fix syntax

Makefile

@@ -23,7 +23,7 @@ install:
 	python3 -m pip install --upgrade -e .
 
 test-requirements:
-	python3 -m pip install --upgrade --group dev
+	python3 -m pip install --upgrade -r test-requirements.txt
 
 generate-proto-parsers:
 	# Generate python parsers for protobuf files

docs/requirements.txt

@@ -1,5 +1,5 @@
 mkdocs==1.6.1
-mkdocs-autorefs==1.4.3
-mkdocs-material==9.6.20
+mkdocs-autorefs==1.4.2
+mkdocs-material==9.6.14
 mkdocs-material-extensions==1.3.1
-mkdocstrings==0.30.1
+mkdocstrings==0.29.1

pyproject.toml

@@ -1,11 +1,13 @@
 [project]
 name = "mvt"
 dynamic = ["version"]
-authors = [{ name = "Claudio Guarnieri", email = "nex@nex.sx" }]
+authors = [
+    {name = "Claudio Guarnieri", email = "nex@nex.sx"}
+]
 maintainers = [
-    { name = "Etienne Maynier", email = "tek@randhome.io" },
-    { name = "Donncha Ó Cearbhaill", email = "donncha.ocearbhaill@amnesty.org" },
-    { name = "Rory Flynn", email = "rory.flynn@amnesty.org" },
+    {name = "Etienne Maynier", email = "tek@randhome.io"},
+    {name = "Donncha Ó Cearbhaill", email = "donncha.ocearbhaill@amnesty.org"},
+    {name = "Rory Flynn", email = "rory.flynn@amnesty.org"}
 ]
 description = "Mobile Verification Toolkit"
 readme = "README.md"
@@ -14,11 +16,11 @@ classifiers = [
     "Development Status :: 5 - Production/Stable",
     "Intended Audience :: Information Technology",
     "Operating System :: OS Independent",
-    "Programming Language :: Python",
+    "Programming Language :: Python"
 ]
 dependencies = [
     "click==8.2.1",
-    "rich==14.1.0",
+    "rich==14.0.0",
     "tld==0.13.1",
     "requests==2.32.4",
     "simplejson==3.20.1",
@@ -27,15 +29,14 @@ dependencies = [
     "iOSbackup==0.9.925",
     "adb-shell[usb]==0.4.4",
     "libusb1==3.3.1",
-    "cryptography==46.0.3",
+    "cryptography==45.0.5",
     "PyYAML>=6.0.2",
     "pyahocorasick==2.2.0",
     "betterproto==1.2.5",
     "pydantic==2.11.7",
-    "pydantic-settings==2.10.1",
+    "pydantic-settings==2.9.1",
     "NSKeyedUnArchiver==1.5.2",
     "python-dateutil==2.9.0.post0",
-    "tzdata==2025.2",
 ]
 requires-python = ">= 3.10"
 
@@ -44,31 +45,20 @@ homepage = "https://docs.mvt.re/en/latest/"
 repository = "https://github.com/mvt-project/mvt"
 
 [project.scripts]
-mvt-ios = "mvt.ios:cli"
-mvt-android = "mvt.android:cli"
-
-[dependency-groups]
-dev = [
-    "requests>=2.31.0",
-    "pytest>=7.4.3",
-    "pytest-cov>=4.1.0",
-    "pytest-github-actions-annotate-failures>=0.2.0",
-    "pytest-mock>=3.14.0",
-    "stix2>=3.0.1",
-    "ruff>=0.1.6",
-    "mypy>=1.7.1",
-    "betterproto[compiler]",
-]
+    mvt-ios = "mvt.ios:cli"
+    mvt-android = "mvt.android:cli"
 
 [build-system]
 requires = ["setuptools>=61.0"]
 build-backend = "setuptools.build_meta"
 
 [tool.coverage.run]
-omit = ["tests/*"]
+omit = [
+    "tests/*",
+]
 
 [tool.coverage.html]
-directory = "htmlcov"
+directory= "htmlcov"
 
 [tool.mypy]
 install_types = true
@@ -78,13 +68,15 @@ packages = "src"
 
 [tool.pytest.ini_options]
 addopts = "-ra -q --cov=mvt --cov-report html --junitxml=pytest.xml --cov-report=term-missing:skip-covered"
-testpaths = ["tests"]
+testpaths = [
+    "tests"
+]
 
 [tool.ruff.lint]
-select = ["C90", "E", "F", "W"] # flake8 default set
+select = ["C90", "E", "F", "W"]  # flake8 default set
 ignore = [
-    "E501", # don't enforce line length violations
-    "C901", # complex-structure
+    "E501",  # don't enforce line length violations
+    "C901",  # complex-structure
 
     # These were previously ignored but don't seem to be required:
     # "E265",  # no-space-after-block-comment
@@ -96,14 +88,14 @@ ignore = [
 ]
 
 [tool.ruff.lint.per-file-ignores]
-"__init__.py" = ["F401"] # unused-import
+"__init__.py" = ["F401"]  # unused-import
 
 [tool.ruff.lint.mccabe]
 max-complexity = 10
 
 [tool.setuptools]
 include-package-data = true
-package-dir = { "" = "src" }
+package-dir = {"" = "src"}
 
 [tool.setuptools.packages.find]
 where = ["src"]
@@ -112,4 +104,4 @@ where = ["src"]
 mvt = ["ios/data/*.json"]
 
 [tool.setuptools.dynamic]
-version = { attr = "mvt.common.version.MVT_VERSION" }
+version = {attr = "mvt.common.version.MVT_VERSION"}

src/mvt/android/artifacts/settings.py

@@ -51,6 +51,11 @@ ANDROID_DANGEROUS_SETTINGS = [
         "key": "send_action_app_error",
         "safe_value": "1",
     },
+    {
+        "description": "enabled installation of non Google Play apps",
+        "key": "install_non_market_apps",
+        "safe_value": "0",
+    },
     {
         "description": "enabled accessibility services",
         "key": "accessibility_enabled",

src/mvt/android/artifacts/tombstone_crashes.py

@@ -53,7 +53,7 @@ class TombstoneCrashResult(pydantic.BaseModel):
     file_name: str
     file_timestamp: str  # We store the timestamp as a string to avoid timezone issues
     build_fingerprint: str
-    revision: str
+    revision: int
     arch: Optional[str] = None
     timestamp: str  # We store the timestamp as a string to avoid timezone issues
     process_uptime: Optional[int] = None
@@ -187,7 +187,7 @@ class TombstoneCrashArtifact(AndroidArtifact):
             raise ValueError(f"Expected key {key}, got {line_key}")
 
         value_clean = value.strip().strip("'")
-        if destination_key == "uid":
+        if destination_key in ["uid", "revision"]:
             tombstone[destination_key] = int(value_clean)
         elif destination_key == "process_uptime":
             # eg. "Process uptime: 40s"

src/mvt/android/modules/adb/packages.py

@@ -107,7 +107,8 @@ class Packages(AndroidExtraction):
                     result["matched_indicator"] = ioc
                     self.detected.append(result)
 
-    def check_virustotal(self, packages: list) -> None:
+    @staticmethod
+    def check_virustotal(packages: list) -> None:
         hashes = []
         for package in packages:
             for file in package.get("files", []):
@@ -142,15 +143,8 @@ class Packages(AndroidExtraction):
 
         for package in packages:
             for file in package.get("files", []):
-                if "package_name" in package:
-                    row = [package["package_name"], file["path"]]
-                elif "name" in package:
-                    row = [package["name"], file["path"]]
-                else:
-                    self.log.error(
-                        f"Package {package} has no name or package_name. packages.json or apks.json is malformed"
-                    )
-                    continue
+                row = [package["package_name"], file["path"]]
+
                 if file["sha256"] in detections:
                     detection = detections[file["sha256"]]
                     positives = detection.split("/")[0]

src/mvt/ios/data/ios_versions.json

@@ -895,10 +895,6 @@
         "version": "15.8.4",
         "build": "19H390"
     },
-    {
-        "version": "15.8.5",
-        "build": "19H394"
-    },
     {
         "build": "20A362",
         "version": "16.0"
@@ -1004,10 +1000,6 @@
         "version": "16.7.11",
         "build": "20H360"
     },
-    {
-        "version": "16.7.12",
-        "build": "20H364"
-    },
     {
         "version": "17.0",
         "build": "21A327"
@@ -1139,29 +1131,5 @@
     {
         "version": "18.5",
         "build": "22F76"
-    },
-    {
-        "version": "18.6",
-        "build": "22G86"
-    },
-    {
-        "version": "18.6.1",
-        "build": "22G90"
-    },
-    {
-        "version": "18.6.2",
-        "build": "22G100"
-    },
-    {
-        "version": "18.7",
-        "build": "22H20"
-    },
-    {
-        "version": "26",
-        "build": "23A341"
-    },
-    {
-        "version": "26.0.1",
-        "build": "23A355"
     }
 ]

src/mvt/ios/modules/mixed/safari_browserstate.py

@@ -95,17 +95,14 @@ class SafariBrowserState(IOSExtraction):
             )
         except sqlite3.OperationalError:
             # Old version iOS <12 likely
-            try:
-                cur.execute(
-                    """
-                    SELECT
-                        title, url, user_visible_url, last_viewed_time, session_data
-                    FROM tabs
-                    ORDER BY last_viewed_time;
+            cur.execute(
                 """
-                )
-            except sqlite3.OperationalError as e:
-                self.log.error(f"Error executing query: {e}")
+                SELECT
+                    title, url, user_visible_url, last_viewed_time, session_data
+                FROM tabs
+                ORDER BY last_viewed_time;
+            """
+            )
 
         for row in cur:
             session_entries = []

src/mvt/ios/modules/mixed/tcc.py

@@ -116,16 +116,13 @@ class TCC(IOSExtraction):
                 )
                 db_version = "v2"
             except sqlite3.OperationalError:
-                try:
-                    cur.execute(
-                        """SELECT
-                        service, client, client_type, allowed,
-                        prompt_count
-                        FROM access;"""
-                    )
-                    db_version = "v1"
-                except sqlite3.OperationalError as e:
-                    self.log.error(f"Error parsing TCC database: {e}")
+                cur.execute(
+                    """SELECT
+                    service, client, client_type, allowed,
+                    prompt_count
+                    FROM access;"""
+                )
+                db_version = "v1"
 
         for row in cur:
             service = row[0]

src/mvt/ios/modules/mixed/webkit_session_resource_log.py

@@ -127,6 +127,24 @@ class WebkitSessionResourceLog(IOSExtraction):
         browsing_stats = file_plist["browsingStatistics"]
 
         for item in browsing_stats:
+            most_recent_interaction, last_seen = None, None
+            if "mostRecentUserInteraction" in item:
+                try:
+                    most_recent_interaction = convert_datetime_to_iso(
+                        item["mostRecentUserInteraction"]
+                    )
+                except Exception:
+                    self.log.error(
+                        f'Error converting date of Safari resource"most recent interaction": {item["mostRecentUserInteraction"]}'
+                    )
+            if "lastSeen" in item:
+                try:
+                    last_seen = convert_datetime_to_iso(item["lastSeen"])
+                except Exception:
+                    self.log.error(
+                        f'Error converting date of Safari resource"last seen": {item["lastSeen"]}'
+                    )
+
             items.append(
                 {
                     "origin": item.get("PrevalentResourceOrigin", ""),
@@ -139,10 +157,8 @@ class WebkitSessionResourceLog(IOSExtraction):
                         "subresourceUnderTopFrameOrigins", ""
                     ),
                     "user_interaction": item.get("hadUserInteraction"),
-                    "most_recent_interaction": convert_datetime_to_iso(
-                        item["mostRecentUserInteraction"]
-                    ),
-                    "last_seen": convert_datetime_to_iso(item["lastSeen"]),
+                    "most_recent_interaction": most_recent_interaction,
+                    "last_seen": last_seen,
                 }
             )
 

test-requirements.txt

@@ -0,0 +1,9 @@
+requests>=2.31.0
+pytest>=7.4.3
+pytest-cov>=4.1.0
+pytest-github-actions-annotate-failures>=0.2.0
+pytest-mock>=3.14.0
+stix2>=3.0.1
+ruff>=0.1.6
+mypy>=1.7.1
+betterproto[compiler]