mac os获取通知中心通知

notification.py

import os
import sqlite3
import biplist 
import time
import datetime

# 支持High Sierra以上版本 低版本相关原理可以参考 https://github.com/ydkhatri/MacForensics/blob/master/macNotifications.py

# dbname = '/private/var/folders/v0/46qvxfw92jgdtzrhhm201j2c0000gp/0/com.apple.notificationcenter/db2/db'
dbname = '/Users/msir/work/db.db'

# 获取mac os通知中心的db位置
def get_db():
    os.system("""lsof -p $(ps aux | grep -m1 usernoted | awk '{ print $2 }')| awk '{ print $NF }' | grep 'db2/db$'""")


# 列出app 获取appid
def list_app():
    conn = sqlite3.connect(dbname)
    cursor = conn.execute('select * from app')
    for row in cursor:
        print(row)
    

# 获取最近通知
def get_notification(appid=36):
    conn = sqlite3.connect(dbname)
    conn.row_factory = sqlite3.Row
    cursor = conn.execute(f'select * from record where app_id={appid} order by delivered_date desc limit 10')
    for row in cursor:
        plist = biplist.readPlistFromString(row['data'])
        # print(plist)
        dtime = datetime.datetime.fromtimestamp(row['delivered_date']+978307200)
        content = f"[{dtime}] [{plist['app']}] {plist['req']['titl']}"
        if 'subt' in plist['req']:
            content += f" ({plist['req']['subt']})"
        if 'body' in plist['req']:
            content += f" : {plist['req']['body']}"
        print(content)


# get_db()
# list_app()
# get_notification()