Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve SQLite table exist checks #958

Merged
merged 7 commits into from
Nov 28, 2024
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions dissect/target/loaders/itunes.py
Original file line number Diff line number Diff line change
Expand Up @@ -163,8 +163,10 @@ def derive_key(self, password: str) -> bytes:

def files(self) -> Iterator[FileInfo]:
"""Iterate all the files in this backup."""
for row in self.manifest_db.table("Files").rows():
yield FileInfo(self, row.fileID, row.domain, row.relativePath, row.flags, row.file)

if table := self.manifest_db.table("Files"):
for row in table.rows():
yield FileInfo(self, row.fileID, row.domain, row.relativePath, row.flags, row.file)


class FileInfo:
Expand Down
13 changes: 7 additions & 6 deletions dissect/target/plugins/apps/browser/iexplore.py
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,13 @@ def find_containers(self, name: str) -> Iterator[table.Table]:
All ``ContainerId`` values for the requested container name.
"""
try:
for container_record in self.db.table("Containers").records():
if record_name := container_record.get("Name"):
record_name = record_name.rstrip("\00").lower()
if record_name == name.lower():
container_id = container_record.get("ContainerId")
yield self.db.table(f"Container_{container_id}")
if table := self.db.table("Containers"):
JSCU-CNI marked this conversation as resolved.
Show resolved Hide resolved
for container_record in table.records():
if record_name := container_record.get("Name"):
record_name = record_name.rstrip("\00").lower()
if record_name == name.lower():
container_id = container_record.get("ContainerId")
yield self.db.table(f"Container_{container_id}")
except KeyError:
pass

Expand Down
6 changes: 5 additions & 1 deletion dissect/target/plugins/os/unix/esxi/_os.py
Original file line number Diff line number Diff line change
Expand Up @@ -472,7 +472,11 @@ def parse_config_store(fh: BinaryIO) -> dict[str, Any]:
db = sqlite3.SQLite3(fh)

store = {}
for row in db.table("Config").rows():

if not (table := db.table("Config")):
JSCU-CNI marked this conversation as resolved.
Show resolved Hide resolved
return store

for row in table.rows():
component_name = row.Component
config_group_name = row.ConfigGroup
value_group_name = row.Name
Expand Down
6 changes: 5 additions & 1 deletion dissect/target/plugins/os/windows/activitiescache.py
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,11 @@ def activitiescache(self) -> Iterator[ActivitiesCacheRecord]:
for user, cache_file in self.cachefiles:
fh = cache_file.open()
db = sqlite3.SQLite3(fh)
for r in db.table("Activity").rows():

if not (table := db.table("Activity")):
return

for r in table.rows():
JSCU-CNI marked this conversation as resolved.
Show resolved Hide resolved
yield ActivitiesCacheRecord(
start_time=mkts(r["[StartTime]"]),
end_time=mkts(r["[EndTime]"]),
Expand Down
5 changes: 2 additions & 3 deletions dissect/target/plugins/os/windows/catroot.py
Original file line number Diff line number Diff line change
Expand Up @@ -217,12 +217,11 @@ def catdb(self) -> Iterator[CatrootRecord]:
with ese_file.open("rb") as fh:
ese_db = EseDB(fh)

tables = [table.name for table in ese_db.tables()]
for hash_type, table_name in [("sha256", "HashCatNameTableSHA256"), ("sha1", "HashCatNameTableSHA1")]:
if table_name not in tables:
if not (table := ese_db.table(table_name)):
JSCU-CNI marked this conversation as resolved.
Show resolved Hide resolved
continue

for record in ese_db.table(table_name).records():
for record in table.records():
file_digest = digest()
setattr(file_digest, hash_type, record.get("HashCatNameTable_HashCol").hex())
catroot_names = record.get("HashCatNameTable_CatNameCol").decode().rstrip("|").split("|")
Expand Down
34 changes: 19 additions & 15 deletions dissect/target/plugins/os/windows/notifications.py
Original file line number Diff line number Diff line change
Expand Up @@ -442,23 +442,27 @@ def wpndatabase(self) -> Iterator[WpnDatabaseNotificationRecord | WpnDatabaseNot
"""
for user, wpndatabase in self.wpndb_files:
db = sqlite3.SQLite3(wpndatabase.open())

handlers = {}
for row in db.table("NotificationHandler").rows():
handlers[row["[RecordId]"]] = WpnDatabaseNotificationHandlerRecord(
created_time=datetime.datetime.strptime(row["[CreatedTime]"], "%Y-%m-%d %H:%M:%S"),
modified_time=datetime.datetime.strptime(row["[ModifiedTime]"], "%Y-%m-%d %H:%M:%S"),
id=row["[RecordId]"],
primary_id=row["[PrimaryId]"],
wns_id=row["[WNSId]"],
handler_type=row["[HandlerType]"],
wnf_event_name=row["[WNFEventName]"],
system_data_property_set=row["[SystemDataPropertySet]"],
_target=self.target,
_user=user,
)

for row in db.table("Notification").rows():
if table := db.table("NotificationHandler"):
for row in table.rows():
handlers[row["[RecordId]"]] = WpnDatabaseNotificationHandlerRecord(
created_time=datetime.datetime.strptime(row["[CreatedTime]"], "%Y-%m-%d %H:%M:%S"),
modified_time=datetime.datetime.strptime(row["[ModifiedTime]"], "%Y-%m-%d %H:%M:%S"),
id=row["[RecordId]"],
primary_id=row["[PrimaryId]"],
wns_id=row["[WNSId]"],
handler_type=row["[HandlerType]"],
wnf_event_name=row["[WNFEventName]"],
system_data_property_set=row["[SystemDataPropertySet]"],
_target=self.target,
_user=user,
)

if not (table := db.table("Notification")):
return

for row in table.rows():
JSCU-CNI marked this conversation as resolved.
Show resolved Hide resolved
record = WpnDatabaseNotificationRecord(
arrival_time=wintimestamp(row["[ArrivalTime]"]),
expiry_time=wintimestamp(row["[ExpiryTime]"]),
Expand Down