[Bug] sqlite3.ProgrammingError in mailprotect.py during iOS < 13 artifact parsing #1386
Description
The get_mailprotect function in mailprotect.py encounters a critical error when processing Apple Mail data for iOS versions lower than 13. The parser crashes with a sqlite3.ProgrammingError: Cannot operate on a closed database.
Root Cause Analysis
The issue stems from a redundant db.close() call located at the end of the iOS < 13 processing block. The database connection is initiated using a context manager (with open_sqlite_db_readonly(...)). When the code exits the with block, the connection is automatically closed. The subsequent explicit call to db.close() attempts to close an already closed connection (or interferes with the context manager's lifecycle), resulting in a crash.
Traceback
sqlite3.ProgrammingError: Cannot operate on a closed database.
Traceback (most recent call last):
File "scripts/artifacts/mailprotect.py", line [line_number]
cursor.execute(...)
Error was: Cannot operate on a closed database.
Affected File
- mailprotect.py (Lines 70-212 approx, iOS < 13 logic path)
Steps to Reproduce
- Run iLEAPP against an iOS backup/image with a version < 13.
- Ensure the image contains
Envelope IndexandProtected Indexfiles. - Observe the crash during the "Apple Email" artifact parsing stage.
Expected Behavior
The parser should rely on the context manager to handle resource cleanup and complete the parsing of email artifacts without raising a database exception.
Proposed Fix
Remove the explicit db.close() statement and allow the with statement to handle the connection teardown naturally.