Add SQLite parser for iOS Accounts (Accounts3.sqlite) file

[studiawan]

One line description of pull request

Add SQLite parser for iOS Accounts (Accounts3.sqlite) file

Description:

I add/edit several files:

• Add import ios_accounts to plaso/parsers/sqlite_plugins/init.py
• Add a new parser plugin ios_accounts.py to plaso/parsers/sqlite_plugins/
• Add Accounts3.db file to plaso/test_data/
• Add unit test ios_accounts.py to plaso/tests/parsers/sqlite_plugins/
• Modify ios.yaml to support iOS account parser plugin (plaso/data/formatters/ios.yaml)
• Modify timeliner.yaml to support iOS account parser plugin (plaso/data/timeliner.yaml)
• Add sqlite/ios_accounts in enabled_parser_names (tests/cli/pinfo_tool.py)

Related issue (if applicable): fixes #4135

Notes:

All contributions to Plaso undergo code review.
This makes sure that the code has appropriate test coverage and conforms to the
Plaso style guide.

One of the maintainers will examine your code, and may request changes. Check off the items below in
order, and then a maintainer will review your code.

Checklist:

• Automated checks (GitHub Actions, AppVeyor) pass
• No new new dependencies are required or l2tdevtools has been updated
• Reviewer assigned
• Test data has a Plaso compatible license

[studiawan]

Hi @joachimmetz, I am not sure why test_docs / build (3.12, docs) failed. Can you show me where the error is? Other eight tests are successful.
Thanks a lot.

[joachimmetz]

@studiawan I'm a bit preoccupied at the moment will try to take a look as soon as time permits

[joachimmetz]

style guide nit: have 2 empty lines

[joachimmetz]

style guide nit: have 2 indentation spaces

[joachimmetz]

for consistency across the codebase changing this to creation_time

[joachimmetz]

style guide nit: id => identifier

[codecov]

Codecov Report

❌ Patch coverage is 97.14286% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 85.10%. Comparing base (11259d3) to head (fc51758).
⚠️ Report is 38 commits behind head on main.

Files with missing lines	Patch %	Lines
plaso/parsers/sqlite_plugins/ios_accounts.py	97.14%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4926      +/-   ##
==========================================
+ Coverage   85.09%   85.10%   +0.01%     
==========================================
  Files         432      433       +1     
  Lines       38792    38827      +35     
==========================================
+ Hits        33009    33043      +34     
- Misses       5783     5784       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[joachimmetz]

@studiawan what is the origin of the test data file?

[joachimmetz]

style guide nit: use 2 space indentation.

[joachimmetz]

lint nit: remove trailing whitespace

[studiawan]

@studiawan what is the origin of the test data file?

I am sorry for the late reply, the data is from Digital Corpora https://digitalcorpora.s3.amazonaws.com/s3_browser.html#corpora/mobile/android_13/ios_15_3_1/

So, is the plugin good to be merged?

[joachimmetz]

I am sorry for the late reply, the data is from Digital Corpora

Will need to check the license is compatible

[studiawan]

For the license, there are no restrictions on the use of this data, source: https://registry.opendata.aws/digitalcorpora/
All of the disk images, memory dumps, and network packet captures available on Digital Corpora are freely available, source: https://digitalcorpora.org/

[joachimmetz]

That is the crux, need to figure out what "no restrictions" mean in the context of FOSS. Also see https://opensource.org/blog/public-domain-is-not-open-source