def target(self, queue):
# get all decompiled files that contains usage of TelephonyManager
files = common.text_scan(common.java_files, self.telephonyManagerRegex)
res = []
count = 0
for f in files:
count += 1
pub.sendMessage('progress', bar=self.getName(), percent=round(count * 100 / len(files)))
# get decompiled file body
fileName = f[1]
with open(fileName, 'r') as fi:
fileBody = fi.read()
# report if file contains inline call
if PluginUtil.contains(self.inlineRegex, fileBody):
PluginUtil.reportInfo(fileName, self.PhoneIdentifierIssueDetails(fileName), res)
break
# report if any TelephonyManager variables invokes calls to get phone identifiers
for varName in PluginUtil.returnGroupMatches(self.varNameRegex, 2, fileBody):
if PluginUtil.contains(r'%s\.(getLine1Number|getDeviceId)\(.*?\)' % varName, fileBody):
PluginUtil.reportInfo(fileName, self.PhoneIdentifierIssueDetails(fileName), res)
break
queue.put(res)
def target(self, queue):
# get all decompiled files that contains usage of WebView
files = common.text_scan(common.java_files, self.webViewRegex)
res = []
count = 0
for f in files:
count += 1
pub.sendMessage('progress',
bar=self.getName(),
percent=round(count * 100 / len(files)))
# get decompiled file body
fileName = f[1]
with open(fileName, 'r') as fi:
fileBody = fi.read()
# report if file contains any inline calls
if PluginUtil.contains(self.inlineRegex, fileBody):
PluginUtil.reportIssue(fileName,
self.createIssueDetails(fileName), res)
break
# report if any WebView variables invoke calls
for varName in PluginUtil.returnGroupMatches(
self.varNameRegex, 2, fileBody):
if PluginUtil.contains(
r'%s\.addJavascriptInterface\(.*?\)' % varName,
fileBody):
PluginUtil.reportIssue(fileName,
self.createIssueDetails(fileName),
res)
break
queue.put(res)
def target(self, queue):
# get all decompiled files that contains usage of TelephonyManager
files = common.text_scan(common.java_files, self.telephonyManagerRegex)
res = []
count = 0
for f in files:
count += 1
pub.sendMessage('progress',
bar=self.getName(),
percent=round(count * 100 / len(files)))
# get decompiled file body
fileName = f[1]
with open(fileName, 'r') as fi:
fileBody = fi.read()
# report if file contains inline call
if PluginUtil.contains(self.inlineRegex, fileBody):
PluginUtil.reportInfo(
fileName, self.PhoneIdentifierIssueDetails(fileName), res)
break
# report if any TelephonyManager variables invokes calls to get phone identifiers
for varName in PluginUtil.returnGroupMatches(
self.varNameRegex, 2, fileBody):
if PluginUtil.contains(
r'%s\.(getLine1Number|getDeviceId)\(.*?\)' % varName,
fileBody):
PluginUtil.reportInfo(
fileName, self.PhoneIdentifierIssueDetails(fileName),
res)
break
queue.put(res)
def target(self, queue):
# get all decompiled files that contains usage of WebView
files = common.text_scan(common.java_files, self.webViewRegex)
res = []
count = 0
for f in files:
count += 1
pub.sendMessage('progress', bar=self.getName(), percent=round(count * 100 / len(files)))
# get decompiled file body
fileName = f[1]
with open(fileName, 'r') as fi:
fileBody = fi.read()
# report if file contains any inline calls
if PluginUtil.contains(self.inlineRegex, fileBody):
PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res)
break
# report if any WebView variables invoke calls
for varName in PluginUtil.returnGroupMatches(self.varNameRegex, 2, fileBody):
if PluginUtil.contains(r'%s\.addJavascriptInterface\(.*?\)' % varName, fileBody):
PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res)
break
queue.put(res)
def testGetVarNameInstantiation():
text = 'TelephonyManager paramContext = (TelephonyManager)paramContext.getSystemService("phone"));'
res = PluginUtil.returnGroupMatches(plugin.varNameRegex, 2, text)
assert len(res) == 1
assert res[0] == 'paramContext'
def testGetVarNameLastArgument():
text = 'void func(int i, TelephonyManager paramContext)'
res = PluginUtil.returnGroupMatches(plugin.varNameRegex, 2, text)
assert len(res) == 1
assert res[0] == 'paramContext'
def testGetVarNameWithoutPackageName():
text = 'TelephonyManager paramContext;'
res = PluginUtil.returnGroupMatches(plugin.varNameRegex, 2, text)
assert len(res) == 1
assert res[0] == 'paramContext'
def testGetVarNameInstantiation():
text = 'TelephonyManager paramContext = (TelephonyManager)paramContext.getSystemService("phone"));'
res = PluginUtil.returnGroupMatches(plugin.varNameRegex, 2, text)
assert len(res) == 1
assert res[0] == 'paramContext'
def testGetVarNameLastArgument():
text = 'void func(int i, TelephonyManager paramContext)'
res = PluginUtil.returnGroupMatches(plugin.varNameRegex, 2, text)
assert len(res) == 1
assert res[0] == 'paramContext'
def testGetVarNameWithoutPackageName():
text = 'TelephonyManager paramContext;'
res = PluginUtil.returnGroupMatches(plugin.varNameRegex, 2, text)
assert len(res) == 1
assert res[0] == 'paramContext'
def testGetVarNameInstantiation():
text = 'WebView webView = new WebView(context);'
res = PluginUtil.returnGroupMatches(plugin.varNameRegex, 2, text)
assert len(res) == 1
assert res[0] == 'webView'
def testGetVarNameLastArgument():
text = 'void func(int i, WebView webView)'
res = PluginUtil.returnGroupMatches(plugin.varNameRegex, 2, text)
assert len(res) == 1
assert res[0] == 'webView'
def testGetVarNameWithoutPackageName():
text = 'WebView webView;'
res = PluginUtil.returnGroupMatches(plugin.varNameRegex, 2, text)
assert len(res) == 1
assert res[0] == 'webView'
def testOneGroupMatch():
res = PluginUtil.returnGroupMatches(r'(test123)', 1, 'test321test123test321')
assert len(res) == 1
assert res[0] == 'test123'
def testZeroGroupMatches():
assert len(PluginUtil.returnGroupMatches(r'(test123)', 1, 'test321')) == 0
def testTwoGroupMatches():
res = PluginUtil.returnGroupMatches(r'(test123)', 1, 'test123test321test123')
assert len(res) == 2
assert res[0] == 'test123'
assert res[1] == 'test123'