sqlite3 error when searching for ProductBuildVersion

[hadar0x]

--------------------------------------------------------------------------------------
iLEAPP: iOS Logs, Events, and Preferences Parser
Objective: Triage iOS Full System Extractions.
By: Alexis Brignoni | @AlexisBrignoni | abrignoni.com
Artifact categories to parse: 38
File/Directory selected: /Volumes/davids_iphone

--------------------------------------------------------------------------------------


Mobile Installation Logs function executing
Logs processed: 2
Lines processed: 2171

Total apps: 326
Total installed apps: 326
Total uninstalled apps: 0
Total historical app reports: 326
Total system state events: 5
Mobile Installation Logs function completed.

Iconstate function executing
Screens: 2
Icons in bottom bar: 4
Iconstate function completed.

No files found for webclips -> *WebClips/*.webclip/*.

Lastbuild function executing
Traceback (most recent call last):
  File "./ileapp.py", line 101, in <module>
    globals()[key](filefound)
  File "/Users/hadar0x/Desktop/iLEAPP/ilapfuncs.py", line 2055, in lastbuild
    deviceinfoin(ordes, kas, vas, sources)
  File "/Users/hadar0x/Desktop/iLEAPP/ilapfuncs.py", line 4603, in deviceinfoin
    cursor.execute('INSERT INTO devinf (ord, ka, va, source)  VALUES(?,?,?,?)', datainsert)
sqlite3.InterfaceError: Error binding parameter 3 - probably unsupported type.

[hadar0x]

ok, i printed the type of 'sources', and it's <class 'pathlib.PosixPath'>
however, when the table is created, the source type is set to TEXT
cursor.execute('CREATE TABLE devinf (ord TEXT, ka TEXT, va TEXT, source TEXT)')

When I use str(sources), everything seems to be working fine :)

[abrignoni]

What version of python are you running? I can change the type right before the insert if needed in deviceinfoin(). I just wonder why can't I replicate the error. Thoughts?

[hadar0x]

Python 3.7.0

You?

[abrignoni]

Python 3.7.4

Installed Python 3.7.0 on another computer. Was not able to replicate the error. :-(

[hadar0x]

Interesting.

1. What is your sqlite module version?
   python3 -c 'import sqlite3; print(sqlite3.version)'
   Mine is 2.6.0

2. I'm running it with the 'fs' argument python3 ./ileapp.py -o fs /Volumes/davids_iphone - how did you try to reproduce it? maybe the difference is in the way this library (from pathlib import Path) returns its paths... because in the tar/zip search, you don't use that library to return the path

3. Just to make sure... When you try to reproduce the issue, do you pass the if 'ProductBuildVersion'? (i.e., does your plist have this key)

[abrignoni]

Yes. You are correct. I was able to replicate. My attempt at aggregating the device info for the report broke the FS parse. Your fix was also spot on. Since the path object is just for display purposes in the report it does not interfere with any other functionality.

I made the change you suggested in deviceinfoin() and it worked for all extraction types. Thank you so much!!!!