From 4645cad8f214f680b4891aa2849ccc65c1a4d73f Mon Sep 17 00:00:00 2001 From: Tomas Kypta Date: Fri, 8 Mar 2024 18:00:23 +0100 Subject: [PATCH 1/2] Update ApkThreat with flags --- demoapp/www/css/index.css | 5 +++ demoapp/www/js/index.js | 7 +++- demoapp/www/js/index.ts | 7 +++- scripts/android/model/apkThreat/ApkThreat.ts | 37 ++++++++++++++++---- www/MalwarelyticsPlugin.d.ts | 32 +++++++++++++---- www/MalwarelyticsPlugin.js | 10 ++++++ www/MalwarelyticsPlugin.module.d.ts | 32 +++++++++++++---- 7 files changed, 110 insertions(+), 20 deletions(-) diff --git a/demoapp/www/css/index.css b/demoapp/www/css/index.css index 4fdce86..b234516 100644 --- a/demoapp/www/css/index.css +++ b/demoapp/www/css/index.css @@ -175,6 +175,11 @@ h1 { grid-column: 2; grid-row: 2; } +.threat-flags { + font-size: 8px; + grid-column: 2; + grid-row: 3; +} .threat-malware { color: #ac0b2a; } diff --git a/demoapp/www/js/index.js b/demoapp/www/js/index.js index 67d85f8..2e027f0 100644 --- a/demoapp/www/js/index.js +++ b/demoapp/www/js/index.js @@ -759,6 +759,11 @@ var demoApp = { else { icon = ""; } + var flagsDiv = ""; + if (apk.flags.length > 0) { + var flStr = apk.flags.map(function (fl) { return fl.type + ": " + fl.name; }); + flagsDiv = "
".concat(flStr.join('; '), "
"); + } var threatCls = ""; switch (apk.threatIndex) { case "MALWARE": @@ -771,7 +776,7 @@ var demoApp = { threatCls = "threat-dangerous"; break; } - node.innerHTML = "
".concat(icon, "
").concat(apkInfo.label || apk.packageName, "
").concat(apk.threatIndex, "
"); + node.innerHTML = "
".concat(icon, "
").concat(apkInfo.label || apk.packageName, "
").concat(apk.threatIndex, "
").concat(flagsDiv, "
"); appList.appendChild(node); }); return [3, 7]; diff --git a/demoapp/www/js/index.ts b/demoapp/www/js/index.ts index 5ad6bfc..9e6f81a 100644 --- a/demoapp/www/js/index.ts +++ b/demoapp/www/js/index.ts @@ -314,6 +314,11 @@ var demoApp = { } else { icon = `` } + var flagsDiv = ""; + if (apk.flags.length > 0) { + let flStr = apk.flags.map(fl => fl.type + ": " + fl.name) + flagsDiv = `
${flStr.join('; ')}
` + } var threatCls = "" switch (apk.threatIndex) { case "MALWARE": @@ -326,7 +331,7 @@ var demoApp = { threatCls = "threat-dangerous"; break; } - node.innerHTML = `
${icon}
${apkInfo.label || apk.packageName}
${apk.threatIndex}
`; + node.innerHTML = `
${icon}
${apkInfo.label || apk.packageName}
${apk.threatIndex}
${flagsDiv}
`; appList.appendChild(node); }); } catch(e) { diff --git a/scripts/android/model/apkThreat/ApkThreat.ts b/scripts/android/model/apkThreat/ApkThreat.ts index de1afd9..3a90c3c 100644 --- a/scripts/android/model/apkThreat/ApkThreat.ts +++ b/scripts/android/model/apkThreat/ApkThreat.ts @@ -6,20 +6,45 @@ interface ApkThreat { /** Package name (application Id) of the app posing a threat to the current app. */ - packageName: string; + readonly packageName: string; /** Threat index indicating severity of the threat. */ - threatIndex: ThreatIndex; + readonly threatIndex: ThreatIndex; + + /** Evaluated threat index indicating severity of the threat. */ + readonly evaluatedThreatIndex: ThreatIndex + + /** Suggested threat index. If the value is `UNKNOWN` then there's no suggestion. */ + readonly suggestedThreatIndex: ThreatIndex /** Optional name of malware detection. This is not bound to the thratIndex, can appear independently. */ - malwareDetectionName?: string; + readonly malwareDetectionName?: string; /** Set of recommended mitigations for handling the threat. */ - mitigations: ThreatMitigation[]; + readonly mitigations: ThreatMitigation[]; /** Evaluated threat reasons marking what is dangerous about the app. */ - reasons: ThreatReason[]; + readonly reasons: ThreatReason[]; /** Store the app was installed from (for example google play). */ - threatInstaller: ThreatInstaller; + readonly threatInstaller?: ThreatInstaller; + + /** List of malware flags - malware types and malware families. */ + readonly flags: MalwareFlag[]; +} + +/** Flag designating malware info. */ +interface MalwareFlag { + readonly name: string; + readonly type: MalwareFlagType; +} + +/** Type of MalwareFlag. */ +enum MalwareFlagType { + /** Unknown type of malware flag. */ + UNKNOWN = "UNKNOWN", + /** Name of the malware family. */ + MALWARE_FAMILY = "MALWARE_FAMILY", + /** Type of the malware, relates with used attack techniques. */ + MALWARE_TYPE = "MALWARE_TYPE" } \ No newline at end of file diff --git a/www/MalwarelyticsPlugin.d.ts b/www/MalwarelyticsPlugin.d.ts index 9d06476..4c7414e 100644 --- a/www/MalwarelyticsPlugin.d.ts +++ b/www/MalwarelyticsPlugin.d.ts @@ -789,17 +789,37 @@ interface SmartProtectionResult { */ interface ApkThreat { /** Package name (application Id) of the app posing a threat to the current app. */ - packageName: string; + readonly packageName: string; /** Threat index indicating severity of the threat. */ - threatIndex: ThreatIndex; + readonly threatIndex: ThreatIndex; + /** Evaluated threat index indicating severity of the threat. */ + readonly evaluatedThreatIndex: ThreatIndex; + /** Suggested threat index. If the value is `UNKNOWN` then there's no suggestion. */ + readonly suggestedThreatIndex: ThreatIndex; /** Optional name of malware detection. This is not bound to the thratIndex, can appear independently. */ - malwareDetectionName?: string; + readonly malwareDetectionName?: string; /** Set of recommended mitigations for handling the threat. */ - mitigations: ThreatMitigation[]; + readonly mitigations: ThreatMitigation[]; /** Evaluated threat reasons marking what is dangerous about the app. */ - reasons: ThreatReason[]; + readonly reasons: ThreatReason[]; /** Store the app was installed from (for example google play). */ - threatInstaller: ThreatInstaller; + readonly threatInstaller?: ThreatInstaller; + /** List of malware flags - malware types and malware families. */ + readonly flags: MalwareFlag[]; +} +/** Flag designating malware info. */ +interface MalwareFlag { + readonly name: string; + readonly type: MalwareFlagType; +} +/** Type of MalwareFlag. */ +declare enum MalwareFlagType { + /** Unknown type of malware flag. */ + UNKNOWN = "UNKNOWN", + /** Name of the malware family. */ + MALWARE_FAMILY = "MALWARE_FAMILY", + /** Type of the malware, relates with used attack techniques. */ + MALWARE_TYPE = "MALWARE_TYPE" } /** * A threat level that is posed by an app. diff --git a/www/MalwarelyticsPlugin.js b/www/MalwarelyticsPlugin.js index 95c569b..06d4284 100644 --- a/www/MalwarelyticsPlugin.js +++ b/www/MalwarelyticsPlugin.js @@ -1030,6 +1030,16 @@ var InitializationResult; InitializationResult["TEMPORARY_OFFLINE_MODE"] = "TEMPORARY_OFFLINE_MODE"; InitializationResult["PERMANENT_OFFLINE_MODE"] = "PERMANENT_OFFLINE_MODE"; })(InitializationResult || (InitializationResult = {})); +/** Type of MalwareFlag. */ +var MalwareFlagType; +(function (MalwareFlagType) { + /** Unknown type of malware flag. */ + MalwareFlagType["UNKNOWN"] = "UNKNOWN"; + /** Name of the malware family. */ + MalwareFlagType["MALWARE_FAMILY"] = "MALWARE_FAMILY"; + /** Type of the malware, relates with used attack techniques. */ + MalwareFlagType["MALWARE_TYPE"] = "MALWARE_TYPE"; +})(MalwareFlagType || (MalwareFlagType = {})); var CallState; (function (CallState) { CallState["IDLE"] = "IDLE"; diff --git a/www/MalwarelyticsPlugin.module.d.ts b/www/MalwarelyticsPlugin.module.d.ts index 064fcd4..dd1160f 100644 --- a/www/MalwarelyticsPlugin.module.d.ts +++ b/www/MalwarelyticsPlugin.module.d.ts @@ -789,17 +789,37 @@ export interface SmartProtectionResult { */ export interface ApkThreat { /** Package name (application Id) of the app posing a threat to the current app. */ - packageName: string; + readonly packageName: string; /** Threat index indicating severity of the threat. */ - threatIndex: ThreatIndex; + readonly threatIndex: ThreatIndex; + /** Evaluated threat index indicating severity of the threat. */ + readonly evaluatedThreatIndex: ThreatIndex; + /** Suggested threat index. If the value is `UNKNOWN` then there's no suggestion. */ + readonly suggestedThreatIndex: ThreatIndex; /** Optional name of malware detection. This is not bound to the thratIndex, can appear independently. */ - malwareDetectionName?: string; + readonly malwareDetectionName?: string; /** Set of recommended mitigations for handling the threat. */ - mitigations: ThreatMitigation[]; + readonly mitigations: ThreatMitigation[]; /** Evaluated threat reasons marking what is dangerous about the app. */ - reasons: ThreatReason[]; + readonly reasons: ThreatReason[]; /** Store the app was installed from (for example google play). */ - threatInstaller: ThreatInstaller; + readonly threatInstaller?: ThreatInstaller; + /** List of malware flags - malware types and malware families. */ + readonly flags: MalwareFlag[]; +} +/** Flag designating malware info. */ +export interface MalwareFlag { + readonly name: string; + readonly type: MalwareFlagType; +} +/** Type of MalwareFlag. */ +export declare enum MalwareFlagType { + /** Unknown type of malware flag. */ + UNKNOWN = "UNKNOWN", + /** Name of the malware family. */ + MALWARE_FAMILY = "MALWARE_FAMILY", + /** Type of the malware, relates with used attack techniques. */ + MALWARE_TYPE = "MALWARE_TYPE" } /** * A threat level that is posed by an app. From f567d5e706a5925d37d635a02fe43f8c6e158a5a Mon Sep 17 00:00:00 2001 From: Tomas Kypta Date: Fri, 8 Mar 2024 18:01:38 +0100 Subject: [PATCH 2/2] Update release notes --- docs/Release-Notes.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/Release-Notes.md b/docs/Release-Notes.md index fb1ee0a..f7bb030 100644 --- a/docs/Release-Notes.md +++ b/docs/Release-Notes.md @@ -4,6 +4,8 @@ ### Release 5.1.1-dev +- Update ApkThreat with flags (#89) + ## Previous Releases