raise ValueError() # Cannot happen - Google Chrome 87.0.4280.88

Question

raise ValueError() # Cannot happen - Google Chrome 87.0.4280.88

pokushalov opened this issue 4 years ago · 6 comments

Describe the problem
Getting errors when trying to parse data

Screenshots or Console Output
Traceback (most recent call last):
File "hindsight.py", line 329, in
main()
File "hindsight.py", line 212, in main
run_status = analysis_session.run()
File "/home/alex/hindsight/pyhindsight/analysis.py", line 479, in run
browser_analysis.process()
File "/home/alex/hindsight/pyhindsight/browsers/chrome.py", line 2210, in process
self.get_site_characteristics(self.profile_path, 'Site Characteristics Database')
File "/home/alex/hindsight/pyhindsight/browsers/chrome.py", line 2000, in get_site_characteristics
items = utils.get_ldb_records(sc_root_path)
File "/home/alex/hindsight/pyhindsight/utils.py", line 159, in get_ldb_records
for record in db.iterate_records_raw():
File "/home/alex/hindsight/pyhindsight/lib/ccl_chrome_indexeddb/ccl_leveldb.py", line 572, in iterate_records_raw
yield from file_containing_records
File "/home/alex/hindsight/pyhindsight/lib/ccl_chrome_indexeddb/ccl_leveldb.py", line 334, in iter
for batch_offset, batch in self._get_batches():
File "/home/alex/hindsight/pyhindsight/lib/ccl_chrome_indexeddb/ccl_leveldb.py", line 329, in _get_batches
raise ValueError() # Cannot happen
ValueError

Expected behavior
Cannot happen

To Reproduce
Steps to reproduce the behavior:
Run script from the command line

hindsight.log Snippet
2021-02-20 13:57:48.552 | D | - Reading 6479 Local Storage raw LevelDB records; beginning parsing
2021-02-20 13:57:48.632 | I | - Parsed 5953 items from 0 files
2021-02-20 13:57:48.633 | I | Extensions:
2021-02-20 13:57:48.633 | I | - Reading from /home/XXXX/.config/google-chrome/Default/Extensions
2021-02-20 13:57:48.634 | D | - 11 files in Extensions directory: ['nmmhkkegccagdldgiimedpiccmgmieda', 'felcaaldnbdncclmgdcncolpebgiejap', 'blpcfgokakmgnkcojhhkbfbldkacnbeo', 'pkedcjkdefgpdelpbcmbmeomcjbeemfm', 'phfccdiigmfnmeejlcjpafpgmoppjpok', 'ghbmnnjooekpmoecnnnilnnbdlolhkhi', 'apdfllckaahabafndbhieahigkjlhalf', 'aohghmighlieiainnegkcijnfilokake', 'pjkljhegncpnkpknbcohdijeoejaedia', 'aapocclcgogkmnckokdopfmhonfmgoek', 'lmcianjdpdgjjpcnaaohnnepnbiagjii']
2021-02-20 13:57:48.634 | D | - 11 files in Extensions directory will be processed: ['nmmhkkegccagdldgiimedpiccmgmieda', 'felcaaldnbdncclmgdcncolpebgiejap', 'blpcfgokakmgnkcojhhkbfbldkacnbeo', 'pkedcjkdefgpdelpbcmbmeomcjbeemfm', 'phfccdiigmfnmeejlcjpafpgmoppjpok', 'ghbmnnjooekpmoecnnnilnnbdlolhkhi', 'apdfllckaahabafndbhieahigkjlhalf', 'aohghmighlieiainnegkcijnfilokake', 'pjkljhegncpnkpknbcohdijeoejaedia', 'aapocclcgogkmnckokdopfmhonfmgoek', 'lmcianjdpdgjjpcnaaohnnepnbiagjii']
2021-02-20 13:57:48.637 | I | - Parsed 11 items
2021-02-20 13:57:48.637 | I | Cookie items from Extension Cookies:
2021-02-20 13:57:48.637 | I | - Using SQL query for Cookie items for Chrome v66
2021-02-20 13:57:48.637 | I | - Reading from Extension Cookies in /home/XXXX/.config/google-chrome/Default
2021-02-20 13:57:48.638 | I | - Parsed 0 items
2021-02-20 13:57:48.638 | I | Login items from Login Data:
2021-02-20 13:57:48.638 | I | - Using SQL query for Login items for Chrome v78
2021-02-20 13:57:48.638 | I | - Reading from Login Data in /home/XXXX/.config/google-chrome/Default
2021-02-20 13:57:48.640 | I | - Using SQL query for Login Stat items for Chrome v48
2021-02-20 13:57:48.640 | I | - Reading from Login Data in /home/XXXX/.config/google-chrome/Default
2021-02-20 13:57:48.640 | I | - Parsed 44 items
2021-02-20 13:57:48.640 | I | Preferences:
2021-02-20 13:57:48.641 | I | - Reading from /home/XXXX/.config/google-chrome/Default/Preferences
2021-02-20 13:57:48.645 | I | - Parsed 14 items
2021-02-20 13:57:48.760 | I | Site Characteristics:
2021-02-20 13:57:48.760 | I | - Reading from /home/XXXX/.config/google-chrome/Default/Site Characteristics Database
2021-02-20 13:57:48.761 | D | - 6 files in Site Characteristics directory: ['MANIFEST-000001', 'LOG', 'CURRENT', 'LOG.old', '000003.log', 'LOCK']

System Details

Analysis System OS (your forensic workstation): "Ubuntu 20.04.2 LTS"
Method of Running Hindsight: python 3.8.5
Hindsight version: v2021.01.16
Target System OS: "Ubuntu 20.04.2 LTS"
Target Browser: Chrome
Target Browser Version: Google Chrome 87.0.4280.88

Additional context
Add any other context about the problem here.

Answer 1 · 2021-02-20T20:34:11.000Z

Hey there - thanks for reporting this! Is there any way you could get me the files in /home/XXXX/.config/google-chrome/Default/Site Characteristics Database? 000003.log in particular would be the most important.

Even without that, I will put in more error-catching logic so just that artifact parsing will fail, not the whole Hindsight run.

Answer 2 · 2021-02-20T20:42:07.000Z

Appreciate your hard work on this item. Files attached in zip archive

…

On Feb 20, 2021, at 15:34, Ryan Benson ***@***.***> wrote: Hey there - thanks for reporting this! Is there any way you could get me the files in /home/XXXX/.config/google-chrome/Default/Site Characteristics Database? 000003.log in particular would be the most important. Even without that, I will put in more error-catching logic so just that artifact parsing will fail, not the whole Hindsight run. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#76 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AC22RZERK4XUQMQPD6C7AULTAAMFPANCNFSM4X6EZ2TA>.

Answer 3 · 2021-02-20T21:58:10.000Z

Sorry, I'm not seeing the zip. Where is it attached?

Answer 4 · 2021-02-20T22:02:02.000Z

https://tmpfiles.org/download/160359/ALL_site_CDB.zip

Answer 5 · 2021-02-20T22:47:10.000Z

Should be fixed in master now by #78. I'll try and dig more into why that LevelDB instance is causing problems, but this should at least handle the exception.

Thanks again for letting me know about it and supplying the sample data!

Answer 6 · 2021-02-21T00:46:53.000Z

Thank you!