mirror of
https://github.com/mvt-project/mvt.git
synced 2024-07-01 00:19:02 +00:00
Fixes issue with Manifest format
This commit is contained in:
parent
32aeaaf91c
commit
9e33ece3e9
|
@ -109,6 +109,7 @@ class MVTModule(object):
|
||||||
"""
|
"""
|
||||||
for result in self.results:
|
for result in self.results:
|
||||||
record = self.serialize(result)
|
record = self.serialize(result)
|
||||||
|
if record:
|
||||||
if type(record) == list:
|
if type(record) == list:
|
||||||
self.timeline.extend(record)
|
self.timeline.extend(record)
|
||||||
else:
|
else:
|
||||||
|
@ -116,6 +117,7 @@ class MVTModule(object):
|
||||||
|
|
||||||
for detected in self.detected:
|
for detected in self.detected:
|
||||||
record = self.serialize(detected)
|
record = self.serialize(detected)
|
||||||
|
if record:
|
||||||
if type(record) == list:
|
if type(record) == list:
|
||||||
self.timeline_detected.extend(record)
|
self.timeline_detected.extend(record)
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -40,6 +40,8 @@ class Manifest(IOSExtraction):
|
||||||
|
|
||||||
def serialize(self, record):
|
def serialize(self, record):
|
||||||
records = []
|
records = []
|
||||||
|
if "modified" not in record or "statusChanged" not in record:
|
||||||
|
return
|
||||||
for ts in set([record["created"], record["modified"], record["statusChanged"]]):
|
for ts in set([record["created"], record["modified"], record["statusChanged"]]):
|
||||||
macb = ""
|
macb = ""
|
||||||
macb += "M" if ts == record["modified"] else "-"
|
macb += "M" if ts == record["modified"] else "-"
|
||||||
|
@ -63,7 +65,10 @@ class Manifest(IOSExtraction):
|
||||||
for result in self.results:
|
for result in self.results:
|
||||||
if not "relativePath" in result:
|
if not "relativePath" in result:
|
||||||
continue
|
continue
|
||||||
|
if not result["relativePath"]:
|
||||||
|
continue
|
||||||
|
|
||||||
|
if result["domain"]:
|
||||||
if os.path.basename(result["relativePath"]) == "com.apple.CrashReporter.plist" and result["domain"] == "RootDomain":
|
if os.path.basename(result["relativePath"]) == "com.apple.CrashReporter.plist" and result["domain"] == "RootDomain":
|
||||||
self.log.warning("Found a potentially suspicious \"com.apple.CrashReporter.plist\" file created in RootDomain")
|
self.log.warning("Found a potentially suspicious \"com.apple.CrashReporter.plist\" file created in RootDomain")
|
||||||
self.detected.append(result)
|
self.detected.append(result)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user