From 418e4bfd2631a31f2077be92f2478beabacc38af Mon Sep 17 00:00:00 2001
From: katze <katze@kunfoo.org>
Date: Tue, 2 Jan 2024 16:08:47 +0100
Subject: [PATCH 1/2] add exception handling if osanalytics is empty

---
 triangle_check/__init__.py | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/triangle_check/__init__.py b/triangle_check/__init__.py
index 4bb728f..eadd3f3 100644
--- a/triangle_check/__init__.py
+++ b/triangle_check/__init__.py
@@ -213,12 +213,15 @@ def scan_dir(self, backup_dir, backup_password, ask_password_func):
 
         with open(path_osanalytics, 'rb') as f:
             osanalytics = plistlib.load(f)
-        baseline = osanalytics['netUsageBaseline']
-        for package in baseline:
-            if package in process_IOCs_exact:
-                self.append_detection(baseline[package][0].replace(tzinfo=timezone.utc).timestamp(), ('exact', 'NetUsage', package))
-            if (package in process_IOCs_implicit) or (package in process_IOCs_exact):
-                self.append_timeline(baseline[package][0].replace(tzinfo=timezone.utc).timestamp(), ('NetUsage', package))
+        try:
+            baseline = osanalytics['netUsageBaseline']
+            for package in baseline:
+                if package in process_IOCs_exact:
+                    self.append_detection(baseline[package][0].replace(tzinfo=timezone.utc).timestamp(), ('exact', 'NetUsage', package))
+                if (package in process_IOCs_implicit) or (package in process_IOCs_exact):
+                    self.append_timeline(baseline[package][0].replace(tzinfo=timezone.utc).timestamp(), ('NetUsage', package))
+        except KeyError as ke:
+            print('Warning: it appears that device analytics has been disabled, detection of some IOCs must be skipped.')
 
         datausage = sqlite3.connect(path_datausage)
         data_cur = datausage.cursor()

From 72d58ae0703f31bd6e5f515482379fc64a5f1a96 Mon Sep 17 00:00:00 2001
From: katze <katze@kunfoo.org>
Date: Tue, 2 Jan 2024 17:27:49 +0100
Subject: [PATCH 2/2] add wrapper script to install and run

---
 run.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 run.sh

diff --git a/run.sh b/run.sh
new file mode 100644
index 0000000..a679e47
--- /dev/null
+++ b/run.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ $# -ne 1 -o ! -d "$1" ]; then
+  echo "usage: $0 PATH_TO_BACKUP_DIR"
+  exit 1
+fi
+
+python3 -m venv venv
+. venv/bin/activate
+pip3 install -r requirements.txt
+python3 -m triangle_check $1