Fix betterproto2 migration: update generated proto code and callers

The dependency switch from betterproto to betterproto2 was incomplete.
This updates all affected files to use the betterproto2 API:

- tombstone.py: rewrite generated code to use betterproto2.field() with
  explicit TYPE_* constants, repeated/optional/group flags, and map_meta()
  for map fields
- tombstone_crashes.py: update import and fix to_dict() call to use
  keyword-only casing= argument required by betterproto2
- pyproject.toml: replace betterproto[compiler] dev dep with betterproto2-compiler
- Makefile: update protoc plugin flag to --python_betterproto2_out

.github/workflows/add-issue-to-project.yml

@@ -11,7 +11,7 @@ jobs:
     name: Add issue to project
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/add-to-project@v0.5.0
+      - uses: actions/add-to-project@v1
         with:
           # You can target a project in a different organization
           # to the issue

README.md

@@ -4,9 +4,6 @@
 
 # Mobile Verification Toolkit
 
-> [!IMPORTANT]  
-> Soon we will merge the v3 pull request which will result in breaking changes. If you rely on mvt output in other script make sure to the the branch before we merge. More details: https://github.com/mvt-project/mvt/issues/757
-
 [![](https://img.shields.io/pypi/v/mvt)](https://pypi.org/project/mvt/)
 [![Documentation Status](https://readthedocs.org/projects/mvt/badge/?version=latest)](https://docs.mvt.re/en/latest/?badge=latest)
 [![CI](https://github.com/mvt-project/mvt/actions/workflows/tests.yml/badge.svg)](https://github.com/mvt-project/mvt/actions/workflows/tests.yml)

src/mvt/common/command.py

@@ -11,7 +11,7 @@ from datetime import datetime
 from typing import Optional
 
 from mvt.common.indicators import Indicators
-from mvt.common.module import EncryptedBackupError, MVTModule, run_module, save_timeline
+from mvt.common.module import MVTModule, run_module, save_timeline
 from mvt.common.utils import (
     convert_datetime_to_iso,
     generate_hashes_from_path,
@@ -244,14 +244,7 @@ class Command:
             except NotImplementedError:
                 pass
 
-            try:
-                run_module(m)
-            except EncryptedBackupError:
-                self.log.critical(
-                    "The backup appears to be encrypted. "
-                    "Please decrypt it first using `mvt-ios decrypt-backup`."
-                )
-                return
+            run_module(m)
 
             self.executed.append(m)
 

src/mvt/common/indicators.py

@@ -100,17 +100,6 @@ class Indicators:
         key, value = indicator.get("pattern", "").strip("[]").split("=")
         key = key.strip()
 
-        # Normalize hash algorithm keys so that both the STIX2-spec-compliant
-        # form (e.g. file:hashes.'SHA-256', which requires quotes around
-        # algorithm names that contain hyphens) and the non-standard lowercase
-        # form (e.g. file:hashes.sha256) are accepted.  Strip single quotes and
-        # hyphens from the algorithm name only, then lowercase it.
-        for sep in ("hashes.", "cert."):
-            if sep in key:
-                prefix, _, algo = key.partition(sep)
-                key = prefix + sep + algo.replace("'", "").replace("-", "").lower()
-                break
-
         if key == "domain-name:value":
             # We force domain names to lower case.
             self._add_indicator(

src/mvt/common/module.py

@@ -21,10 +21,6 @@ class DatabaseCorruptedError(Exception):
     pass
 
 
-class EncryptedBackupError(Exception):
-    pass
-
-
 class InsufficientPrivileges(Exception):
     pass
 
@@ -173,8 +169,6 @@ def run_module(module: MVTModule) -> None:
 
     try:
         exec_or_profile("module.run()", globals(), locals())
-    except EncryptedBackupError:
-        raise
     except NotImplementedError:
         module.log.exception(
             "The run() procedure of module %s was not implemented yet!",

src/mvt/ios/modules/backup/manifest.py

@@ -8,10 +8,9 @@ import io
 import logging
 import os
 import plistlib
-import sqlite3
 from typing import Optional
 
-from mvt.common.module import DatabaseNotFoundError, EncryptedBackupError
+from mvt.common.module import DatabaseNotFoundError
 from mvt.common.url import URL
 from mvt.common.utils import convert_datetime_to_iso, convert_unix_to_iso
 
@@ -128,14 +127,7 @@ class Manifest(IOSExtraction):
         conn = self._open_sqlite_db(manifest_db_path)
         cur = conn.cursor()
 
-        try:
-            cur.execute("SELECT * FROM Files;")
-        except sqlite3.DatabaseError:
-            conn.close()
-            raise EncryptedBackupError(
-                "Manifest.db is not a valid SQLite database. "
-                "The backup may be encrypted."
-            )
+        cur.execute("SELECT * FROM Files;")
         names = [description[0] for description in cur.description]
 
         for file_entry in cur:

src/mvt/ios/modules/mixed/sms.py

@@ -123,11 +123,6 @@ class SMS(IOSExtraction):
                 """
                 )
                 items = list(cur)
-            elif "no such table" in str(exc):
-                self.log.info(
-                    "No SMS tables found in the database, skipping: %s", exc
-                )
-                return
             else:
                 raise exc
         names = [description[0] for description in cur.description]

src/mvt/ios/modules/mixed/sms_attachments.py

@@ -4,7 +4,6 @@
 #   https://license.mvt.re/1.1/
 
 import logging
-import sqlite3
 from base64 import b64encode
 from typing import Optional, Union
 
@@ -80,29 +79,21 @@ class SMSAttachments(IOSExtraction):
 
         conn = self._open_sqlite_db(self.file_path)
         cur = conn.cursor()
-        try:
-            cur.execute(
-                """
-                SELECT
-                    attachment.ROWID as "attachment_id",
-                    attachment.*,
-                    message.service as "service",
-                    handle.id as "phone_number"
-                FROM attachment
-                LEFT JOIN message_attachment_join ON
-                    message_attachment_join.attachment_id = attachment.ROWID
-                LEFT JOIN message ON
-                    message.ROWID = message_attachment_join.message_id
-                LEFT JOIN handle ON handle.ROWID = message.handle_id;
+        cur.execute(
             """
-            )
-        except sqlite3.OperationalError as exc:
-            self.log.info(
-                "No SMS attachment tables found in the database, skipping: %s", exc
-            )
-            cur.close()
-            conn.close()
-            return
+            SELECT
+                attachment.ROWID as "attachment_id",
+                attachment.*,
+                message.service as "service",
+                handle.id as "phone_number"
+            FROM attachment
+            LEFT JOIN message_attachment_join ON
+                message_attachment_join.attachment_id = attachment.ROWID
+            LEFT JOIN message ON
+                message.ROWID = message_attachment_join.message_id
+            LEFT JOIN handle ON handle.ROWID = message.handle_id;
+        """
+        )
         names = [description[0] for description in cur.description]
 
         for item in cur:

tests/artifacts/generate_stix.py

@@ -82,7 +82,7 @@ def generate_test_stix_file(file_path):
     for h in sha256:
         i = Indicator(
             indicator_types=["malicious-activity"],
-            pattern="[file:hashes.'SHA-256'='{}']".format(h),
+            pattern="[file:hashes.sha256='{}']".format(h),
             pattern_type="stix",
         )
         res.append(i)
@@ -91,7 +91,7 @@ def generate_test_stix_file(file_path):
     for h in sha1:
         i = Indicator(
             indicator_types=["malicious-activity"],
-            pattern="[file:hashes.'SHA-1'='{}']".format(h),
+            pattern="[file:hashes.sha1='{}']".format(h),
             pattern_type="stix",
         )
         res.append(i)

tests/common/test_indicators.py

@@ -94,78 +94,6 @@ class TestIndicators:
         )
         assert ind.check_file_hash("da0611a300a9ce9aa7a09d1212f203fca5856794")
 
-    def test_parse_stix2_hash_key_variants(self, tmp_path):
-        """STIX2 spec requires single-quoted algorithm names that contain hyphens,
-        e.g. file:hashes.'SHA-256'. Verify MVT accepts both spec-compliant and
-        non-standard lowercase spellings for MD5, SHA-1 and SHA-256."""
-        import json
-
-        sha256_hash = "570cd76bf49cf52e0cb347a68bdcf0590b2eaece134e1b1eba7e8d66261bdbe6"
-        sha1_hash = "da0611a300a9ce9aa7a09d1212f203fca5856794"
-        md5_hash = "d41d8cd98f00b204e9800998ecf8427e"
-
-        variants = [
-            # (pattern_key, expected_bucket)
-            ("file:hashes.'SHA-256'", "files_sha256"),
-            ("file:hashes.SHA-256", "files_sha256"),
-            ("file:hashes.SHA256", "files_sha256"),
-            ("file:hashes.sha256", "files_sha256"),
-            ("file:hashes.'SHA-1'", "files_sha1"),
-            ("file:hashes.SHA-1", "files_sha1"),
-            ("file:hashes.SHA1", "files_sha1"),
-            ("file:hashes.sha1", "files_sha1"),
-            ("file:hashes.MD5", "files_md5"),
-            ("file:hashes.'MD5'", "files_md5"),
-            ("file:hashes.md5", "files_md5"),
-        ]
-
-        hash_for = {
-            "files_sha256": sha256_hash,
-            "files_sha1": sha1_hash,
-            "files_md5": md5_hash,
-        }
-
-        for pattern_key, bucket in variants:
-            h = hash_for[bucket]
-            stix = {
-                "type": "bundle",
-                "id": "bundle--test",
-                "objects": [
-                    {
-                        "type": "malware",
-                        "id": "malware--test",
-                        "name": "TestMalware",
-                        "is_family": False,
-                    },
-                    {
-                        "type": "indicator",
-                        "id": "indicator--test",
-                        "indicator_types": ["malicious-activity"],
-                        "pattern": f"[{pattern_key}='{h}']",
-                        "pattern_type": "stix",
-                        "valid_from": "2024-01-01T00:00:00Z",
-                    },
-                    {
-                        "type": "relationship",
-                        "id": "relationship--test",
-                        "relationship_type": "indicates",
-                        "source_ref": "indicator--test",
-                        "target_ref": "malware--test",
-                    },
-                ],
-            }
-            stix_file = tmp_path / "test.stix2"
-            stix_file.write_text(json.dumps(stix))
-
-            ind = Indicators(log=logging)
-            ind.load_indicators_files([str(stix_file)], load_default=False)
-            assert len(ind.ioc_collections[0][bucket]) == 1, (
-                f"Pattern key '{pattern_key}' was not parsed into '{bucket}'"
-            )
-            assert ind.check_file_hash(h) is not None, (
-                f"check_file_hash failed for pattern key '{pattern_key}'"
-            )
-
     def test_check_android_property(self, indicator_file):
         ind = Indicators(log=logging)
         ind.load_indicators_files([indicator_file], load_default=False)