def target(self, queue):
results = []
#TODO: add documentation for available API calls. Sample shown below.
# Here, we want to scan all decompiled files to see if any file contains the text "API_KEY"
possibleFiles = common.text_scan(common.java_files, r'API_KEY')
count = 0
for f in possibleFiles:
count += 1
# The following call generates the progress bar in the terminal output
pub.sendMessage('progress', bar=self.getName(), percent=round(count*100/len(possibleFiles)))
# Mostly for logging. This goes in the log file generated under /logs
common.logger.debug("Text found, " + str(f))
# This will put individual results of the plugin scan in the HTML report.
issue = ReportIssue()
issue.setCategory(ExploitType.PLUGIN)
issue.setDetails("The string 'API_KEY' appears in the file: %s\n%s" % (f[1], str(f[0])))
issue.setFile(str(f[1]))
issue.setSeverity(Severity.VULNERABILITY)
results.append(issue)
# This puts individual results of the plugin scan in the terminal output.
issue = terminalPrint()
issue.setLevel(Severity.VULNERABILITY)
issue.setData("The string 'API_KEY' appears in the file: %s\n%s" % (f[1], str(f[0])))
results.append(issue)
# This is required to send the complete list of results (including the ones to be printed on terminal as well as
# issues to be printed in tht HTML report) back to the main thread.
queue.put(results)
def target(self, queue):
results = []
#TODO: add documentation for available API calls. Sample shown below.
# Here, we want to scan all decompiled files to see if any file contains the text "pass"
possibleFiles = common.text_scan(common.java_files, r'pass')
count = 0
for f in possibleFiles:
count += 1
# The following call generates the progress bar in the terminal output
pub.sendMessage('progress', bar=self.getName(), percent=round(count*100/len(possibleFiles)))
# Mostly for logging. This goes in the log file generated under /logs
common.logger.debug("Text found, " + str(f))
issue = ReportIssue()
# This will put individual results of the plugin scan in the HTML report.
issue.setCategory(ExploitType.PLUGIN)
issue.setDetails("The string 'pass' appears in the file: %s\n%s" % (f[1], str(f[0])))
issue.setFile(str(f[1]))
issue.setSeverity(Severity.VULNERABILITY)
results.append(issue)
# This puts individual results of the plugin scan in the terminal output.
issue = terminalPrint()
issue.setLevel(Severity.VULNERABILITY)
issue.setData("The string 'pass' appears in the file: %s\n%s" % (f[1], str(f[0])))
results.append(issue)
# This is required to send the complete list of results (including the ones to be printed on terminal as well as
# issues to be printed in tht HTML report) back to the main thread.
queue.put(results)
def target(self, queue):
results = []
possibleFiles = common.text_scan(common.java_files, r'API_KEY')
count = 0
for f in possibleFiles:
count += 1
pub.sendMessage('progress',
bar=self.getName(),
percent=round(count * 100 / len(possibleFiles)))
common.logger.debug("Text found, " + str(f))
issue = ReportIssue()
issue.setCategory(ExploitType.PLUGIN)
issue.setDetails(
"The string 'API_KEY' appears in the file: %s\n%s" %
(f[1], str(f[0])))
issue.setFile(str(f[1]))
issue.setSeverity(Severity.VULNERABILITY)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.VULNERABILITY)
issue.setData("The string 'API_KEY' appears in the file: %s\n%s" %
(f[1], str(f[0])))
results.append(issue)
queue.put(results)
def reportInfo(fileName, details, res):
# put results in HTML report
issue = ReportIssue()
issue.setCategory(ExploitType.PLUGIN)
issue.setSeverity(Severity.INFO)
issue.setFile(fileName)
issue.setDetails(details)
res.append(issue)
# put results in terminal output
issue = terminalPrint()
issue.setLevel(Severity.INFO)
issue.setData(details)
res.append(issue)
def reportInfo(fileName, details, res):
# put results in HTML report
issue = ReportIssue()
issue.setCategory(ExploitType.PLUGIN)
issue.setSeverity(Severity.INFO)
issue.setFile(fileName)
issue.setDetails(details)
res.append(issue)
# put results in terminal output
issue = terminalPrint()
issue.setLevel(Severity.INFO)
issue.setData(details)
res.append(issue)
def target(self, queue):
results = []
possibleFiles = common.text_scan(common.java_files, r'pass')
count = 0
for f in possibleFiles:
count += 1
pub.sendMessage('progress', bar=self.getName(), percent=round(count*100/len(possibleFiles)))
common.logger.debug("Text found, " + str(f))
issue = ReportIssue()
issue.setCategory(ExploitType.PLUGIN)
issue.setDetails("The string 'pass' appears in the file: %s\n%s" % (f[1], str(f[0])))
issue.setFile(str(f[1]))
issue.setSeverity(Severity.VULNERABILITY)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.VULNERABILITY)
issue.setData("The string 'pass' appears in the file: %s\n%s" % (f[1], str(f[0])))
results.append(issue)
queue.put(results)
def target(self, queue):
permissions = self.getUserCreatedPermissions()
# full path to app manifest
manifest_path = qarkMain.find_manifest_in_source()
# plugin scan results
results = []
count = 0
for permission in permissions:
count += 1
# update progress bar
pub.sendMessage('progress', bar=self.getName(), percent=round(count * 100 / len(permissions)))
# put results in HTML report
issue = ReportIssue()
issue.setCategory(ExploitType.PLUGIN)
issue.setSeverity(Severity.VULNERABILITY)
issue.setFile(manifest_path)
details = ""
if self.isDangerousPermission(permission):
# found permission with protection level set to "dangerous"
details += "User created permission with DANGEROUS protection level: %s" % permission
else:
details += "User created permission: %s" % permission
issue.setDetails(details)
results.append(issue)
# put results in terminal output
issue = terminalPrint()
issue.setLevel(Severity.VULNERABILITY)
issue.setData(details)
results.append(issue)
# send all results back to main thread
queue.put(results)
def target(self, queue):
permissions = self.getUserCreatedPermissions()
# full path to app manifest
manifest_path = qarkMain.find_manifest_in_source()
# plugin scan results
results = []
count = 0
for permission in permissions:
count += 1
# update progress bar
pub.sendMessage("progress", bar=self.getName(), percent=round(count * 100 / len(permissions)))
# put results in HTML report
issue = ReportIssue()
issue.setCategory(ExploitType.PLUGIN)
issue.setSeverity(Severity.VULNERABILITY)
issue.setFile(manifest_path)
details = ""
if self.isDangerousPermission(permission):
# found permission with protection level set to "dangerous"
details += "User created permission with DANGEROUS protection level: %s" % permission
else:
details += "User created permission: %s" % permission
issue.setDetails(details)
results.append(issue)
# put results in terminal output
issue = terminalPrint()
issue.setLevel(Severity.VULNERABILITY)
issue.setData(details)
results.append(issue)
# send all results back to main thread
queue.put(results)