.table(table_name)
+                    except KeyError as e:
+                        self.target.log.warning("EseDB %s has no table %s", ese_file, table_name)
+                        self.target.log.debug("", exc_info=e)
                         continue
 
-                    for record in ese_db.table(table_name).records():
+                    for record in table.records():
                         file_digest = digest()
                         setattr(file_digest, hash_type, record.get("HashCatNameTable_HashCol").hex())
                         catroot_names = record.get("HashCatNameTable_CatNameCol").decode().rstrip("|").split("|")

dissect/target/plugins/os/windows/notifications.py

@@ -442,43 +442,45 @@
         """
         for user, wpndatabase in self.wpndb_files:
             db = sqlite3.SQLite3(wpndatabase.open())
-
             handlers = {}
-            for row in db.table("NotificationHandler").rows():
-                handlers[row["[RecordId]"]] = WpnDatabaseNotificationHandlerRecord(
-                    created_time=datetime.datetime.strptime(row["[CreatedTime]"], "%Y-%m-%d %H:%M:%S"),
-                    modified_time=datetime.datetime.strptime(row["[ModifiedTime]"], "%Y-%m-%d %H:%M:%S"),
-                    id=row["[RecordId]"],
-                    primary_id=row["[PrimaryId]"],
-                    wns_id=row["[WNSId]"],
-                    handler_type=row["[HandlerType]"],
-                    wnf_event_name=row["[WNFEventName]"],
-                    system_data_property_set=row["[SystemDataPropertySet]"],
-                    _target=self.target,
-                    _user=user,
-                )
-
-            for row in db.table("Notification").rows():
-                record = WpnDatabaseNotificationRecord(
-                    arrival_time=wintimestamp(row["[ArrivalTime]"]),
-                    expiry_time=wintimestamp(row["[ExpiryTime]"]),
-                    order=row["[Order]"],
-                    id=row["[Id]"],
-                    handler_id=row["[HandlerId]"],
-                    activity_id=UUID(bytes=row["[ActivityId]"]),
-                    type=row["[Type]"],
-                    payload=row["[Payload]"],
-                    payload_type=row["[PayloadType]"],
-                    tag=row["[Tag]"],
-                    group=row["[Group]"],
-                    boot_id=row["[BootId]"],
-                    expires_on_reboot=row["[ExpiresOnReboot]"] != "FALSE",
-                    _target=self.target,
-                    _user=user,
-                )
-                handler = handlers.get(row["[HandlerId]"])
 
-                if handler:
-                    yield GroupedRecord("windows/notification/wpndatabase/grouped", [record, handler])
-                else:
-                    yield record
+            if table := db.table("NotificationHandler"):
+                for row in table.rows():
+                    handlers[row["[RecordId]"]] = WpnDatabaseNotificationHandlerRecord(
+                        created_time=datetime.datetime.strptime(row["[CreatedTime]"], "%Y-%m-%d %H:%M:%S"),
+                        modified_time=datetime.datetime.strptime(row["[ModifiedTime]"], "%Y-%m-%d %H:%M:%S"),
+                        id=row["[RecordId]"],
+                        primary_id=row["[PrimaryId]"],
+                        wns_id=row["[WNSId]"],
+                        handler_type=row["[HandlerType]"],
+                        wnf_event_name=row["[WNFEventName]"],
+                        system_data_property_set=row["[SystemDataPropertySet]"],
+                        _target=self.target,
+                        _user=user,
+                    )
+
+            if table := db.table("Notification"):
+                for row in table.rows():
+                    record = WpnDatabaseNotificationRecord(
+                        arrival_time=wintimestamp(row["[ArrivalTime]"]),
+                        expiry_time=wintimestamp(row["[ExpiryTime]"]),
+                        order=row["[Order]"],
+                        id=row["[Id]"],
+                        handler_id=row["[HandlerId]"],
+                        activity_id=UUID(bytes=row["[ActivityId]"]),
+                        type=row["[Type]"],
+                        payload=row["[Payload]"],
+                        payload_type=row["[PayloadType]"],
+                        tag=row["[Tag]"],
+                        group=row["[Group]"],
+                        boot_id=row["[BootId]"],
+                        expires_on_reboot=row["[ExpiresOnReboot]"] != "FALSE",
+                        _target=self.target,
+                        _user=user,
+                    )
+                    handler = handlers.get(row["[HandlerId]"])
+
+                    if handler:
+                        yield GroupedRecord("windows/notification/wpndatabase/grouped", [record, handler])
+                    else:
+                        yield record