Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Impovements for SMS module #438

Merged
merged 3 commits into from
Dec 17, 2023
Merged

Impovements for SMS module #438

merged 3 commits into from
Dec 17, 2023

Conversation

DonnchaC
Copy link
Collaborator

The SMS module was creating noisy entries in the timeline as it would output timeline sms_read entries for SMS messages even when no sms_read timeline was set. This branch fixes the module so that messages which were not read do not produce an extra entry.

This branch also adds basic indicator checking in the SMS module.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 12, 2023
edited
Loading

Coverage

Coverage Report
FileStmtsMissCoverMissing
mvt/android
   cli.py1575466%49, 57, 92–124, 164–188, 228–229, 236, 288–289, 296, 354–355, 362, 389–396, 408–409
   cmd_check_adb.py10370%26–37
   cmd_check_androidqf.py34585%57–60, 64
   cmd_check_backup.py631871%60, 69–70, 78–79, 85–88, 95–108, 112
   cmd_check_bugreport.py39782%51, 54–57, 70, 76
   cmd_download_apks.py876921%38–42, 51–53, 63–97, 103–110, 114–170, 173–175, 178–182
   utils.py7529%10–19
mvt/android/artifacts
   dumpsys_appops.py90693%23, 89–90, 138–140, 146
   dumpsys_battery_daily.py42295%42–43
   dumpsys_battery_history.py48688%47–55
   dumpsys_dbinfo.py42588%60–65
   dumpsys_package_activities.py40392%64, 70–71
   dumpsys_receivers.py57689%24, 29, 34, 97, 103–104
   getprop.py31390%40, 48, 51
   processes.py34974%20, 24–25, 31, 55, 59, 63–65
mvt/android/modules/adb
   base.py14811224%51–61, 66–73, 77–138, 142, 146–148, 157, 166–167, 171–172, 185, 198–200, 218–224, 234–269, 282–306, 309–352, 356
   chrome_history.py362336%30–38, 41, 50–55, 63–97, 100–109
   dumpsys_accessibility.py15847%26, 36–47
   dumpsys_activities.py14750%28–37, 40–45
   dumpsys_appops.py14657%28, 38–44
   dumpsys_battery_daily.py13654%26, 36–42
   dumpsys_battery_history.py13654%26, 36–42
   dumpsys_dbinfo.py14657%28, 38–44
   dumpsys_full.py16944%25, 35–45
   dumpsys_receivers.py14750%26–35, 38–44
   files.py725721%37–45, 48–56, 59–70, 73–88, 93–121, 124–155
   getprop.py14750%26–35, 38–43
   logcat.py211433%25, 35–57
   packages.py17214814%100–108, 111–133, 136–170, 174–223, 227–237, 240–271, 274–371
   processes.py13654%26, 36–42
   root_binaries.py251828%24, 34–36, 39–70
   selinux_status.py171041%26–35, 38–48
   settings.py251828%26–35, 38–58
   sms.py765725%56–65, 68–69, 77–89, 97–124, 134–148, 151–176
   whatsapp.py523827%31, 41–42, 50–59, 67–102, 105–112
mvt/android/modules/androidqf
   dumpsys_packages.py56689%59–65, 108–109, 112
   settings.py24292%51–52
   sms.py491667%46–51, 56–57, 73–78, 81, 85–91, 96–97
mvt/android/modules/backup
   base.py33294%64–65
   helpers.py22195%26
   sms.py32875%38–47
mvt/android/modules/bugreport
   accessibility.py17382%38–42, 51
   activities.py16288%42–46
   appops.py15287%38–42
   base.py511669%48–49, 54–55, 62–67, 71, 86–93
   battery_daily.py15287%38–42
   battery_history.py15287%38–42
   dbinfo.py16288%40–44
   getprop.py26773%40–44, 51–52, 57–60
   packages.py581181%67–73, 78–82, 87–91, 125
   receivers.py16288%40–44
mvt/android/parsers
   backup.py107992%62, 102–103, 109, 129, 132, 175, 190–191
   dumpsys.py85495%68, 89, 115, 122
mvt/common
   artifact.py10280%22, 28
   cmd_check_iocs.py382924%26–36, 39–80
   command.py1194661%67–73, 79–88, 94–100, 109–137, 143–147, 150–152, 158, 171, 184–185, 188, 192–193
   indicators.py2586973%37–39, 53, 116, 120, 124, 128, 153–158, 227, 269–272, 289, 303–321, 325–340, 348, 370, 401, 408, 420, 435–441, 454–462, 473, 485, 497, 522, 531–538, 553, 578–591, 601–614, 649
   logo.py332815%14–60, 64–71
   module.py1193769%71–75, 80–84, 99–119, 160, 169, 174, 184, 203–204, 212, 220–221, 237–246
   options.py13377%27–33
   updates.py14311817%26–33, 38–51, 56–64, 67–69, 72–80, 83–85, 88–100, 103–118, 121–159, 166–195, 198–208, 211–241
   url.py25676%259, 302, 308–312
   utils.py1063567%48–50, 92–93, 121–122, 161–178, 193–194, 207–208, 215–224, 239, 249, 257
   virustotal.py231343%25–52
mvt/ios
   cli.py1396355%52, 60, 97–141, 167–191, 234–235, 242, 272–293, 320–327, 339–340
   cmd_check_fs.py13469%28–40, 43
   decrypt.py1149219%33–36, 39, 48–56, 61–64, 73–123, 131–181, 192–221, 227–231, 244–255
   versions.py32391%21, 30, 48
mvt/ios/modules
   base.py882275%60, 67–92, 110, 118, 125, 133–134, 153–156, 191–192
   net_base.py1194661%74–75, 156–211, 226–237, 249, 294–295, 303–304, 308
mvt/ios/modules/backup
   backup_info.py29293%43, 79
   configuration_profiles.py674631%43–48, 60–88, 103–178
   manifest.py81890%59, 66, 110–117, 122, 168–169
   profile_events.py513237%44, 57–67, 71–97, 103–110, 113
mvt/ios/modules/fs
   analytics.py675222%34, 44, 52–83, 86–144, 147–150, 153–159
   analytics_ios_versions.py362628%30, 40, 48–86
   cache_files.py463524%24, 34–45, 48–62, 65–80, 92–99
   filesystem.py42881%52, 56–57, 61, 77–78, 89–90
   net_netusage.py181044%34, 44–57
   safari_favicon.py372630%31, 41, 50–60, 63–115, 118–124
   shutdownlog.py514022%30, 40, 49–69, 72–106, 109–112
   version_history.py20955%32, 42, 50–65
   webkit_base.py221627%17–24, 27–38
   webkit_indexeddb.py13469%34, 44, 53–54
   webkit_localstorage.py12467%32, 42, 51–52
   webkit_safariviewservice.py10370%32, 42–43
mvt/ios/modules/mixed
   applications.py744638%44–51, 55–93, 99–107, 113–118, 128–140, 146, 148–150
   calendar.py49296%75–78
   calls.py221055%41, 53–82
   chrome_favicon.py352237%42, 50–60, 66–104
   chrome_history.py301743%44, 54–61, 67–102
   contacts.py281739%45–75
   firefox_favicon.py321941%43, 52–62, 68–106
   firefox_history.py301743%47, 55–62, 68–101
   global_preferences.py25196%45
   idstatuscache.py563930%46, 55–72, 75–105, 110–120
   interactionc.py554027%251–275, 281–320
   locationd.py836522%58–70, 73–133, 136–155, 160–172
   osanalytics_addaily.py311745%45, 56–63, 70–98
   safari_browserstate.py732960%67–75, 96–98, 112–132, 167, 173–180
   safari_history.py704437%48, 59–98, 109–113, 116–151, 163–171
   shortcuts.py695225%47–55, 71–78, 84–152
   sms.py681479%57, 71, 83, 107–124, 137, 151
   sms_attachments.py422443%44, 57–72, 95–126
   tcc.py802865%68, 85, 108–125, 140–143, 163–205
   webkit_resource_load_statistics.py521473%61–66, 91–92, 126–133
   webkit_session_resource_log.py755231%56–66, 72–113, 119–149, 156–173
   whatsapp.py513825%43–48, 56–63, 69–135
TOTAL5681240558% 

Tests Skipped Failures Errors Time
89 0 💤 0 ❌ 0 🔥 5.116s ⏱️

@Te-k
Copy link
Contributor

Te-k commented Dec 12, 2023

LGTM

roaree
roaree approved these changes Dec 14, 2023
View reviewed changes
Copy link
Contributor

@roaree roaree left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

mvt/ios/modules/mixed/sms_attachments.py Outdated
@@ -55,6 +55,11 @@ def serialize(self, record: dict) -> Union[dict, list]:

def check_indicators(self) -> None:
for attachment in self.results:
# Check for known malicious filenames.
if self.indicators.check_file_path(attachment["filename"]):
print("Found malicious filename", attachment["filename"])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this use a logger instance?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doh, yes thanks! Not sure how I missed theprint() when committing. The indicators.check_file_path() already logs the detection. We can just append the attachment to the detections without adding an additional log line.

@DonnchaC DonnchaC merged commit 013282d into main Dec 17, 2023
5 checks passed
@DonnchaC DonnchaC deleted the sms_improvements branch December 17, 2023 11:59
@roaree roaree mentioned this pull request Jan 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roaree roaree roaree approved these changes

Assignees

@roaree roaree

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@DonnchaC @Te-k @roaree