CalvinBackup/mvt
1
0
Fork 0
mirror of https://github.com/mvt-project/mvt.git synced 2026-02-12 16:42:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Linted code using isort + autoflake + black, fixed wrong use of Optional[bool]

Browse Source
This commit is contained in:
Nex
2023-06-01 23:40:26 +02:00
parent c2d740ed36
commit e1677639c4
139 changed files with 3751 additions and 2274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tests/android/test_backup_module.py
View File

@@ -15,7 +15,6 @@ from ..utils import get_android_backup_folder
class TestBackupModule:
def test_module_folder(self):
backup_path = get_android_backup_folder()
mod = SMS(target_path=backup_path)

16
tests/android/test_backup_parser.py
View File

@@ -11,7 +11,6 @@ from ..utils import get_artifact
class TestBackupParsing:
def test_parsing_noencryption(self):
file = get_artifact("android_backup/backup.ab")
with open(file, "rb") as f:
@@ -20,7 +19,10 @@ class TestBackupParsing:
m = hashlib.sha256()
m.update(ddata)
assert m.hexdigest() == "ce1ac5009fea5187a9f546b51e1446ba450243ae91d31dc779233ec0937b5d18"
assert (
m.hexdigest()
== "ce1ac5009fea5187a9f546b51e1446ba450243ae91d31dc779233ec0937b5d18"
)
sms = parse_tar_for_sms(ddata)
assert isinstance(sms, list)
assert len(sms) == 2
@@ -35,7 +37,10 @@ class TestBackupParsing:
m = hashlib.sha256()
m.update(ddata)
assert m.hexdigest() == "f365ace1effbc4902c6aeba241ca61544f8a96ad456c1861808ea87b7dd03896"
assert (
m.hexdigest()
== "f365ace1effbc4902c6aeba241ca61544f8a96ad456c1861808ea87b7dd03896"
)
sms = parse_tar_for_sms(ddata)
assert isinstance(sms, list)
assert len(sms) == 1
@@ -50,7 +55,10 @@ class TestBackupParsing:
m = hashlib.sha256()
m.update(ddata)
assert m.hexdigest() == "33e73df2ede9798dcb3a85c06200ee41c8f52dd2f2e50ffafcceb0407bc13e3a"
assert (
m.hexdigest()
== "33e73df2ede9798dcb3a85c06200ee41c8f52dd2f2e50ffafcceb0407bc13e3a"
)
sms = parse_tar_for_sms(ddata)
print(sms)
assert isinstance(sms, list)

9
tests/android/test_dumpsys_parser.py
View File

@@ -3,15 +3,16 @@
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
from mvt.android.parsers.dumpsys import (parse_dumpsys_appops,
parse_dumpsys_battery_history,
parse_dumpsys_packages)
from mvt.android.parsers.dumpsys import (
parse_dumpsys_appops,
parse_dumpsys_battery_history,
parse_dumpsys_packages,
)
from ..utils import get_artifact
class TestDumpsysParsing:
def test_appops_parsing(self):
file = get_artifact("android_data/dumpsys_appops.txt")
with open(file) as f:

3
tests/android_androidqf/test_dumpsysaccessbility.py
View File

@@ -3,8 +3,7 @@
# Use of this software is governed by the MVT License 1.1 that can be found at
# https://license.mvt.re/1.1/
from mvt.android.modules.androidqf.dumpsys_accessibility import \
DumpsysAccessibility
from mvt.android.modules.androidqf.dumpsys_accessibility import DumpsysAccessibility
from mvt.common.module import run_module
from ..utils import get_android_androidqf

5
tests/android_androidqf/test_dumpsyspackages.py
View File

@@ -20,7 +20,10 @@ class TestDumpsysPackagesModule:
assert len(m.results) == 2
assert len(m.detected) == 0
assert len(m.timeline) == 6
assert m.results[0]["package_name"] == "com.samsung.android.provider.filterprovider"
assert (
m.results[0]["package_name"]
== "com.samsung.android.provider.filterprovider"
)
def test_detection_pkgname(self, indicator_file):
data_path = get_android_androidqf()

9
tests/android_androidqf/test_getprop.py
View File

@@ -14,9 +14,10 @@ from ..utils import get_artifact_folder
class TestAndroidqfGetpropAnalysis:
def test_androidqf_getprop(self):
m = Getprop(target_path=os.path.join(get_artifact_folder(), "androidqf"), log=logging)
m = Getprop(
target_path=os.path.join(get_artifact_folder(), "androidqf"), log=logging
)
run_module(m)
assert len(m.results) == 10
assert m.results[0]["name"] == "dalvik.vm.appimageformat"
@@ -25,7 +26,9 @@ class TestAndroidqfGetpropAnalysis:
assert len(m.detected) == 0
def test_androidqf_getprop_detection(self, indicator_file):
m = Getprop(target_path=os.path.join(get_artifact_folder(), "androidqf"), log=logging)
m = Getprop(
target_path=os.path.join(get_artifact_folder(), "androidqf"), log=logging
)
ind = Indicators(log=logging.getLogger())
ind.parse_stix2(indicator_file)
ind.ioc_collections[0]["android_property_names"].append("dalvik.vm.heapmaxfree")

4
tests/android_androidqf/test_processes.py
View File

@@ -14,7 +14,9 @@ from ..utils import get_artifact_folder
class TestAndroidqfProcessesAnalysis:
def test_androidqf_processes(self):
m = Processes(target_path=os.path.join(get_artifact_folder(), "androidqf"), log=logging)
m = Processes(
target_path=os.path.join(get_artifact_folder(), "androidqf"), log=logging
)
run_module(m)
assert len(m.results) == 15
assert len(m.timeline) == 0

4
tests/android_androidqf/test_sms.py
View File

@@ -14,7 +14,9 @@ from ..utils import get_artifact_folder
class TestAndroidqfSMSAnalysis:
def test_androidqf_sms(self):
m = SMS(target_path=os.path.join(get_artifact_folder(), "androidqf"), log=logging)
m = SMS(
target_path=os.path.join(get_artifact_folder(), "androidqf"), log=logging
)
run_module(m)
assert len(m.results) == 2
assert len(m.timeline) == 0

10
tests/android_bugreport/test_bugreport.py
View File

@@ -15,7 +15,6 @@ from ..utils import get_artifact_folder
class TestBugreportAnalysis:
def launch_bug_report_module(self, module):
fpath = os.path.join(get_artifact_folder(), "android_data/bugreport/")
m = module(target_path=fpath)
@@ -23,7 +22,9 @@ class TestBugreportAnalysis:
parent_path = Path(fpath).absolute().as_posix()
for root, subdirs, subfiles in os.walk(os.path.abspath(fpath)):
for file_name in subfiles:
folder_files.append(os.path.relpath(os.path.join(root, file_name), parent_path))
folder_files.append(
os.path.relpath(os.path.join(root, file_name), parent_path)
)
m.from_folder(fpath, folder_files)
run_module(m)
return m
@@ -37,7 +38,10 @@ class TestBugreportAnalysis:
def test_packages_module(self):
m = self.launch_bug_report_module(Packages)
assert len(m.results) == 2
assert m.results[0]["package_name"] == "com.samsung.android.provider.filterprovider"
assert (
m.results[0]["package_name"]
== "com.samsung.android.provider.filterprovider"
)
assert m.results[1]["package_name"] == "com.instagram.android"
assert len(m.results[0]["permissions"]) == 4
assert len(m.results[1]["permissions"]) == 32

30
tests/artifacts/generate_stix.py
View File

@@ -22,27 +22,47 @@ def generate_test_stix_file(file_path):
malware = Malware(name="TestMalware", is_family=False, description="")
res.append(malware)
for d in domains:
i = Indicator(indicator_types=["malicious-activity"], pattern="[domain-name:value='{}']".format(d), pattern_type="stix")
i = Indicator(
indicator_types=["malicious-activity"],
pattern="[domain-name:value='{}']".format(d),
pattern_type="stix",
)
res.append(i)
res.append(Relationship(i, "indicates", malware))
for p in processes:
i = Indicator(indicator_types=["malicious-activity"], pattern="[process:name='{}']".format(p), pattern_type="stix")
i = Indicator(
indicator_types=["malicious-activity"],
pattern="[process:name='{}']".format(p),
pattern_type="stix",
)
res.append(i)
res.append(Relationship(i, "indicates", malware))
for f in filenames:
i = Indicator(indicator_types=["malicious-activity"], pattern="[file:name='{}']".format(f), pattern_type="stix")
i = Indicator(
indicator_types=["malicious-activity"],
pattern="[file:name='{}']".format(f),
pattern_type="stix",
)
res.append(i)
res.append(Relationship(i, "indicates", malware))
for e in emails:
i = Indicator(indicator_types=["malicious-activity"], pattern="[email-addr:value='{}']".format(e), pattern_type="stix")
i = Indicator(
indicator_types=["malicious-activity"],
pattern="[email-addr:value='{}']".format(e),
pattern_type="stix",
)
res.append(i)
res.append(Relationship(i, "indicates", malware))
for p in android_property:
i = Indicator(indicator_types=["malicious-activity"], pattern="[android-property:name='{}']".format(p), pattern_type="stix")
i = Indicator(
indicator_types=["malicious-activity"],
pattern="[android-property:name='{}']".format(p),
pattern_type="stix",
)
res.append(i)
res.append(Relationship(i, "indicates", malware))

1
tests/common/test_indicators.py
View File

@@ -10,7 +10,6 @@ from mvt.common.indicators import Indicators
class TestIndicators:
def test_parse_stix2(self, indicator_file):
ind = Indicators(log=logging)
ind.load_indicators_files([indicator_file], load_default=False)

29
tests/common/test_utils.py
View File

@@ -6,11 +6,14 @@
import logging
import os
from mvt.common.utils import (convert_datetime_to_iso, convert_mactime_to_iso,
convert_unix_to_iso,
convert_unix_to_utc_datetime,
generate_hashes_from_path,
get_sha256_from_file_path)
from mvt.common.utils import (
convert_datetime_to_iso,
convert_mactime_to_iso,
convert_unix_to_iso,
convert_unix_to_utc_datetime,
generate_hashes_from_path,
get_sha256_from_file_path,
)
from ..utils import get_artifact_folder
@@ -20,7 +23,6 @@ TEST_DATE_MAC = TEST_DATE_EPOCH - 978307200
class TestDateConversions:
def test_convert_unix_to_iso(self):
assert convert_unix_to_iso(TEST_DATE_EPOCH) == TEST_DATE_ISO
@@ -39,11 +41,12 @@ class TestDateConversions:
class TestHashes:
def test_hash_from_file(self):
path = os.path.join(get_artifact_folder(), "androidqf", "backup.ab")
sha256 = get_sha256_from_file_path(path)
assert sha256 == "f0e32fe8a7fd5ac0e2de19636d123c0072e979396986139ba2bc49ec385dc325"
assert (
sha256 == "f0e32fe8a7fd5ac0e2de19636d123c0072e979396986139ba2bc49ec385dc325"
)
def test_hash_from_folder(self):
path = os.path.join(get_artifact_folder(), "androidqf")
@@ -52,6 +55,12 @@ class TestHashes:
# Sort the files to have reliable order for tests.
hashes = sorted(hashes, key=lambda x: x["file_path"])
assert hashes[0]["file_path"] == os.path.join(path, "backup.ab")
assert hashes[0]["sha256"] == "f0e32fe8a7fd5ac0e2de19636d123c0072e979396986139ba2bc49ec385dc325"
assert (
hashes[0]["sha256"]
== "f0e32fe8a7fd5ac0e2de19636d123c0072e979396986139ba2bc49ec385dc325"
)
assert hashes[1]["file_path"] == os.path.join(path, "dumpsys.txt")
assert hashes[1]["sha256"] == "bac858001784657a43c7cfa771fd1fc4a49428eb6b7c458a1ebf2fdeef78dd86"
assert (
hashes[1]["sha256"]
== "bac858001784657a43c7cfa771fd1fc4a49428eb6b7c458a1ebf2fdeef78dd86"
)

1
tests/ios_backup/test_backup_info.py
View File

@@ -10,7 +10,6 @@ from ..utils import get_ios_backup_folder
class TestBackupInfoModule:
def test_manifest(self):
m = BackupInfo(target_path=get_ios_backup_folder())
run_module(m)

1
tests/ios_backup/test_calendar.py
View File

@@ -13,7 +13,6 @@ from ..utils import get_ios_backup_folder
class TestCalendarModule:
def test_calendar(self):
m = Calendar(target_path=get_ios_backup_folder())
run_module(m)

1
tests/ios_backup/test_datausage.py
View File

@@ -13,7 +13,6 @@ from ..utils import get_ios_backup_folder
class TestDatausageModule:
def test_datausage(self):
m = Datausage(target_path=get_ios_backup_folder())
run_module(m)

1
tests/ios_backup/test_manifest.py
View File

@@ -13,7 +13,6 @@ from ..utils import get_ios_backup_folder
class TestManifestModule:
def test_manifest(self):
m = Manifest(target_path=get_ios_backup_folder())
run_module(m)

1
tests/ios_backup/test_safari_browserstate.py
View File

@@ -13,7 +13,6 @@ from ..utils import get_ios_backup_folder
class TestSafariBrowserStateModule:
def test_parsing(self):
m = SafariBrowserState(target_path=get_ios_backup_folder())
m.is_backup = True

1
tests/ios_backup/test_sms.py
View File

@@ -13,7 +13,6 @@ from ..utils import get_ios_backup_folder
class TestSMSModule:
def test_sms(self):
m = SMS(target_path=get_ios_backup_folder())
run_module(m)

1
tests/ios_backup/test_tcc.py
View File

@@ -13,7 +13,6 @@ from ..utils import get_ios_backup_folder
class TestTCCtModule:
def test_tcc(self):
m = TCC(target_path=get_ios_backup_folder())
run_module(m)

6
tests/ios_backup/test_webkit_resource_load_statistics.py
View File

@@ -4,14 +4,14 @@
# https://license.mvt.re/1.1/
from mvt.common.module import run_module
from mvt.ios.modules.mixed.webkit_resource_load_statistics import \
WebkitResourceLoadStatistics
from mvt.ios.modules.mixed.webkit_resource_load_statistics import (
WebkitResourceLoadStatistics,
)
from ..utils import get_ios_backup_folder
class TestWebkitResourceLoadStatisticsModule:
def test_webkit(self):
m = WebkitResourceLoadStatistics(target_path=get_ios_backup_folder())
m.is_backup = True

5
tests/ios_fs/test_filesystem.py
View File

@@ -13,7 +13,6 @@ from ..utils import get_ios_backup_folder
class TestFilesystem:
def test_filesystem(self):
m = Filesystem(target_path=get_ios_backup_folder())
run_module(m)
@@ -26,7 +25,9 @@ class TestFilesystem:
ind = Indicators(log=logging.getLogger())
ind.parse_stix2(indicator_file)
# Adds a filename that exist in the folder
ind.ioc_collections[0]["processes"].append("64d0019cb3d46bfc8cce545a8ba54b93e7ea9347")
ind.ioc_collections[0]["processes"].append(
"64d0019cb3d46bfc8cce545a8ba54b93e7ea9347"
)
m.indicators = ind
run_module(m)
assert len(m.results) == 14

1
tests/test_check_android_androidqf.py
View File

@@ -13,7 +13,6 @@ from .utils import get_artifact_folder
class TestCheckAndroidqfCommand:
def test_check(self):
runner = CliRunner()
path = os.path.join(get_artifact_folder(), "androidqf")

1
tests/test_check_android_bugreport.py
View File

@@ -13,7 +13,6 @@ from .utils import get_artifact_folder
class TestCheckBugreportCommand:
def test_check(self):
runner = CliRunner()
path = os.path.join(get_artifact_folder(), "android_data/bugreport/")

1
tests/test_check_ios_backup.py
View File

@@ -11,7 +11,6 @@ from .utils import get_ios_backup_folder
class TestCheckBackupCommand:
def test_check(self):
runner = CliRunner()
path = get_ios_backup_folder()

1
tests/test_ios_versions.py
View File

@@ -7,7 +7,6 @@ from mvt.ios.versions import is_ios_version_outdated
class TestIosVersions:
def test_is_ios_version_outdated(self):
assert is_ios_version_outdated("20B110") is True
assert is_ios_version_outdated("16.3") is True