Fixes bug in IOC import

Bumps [mkdocstrings](https://github.com/mkdocstrings/mkdocstrings) from 0.30.1 to 1.0.0.
- [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases)
- [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/mkdocstrings/compare/0.30.1...1.0.0)

---
updated-dependencies:
- dependency-name: mkdocstrings
  dependency-version: 1.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: besendorf <janik@besendorf.org>

docs/requirements.txt

@@ -2,4 +2,4 @@ mkdocs==1.6.1
 mkdocs-autorefs==1.4.3
 mkdocs-material==9.6.20
 mkdocs-material-extensions==1.3.1
-mkdocstrings==0.30.1
+mkdocstrings==1.0.0

pyproject.toml

@@ -17,7 +17,7 @@ classifiers = [
     "Programming Language :: Python",
 ]
 dependencies = [
-    "click==8.3.0",
+    "click==8.3.1",
     "rich==14.1.0",
     "tld==0.13.1",
     "requests==2.32.5",
@@ -27,11 +27,11 @@ dependencies = [
     "iOSbackup==0.9.925",
     "adb-shell[usb]==0.4.4",
     "libusb1==3.3.1",
-    "cryptography==46.0.3",
+    "cryptography==46.0.5",
     "PyYAML>=6.0.2",
     "pyahocorasick==2.2.0",
     "betterproto==1.2.5",
-    "pydantic==2.12.3",
+    "pydantic==2.12.5",
     "pydantic-settings==2.10.1",
     "NSKeyedUnArchiver==1.5.2",
     "python-dateutil==2.9.0.post0",
@@ -81,8 +81,8 @@ addopts = "-ra -q --cov=mvt --cov-report html --junitxml=pytest.xml --cov-report
 testpaths = ["tests"]
 
 [tool.ruff]
-select = ["C90", "E", "F", "W"] # flake8 default set
-ignore = [
+lint.select = ["C90", "E", "F", "W"] # flake8 default set
+lint.ignore = [
     "E501", # don't enforce line length violations
     "C901", # complex-structure
 
@@ -95,10 +95,10 @@ ignore = [
     # "E203",  # whitespace-before-punctuation
 ]
 
-[tool.ruff.per-file-ignores]
+[tool.ruff.lint.per-file-ignores]
 "__init__.py" = ["F401"] # unused-import
 
-[tool.ruff.mccabe]
+[tool.ruff.lint.mccabe]
 max-complexity = 10
 
 [tool.setuptools]

src/mvt/android/artifacts/tombstone_crashes.py

@@ -6,15 +6,15 @@
 import datetime
 from typing import List, Optional, Union
 
-import betterproto
 import pydantic
+import betterproto
 from dateutil import parser
 
-from mvt.android.parsers.proto.tombstone import Tombstone
 from mvt.common.utils import convert_datetime_to_iso
-
+from mvt.android.parsers.proto.tombstone import Tombstone
 from .artifact import AndroidArtifact
 
+
 TOMBSTONE_DELIMITER = "*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***"
 
 # Map the legacy crash file keys to the new format.
@@ -129,7 +129,7 @@ class TombstoneCrashArtifact(AndroidArtifact):
 
         # Add some extra metadata
         tombstone_dict["timestamp"] = self._parse_timestamp_string(
-            tombstone_pb.timestamp, file_timestamp
+            tombstone_pb.timestamp
         )
         tombstone_dict["file_name"] = file_name
         tombstone_dict["file_timestamp"] = convert_datetime_to_iso(file_timestamp)
@@ -249,21 +249,11 @@ class TombstoneCrashArtifact(AndroidArtifact):
 
     def _load_timestamp_line(self, line: str, tombstone: dict) -> bool:
         timestamp = line.split(":", 1)[1].strip()
-        tombstone["timestamp"] = self._parse_timestamp_string(timestamp, None)
+        tombstone["timestamp"] = self._parse_timestamp_string(timestamp)
         return True
 
     @staticmethod
-    def _parse_timestamp_string(
-        timestamp: str, fallback_timestamp: Optional[datetime.datetime]
-    ) -> str:
-        """Parse timestamp string, using fallback if timestamp is empty."""
-        # Handle empty or whitespace-only timestamps
-        if not timestamp or not timestamp.strip():
-            if fallback_timestamp:
-                return convert_datetime_to_iso(fallback_timestamp)
-            else:
-                raise ValueError("Empty timestamp with no fallback provided")
-
+    def _parse_timestamp_string(timestamp: str) -> str:
         timestamp_parsed = parser.parse(timestamp)
         # HACK: Swap the local timestamp to UTC, so keep the original time and avoid timezone conversion.
         local_timestamp = timestamp_parsed.replace(tzinfo=datetime.timezone.utc)

src/mvt/android/modules/bugreport/__init__.py

@@ -5,7 +5,6 @@
 
 from .dumpsys_accessibility import DumpsysAccessibility
 from .dumpsys_activities import DumpsysActivities
-from .dumpsys_adb_state import DumpsysADBState
 from .dumpsys_appops import DumpsysAppops
 from .dumpsys_battery_daily import DumpsysBatteryDaily
 from .dumpsys_battery_history import DumpsysBatteryHistory
@@ -14,6 +13,7 @@ from .dumpsys_getprop import DumpsysGetProp
 from .dumpsys_packages import DumpsysPackages
 from .dumpsys_platform_compat import DumpsysPlatformCompat
 from .dumpsys_receivers import DumpsysReceivers
+from .dumpsys_adb_state import DumpsysADBState
 from .fs_timestamps import BugReportTimestamps
 from .tombstones import Tombstones
 

src/mvt/android/modules/bugreport/tombstones.py

@@ -7,7 +7,6 @@ import logging
 from typing import Optional
 
 from mvt.android.artifacts.tombstone_crashes import TombstoneCrashArtifact
-
 from .base import BugReportModule
 
 
@@ -48,13 +47,6 @@ class Tombstones(TombstoneCrashArtifact, BugReportModule):
             modification_time = self._get_file_modification_time(tombstone_file)
             tombstone_data = self._get_file_content(tombstone_file)
 
-            # Check for empty tombstone files
-            if len(tombstone_data) == 0:
-                self.log.debug(
-                    f"Skipping empty tombstone file {tombstone_file} (0 bytes)"
-                )
-                continue
-
             try:
                 if tombstone_file.endswith(".pb"):
                     self.parse_protobuf(

src/mvt/common/indicators.py

@@ -52,9 +52,7 @@ class Indicators:
             if os.path.isfile(path) and path.lower().endswith(".stix2"):
                 self.parse_stix2(path)
             elif os.path.isdir(path):
-                for file in glob.glob(
-                    os.path.join(path, "**", "*.stix2", recursive=True)
-                ):
+                for file in glob.glob(os.path.join(path, "**", "*.stix2"), recursive=True):
                     self.parse_stix2(file)
             else:
                 self.log.error(

tests/android/test_artifact_tombstones.py

@@ -2,8 +2,8 @@
 # Copyright (c) 2021-2023 The MVT Authors.
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/
-import datetime
 import os
+import datetime
 
 import pytest
 
@@ -65,83 +65,3 @@ class TestTombstoneCrashArtifact:
         # MVT should output the local time only:
         # So original 2023-04-12 12:32:40.518290770+0200 -> 2023-04-12 12:32:40.000000
         assert tombstone_result.get("timestamp") == "2023-04-12 12:32:40.518290"
-
-    def test_tombstone_pb_empty_timestamp(self):
-        """Test parsing a protobuf tombstone with an empty timestamp."""
-        tombstone_artifact = TombstoneCrashArtifact()
-        artifact_path = "android_data/bugreport_tombstones/tombstone_empty_timestamp.pb"
-        file = get_artifact(artifact_path)
-        with open(file, "rb") as f:
-            data = f.read()
-
-        file_name = os.path.basename(artifact_path)
-        file_timestamp = datetime.datetime(2024, 1, 15, 10, 30, 45, 123456)
-        tombstone_artifact.parse_protobuf(file_name, file_timestamp, data)
-
-        assert len(tombstone_artifact.results) == 1
-        result = tombstone_artifact.results[0]
-
-        # When tombstone has empty timestamp, should use file modification time
-        assert result.get("timestamp") == "2024-01-15 10:30:45.123456"
-        assert result.get("pid") == 12345
-        assert result.get("uid") == 1000
-        assert result.get("signal_info", {}).get("name") == "SIGSEGV"
-
-    def test_tombstone_pb_empty_timestamp_with_threads(self):
-        """Test parsing a protobuf tombstone with empty timestamp and thread info."""
-        tombstone_artifact = TombstoneCrashArtifact()
-        artifact_path = "android_data/bugreport_tombstones/tombstone_empty_timestamp_with_threads.pb"
-        file = get_artifact(artifact_path)
-        with open(file, "rb") as f:
-            data = f.read()
-
-        file_name = os.path.basename(artifact_path)
-        file_timestamp = datetime.datetime(2024, 2, 20, 14, 15, 30, 0)
-        tombstone_artifact.parse_protobuf(file_name, file_timestamp, data)
-
-        assert len(tombstone_artifact.results) == 1
-        result = tombstone_artifact.results[0]
-
-        # Verify timestamp fallback
-        assert result.get("timestamp") == "2024-02-20 14:15:30.000000"
-        assert result.get("pid") == 9876
-        assert result.get("uid") == 10001
-        assert result.get("signal_info", {}).get("name") == "SIGABRT"
-        assert result.get("process_name") == "ExampleThread"
-
-    def test_tombstone_pb_whitespace_timestamp(self):
-        """Test parsing a protobuf tombstone with whitespace-only timestamp."""
-        tombstone_artifact = TombstoneCrashArtifact()
-        artifact_path = (
-            "android_data/bugreport_tombstones/tombstone_whitespace_timestamp.pb"
-        )
-        file = get_artifact(artifact_path)
-        with open(file, "rb") as f:
-            data = f.read()
-
-        file_name = os.path.basename(artifact_path)
-        file_timestamp = datetime.datetime(2024, 3, 10, 8, 0, 0, 0)
-        tombstone_artifact.parse_protobuf(file_name, file_timestamp, data)
-
-        assert len(tombstone_artifact.results) == 1
-        result = tombstone_artifact.results[0]
-
-        # Verify whitespace timestamp is treated as empty
-        assert result.get("timestamp") == "2024-03-10 08:00:00.000000"
-        assert result.get("pid") == 11111
-        assert result.get("uid") == 2000
-        assert result.get("signal_info", {}).get("name") == "SIGILL"
-
-    def test_tombstone_pb_empty_file(self):
-        """Test that empty (0 bytes) tombstone files are handled gracefully."""
-        artifact_path = "android_data/bugreport_tombstones/tombstone_empty_file.pb"
-        file = get_artifact(artifact_path)
-        with open(file, "rb") as f:
-            data = f.read()
-
-        # Verify the file is actually empty
-        assert len(data) == 0, "Test file should be empty (0 bytes)"
-
-        # Empty files should be skipped in the module (not parsed)
-        # The actual skipping happens in the Tombstones module's run() method
-        # This test verifies that empty data is detectable

tests/artifacts/android_data/bugreport_tombstones/tombstone_empty_timestamp.pb

@@ -1 +0,0 @@
-
5test/build/fingerprint:12/TEST/V1.0:user/release-keystest-rev-001(¹`0º`8èBu:r:system_app:s0J/system/bin/test_process 
<RSIGSEGV
"SEGV_MAPERR

tests/artifacts/android_data/bugreport_tombstones/tombstone_empty_timestamp_with_threads.pb

@@ -1 +0,0 @@
-
5test/build/fingerprint:13/TEST/V2.0:user/release-keystest-rev-002(”M0•M8‘NBu:r:untrusted_app:s0J-/data/app/com.example.app/lib/arm64/libapp.so 
xRSIGABRT"SI_TKILL‚
•M•M

tests/artifacts/android_data/bugreport_tombstones/tombstone_whitespace_timestamp.pb

@@ -1,2 +0,0 @@
-5test/build/fingerprint:11/TEST/V3.0:user/release-keystest-rev-003"   (çV0èV8ÐBu:r:shell:s0J/system/bin/app_process64 
RSIGILL"
-ILL_ILLOPN