mvt/mvt/android/modules/bugreport/packages.py

# Mobile Verification Toolkit (MVT)
# Copyright (c) 2021-2023 The MVT Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
#   https://license.mvt.re/1.1/

import logging
from typing import Optional

from mvt.android.artifacts.dumpsys_packages import DumpsysPackagesArtifact
from mvt.android.utils import DANGEROUS_PERMISSIONS, DANGEROUS_PERMISSIONS_THRESHOLD

from .base import BugReportModule


class Packages(DumpsysPackagesArtifact, BugReportModule):
    """This module extracts details on receivers for risky activities."""

    def __init__(
        self,
        file_path: Optional[str] = None,
        target_path: Optional[str] = None,
        results_path: Optional[str] = None,
        module_options: Optional[dict] = None,
        log: logging.Logger = logging.getLogger(__name__),
        results: Optional[list] = None,
    ) -> None:
        super().__init__(
            file_path=file_path,
            target_path=target_path,
            results_path=results_path,
            module_options=module_options,
            log=log,
            results=results,
        )

    def run(self) -> None:
        data = self._get_dumpstate_file()
        if not data:
            self.log.error(
                "Unable to find dumpstate file. "
                "Did you provide a valid bug report archive?"
            )
            return

        data = data.decode("utf-8", errors="replace")
        content = self.extract_dumpsys_section(data, "DUMP OF SERVICE package:")
        self.parse(content)

        for result in self.results:
            dangerous_permissions_count = 0
            for perm in result["permissions"]:
                if perm["name"] in DANGEROUS_PERMISSIONS:
                    dangerous_permissions_count += 1

            if dangerous_permissions_count >= DANGEROUS_PERMISSIONS_THRESHOLD:
                self.log.info(
                    'Found package "%s" requested %d potentially dangerous permissions',
                    result["package_name"],
                    dangerous_permissions_count,
                )

        self.log.info("Extracted details on %d packages", len(self.results))
Added Packages module 2022-02-02 14:47:55 +00:00			`# Mobile Verification Toolkit (MVT)`
Updated copyright notice 2023-09-09 15:55:27 +00:00			`# Copyright (c) 2021-2023 The MVT Authors.`
Added Packages module 2022-02-02 14:47:55 +00:00			`# Use of this software is governed by the MVT License 1.1 that can be found at`
			`# https://license.mvt.re/1.1/`

			`import logging`
Migrate dumpsys_packages parsing into an artifact 2024-03-31 23:49:08 +00:00			`from typing import Optional`
Added Packages module 2022-02-02 14:47:55 +00:00
Migrate dumpsys_packages parsing into an artifact 2024-03-31 23:49:08 +00:00			`from mvt.android.artifacts.dumpsys_packages import DumpsysPackagesArtifact`
			`from mvt.android.utils import DANGEROUS_PERMISSIONS, DANGEROUS_PERMISSIONS_THRESHOLD`
Adding some more checks to bugreport packages module 2022-07-05 16:10:48 +00:00
Added Packages module 2022-02-02 14:47:55 +00:00			`from .base import BugReportModule`


Migrate dumpsys_packages parsing into an artifact 2024-03-31 23:49:08 +00:00			`class Packages(DumpsysPackagesArtifact, BugReportModule):`
Added Packages module 2022-02-02 14:47:55 +00:00			`"""This module extracts details on receivers for risky activities."""`

Improved type hints and code style enforcement 2022-08-16 11:39:55 +00:00			`def __init__(`
			`self,`
Changed default for Optional[str] 2022-08-17 13:52:17 +00:00			`file_path: Optional[str] = None,`
			`target_path: Optional[str] = None,`
			`results_path: Optional[str] = None,`
Move --fast flag from being a top-level MVT module parameter to an option in a new module_options parameter 2023-07-17 16:29:43 +00:00			`module_options: Optional[dict] = None,`
Improved type hints and code style enforcement 2022-08-16 11:39:55 +00:00			`log: logging.Logger = logging.getLogger(__name__),`
Linted code using isort + autoflake + black, fixed wrong use of Optional[bool] 2023-06-01 21:40:26 +00:00			`results: Optional[list] = None,`
Improved type hints and code style enforcement 2022-08-16 11:39:55 +00:00			`) -> None:`
Linted code using isort + autoflake + black, fixed wrong use of Optional[bool] 2023-06-01 21:40:26 +00:00			`super().__init__(`
			`file_path=file_path,`
			`target_path=target_path,`
			`results_path=results_path,`
Move --fast flag from being a top-level MVT module parameter to an option in a new module_options parameter 2023-07-17 16:29:43 +00:00			`module_options=module_options,`
Linted code using isort + autoflake + black, fixed wrong use of Optional[bool] 2023-06-01 21:40:26 +00:00			`log=log,`
			`results=results,`
			`)`
Added Packages module 2022-02-02 14:47:55 +00:00
Starting to add type hints 2022-06-17 20:30:46 +00:00			`def run(self) -> None:`
Migrate dumpsys_packages parsing into an artifact 2024-03-31 23:49:08 +00:00			`data = self._get_dumpstate_file()`
			`if not data:`
Linted code using isort + autoflake + black, fixed wrong use of Optional[bool] 2023-06-01 21:40:26 +00:00			`self.log.error(`
			`"Unable to find dumpstate file. "`
			`"Did you provide a valid bug report archive?"`
			`)`
Added Packages module 2022-02-02 14:47:55 +00:00			`return`

Migrate dumpsys_packages parsing into an artifact 2024-03-31 23:49:08 +00:00			`data = data.decode("utf-8", errors="replace")`
			`content = self.extract_dumpsys_section(data, "DUMP OF SERVICE package:")`
			`self.parse(content)`
Fixed dumpstate parsing for different formats and added logging 2022-02-03 18:55:18 +00:00
Adding some more checks to bugreport packages module 2022-07-05 16:10:48 +00:00			`for result in self.results:`
			`dangerous_permissions_count = 0`
Moves dumpsys parsing to android parsers and use the same parser for adb and bugreport modules 2022-08-17 16:24:51 +00:00			`for perm in result["permissions"]:`
			`if perm["name"] in DANGEROUS_PERMISSIONS:`
Adding some more checks to bugreport packages module 2022-07-05 16:10:48 +00:00			`dangerous_permissions_count += 1`

			`if dangerous_permissions_count >= DANGEROUS_PERMISSIONS_THRESHOLD:`
Linted code using isort + autoflake + black, fixed wrong use of Optional[bool] 2023-06-01 21:40:26 +00:00			`self.log.info(`
			`'Found package "%s" requested %d potentially dangerous permissions',`
			`result["package_name"],`
			`dangerous_permissions_count,`
			`)`
Adding some more checks to bugreport packages module 2022-07-05 16:10:48 +00:00
Fixed dumpstate parsing for different formats and added logging 2022-02-03 18:55:18 +00:00			`self.log.info("Extracted details on %d packages", len(self.results))`