Merge pull request abrignoni#957 from Johann-PLW/main

Johann-PLW · web-flow · commit 3b53c44b68c5 · 2024-11-25T18:00:12.000+01:00
Update modules for lava output
diff --git a/scripts/artifacts/allTrails.py b/scripts/artifacts/allTrails.py
@@ -9,7 +9,8 @@
         "category": "Health & Fitness",
         "notes": "",
         "paths": ('*/Documents/AllTrails.sqlite*'),
-        "output_types": ["html", "tsv", "lava"]
+        "output_types": ["html", "tsv", "lava"],
+        "artifact_icon": "map"
     },
     "allTrailsUserInfo": {
         "name": "AllTrails - User Info",
@@ -21,61 +22,54 @@
         "category": "Health & Fitness",
         "notes": "",
         "paths": ('*/Documents/AllTrails.sqlite*'),
-        "output_types": "all"
+        "output_types": "all",
+        "artifact_icon": "user"
     }
 }
 
 
-from scripts.ilapfuncs import artifact_processor, open_sqlite_db_readonly, convert_ts_human_to_timezone_offset
+from scripts.ilapfuncs import artifact_processor, get_sqlite_db_records, convert_cocoa_core_data_ts_to_utc
 
 @artifact_processor
 def allTrailsTrailDetails(files_found, report_folder, seeker, wrap_text, timezone_offset):
     data_list = []
     db_file = ''
+    db_records = []
+
+    query = '''
+    SELECT 
+        ZTRAIL.ZNAME,
+        ZTRAIL.ZROUTETYPENAME,
+        CASE ZACTIVITYSTATS.ZDIFFICULTY
+            WHEN 1 THEN 'Easy'
+            WHEN 3 THEN 'Moderate'
+            WHEN 5 THEN 'Hard'
+        END,
+        ZTRAIL.ZRATING,
+        ZTRAIL.ZREVIEWCOUNT,
+        ZTRAIL.ZLENGTH AS "Length (Meters)",
+        ZTRAIL.ZELEVATIONGAIN AS "Elevation Gain (Meters)",
+        ZLOCATION.ZLATITUDE,
+        ZLOCATION.ZLONGITUDE,
+        ZLOCATION.ZCITY,
+        ZLOCATION.ZREGION,
+        ZLOCATION.ZREGIONNAME,
+        ZLOCATION.ZPOSTALCODE,
+        ZLOCATION.ZCOUNTRY,
+        ZLOCATION.ZCOUNTRYNAME,
+        ZPARKAREA.ZNAME AS "Park Area Name"
+    FROM ZLOCATION
+    JOIN ZTRAIL ON ZLOCATION.Z_PK = ZTRAIL.ZLOCATION
+    JOIN ZPARKAREA ON ZTRAIL.Z_PK = ZPARKAREA.ZTRAIL
+    JOIN ZACTIVITYSTATS ON ZTRAIL.Z_PK = ZACTIVITYSTATS.ZTRAIL
+    '''
 
     for file_found in files_found:
         if file_found.endswith('AllTrails.sqlite'):
             db_file = file_found
+            db_records = get_sqlite_db_records(db_file, query)
             break
     
-    with open_sqlite_db_readonly(db_file) as db:
-        cursor = db.cursor()
-        cursor.execute('''
-        SELECT 
-            ZTRAIL.ZNAME,
-            ZTRAIL.ZROUTETYPENAME,
-            CASE ZACTIVITYSTATS.ZDIFFICULTY
-                WHEN 1 THEN 'Easy'
-                WHEN 3 THEN 'Moderate'
-                WHEN 5 THEN 'Hard'
-            END,
-            ZTRAIL.ZRATING,
-            ZTRAIL.ZREVIEWCOUNT,
-            ZTRAIL.ZLENGTH AS "Length (Meters)",
-            ZTRAIL.ZELEVATIONGAIN AS "Elevation Gain (Meters)",
-            ZLOCATION.ZLATITUDE,
-            ZLOCATION.ZLONGITUDE,
-            ZLOCATION.ZCITY,
-            ZLOCATION.ZREGION,
-            ZLOCATION.ZREGIONNAME,
-            ZLOCATION.ZPOSTALCODE,
-            ZLOCATION.ZCOUNTRY,
-            ZLOCATION.ZCOUNTRYNAME,
-            ZPARKAREA.ZNAME AS "Park Area Name"
-        FROM ZLOCATION
-        JOIN ZTRAIL ON ZLOCATION.Z_PK = ZTRAIL.ZLOCATION
-        JOIN ZPARKAREA ON ZTRAIL.Z_PK = ZPARKAREA.ZTRAIL
-        JOIN ZACTIVITYSTATS ON ZTRAIL.Z_PK = ZACTIVITYSTATS.ZTRAIL
-        ''')
-
-        all_rows = cursor.fetchall()
-
-        for row in all_rows:
-            data_list.append(
-                (row[0], row[1], row[2], row[3], row[4], row[5], row[6], row[7], row[8], 
-                    row[9], row[10], row[11], row[12], row[13], row[14], row[15],)
-                )
-
     data_headers = (
         'Trail Name', 
         'Route Type', 
@@ -94,51 +88,48 @@ def allTrailsTrailDetails(files_found, report_folder, seeker, wrap_text, timezon
         'Country Name', 
         'Parking Area Name'
         )
-    return data_headers, data_list, db_file
+    return data_headers, db_records, db_file
 
 
 @artifact_processor
 def allTrailsUserInfo(files_found, report_folder, seeker, wrap_text, timezone_offset):
     data_list = []
     db_file = ''
+    db_records = []
+
+    query = '''
+    SELECT 
+        ZUSER.ZCREATIONTIME,
+        ZUSER.ZFIRSTNAME,
+        ZUSER.ZLASTNAME,
+        ZUSER.ZUSERNAME,
+        ZPROFILE.ZEMAIL,
+        ZUSER.ZREFERRALLINK,
+        ZLOCATION.ZLATITUDE,
+        ZLOCATION.ZLONGITUDE,
+        ZLOCATION.ZCITY,
+        ZLOCATION.ZREGION,
+        ZLOCATION.ZREGIONNAME,
+        ZLOCATION.ZCOUNTRY,
+        ZLOCATION.ZCOUNTRYNAME,
+        ZLOCATION.ZPOSTALCODE
+    FROM ZUSER
+    INNER JOIN ZPROFILE ON ZUSER.Z_PK = ZPROFILE.ZUSER
+    INNER JOIN ZLOCATION ON ZUSER.ZLOCATION = ZLOCATION.Z_PK
+    '''
 
     for file_found in files_found:
         if file_found.endswith('AllTrails.sqlite'):
             db_file = file_found
+            db_records = get_sqlite_db_records(db_file, query)
             break
     
-    with open_sqlite_db_readonly(db_file) as db:
-        cursor = db.cursor()
-        
-        cursor.execute('''
-        SELECT 
-            datetime(ZUSER.ZCREATIONTIME + 978307200,'unixepoch') AS "Creation Timestamp",
-            ZUSER.ZFIRSTNAME,
-            ZUSER.ZLASTNAME,
-            ZUSER.ZUSERNAME,
-            ZPROFILE.ZEMAIL,
-            ZUSER.ZREFERRALLINK,
-            ZLOCATION.ZLATITUDE,
-            ZLOCATION.ZLONGITUDE,
-            ZLOCATION.ZCITY,
-            ZLOCATION.ZREGION,
-            ZLOCATION.ZREGIONNAME,
-            ZLOCATION.ZCOUNTRY,
-            ZLOCATION.ZCOUNTRYNAME,
-            ZLOCATION.ZPOSTALCODE
-        FROM ZUSER
-        INNER JOIN ZPROFILE ON ZUSER.Z_PK = ZPROFILE.ZUSER
-        INNER JOIN ZLOCATION ON ZUSER.ZLOCATION = ZLOCATION.Z_PK
-        ''')
-
-        all_rows = cursor.fetchall()
 
-        for row in all_rows:
-            timestamp = convert_ts_human_to_timezone_offset(row[0], timezone_offset)
-            data_list.append(
-                (timestamp, row[1], row[2], row[3], row[4], row[5], row[6], 
-                    row[7], row[8], row[9], row[10], row[11], row[12], row[13])
-                )
+    for record in db_records:
+        creation_timestamp = convert_cocoa_core_data_ts_to_utc(record[0])
+        data_list.append(
+            (creation_timestamp, record[1], record[2], record[3], record[4], record[5], record[6], 
+             record[7], record[8], record[9], record[10], record[11], record[12], record[13]))
 
     data_headers = (
         ('Creation Timestamp', 'datetime'), 
diff --git a/scripts/artifacts/twint.py b/scripts/artifacts/twint.py
@@ -1,81 +1,78 @@
-# Created by @KefreR (Frank Ressat)
-
-from scripts.ilapfuncs import logfunc, logdevinfo, timeline, kmlgen, tsv, is_platform_windows, open_sqlite_db_readonly
-from scripts.artifact_report import ArtifactHtmlReport
-
 __artifacts_v2__ = {
-    "Twint": {
-        "name": "Twint Transaction Artifacts",
-        "description": "Extract all the data available related to transactions made with the instant payment app Twint prepaid",
-        "author": "@KefreR",
+    "twintTransactions": {
+        "name": "Twint - Transactions",
+        "description": "Extract data related to transactions made with the instant payment app Twint prepaid",
+        "author": "@KefreR (Frank Ressat)",
         "version": "0.1",
         "date": "2023-11-21",
         "requirements": "none",
-        "category": "Twint Prepaid",
+        "category": "Finance",
         "notes": "",
         "paths": ('*/var/mobile/Containers/Data/Application/*/Library/Application Support/Twint.sqlite*'),
-        "function": "get_twint"
+        "output_types": "standard",
+        "artifact_icon": "dollar-sign"
     }
 }
 
 
-def get_twint(files_found, report_folder, seeker, wrap_text, time_offset):
-    for file_found in files_found:
-        file_found = str(file_found)
-    
-        if file_found.endswith('Twint.sqlite'):
-            break
+from scripts.ilapfuncs import artifact_processor, get_sqlite_db_records, convert_cocoa_core_data_ts_to_utc
 
-    db = open_sqlite_db_readonly(file_found)
-    cursor = db.cursor()
-    
-    cursor.execute(f'''
+@artifact_processor
+def twintTransactions(files_found, report_folder, seeker, wrap_text, time_offset):
+    data_list = []
+    db_file = ''
+    db_records = []
+
+    query = '''
         SELECT
-        ZTRANSACTION.Z_PK,
-        datetime(ZTRANSACTION.ZCREATIONDATE+978307200,'UNIXEPOCH'), 
-        datetime(ZTRANSACTION.ZMODIFIEDTIMESTAMP+978307200,'UNIXEPOCH'), 
-        datetime(ZTRANSACTION.ZSECONDPHASETIMESTAMP+978307200,'UNIXEPOCH'), 
-        datetime(ZTRANSACTION.ZSTATUSPENDINGUNTILDATE+978307200,'UNIXEPOCH'),
-        ZTRANSACTION.ZMERCHANTBRANCHNAME,
-        ZTRANSACTION.ZMERCHANTNAME,
-        ZTRANSACTION.ZP2PSENDERMOBILENR,
-        ZTRANSACTION.ZP2PINITIATEMESSAGE,
-        ZTRANSACTION.ZP2PRECIPIENTMOBILENR, 
-        ZTRANSACTION.ZP2PRECIPIENTNAME ,
-        ZTRANSACTION.ZP2PREPLYMESSAGE,
-        ZTRANSACTION.ZAUTHORIZEDAMOUNT, 
-        ZTRANSACTION.ZPAIDAMOUNT, 
-        ZTRANSACTION.ZREQUESTEDAMOUNT, 
-        ZTRANSACTION.ZDISCOUNT, 
-        ZTRANSACTION.ZCURRENCY,
-        ZTRANSACTION.ZCONTENTREFERENCE, 
-        ZTRANSACTION.ZORDERLINK,
-        ZTRANSACTION.ZP2PHASPICTURE,
-        ZTRANSACTION.ZORDERSTATEVALUE,
-        ZTRANSACTION.ZORDERTYPEVALUE,
-        ZTRANSACTION.ZTRANSACTIONSIDEVALUE,
-        ZTRANSACTION.ZMERCHANTCONFIRMATION FROM ZTRANSACTION''')
+            ZTRANSACTION.ZCREATIONDATE, 
+            ZTRANSACTION.ZMODIFIEDTIMESTAMP, 
+            ZTRANSACTION.ZSECONDPHASETIMESTAMP, 
+            ZTRANSACTION.ZSTATUSPENDINGUNTILDATE, 
+            ZTRANSACTION.ZMERCHANTBRANCHNAME, 
+            ZTRANSACTION.ZMERCHANTNAME, 
+            ZTRANSACTION.ZP2PSENDERMOBILENR, 
+            ZTRANSACTION.ZP2PINITIATEMESSAGE, 
+            ZTRANSACTION.ZP2PRECIPIENTMOBILENR, 
+            ZTRANSACTION.ZP2PRECIPIENTNAME, 
+            ZTRANSACTION.ZP2PREPLYMESSAGE, 
+            ZTRANSACTION.ZAUTHORIZEDAMOUNT, 
+            ZTRANSACTION.ZPAIDAMOUNT, 
+            ZTRANSACTION.ZREQUESTEDAMOUNT, 
+            ZTRANSACTION.ZDISCOUNT, 
+            ZTRANSACTION.ZCURRENCY, 
+            ZTRANSACTION.ZCONTENTREFERENCE, 
+            ZTRANSACTION.ZORDERLINK, 
+            ZTRANSACTION.ZP2PHASPICTURE, 
+            ZTRANSACTION.ZORDERSTATEVALUE, 
+            ZTRANSACTION.ZORDERTYPEVALUE, 
+            ZTRANSACTION.ZTRANSACTIONSIDEVALUE, 
+            ZTRANSACTION.ZMERCHANTCONFIRMATION
+        FROM ZTRANSACTION'''
 
-    data_list = cursor.fetchall()
-    usagentries = len(data_list)
+    for file_found in files_found:
+        if file_found.endswith('Twint.sqlite'):
+            db_file = file_found
+            db_records = get_sqlite_db_records(db_file, query)
+            break
 
-    if usagentries > 0:
-        descritpion ="Twint - Transaction"
-        report = ArtifactHtmlReport(f'{descritpion}')
-        report.start_artifact_report(report_folder, f'{descritpion}')
-        report.add_script()
-        data_headers = (
-            'Index', 'Creation date', 'Sender confirmation date', 'Receiver validation date', 'Transaction expiry date',
-            'Merchant branch name','Merchant name', 'Sender mobile number', 'Sender message', 'Receiver mobile number', 
-            'Receiver contact name', 'Response message', 'Amount authorized for the transaction', 'Paid amount', 
-            'Requested amount', 'Discount', 'Currency', 'Content reference', 'Order link', 'Presence of multimedia content',
-            'Transaction status', 'Type of transaction', 'Direction of the transaction', 'Merchant confirmation')
-        report.write_artifact_data_table(data_headers, data_list, file_found, html_escape=False)
-        report.end_artifact_report()
+    for record in db_records:
+        creation_date = convert_cocoa_core_data_ts_to_utc(record[0])
+        modified_ts = convert_cocoa_core_data_ts_to_utc(record[1])
+        second_phase_ts = convert_cocoa_core_data_ts_to_utc(record[2])
+        status_pending_until_date = convert_cocoa_core_data_ts_to_utc(record[3])
+        data_list.append(
+            (creation_date, modified_ts, second_phase_ts, status_pending_until_date, record[4], record[5], 
+             record[6], record[7], record[8], record[9], record[10], record[11], record[12], 
+             record[13], record[14], record[15], record[16], record[17], record[18], record[19], 
+             record[20], record[21], record[22]))
 
-        tsvname = f'{descritpion}'
-        tsv(report_folder, data_headers, data_list, tsvname)
-    else:
-        logfunc('Twint - No data available')
+    data_headers = (
+        ('Creation date', 'datetime'), ('Sender confirmation date', 'datetime'), ('Receiver validation date', 'datetime'), 
+        ('Transaction expiry date', 'datetime'), 'Merchant branch name', 'Merchant name', 'Sender mobile number', 
+        'Sender message', 'Receiver mobile number', 'Receiver contact name', 'Response message', 
+        'Amount authorized for the transaction', 'Paid amount', 'Requested amount', 'Discount', 'Currency', 
+        'Content reference', 'Order link', 'Presence of multimedia content', 'Transaction status', 'Type of transaction', 
+        'Direction of the transaction', 'Merchant confirmation')
 
-    db.close()
+    return data_headers, data_list, db_file
