import os

import click
from rich.logging import RichHandler
from rich.prompt import Prompt

from mvt.common.indicators import Indicators, IndicatorsFileBadFormat
from mvt.common.module import run_module, save_timeline
from mvt.common.options import MutuallyExclusiveOption

            

Reported by Pylint.

              
import click
from rich.logging import RichHandler
from rich.prompt import Prompt

from mvt.common.indicators import Indicators, IndicatorsFileBadFormat
from mvt.common.module import run_module, save_timeline
from mvt.common.options import MutuallyExclusiveOption


            

Reported by Pylint.

              from mvt.common.module import run_module, save_timeline
from mvt.common.options import MutuallyExclusiveOption

from .decrypt import DecryptBackup
from .modules.backup import BACKUP_MODULES
from .modules.fs import FS_MODULES
from .modules.mixed import MIXED_MODULES

# Setup logging using Rich.

            

Reported by Pylint.

              from mvt.common.options import MutuallyExclusiveOption

from .decrypt import DecryptBackup
from .modules.backup import BACKUP_MODULES
from .modules.fs import FS_MODULES
from .modules.mixed import MIXED_MODULES

# Setup logging using Rich.
LOG_FORMAT = "[%(name)s] %(message)s"

            

Reported by Pylint.

              
from .decrypt import DecryptBackup
from .modules.backup import BACKUP_MODULES
from .modules.fs import FS_MODULES
from .modules.mixed import MIXED_MODULES

# Setup logging using Rich.
LOG_FORMAT = "[%(name)s] %(message)s"
logging.basicConfig(level="INFO", format=LOG_FORMAT, handlers=[

            

Reported by Pylint.

              from .decrypt import DecryptBackup
from .modules.backup import BACKUP_MODULES
from .modules.fs import FS_MODULES
from .modules.mixed import MIXED_MODULES

# Setup logging using Rich.
LOG_FORMAT = "[%(name)s] %(message)s"
logging.basicConfig(level="INFO", format=LOG_FORMAT, handlers=[
    RichHandler(show_path=False, log_time_format="%X")])

            

Reported by Pylint.

              
    if key_file:
        if PASSWD_ENV in os.environ:
            log.info("Ignoring environment variable, using --key-file '%s' instead",
                     PASSWD_ENV, key_file)

        backup.decrypt_with_key_file(key_file)
    elif password:
        log.info("Your password may be visible in the process table because it was supplied on the command line!")

            

Reported by Pylint.

                  if output and not os.path.exists(output):
        try:
            os.makedirs(output)
        except Exception as e:
            log.critical("Unable to create output folder %s: %s", output, e)
            ctx.exit(1)

    indicators = Indicators(log=log)
    for ioc_path in iocs:

            

Reported by Pylint.

                  if output and not os.path.exists(output):
        try:
            os.makedirs(output)
        except Exception as e:
            log.critical("Unable to create output folder %s: %s", output, e)
            ctx.exit(1)

    indicators = Indicators(log=log)
    for ioc_path in iocs:

            

Reported by Pylint.

                  log.info("Loaded a total of %d indicators", indicators.ioc_count)

    for file_name in os.listdir(folder):
        name_only, ext = os.path.splitext(file_name)
        file_path = os.path.join(folder, file_name)

        for iocs_module in all_modules:
            if module and iocs_module.__name__ != module:
                continue

            

Reported by Pylint.

              import tempfile
import time

from adb_shell.adb_device import AdbDeviceTcp, AdbDeviceUsb
from adb_shell.auth.keygen import keygen, write_public_keyfile
from adb_shell.auth.sign_pythonrsa import PythonRSASigner
from adb_shell.exceptions import (AdbCommandFailureException, DeviceAuthError,
                                  UsbReadFailedError)
from usb1 import USBErrorAccess, USBErrorBusy

            

Reported by Pylint.

              import time

from adb_shell.adb_device import AdbDeviceTcp, AdbDeviceUsb
from adb_shell.auth.keygen import keygen, write_public_keyfile
from adb_shell.auth.sign_pythonrsa import PythonRSASigner
from adb_shell.exceptions import (AdbCommandFailureException, DeviceAuthError,
                                  UsbReadFailedError)
from usb1 import USBErrorAccess, USBErrorBusy


            

Reported by Pylint.

              
from adb_shell.adb_device import AdbDeviceTcp, AdbDeviceUsb
from adb_shell.auth.keygen import keygen, write_public_keyfile
from adb_shell.auth.sign_pythonrsa import PythonRSASigner
from adb_shell.exceptions import (AdbCommandFailureException, DeviceAuthError,
                                  UsbReadFailedError)
from usb1 import USBErrorAccess, USBErrorBusy

from mvt.common.module import InsufficientPrivileges, MVTModule

            

Reported by Pylint.

              from adb_shell.adb_device import AdbDeviceTcp, AdbDeviceUsb
from adb_shell.auth.keygen import keygen, write_public_keyfile
from adb_shell.auth.sign_pythonrsa import PythonRSASigner
from adb_shell.exceptions import (AdbCommandFailureException, DeviceAuthError,
                                  UsbReadFailedError)
from usb1 import USBErrorAccess, USBErrorBusy

from mvt.common.module import InsufficientPrivileges, MVTModule


            

Reported by Pylint.

              from adb_shell.auth.sign_pythonrsa import PythonRSASigner
from adb_shell.exceptions import (AdbCommandFailureException, DeviceAuthError,
                                  UsbReadFailedError)
from usb1 import USBErrorAccess, USBErrorBusy

from mvt.common.module import InsufficientPrivileges, MVTModule

log = logging.getLogger(__name__)


            

Reported by Pylint.

              class AndroidExtraction(MVTModule):
    """This class provides a base for all Android extraction modules."""

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
                 fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)


            

Reported by Pylint.

                  """This class provides a base for all Android extraction modules."""

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
                 fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)

        self.device = None

            

Reported by Pylint.

                      :returns: Boolean indicating whether the file exists or not
        """

        # TODO: Need to support checking files without root privileges as well.

        # Connect to the device over adb.
        self._adb_connect()
        # Check if we have root, if not raise an Exception.
        self._adb_root_or_die()

            

Reported by Pylint.

                          if retry_root:
                self._adb_download_root(remote_path, local_path, progress_callback)
            else:
                raise Exception(f"Unable to download file {remote_path}: {e}")
    
    def _adb_download_root(self, remote_path, local_path, progress_callback=None):
        try:
            # Check if we have root, if not raise an Exception.
            self._adb_root_or_die()

            

Reported by Pylint.

                          else:
                raise Exception(f"Unable to download file {remote_path}: {e}")
    
    def _adb_download_root(self, remote_path, local_path, progress_callback=None):
        try:
            # Check if we have root, if not raise an Exception.
            self._adb_root_or_die()

            # We generate a random temporary filename.

            

Reported by Pylint.

              
import simplejson as json

from .indicators import Indicators


class DatabaseNotFoundError(Exception):
    pass


            

Reported by Pylint.

              #   https://license.mvt.re/1.1/

import csv
import glob
import io
import os
import re

import simplejson as json

            

Reported by Pylint.

                  enabled = True
    slug = None

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
                 fast_mode=False, log=None, results=[]):
        """Initialize module.
        :param file_path: Path to the module's database file, if there is any.
        :param base_folder: Path to the base folder (backup or filesystem dump)
        :param output_folder: Folder where results will be stored

            

Reported by Pylint.

                          with io.open(results_json_path, "w", encoding="utf-8") as handle:
                try:
                    json.dump(self.results, handle, indent=4, default=str)
                except Exception as e:
                    self.log.error("Unable to store results of module %s to file %s: %s",
                                   self.__class__.__name__, results_file_name, e)

        if self.detected:
            detected_file_name = f"{name}_detected.json"

            

Reported by Pylint.

                  except DatabaseCorruptedError as e:
        module.log.error("The %s module database seems to be corrupted and recovery failed: %s",
                         module.__class__.__name__, e)
    except Exception as e:
        module.log.exception("Error in running extraction from module %s: %s",
                             module.__class__.__name__, e)
    else:
        try:
            module.check_indicators()

            

Reported by Pylint.

                      except NotImplementedError:
            module.log.info("The %s module does not support checking for indicators",
                            module.__class__.__name__)
            pass
        else:
            if module.indicators and not module.detected:
                module.log.info("The %s module produced no detections!",
                                module.__class__.__name__)


            

Reported by Pylint.

              # Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
#   https://license.mvt.re/1.1/

import csv
import glob
import io
import os

            

Reported by Pylint.

              from .indicators import Indicators


class DatabaseNotFoundError(Exception):
    pass

class DatabaseCorruptedError(Exception):
    pass


            

Reported by Pylint.

              class DatabaseNotFoundError(Exception):
    pass

class DatabaseCorruptedError(Exception):
    pass

class InsufficientPrivileges(Exception):
    pass


            

Reported by Pylint.

              class DatabaseCorruptedError(Exception):
    pass

class InsufficientPrivileges(Exception):
    pass

class MVTModule(object):
    """This class provides a base for all extraction modules."""


            

Reported by Pylint.

              import os

import click
from rich.logging import RichHandler

from mvt.common.indicators import Indicators, IndicatorsFileBadFormat
from mvt.common.module import run_module, save_timeline

from .download_apks import DownloadAPKs

            

Reported by Pylint.

              from mvt.common.indicators import Indicators, IndicatorsFileBadFormat
from mvt.common.module import run_module, save_timeline

from .download_apks import DownloadAPKs
from .lookups.koodous import koodous_lookup
from .lookups.virustotal import virustotal_lookup
from .modules.adb import ADB_MODULES
from .modules.backup import BACKUP_MODULES


            

Reported by Pylint.

              from mvt.common.module import run_module, save_timeline

from .download_apks import DownloadAPKs
from .lookups.koodous import koodous_lookup
from .lookups.virustotal import virustotal_lookup
from .modules.adb import ADB_MODULES
from .modules.backup import BACKUP_MODULES

# Setup logging using Rich.

            

Reported by Pylint.

              
from .download_apks import DownloadAPKs
from .lookups.koodous import koodous_lookup
from .lookups.virustotal import virustotal_lookup
from .modules.adb import ADB_MODULES
from .modules.backup import BACKUP_MODULES

# Setup logging using Rich.
LOG_FORMAT = "[%(name)s] %(message)s"

            

Reported by Pylint.

              from .download_apks import DownloadAPKs
from .lookups.koodous import koodous_lookup
from .lookups.virustotal import virustotal_lookup
from .modules.adb import ADB_MODULES
from .modules.backup import BACKUP_MODULES

# Setup logging using Rich.
LOG_FORMAT = "[%(name)s] %(message)s"
logging.basicConfig(level="INFO", format=LOG_FORMAT, handlers=[

            

Reported by Pylint.

              from .lookups.koodous import koodous_lookup
from .lookups.virustotal import virustotal_lookup
from .modules.adb import ADB_MODULES
from .modules.backup import BACKUP_MODULES

# Setup logging using Rich.
LOG_FORMAT = "[%(name)s] %(message)s"
logging.basicConfig(level="INFO", format=LOG_FORMAT, handlers=[
    RichHandler(show_path=False, log_time_format="%X")])

            

Reported by Pylint.

                      if from_file:
            download = DownloadAPKs.from_json(from_file)
        else:
            # TODO: Do we actually want to be able to run without storing any file?
            if not output:
                log.critical("You need to specify an output folder with --output!")
                ctx.exit(1)

            if not os.path.exists(output):

            

Reported by Pylint.

                          if not os.path.exists(output):
                try:
                    os.makedirs(output)
                except Exception as e:
                    log.critical("Unable to create output folder %s: %s", output, e)
                    ctx.exit(1)

            download = DownloadAPKs(output_folder=output, all_apks=all_apks)
            if serial:

            

Reported by Pylint.

                  if output and not os.path.exists(output):
        try:
            os.makedirs(output)
        except Exception as e:
            log.critical("Unable to create output folder %s: %s", output, e)
            ctx.exit(1)

    indicators = Indicators(log=log)
    for ioc_path in iocs:

            

Reported by Pylint.

                  if output and not os.path.exists(output):
        try:
            os.makedirs(output)
        except Exception as e:
            log.critical("Unable to create output folder %s: %s", output, e)
            ctx.exit(1)

    indicators = Indicators(log=log)
    for ioc_path in iocs:

            

Reported by Pylint.

              from mvt.common.module import DatabaseNotFoundError
from mvt.common.utils import convert_timestamp_to_iso

from ..base import IOSExtraction


class Manifest(IOSExtraction):
    """This module extracts information from a backup Manifest.db file."""


            

Reported by Pylint.

              class Manifest(IOSExtraction):
    """This module extracts information from a backup Manifest.db file."""

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
                 fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)


            

Reported by Pylint.

                                      "owner": self._get_key(file_metadata, "UserID"),
                        "size": self._get_key(file_metadata, "Size"),
                    })
                except:
                    self.log.exception("Error reading manifest file metadata for file with ID %s and relative path %s",
                                       file_data["fileID"], file_data["relativePath"])
                    pass

            self.results.append(cleaned_metadata)

            

Reported by Pylint.

                              except:
                    self.log.exception("Error reading manifest file metadata for file with ID %s and relative path %s",
                                       file_data["fileID"], file_data["relativePath"])
                    pass

            self.results.append(cleaned_metadata)

        cur.close()
        conn.close()

            

Reported by Pylint.

              # Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
#   https://license.mvt.re/1.1/

import datetime
import io
import os
import plistlib

            

Reported by Pylint.

              class Manifest(IOSExtraction):
    """This module extracts information from a backup Manifest.db file."""

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
                 fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)


            

Reported by Pylint.

                                       output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)

    def _get_key(self, dictionary, key):
        """Unserialized plist objects can have keys which are str or byte types
        This is a helper to try fetch a key as both a byte or string type.
        """
        return dictionary.get(key.encode("utf-8"), None) or dictionary.get(key, None)


            

Reported by Pylint.

                      """
        return dictionary.get(key.encode("utf-8"), None) or dictionary.get(key, None)

    def _convert_timestamp(self, timestamp_or_unix_time_int):
        """Older iOS versions stored the manifest times as unix timestamps.
        """
        if isinstance(timestamp_or_unix_time_int, datetime.datetime):
            return convert_timestamp_to_iso(timestamp_or_unix_time_int)
        else:

            

Reported by Pylint.

                  def _convert_timestamp(self, timestamp_or_unix_time_int):
        """Older iOS versions stored the manifest times as unix timestamps.
        """
        if isinstance(timestamp_or_unix_time_int, datetime.datetime):
            return convert_timestamp_to_iso(timestamp_or_unix_time_int)
        else:
            timestamp = datetime.datetime.utcfromtimestamp(timestamp_or_unix_time_int)
            return convert_timestamp_to_iso(timestamp)


            

Reported by Pylint.

                          timestamp = datetime.datetime.utcfromtimestamp(timestamp_or_unix_time_int)
            return convert_timestamp_to_iso(timestamp)

    def serialize(self, record):
        records = []
        if "modified" not in record or "status_changed" not in record:
            return
        for ts in set([record["created"], record["modified"], record["status_changed"]]):
            macb = ""

            

Reported by Pylint.

              import shutil
import sqlite3

from iOSbackup import iOSbackup

log = logging.getLogger(__name__)

class DecryptBackup:
    """This class provides functions to decrypt an encrypted iTunes backup

            

Reported by Pylint.

                      except Exception as e:
            if isinstance(e, KeyError) and len(e.args) > 0 and e.args[0] == b"KEY":
                log.critical("Failed to decrypt backup. Password is probably wrong.")
            elif isinstance(e, FileNotFoundError) and os.path.basename(e.filename) == "Manifest.plist":
                log.critical("Failed to find a valid backup at %s. Did you point to the right backup path?",
                             self.backup_path)
            else:
                log.exception(e)
                log.critical("Failed to decrypt backup. Did you provide the correct password? Did you point to the right backup path?")

            

Reported by Pylint.

                                                                targetName=file_id,
                                                  targetFolder=item_folder)
                log.info("Decrypted file %s [%s] to %s/%s", relative_path, domain, item_folder, file_id)
            except Exception as e:
                log.error("Failed to decrypt file %s: %s", relative_path, e)

        # Copying over the root plist files as well.
        for file_name in os.listdir(self.backup_path):
            if file_name.endswith(".plist"):

            

Reported by Pylint.

                          self._backup = iOSbackup(udid=os.path.basename(self.backup_path),
                                     cleartextpassword=password,
                                     backuproot=os.path.dirname(self.backup_path))
        except Exception as e:
            if isinstance(e, KeyError) and len(e.args) > 0 and e.args[0] == b"KEY":
                log.critical("Failed to decrypt backup. Password is probably wrong.")
            elif isinstance(e, FileNotFoundError) and os.path.basename(e.filename) == "Manifest.plist":
                log.critical("Failed to find a valid backup at %s. Did you point to the right backup path?",
                             self.backup_path)

            

Reported by Pylint.

                          self._backup = iOSbackup(udid=os.path.basename(self.backup_path),
                                     derivedkey=key_bytes_raw,
                                     backuproot=os.path.dirname(self.backup_path))
        except Exception as e:
            log.exception(e)
            log.critical("Failed to decrypt backup. Did you provide the correct key file?")

    def get_key(self):
        """Retrieve and prints the encryption key.

            

Reported by Pylint.

                      try:
            with open(key_path, 'w') as handle:
                handle.write(self._decryption_key)
        except Exception as e:
            log.exception(e)
            log.critical("Failed to write key to file: %s", key_path)
            return
        else:
            log.info("Wrote decryption key to file: %s. This file is equivalent to a plaintext password. Keep it safe!",

            

Reported by Pylint.

              # Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
#   https://license.mvt.re/1.1/

import binascii
import glob
import logging
import os

            

Reported by Pylint.

                      self._backup = None
        self._decryption_key = None

    def can_process(self) -> bool:
        return self._backup is not None

    def is_encrypted(self, backup_path) -> bool:
        """Query Manifest.db file to see if it's encrypted or not.
        :param backup_path: Path to the backup to decrypt

            

Reported by Pylint.

                  def can_process(self) -> bool:
        return self._backup is not None

    def is_encrypted(self, backup_path) -> bool:
        """Query Manifest.db file to see if it's encrypted or not.
        :param backup_path: Path to the backup to decrypt
        """
        conn = sqlite3.connect(os.path.join(backup_path, "Manifest.db"))
        cur = conn.cursor()

            

Reported by Pylint.

                          log.critical("The backup does not seem encrypted!")
            return False

    def process_backup(self):
        if not os.path.exists(self.dest_path):
            os.makedirs(self.dest_path)

        manifest_path = os.path.join(self.dest_path, "Manifest.db")
        # We extract a decrypted Manifest.db.

            

Reported by Pylint.

              import json
import os

from .url import URL


class IndicatorsFileBadFormat(Exception):
    pass


            

Reported by Pylint.

                          try:
                data = json.load(handle)
            except json.decoder.JSONDecodeError:
                raise IndicatorsFileBadFormat("Unable to parse STIX2 indicators file, the file seems malformed or in the wrong format")

        for entry in data.get("objects", []):
            if entry.get("type", "") != "indicator":
                continue


            

Reported by Pylint.

                                                  iocs_list=self.ioc_files)

    def check_domain(self, url):
        # TODO: If the IOC domain contains a subdomain, it is not currently
        # being matched.

        try:
            # First we use the provided URL.
            orig_url = URL(url)

            

Reported by Pylint.

                          else:
                # If it's not shortened, we just use the original URL object.
                final_url = orig_url
        except Exception as e:
            # If URL parsing failed, we just try to do a simple substring
            # match.
            for ioc in self.ioc_domains:
                if ioc.lower() in url:
                    self.log.warning("Maybe found a known suspicious domain: %s", url)

            

Reported by Pylint.

                          else:
                # If it's not shortened, we just use the original URL object.
                final_url = orig_url
        except Exception as e:
            # If URL parsing failed, we just try to do a simple substring
            # match.
            for ioc in self.ioc_domains:
                if ioc.lower() in url:
                    self.log.warning("Maybe found a known suspicious domain: %s", url)

            

Reported by Pylint.

              # Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
#   https://license.mvt.re/1.1/

import json
import os

from .url import URL

            

Reported by Pylint.

              from .url import URL


class IndicatorsFileBadFormat(Exception):
    pass

class Indicators:
    """This class is used to parse indicators from a STIX2 file and provide
    functions to compare extracted artifacts to the indicators.

            

Reported by Pylint.

                          try:
                data = json.load(handle)
            except json.decoder.JSONDecodeError:
                raise IndicatorsFileBadFormat("Unable to parse STIX2 indicators file, the file seems malformed or in the wrong format")

        for entry in data.get("objects", []):
            if entry.get("type", "") != "indicator":
                continue


            

Reported by Pylint.

                              self._add_indicator(ioc=value,
                                    iocs_list=self.ioc_files)

    def check_domain(self, url):
        # TODO: If the IOC domain contains a subdomain, it is not currently
        # being matched.

        try:
            # First we use the provided URL.

            

Reported by Pylint.

                              self._add_indicator(ioc=value,
                                    iocs_list=self.ioc_files)

    def check_domain(self, url):
        # TODO: If the IOC domain contains a subdomain, it is not currently
        # being matched.

        try:
            # First we use the provided URL.

            

Reported by Pylint.

              
from mvt.common.utils import convert_mactime_to_unix, convert_timestamp_to_iso

from ..base import IOSExtraction

INTERACTIONC_BACKUP_IDS = [
    "1f5a521220a3ad80ebfdc196978df8e7a2e49dee",
]
INTERACTIONC_ROOT_PATHS = [

            

Reported by Pylint.

              class InteractionC(IOSExtraction):
    """This module extracts data from InteractionC db."""

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
                 fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)


            

Reported by Pylint.

                      conn = sqlite3.connect(self.file_path)
        cur = conn.cursor()

        # TODO: Support all versions.
        # Taken from:
        # https://github.com/mac4n6/APOLLO/blob/master/modules/interaction_contact_interactions.txt
        cur.execute("""
            SELECT
                ZINTERACTIONS.ZSTARTDATE,

            

Reported by Pylint.

                              LEFT JOIN ZCONTACTS RECEIPIENTCONACT ON Z_2INTERACTIONRECIPIENT.Z_2RECIPIENTS== RECEIPIENTCONACT.Z_PK;
        """)

        names = [description[0] for description in cur.description]

        for row in cur:
            self.results.append({
                "start_date": convert_timestamp_to_iso(convert_mactime_to_unix(row[0])),
                "end_date": convert_timestamp_to_iso(convert_mactime_to_unix(row[1])),

            

Reported by Pylint.

              # Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
#   https://license.mvt.re/1.1/

import sqlite3

from mvt.common.utils import convert_mactime_to_unix, convert_timestamp_to_iso


            

Reported by Pylint.

              class InteractionC(IOSExtraction):
    """This module extracts data from InteractionC db."""

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
                 fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)


            

Reported by Pylint.

                          "last_outgoing_recipient_date",
        ]

    def serialize(self, record):
        records = []
        processed = []
        for ts in self.timestamps:
            # Check if the record has the current timestamp.
            if ts not in record or not record[ts]:

            

Reported by Pylint.

                  def serialize(self, record):
        records = []
        processed = []
        for ts in self.timestamps:
            # Check if the record has the current timestamp.
            if ts not in record or not record[ts]:
                continue

            # Check if the timestamp was already processed.

            

Reported by Pylint.

                              "timestamp": record[ts],
                "module": self.__class__.__name__,
                "event": ts,
                "data": f"[{record['bundle_id']}] {record['account']} - from {record['sender_display_name']} " \
                        f"({record['sender_identifier']}) to {record['recipient_display_name']} " \
                        f"({record['recipient_identifier']}): {record['content']}"
            })
            processed.append(record[ts])


            

Reported by Pylint.

              
        return records

    def run(self):
        self._find_ios_database(backup_ids=INTERACTIONC_BACKUP_IDS, root_paths=INTERACTIONC_ROOT_PATHS)
        self.log.info("Found InteractionC database at path: %s", self.file_path)

        conn = sqlite3.connect(self.file_path)
        cur = conn.cursor()

            

Reported by Pylint.

              
from mvt.common.utils import convert_timestamp_to_iso

from ..base import IOSExtraction

WEBKIT_RESOURCELOADSTATICS_BACKUP_RELPATH = "Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db"
WEBKIT_RESOURCELOADSTATICS_ROOT_PATHS = [
    "private/var/mobile/Containers/Data/Application/*/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db",
    "private/var/mobile/Containers/Data/Application/*/SystemData/com.apple.SafariViewService/Library/WebKit/WebsiteData/observations.db",

            

Reported by Pylint.

              class WebkitResourceLoadStatistics(IOSExtraction):
    """This module extracts records from WebKit ResourceLoadStatistics observations.db.
    """
    # TODO: Add serialize().

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
                 fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,

            

Reported by Pylint.

                  """
    # TODO: Add serialize().

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
                 fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)


            

Reported by Pylint.

                      if not self.indicators:
            return

        self.detected = {}
        for key, items in self.results.items():
            for item in items:
                if self.indicators.check_domain(item["registrable_domain"]):
                    if key not in self.detected:
                        self.detected[key] = [item,]

            

Reported by Pylint.

                                  db_path = os.path.join(self.base_folder, backup_file["file_id"][0:2], backup_file["file_id"])
                    key = f"{backup_file['domain']}/{WEBKIT_RESOURCELOADSTATICS_BACKUP_RELPATH}"
                    self._process_observations_db(db_path=db_path, key=key)
            except Exception as e:
                self.log.info("Unable to search for WebKit observations.db: %s", e)
        elif self.is_fs_dump:
            for db_path in self._get_fs_files_from_patterns(WEBKIT_RESOURCELOADSTATICS_ROOT_PATHS):
                self._process_observations_db(db_path=db_path, key=os.path.relpath(db_path, self.base_folder))

            

Reported by Pylint.

              # Mobile Verification Toolkit (MVT)
# Copyright (c) 2021 The MVT Project Authors.
# Use of this software is governed by the MVT License 1.1 that can be found at
#   https://license.mvt.re/1.1/

import datetime
import os
import sqlite3


            

Reported by Pylint.

              
from ..base import IOSExtraction

WEBKIT_RESOURCELOADSTATICS_BACKUP_RELPATH = "Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db"
WEBKIT_RESOURCELOADSTATICS_ROOT_PATHS = [
    "private/var/mobile/Containers/Data/Application/*/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db",
    "private/var/mobile/Containers/Data/Application/*/SystemData/com.apple.SafariViewService/Library/WebKit/WebsiteData/observations.db",
]


            

Reported by Pylint.

              
WEBKIT_RESOURCELOADSTATICS_BACKUP_RELPATH = "Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db"
WEBKIT_RESOURCELOADSTATICS_ROOT_PATHS = [
    "private/var/mobile/Containers/Data/Application/*/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db",
    "private/var/mobile/Containers/Data/Application/*/SystemData/com.apple.SafariViewService/Library/WebKit/WebsiteData/observations.db",
]

class WebkitResourceLoadStatistics(IOSExtraction):
    """This module extracts records from WebKit ResourceLoadStatistics observations.db.

            

Reported by Pylint.

              WEBKIT_RESOURCELOADSTATICS_BACKUP_RELPATH = "Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db"
WEBKIT_RESOURCELOADSTATICS_ROOT_PATHS = [
    "private/var/mobile/Containers/Data/Application/*/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db",
    "private/var/mobile/Containers/Data/Application/*/SystemData/com.apple.SafariViewService/Library/WebKit/WebsiteData/observations.db",
]

class WebkitResourceLoadStatistics(IOSExtraction):
    """This module extracts records from WebKit ResourceLoadStatistics observations.db.
    """

            

Reported by Pylint.

                  """
    # TODO: Add serialize().

    def __init__(self, file_path=None, base_folder=None, output_folder=None,
                 fast_mode=False, log=None, results=[]):
        super().__init__(file_path=file_path, base_folder=base_folder,
                         output_folder=output_folder, fast_mode=fast_mode,
                         log=log, results=results)


            

Reported by Pylint.

              # Use of this software is governed by the MVT License 1.1 that can be found at
#   https://license.mvt.re/1.1/

from .calls import Calls
from .chrome_favicon import ChromeFavicon
from .chrome_history import ChromeHistory
from .contacts import Contacts
from .firefox_favicon import FirefoxFavicon
from .firefox_history import FirefoxHistory

            

Reported by Pylint.

              #   https://license.mvt.re/1.1/

from .calls import Calls
from .chrome_favicon import ChromeFavicon
from .chrome_history import ChromeHistory
from .contacts import Contacts
from .firefox_favicon import FirefoxFavicon
from .firefox_history import FirefoxHistory
from .idstatuscache import IDStatusCache

            

Reported by Pylint.

              
from .calls import Calls
from .chrome_favicon import ChromeFavicon
from .chrome_history import ChromeHistory
from .contacts import Contacts
from .firefox_favicon import FirefoxFavicon
from .firefox_history import FirefoxHistory
from .idstatuscache import IDStatusCache
from .interactionc import InteractionC

            

Reported by Pylint.

              from .calls import Calls
from .chrome_favicon import ChromeFavicon
from .chrome_history import ChromeHistory
from .contacts import Contacts
from .firefox_favicon import FirefoxFavicon
from .firefox_history import FirefoxHistory
from .idstatuscache import IDStatusCache
from .interactionc import InteractionC
from .locationd import LocationdClients

            

Reported by Pylint.

              from .chrome_favicon import ChromeFavicon
from .chrome_history import ChromeHistory
from .contacts import Contacts
from .firefox_favicon import FirefoxFavicon
from .firefox_history import FirefoxHistory
from .idstatuscache import IDStatusCache
from .interactionc import InteractionC
from .locationd import LocationdClients
from .net_datausage import Datausage

            

Reported by Pylint.

              from .chrome_history import ChromeHistory
from .contacts import Contacts
from .firefox_favicon import FirefoxFavicon
from .firefox_history import FirefoxHistory
from .idstatuscache import IDStatusCache
from .interactionc import InteractionC
from .locationd import LocationdClients
from .net_datausage import Datausage
from .safari_browserstate import SafariBrowserState

            

Reported by Pylint.

              from .contacts import Contacts
from .firefox_favicon import FirefoxFavicon
from .firefox_history import FirefoxHistory
from .idstatuscache import IDStatusCache
from .interactionc import InteractionC
from .locationd import LocationdClients
from .net_datausage import Datausage
from .safari_browserstate import SafariBrowserState
from .safari_history import SafariHistory

            

Reported by Pylint.

              from .firefox_favicon import FirefoxFavicon
from .firefox_history import FirefoxHistory
from .idstatuscache import IDStatusCache
from .interactionc import InteractionC
from .locationd import LocationdClients
from .net_datausage import Datausage
from .safari_browserstate import SafariBrowserState
from .safari_history import SafariHistory
from .sms import SMS

            

Reported by Pylint.

              from .firefox_history import FirefoxHistory
from .idstatuscache import IDStatusCache
from .interactionc import InteractionC
from .locationd import LocationdClients
from .net_datausage import Datausage
from .safari_browserstate import SafariBrowserState
from .safari_history import SafariHistory
from .sms import SMS
from .sms_attachments import SMSAttachments

            

Reported by Pylint.

              from .idstatuscache import IDStatusCache
from .interactionc import InteractionC
from .locationd import LocationdClients
from .net_datausage import Datausage
from .safari_browserstate import SafariBrowserState
from .safari_history import SafariHistory
from .sms import SMS
from .sms_attachments import SMSAttachments
from .webkit_resource_load_statistics import WebkitResourceLoadStatistics

            

Reported by Pylint.