Bump version for release v2.7.0

2026-02-15 10:02:43 +00:00 · 2025-12-19 13:45:12 +01:00
10 changed files with 8 additions and 148 deletions
--- a/src/mvt/android/artifacts/tombstone_crashes.py
+++ b/src/mvt/android/artifacts/tombstone_crashes.py
@@ -6,15 +6,15 @@
 import datetime
 from typing import List, Optional, Union

-import betterproto
 import pydantic
+import betterproto
 from dateutil import parser

-from mvt.android.parsers.proto.tombstone import Tombstone
 from mvt.common.utils import convert_datetime_to_iso
-
+from mvt.android.parsers.proto.tombstone import Tombstone
 from .artifact import AndroidArtifact

+
 TOMBSTONE_DELIMITER = "*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***"

 # Map the legacy crash file keys to the new format.
@@ -129,7 +129,7 @@ class TombstoneCrashArtifact(AndroidArtifact):

        # Add some extra metadata
        tombstone_dict["timestamp"] = self._parse_timestamp_string(
-            tombstone_pb.timestamp, file_timestamp
+            tombstone_pb.timestamp
        )
        tombstone_dict["file_name"] = file_name
        tombstone_dict["file_timestamp"] = convert_datetime_to_iso(file_timestamp)
@@ -249,21 +249,11 @@ class TombstoneCrashArtifact(AndroidArtifact):

    def _load_timestamp_line(self, line: str, tombstone: dict) -> bool:
        timestamp = line.split(":", 1)[1].strip()
-        tombstone["timestamp"] = self._parse_timestamp_string(timestamp, None)
+        tombstone["timestamp"] = self._parse_timestamp_string(timestamp)
        return True

    @staticmethod
-    def _parse_timestamp_string(
-        timestamp: str, fallback_timestamp: Optional[datetime.datetime]
-    ) -> str:
-        """Parse timestamp string, using fallback if timestamp is empty."""
-        # Handle empty or whitespace-only timestamps
-        if not timestamp or not timestamp.strip():
-            if fallback_timestamp:
-                return convert_datetime_to_iso(fallback_timestamp)
-            else:
-                raise ValueError("Empty timestamp with no fallback provided")
-
+    def _parse_timestamp_string(timestamp: str) -> str:
        timestamp_parsed = parser.parse(timestamp)
        # HACK: Swap the local timestamp to UTC, so keep the original time and avoid timezone conversion.
        local_timestamp = timestamp_parsed.replace(tzinfo=datetime.timezone.utc)
--- a/src/mvt/android/modules/bugreport/init.py
+++ b/src/mvt/android/modules/bugreport/init.py
@@ -5,7 +5,6 @@

 from .dumpsys_accessibility import DumpsysAccessibility
 from .dumpsys_activities import DumpsysActivities
-from .dumpsys_adb_state import DumpsysADBState
 from .dumpsys_appops import DumpsysAppops
 from .dumpsys_battery_daily import DumpsysBatteryDaily
 from .dumpsys_battery_history import DumpsysBatteryHistory
@@ -14,6 +13,7 @@ from .dumpsys_getprop import DumpsysGetProp
 from .dumpsys_packages import DumpsysPackages
 from .dumpsys_platform_compat import DumpsysPlatformCompat
 from .dumpsys_receivers import DumpsysReceivers
+from .dumpsys_adb_state import DumpsysADBState
 from .fs_timestamps import BugReportTimestamps
 from .tombstones import Tombstones

--- a/src/mvt/android/modules/bugreport/dumpsys_receivers.py
+++ b/src/mvt/android/modules/bugreport/dumpsys_receivers.py
@@ -34,20 +34,6 @@ class DumpsysReceivers(DumpsysReceiversArtifact, BugReportModule):

        self.results = results if results else {}

-    def check_indicators(self) -> None:
-        for result in self.results:
-            if self.indicators:
-                receiver_name = self.results[result][0]["receiver"]
-
-                # return IoC if the stix2 process name a substring of the receiver name
-                ioc = self.indicators.check_receiver_prefix(receiver_name)
-                if ioc:
-                    self.results[result][0]["matched_indicator"] = ioc
-                    self.detected.append(result)
-                    continue
-
-
-
    def run(self) -> None:
        content = self._get_dumpstate_file()
        if not content:
--- a/src/mvt/android/modules/bugreport/tombstones.py
+++ b/src/mvt/android/modules/bugreport/tombstones.py
@@ -7,7 +7,6 @@ import logging
 from typing import Optional

 from mvt.android.artifacts.tombstone_crashes import TombstoneCrashArtifact
-
 from .base import BugReportModule


@@ -48,13 +47,6 @@ class Tombstones(TombstoneCrashArtifact, BugReportModule):
            modification_time = self._get_file_modification_time(tombstone_file)
            tombstone_data = self._get_file_content(tombstone_file)

-            # Check for empty tombstone files
-            if len(tombstone_data) == 0:
-                self.log.debug(
-                    f"Skipping empty tombstone file {tombstone_file} (0 bytes)"
-                )
-                continue
-
            try:
                if tombstone_file.endswith(".pb"):
                    self.parse_protobuf(
--- a/src/mvt/common/indicators.py
+++ b/src/mvt/common/indicators.py
@@ -768,30 +768,6 @@ class Indicators:

        return None

-
-    def check_receiver_prefix(self, receiver_name: str) -> Union[dict, None]:
-        """Check the provided receiver name against the list of indicators.
-        An IoC match is detected when a substring of the receiver matches the indicator
-        :param app_id: App ID to check against the list of indicators
-        :type app_id: str
-        :returns: Indicator details if matched, otherwise None
-
-        """
-        if not receiver_name:
-            return None
-
-        for ioc in self.get_iocs("app_ids"):
-            if ioc["value"].lower() in receiver_name.lower():
-                self.log.warning(
-                    'Found a known suspicious receiver with name "%s" '
-                    'matching indicators from "%s"',
-                    receiver_name,
-                    ioc["name"],
-                )
-                return ioc
-
-        return None
-
    def check_android_property_name(self, property_name: str) -> Optional[dict]:
        """Check the android property name against the list of indicators.

--- a/tests/android/test_artifact_tombstones.py
+++ b/tests/android/test_artifact_tombstones.py
@@ -2,8 +2,8 @@
 # Copyright (c) 2021-2023 The MVT Authors.
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/
-import datetime
 import os
+import datetime

 import pytest

@@ -65,83 +65,3 @@ class TestTombstoneCrashArtifact:
        # MVT should output the local time only:
        # So original 2023-04-12 12:32:40.518290770+0200 -> 2023-04-12 12:32:40.000000
        assert tombstone_result.get("timestamp") == "2023-04-12 12:32:40.518290"
-
-    def test_tombstone_pb_empty_timestamp(self):
-        """Test parsing a protobuf tombstone with an empty timestamp."""
-        tombstone_artifact = TombstoneCrashArtifact()
-        artifact_path = "android_data/bugreport_tombstones/tombstone_empty_timestamp.pb"
-        file = get_artifact(artifact_path)
-        with open(file, "rb") as f:
-            data = f.read()
-
-        file_name = os.path.basename(artifact_path)
-        file_timestamp = datetime.datetime(2024, 1, 15, 10, 30, 45, 123456)
-        tombstone_artifact.parse_protobuf(file_name, file_timestamp, data)
-
-        assert len(tombstone_artifact.results) == 1
-        result = tombstone_artifact.results[0]
-
-        # When tombstone has empty timestamp, should use file modification time
-        assert result.get("timestamp") == "2024-01-15 10:30:45.123456"
-        assert result.get("pid") == 12345
-        assert result.get("uid") == 1000
-        assert result.get("signal_info", {}).get("name") == "SIGSEGV"
-
-    def test_tombstone_pb_empty_timestamp_with_threads(self):
-        """Test parsing a protobuf tombstone with empty timestamp and thread info."""
-        tombstone_artifact = TombstoneCrashArtifact()
-        artifact_path = "android_data/bugreport_tombstones/tombstone_empty_timestamp_with_threads.pb"
-        file = get_artifact(artifact_path)
-        with open(file, "rb") as f:
-            data = f.read()
-
-        file_name = os.path.basename(artifact_path)
-        file_timestamp = datetime.datetime(2024, 2, 20, 14, 15, 30, 0)
-        tombstone_artifact.parse_protobuf(file_name, file_timestamp, data)
-
-        assert len(tombstone_artifact.results) == 1
-        result = tombstone_artifact.results[0]
-
-        # Verify timestamp fallback
-        assert result.get("timestamp") == "2024-02-20 14:15:30.000000"
-        assert result.get("pid") == 9876
-        assert result.get("uid") == 10001
-        assert result.get("signal_info", {}).get("name") == "SIGABRT"
-        assert result.get("process_name") == "ExampleThread"
-
-    def test_tombstone_pb_whitespace_timestamp(self):
-        """Test parsing a protobuf tombstone with whitespace-only timestamp."""
-        tombstone_artifact = TombstoneCrashArtifact()
-        artifact_path = (
-            "android_data/bugreport_tombstones/tombstone_whitespace_timestamp.pb"
-        )
-        file = get_artifact(artifact_path)
-        with open(file, "rb") as f:
-            data = f.read()
-
-        file_name = os.path.basename(artifact_path)
-        file_timestamp = datetime.datetime(2024, 3, 10, 8, 0, 0, 0)
-        tombstone_artifact.parse_protobuf(file_name, file_timestamp, data)
-
-        assert len(tombstone_artifact.results) == 1
-        result = tombstone_artifact.results[0]
-
-        # Verify whitespace timestamp is treated as empty
-        assert result.get("timestamp") == "2024-03-10 08:00:00.000000"
-        assert result.get("pid") == 11111
-        assert result.get("uid") == 2000
-        assert result.get("signal_info", {}).get("name") == "SIGILL"
-
-    def test_tombstone_pb_empty_file(self):
-        """Test that empty (0 bytes) tombstone files are handled gracefully."""
-        artifact_path = "android_data/bugreport_tombstones/tombstone_empty_file.pb"
-        file = get_artifact(artifact_path)
-        with open(file, "rb") as f:
-            data = f.read()
-
-        # Verify the file is actually empty
-        assert len(data) == 0, "Test file should be empty (0 bytes)"
-
-        # Empty files should be skipped in the module (not parsed)
-        # The actual skipping happens in the Tombstones module's run() method
-        # This test verifies that empty data is detectable
--- a/tests/artifacts/android_data/bugreport_tombstones/tombstone_empty_file.pb
+++ b/tests/artifacts/android_data/bugreport_tombstones/tombstone_empty_file.pb
--- a/tests/artifacts/android_data/bugreport_tombstones/tombstone_empty_timestamp.pb
+++ b/tests/artifacts/android_data/bugreport_tombstones/tombstone_empty_timestamp.pb
@@ -1 +0,0 @@
-5test/build/fingerprint:12/TEST/V1.0:user/release-keystest-rev-001(¹`0º`8èBu:r:system_app:s0J/system/bin/test_process <RSIGSEGV"SEGV_MAPERR
--- a/tests/artifacts/android_data/bugreport_tombstones/tombstone_empty_timestamp_with_threads.pb
+++ b/tests/artifacts/android_data/bugreport_tombstones/tombstone_empty_timestamp_with_threads.pb
@@ -1 +0,0 @@
-5test/build/fingerprint:13/TEST/V2.0:user/release-keystest-rev-002(”M0•M8‘NBu:r:untrusted_app:s0J-/data/app/com.example.app/lib/arm64/libapp.so xRSIGABRT"SI_TKILL‚•M•M
--- a/tests/artifacts/android_data/bugreport_tombstones/tombstone_whitespace_timestamp.pb
+++ b/tests/artifacts/android_data/bugreport_tombstones/tombstone_whitespace_timestamp.pb
@@ -1,2 +0,0 @@
-5test/build/fingerprint:11/TEST/V3.0:user/release-keystest-rev-003"   (çV0èV8ÐBu:r:shell:s0J/system/bin/app_process64 RSIGILL"
-ILL_ILLOPN
				`@@ -1 +0,0 @@`
				5test/build/fingerprint:12/TEST/V1.0:user/release-keystest-rev-001(¹`0º`8èBu:r:system_app:s0J/system/bin/test_process <RSIGSEGV"SEGV_MAPERR
				`@@ -1 +0,0 @@`
				`5test/build/fingerprint:13/TEST/V2.0:user/release-keystest-rev-002(”M0•M8‘NBu:r:untrusted_app:s0J-/data/app/com.example.app/lib/arm64/libapp.so xRSIGABRT"SI_TKILL‚•M•M`