From b22e75e88b223f72da92417a93cec1dcd75b3d78 Mon Sep 17 00:00:00 2001 From: Rory Flynn <75283103+roaree@users.noreply.github.com> Date: Wed, 31 Jan 2024 10:41:27 +0100 Subject: [PATCH 1/4] Handle no indicators provided in `sms_attachments.py` --- mvt/ios/modules/mixed/sms_attachments.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mvt/ios/modules/mixed/sms_attachments.py b/mvt/ios/modules/mixed/sms_attachments.py index f6f3d22..8056388 100644 --- a/mvt/ios/modules/mixed/sms_attachments.py +++ b/mvt/ios/modules/mixed/sms_attachments.py @@ -54,6 +54,9 @@ class SMSAttachments(IOSExtraction): } def check_indicators(self) -> None: + if not self.indicators: + return + for attachment in self.results: # Check for known malicious filenames. if self.indicators.check_file_path(attachment["filename"]): From 74c1f274f44ee783621dc5ebef935ddc0374684c Mon Sep 17 00:00:00 2001 From: Rory Flynn <75283103+roaree@users.noreply.github.com> Date: Wed, 31 Jan 2024 11:00:58 +0100 Subject: [PATCH 2/4] Move guard to a more specific place --- mvt/ios/modules/mixed/sms_attachments.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/mvt/ios/modules/mixed/sms_attachments.py b/mvt/ios/modules/mixed/sms_attachments.py index 8056388..3bcdce0 100644 --- a/mvt/ios/modules/mixed/sms_attachments.py +++ b/mvt/ios/modules/mixed/sms_attachments.py @@ -54,12 +54,9 @@ class SMSAttachments(IOSExtraction): } def check_indicators(self) -> None: - if not self.indicators: - return - for attachment in self.results: # Check for known malicious filenames. - if self.indicators.check_file_path(attachment["filename"]): + if self.indicators and self.indicators.check_file_path(attachment["filename"]): self.detected.append(attachment) if ( From 27a7497a7c480a639a4650a9430dd453ef6c6249 Mon Sep 17 00:00:00 2001 From: Rory Flynn Date: Wed, 31 Jan 2024 11:01:39 +0100 Subject: [PATCH 3/4] Unrelated black formatting --- mvt/ios/modules/mixed/calls.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mvt/ios/modules/mixed/calls.py b/mvt/ios/modules/mixed/calls.py index 32f44a5..e29be35 100644 --- a/mvt/ios/modules/mixed/calls.py +++ b/mvt/ios/modules/mixed/calls.py @@ -69,9 +69,9 @@ class Calls(IOSExtraction): "isodate": convert_mactime_to_iso(row[0]), "duration": row[1], "location": row[2], - "number": row[3].decode("utf-8") - if row[3] and row[3] is bytes - else row[3], + "number": ( + row[3].decode("utf-8") if row[3] and row[3] is bytes else row[3] + ), "provider": row[4], } ) From a6bf66fe48d6d1cbd49fa453ff1be4bae0a59cb5 Mon Sep 17 00:00:00 2001 From: Rory Flynn Date: Wed, 31 Jan 2024 11:04:10 +0100 Subject: [PATCH 4/4] Related black changes :) --- mvt/ios/modules/mixed/sms_attachments.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mvt/ios/modules/mixed/sms_attachments.py b/mvt/ios/modules/mixed/sms_attachments.py index 3bcdce0..ea9b477 100644 --- a/mvt/ios/modules/mixed/sms_attachments.py +++ b/mvt/ios/modules/mixed/sms_attachments.py @@ -56,7 +56,9 @@ class SMSAttachments(IOSExtraction): def check_indicators(self) -> None: for attachment in self.results: # Check for known malicious filenames. - if self.indicators and self.indicators.check_file_path(attachment["filename"]): + if self.indicators and self.indicators.check_file_path( + attachment["filename"] + ): self.detected.append(attachment) if (