-
Notifications
You must be signed in to change notification settings - Fork 353
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implemented Apple biome file parser #4878
base: main
Are you sure you want to change the base?
Conversation
implemented ApplicationInstallBiomePluging
Thanks for the PR, I'll take a look as time permits. |
implemented ApplicationInstallBiomePluging
rebased with upstream for failing CI tests |
@rick-slin PTAL, CI tests are failing https://github.com/log2timeline/plaso/actions/runs/8957629211/job/24600914034?pr=4878#step:7:3036
|
The more I think about this PR, the more I'm convinced that reverse engineering proto definition files and compiling them into the python classes for proper parsing is the better solution. @joachimmetz What do you think? It will take more work on my end, but I think it would be worthwhile. Would the proto file be part of the plaso repo or just the compile python classes? |
One line description of pull request
The parser handles the Apple biome files (aka SEGB). Two parser plugins are included for application installation and launch.
Related issue (if applicable): fixes #4812
Notes:
All contributions to Plaso undergo code review.
This makes sure that the code has appropriate test coverage and conforms to the
Plaso style guide.
One of the maintainers will examine your code, and may request changes. Check off the items below in
order, and then a maintainer will review your code.
Checklist: