Merge pull request #91 from /issues/89-add-apkthreat-flags

Update ApkThreat with flags

demoapp/www/css/index.css

@@ -177,6 +177,11 @@ h1 {
     grid-column: 2;
     grid-row: 2;
 }
+.threat-flags {
+    font-size: 8px;
+    grid-column: 2;
+    grid-row: 3;
+}
 .threat-malware {
     color: #ac0b2a;
 }

demoapp/www/js/index.js

@@ -780,6 +780,11 @@ var demoApp = {
                             else {
                                 icon = "<img src=\"../img/icon-placeholder.svg\" />";
                             }
+                            var flagsDiv = "";
+                            if (apk.flags.length > 0) {
+                                var flStr = apk.flags.map(function (fl) { return fl.type + ": " + fl.name; });
+                                flagsDiv = "<div class=\"threat-flags\">".concat(flStr.join('; '), "</div>");
+                            }
                             var threatCls = "";
                             switch (apk.threatIndex) {
                                 case "MALWARE":
@@ -792,7 +797,7 @@ var demoApp = {
                                     threatCls = "threat-dangerous";
                                     break;
                             }
-                            node.innerHTML = "<div class=\"threat\">".concat(icon, "<div class=\"appname\">").concat(apkInfo.label || apk.packageName, "</div><div class=\"threatindex ").concat(threatCls, "\">").concat(apk.threatIndex, "</div></div>");
+                            node.innerHTML = "<div class=\"threat\">".concat(icon, "<div class=\"appname\">").concat(apkInfo.label || apk.packageName, "</div><div class=\"threatindex ").concat(threatCls, "\">").concat(apk.threatIndex, "</div>").concat(flagsDiv, "</div>");
                             appList.appendChild(node);
                         });
                         return [3, 7];

demoapp/www/js/index.ts

@@ -324,6 +324,11 @@ var demoApp = {
                     } else {
                         icon = `<img src="../img/icon-placeholder.svg" />`
                     }
+                    var flagsDiv = "";
+                    if (apk.flags.length > 0) {
+                        let flStr = apk.flags.map(fl => fl.type + ": " + fl.name)
+                        flagsDiv = `<div class="threat-flags">${flStr.join('; ')}</div>`
+                    }
                     var threatCls = ""
                     switch (apk.threatIndex) {
                         case "MALWARE":
@@ -336,7 +341,7 @@ var demoApp = {
                             threatCls = "threat-dangerous";
                             break;
                     }
-                    node.innerHTML = `<div class="threat">${icon}<div class="appname">${apkInfo.label || apk.packageName}</div><div class="threatindex ${threatCls}">${apk.threatIndex}</div></div>`;
+                    node.innerHTML = `<div class="threat">${icon}<div class="appname">${apkInfo.label || apk.packageName}</div><div class="threatindex ${threatCls}">${apk.threatIndex}</div>${flagsDiv}</div>`;
                     appList.appendChild(node);
                 });
         } catch(e) {

docs/Release-Notes.md

@@ -5,6 +5,7 @@
 ### Release 5.1.1-dev
 
 - Update Malwarelytics for Android to 1.1.0 (#87)
+- Update ApkThreat with flags (#89)
 
 
 ## Previous Releases

scripts/android/model/apkThreat/ApkThreat.ts

@@ -6,20 +6,45 @@
 interface ApkThreat {
 
     /** Package name (application Id) of the app posing a threat to the current app. */
-    packageName: string;
+    readonly packageName: string;
 
     /** Threat index indicating severity of the threat. */
-    threatIndex: ThreatIndex;
+    readonly threatIndex: ThreatIndex;
+
+    /** Evaluated threat index indicating severity of the threat. */
+    readonly evaluatedThreatIndex: ThreatIndex
+
+    /** Suggested threat index. If the value is `UNKNOWN` then there's no suggestion. */
+    readonly suggestedThreatIndex: ThreatIndex
 
     /** Optional name of malware detection. This is not bound to the thratIndex, can appear independently. */
-    malwareDetectionName?: string;
+    readonly malwareDetectionName?: string;
 
     /** Set of recommended mitigations for handling the threat. */
-    mitigations: ThreatMitigation[];
+    readonly mitigations: ThreatMitigation[];
 
     /** Evaluated threat reasons marking what is dangerous about the app. */
-    reasons: ThreatReason[];
+    readonly reasons: ThreatReason[];
 
     /** Store the app was installed from (for example google play). */
-    threatInstaller: ThreatInstaller;
+    readonly threatInstaller?: ThreatInstaller;
+
+    /** List of malware flags - malware types and malware families.  */
+    readonly flags: MalwareFlag[];
+}
+
+/** Flag designating malware info. */
+interface MalwareFlag {
+    readonly name: string;
+    readonly type: MalwareFlagType;
+}
+
+/** Type of MalwareFlag. */
+enum MalwareFlagType {
+    /** Unknown type of malware flag. */
+    UNKNOWN = "UNKNOWN",
+    /** Name of the malware family. */
+    MALWARE_FAMILY = "MALWARE_FAMILY",
+    /** Type of the malware, relates with used attack techniques. */
+    MALWARE_TYPE = "MALWARE_TYPE"
 }

www/MalwarelyticsPlugin.d.ts

@@ -818,17 +818,37 @@ interface SmartProtectionResult {
  */
 interface ApkThreat {
     /** Package name (application Id) of the app posing a threat to the current app. */
-    packageName: string;
+    readonly packageName: string;
     /** Threat index indicating severity of the threat. */
-    threatIndex: ThreatIndex;
+    readonly threatIndex: ThreatIndex;
+    /** Evaluated threat index indicating severity of the threat. */
+    readonly evaluatedThreatIndex: ThreatIndex;
+    /** Suggested threat index. If the value is `UNKNOWN` then there's no suggestion. */
+    readonly suggestedThreatIndex: ThreatIndex;
     /** Optional name of malware detection. This is not bound to the thratIndex, can appear independently. */
-    malwareDetectionName?: string;
+    readonly malwareDetectionName?: string;
     /** Set of recommended mitigations for handling the threat. */
-    mitigations: ThreatMitigation[];
+    readonly mitigations: ThreatMitigation[];
     /** Evaluated threat reasons marking what is dangerous about the app. */
-    reasons: ThreatReason[];
+    readonly reasons: ThreatReason[];
     /** Store the app was installed from (for example google play). */
-    threatInstaller: ThreatInstaller;
+    readonly threatInstaller?: ThreatInstaller;
+    /** List of malware flags - malware types and malware families.  */
+    readonly flags: MalwareFlag[];
+}
+/** Flag designating malware info. */
+interface MalwareFlag {
+    readonly name: string;
+    readonly type: MalwareFlagType;
+}
+/** Type of MalwareFlag. */
+declare enum MalwareFlagType {
+    /** Unknown type of malware flag. */
+    UNKNOWN = "UNKNOWN",
+    /** Name of the malware family. */
+    MALWARE_FAMILY = "MALWARE_FAMILY",
+    /** Type of the malware, relates with used attack techniques. */
+    MALWARE_TYPE = "MALWARE_TYPE"
 }
 /**
  * A threat level that is posed by an app.

www/MalwarelyticsPlugin.js

@@ -1061,6 +1061,16 @@ var InitializationResult;
     InitializationResult["TEMPORARY_OFFLINE_MODE"] = "TEMPORARY_OFFLINE_MODE";
     InitializationResult["PERMANENT_OFFLINE_MODE"] = "PERMANENT_OFFLINE_MODE";
 })(InitializationResult || (InitializationResult = {}));
+/** Type of MalwareFlag. */
+var MalwareFlagType;
+(function (MalwareFlagType) {
+    /** Unknown type of malware flag. */
+    MalwareFlagType["UNKNOWN"] = "UNKNOWN";
+    /** Name of the malware family. */
+    MalwareFlagType["MALWARE_FAMILY"] = "MALWARE_FAMILY";
+    /** Type of the malware, relates with used attack techniques. */
+    MalwareFlagType["MALWARE_TYPE"] = "MALWARE_TYPE";
+})(MalwareFlagType || (MalwareFlagType = {}));
 /** Result of an update. */
 var UpdateResult;
 (function (UpdateResult) {

www/MalwarelyticsPlugin.module.d.ts

@@ -818,17 +818,37 @@ export interface SmartProtectionResult {
  */
 export interface ApkThreat {
     /** Package name (application Id) of the app posing a threat to the current app. */
-    packageName: string;
+    readonly packageName: string;
     /** Threat index indicating severity of the threat. */
-    threatIndex: ThreatIndex;
+    readonly threatIndex: ThreatIndex;
+    /** Evaluated threat index indicating severity of the threat. */
+    readonly evaluatedThreatIndex: ThreatIndex;
+    /** Suggested threat index. If the value is `UNKNOWN` then there's no suggestion. */
+    readonly suggestedThreatIndex: ThreatIndex;
     /** Optional name of malware detection. This is not bound to the thratIndex, can appear independently. */
-    malwareDetectionName?: string;
+    readonly malwareDetectionName?: string;
     /** Set of recommended mitigations for handling the threat. */
-    mitigations: ThreatMitigation[];
+    readonly mitigations: ThreatMitigation[];
     /** Evaluated threat reasons marking what is dangerous about the app. */
-    reasons: ThreatReason[];
+    readonly reasons: ThreatReason[];
     /** Store the app was installed from (for example google play). */
-    threatInstaller: ThreatInstaller;
+    readonly threatInstaller?: ThreatInstaller;
+    /** List of malware flags - malware types and malware families.  */
+    readonly flags: MalwareFlag[];
+}
+/** Flag designating malware info. */
+export interface MalwareFlag {
+    readonly name: string;
+    readonly type: MalwareFlagType;
+}
+/** Type of MalwareFlag. */
+export declare enum MalwareFlagType {
+    /** Unknown type of malware flag. */
+    UNKNOWN = "UNKNOWN",
+    /** Name of the malware family. */
+    MALWARE_FAMILY = "MALWARE_FAMILY",
+    /** Type of the malware, relates with used attack techniques. */
+    MALWARE_TYPE = "MALWARE_TYPE"
 }
 /**
  * A threat level that is posed by an app.