Merge pull request #914 from Johann-PLW/main

Update modules for lava output
abrignoni · Nov 8, 2024 · 4a4115d · 4a4115d
2 parents 6829c12 + 38f1607
commit 4a4115d
Show file tree

Hide file tree

Showing 8 changed files with 185 additions and 133 deletions.
diff --git a/ileapp.py b/ileapp.py
@@ -374,6 +374,8 @@ def crunch_artifacts(
 
     # Search for the files per the arguments
     for plugin in plugins:
+        logfunc()
+        logfunc('{} [{}] artifact started'.format(plugin.name, plugin.module_name))
         if isinstance(plugin.search, list) or isinstance(plugin.search, tuple):
             search_regexes = plugin.search
         else:
@@ -389,6 +391,7 @@ def crunch_artifacts(
                 found = seeker.search(artifact_search_regex)
             if not found:
                 log.write(f'<ul><li>No file found for regex <i>{artifact_search_regex}</i></li></ul>')
+                logfunc('No file found')
             else:
                 log.write(f'<ul><li>{len(found)} {"files" if len(found) > 1 else "file"} for regex <i>{artifact_search_regex}</i> located at:')
                 for pathh in found:
@@ -398,8 +401,6 @@ def crunch_artifacts(
                 log.write(f'</li></ul>')
                 files_found.extend(found)
         if files_found:
-            logfunc()
-            logfunc('{} [{}] artifact started'.format(plugin.name, plugin.module_name))
             category_folder = os.path.join(out_params.report_folder_base, '_HTML', plugin.category)
             if not os.path.exists(category_folder):
                 try:
@@ -416,7 +417,7 @@ def crunch_artifacts(
                 logfunc('Exception Traceback: {}'.format(traceback.format_exc()))
                 continue  # nope
 
-            logfunc('{} [{}] artifact completed'.format(plugin.name, plugin.module_name))
+        logfunc('{} [{}] artifact completed'.format(plugin.name, plugin.module_name))
     log.close()
 
     write_device_info()

diff --git a/scripts/artifact_report.py b/scripts/artifact_report.py
@@ -20,7 +20,7 @@ def __del__(self):
 
     def start_artifact_report(self, report_folder, artifact_file_name, artifact_description=''):
         '''Creates the report HTML file and writes the artifact name as a heading'''
-        artifact_file_name =  artifact_file_name.replace(" ", "_") # Replace " " with "_" in HTML filenames
+        # artifact_file_name =  artifact_file_name.replace(" ", "_") # Replace " " with "_" in HTML filenames
         self.report_file = open(os.path.join(report_folder, f'{artifact_file_name}.temphtml'), 'w', encoding='utf8')
         self.report_file.write(page_header.format(f'iLEAPP - {self.artifact_name} report'))
         self.report_file.write(body_start.format(f'iLEAPP {ileapp_version}'))

diff --git a/scripts/artifacts/AllTrails.py b/scripts/artifacts/AllTrails.py
diff --git a/scripts/artifacts/accountConfig.py b/scripts/artifacts/accountConfig.py
@@ -2,13 +2,13 @@
     "accountConfig": {
         "name": "Account Configuration",
         "description": "Extracts account configuration information",
-        "author": "@AlexisBrignoni",
-        "version": "0.1.3",
+        "author": "@abrignoni",
+        "version": "0.2.3",
         "date": "2020-04-30",
         "requirements": "none",
         "category": "Accounts",
         "notes": "",
-        "paths": ('*/com.apple.accounts.exists.plist',),
+        "paths": ('*/preferences/SystemConfiguration/com.apple.accounts.exists.plist',),
         "output_types": ["html", "tsv", "lava"]
     }
 }
@@ -19,7 +19,6 @@
 @artifact_processor
 def accountConfig(files_found, report_folder, seeker, wrap_text, timezone_offset):
     data_list = []
-    data_headers = ()
     source_path = str(files_found[0])
 
     with open(source_path, "rb") as fp:

diff --git a/scripts/artifacts/allTrails.py b/scripts/artifacts/allTrails.py
@@ -0,0 +1,166 @@
+__artifacts_v2__ = {
+    "allTrails_trail_details": {
+        "name": "AllTrails - Trail Details",
+        "description": "Extract trail details from AllTrails App",
+        "author": "@stark4n6",
+        "version": "0.2",
+        "date": "2022-04-28",
+        "requirements": "none",
+        "category": "Health & Fitness",
+        "notes": "",
+        "paths": ('*/Documents/AllTrails.sqlite*'),
+        "output_types": ["html", "tsv", "lava"]
+    },
+    "allTrails_user_info": {
+        "name": "AllTrails - User Info",
+        "description": "Extract user info from AllTrails App",
+        "author": "@stark4n6",
+        "version": "0.2",
+        "date": "2022-04-28",
+        "requirements": "none",
+        "category": "Health & Fitness",
+        "notes": "",
+        "paths": ('*/Documents/AllTrails.sqlite*'),
+        "output_types": "all"
+    }
+}
+
+
+from scripts.ilapfuncs import artifact_processor, logfunc, open_sqlite_db_readonly, convert_ts_human_to_timezone_offset
+
+@artifact_processor
+def allTrails_trail_details(files_found, report_folder, seeker, wrap_text, timezone_offset):
+    data_list = []
+    db_file = ''
+
+    for file_found in files_found:
+        if file_found.endswith('AllTrails.sqlite'):
+            db_file = file_found
+            break
+
+    if db_file:
+        db = open_sqlite_db_readonly(file_found)
+        cursor = db.cursor()
+
+        cursor.execute('''
+        SELECT 
+            ZTRAIL.ZNAME,
+            ZTRAIL.ZROUTETYPENAME,
+            CASE ZACTIVITYSTATS.ZDIFFICULTY
+                WHEN 1 THEN 'Easy'
+                WHEN 3 THEN 'Moderate'
+                WHEN 5 THEN 'Hard'
+            END,
+            ZTRAIL.ZRATING,
+            ZTRAIL.ZREVIEWCOUNT,
+            ZTRAIL.ZLENGTH AS "Length (Meters)",
+            ZTRAIL.ZELEVATIONGAIN AS "Elevation Gain (Meters)",
+            ZLOCATION.ZLATITUDE,
+            ZLOCATION.ZLONGITUDE,
+            ZLOCATION.ZCITY,
+            ZLOCATION.ZREGION,
+            ZLOCATION.ZREGIONNAME,
+            ZLOCATION.ZPOSTALCODE,
+            ZLOCATION.ZCOUNTRY,
+            ZLOCATION.ZCOUNTRYNAME,
+            ZPARKAREA.ZNAME AS "Park Area Name"
+        FROM ZLOCATION
+        JOIN ZTRAIL ON ZLOCATION.Z_PK = ZTRAIL.ZLOCATION
+        JOIN ZPARKAREA ON ZTRAIL.Z_PK = ZPARKAREA.ZTRAIL
+        JOIN ZACTIVITYSTATS ON ZTRAIL.Z_PK = ZACTIVITYSTATS.ZTRAIL
+        ''')
+
+        all_rows = cursor.fetchall()
+
+        for row in all_rows:
+            data_list.append(
+                (row[0], row[1], row[2], row[3], row[4], row[5], row[6], row[7], row[8], 
+                    row[9], row[10], row[11], row[12], row[13], row[14], row[15],)
+                )
+
+        db.close()
+
+    data_headers = (
+        'Trail Name', 
+        'Route Type', 
+        'Trail Difficulty', 
+        'Rating',
+        'Review Count',
+        'Length (Meters)', 
+        'Elevation Gain (Meters)', 
+        'Latitude', 
+        'Longitude', 
+        'City', 
+        'State/Region', 
+        'State/Region Name', 
+        'Zip Code', 
+        'Country', 
+        'Country Name', 
+        'Parking Area Name'
+        )
+    return data_headers, data_list, db_file
+
+
+@artifact_processor
+def allTrails_user_info(files_found, report_folder, seeker, wrap_text, timezone_offset):
+    data_list = []
+    db_file = None
+
+    for file_found in files_found:
+        if file_found.endswith('AllTrails.sqlite'):
+            db_file = file_found
+            break
+
+    if db_file:
+        db = open_sqlite_db_readonly(file_found)
+        cursor = db.cursor()
+
+        cursor.execute('''
+        SELECT 
+            datetime(ZUSER.ZCREATIONTIME + 978307200,'unixepoch') AS "Creation Timestamp",
+            ZUSER.ZFIRSTNAME,
+            ZUSER.ZLASTNAME,
+            ZUSER.ZUSERNAME,
+            ZPROFILE.ZEMAIL,
+            ZUSER.ZREFERRALLINK,
+            ZLOCATION.ZLATITUDE,
+            ZLOCATION.ZLONGITUDE,
+            ZLOCATION.ZCITY,
+            ZLOCATION.ZREGION,
+            ZLOCATION.ZREGIONNAME,
+            ZLOCATION.ZCOUNTRY,
+            ZLOCATION.ZCOUNTRYNAME,
+            ZLOCATION.ZPOSTALCODE
+        FROM ZUSER
+        INNER JOIN ZPROFILE ON ZUSER.Z_PK = ZPROFILE.ZUSER
+        INNER JOIN ZLOCATION ON ZUSER.ZLOCATION = ZLOCATION.Z_PK
+        ''')
+
+        all_rows = cursor.fetchall()
+
+        for row in all_rows:
+            timestamp = convert_ts_human_to_timezone_offset(row[0], timezone_offset)
+            data_list.append(
+                (timestamp, row[1], row[2], row[3], row[4], row[5], row[6], 
+                    row[7], row[8], row[9], row[10], row[11], row[12], row[13])
+                )
+
+        db.close()
+
+    data_headers = (
+        ('Creation Timestamp', 'datetime'), 
+        'First Name', 
+        'Last Name', 
+        'User Name', 
+        'Email', 
+        'Referral Link', 
+        'Latitude', 
+        'Longitude', 
+        'City', 
+        'Region', 
+        'Region Name', 
+        'Country', 
+        'Country Name', 
+        'Zip Code'
+        )
+    return data_headers, data_list, db_file
diff --git a/scripts/ilapfuncs.py b/scripts/ilapfuncs.py
@@ -63,7 +63,10 @@ def wrapper(files_found, report_folder, seeker, wrap_text, timezone_offset):
 
         data_headers, data_list, source_path = func(files_found, report_folder, seeker, wrap_text, timezone_offset)
 
-        if len(data_list):
+        if not source_path:
+            logfunc(f"No file found")
+
+        elif len(data_list):
             logfunc(f"Found {len(data_list)} records for {artifact_name}")
             output_types = artifact_info.get('output_types', ['html', 'tsv', 'timeline', 'lava', 'kml'])
 

diff --git a/scripts/report.py b/scripts/report.py
@@ -103,15 +103,15 @@ def generate_report(reportfolderbase, time_in_secs, time_HMS, extraction_type, i
                         nav_list_data += side_heading.format(SectionHeader)
                     side_list[SectionHeader].append(fullpath)
                     icon = get_icon_name(SectionHeader, tail.replace(".temphtml", ""))
-                    nav_list_data += list_item.format('', tail.replace(".temphtml", ".html"), icon,
-                                                        tail.replace(".temphtml", "").replace("_", " "))
+                    nav_list_data += list_item.format('', tail.replace(".temphtml", ".html").replace(" ", "_"), 
+                                                      icon, tail.replace(".temphtml", "").replace("_", " "))
 
     # Now that we have all the file paths, start writing the files
 
     for category, path_list in side_list.items():
         for path in path_list:
             old_filename = os.path.basename(path)
-            filename = old_filename.replace(".temphtml", ".html")
+            filename = old_filename.replace(".temphtml", ".html").replace(" ", "_")
             # search for it in nav_list_data, then mark that one as 'active' tab
             active_nav_list_data = mark_item_active(nav_list_data, filename) + nav_bar_script
             artifact_data = get_file_content(path)