SQLECmd icon indicating copy to clipboard operation
SQLECmd copied to clipboard
verified publisher icon EricZimmerman

No Map for NIST SQLite DB

Open daarrgcs opened this issue 1 year ago • 12 comments

** SQLECmd version # ** The version of SQLECmd you are running SQLECmd version 1.0.0.0

Describe the bug A clear and concise description of what the bug is, including the full command line you are using. Missing map when processing the NIST NSRLRDS_2024.03.1_modern_minimal.db file downloaded from: https://s3.amazonaws.com/rds.nsrl.nist.gov/RDS/rds_3.00_demo/RDSv3_Modern_Minimal_Demo.zip.

Thank you for your continued work with the programs you maintain!

To Reproduce Steps to reproduce the behavior:

  1. Form Admin terminal, run .\SQLECmd.exe -f "E:\RDS_2024.03.1_modern_minimal\RDS_2024.03.1_modern_minimal.db" --csv "E:"
  2. Results yielded no csv output, but did create a missing map message.
  3. See error

Expected behavior Process the db and export a csv.

Screenshots image

Additional context When processing the NIST NSRLRDS_2024.03.1_modern_minimal.db file, I received a message that there was a missing map. At least one database was found with no corresponding map (Use --debug for more details about discovery process) File name: E:\RDS_2024.03.1_modern_minimal\RDS_2024.03.1_modern_minimal.db, Tables: FILE,MFG,OS,PKG,VERSION

daarrgcs avatar Jun 03 '24 18:06 daarrgcs

So make the map? How is this a bug

EricZimmerman avatar Jun 03 '24 18:06 EricZimmerman

Haha, sorry, I'm clearly not versed in the language of you Github aficionados. I mistakenly assumed that your site's guidance in cases where there is a missing map to, "please create an issue," meant that I should create an issue to alert you.

Please pardon my waste of your time and have a beautiful day.

Daniel

@.***

From: Eric @.> Sent: Monday, June 3, 2024 2:47 PM To: EricZimmerman/SQLECmd @.> Cc: Daniel Arrugueta @.>; Author @.> Subject: Re: [EricZimmerman/SQLECmd] No Map for NIST SQLite DB (Issue #74)

You don't often get email from @.@.>. Learn why this is importanthttps://aka.ms/LearnAboutSenderIdentification

So make the map? How is this a bug

Reply to this email directly, view it on GitHubhttps://github.com/EricZimmerman/SQLECmd/issues/74#issuecomment-2145893580, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BHNDFB7QMOSTEYZ3Y57ISV3ZFS24BAVCNFSM6AAAAABIXBUD3GVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNBVHA4TGNJYGA. You are receiving this because you authored the thread.Message ID: @.@.>>

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

daarrgcs avatar Jun 03 '24 18:06 daarrgcs

BTW, while we're chatting, how do I "make the map?" I see nothing in the documentation.

From: Daniel Arrugueta Sent: Monday, June 3, 2024 2:55 PM To: EricZimmerman/SQLECmd @.>; EricZimmerman/SQLECmd @.> Cc: Author @.***> Subject: RE: [EricZimmerman/SQLECmd] No Map for NIST SQLite DB (Issue #74)

Haha, sorry, I'm clearly not versed in the language of you Github aficionados. I mistakenly assumed that your site's guidance in cases where there is a missing map to, "please create an issue," meant that I should create an issue to alert you.

Please pardon my waste of your time and have a beautiful day.

Daniel

@.***

From: Eric @.@.>> Sent: Monday, June 3, 2024 2:47 PM To: EricZimmerman/SQLECmd @.@.>> Cc: Daniel Arrugueta @.@.>>; Author @.@.>> Subject: Re: [EricZimmerman/SQLECmd] No Map for NIST SQLite DB (Issue #74)

You don't often get email from @.@.>. Learn why this is importanthttps://aka.ms/LearnAboutSenderIdentification

So make the map? How is this a bug

Reply to this email directly, view it on GitHubhttps://github.com/EricZimmerman/SQLECmd/issues/74#issuecomment-2145893580, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BHNDFB7QMOSTEYZ3Y57ISV3ZFS24BAVCNFSM6AAAAABIXBUD3GVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNBVHA4TGNJYGA. You are receiving this because you authored the thread.Message ID: @.@.>>

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

daarrgcs avatar Jun 03 '24 19:06 daarrgcs

Here's a guide: https://github.com/EricZimmerman/SQLECmd/blob/master/SQLMap/Maps/!OS_Application_OptionalDescription.guide

Here's a template: https://github.com/EricZimmerman/SQLECmd/blob/master/SQLMap/Maps/!OS_Application_OptionalDescription.template

AndrewRathbun avatar Jun 03 '24 19:06 AndrewRathbun

dbSchema

@daarrgcs,, here's the DB schema. What exactly were you looking to get from SQLECmd with this DB? Just a CSV output?

AndrewRathbun avatar Jun 04 '24 16:06 AndrewRathbun

Thanx much for the follow-up. Yes, I was trying to pull a csv using SQLEcmd. I used DB Browser to accomplish the same thing but wanted to familiarize myself with your tool while I was working on this.

Attached is the smap I created, although I'm not sure it's correct. The program accepted my smap after I corrected some original errors. It's been running for a couple of hours with no output yet.

Again, very much appreciate your following up.

@.***

@.***

From: Andrew Rathbun @.> Sent: Tuesday, June 4, 2024 12:20 PM To: EricZimmerman/SQLECmd @.> Cc: Daniel Arrugueta @.>; Mention @.> Subject: Re: [EricZimmerman/SQLECmd] No Map for NIST SQLite DB (Issue #74)

You don't often get email from @.@.>. Learn why this is importanthttps://aka.ms/LearnAboutSenderIdentification

dbSchema.jpg (view on web)https://github.com/EricZimmerman/SQLECmd/assets/36825567/ed0d9dea-f44d-45d3-a565-edb4288c127f

@daarrgcshttps://github.com/daarrgcs,, here's the DB schema. What exactly were you looking to get from SQLECmd with this DB? Just a CSV output?

Reply to this email directly, view it on GitHubhttps://github.com/EricZimmerman/SQLECmd/issues/74#issuecomment-2147931077, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BHNDFBYLJURCXL2OEQRX3RTZFXSJJAVCNFSM6AAAAABIXBUD3GVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNBXHEZTCMBXG4. You are receiving this because you were mentioned.Message ID: @.@.>>

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

daarrgcs avatar Jun 04 '24 16:06 daarrgcs

You are responding via email, so the attachment didn't go through. Can you respond through GitHub and attach it here?

AndrewRathbun avatar Jun 04 '24 16:06 AndrewRathbun

smap file is attached. NIST_NSRLminimalv3-FileHashexport_csv Conv.smap.txt NIST_NSRLminimalv3-FileHashexport_screenshot

daarrgcs avatar Jun 04 '24 16:06 daarrgcs

There's no such column as crc32 in the FILE table, FYI.

image

AndrewRathbun avatar Jun 04 '24 19:06 AndrewRathbun

The crc32 column shows up in DB Browser and in the column headers present in the csv I exported. I put a screenshot into the issue. Below are the columns the export gave me. Also, the program is still running with no output. Showing 15-25% CPU activity. I assume there's a problem with my smap?

/mnt/e/RDS_2024.03.1_modern_minimal$ head RDS_2024.03.1_modern_minimal.csv sha256,sha1,md5,crc32,file_name,file_size,package_id

From: Andrew Rathbun @.> Sent: Tuesday, June 4, 2024 3:56 PM To: EricZimmerman/SQLECmd @.> Cc: Daniel Arrugueta @.>; Mention @.> Subject: Re: [EricZimmerman/SQLECmd] No Map for NIST SQLite DB (Issue #74)

You don't often get email from @.@.>. Learn why this is importanthttps://aka.ms/LearnAboutSenderIdentification

There's no such column as crc32 in the FILE table, FYI.

image.png (view on web)https://github.com/EricZimmerman/SQLECmd/assets/36825567/01bc77d7-5478-4107-96ff-ed9691449e38

Reply to this email directly, view it on GitHubhttps://github.com/EricZimmerman/SQLECmd/issues/74#issuecomment-2148312723, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BHNDFB3GBGMOAUCH23QKJ7LZFYLTVAVCNFSM6AAAAABIXBUD3GVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNBYGMYTENZSGM. You are receiving this because you were mentioned.Message ID: @.@.>>

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

daarrgcs avatar Jun 05 '24 13:06 daarrgcs

There is a crc32 field in the table from what I'm seeing. /mnt/e/RDS_2024.03.1_modern_minimal$ head RDS_2024.03.1_modern_minimal.csv sha256,sha1,md5,crc32,file_name,file_size,package_id

image

daarrgcs avatar Jun 05 '24 15:06 daarrgcs

Ahh, for some reason, I downloaded RDS_2022.10.1_modern_minimal.db so maybe they've since added the crc32 column.

AndrewRathbun avatar Jun 05 '24 15:06 AndrewRathbun