Add iOS IMO HD chat message custom parser plugin

[agusgiinarsa]

One line description of pull request

Add iOS IMO HD chat message custom parser plugin

Description:

In this pull request I add several files :
• Add file plaso/parsers/sqlite_plugins/ios_imohdchat_message.py
• Add one line at plaso/parsers/sqlite_plugins/init.py
• Add file plaso/tests/parsers/sqlite_plugins/ios_imohdchat_message.py
• Add file plaso/test_data/IMODb2.sqlite to use as test data (from iOS forensic image in Digital Corpora)

Related issue (if applicable): fixes #

Notes:

All contributions to Plaso undergo code review.
This makes sure that the code has appropriate test coverage and conforms to the
Plaso style guide.

One of the maintainers will examine your code, and may request changes. Check off the items below in
order, and then a maintainer will review your code.

Checklist:

• Automated checks (GitHub Actions, AppVeyor) pass
• No new new dependencies are required or l2tdevtools has been updated
• Reviewer assigned
• Test data has a Plaso compatible license

[joachimmetz]

Thanks for the PR, I'm a bit preoccupied at the moment will try to take a look as soon as time permits

[joachimmetz]

style nit: make sure line has end-of-line character

[joachimmetz]

style nit: make sure line has end-of-line character

[joachimmetz]

style nit: make sure line has end-of-line character

[joachimmetz]

rebased PR

[joachimmetz]

@agusgiinarsa could you PTAL the tests are failing with: https://github.com/log2timeline/plaso/actions/runs/13491915032/job/37691437250?pr=4927#step:7:3036

======================================================================
FAIL: testProcess (parsers.sqlite_plugins.ios_imohdchat_message.IMOHDChatMessagePluginTest)
Tests the Process function.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/__w/plaso/plaso/tests/parsers/sqlite_plugins/ios_imohdchat_message.py", line 23, in testProcess
    self.assertEqual(number_of_event_data, 5)
AssertionError: 16 != 5

----------------------------------------------------------------------
Ran 1429 tests in 267.227s

[joachimmetz]

docstring don't match attribute names

self.zalias = None
self.ztext = None
self.zissent = None
self.zts = None
self.query = None

[joachimmetz]

please undo this change

[joachimmetz]

what about the other timestamp ZSENDERTS ?

CREATE TABLE ZIMOCHATMSG ( Z_PK INTEGER PRIMARY KEY, Z_ENT INTEGER, Z_OPT INTEGER, ZISSENT INTEGER, ZNUM_RETRIES INTEGER, ZSENDERTS INTEGER, ZSTATE INTEGER, ZTS INTEGER, ZTYPE INTEGER, ZA_UID VARCHAR, ZALIAS VARCHAR, ZBATCH_ID VARCHAR, ZBUID VARCHAR, ZCONTACT_ALIAS VARCHAR, ZICON VARCHAR, ZPHOTO_ID VARCHAR, ZTEXT VARCHAR, ZIMDATA BLOB );

[joachimmetz]

Why not use PosixTimeInNanoseconds ?

[joachimmetz]

ZTS/1000000000 will remove precision, which maybe not forensically sound

ORDER BY ZTS is not needed given psort will sort events

[codecov]

Codecov Report

Attention: Patch coverage is 96.96970% with 1 line in your changes missing coverage. Please review.

Project coverage is 85.10%. Comparing base (e0e5b1e) to head (5ed490b).
Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
plaso/parsers/sqlite_plugins/ios_imohdchat.py	96.96%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4927      +/-   ##
==========================================
+ Coverage   85.08%   85.10%   +0.02%     
==========================================
  Files         431      433       +2     
  Lines       38765    38825      +60     
==========================================
+ Hits        32982    33041      +59     
- Misses       5783     5784       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[joachimmetz]

@agusgiinarsa what is the origin of the test data file?