common.sourceDirectory = common.pathToUnpackedAPK elif os.path.exists(common.sourceDirectory): common.logger.info("Using "+common.sourceDirectory+" as the project source directory") else: common.sourceDirectory = os.path.abspath(raw_input(common.config.get('qarkhelper', 'SOURCE_PROMPT'))).rstrip() common.sourceDirectory = re.sub("\\\\\s",' ',common.sourceDirectory) except IOError: common.logger.error("Oops! all hope is lost \n %s", IOError.message) else: unpackAPK.decompile(common.pathToDEX) if common.pathToUnpackedAPK != "": common.logger.info('Decompiled code found at:%s', common.pathToUnpackedAPK) common.sourceDirectory = common.pathToUnpackedAPK #find all java files common.java_files=common.find_java(common.sourceDirectory) #find all R.java files common.xml_files=common.find_xml(common.sourceDirectory) if common.interactive_mode: stop_point = raw_input("Press ENTER key to begin Static Code Analysis") #Regex to look for collection of deviceID #Regex to determine if WebViews are imported wv_imp_rex=r'android.webkit.WebView' cp_imp_rex=r'android.content.ContentProvider' #Run through all files, look for regex, print warning/info text and lines of code, with file names/paths cert_queue = Queue() pending_intents_queue = Queue() file_permission_queue = Queue()
def findAllJavaFiles(): return common.find_java(rootGoatdroidDir)
common.sourceDirectory = common.pathToUnpackedAPK elif os.path.exists(common.sourceDirectory): common.logger.info("Using "+common.sourceDirectory+" as the project source directory") else: common.sourceDirectory = os.path.abspath(raw_input(common.config.get('qarkhelper', 'SOURCE_PROMPT'))).rstrip() common.sourceDirectory = re.sub("\\\\\s",' ',common.sourceDirectory) except IOError: common.logger.error("Oops! all hope is lost \n %s", IOError.message) else: unpackAPK.decompile(common.pathToDEX) if common.pathToUnpackedAPK != "": common.logger.info('Decompiled code found at:%s', common.pathToUnpackedAPK) common.sourceDirectory = common.pathToUnpackedAPK #find all java files common.java_files=common.find_java(common.sourceDirectory) if common.interactive_mode: stop_point = raw_input("Press ENTER key to begin Static Code Analysis") #Regex to look for collection of deviceID #Regex to determine if WebViews are imported wv_imp_rex=r'android.webkit.WebView' cp_imp_rex=r'android.content.ContentProvider' #Run through all files, look for regex, print warning/info text and lines of code, with file names/paths cert_queue = Queue() pending_intents_queue = Queue() file_permission_queue = Queue() web_view_queue = Queue() find_broadcast_queue = Queue() crypto_flaw_queue = Queue()