From 49178609169a2a765505f9cdcddba93a1a6ca6d8 Mon Sep 17 00:00:00 2001
From: h0ckeyst1ck <46916952+h0ckeyst1ck@users.noreply.github.com>
Date: Fri, 12 Jul 2024 14:20:09 +0200
Subject: [PATCH 1/3] Fix parsing journal when value is string None

A journal entry can contain fields with the string value None.
Currently parsing to int fails as it only checks for None type and
not None string.
---
 dissect/target/plugins/os/unix/log/journal.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dissect/target/plugins/os/unix/log/journal.py b/dissect/target/plugins/os/unix/log/journal.py
index 4c9e3b05e..9451ab6c3 100644
--- a/dissect/target/plugins/os/unix/log/journal.py
+++ b/dissect/target/plugins/os/unix/log/journal.py
@@ -259,7 +259,7 @@
 
 def get_optional(value: str, to_type: Callable):
     """Return the value if True, otherwise return None."""
-    return to_type(value) if value else None
+    return to_type(value) if value and value != 'None' else None
 
 
 class JournalFile:

From e1987c722d6fc8bdef1c4791debc2d1eeccaa932 Mon Sep 17 00:00:00 2001
From: h0ckeyst1ck <46916952+h0ckeyst1ck@users.noreply.github.com>
Date: Wed, 17 Jul 2024 12:34:13 +0200
Subject: [PATCH 2/3] Add comment to parsing journal function

The added comment explains previous change of also checking for stringy None in journal parsing

Co-authored-by: cecinestpasunepipe <110607403+cecinestpasunepipe@users.noreply.github.com>
---
 dissect/target/plugins/os/unix/log/journal.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/dissect/target/plugins/os/unix/log/journal.py b/dissect/target/plugins/os/unix/log/journal.py
index 9451ab6c3..51ad5b454 100644
--- a/dissect/target/plugins/os/unix/log/journal.py
+++ b/dissect/target/plugins/os/unix/log/journal.py
@@ -259,7 +259,11 @@
 
 def get_optional(value: str, to_type: Callable):
     """Return the value if True, otherwise return None."""
-    return to_type(value) if value and value != 'None' else None
+    return to_type(value) if value else None
+
+# Sometimes stringy None is inserted by external tools like Ansible    
+def int_or_none(value: str):
+    return int(value) if value and value != "None" else None
 
 
 class JournalFile:

From 1f1d95f9a271fdcaa5e1ee2a4bb8317f56e4e755 Mon Sep 17 00:00:00 2001
From: Miauwkeru <Miauwkeru@users.noreply.github.com>
Date: Mon, 11 Nov 2024 14:47:51 +0000
Subject: [PATCH 3/3] Use int_or_none at appropriate places inside the
 JournalRecord

---
 dissect/target/plugins/os/unix/log/journal.py | 25 ++++++++++---------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/dissect/target/plugins/os/unix/log/journal.py b/dissect/target/plugins/os/unix/log/journal.py
index e69f80c4b..1c6373938 100644
--- a/dissect/target/plugins/os/unix/log/journal.py
+++ b/dissect/target/plugins/os/unix/log/journal.py
@@ -276,8 +276,9 @@ def get_optional(value: str, to_type: Callable) -> Any | None:
         log.debug("", exc_info=e)
         return None
 
-# Sometimes stringy None is inserted by external tools like Ansible    
-def int_or_none(value: str):
+
+# Sometimes stringy None is inserted by external tools like Ansible
+def int_or_none(value: str) -> int | None:
     return int(value) if value and value != "None" else None
 
 
@@ -431,30 +432,30 @@ def journal(self) -> Iterator[JournalRecord]:
                     ts=entry.get("ts"),
                     message=entry.get("message"),
                     message_id=entry.get("message_id"),
-                    priority=get_optional(entry.get("priority"), int),
+                    priority=int_or_none(entry.get("priority")),
                     code_file=get_optional(entry.get("code_file"), path_function),
-                    code_line=get_optional(entry.get("code_line"), int),
+                    code_line=int_or_none(entry.get("code_line")),
                     code_func=entry.get("code_func"),
-                    errno=get_optional(entry.get("errno"), int),
+                    errno=int_or_none(entry.get("errno")),
                     invocation_id=entry.get("invocation_id"),
                     user_invocation_id=entry.get("user_invocation_id"),
                     syslog_facility=entry.get("syslog_facility"),
                     syslog_identifier=entry.get("syslog_identifier"),
-                    syslog_pid=get_optional(entry.get("syslog_pid"), int),
+                    syslog_pid=int_or_none(entry.get("syslog_pid")),
                     syslog_raw=entry.get("syslog_raw"),
                     documentation=entry.get("documentation"),
-                    tid=get_optional(entry.get("tid"), int),
+                    tid=int_or_none(entry.get("tid")),
                     unit=entry.get("unit"),
                     user_unit=entry.get("user_unit"),
-                    pid=get_optional(entry.get("pid"), int),
-                    uid=get_optional(entry.get("uid"), int),
-                    gid=get_optional(entry.get("gid"), int),
+                    pid=int_or_none(entry.get("pid")),
+                    uid=int_or_none(entry.get("uid")),
+                    gid=int_or_none(entry.get("gid")),
                     comm=entry.get("comm"),
                     exe=get_optional(entry.get("exe"), path_function),
                     cmdline=entry.get("cmdline"),
                     cap_effective=entry.get("cap_effective"),
-                    audit_session=get_optional(entry.get("audit_session"), int),
-                    audit_loginuid=get_optional(entry.get("audit_loginuid"), int),
+                    audit_session=int_or_none(entry.get("audit_session")),
+                    audit_loginuid=int_or_none(entry.get("audit_loginuid")),
                     systemd_cgroup=get_optional(entry.get("systemd_cgroup"), path_function),
                     systemd_slice=entry.get("systemd_slice"),
                     systemd_unit=entry.get("systemd_unit"),