Fixes issue with Manifest format

2024-06-28 15:18:55 +00:00 · 2021-07-27 01:23:22 +02:00 · 2021-07-27 01:23:22 +02:00 · 9e33ece3e9
commit 9e33ece3e9
parent 32aeaaf91c
2 changed files with 19 additions and 12 deletions
--- a/mvt/common/module.py
+++ b/mvt/common/module.py
@ -109,6 +109,7 @@ class MVTModule(object):
        """
        for result in self.results:
            record = self.serialize(result)
+            if record:
                if type(record) == list:
                    self.timeline.extend(record)
                else:
@ -116,6 +117,7 @@ class MVTModule(object):

        for detected in self.detected:
            record = self.serialize(detected)
+            if record:
                if type(record) == list:
                    self.timeline_detected.extend(record)
                else:
--- a/mvt/ios/modules/fs/manifest.py
+++ b/mvt/ios/modules/fs/manifest.py
@ -40,6 +40,8 @@ class Manifest(IOSExtraction):

    def serialize(self, record):
        records = []
+        if "modified" not in record or "statusChanged" not in record:
+            return
        for ts in set([record["created"], record["modified"], record["statusChanged"]]):
            macb = ""
            macb += "M" if ts == record["modified"] else "-"
@ -63,7 +65,10 @@ class Manifest(IOSExtraction):
        for result in self.results:
            if not "relativePath" in result:
                continue
+            if not result["relativePath"]:
+                continue

+            if result["domain"]:
                if os.path.basename(result["relativePath"]) == "com.apple.CrashReporter.plist" and result["domain"] == "RootDomain":
                    self.log.warning("Found a potentially suspicious \"com.apple.CrashReporter.plist\" file created in RootDomain")
                    self.detected.append(result)