adding file generated by initialize to gitignore

EC-DIGIT-CSIRC · Jan 14, 2024 · 76b58bb · 76b58bb
1 parent 196ed77
commit 76b58bb
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,6 +3,7 @@ data/*
 cases.json
 parsed_data/*
 *.gpx
+db.json
 
 # Byte-compiled / optimized / DLL files
 __pycache__/

diff --git a/analyzers/sysdiagnose-timeliner.py b/analyzers/sysdiagnose-timeliner.py
@@ -29,6 +29,7 @@
     "sysdiagnose-mobileactivation.json": "__extract_ts_mobileactivation",
     "sysdiagnose-powerlogs.json": "__extract_ts_powerlogs",
     "sysdiagnose-swcutil.json": "__extract_ts_swcutil",
+    "sysdiagnose-shutdownlogs.json": "__extract_ts_shutdownlogs",
     "sysdiagnose-logarchive.json": "__extract_ts_logarchive",
     "sysdiagnose-wifisecurity.json": "__extract_ts_wifisecurity",
     "sysdiagnose_wifi_known_networks.json": "__extract_ts_wifi_known_networks",
@@ -200,6 +201,32 @@ def __extract_ts_accessibility_tcc(filename):
         return False
     return False
 
+def __extract_ts_shutdownlogs(filename):
+    try:
+        with open(filename, 'r') as fd:
+            data = json.load(fd)
+            for ts in data["data"].keys():
+                try:
+                    # create timeline entries
+                    timestamp = datetime.strptime(ts, "%Y-%m-%d %H:%M:%S+00:00")
+                    processes = data["data"][ts]
+                    for p in processes:
+                        ts_event = {
+                            "message": p["path"],
+                            "timestamp": int(timestamp.timestamp() * 1000000),
+                            "datetime": timestamp.strftime("%Y-%m-%dT%H:%M:%S+00:00"),
+                            "timestamp_desc": "Entry in shutdown.log",
+                            "extra_field_1": "pid: %s" % p["pid"]
+                        }
+                        timeline.append(ts_event)
+                except Exception as e:
+                    print(f"WARNING: entry not parsed: {ts}")
+        return True
+    except Exception as e:
+        print(f"ERROR while extracting timestamp from {filename}. Reason: {str(e)}")
+        return False
+    return False
+
 
 def __extract_ts_logarchive(filename):
     r"""

diff --git a/initialyze.py b/initialyze.py
@@ -160,6 +160,11 @@ def init(sysdiagnose_file, force=False):
     except:        # noqa: E722
         pass
 
+    try:
+        new_case_json["shutdownlog"] = new_folder +glob.glob('./*/system_logs.logarchive/Extra/shutdown.log')[0][1:]
+    except:        # noqa: E722
+        pass
+
     try:
         new_case_json["taskinfo"] = new_folder +glob.glob('./*/taskinfo.txt')[0][1:]
     except:        # noqa: E722