From 4b6a101cc76e454104279200ddf5ad4f089687d1 Mon Sep 17 00:00:00 2001 From: Janik Besendorf Date: Fri, 7 Nov 2025 17:14:47 +0100 Subject: [PATCH] Fix remaining test errors - Add log_latest() call in root_binaries to log each alert - Fix UnboundLocalError in cmd_check_androidqf by initializing bugreport variable - Remove incorrect backup.close() call since load_backup() returns bytes - Remove duplicate from_ab method in cmd_check_backup that was using old attributes --- src/mvt/android/cmd_check_androidqf.py | 33 +++++++++---------- src/mvt/android/cmd_check_backup.py | 28 ---------------- .../modules/androidqf/root_binaries.py | 1 + 3 files changed, 17 insertions(+), 45 deletions(-) diff --git a/src/mvt/android/cmd_check_androidqf.py b/src/mvt/android/cmd_check_androidqf.py index 8d57a19..0427b1d 100644 --- a/src/mvt/android/cmd_check_androidqf.py +++ b/src/mvt/android/cmd_check_androidqf.py @@ -140,6 +140,7 @@ class CmdAndroidCheckAndroidQF(Command): raise NoAndroidQFBackup def run_bugreport_cmd(self) -> bool: + bugreport = None try: bugreport = self.load_bugreport() except NoAndroidQFBugReport: @@ -174,24 +175,22 @@ class CmdAndroidCheckAndroidQF(Command): "Skipping backup modules as no backup.ab found in AndroidQF data." ) return False - else: - cmd = CmdAndroidCheckBackup( - target_path=None, - results_path=self.results_path, - ioc_files=self.ioc_files, - iocs=self.iocs, - module_options=self.module_options, - hashes=self.hashes, - sub_command=True, - ) - cmd.from_ab(backup) - cmd.run() - self.timeline.extend(cmd.timeline) - self.alertstore.extend(cmd.alertstore.alerts) - finally: - if backup: - backup.close() + cmd = CmdAndroidCheckBackup( + target_path=None, + results_path=self.results_path, + ioc_files=self.ioc_files, + iocs=self.iocs, + module_options=self.module_options, + hashes=self.hashes, + sub_command=True, + ) + cmd.from_ab(backup) + cmd.run() + + self.timeline.extend(cmd.timeline) + self.alertstore.extend(cmd.alertstore.alerts) + return True def finish(self) -> None: """ diff --git a/src/mvt/android/cmd_check_backup.py b/src/mvt/android/cmd_check_backup.py index 027f99e..8fc4d71 100644 --- a/src/mvt/android/cmd_check_backup.py +++ b/src/mvt/android/cmd_check_backup.py @@ -92,34 +92,6 @@ class CmdAndroidCheckBackup(Command): for member in self.__tar: self.__files.append(member.name) - def from_ab(self, ab_file_bytes: bytes) -> None: - self.backup_type = "ab" - header = parse_ab_header(ab_file_bytes) - if not header["backup"]: - log.critical("Invalid backup format, file should be in .ab format") - sys.exit(1) - - password = None - if header["encryption"] != "none": - password = prompt_or_load_android_backup_password(log, self.module_options) - if not password: - log.critical("No backup password provided.") - sys.exit(1) - try: - tardata = parse_backup_file(ab_file_bytes, password=password) - except InvalidBackupPassword: - log.critical("Invalid backup password") - sys.exit(1) - except AndroidBackupParsingError as exc: - log.critical("Impossible to parse this backup file: %s", exc) - log.critical("Please use Android Backup Extractor (ABE) instead") - sys.exit(1) - - dbytes = io.BytesIO(tardata) - self.backup_archive = tarfile.open(fileobj=dbytes) - for member in self.backup_archive: - self.backup_files.append(member.name) - def init(self) -> None: if not self.target_path: return diff --git a/src/mvt/android/modules/androidqf/root_binaries.py b/src/mvt/android/modules/androidqf/root_binaries.py index c3c7029..7bd56f6 100644 --- a/src/mvt/android/modules/androidqf/root_binaries.py +++ b/src/mvt/android/modules/androidqf/root_binaries.py @@ -52,6 +52,7 @@ class RootBinaries(AndroidQFModule): "", result, ) + self.alertstore.log_latest() if self.results: self.log.warning(