diff --git a/demoapp/www/css/index.css b/demoapp/www/css/index.css index 359c611..99cf2e7 100644 --- a/demoapp/www/css/index.css +++ b/demoapp/www/css/index.css @@ -177,6 +177,11 @@ h1 { grid-column: 2; grid-row: 2; } +.threat-flags { + font-size: 8px; + grid-column: 2; + grid-row: 3; +} .threat-malware { color: #ac0b2a; } diff --git a/demoapp/www/js/index.js b/demoapp/www/js/index.js index 20fef02..488a608 100644 --- a/demoapp/www/js/index.js +++ b/demoapp/www/js/index.js @@ -780,6 +780,11 @@ var demoApp = { else { icon = ""; } + var flagsDiv = ""; + if (apk.flags.length > 0) { + var flStr = apk.flags.map(function (fl) { return fl.type + ": " + fl.name; }); + flagsDiv = "
".concat(flStr.join('; '), "
"); + } var threatCls = ""; switch (apk.threatIndex) { case "MALWARE": @@ -792,7 +797,7 @@ var demoApp = { threatCls = "threat-dangerous"; break; } - node.innerHTML = "
".concat(icon, "
").concat(apkInfo.label || apk.packageName, "
").concat(apk.threatIndex, "
"); + node.innerHTML = "
".concat(icon, "
").concat(apkInfo.label || apk.packageName, "
").concat(apk.threatIndex, "
").concat(flagsDiv, "
"); appList.appendChild(node); }); return [3, 7]; diff --git a/demoapp/www/js/index.ts b/demoapp/www/js/index.ts index bbb7e68..289a6b7 100644 --- a/demoapp/www/js/index.ts +++ b/demoapp/www/js/index.ts @@ -324,6 +324,11 @@ var demoApp = { } else { icon = `` } + var flagsDiv = ""; + if (apk.flags.length > 0) { + let flStr = apk.flags.map(fl => fl.type + ": " + fl.name) + flagsDiv = `
${flStr.join('; ')}
` + } var threatCls = "" switch (apk.threatIndex) { case "MALWARE": @@ -336,7 +341,7 @@ var demoApp = { threatCls = "threat-dangerous"; break; } - node.innerHTML = `
${icon}
${apkInfo.label || apk.packageName}
${apk.threatIndex}
`; + node.innerHTML = `
${icon}
${apkInfo.label || apk.packageName}
${apk.threatIndex}
${flagsDiv}
`; appList.appendChild(node); }); } catch(e) { diff --git a/docs/Release-Notes.md b/docs/Release-Notes.md index a364897..ebe0ce9 100644 --- a/docs/Release-Notes.md +++ b/docs/Release-Notes.md @@ -5,6 +5,7 @@ ### Release 5.1.1-dev - Update Malwarelytics for Android to 1.1.0 (#87) +- Update ApkThreat with flags (#89) ## Previous Releases diff --git a/scripts/android/model/apkThreat/ApkThreat.ts b/scripts/android/model/apkThreat/ApkThreat.ts index de1afd9..3a90c3c 100644 --- a/scripts/android/model/apkThreat/ApkThreat.ts +++ b/scripts/android/model/apkThreat/ApkThreat.ts @@ -6,20 +6,45 @@ interface ApkThreat { /** Package name (application Id) of the app posing a threat to the current app. */ - packageName: string; + readonly packageName: string; /** Threat index indicating severity of the threat. */ - threatIndex: ThreatIndex; + readonly threatIndex: ThreatIndex; + + /** Evaluated threat index indicating severity of the threat. */ + readonly evaluatedThreatIndex: ThreatIndex + + /** Suggested threat index. If the value is `UNKNOWN` then there's no suggestion. */ + readonly suggestedThreatIndex: ThreatIndex /** Optional name of malware detection. This is not bound to the thratIndex, can appear independently. */ - malwareDetectionName?: string; + readonly malwareDetectionName?: string; /** Set of recommended mitigations for handling the threat. */ - mitigations: ThreatMitigation[]; + readonly mitigations: ThreatMitigation[]; /** Evaluated threat reasons marking what is dangerous about the app. */ - reasons: ThreatReason[]; + readonly reasons: ThreatReason[]; /** Store the app was installed from (for example google play). */ - threatInstaller: ThreatInstaller; + readonly threatInstaller?: ThreatInstaller; + + /** List of malware flags - malware types and malware families. */ + readonly flags: MalwareFlag[]; +} + +/** Flag designating malware info. */ +interface MalwareFlag { + readonly name: string; + readonly type: MalwareFlagType; +} + +/** Type of MalwareFlag. */ +enum MalwareFlagType { + /** Unknown type of malware flag. */ + UNKNOWN = "UNKNOWN", + /** Name of the malware family. */ + MALWARE_FAMILY = "MALWARE_FAMILY", + /** Type of the malware, relates with used attack techniques. */ + MALWARE_TYPE = "MALWARE_TYPE" } \ No newline at end of file diff --git a/www/MalwarelyticsPlugin.d.ts b/www/MalwarelyticsPlugin.d.ts index e3bd628..72cfb6f 100644 --- a/www/MalwarelyticsPlugin.d.ts +++ b/www/MalwarelyticsPlugin.d.ts @@ -818,17 +818,37 @@ interface SmartProtectionResult { */ interface ApkThreat { /** Package name (application Id) of the app posing a threat to the current app. */ - packageName: string; + readonly packageName: string; /** Threat index indicating severity of the threat. */ - threatIndex: ThreatIndex; + readonly threatIndex: ThreatIndex; + /** Evaluated threat index indicating severity of the threat. */ + readonly evaluatedThreatIndex: ThreatIndex; + /** Suggested threat index. If the value is `UNKNOWN` then there's no suggestion. */ + readonly suggestedThreatIndex: ThreatIndex; /** Optional name of malware detection. This is not bound to the thratIndex, can appear independently. */ - malwareDetectionName?: string; + readonly malwareDetectionName?: string; /** Set of recommended mitigations for handling the threat. */ - mitigations: ThreatMitigation[]; + readonly mitigations: ThreatMitigation[]; /** Evaluated threat reasons marking what is dangerous about the app. */ - reasons: ThreatReason[]; + readonly reasons: ThreatReason[]; /** Store the app was installed from (for example google play). */ - threatInstaller: ThreatInstaller; + readonly threatInstaller?: ThreatInstaller; + /** List of malware flags - malware types and malware families. */ + readonly flags: MalwareFlag[]; +} +/** Flag designating malware info. */ +interface MalwareFlag { + readonly name: string; + readonly type: MalwareFlagType; +} +/** Type of MalwareFlag. */ +declare enum MalwareFlagType { + /** Unknown type of malware flag. */ + UNKNOWN = "UNKNOWN", + /** Name of the malware family. */ + MALWARE_FAMILY = "MALWARE_FAMILY", + /** Type of the malware, relates with used attack techniques. */ + MALWARE_TYPE = "MALWARE_TYPE" } /** * A threat level that is posed by an app. diff --git a/www/MalwarelyticsPlugin.js b/www/MalwarelyticsPlugin.js index 6d03f1c..60e53c8 100644 --- a/www/MalwarelyticsPlugin.js +++ b/www/MalwarelyticsPlugin.js @@ -1061,6 +1061,16 @@ var InitializationResult; InitializationResult["TEMPORARY_OFFLINE_MODE"] = "TEMPORARY_OFFLINE_MODE"; InitializationResult["PERMANENT_OFFLINE_MODE"] = "PERMANENT_OFFLINE_MODE"; })(InitializationResult || (InitializationResult = {})); +/** Type of MalwareFlag. */ +var MalwareFlagType; +(function (MalwareFlagType) { + /** Unknown type of malware flag. */ + MalwareFlagType["UNKNOWN"] = "UNKNOWN"; + /** Name of the malware family. */ + MalwareFlagType["MALWARE_FAMILY"] = "MALWARE_FAMILY"; + /** Type of the malware, relates with used attack techniques. */ + MalwareFlagType["MALWARE_TYPE"] = "MALWARE_TYPE"; +})(MalwareFlagType || (MalwareFlagType = {})); /** Result of an update. */ var UpdateResult; (function (UpdateResult) { diff --git a/www/MalwarelyticsPlugin.module.d.ts b/www/MalwarelyticsPlugin.module.d.ts index 9b761a4..4801e20 100644 --- a/www/MalwarelyticsPlugin.module.d.ts +++ b/www/MalwarelyticsPlugin.module.d.ts @@ -818,17 +818,37 @@ export interface SmartProtectionResult { */ export interface ApkThreat { /** Package name (application Id) of the app posing a threat to the current app. */ - packageName: string; + readonly packageName: string; /** Threat index indicating severity of the threat. */ - threatIndex: ThreatIndex; + readonly threatIndex: ThreatIndex; + /** Evaluated threat index indicating severity of the threat. */ + readonly evaluatedThreatIndex: ThreatIndex; + /** Suggested threat index. If the value is `UNKNOWN` then there's no suggestion. */ + readonly suggestedThreatIndex: ThreatIndex; /** Optional name of malware detection. This is not bound to the thratIndex, can appear independently. */ - malwareDetectionName?: string; + readonly malwareDetectionName?: string; /** Set of recommended mitigations for handling the threat. */ - mitigations: ThreatMitigation[]; + readonly mitigations: ThreatMitigation[]; /** Evaluated threat reasons marking what is dangerous about the app. */ - reasons: ThreatReason[]; + readonly reasons: ThreatReason[]; /** Store the app was installed from (for example google play). */ - threatInstaller: ThreatInstaller; + readonly threatInstaller?: ThreatInstaller; + /** List of malware flags - malware types and malware families. */ + readonly flags: MalwareFlag[]; +} +/** Flag designating malware info. */ +export interface MalwareFlag { + readonly name: string; + readonly type: MalwareFlagType; +} +/** Type of MalwareFlag. */ +export declare enum MalwareFlagType { + /** Unknown type of malware flag. */ + UNKNOWN = "UNKNOWN", + /** Name of the malware family. */ + MALWARE_FAMILY = "MALWARE_FAMILY", + /** Type of the malware, relates with used attack techniques. */ + MALWARE_TYPE = "MALWARE_TYPE" } /** * A threat level that is posed by an app.