Add SQLite parser for Android Native Downloads (downloads.db) file

[ChristopherGammaWau]

One line description of pull request

Add SQLite parser for Android Native Downloads (downloads.db) file

Description:

I add/edit several files:

Add import android_native_downloads to plaso/parsers/sqlite_plugins/init.py
Add a new parser plugin android_native_downloads.py to plaso/parsers/sqlite_plugins/
Add downloads.db file to plaso/test_data/
Add unit test android_native_downloads.py to plaso/tests/parsers/sqlite_plugins/
Modify android.yaml to support Android Native Downloads SQLite parser plugin (plaso/data/formatters/android.yaml)
Modify timeliner.yaml to support Android Native Downloads SQLite parser plugin (plaso/data/timeliner.yaml)

Notes:

All contributions to Plaso undergo code review.
This makes sure that the code has appropriate test coverage and conforms to the
Plaso style guide.

One of the maintainers will examine your code, and may request changes. Check off the items below in
order, and then a maintainer will review your code.

Checklist:

• Automated checks (GitHub Actions, AppVeyor) pass
• No new new dependencies are required or l2tdevtools has been updated
• Reviewer assigned
• Test data has a Plaso compatible license

[joachimmetz]

Thanks for the PR, I'm a bit preoccupied at the moment will try to take a look as soon as time permits

[joachimmetz]

@ChristopherGammaWau what is the origin of the test data file?

[joachimmetz]

Rebased PR

[joachimmetz]

@ChristopherGammaWau @barpeot can one of you PTAL at the linter warnings

[ChristopherGammaWau]

@ChristopherGammaWau what is the origin of the test data file?

Hello Mr. Joachimmetz,

Unless changes are done to the source, the file is obtained from the android 13 image found on this link: https://digitalcorpora.s3.amazonaws.com/corpora/mobile/android_13/android_13_data.tar.gz.

Edit: After checking the original image, the "downloads.db" file used can be found under "data\data\com.android.providers.downloads\databases". The one commited to github has an entry modified with a different status code. But the entry used in the unit test is identical with the original file.

@ChristopherGammaWau @barpeot can one of you PTAL at the linter warnings

I will try to fix the lint warnings in the following days. I am sorry for the last 3 commits since i made a mistake in pushing too early.

I will tag you in this pull request once i've made my changes.

Thank you.

[codecov]

Codecov Report

Attention: Patch coverage is 94.57014% with 12 lines in your changes missing coverage. Please review.

Project coverage is 85.11%. Comparing base (4a3ce9d) to head (d42f74b).
Report is 8 commits behind head on main.

Files with missing lines	Patch %	Lines
plaso/parsers/jsonl_plugins/gcp_log.py	91.53%	11 Missing ⚠️
...parsers/sqlite_plugins/android_native_downloads.py	98.33%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4929      +/-   ##
==========================================
+ Coverage   85.05%   85.11%   +0.06%     
==========================================
  Files         431      433       +2     
  Lines       38645    38852     +207     
==========================================
+ Hits        32870    33070     +200     
- Misses       5775     5782       +7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[joachimmetz]

Edit: After checking the original image, the "downloads.db" file used can be found under "data\data\com.android.providers.downloads\databases". The one commited to github has an entry modified with a different status code. But the entry used in the unit test is identical with the original file.

Thanks for the additional context, given the test file was edited I'll treat this as "derived work" then

[ChristopherGammaWau]

Sorry i forgot to add the comment.

The last commit passed when running tox for pylint python 3.12 on my machine which if i'm not wrong is the version that didn't pass previously.