You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I develop an Sqlite plugin using l2tscaffolder. The scaffolder successfully built the plugin. After that, I rebuilt the plaso and got an error ImportError: cannot import name 'eventdata' from 'plaso.lib'
To Reproduce
Steps to reproduce the behavior:
What definition was selected
$ l2t_scaffolder.py
== Starting the scaffolder ==
Gathering required information.
Available definitions:
[0] plaso
[1] timesketch
[2] turbinia
Definition choice: 0
plaso chosen.
Path to the project root: /home/parallels/git/plaso
Path [/home/parallels/git/plaso] set as the project path.
Name of the module to be generated. This can be something like "foobar sqlite" or "event analytics".
This will be used for class name generation and file name prefixes.
Module Name: iOS Accounts
About to create a new feature branch to store newly generated code.
ERROR:root:Running: "git show-ref --verify --quiet refs/heads/"ios_accounts"" failed with error: .
Creating feature branch: ios_accounts inside /home/parallels/git/plaso
Switching to feature branch ios_accounts
Available scaffolders for plaso:
[0] sqlite
Scaffolder choice: 0
Define the name of the callback function (key) that will be
called for every row returned from the SQL query (value).
The plugin will execute the SQL query and call the callback
once for each resulting row. The name of the function should
follow style guide and be descriptive. An example of that is
a SQL statement that fetches bookmarks, the key name should be
Bookmark, or if the SQL statement collects GPS coordinates
it could be called Location.
Callback function name [#1]: User
SQL Statement [#1]: select zdate, zaccounttypedescription, zusername, zaccountdescription, zaccount.zidentifier, zaccount.zowningbundleid from zaccount, zaccounttype where zaccounttype.z_pk=zaccount.zaccounttype
More entries? [Y/n]: n
List of required tables
Value to add [#1]: zaccount
Add more values? [Y/n]: Y
Value to add [#2]: zaccounttype
Add more values? [Y/n]: n
Absolute or relative path to the file that will be used for tests.
Value: /home/parallels/Desktop/Accounts3.sqlite
Ready to generate files? [Y/n]: Y
File: /home/parallels/git/plaso/test_data/Accounts3.sqlite written to disk.
File: /home/parallels/git/plaso/plaso/parsers/sqlite_plugins/ios_accounts.py written to disk.
File: /home/parallels/git/plaso/tests/parsers/sqlite_plugins/ios_accounts.py written to disk.
File: /home/parallels/git/plaso/plaso/formatters/ios_accounts.py written to disk.
File: /home/parallels/git/plaso/tests/formatters/ios_accounts.py written to disk.
File: /home/parallels/git/plaso/plaso/formatters/__init__.py written to disk.
File: /home/parallels/git/plaso/plaso/parsers/sqlite_plugins/__init__.py written to disk.
Error message, or output that was unexpected
After the scaffolder finished the plugin, I rebuilt plaso using command python3 setup.py build && python3 setup.py install. Then, I run psteal.py to build a timeline from an sqlite given for the test. I got the error messages below.
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/pkg_resources/__init__.py", line 656, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/pkg_resources/__init__.py", line 1453, in run_script
exec(code, namespace, namespace)
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/EGG-INFO/scripts/psteal.py", line 21, in <module>
from plaso.cli import psteal_tool
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/cli/psteal_tool.py", line 11, in <module>
from plaso.cli import extraction_tool
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/cli/extraction_tool.py", line 18, in <module>
from plaso import parsers # pylint: disable=unused-import
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/parsers/__init__.py", line 83, in <module>
from plaso.parsers import sqlite_plugins
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/parsers/sqlite_plugins/__init__.py", line 20, in <module>
from plaso.parsers.sqlite_plugins import ios_accounts
File "/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/parsers/sqlite_plugins/ios_accounts.py", line 13, in <module>
from plaso.lib import eventdata
ImportError: cannot import name 'eventdata' from 'plaso.lib' (/home/parallels/git/virtualenv/plaso/lib/python3.9/site-packages/plaso-20220501-py3.9.egg/plaso/lib/__init__.py)
Expected behavior
The plaso should successfully parse the given sqlite file.
Desktop (please complete the following information):
OS: Kali Linux
Version: 2021.3 arm64
l2tscaffolder Version
l2tscaffolder 20200511.
I installed l2tscaffolder from source.
Possible solution
eventdata is not in plaso.lib anymore. If I am not mistaken, it has been moved to plaso.containers. I need to dig deeper to the plaso code base. I will submit a fix for this issue. I am working on this now. We need to fix the jinja template as well.
The text was updated successfully, but these errors were encountered:
Describe the bug
I develop an Sqlite plugin using l2tscaffolder. The scaffolder successfully built the plugin. After that, I rebuilt the plaso and got an error
ImportError: cannot import name 'eventdata' from 'plaso.lib'To Reproduce
Steps to reproduce the behavior:
Error message, or output that was unexpected
After the scaffolder finished the plugin, I rebuilt plaso using command
python3 setup.py build && python3 setup.py install. Then, I run psteal.py to build a timeline from an sqlite given for the test. I got the error messages below.Expected behavior
The plaso should successfully parse the given sqlite file.
Desktop (please complete the following information):
l2tscaffolder Version
l2tscaffolder 20200511.
I installed l2tscaffolder from source.
Possible solution
eventdatais not inplaso.libanymore. If I am not mistaken, it has been moved toplaso.containers. I need to dig deeper to the plaso code base. I will submit a fix for this issue. I am working on this now. We need to fix the jinja template as well.The text was updated successfully, but these errors were encountered: