Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SQLite parser for Android Native Downloads (downloads.db) file #4929

Open
wants to merge 20 commits into
base: main
Choose a base branch
from
Open

Add SQLite parser for Android Native Downloads (downloads.db) file #4929

wants to merge 20 commits into from
+346 −0

Conversation

ChristopherGammaWau
Copy link

@ChristopherGammaWau ChristopherGammaWau commented Dec 1, 2024
edited by joachimmetz
Loading

One line description of pull request

Add SQLite parser for Android Native Downloads (downloads.db) file

Description:

I add/edit several files:

Add import android_native_downloads to plaso/parsers/sqlite_plugins/init.py
Add a new parser plugin android_native_downloads.py to plaso/parsers/sqlite_plugins/
Add downloads.db file to plaso/test_data/
Add unit test android_native_downloads.py to plaso/tests/parsers/sqlite_plugins/
Modify android.yaml to support Android Native Downloads SQLite parser plugin (plaso/data/formatters/android.yaml)
Modify timeliner.yaml to support Android Native Downloads SQLite parser plugin (plaso/data/timeliner.yaml)

Notes:

All contributions to Plaso undergo code review.
This makes sure that the code has appropriate test coverage and conforms to the
Plaso style guide.

One of the maintainers will examine your code, and may request changes. Check off the items below in
order, and then a maintainer will review your code.

Checklist:

  • Automated checks (GitHub Actions, AppVeyor) pass
  • No new new dependencies are required or l2tdevtools has been updated
  • Reviewer assigned
  • Test data has a Plaso compatible license

@joachimmetz
Copy link
Member

Thanks for the PR, I'm a bit preoccupied at the moment will try to take a look as soon as time permits

@joachimmetz joachimmetz self-assigned this Mar 2, 2025
@joachimmetz
Copy link
Member

@ChristopherGammaWau what is the origin of the test data file?

@joachimmetz joachimmetz added the pending reporter input Issue is pending input from the reporter label Mar 2, 2025
@joachimmetz
Copy link
Member

Rebased PR

@joachimmetz
Copy link
Member

@ChristopherGammaWau @barpeot can one of you PTAL at the linter warnings

@ChristopherGammaWau
Copy link
Author

ChristopherGammaWau commented Mar 2, 2025
edited
Loading

@ChristopherGammaWau what is the origin of the test data file?

Hello Mr. Joachimmetz,

Unless changes are done to the source, the file is obtained from the android 13 image found on this link: https://digitalcorpora.s3.amazonaws.com/corpora/mobile/android_13/android_13_data.tar.gz.

Edit: After checking the original image, the "downloads.db" file used can be found under "data\data\com.android.providers.downloads\databases". The one commited to github has an entry modified with a different status code. But the entry used in the unit test is identical with the original file.

@ChristopherGammaWau @barpeot can one of you PTAL at the linter warnings

I will try to fix the lint warnings in the following days. I am sorry for the last 3 commits since i made a mistake in pushing too early.

I will tag you in this pull request once i've made my changes.

Thank you.

@codecov Codecov
Copy link

codecov bot commented Mar 3, 2025

Codecov Report

Attention: Patch coverage is 94.57014% with 12 lines in your changes missing coverage. Please review.

Project coverage is 85.11%. Comparing base (4a3ce9d) to head (d42f74b).
Report is 8 commits behind head on main.

Files with missing lines Patch % Lines
plaso/parsers/jsonl_plugins/gcp_log.py 91.53% 11 Missing ⚠️
...parsers/sqlite_plugins/android_native_downloads.py 98.33% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4929      +/-   ##
==========================================
+ Coverage   85.05%   85.11%   +0.06%     
==========================================
  Files         431      433       +2     
  Lines       38645    38852     +207     
==========================================
+ Hits        32870    33070     +200     
- Misses       5775     5782       +7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@joachimmetz
Copy link
Member

joachimmetz commented Mar 3, 2025
edited
Loading

Edit: After checking the original image, the "downloads.db" file used can be found under "data\data\com.android.providers.downloads\databases". The one commited to github has an entry modified with a different status code. But the entry used in the unit test is identical with the original file.

Thanks for the additional context, given the test file was edited I'll treat this as "derived work" then

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@joachimmetz joachimmetz

Labels
pending reporter input Issue is pending input from the reporter
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ChristopherGammaWau @joachimmetz @barpeot