mvt/tests/android_bugreport/test_bugreport.py

# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021-2023 The MVT Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
#   https://license.mvt.re/1.1/

import os
from pathlib import Path

from mvt.android.modules.bugreport.dumpsys_appops import DumpsysAppops
from mvt.android.modules.bugreport.dumpsys_getprop import DumpsysGetProp
from mvt.android.modules.bugreport.dumpsys_packages import DumpsysPackages
from mvt.android.modules.bugreport.tombstones import Tombstones
from mvt.common.module import run_module

from ..utils import get_artifact_folder


class TestBugreportAnalysis:
    def launch_bug_report_module(self, module):
        fpath = os.path.join(get_artifact_folder(), "android_data/bugreport/")
        m = module(target_path=fpath)
        folder_files = []
        parent_path = Path(fpath).absolute().as_posix()
        for root, subdirs, subfiles in os.walk(os.path.abspath(fpath)):
            for file_name in subfiles:
                folder_files.append(
                    os.path.relpath(os.path.join(root, file_name), parent_path)
                )
        m.from_dir(fpath, folder_files)
        run_module(m)
        return m

    def test_appops_module(self):
        m = self.launch_bug_report_module(DumpsysAppops)
        assert len(m.results) == 12
        assert len(m.timeline) == 16

        detected_by_ioc = [
            detected for detected in m.detected if detected.get("matched_indicator")
        ]
        assert len(m.detected) == 1  # Hueristic detection for suspicious permissions
        assert len(detected_by_ioc) == 0

    def test_packages_module(self):
        m = self.launch_bug_report_module(DumpsysPackages)
        assert len(m.results) == 2
        assert (
            m.results[0]["package_name"]
            == "com.samsung.android.provider.filterprovider"
        )
        assert m.results[1]["package_name"] == "com.instagram.android"
        assert len(m.results[0]["permissions"]) == 4
        assert len(m.results[1]["permissions"]) == 32

    def test_getprop_module(self):
        m = self.launch_bug_report_module(DumpsysGetProp)
        assert len(m.results) == 0

    def test_tombstones_modules(self):
        m = self.launch_bug_report_module(Tombstones)
        assert len(m.results) == 2
        assert m.results[1]["pid"] == 3559