tool_lazagne_filepath query fails

Question

tool_lazagne_filepath query fails

johnosn opened this issue 3 years ago · comments

tool_lazagne_filepath query fails with the message: Error: near "unixepoch": syntax error

The use of 2 single quotes instead of double quotes is causing the query to fail. Consider modifying the query to use double quotes when storing inside the yaml file.

Example working queries:

SELECT
	f.path,
	f.filename,
	h.sha256,
	f.uid,
	f.gid,
	f.mode,
	f.size,
	DATETIME(f.atime, "unixepoch", "UTC") AS last_access_time,
	DATETIME(f.mtime, "unixepoch", "UTC") AS last_modified, 
	DATETIME(f.ctime, "unixepoch", "UTC") AS last_status_change_time,
    DATETIME(f.btime, "unixepoch", "UTC") AS creation_time,
	f.type
FROM file f
    LEFT JOIN hash h ON f.path=h.path 
WHERE f.path LIKE "C:\Users\%\AppData\Local\Temp\%\laZagne%";

Or

WITH ud AS (
	SELECT
		directory AS UserDirectory,
		directory || '\AppData\Local\Temp' AS TempDirectory
	FROM users
	WHERE directory LIKE "%\Users\%"
),
td AS (
	SELECT
		ud.UserDirectory AS UserDirectory,
		ud.TempDirectory AS TempDirectory,
		f.path AS Sub_TempDirectory,
		f.type AS type
	FROM ud
	JOIN file f ON ud.TempDirectory = f.directory
	WHERE f.type != "regular"
)
SELECT
	f.path,
	f.directory,
	f.filename,
	h.sha256,
	f.uid,
	f.gid,
	f.mode,
	f.size,
	DATETIME(f.atime, "unixepoch", "UTC") AS last_access_time,
	DATETIME(f.mtime, "unixepoch", "UTC") AS last_modified,
	DATETIME(f.ctime, "unixepoch", "UTC") AS last_status_change_time,
	DATETIME(f.btime, "unixepoch", "UTC") AS creation_time,
	f.type
FROM td
	JOIN file f ON td.Sub_TempDirectory = f.directory
	LEFT JOIN hash h ON f.path = h.path 
WHERE f.filename LIKE "laZagne%";

Christopher Marczewski · Answer 1 · Fri Apr 23 2021 04:51:16 GMT+0800 (China Standard Time)

This has been resolved via f1bd2f1.

Thank you for bringing this to our attention.