CalvinBackup/mvt
1
0
Fork 0
mirror of https://github.com/mvt-project/mvt.git synced 2026-05-26 09:57:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix residual self.detected usage in packages and dumpsys_receivers

Browse Source 
These modules still used self.detected.append() which no longer exists
after the alertstore migration. Converted to alertstore calls:
- packages.py: ROOT_PACKAGES detection → alertstore.high()
- dumpsys_receivers.py: receiver IOC match → alertstore.critical()
This commit is contained in:
Donncha Ó Cearbhaill
2026-04-10 20:40:22 +02:00
parent 38822515ea
commit ddb8993139
2 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/mvt/android/modules/adb/packages.py
+4 -4
View File
@@ -73,11 +73,11 @@ class Packages(AndroidExtraction):
def check_indicators(self) -> None:
for result in self.results:
if result["package_name"] in ROOT_PACKAGES:
self.log.warning(
'Found an installed package related to rooting/jailbreaking: "%s"',
result["package_name"],
self.alertstore.high(
f'Found an installed package related to rooting/jailbreaking: "{result["package_name"]}"',
"",
result,
)
self.detected.append(result)
continue
if result["package_name"] in SECURITY_PACKAGES and result["disabled"]:
src/mvt/android/modules/bugreport/dumpsys_receivers.py
+9 -4
View File
@@ -41,10 +41,15 @@ class DumpsysReceivers(DumpsysReceiversArtifact, BugReportModule):
receiver_name = self.results[result][0]["receiver"]
# return IoC if the stix2 process name a substring of the receiver name
ioc = self.indicators.check_receiver_prefix(receiver_name)
if ioc:
self.results[result][0]["matched_indicator"] = ioc
self.detected.append(result)
ioc_match = self.indicators.check_receiver_prefix(receiver_name)
if ioc_match:
self.results[result][0]["matched_indicator"] = ioc_match.ioc
self.alertstore.critical(
ioc_match.message,
"",
self.results[result][0],
matched_indicator=ioc_match.ioc,
)
continue