startbootstrap
startbootstrap copied to clipboard
BlackrockDigital
Empty username causes TypeError: unsupported format string passed to NoneType.__format__ in debug log statement
Describe the problem:
There is an logger.debug command within the function AddUserAccount() in the file https://github.com/log2timeline/plaso/blob/main/plaso/preprocessors/mediator.py. This logger.debug command tries to print user_account.username. However, when the username is empty (e.g. when it's a Entra ID user and only a SID is known on the local system) the preprocessing fails, because the logger receives a TypeError because it's None.
There are a few checks in the class WindowsUserAccountsPlugin() in the file https://github.com/log2timeline/plaso/blob/main/plaso/preprocessors/windows.py which calls AddUserAccount(), but there aren't any in AddUserAccount().
It's fixable by commenting out the logger.debug command, however i think it would be better to add some checks/safeguards in the function.
To Reproduce:
The version of Plaso you used: 20240308
The operating system you are running Plaso on (Not the operating system of the image/files you're trying to analyze): In docker on Ubuntu 22.04.4 LTS
Steps to reproduce the behavior including command line and arguments and output:
log2timeline.py --workers 30 --storage_file timeline.plaso diskimage.img
Please provide the source data you used when you experienced the problem. For publicly available data please provide a URL or path of the source data. this is not possible because of an active investigation
The method you used to install Plaso:
I pulled the docker image and ran the command within the docker with
docker run -t -i --entrypoint=/bin/bash -v /home/investigation:/data log2timeline/plaso
Expected behavior: I would expect log2timeline to continue instead of hard failing.
Debug output/tracebacks:
You can run log2timeline tools with "-d" to generate debug output, and include anything relevant. Also see: [Producing debug logs][https://plaso.readthedocs.io/en/latest/sources/Troubleshooting.html#producing-debug-logs]
Processing started.
Traceback (most recent call last):
File "/usr/bin/log2timeline.py", line 33, in <module>
sys.exit(load_entry_point('plaso==20240308', 'console_scripts', 'log2timeline')())
File "/usr/lib/python3/dist-packages/plaso/scripts/log2timeline.py", line 81, in Main
tool.ExtractEventsFromSources()
File "/usr/lib/python3/dist-packages/plaso/cli/extraction_tool.py", line 754, in ExtractEventsFromSources
processing_status = self._ProcessSource(session, storage_writer)
File "/usr/lib/python3/dist-packages/plaso/cli/extraction_tool.py", line 446, in _ProcessSource
system_configurations = extraction_engine.PreprocessSource(
File "/usr/lib/python3/dist-packages/plaso/engine/engine.py", line 345, in PreprocessSource
preprocess_manager.PreprocessPluginsManager.RunPlugins(
File "/usr/lib/python3/dist-packages/plaso/preprocessors/manager.py", line 351, in RunPlugins
cls.CollectFromWindowsRegistry(artifacts_registry, mediator, searcher)
File "/usr/lib/python3/dist-packages/plaso/preprocessors/manager.py", line 224, in CollectFromWindowsRegistry
preprocess_plugin.Collect(mediator, artifact_definition, searcher)
File "/usr/lib/python3/dist-packages/plaso/preprocessors/interface.py", line 264, in Collect
self._ParseKey(mediator, registry_key, value_name)
File "/usr/lib/python3/dist-packages/plaso/preprocessors/windows.py", line 916, in _ParseKey
mediator.AddUserAccount(user_account)
File "/usr/lib/python3/dist-packages/plaso/preprocessors/mediator.py", line 115, in AddUserAccount
logger.debug(f'adding user account: {user_account.username:s}')
TypeError: unsupported format string passed to NoneType.__format__
Please DO NOT provide screenshots, they can be hard to read.
For more information see the [troubleshooting guide][https://plaso.readthedocs.io/en/latest/sources/Troubleshooting.html]
Additional context
Any other context about the problem here.
