Merge remote-tracking branch 'origin/main' into feature/module-dependency-ordering

# Conflicts:
#	src/mvt/common/module.py

tests/android/test_artifact_dumpsys_accessibility.py

@@ -5,6 +5,7 @@
 import logging
 
 from mvt.android.artifacts.dumpsys_accessibility import DumpsysAccessibilityArtifact
+from mvt.common.alerts import AlertLevel
 from mvt.common.indicators import Indicators
 
 from ..utils import get_artifact
@@ -38,6 +39,19 @@ class TestDumpsysAccessibilityArtifact:
         assert da.results[0]["package_name"] == "com.malware.accessibility"
         assert da.results[0]["service"] == "com.malware.service.malwareservice"
 
+    def test_accessibility_service_alert(self):
+        da = DumpsysAccessibilityArtifact()
+        file = get_artifact("android_data/dumpsys_accessibility_v14_or_later.txt")
+        with open(file) as f:
+            data = f.read()
+        da.parse(data)
+
+        da.check_indicators()
+
+        assert len(da.alertstore.alerts) == 1
+        assert da.alertstore.alerts[0].level == AlertLevel.MEDIUM
+        assert da.alertstore.alerts[0].event == da.results[0]
+
     def test_ioc_check(self, indicator_file):
         da = DumpsysAccessibilityArtifact()
         file = get_artifact("android_data/dumpsys_accessibility.txt")
@@ -51,4 +65,12 @@ class TestDumpsysAccessibilityArtifact:
         da.indicators = ind
         assert len(da.alertstore.alerts) == 0
         da.check_indicators()
-        assert len(da.alertstore.alerts) == 1
+        assert len(da.alertstore.alerts) == len(da.results)
+        assert da.alertstore.count(AlertLevel.MEDIUM) == 3
+        assert da.alertstore.count(AlertLevel.CRITICAL) == 1
+        critical_alert = next(
+            alert
+            for alert in da.alertstore.alerts
+            if alert.level == AlertLevel.CRITICAL
+        )
+        assert critical_alert.event["package_name"] == "com.sec.android.app.camera"

tests/android_androidqf/test_settings.py

@@ -21,4 +21,5 @@ class TestSettingsModule:
         run_module(m)
         assert len(m.results) == 1
         assert "random" in m.results.keys()
-        assert len(m.alertstore.alerts) == 0
+        assert len(m.alertstore.alerts) == 1
+        assert "samsung_errorlog_agree" in m.alertstore.alerts[0].message

tests/ios_backup/test_webkit_resource_load_statistics.py

@@ -3,6 +3,8 @@
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/
 
+import sqlite3
+
 from mvt.common.module import run_module
 from mvt.ios.modules.mixed.webkit_resource_load_statistics import (
     WebkitResourceLoadStatistics,
@@ -19,3 +21,50 @@ class TestWebkitResourceLoadStatisticsModule:
         assert len(m.results) == 2
         assert len(m.timeline) == 2
         assert len(m.alertstore.alerts) == 0
+
+        results = {result["registrable_domain"]: result for result in m.results}
+        assert results["google.com"]["most_recent_user_interaction_time"] > 0
+        assert "most_recent_user_interaction_time_isodate" in results["google.com"]
+        assert results["gstatic.com"]["most_recent_user_interaction_time"] == -1.0
+        assert (
+            "most_recent_user_interaction_time_isodate"
+            not in results["gstatic.com"]
+        )
+        assert all(
+            "most_recent_web_push_interaction_time" not in result
+            for result in m.results
+        )
+
+    def test_webkit_full_timestamp_schema(self, tmp_path):
+        db_path = tmp_path / "observations.db"
+        conn = sqlite3.connect(db_path)
+        conn.execute(
+            """
+            CREATE TABLE ObservedDomains (
+                domainID INTEGER PRIMARY KEY,
+                registrableDomain TEXT NOT NULL,
+                lastSeen REAL NOT NULL,
+                hadUserInteraction INTEGER NOT NULL,
+                mostRecentUserInteractionTime REAL NOT NULL,
+                mostRecentWebPushInteractionTime REAL NOT NULL
+            );
+            """
+        )
+        conn.execute(
+            """
+            INSERT INTO ObservedDomains VALUES (?, ?, ?, ?, ?, ?);
+            """,
+            (1, "example.com", 1634560250.0, 1, 1634560030.0, -1.0),
+        )
+        conn.commit()
+        conn.close()
+
+        m = WebkitResourceLoadStatistics(target_path=str(tmp_path))
+        m._process_observations_db(str(db_path), "", "observations.db")
+
+        assert len(m.results) == 1
+        result = m.results[0]
+        assert result["most_recent_user_interaction_time"] == 1634560030.0
+        assert "most_recent_user_interaction_time_isodate" in result
+        assert result["most_recent_web_push_interaction_time"] == -1.0
+        assert "most_recent_web_push_interaction_time_isodate" not in result