fix: str_to_isoformat for unformatted datetime

dissect/target/plugins/os/windows/tasks/xml.py

@@ -1,5 +1,6 @@
 from __future__ import annotations
 
+from datetime import datetime, timezone
 from typing import TYPE_CHECKING
 
 from defusedxml import ElementTree
@@ -97,6 +98,28 @@ def str_to_bool(string_to_convert: str) -> bool | None:
     raise ValueError(f"Invalid boolean string: '{string_to_convert}' (expected 'true' or 'false')")
 
 
+def parse_datetime(value: str) -> datetime | None:
+    """Parse a datetime string to a datetime object.
+
+    Accepts strings in the form YYYY-MM-DDThh:mm:ss
+     and returns a datetime object.
+
+    Args:
+        value: The input datetime string.
+
+    Returns:
+        None for an empty string, otherwise a datetime object.
+    """
+    if not value:
+        return None
+    try:
+        date = datetime.fromisoformat(value)
+    except ValueError:
+        value = value.replace(" ", "T")
+        date = datetime.strptime(value, "%Y-%m-%dT%H:%M:%S").replace(tzinfo=timezone.utc).replace(tzinfo=None)
+    return date
+
+
 class XmlTask:
     """Parses and extracts information from an XML-based Task Scheduler file.
 
@@ -245,8 +268,8 @@ def get_triggers(self) -> Iterator[GroupedRecord]:
         for trigger in self.task_element.findall("Triggers/*"):
             trigger_type = trigger.tag
             trigger_enabled = str_to_bool(self.get_element("Enabled", trigger))
-            start_boundary = self.get_element("StartBoundary", trigger)
-            end_boundary = self.get_element("EndBoundary", trigger)
+            start_boundary = parse_datetime(self.get_element("StartBoundary", trigger))
+            end_boundary = parse_datetime(self.get_element("EndBoundary", trigger))
             repetition_interval = self.get_element("Repetition/Interval", trigger)
             repetition_duration = self.get_element("Repetition/Duration", trigger)
             repetition_stop_duration_end = str_to_bool(self.get_element("Repetition/StopAtDurationEnd", trigger))

tests/plugins/os/windows/test_tasks.py

@@ -9,6 +9,7 @@
 from flow.record import GroupedRecord
 
 from dissect.target.plugins.os.windows.tasks._plugin import TaskRecord, TasksPlugin
+from dissect.target.plugins.os.windows.tasks.xml import parse_datetime
 from tests._utils import absolute_path
 
 if TYPE_CHECKING:
@@ -265,3 +266,36 @@ def test_xml_task_invalid(
     with caplog.at_level(logging.WARNING, target_win.log.name):
         assert len(list(target_win.tasks(group=True))) == 18
         assert "Invalid task file encountered:" in caplog.text
+
+
+def test_xml_task_time() -> None:
+    assert parse_datetime("2023-07-05T14:30:00") == datetime(2023, 7, 5, 14, 30, 0, tzinfo=timezone.utc).replace(
+        tzinfo=None
+    )
+
+
+def test_xml_task_time_valid_space() -> None:
+    assert parse_datetime("2024-01-01 09:15:00") == datetime(2024, 1, 1, 9, 15, 0, tzinfo=timezone.utc).replace(
+        tzinfo=None
+    )
+
+
+def test_xml_task_time_empty() -> None:
+    assert parse_datetime("") is None
+
+
+def test_xml_task_time_invalid() -> None:
+    with pytest.raises(ValueError, match=r"(does not match format)"):
+        parse_datetime("invalid datetime")
+
+
+def test_xml_task_time_utc() -> None:
+    assert parse_datetime("2025-07-14T07:15:00Z") == datetime.strptime(
+        "2025-07-14 07:15:00+00:00", "%Y-%m-%d %H:%M:%S%z"
+    )
+
+
+def test_xml_task_time_no_leading_zero() -> None:
+    assert parse_datetime("2023-3-12T11:00:00") == datetime(2023, 3, 12, 11, 0, 0, tzinfo=timezone.utc).replace(
+        tzinfo=None
+    )