From 9d61b9048c2eecbd5ca7ef81ae690a4f39edfb3a Mon Sep 17 00:00:00 2001 From: Nex Date: Wed, 30 Mar 2022 08:49:22 +0200 Subject: [PATCH] Fixed variable names mismatch and styling --- mvt/android/modules/adb/dumpsys_appops.py | 8 ++--- mvt/android/modules/bugreport/appops.py | 8 +++-- mvt/android/parsers/__init__.py | 3 +- mvt/android/parsers/dumpsys.py | 44 +++++++++++++---------- tests/android/test_bugreport_appops.py | 2 +- tests/android/test_dumpsys_parser.py | 4 +-- tests/test_check_bugreport.py | 4 +-- 7 files changed, 41 insertions(+), 32 deletions(-) diff --git a/mvt/android/modules/adb/dumpsys_appops.py b/mvt/android/modules/adb/dumpsys_appops.py index 4747adc..6e7db36 100644 --- a/mvt/android/modules/adb/dumpsys_appops.py +++ b/mvt/android/modules/adb/dumpsys_appops.py @@ -36,7 +36,7 @@ class DumpsysAppOps(AndroidExtraction): "timestamp": entry["timestamp"], "module": self.__class__.__name__, "event": entry["access"], - "data": f"{record['package_id']} access to {perm['name']} : {entry['access']}", + "data": f"{record['package_name']} access to {perm['name']} : {entry['access']}", }) return records @@ -49,11 +49,11 @@ class DumpsysAppOps(AndroidExtraction): result["matched_indicator"] = ioc self.detected.append(result) continue + for perm in result["permissions"]: if perm["name"] == "REQUEST_INSTALL_PACKAGES" and perm["access"] == "allow": - self.log.info("Package %s with REQUEST_INSTALL_PACKAGES permission", result["package_id"]) - - + self.log.info("Package %s with REQUEST_INSTALL_PACKAGES permission", + result["package_name"]) def run(self): self._adb_connect() diff --git a/mvt/android/modules/bugreport/appops.py b/mvt/android/modules/bugreport/appops.py index 950dacc..7940e75 100644 --- a/mvt/android/modules/bugreport/appops.py +++ b/mvt/android/modules/bugreport/appops.py @@ -33,7 +33,7 @@ class Appops(BugReportModule): "timestamp": entry["timestamp"], "module": self.__class__.__name__, "event": entry["access"], - "data": f"{record['package_id']} access to {perm['name']} : {entry['access']}", + "data": f"{record['package_name']} access to {perm['name']} : {entry['access']}", }) return records @@ -46,9 +46,10 @@ class Appops(BugReportModule): result["matched_indicator"] = ioc self.detected.append(result) continue + for perm in result["permissions"]: if perm["name"] == "REQUEST_INSTALL_PACKAGES" and perm["access"] == "allow": - self.log.info("Package %s with REQUEST_INSTALL_PACKAGES permission", result["package_id"]) + self.log.info("Package %s with REQUEST_INSTALL_PACKAGES permission", result["package_name"]) def run(self): content = self._get_dumpstate_file() @@ -73,4 +74,5 @@ class Appops(BugReportModule): self.results = parse_dumpsys_appops("\n".join(lines)) - self.log.info("Identified a total of %d packages in App-Ops Manager", len(self.results)) + self.log.info("Identified a total of %d packages in App-Ops Manager", + len(self.results)) diff --git a/mvt/android/parsers/__init__.py b/mvt/android/parsers/__init__.py index a882b92..a0cd101 100644 --- a/mvt/android/parsers/__init__.py +++ b/mvt/android/parsers/__init__.py @@ -4,9 +4,8 @@ # https://license.mvt.re/1.1/ from .dumpsys import (parse_dumpsys_accessibility, - parse_dumpsys_appops, parse_dumpsys_activity_resolver_table, - parse_dumpsys_battery_daily, + parse_dumpsys_appops, parse_dumpsys_battery_daily, parse_dumpsys_battery_history, parse_dumpsys_dbinfo, parse_dumpsys_receiver_resolver_table) from .getprop import parse_getprop diff --git a/mvt/android/parsers/dumpsys.py b/mvt/android/parsers/dumpsys.py index eba050a..b9b6884 100644 --- a/mvt/android/parsers/dumpsys.py +++ b/mvt/android/parsers/dumpsys.py @@ -5,6 +5,7 @@ import re from datetime import datetime + from mvt.common.utils import convert_timestamp_to_iso @@ -304,53 +305,59 @@ def parse_dumpsys_appops(output): if not in_packages: continue - # In packages if line.startswith(" Uid "): uid = line[6:-1] continue if line.startswith(" Package "): - if entry != {}: + if entry: perm["entries"].append(entry) entry = {} - if package != {}: - if perm != {}: + + if package: + if perm: package["permissions"].append(perm) + perm = {} results.append(package) + package = { - "package_id": line[12:-1], - "permissions": [], - "uid": uid, + "package_name": line[12:-1], + "permissions": [], + "uid": uid, } continue if line.startswith(" ") and line[6] != " ": - # Permission name READ_EXTERNAL_STORAGE (allow): - if entry != {}: + if entry: perm["entries"].append(entry) entry = {} - if perm != {}: + if perm: package["permissions"].append(perm) perm = {} + perm["name"] = line.split()[0] perm["entries"] = [] if len(line.split()) > 1: perm["access"] = line.split()[1][1:-2] + continue if line.startswith(" "): - # Permission entry like Reject: [fg-s]2021-05-19 22:02:52.054 (-314d1h25m2s33ms) - if entry != {}: + # Permission entry like: + # Reject: [fg-s]2021-05-19 22:02:52.054 (-314d1h25m2s33ms) + if entry: perm["entries"].append(entry) entry = {} + entry["access"] = line.split(":")[0].strip() entry["type"] = line[line.find("[")+1:line.find("]")] + try: entry["timestamp"] = convert_timestamp_to_iso( - datetime.strptime( - line[line.find("]")+1:line.find("(")].strip(), - "%Y-%m-%d %H:%M:%S.%f")) + datetime.strptime( + line[line.find("]")+1:line.find("(")].strip(), + "%Y-%m-%d %H:%M:%S.%f")) except ValueError: # Invalid date format pass @@ -358,10 +365,11 @@ def parse_dumpsys_appops(output): if line.strip() == "": break - if entry != {}: + if entry: perm["entries"].append(entry) - if perm != {}: + if perm: package["permissions"].append(perm) - if package != {}: + if package: results.append(package) + return results diff --git a/tests/android/test_bugreport_appops.py b/tests/android/test_bugreport_appops.py index 26f5412..a362222 100644 --- a/tests/android/test_bugreport_appops.py +++ b/tests/android/test_bugreport_appops.py @@ -7,9 +7,9 @@ import logging import os from pathlib import Path +from mvt.android.modules.bugreport.appops import Appops from mvt.common.indicators import Indicators from mvt.common.module import run_module -from mvt.android.modules.bugreport.appops import Appops from ..utils import get_artifact_folder diff --git a/tests/android/test_dumpsys_parser.py b/tests/android/test_dumpsys_parser.py index b4f14dc..b0c7ae7 100644 --- a/tests/android/test_dumpsys_parser.py +++ b/tests/android/test_dumpsys_parser.py @@ -19,11 +19,11 @@ class TestDumpsysParsing: res = parse_dumpsys_appops(data) assert len(res) == 12 - assert res[0]["package_id"] == "com.android.phone" + assert res[0]["package_name"] == "com.android.phone" assert res[0]["uid"] == "0" assert len(res[0]["permissions"]) == 1 assert res[0]["permissions"][0]["name"] == "MANAGE_IPSEC_TUNNELS" assert res[0]["permissions"][0]["access"] == "allow" - assert res[6]["package_id"] == "com.sec.factory.camera" + assert res[6]["package_name"] == "com.sec.factory.camera" assert len(res[6]["permissions"][1]["entries"]) == 1 assert len(res[11]["permissions"]) == 4 diff --git a/tests/test_check_bugreport.py b/tests/test_check_bugreport.py index 225532a..fc03d6e 100644 --- a/tests/test_check_bugreport.py +++ b/tests/test_check_bugreport.py @@ -4,17 +4,17 @@ # https://license.mvt.re/1.1/ import os + from click.testing import CliRunner from mvt.android.cli import check_bugreport from .utils import get_artifact_folder + class TestCheckBugreportCommand: def test_check(self): runner = CliRunner() path = os.path.join(get_artifact_folder(), "android_data/bugreport/") result = runner.invoke(check_bugreport, [path]) assert result.exit_code == 0 - -