From 9e33ece3e900d68184a96b059da54cd2df86db72 Mon Sep 17 00:00:00 2001
From: tek <tek@randhome.io>
Date: Tue, 27 Jul 2021 01:23:22 +0200
Subject: [PATCH] Fixes issue with Manifest format

---
 mvt/common/module.py           | 18 ++++++++++--------
 mvt/ios/modules/fs/manifest.py | 13 +++++++++----
 2 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/mvt/common/module.py b/mvt/common/module.py
index 3e5a19c..f4dffcd 100644
--- a/mvt/common/module.py
+++ b/mvt/common/module.py
@@ -109,17 +109,19 @@ class MVTModule(object):
         """
         for result in self.results:
             record = self.serialize(result)
-            if type(record) == list:
-                self.timeline.extend(record)
-            else:
-                self.timeline.append(record)
+            if record:
+                if type(record) == list:
+                    self.timeline.extend(record)
+                else:
+                    self.timeline.append(record)
 
         for detected in self.detected:
             record = self.serialize(detected)
-            if type(record) == list:
-                self.timeline_detected.extend(record)
-            else:
-                self.timeline_detected.append(record)
+            if record:
+                if type(record) == list:
+                    self.timeline_detected.extend(record)
+                else:
+                    self.timeline_detected.append(record)
 
         # De-duplicate timeline entries
         self.timeline = self.timeline_deduplicate(self.timeline)
diff --git a/mvt/ios/modules/fs/manifest.py b/mvt/ios/modules/fs/manifest.py
index d5c1c74..64484ec 100644
--- a/mvt/ios/modules/fs/manifest.py
+++ b/mvt/ios/modules/fs/manifest.py
@@ -40,6 +40,8 @@ class Manifest(IOSExtraction):
 
     def serialize(self, record):
         records = []
+        if "modified" not in record or "statusChanged" not in record:
+            return
         for ts in set([record["created"], record["modified"], record["statusChanged"]]):
             macb = ""
             macb += "M" if ts == record["modified"] else "-"
@@ -63,12 +65,15 @@ class Manifest(IOSExtraction):
         for result in self.results:
             if not "relativePath" in result:
                 continue
-
-            if os.path.basename(result["relativePath"]) == "com.apple.CrashReporter.plist" and result["domain"] == "RootDomain":
-                self.log.warning("Found a potentially suspicious \"com.apple.CrashReporter.plist\" file created in RootDomain")
-                self.detected.append(result)
+            if not result["relativePath"]:
                 continue
 
+            if result["domain"]:
+                if os.path.basename(result["relativePath"]) == "com.apple.CrashReporter.plist" and result["domain"] == "RootDomain":
+                    self.log.warning("Found a potentially suspicious \"com.apple.CrashReporter.plist\" file created in RootDomain")
+                    self.detected.append(result)
+                    continue
+
             if self.indicators.check_file(result["relativePath"]):
                 self.log.warning("Found a known malicious file at path: %s", result["relativePath"])
                 self.detected.append(result)