def verify_custom_permissions():
"""
Verify if the application defines any custom permissions
"""
#check for custom permissions and protection level
for node in common.xmldoc.getElementsByTagName('permission'):
if 'android:protectionLevel' in node.attributes.keys():
if (node.attributes['android:protectionLevel'].value == 'signature'
or node.attributes['android:protectionLevel'].value
== 'signatureOrSystem'):
#TODO - Add API check to ignore this for unaffected versions
if common.minSdkVersion < 21:
report.write_badger(
"manifest-issues", common.Severity.WARNING,
"Permission: " +
node.attributes['android:name'].value +
common.config.get('qarkhelper', 'PERM_SNATCH_SIG'))
logger.warn(
"Permission: " +
node.attributes['android:name'].value + " " +
common.config.get('qarkhelper', 'PERM_SNATCH_SIG'))
else:
#need to research if this represents some type of error condition
report.write_badger(
"manifest-issues", common.Severity.INFO,
common.config.get('qarkhelper', 'NO_PERM_PROT'))
logger.debug(common.config.get('qarkhelper', 'NO_PERM_PROT'))
return
def verify_debuggable(app):
'''
Verify whether the debuggable flag is set in the manifest
'''
if 'android:debuggable' in app[0].attributes.keys():
if app[0].attributes['android:debuggable'].value == 'true':
report.write_badger("manifest-issues", common.Severity.VULNERABILITY, "The android:debuggable flag is manually set to true in the AndroidManifest.xml. This will cause your application to be debuggable in production builds and can result in data leakage and other security issues. It is not necessary to set the android:debuggable flag in the manifest, it will be set appropriately automatically by the tools. More info: http://developer.android.com/guide/topics/manifest/application-element.html#debug")
common.logger.log(common.VULNERABILITY_LEVEL, "The android:debuggable flag is manually set to true in the AndroidManifest.xml. This will cause your application to be debuggable in production builds and can result in data leakage and other security issues. It is not necessary to set the android:debuggable flag in the manifest, it will be set appropriately automatically by the tools. More info: http://developer.android.com/guide/topics/manifest/application-element.html#debug")
return
def verify_debuggable(app):
'''
Verify whether the debuggable flag is set in the manifest
'''
if 'android:debuggable' in app[0].attributes.keys():
if app[0].attributes['android:debuggable'].value == 'true':
report.write_badger(
"manifest-issues", common.Severity.VULNERABILITY,
"The android:debuggable flag is manually set to true in the AndroidManifest.xml. This will cause your application to be debuggable in production builds and can result in data leakage and other security issues. It is not necessary to set the android:debuggable flag in the manifest, it will be set appropriately automatically by the tools. More info: http://developer.android.com/guide/topics/manifest/application-element.html#debug"
)
common.logger.log(
common.VULNERABILITY_LEVEL,
"The android:debuggable flag is manually set to true in the AndroidManifest.xml. This will cause your application to be debuggable in production builds and can result in data leakage and other security issues. It is not necessary to set the android:debuggable flag in the manifest, it will be set appropriately automatically by the tools. More info: http://developer.android.com/guide/topics/manifest/application-element.html#debug"
)
return
def verify_custom_permissions():
"""
Verify if the application defines any custom permissions
"""
#check for custom permissions and protection level
for node in common.xmldoc.getElementsByTagName('permission'):
if 'android:protectionLevel' in node.attributes.keys():
if (node.attributes['android:protectionLevel'].value == 'signature' or node.attributes['android:protectionLevel'].value == 'signatureOrSystem'):
#TODO - Add API check to ignore this for unaffected versions
if common.minSdkVersion<21:
report.write_badger("manifest-issues", common.Severity.WARNING, "Permission: " + node.attributes['android:name'].value + common.config.get('qarkhelper', 'PERM_SNATCH_SIG'))
logger.warn("Permission: " + node.attributes['android:name'].value + " " + common.config.get('qarkhelper', 'PERM_SNATCH_SIG') )
else:
#need to research if this represents some type of error condition
report.write_badger("manifest-issues", common.Severity.INFO, common.config.get('qarkhelper', 'NO_PERM_PROT'))
logger.debug(common.config.get('qarkhelper', 'NO_PERM_PROT'))
return
def verify_allow_backup(app):
"""
Check if AllowBackup option is enabled in manifest.xml
"""
try:
if 'android:allowBackup' in app[0].attributes.keys():
if app[0].attributes['android:allowBackup'].value == 'true':
report.write_badger("manifest-issues", common.Severity.WARNING, common.config.get('qarkhelper', 'WARN_BACK'))
logger.warn(common.config.get('qarkhelper', 'WARN_BACK'))
else:
report.write_badger("manifest-issues", common.Severity.INFO, common.config.get('qarkhelper', 'BACK_OK'))
logger.info(common.config.get('qarkhelper', 'BACK_OK'))
else:
report.write_badger("manifest-issues", common.Severity.INFO, common.config.get('qarkhelper', 'WARN_BACK_MISSING'))
logger.warn(common.config.get('qarkhelper', 'WARN_BACK_MISSING'))
return
except Exception as e:
print e.message
def verify_allow_backup(app):
"""
Check if AllowBackup option is enabled in manifest.xml
"""
try:
if 'android:allowBackup' in app[0].attributes.keys():
if app[0].attributes['android:allowBackup'].value == 'true':
report.write_badger(
"manifest-issues", common.Severity.WARNING,
common.config.get('qarkhelper', 'WARN_BACK'))
logger.warn(common.config.get('qarkhelper', 'WARN_BACK'))
else:
report.write_badger("manifest-issues", common.Severity.INFO,
common.config.get('qarkhelper', 'BACK_OK'))
logger.info(common.config.get('qarkhelper', 'BACK_OK'))
else:
report.write_badger(
"manifest-issues", common.Severity.INFO,
common.config.get('qarkhelper', 'WARN_BACK_MISSING'))
logger.warn(common.config.get('qarkhelper', 'WARN_BACK_MISSING'))
return
except Exception as e:
print e.message
def recursive_broadcast_finder(t, results):
if type(t) is m.MethodDeclaration:
if str(t.name) == 'sendBroadcast':
common.logger.debug(
"It appears the sendBroadcast method may be overridden in this class. The following findings for this class may be false positives"
)
if str(t.name) == 'sendBroadcastAsUser':
common.logger.debug(
"It appears the sendBroadcastAsUser method may be overridden in this class. The following findings for this class may be false positives"
)
if str(t.name) == 'sendOrderedBroadcast':
common.logger.debug(
"It appears the sendOrderedBroadcast method may be overridden in this class. The following findings for this class may be false positives"
)
if str(t.name) == 'sendOrderedBroadcastAsUser':
common.logger.debug(
"It appears the sendOrderedBroadcastAsUser method may be overridden in this class. The following findings for this class may be false positives"
)
if str(t.name) == 'sendStickyBroadcast':
common.logger.debug(
"It appears the sendStickyBroadcast method may be overridden in this class. The following findings for this class may be false positives"
)
if str(t.name) == 'sendStickyBroadcastAsUser':
common.logger.debug(
"It appears the sendStickyBroadcastAsUser method may be overridden in this class. The following findings for this class may be false positives"
)
if str(t.name) == 'sendStickyOrderedBroadcast':
common.logger.debug(
"It appears the sendStickyOrderedBroadcast method may be overridden in this class. The following findings for this class may be false positives"
)
if str(t.name) == 'sendStickyOrderedBroadcastAsUser':
common.logger.debug(
"It appears the sendStickyOrderedBroadcastAsUser method may be overridden in this class. The following findings for this class may be false positives"
)
if type(t) is m.MethodInvocation:
if str(t.name) == 'sendBroadcast':
if len(t.arguments) == 1:
#We need to ensure this isn't a local broadcast
#TODO - There is a lot more we need to do to fully qualify this, but should be good enough for now
if local_broadcast_manager_imported() == True:
common.logger.debug(tree)
else:
report.write_badger("manifest-issues",
modules.common.Severity.INFO,
"NO IMPORT")
common.logger.debug("FOUND A sendBroadcast")
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails(
"A broadcast is sent from this class: " +
str(current_file) +
", which does not specify the receiverPermission. This means any application on the device can receive this broadcast. You should investigate this for potential data leakage."
)
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData(
"A broadcast is sent from this class: " +
str(current_file) +
", which does not specify the receiverPermission. This means any application on the device can receive this broadcast. You should investigate this for potential data leakage."
)
results.append(issue)
elif len(t.arguments) == 2:
if common.minSdkVersion < 21:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails(
"A broadcast is sent from this class: " +
str(current_file) +
", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage."
)
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData(
"A broadcast is sent from this class: " +
str(current_file) +
", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage."
)
results.append(issue)
else:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails(
"A broadcast is sent from this class: " +
str(current_file) +
", which specifies the receiverPermission, but depending on the protection level of the permission (on the receiving app side), may still be vulnerable to interception, if the protection level of the permission is not set to signature or signatureOrSystem. You should investigate this for potential data leakage."
)
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData(
"A broadcast is sent from this class: " +
str(current_file) +
", which specifies the receiverPermission, but depending on the protection level of the permission (on the receiving app side), may still be vulnerable to interception, if the protection level of the permission is not set to signature or signatureOrSystem. You should investigate this for potential data leakage."
)
results.append(issue)
elif str(t.name) == 'sendBroadcastAsUser':
if len(t.arguments) == 2:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails(
"A broadcast, as a specific user, is sent from this class: "
+ str(current_file) +
", which does not specify the receiverPermission. This means any application on the device can receive this broadcast. You should investigate this for potential data leakage."
)
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData(
"A broadcast, as a specific user, is sent from this class: "
+ str(current_file) +
", which does not specify the receiverPermission. This means any application on the device can receive this broadcast. You should investigate this for potential data leakage."
)
results.append(issue)
elif len(t.arguments) == 3:
if common.minSdkVersion < 21:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails(
"A broadcast, as a specific user, is sent from this class: "
+ str(current_file) +
", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage."
)
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData(
"A broadcast, as a specific user, is sent from this class: "
+ str(current_file) +
", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage."
)
results.append(issue)
else:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails(
"A broadcast, as a specific user, is sent from this class: "
+ str(current_file) +
", which specifies the receiverPermission, but depending on the protection level of the permission (on the receiving app side), may still be vulnerable to interception, if the protection level of the permission is not set to signature or signatureOrSystem. You should investigate this for potential data leakage."
)
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData(
"A broadcast, as a specific user, is sent from this class: "
+ str(current_file) +
", which specifies the receiverPermission, but depending on the protection level of the permission (on the receiving app side), may still be vulnerable to interception, if the protection level of the permission is not set to signature or signatureOrSystem. You should investigate this for potential data leakage."
)
results.append(issue)
elif str(t.name) == 'sendOrderedBroadcast':
if ((len(t.arguments) == 2) or (len(t.arguments) == 7)):
if common.minSdkVersion < 21:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails(
"An ordered broadcast, as a specific user, is sent from this class: "
+ str(current_file) +
", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage."
)
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData(
"An ordered broadcast, as a specific user, is sent from this class: "
+ str(current_file) +
", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage."
)
results.append(issue)
else:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails(
"An ordered broadcast, as a specific user, is sent from this class: "
+ str(current_file) +
", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage."
)
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData(
"An ordered broadcast, as a specific user, is sent from this class: "
+ str(current_file) +
", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage."
)
results.append(issue)
elif str(t.name) == 'sendOrderedBroadcastAsUser':
if len(t.arguments) == 7:
if common.minSdkVersion < 21:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails(
"An ordered broadcast, as a specific user, is sent from this class: "
+ str(current_file) +
", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage."
)
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData(
"An ordered broadcast, as a specific user, is sent from this class: "
+ str(current_file) +
", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage."
)
results.append(issue)
else:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails(
"An ordered broadcast, as a specific user, is sent from this class: "
+ str(current_file) +
", which specifies the receiverPermission, but depending on the protection level of the permission (on the receiving app side), may still be vulnerable to interception, if the protection level of the permission is not set to signature or signatureOrSystem. You should investigate this for potential data leakage."
)
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData(
"An ordered broadcast, as a specific user, is sent from this class: "
+ str(current_file) +
", which specifies the receiverPermission, but depending on the protection level of the permission (on the receiving app side), may still be vulnerable to interception, if the protection level of the permission is not set to signature or signatureOrSystem. You should investigate this for potential data leakage."
)
results.append(issue)
elif str(t.name) == 'sendStickyBroadcast':
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails(
"A sticky broadcast is sent from this class: " +
str(current_file) +
". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html"
)
issue.setFile(str(current_file))
issue.setSeverity(Severity.VULNERABILITY)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.VULNERABILITY)
issue.setData(
"A sticky broadcast is sent from this class: " +
str(current_file) +
". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html"
)
results.append(issue)
elif str(t.name) == 'sendStickyBroadcastAsUser':
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails(
"A sticky user broadcast is sent from this class: " +
str(current_file) +
". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html"
)
issue.setFile(str(current_file))
issue.setSeverity(Severity.VULNERABILITY)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.VULNERABILITY)
issue.setData(
"A sticky user broadcast is sent from this class: " +
str(current_file) +
". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html"
)
results.append(issue)
elif str(t.name) == 'sendStickyOrderedBroadcast':
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails(
"A sticky ordered broadcast is sent from this class: " +
str(current_file) +
". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html"
)
issue.setFile(str(current_file))
issue.setSeverity(Severity.VULNERABILITY)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.VULNERABILITY)
issue.setData(
"A sticky ordered broadcast is sent from this class: " +
str(current_file) +
". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html"
)
results.append(issue)
elif str(t.name) == 'sendStickyOrderedBroadcastAsUser':
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails(
"A sticky ordered user broadcast is sent from this class: " +
str(current_file) +
". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html"
)
issue.setFile(str(current_file))
issue.setSeverity(Severity.VULNERABILITY)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.VULNERABILITY)
issue.setData(
"A sticky ordered user broadcast is sent from this class: " +
str(current_file) +
". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html"
)
results.append(issue)
elif hasattr(t, '_fields'):
for g in t._fields:
recursive_broadcast_finder(getattr(t, g), results)
elif type(t) is list:
for l in t:
recursive_broadcast_finder(l, results)
elif hasattr(t, '_fields'):
for f in t._fields:
if type(getattr(t, f)) is not str:
recursive_broadcast_finder(getattr(t, f), results)
return
def recursive_broadcast_finder(t,results):
if type(t) is m.MethodDeclaration:
if str(t.name) == 'sendBroadcast':
common.logger.debug("It appears the sendBroadcast method may be overridden in this class. The following findings for this class may be false positives")
if str(t.name) == 'sendBroadcastAsUser':
common.logger.debug("It appears the sendBroadcastAsUser method may be overridden in this class. The following findings for this class may be false positives")
if str(t.name) == 'sendOrderedBroadcast':
common.logger.debug("It appears the sendOrderedBroadcast method may be overridden in this class. The following findings for this class may be false positives")
if str(t.name) == 'sendOrderedBroadcastAsUser':
common.logger.debug("It appears the sendOrderedBroadcastAsUser method may be overridden in this class. The following findings for this class may be false positives")
if str(t.name) == 'sendStickyBroadcast':
common.logger.debug("It appears the sendStickyBroadcast method may be overridden in this class. The following findings for this class may be false positives")
if str(t.name) == 'sendStickyBroadcastAsUser':
common.logger.debug("It appears the sendStickyBroadcastAsUser method may be overridden in this class. The following findings for this class may be false positives")
if str(t.name) == 'sendStickyOrderedBroadcast':
common.logger.debug("It appears the sendStickyOrderedBroadcast method may be overridden in this class. The following findings for this class may be false positives")
if str(t.name) == 'sendStickyOrderedBroadcastAsUser':
common.logger.debug("It appears the sendStickyOrderedBroadcastAsUser method may be overridden in this class. The following findings for this class may be false positives")
if type(t) is m.MethodInvocation:
if str(t.name) == 'sendBroadcast':
if len(t.arguments)==1:
#We need to ensure this isn't a local broadcast
#TODO - There is a lot more we need to do to fully qualify this, but should be good enough for now
if local_broadcast_manager_imported()==True:
common.logger.debug(tree)
else:
report.write_badger("manifest-issues", modules.common.Severity.INFO, "NO IMPORT")
common.logger.debug("FOUND A sendBroadcast")
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails("A broadcast is sent from this class: " + str(current_file) + ", which does not specify the receiverPermission. This means any application on the device can receive this broadcast. You should investigate this for potential data leakage.")
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData("A broadcast is sent from this class: " + str(current_file) + ", which does not specify the receiverPermission. This means any application on the device can receive this broadcast. You should investigate this for potential data leakage.")
results.append(issue)
elif len(t.arguments)==2:
if common.minSdkVersion<21:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails("A broadcast is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage.")
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData("A broadcast is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage.")
results.append(issue)
else:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails("A broadcast is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but depending on the protection level of the permission (on the receiving app side), may still be vulnerable to interception, if the protection level of the permission is not set to signature or signatureOrSystem. You should investigate this for potential data leakage.")
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData("A broadcast is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but depending on the protection level of the permission (on the receiving app side), may still be vulnerable to interception, if the protection level of the permission is not set to signature or signatureOrSystem. You should investigate this for potential data leakage.")
results.append(issue)
elif str(t.name) == 'sendBroadcastAsUser':
if len(t.arguments)==2:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails("A broadcast, as a specific user, is sent from this class: " + str(current_file) + ", which does not specify the receiverPermission. This means any application on the device can receive this broadcast. You should investigate this for potential data leakage.")
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData("A broadcast, as a specific user, is sent from this class: " + str(current_file) + ", which does not specify the receiverPermission. This means any application on the device can receive this broadcast. You should investigate this for potential data leakage.")
results.append(issue)
elif len(t.arguments)==3:
if common.minSdkVersion<21:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails("A broadcast, as a specific user, is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage.")
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData("A broadcast, as a specific user, is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage.")
results.append(issue)
else:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails("A broadcast, as a specific user, is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but depending on the protection level of the permission (on the receiving app side), may still be vulnerable to interception, if the protection level of the permission is not set to signature or signatureOrSystem. You should investigate this for potential data leakage.")
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData("A broadcast, as a specific user, is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but depending on the protection level of the permission (on the receiving app side), may still be vulnerable to interception, if the protection level of the permission is not set to signature or signatureOrSystem. You should investigate this for potential data leakage.")
results.append(issue)
elif str(t.name) == 'sendOrderedBroadcast':
if ((len(t.arguments)==2) or (len(t.arguments)==7)):
if common.minSdkVersion<21:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails("An ordered broadcast, as a specific user, is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage.")
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData("An ordered broadcast, as a specific user, is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage.")
results.append(issue)
else:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails("An ordered broadcast, as a specific user, is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage.")
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData("An ordered broadcast, as a specific user, is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage.")
results.append(issue)
elif str(t.name) == 'sendOrderedBroadcastAsUser':
if len(t.arguments)==7:
if common.minSdkVersion<21:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails("An ordered broadcast, as a specific user, is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage.")
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData("An ordered broadcast, as a specific user, is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but may still be vulnerable to interception, due to the permission squatting vulnerability in API levels before 21. This means any application, installed prior to the expected receiver(s) on the device can potentially receive this broadcast. You should investigate this for potential data leakage.")
results.append(issue)
else:
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails("An ordered broadcast, as a specific user, is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but depending on the protection level of the permission (on the receiving app side), may still be vulnerable to interception, if the protection level of the permission is not set to signature or signatureOrSystem. You should investigate this for potential data leakage.")
issue.setFile(str(current_file))
issue.setSeverity(Severity.WARNING)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.WARNING)
issue.setData("An ordered broadcast, as a specific user, is sent from this class: " + str(current_file) + ", which specifies the receiverPermission, but depending on the protection level of the permission (on the receiving app side), may still be vulnerable to interception, if the protection level of the permission is not set to signature or signatureOrSystem. You should investigate this for potential data leakage.")
results.append(issue)
elif str(t.name) == 'sendStickyBroadcast':
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails("A sticky broadcast is sent from this class: " + str(current_file) + ". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html")
issue.setFile(str(current_file))
issue.setSeverity(Severity.VULNERABILITY)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.VULNERABILITY)
issue.setData("A sticky broadcast is sent from this class: " + str(current_file) + ". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html")
results.append(issue)
elif str(t.name) == 'sendStickyBroadcastAsUser':
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails("A sticky user broadcast is sent from this class: " + str(current_file) + ". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html")
issue.setFile(str(current_file))
issue.setSeverity(Severity.VULNERABILITY)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.VULNERABILITY)
issue.setData("A sticky user broadcast is sent from this class: " + str(current_file) + ". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html")
results.append(issue)
elif str(t.name) == 'sendStickyOrderedBroadcast':
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails("A sticky ordered broadcast is sent from this class: " + str(current_file) + ". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html")
issue.setFile(str(current_file))
issue.setSeverity(Severity.VULNERABILITY)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.VULNERABILITY)
issue.setData("A sticky ordered broadcast is sent from this class: " + str(current_file) + ". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html")
results.append(issue)
elif str(t.name) == 'sendStickyOrderedBroadcastAsUser':
issue = ReportIssue()
issue.setCategory(ExploitType.BROADCAST_INTENT)
issue.setDetails("A sticky ordered user broadcast is sent from this class: " + str(current_file) + ". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html")
issue.setFile(str(current_file))
issue.setSeverity(Severity.VULNERABILITY)
results.append(issue)
issue = terminalPrint()
issue.setLevel(Severity.VULNERABILITY)
issue.setData("A sticky ordered user broadcast is sent from this class: " + str(current_file) + ". These should not be used, as they provide no security (anyone can access them), no protection (anyone can modify them), and many other problems. For more info: http://developer.android.com/reference/android/content/Context.html")
results.append(issue)
elif hasattr(t,'_fields'):
for g in t._fields:
recursive_broadcast_finder(getattr(t,g),results)
elif type(t) is list:
for l in t:
recursive_broadcast_finder(l,results)
elif hasattr(t,'_fields'):
for f in t._fields:
if type(getattr(t,f)) is not str:
recursive_broadcast_finder(getattr(t,f),results)
return
