Merge branch 'main' into feature/config-file

tests/android/test_artifact_dumpsys_appops.py

@@ -43,5 +43,21 @@ class TestDumpsysAppopsArtifact:
         ind.ioc_collections[0]["app_ids"].append("com.facebook.katana")
         da.indicators = ind
         assert len(da.detected) == 0
+
         da.check_indicators()
-        assert len(da.detected) == 1
+        detected_by_ioc = [
+            detected for detected in da.detected if detected.get("matched_indicator")
+        ]
+        detected_by_permission_heuristic = [
+            detected
+            for detected in da.detected
+            if all(
+                [
+                    perm["name"] == "REQUEST_INSTALL_PACKAGES"
+                    for perm in detected["permissions"]
+                ]
+            )
+        ]
+        assert len(da.detected) == 3
+        assert len(detected_by_ioc) == 1
+        assert len(detected_by_permission_heuristic) == 2

tests/android_androidqf/test_dumpsysappops.py

@@ -21,4 +21,9 @@ class TestDumpsysAppOpsModule:
         run_module(m)
         assert len(m.results) == 12
         assert len(m.timeline) == 16
-        assert len(m.detected) == 0
+
+        detected_by_ioc = [
+            detected for detected in m.detected if detected.get("matched_indicator")
+        ]
+        assert len(m.detected) == 1
+        assert len(detected_by_ioc) == 0

tests/android_bugreport/test_bugreport.py

@@ -33,7 +33,12 @@ class TestBugreportAnalysis:
         m = self.launch_bug_report_module(Appops)
         assert len(m.results) == 12
         assert len(m.timeline) == 16
-        assert len(m.detected) == 0
+
+        detected_by_ioc = [
+            detected for detected in m.detected if detected.get("matched_indicator")
+        ]
+        assert len(m.detected) == 1  # Hueristic detection for suspicious permissions
+        assert len(detected_by_ioc) == 0
 
     def test_packages_module(self):
         m = self.launch_bug_report_module(Packages)