Created parser for Apple IPS files.

[rick-slin]

One line description of pull request

Created parser for Apple IPS files as well as an IPS parser plugin for recoverylogd-[...].ips files.

Description:

Created parser for Apple IPS files as well as an IPS parser plugin for recoverylogd-[...].ips files.

Related issue (if applicable): fixes #<4102>

Notes:

All contributions to Plaso undergo code review.
This makes sure that the code has appropriate test coverage and conforms to the
Plaso style guide.

One of the maintainers will examine your code, and may request changes. Check off the items below in
order, and then a maintainer will review your code.

Checklist:

• Automated checks (GitHub Actions, AppVeyor) pass
• No new new dependencies are required or l2tdevtools has been updated
• Reviewer assigned

[codecov]

Codecov Report

Attention: Patch coverage is 91.75824% with 15 lines in your changes are missing coverage. Please review.

Project coverage is 85.20%. Comparing base (e349697) to head (271c16a).
Report is 5 commits behind head on main.

❗ Current head 271c16a differs from pull request most recent head 35d376b. Consider uploading reports for the commit 35d376b to get more accurate results

Files	Patch %	Lines
plaso/parsers/ips_plugins/interface.py	80.85%	9 Missing ⚠️
plaso/parsers/ips_parser.py	91.11%	4 Missing ⚠️
plaso/parsers/ips_plugins/recovery_logd.py	97.95%	1 Missing ⚠️
plaso/parsers/ips_plugins/stacks_ips.py	97.56%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4688      +/-   ##
==========================================
- Coverage   85.21%   85.20%   -0.02%     
==========================================
  Files         428      431       +3     
  Lines       38826    38818       -8     
==========================================
- Hits        33084    33073      -11     
- Misses       5742     5745       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[rick-slin]

Could someone please take another look at this PR?

[joachimmetz]

@rick-slin thanks for the reminder. I'll try to take a look as soon as time permits, but note things are busy on my end.

[joachimmetz]

Rebased with HEAD of origin main

[rick-slin]

I don't understand what needs to be fixed. What is a "non-mergeable pull request "?

[joachimmetz]

I don't understand what needs to be fixed. What is a "non-mergeable pull request "?

do you mean the message in continuous-integration/appveyor/pr — AppVeyor was unable to build non-mergeable pull request ?

Don't worry about it, could be a fluke in the CI interaction, I'll have a look when I have time

[rick-slin]

Yes. This is what I meant. Thanks.

[joachimmetz]

@rick-slin FYI I'll start looking at merging this after the March release

[rick-slin]

Yeah, no rush obviously. I just noticed that one of your last commits fixed an issue I was encountering in the CI tests.

[joachimmetz]

note to self see if TimeElementsWithFractionOfSecond can be used instead

[joachimmetz]

Looks like the fraction of second value is either 2 or 4 digits. @rick-slin can you confirm this based on other samples ?

I recommend we preserve the precision here to prevent misrepresentation, also see https://osdfir.blogspot.com/2021/10/pearls-and-pitfalls-of-timeline-analysis.html

When time permits I'll make some tweaks to dfDateTime to support 10 ms and 100 us intervals

[rick-slin]

I couldn't find an ips file with a timestamp with something other than 10 ms precision (hundredth of seconds). Where did you encounter one with 100 us precision? I checked on three iPhones (iOS 14, 15, and 16) and a MacBook.

I see your point about preserving granularity.