Ignore empty gzip timestamp in yearless log format helper (#4829)

log2timeline · Mar 9, 2024 · c79aed4 · c79aed4
1 parent e9af2a6
commit c79aed4
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 5 deletions.
diff --git a/config/dpkg/changelog b/config/dpkg/changelog
@@ -1,5 +1,5 @@
-plaso (20240303-1) unstable; urgency=low
+plaso (20240308-1) unstable; urgency=low
 
   * Auto-generated
 
- -- Log2Timeline maintainers <log2timeline-maintainers@googlegroups.com>  Sun, 03 Mar 2024 11:10:05 +0100
+ -- Log2Timeline maintainers <log2timeline-maintainers@googlegroups.com>  Fri, 08 Mar 2024 20:01:17 +0100
diff --git a/plaso/__init__.py b/plaso/__init__.py
@@ -6,4 +6,4 @@
 of log2timeline.
 """
 
-__version__ = '20240303'
+__version__ = '20240308'
diff --git a/plaso/lib/yearless_helper.py b/plaso/lib/yearless_helper.py
@@ -44,12 +44,24 @@ def _GetYearsFromFileEntry(self, file_entry):
     Returns:
       set[int]: years of the file entry.
     """
+    if file_entry.type_indicator == dfvfs_definitions.TYPE_INDICATOR_GZIP:
+      # Ignore a gzip file that contains a modification timestamp of 0.
+      if (file_entry.modification_time and
+          file_entry.modification_time.timestamp > 0):
+        year, _, _ = file_entry.modification_time.GetDate()
+        return set([year])
+
     years = set()
 
     for attribute_name in ('change_time', 'creation_time', 'modification_time'):
       date_time = getattr(file_entry, attribute_name, None)
       if date_time:
         year, _, _ = date_time.GetDate()
+
+        if year == 1970 and file_entry.type_indicator == (
+            dfvfs_definitions.TYPE_INDICATOR_GZIP):
+          continue
+
         years.add(year)
 
     return years
@@ -149,7 +161,7 @@ def _UpdateYear(self, month):
       # Account for log formats that allow out-of-order date and time values
       # (Apr->May->Apr) such as rsyslog with the RepeatedMsgReduction setting
       # enabled.
-      if (month + 1) < self._month:
+      if month + 1 < self._month:
         self._relative_year += 1
         self._year += 1
 

diff --git a/setup.cfg b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = plaso
-version = 20240303
+version = 20240308
 description = Plaso (log2timeline) - Super timeline all the things
 long_description = Plaso (log2timeline) is a framework to create super timelines. Its purpose is to extract timestamps from various files found on typical computer systems and aggregate them.
 long_description_content_type = text/plain