def collection_lines_as_indent(self,
lines: List[str],
topic: TopicElement,
indent=''):
lines.append(indent + topic.getTitle())
indent += ' ' * 4
for i in topic.getSubTopics():
self.collection_lines_as_indent(lines, i, indent)
def collect_topic_to_dirs(self, topic: TopicElement,
parent_dir) -> List[TopicDir]:
"""将主题收集为目录名"""
current_dir = os.path.join(parent_dir, topic.getTitle())
dirs = [TopicDir(topic, current_dir)]
for topic in topic.getSubTopics():
dirs.extend(self.collect_topic_to_dirs(topic, current_dir))
return dirs
def create_topics(self,
topic,
parent_topic,
sheet,
topics_type=const.TOPIC_ATTACHED):
if type(topic) == list:
for i in topic:
t = TopicElement(ownerWorkbook=self.workbook)
self.add_title(t, i)
self.add_markers(t, i)
self.add_position(t, i)
self.add_attr_branch_folded(t, i)
parent_topic.addSubTopic(t, topics_type=topics_type)
try:
if type(i["children"]["topics"]) == list:
self.create_topics(i["children"]["topics"][0]["topic"],
t, sheet)
self.create_topics(i["children"]["topics"][1]["topic"],
t,
sheet,
topics_type="detached")
else:
self.create_topics(i["children"]["topics"]["topic"], t,
sheet)
except:
self.getLogger().debug("the end of branch")
finally:
self.add_plain_notes(t, i)
self.DB_of_topics.update({i["-id"]: t})
elif type(topic) == dict:
if not parent_topic:
t = sheet.getRootTopic()
else:
t = TopicElement(ownerWorkbook=self.workbook)
parent_topic.addSubTopic(t, topics_type=topics_type)
self.add_title(t, topic)
self.add_markers(t, topic)
self.add_position(t, topic)
self.add_attr_branch_folded(t, topic)
try:
if type(topic["children"]["topics"]) == list:
self.create_topics(topic["children"]["topics"][0]["topic"],
t, sheet)
self.create_topics(topic["children"]["topics"][1]["topic"],
t,
sheet,
topics_type="detached")
else:
self.create_topics(topic["children"]["topics"]["topic"], t,
sheet)
except:
self.getLogger().debug("the end of branch")
finally:
self.add_plain_notes(t, topic)
self.DB_of_topics.update({topic["-id"]: t})
def create(self, user_id: str, title: str) -> bool:
try:
_path, _sheet, _wb, _current_file = self.get_sheet(user_id)
_topic_element = self.get_topic_by_path(_sheet, _path)
_new_topic = TopicElement(ownerWorkbook=_wb)
_new_topic.setTitle(title)
_topic_element.addSubTopic(_new_topic)
xmind.save(_wb, self.get_full_file_path(user_id, \
_current_file.file_name))
return True
except Exception as _ex:
print(_ex)
return False
def toc_to_xmind(outfp, pdf_filename):
"""
Convert table of contents of given PDF file to XMind document.
"""
out_str = io.StringIO()
dumppdf.dumpoutline(out_str, pdf_filename, [], set())
# Parse XML
toc_xml = out_str.getvalue()
out_str.close() # no 'with' statement possible
root_elem = etree.fromstring(toc_xml)
# Convert XML to XMind document
xwb = xmind.load(
outfp
) # load an existing file or create a new workbook if nothing is found
# Create XMind workbook
s1 = xwb.getPrimarySheet()
s1.setTitle(os.path.split(pdf_filename)[-1])
root_topic = s1.getRootTopic()
root_topic.setTitle("Contents")
# Transform each XML node into a mindmap node
topic_stack = [root_topic
] # length will always equal depth/level during traversal
prev_level = 0
for node in root_elem.iter(): # depth-first traversal
if 'level' not in node.attrib:
continue # irrelevant node
node_level = int(node.attrib['level'])
# Create topic for this node
topic = TopicElement(ownerWorkbook=xwb)
title = re.sub(r"^[a-zA-Z]'(.*)'$", r'\1', node.attrib['title'])
topic.setTitle(title)
# Add it to the topic tree
level_difference = node_level - prev_level
for _ in range(-level_difference + 1): # negative yields empty list
topic_stack.pop()
topic_stack[-1].addSubTopic(topic)
topic_stack.append(topic)
prev_level = node_level
xmind.save(xwb)
def get_response_container(
self, topic_element: TopicElement) -> ResponseContainer:
_topic_elements = topic_element.getSubTopics()
if _topic_elements:
_topics = [topic.getTitle() for topic in _topic_elements]
else:
_topics = []
_response_container = ResponseContainer(_topics)
return _response_container
def add_sub(self, root_topic: TopicElement, level, root_name=None):
if root_name is None and level == 0:
deep_i_topic = self.data.iloc[:, level].value_counts()
else:
deep_i_topic = self.data.loc[
self.data.iloc[:, level - 1] == root_name,
self.data.columns[level]].value_counts()
for sub_name, sub_count in deep_i_topic.iteritems():
sub_title = str(sub_name) + "_" + str(sub_count)
sub_topic = root_topic.addSubTopic()
sub_topic.setTitle(sub_title)
if level < self.deep - 1:
self.add_sub(sub_topic, level + 1, root_name=sub_name)
def create_sub(self, title='', content=''):
"""
创建子节点
:param title: 标题
:param content: 备注信息
:return: 子节点
"""
sub = TopicElement()
sub.setTitle(title)
if content:
sub.setPlainNotes(content)
return sub
def getChild(issue_id, level, t):
# print level, Id
top = TopicElement()
# Split on '->' due to issue title on TRAR project
top.setTitle(connection.getIssue(issue_id).summary.split('->')[-1])
top.addMarker(setImpStatus(issue_id))
top.addMarker(setPriority(issue_id))
top.addMarker(setState(issue_id))
top.setURLHyperlink(server + 'issue/' + issue_id)
comments = getCommentsByID(issue_id)
if len(comments) > 0:
top.setPlainNotes(comments)
t.addSubTopic(top)
for i in getSubtasks(issue_id):
getChild(i.id, level+1, top)
def set_sub_key_element(self, input_data, sheet_obj, parent_topic):
for sub_key in input_data:
sub_key_element = TopicElement() # create a new element
sub_key_element.setTopicHyperlink(sheet_obj.getID())
sub_key_element.setTitle(str(sub_key))
if str(sub_key).endswith(DEFAULT_EXT_TIMEUNIT):
sub_key_element.setAttribute(const.ATTR_STYLE_ID, DEFAULT_STYLE_LIGHTBLUE)
elif str(sub_key).isdigit():
sub_key_element.setAttribute(const.ATTR_STYLE_ID, DEFAULT_STYLE_RED)
parent_topic.addSubTopic(sub_key_element)
if isinstance(input_data[sub_key], dict):
self.set_sub_key_element(input_data[sub_key], sheet_obj, sub_key_element)
if isinstance(input_data[sub_key], unicode):
sub_key_element.setPlainNotes(input_data[sub_key])
sheet = w.getPrimarySheet()
root = sheet.getRootTopic()
s1=w.getPrimarySheet() # get the first sheet
s1.setTitle("first sheet") # set its title
r1=s1.getRootTopic() # get the root topic of this sheet
r1.setTitle("we don't care of this sheet") # set its title
s2=w.createSheet() # create a new sheet
s2.setTitle("second sheet")
r2=s2.getRootTopic()
r2.setTitle("root node")
t1=TopicElement() # create a new element
t1.setTopicHyperlink(s1.getID()) # set a link from this topic to the first sheet given by s1.getID()
t1.setTitle("redirection to the first sheet") # set its title
t2=TopicElement()
t2.setTitle("second node")
t2.setURLHyperlink("https://xmind.net") # set an hyperlink
t3=TopicElement()
t3.setTitle("third node")
t3.setPlainNotes("notes for this topic") # set notes (F4 in XMind)
t3.setTitle("topic with \n notes")
t4=TopicElement()
t4.setFileHyperlink("logo.jpeg") # set a file hyperlink
t4.setTitle("topic with a file")
def gen_sheet2(workbook, sheet1):
# ***** second sheet *****
# create a new sheet and add to the workbook by default
sheet2 = workbook.createSheet()
sheet2.setTitle("second sheet")
# a sheet has a blank sheet by default
root_topic2 = sheet2.getRootTopic()
root_topic2.setTitle("root node")
# use other methods to create some sub topic element
topic1 = TopicElement(ownerWorkbook=workbook)
# set a topic hyperlink from this topic to the first sheet given by s1.getID()
topic1.setTopicHyperlink(sheet1.getID())
topic1.setTitle("redirection to the first sheet") # set its title
topic2 = TopicElement(ownerWorkbook=workbook)
topic2.setTitle("topic with an url hyperlink")
topic2.setURLHyperlink("https://github.com/zhuifengshen/xmind") # set an url hyperlink
topic3 = TopicElement(ownerWorkbook=workbook)
topic3.setTitle("third node")
# topic3.setPlainNotes("notes for this topic") # set notes (F4 in XMind)
# topic3.setTitle("topic with \n notes")
topic4 = TopicElement(ownerWorkbook=workbook)
# topic4.setFileHyperlink("logo.png") # set a file hyperlink
topic4.setTitle("topic with a file")
topic1_1 = TopicElement(ownerWorkbook=workbook)
topic1_1.setTitle("sub topic")
# topic1_1.addLabel("a label") # official XMind only can a one label
topic1_1_1 = TopicElement(ownerWorkbook=workbook)
topic1_1_1.setTitle("topic can add multiple markers")
# topic1_1_1.addMarker(MarkerId.starBlue)
# topic1_1_1.addMarker(MarkerId.flagGreen)
topic2_1 = TopicElement(ownerWorkbook=workbook)
topic2_1.setTitle("topic can add multiple comments")
# topic2_1.addComment("I'm a comment!")
# topic2_1.addComment(content="Hello comment!", author='devin')
# then the topics must be added to the root element
root_topic2.addSubTopic(topic1)
root_topic2.addSubTopic(topic2)
root_topic2.addSubTopic(topic3)
root_topic2.addSubTopic(topic4)
topic1.addSubTopic(topic1_1)
topic2.addSubTopic(topic2_1)
topic1_1.addSubTopic(topic1_1_1)
# to loop on the subTopics
topics = root_topic2.getSubTopics()
for index, topic in enumerate(topics):
topic.addMarker("priority-" + str(index + 1))
def add_item(items, key, topic):
item = items[key]
t = TopicElement()
t.setTitle("%s %s" % (key, item['summary']))
t.setURLHyperlink(item['url'])
if item['status'] == 'Resolved':
t.addMarker('task-done')
elif item['status'] == 'In Progress':
t.addMarker('task-start')
description = item['description']
if description:
t.setPlainNotes(description.encode('ascii', 'ignore'))
topic.addSubTopic(t)
for child in item['children']:
try:
add_item(items, child, t)
except KeyError:
pass
def parseHtml(url: str, name: str) -> dict:
req = requests.request(method="get", url=url, timeout=10)
url = url if url.endswith("/") else url + "/"
html = etree.HTML(req.text)
h1 = html.xpath("//h1")[0]
workbook = xmind.load("{}.xmind".format(name))
sheet1 = workbook.getPrimarySheet()
sheet1.setTitle(name + "-1")
rootTopic = sheet1.getRootTopic()
rootTopic.setTitle(name)
rootTopic = rootTopic.addSubTopic()
rootTopic.setTitle(h1.text.strip())
html_content = html.xpath(
'//div[@class="content"]/*') #type:etree._Element
# subNodes = html_content.xpath("/*")
h2 = None
h3 = None
h4 = None
currentNode = None
for n in html_content: # type:etree._Element
if n.tag == "h2":
subTopic = TopicElement(ownerWorkbook=workbook)
rootTopic.addSubTopic(subTopic)
subTopic.setTitle(str(n.xpath("string(.)")))
subTopic.setURLHyperlink(url + "#" + subTopic.getTitle().strip(
).lower().replace(".", "").replace(" ", "-"))
h2 = subTopic
currentNode = subTopic
elif n.tag == "h3":
pTopic = h2 if h2 else rootTopic
subTopic = TopicElement(ownerWorkbook=workbook)
pTopic.addSubTopic(subTopic)
subTopic.setTitle(str(n.xpath("string(.)")))
subTopic.setURLHyperlink(url + "#" + subTopic.getTitle().strip(
).lower().replace(".", "").replace(" ", "-"))
h3 = subTopic
currentNode = subTopic
elif n.tag == "h4":
pTopic = h3 if h3 else rootTopic
subTopic = TopicElement(ownerWorkbook=workbook)
pTopic.addSubTopic(subTopic)
subTopic.setTitle(str(n.xpath("string(.)")))
subTopic.setURLHyperlink(url + "#" + subTopic.getTitle().strip(
).lower().replace(".", "").replace(" ", "-"))
h4 = subTopic
currentNode = subTopic
else:
content = currentNode.getNotes()
content = content if content is not None else ""
content = content + "\r\n" + (str(n.xpath("string(.)")))
currentNode.setPlainNotes(content)
a_ = n.xpath("./a")
if len(a_) > 0:
for a in a_:
subTopic = TopicElement(ownerWorkbook=workbook)
currentNode.addSubTopic(subTopic)
subTopic.setTitle(str(a.xpath("string(.)")))
subTopic.setURLHyperlink(str(a.attrib.get('href')))
xmind.save(workbook)
w = xmind.load(root_path + xmind_file_name)
s = w.createSheet()
s.setTitle('智库2861')
r = s.getRootTopic()
r.setTitle('智库2861')
max_level = data['层级'].max()
level_node = list()
for i in range(max_level):
row_data = data[data['层级'] == (i + 1)]
level_node.append(dict())
if i == 0:
for j in range(row_data.shape[0]):
sub_topic = TopicElement(ownerWorkbook=w)
sub_topic.setTitle(row_data.iloc[j]['结点名称'])
r.addSubTopic(sub_topic)
level_node[i][row_data.iloc[j]['结点名称']] = sub_topic
else:
for j in range(row_data.shape[0]):
sub_topic = TopicElement(ownerWorkbook=w)
sub_topic.setTitle(row_data.iloc[j]['结点名称'])
if str(row_data.iloc[j]['是否有视频']) != 'nan':
sub_topic.addLabel("video")
if str(row_data.iloc[j]['展示方式']) != 'nan':
if str(row_data.iloc[j]['注释说明']) != 'nan':
sub_topic.addLabel(row_data.iloc[j]['展示方式'] + '(' +
row_data.iloc[j]['注释说明'] + ')')
w = xmind.load(
"test.xmind"
) # load an existing file or create a new workbook if nothing is found
s1 = w.getPrimarySheet() # get the first sheet
s1.setTitle("first sheet") # set its title
r1 = s1.getRootTopic() # get the root topic of this sheet
r1.setTitle("we don't care of this sheet") # set its title
s2 = w.createSheet() # create a new sheet
s2.setTitle("second sheet")
r2 = s2.getRootTopic()
r2.setTitle("root node")
t1 = TopicElement() # create a new element
t1.setTopicHyperlink(s1.getID(
)) # set a link from this topic to the first sheet given by s1.getID()
t1.setTitle("redirection to the first sheet") # set its title
t2 = TopicElement()
t2.setTitle("second node")
t2.setURLHyperlink("https://xmind.net") # set an hyperlink
t3 = TopicElement()
t3.setTitle("third node")
t3.setPlainNotes("notes for this topic") # set notes (F4 in XMind)
t3.setTitle("topic with \n notes")
t4 = TopicElement()
t4.setFileHyperlink("logo.jpeg") # set a file hyperlink
def creatXmindFile(data):
module=[]
for item in data:
module.append(item['module'])
module=list(set(module))
print(module)
w = xmind.load("test3.xmind") # load an existing file or create a new workbook if nothing is found
s2=w.createSheet() # create a new sheet
s2.setTitle("框架")
r2=s2.getRootTopic()
r2.setTitle("框架")
for i in range(len(module)):
t=TopicElement()
t.setTitle(module[i])
r2.addSubTopic(t)
w.addSheet(s2) # the second sheet is now added to the workbook
r2_topics=r2.getSubTopics() # to loop on the subTopics
for topic in r2_topics:
topic_name=topic.getTitle()
print (topic_name)
for item in data:
if topic_name == item['module'] :
index=topic.getIndex()
t=TopicElement()
content=item['caseId']+" "+'\n'+item['summary']
t.setTitle(content)
r2_topics[index].addSubTopic(t)
summary=t.getTitle()
for item in data:
if item['summary'] in summary:
t1=TopicElement()
content1=item['name']
t1.setTitle(content1)
t.addSubTopic(t1)
xmind.save(w,"test3.xmind") # and we save
def createTopics(self):
informationGatheringTopic = TopicElement()
informationGatheringTopic.setTitle("Information Gathering")
methodologyTopic = TopicElement()
methodologyTopic.setTitle("Methodology")
# Properties Topic
topicElement = TopicElement()
topicElement.setTitle("Properties")
informationGatheringTopic.addSubTopic(topicElement)
subtopics = [
"Version Name", "Version Code", "SHA 256", "Minimum SDK Version",
"Target SDK Version", "Xamarin", "Cordova", "Outsystems",
"Backup Enabled", "Multiple Dex Classes", "Secret Codes"
]
self.createSubTopics(informationGatheringTopic.getSubTopicByIndex(0),
subtopics)
topicElement = TopicElement()
topicElement.setTitle(self.app.getVersionName())
informationGatheringTopic.getSubTopicByIndex(0).getSubTopicByIndex(
0).addSubTopic(topicElement)
topicElement = TopicElement()
topicElement.setTitle(self.app.getVersionCode())
informationGatheringTopic.getSubTopicByIndex(0).getSubTopicByIndex(
1).addSubTopic(topicElement)
topicElement = TopicElement()
topicElement.setTitle(self.app.getSHA256())
informationGatheringTopic.getSubTopicByIndex(0).getSubTopicByIndex(
2).addSubTopic(topicElement)
topicElement = TopicElement()
topicElement.setTitle \
(self.app.getMinSDKVersion( ) +" ( " +self.app.getCodeName(self.app.getMinSDKVersion() ) +")")
informationGatheringTopic.getSubTopicByIndex(0).getSubTopicByIndex(
3).addSubTopic(topicElement)
topicElement = TopicElement()
topicElement.setTitle \
(self.app.getTargetSDKVersion() + " ( " + self.app.getCodeName(self.app.getTargetSDKVersion()) + ")")
informationGatheringTopic.getSubTopicByIndex(0).getSubTopicByIndex(
4).addSubTopic(topicElement)
topicElement = TopicElement()
topicElement.setTitle(self.app.isXamarin())
if self.app.isXamarin() == "Yes":
bundledTopic = TopicElement()
bundledTopic.setTitle("Bundled?")
bundledValue = TopicElement()
bundledValue.setTitle(self.app.isXamarinBundled())
bundledTopic.addSubTopic(bundledValue)
topicElement.addSubTopic(bundledTopic)
informationGatheringTopic.getSubTopicByIndex(0).getSubTopicByIndex(
5).addSubTopic(topicElement)
topicElement = TopicElement()
topicElement.setTitle(self.app.isCordova())
if (self.app.isCordova() == "Yes"):
if (len(self.app.getCordovaPlugins())) > 0:
cordovaPluginsTopic = TopicElement()
cordovaPluginsTopic.setTitle("Plugins")
self.createSubTopics(cordovaPluginsTopic,
self.app.getCordovaPlugins())
topicElement.addSubTopic(cordovaPluginsTopic)
informationGatheringTopic.getSubTopicByIndex(0).getSubTopicByIndex(
6).addSubTopic(topicElement)
topicElement = TopicElement()
topicElement.setTitle(self.app.isOutsystems())
informationGatheringTopic.getSubTopicByIndex(0).getSubTopicByIndex(
7).addSubTopic(topicElement)
topicElement = TopicElement()
topicElement = TopicElement()
topicElement.setTitle(self.app.isBackupEnabled())
informationGatheringTopic.getSubTopicByIndex(0).getSubTopicByIndex(
8).addSubTopic(topicElement)
topicElement = TopicElement()
topicElement.setTitle(self.app.isMultiDex())
informationGatheringTopic.getSubTopicByIndex(0).getSubTopicByIndex(
9).addSubTopic(topicElement)
topicElement = TopicElement()
if len(self.app.getSecretCodes()) > 0:
self.createSubTopics(topicElement, self.app.getSecretCodes())
informationGatheringTopic.getSubTopicByIndex(0).getSubTopicByIndex(
10).addSubTopic(topicElement)
else:
topicElement.setTitle("No")
informationGatheringTopic.getSubTopicByIndex(0).getSubTopicByIndex(
10).addSubTopic(topicElement)
# Permissions Topic
topicElement = TopicElement()
topicElement.setTitle("Permissions")
informationGatheringTopic.addSubTopic(topicElement)
self.createSubTopics(informationGatheringTopic.getSubTopicByIndex(1),
self.app.getPermissions())
if len(self.app.getPermissions()
) > self.configuration.getXmindTopipFoldAt():
topicElement.setFolded()
# Exported Components Topic
topicElement = TopicElement()
topicElement.setTitle("Exported Components")
informationGatheringTopic.addSubTopic(topicElement)
subtopics = [
"Activities", "Broadcast Receivers", "Content Providers",
"Services"
]
self.createSubTopics(informationGatheringTopic.getSubTopicByIndex(2),
subtopics)
for activity in self.app.getExportedActivities():
topicElement = TopicElement()
topicElement.setTitle(activity)
if self.app.getComponentPermission(activity) != "":
permissionTopic = TopicElement()
permissionTopic.setTitle(
"Permission: " + self.app.getComponentPermission(activity))
topicElement.addSubTopic(permissionTopic)
try:
filters = self.app.getIntentFiltersList()[activity]
i = 1
for filter in filters:
intentTopic = TopicElement()
intentTopic.setTitle("Intent Filter " + str(i))
i += 1
action = TopicElement()
action.setTitle("Action")
self.createSubTopics(action, filter.getActionList())
category = TopicElement()
category.setTitle("Categories")
self.createSubTopics(category, filter.getCategoryList())
data = TopicElement()
data.setTitle("Data")
self.createSubTopics(data, filter.getDataList())
intentTopic.addSubTopic(action)
intentTopic.addSubTopic(category)
intentTopic.addSubTopic(data)
intentTopic.setFolded()
topicElement.addSubTopic(intentTopic)
except:
pass
informationGatheringTopic.getSubTopicByIndex(2).getSubTopicByIndex(
0).addSubTopic(topicElement)
if len(self.app.getExportedActivities()
) > self.configuration.getXmindTopipFoldAt():
informationGatheringTopic.getSubTopicByIndex(2).getSubTopicByIndex(
0).setFolded()
for receiver in self.app.getExportedReceivers():
topicElement = TopicElement()
topicElement.setTitle(receiver)
if self.app.getComponentPermission(receiver) != "":
permissionTopic = TopicElement()
permissionTopic.setTitle(
"Permission: " + self.app.getComponentPermission(receiver))
topicElement.addSubTopic(permissionTopic)
try:
filters = self.app.getIntentFiltersList()[receiver]
i = 1
for filter in filters:
intentTopic = TopicElement()
intentTopic.setTitle("Intent Filter " + str(i))
i += 1
action = TopicElement()
action.setTitle("Action")
self.createSubTopics(action, filter.getActionList())
category = TopicElement()
category.setTitle("Categories")
self.createSubTopics(category, filter.getCategoryList())
data = TopicElement()
data.setTitle("Data")
self.createSubTopics(data, filter.getDataList())
intentTopic.addSubTopic(action)
intentTopic.addSubTopic(category)
intentTopic.addSubTopic(data)
intentTopic.setFolded()
topicElement.addSubTopic(intentTopic)
except:
pass
informationGatheringTopic.getSubTopicByIndex(2).getSubTopicByIndex(
1).addSubTopic(topicElement)
if len(self.app.smaliChecks.
getDynamicRegisteredBroadcastReceiversLocations()) > 0:
dynamicRegisteredBroadcastReceiverTopic = TopicElement()
dynamicRegisteredBroadcastReceiverTopic.setTitle(
"Dynamically Registered")
self.createSubTopics(
dynamicRegisteredBroadcastReceiverTopic,
self.app.smaliChecks.
getDynamicRegisteredBroadcastReceiversLocations())
informationGatheringTopic.getSubTopicByIndex(2).getSubTopicByIndex(
1).addSubTopic(dynamicRegisteredBroadcastReceiverTopic)
if len(self.app.
smaliChecks.getDynamicRegisteredBroadcastReceiversLocations(
)) > self.configuration.getXmindTopipFoldAt():
dynamicRegisteredBroadcastReceiverTopic.setFolded()
if len(self.app.getExportedReceivers()
) > self.configuration.getXmindTopipFoldAt():
informationGatheringTopic.getSubTopicByIndex(2).getSubTopicByIndex(
1).setFolded()
for provider in self.app.getExportedProviders():
topicElement = TopicElement()
topicElement.setTitle(provider)
if self.app.getComponentPermission(provider) != "":
permissionTopic = TopicElement()
permissionTopic.setTitle(
"Permission: " + self.app.getComponentPermission(provider))
topicElement.addSubTopic(permissionTopic)
try:
filters = self.app.getIntentFiltersList()[provider]
i = 1
for filter in filters:
intentTopic = TopicElement()
intentTopic.setTitle("Intent Filter " + str(i))
i += 1
action = TopicElement()
action.setTitle("Action")
self.createSubTopics(action, filter.getActionList())
category = TopicElement()
category.setTitle("Categories")
self.createSubTopics(category, filter.getCategoryList())
data = TopicElement()
data.setTitle("Data")
self.createSubTopics(data, filter.getDataList())
intentTopic.addSubTopic(action)
intentTopic.addSubTopic(category)
intentTopic.addSubTopic(data)
intentTopic.setFolded()
topicElement.addSubTopic(intentTopic)
except:
pass
informationGatheringTopic.getSubTopicByIndex(2).getSubTopicByIndex(
2).addSubTopic(topicElement)
if len(self.app.getExportedProviders()
) > self.configuration.getXmindTopipFoldAt():
informationGatheringTopic.getSubTopicByIndex(2).getSubTopicByIndex(
2).setFolded()
for service in self.app.getExportedServices():
topicElement = TopicElement()
topicElement.setTitle(service)
if self.app.getComponentPermission(service) != "":
permissionTopic = TopicElement()
permissionTopic.setTitle(
"Permission: " + self.app.getComponentPermission(service))
topicElement.addSubTopic(permissionTopic)
try:
filters = self.app.getIntentFiltersList()[service]
i = 1
for filter in filters:
intentTopic = TopicElement()
intentTopic.setTitle("Intent Filter " + str(i))
i += 1
action = TopicElement()
action.setTitle("Action")
self.createSubTopics(action, filter.getActionList())
category = TopicElement()
category.setTitle("Categories")
self.createSubTopics(category, filter.getCategoryList())
data = TopicElement()
data.setTitle("Data")
self.createSubTopics(data, filter.getDataList())
intentTopic.addSubTopic(action)
intentTopic.addSubTopic(category)
intentTopic.addSubTopic(data)
intentTopic.setFolded()
topicElement.addSubTopic(intentTopic)
except:
pass
informationGatheringTopic.getSubTopicByIndex(2).getSubTopicByIndex(
3).addSubTopic(topicElement)
if len(self.app.getExportedServices()
) > self.configuration.getXmindTopipFoldAt():
informationGatheringTopic.getSubTopicByIndex(2).getSubTopicByIndex(
3).setFolded()
# Files Topic
topicElement = TopicElement()
topicElement.setTitle("Files")
topicElement.setPlainNotes("Excluded files/locations: " +
self.configuration.getFileExclusions())
fileTypes = [
"Assets", "Libs", "Raw Resources", "Dex Classes", "Cordova Files",
"Xamarin Assemblies", "Other"
]
tooManySubtopicsElement = TopicElement()
tooManySubtopicsElement.setTitle(
"Too many files. Hit configured threshold.")
self.createSubTopics(topicElement, fileTypes)
self.createSubTopics(topicElement.getSubTopicByIndex(0),
self.app.getAssets())
if len(self.app.getAssets()) > self.configuration.getXmindTopipFoldAt(
):
topicElement.getSubTopicByIndex(0).setFolded()
if len(self.app.getLibs()) > self.configuration.getXmindTopipFoldAt():
topicElement.getSubTopicByIndex(1).setFolded()
if len(self.app.getRawResources()
) > self.configuration.getXmindTopipFoldAt():
topicElement.getSubTopicByIndex(2).setFolded()
if len(self.app.getCordovaFiles()
) > self.configuration.getXmindTopipFoldAt():
topicElement.getSubTopicByIndex(4).setFolded()
if len(self.app.getXamarinAssemblies()
) > self.configuration.getXmindTopipFoldAt():
topicElement.getSubTopicByIndex(5).setFolded()
if len(self.app.getOtherFiles()
) > self.configuration.getXmindTopipFoldAt():
topicElement.getSubTopicByIndex(6).setFolded()
self.createSubTopics(topicElement.getSubTopicByIndex(1),
self.app.getLibs())
self.createSubTopics(topicElement.getSubTopicByIndex(2),
self.app.getRawResources())
self.createSubTopics(topicElement.getSubTopicByIndex(3),
self.app.getDexFiles())
self.createSubTopics(topicElement.getSubTopicByIndex(4),
self.app.getCordovaFiles())
self.createSubTopics(topicElement.getSubTopicByIndex(5),
self.app.getXamarinAssemblies())
if len(self.app.getOtherFiles()
) <= self.app.configuration.getMaxSubTopics():
self.createSubTopics(topicElement.getSubTopicByIndex(6),
self.app.getOtherFiles())
else:
topicElement.getSubTopicByIndex(6).addSubTopic(
tooManySubtopicsElement)
informationGatheringTopic.addSubTopic(topicElement)
# Object Usage Topic
topicElement = TopicElement()
topicElement.setTitle("Object Usage")
objectsSubTopics = [
"WebViews loadUrl", "Cryptographic Functions", "Custom"
]
self.createSubTopics(topicElement, objectsSubTopics)
if len(self.app.smaliChecks.getWebViewsLoadUrlUsageLocations()
) > self.configuration.getXmindTopipFoldAt():
topicElement.getSubTopicByIndex(0).setFolded()
self.createSubTopics(
topicElement.getSubTopicByIndex(0),
self.app.smaliChecks.getWebViewsLoadUrlUsageLocations())
encryptionSubTopic = TopicElement()
encryptionSubTopic.setTitle("Encryption")
self.createSubTopics(
encryptionSubTopic,
self.app.smaliChecks.getEncryptionFunctionsLocations())
if (len(self.app.smaliChecks.getEncryptionFunctionsLocations()) >
self.configuration.getXmindTopipFoldAt()):
encryptionSubTopic.setFolded()
decryptionSubtopic = TopicElement()
decryptionSubtopic.setTitle("Decryption")
self.createSubTopics(
decryptionSubtopic,
self.app.smaliChecks.getDecryptionFunctionsLocations())
if (len(self.app.smaliChecks.getDecryptionFunctionsLocations()) >
self.configuration.getXmindTopipFoldAt()):
decryptionSubtopic.setFolded()
undeterminedSubtopic = TopicElement()
undeterminedSubtopic.setTitle("Undetermined")
self.createSubTopics(
undeterminedSubtopic,
self.app.smaliChecks.
getUndeterminedCryptographicFunctionsLocations())
if (len(self.app.smaliChecks.
getUndeterminedCryptographicFunctionsLocations()) >
self.configuration.getXmindTopipFoldAt()):
undeterminedSubtopic.setFolded()
topicElement.getSubTopicByIndex(1).addSubTopic(encryptionSubTopic)
topicElement.getSubTopicByIndex(1).addSubTopic(decryptionSubtopic)
topicElement.getSubTopicByIndex(1).addSubTopic(undeterminedSubtopic)
informationGatheringTopic.addSubTopic(topicElement)
if len(self.app.smaliChecks.getCustomChecksLocations()) > 0:
for check in self.app.smaliChecks.getCustomChecksLocations():
customCheckSubTopic = TopicElement()
customCheckSubTopic.setTitle(check)
self.createSubTopics(
customCheckSubTopic,
self.app.smaliChecks.getCustomChecksLocations()[check])
topicElement.getSubTopicByIndex(2).addSubTopic(
customCheckSubTopic)
if len(self.app.smaliChecks.getCustomChecksLocations()
[check]) > self.configuration.getXmindTopipFoldAt():
customCheckSubTopic.setFolded()
# Improper Platform Usage
topicElement = TopicElement()
topicElement.setTitle("Improper Platform Usage")
ipSubTopics = [
"Malicious interaction possible with exported components?"
]
self.createSubTopics(topicElement, ipSubTopics)
topicElement.getSubTopicByIndex(0).setURLHyperlink \
("https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-for-sensitive-functionality-exposure-through-ipc")
debuggableEvidenceTopic = TopicElement()
debuggableEvidenceTopic.setURLHyperlink(
"https://github.com/OWASP/owasp-mstg/blob/master//Document/0x05i-Testing-Code-Quality-and-Build-Settings.md#testing-if-the-app-is-debuggable"
)
if self.app.isDebuggable() == "Yes":
debuggableEvidenceTopic.setTitle("Application is debuggable")
debuggableEvidenceTopic.addMarker('flag-red')
debuggableEvidenceTopic.setURLHyperlink(
"https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05i-Testing-Code-Quality-and-Build-Settings.md#testing-if-the-app-is-debuggable"
)
else:
debuggableEvidenceTopic.setTitle("Application is not debuggable")
debuggableEvidenceTopic.addMarker('flag-green')
topicElement.addSubTopic(debuggableEvidenceTopic)
activitiesVulnerableToPreferences = TopicElement()
activitiesVulnerableToPreferences.setURLHyperlink(
"https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-for-fragment-injection"
)
if len(self.app.getActivitiesExtendPreferencesWithoutValidate()
) != 0 and int(self.app.getMinSDKVersion()) < 19:
activitiesVulnerableToPreferences.setTitle(
"Activities vulnerable to Fragment Injection")
self.createSubTopics(
activitiesVulnerableToPreferences,
self.app.getActivitiesExtendPreferencesWithoutValidate())
activitiesVulnerableToPreferences.addMarker('flag-red')
if len(self.app.getActivitiesExtendPreferencesWithValidate()) != 0:
activitiesVulnerableToPreferences.setTitle(
"Activities with possible Fragment Injection (isValidFragment in place)"
)
self.createSubTopics(
activitiesVulnerableToPreferences,
self.app.getActivitiesExtendPreferencesWithValidate())
activitiesVulnerableToPreferences.addMarker('flag-yellow')
if len(self.app.getActivitiesExtendPreferencesWithoutValidate()
) == 0 and len(
self.app.getActivitiesExtendPreferencesWithValidate()) == 0:
activitiesVulnerableToPreferences.setTitle(
"No activities vulnerable to Fragment Injection")
activitiesVulnerableToPreferences.addMarker('flag-green')
topicElement.addSubTopic(activitiesVulnerableToPreferences)
addJavascriptInterfaceTopic = TopicElement()
if len(self.app.smaliChecks.getWebviewAddJavascriptInterfaceLocations(
)) != 0:
if int(self.app.getMinSDKVersion()) <= 16:
addJavascriptInterfaceTopic.setTitle(
"JavascriptInterface with RCE possibility")
addJavascriptInterfaceTopic.addMarker('flag-red')
else:
addJavascriptInterfaceTopic.setTitle(
"JavascriptInterface available.")
addJavascriptInterfaceTopic.addMarker('flag-yellow')
self.createSubTopics(
addJavascriptInterfaceTopic,
self.app.smaliChecks.getWebviewAddJavascriptInterfaceLocations(
))
if len(self.app.smaliChecks.
getWebviewAddJavascriptInterfaceLocations(
)) > self.configuration.getXmindTopipFoldAt():
addJavascriptInterfaceTopic.setFolded()
else:
addJavascriptInterfaceTopic.setTitle(
"No presence of JavascriptInterface")
addJavascriptInterfaceTopic.addMarker('flag-green')
addJavascriptInterfaceTopic.setURLHyperlink(
"https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#determining-whether-java-objects-are-exposed-through-webviews"
)
topicElement.addSubTopic(addJavascriptInterfaceTopic)
javascriptEnabledWebviewTopic = TopicElement()
javascriptEnabledWebviewTopic.setURLHyperlink(
"https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#determining-whether-java-objects-are-exposed-through-webviews"
)
if len(self.app.smaliChecks.getJavascriptEnabledWebViews()) > 0:
javascriptEnabledWebviewTopic.setTitle(
"WebView with Javascript enabled.")
self.createSubTopics(
javascriptEnabledWebviewTopic,
self.app.smaliChecks.getJavascriptEnabledWebViews())
javascriptEnabledWebviewTopic.addMarker('flag-yellow')
if len(self.app.smaliChecks.getJavascriptEnabledWebViews()
) > self.configuration.getXmindTopipFoldAt():
javascriptEnabledWebviewTopic.setFolded()
else:
javascriptEnabledWebviewTopic.setTitle(
"No WebView with Javascript enabled.")
javascriptEnabledWebviewTopic.addMarker('flag-green')
topicElement.addSubTopic(javascriptEnabledWebviewTopic)
fileAccessEnabledWebviewTopic = TopicElement()
fileAccessEnabledWebviewTopic.setURLHyperlink(
"https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-webview-protocol-handlers"
)
if len(self.app.smaliChecks.getFileAccessEnabledWebViews()) > 0:
fileAccessEnabledWebviewTopic.setTitle(
"WebView with fileAccess enabled.")
self.createSubTopics(
fileAccessEnabledWebviewTopic,
self.app.smaliChecks.getFileAccessEnabledWebViews())
if int(self.app.getMinSDKVersion()) < 16:
fileAccessEnabledWebviewTopic.setPlainNotes(
"This app runs in versions bellow API 16 (Jelly Bean). If webview is opening local HTML files via file URL and loading external resources it might be possible to bypass Same Origin Policy and extract local files since AllowUniversalAccessFromFileURLs is enabled by default and there is not public API to disable it in this versions."
)
fileAccessEnabledWebviewTopic.addMarker('flag-yellow')
else:
fileAccessEnabledWebviewTopic.addMarker('flag-yellow')
if len(self.app.smaliChecks.getFileAccessEnabledWebViews()
) > self.configuration.getXmindTopipFoldAt():
fileAccessEnabledWebviewTopic.setFolded()
else:
fileAccessEnabledWebviewTopic.setTitle(
"No WebView with fileAccess enabled.")
fileAccessEnabledWebviewTopic.addMarker('flag-green')
topicElement.addSubTopic(fileAccessEnabledWebviewTopic)
universalAccessEnabledWebviewTopic = TopicElement()
if len(self.app.smaliChecks.
getUniversalAccessFromFileURLEnabledWebviewsLocations()) > 0:
self.createSubTopics(
universalAccessEnabledWebviewTopic,
self.app.smaliChecks.
getUniversalAccessFromFileURLEnabledWebviewsLocations())
universalAccessEnabledWebviewTopic.setTitle(
"WebView with Universal Access from File URLs enabled.")
universalAccessEnabledWebviewTopic.addMarker('flag-yellow')
else:
universalAccessEnabledWebviewTopic.setTitle(
"No WebView with Universal Access from File URLs found.")
universalAccessEnabledWebviewTopic.addMarker('flag-green')
topicElement.addSubTopic(universalAccessEnabledWebviewTopic)
methodologyTopic.addSubTopic(topicElement)
# Insecure Communication Topic
topicElement = TopicElement()
topicElement.setTitle("Insecure Communication")
icSubTopics = ["SSL Implementation", "Mixed Mode Communication?"]
self.createSubTopics(topicElement, icSubTopics)
sslSubTopics = [
"Accepts self-sign certificates?", "Accepts wrong host name?",
"Lack of Certificate Pinning?"
]
self.createSubTopics(topicElement.getSubTopicByIndex(0), sslSubTopics)
trustManagerSubTopic = TopicElement()
trustManagerSubTopic.setURLHyperlink(
"https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#verifying-the-server-certificate"
)
if len(self.app.smaliChecks.getVulnerableTrustManagers()) != 0:
trustManagerSubTopic.setTitle("Vulnerable Trust Manager:")
self.createSubTopics(
trustManagerSubTopic,
self.app.smaliChecks.getVulnerableTrustManagers())
topicElement.getSubTopicByIndex(0).addSubTopic(
trustManagerSubTopic)
trustManagerSubTopic.addMarker('flag-red')
else:
trustManagerSubTopic.setTitle("No vulnerable Trust Manager found.")
trustManagerSubTopic.addMarker('flag-green')
topicElement.getSubTopicByIndex(0).addSubTopic(trustManagerSubTopic)
sslErrorBypassSubTopic = TopicElement()
sslErrorBypassSubTopic.setURLHyperlink(
"https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification"
)
if len(self.app.smaliChecks.getVulnerableWebViewSSLErrorBypass()) != 0:
sslErrorBypassSubTopic.setTitle(
"Webview with vulnerable SSL Implementation:")
sslErrorBypassSubTopic.addMarker('flag-red')
self.createSubTopics(
sslErrorBypassSubTopic,
self.app.smaliChecks.getVulnerableWebViewSSLErrorBypass())
else:
sslErrorBypassSubTopic.setTitle(
"No WebView with SSL Errror Bypass found.")
sslErrorBypassSubTopic.addMarker('flag-green')
topicElement.getSubTopicByIndex(0).addSubTopic(sslErrorBypassSubTopic)
vulnerableHostnameVerifiersSubTopic = TopicElement()
vulnerableHostnameVerifiersSubTopic.setURLHyperlink(
"https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#hostname-verification"
)
if len(self.app.smaliChecks.getVulnerableHostnameVerifiers()) != 0:
vulnerableHostnameVerifiersSubTopic.setTitle(
"Vulnerable HostnameVerifier found")
vulnerableHostnameVerifiersSubTopic.addMarker('flag-red')
self.createSubTopics(
vulnerableHostnameVerifiersSubTopic,
self.app.smaliChecks.getVulnerableHostnameVerifiers())
else:
vulnerableHostnameVerifiersSubTopic.setTitle(
"No vulnerable HostnameVerifiers found.")
vulnerableHostnameVerifiersSubTopic.addMarker('flag-green')
topicElement.getSubTopicByIndex(0).addSubTopic(
vulnerableHostnameVerifiersSubTopic)
vulnerableSetHostnameVerifiersSubTopic = TopicElement()
vulnerableSetHostnameVerifiersSubTopic.setURLHyperlink(
"hhttps://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#hostname-verification"
)
if len(self.app.smaliChecks.getVulnerableSetHostnameVerifier()) != 0:
vulnerableSetHostnameVerifiersSubTopic.setTitle(
"setHostnameVerifier call with ALLOW_ALL_HOSTNAMES_VERIFIER")
vulnerableSetHostnameVerifiersSubTopic.addMarker('flag-red')
self.createSubTopics(
vulnerableSetHostnameVerifiersSubTopic,
self.app.smaliChecks.getVulnerableSetHostnameVerifier())
else:
vulnerableSetHostnameVerifiersSubTopic.setTitle(
"No vulnerable setHostnameVerifiers found.")
vulnerableSetHostnameVerifiersSubTopic.addMarker('flag-green')
topicElement.getSubTopicByIndex(0).addSubTopic(
vulnerableSetHostnameVerifiersSubTopic)
vulnerableSocketsSubTopic = TopicElement()
vulnerableSocketsSubTopic.setURLHyperlink("")
if len(self.app.smaliChecks.getVulnerableSockets()) != 0:
vulnerableSocketsSubTopic.setTitle(
"Direct usage of Socket without HostnameVerifier")
vulnerableSocketsSubTopic.addMarker('flag-red')
self.createSubTopics(vulnerableSocketsSubTopic,
self.app.smaliChecks.getVulnerableSockets())
else:
vulnerableSocketsSubTopic.setTitle(
"No direct usage of Socket without HostnameVerifiers.")
vulnerableSocketsSubTopic.addMarker('flag-green')
topicElement.getSubTopicByIndex(0).addSubTopic(
vulnerableSocketsSubTopic)
networkSecurityConfig = TopicElement()
networkSecurityConfig.setURLHyperlink(
"https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#network-security-configuration"
)
if self.app.targetSDKVersion >= 25:
if self.app.hasNetworkSecurityConfig == True:
networkSecurityConfig.setTitle(
"Usage of NetworkSecurityConfig file.")
domains = self.app.getNetworkSecurityConfigDomains()
for domain in domains:
domainTopic = TopicElement()
domainTopic.setTitle(','.join(domain['domains']))
clearTextAllowedTopic = TopicElement()
clearTextAllowedTopic.setTitle("Clear Text Allowed")
clearTextAllowedValueTopic = TopicElement()
if str(domain['allowClearText']) == "True":
clearTextAllowedValueTopic.setTitle("Yes")
clearTextAllowedValueTopic.addMarker('flag-red')
else:
clearTextAllowedValueTopic.setTitle("No")
clearTextAllowedValueTopic.addMarker('flag-green')
clearTextAllowedTopic.addSubTopic(
clearTextAllowedValueTopic)
allowUserCATopic = TopicElement()
allowUserCATopic.setTitle("User CA Trusted")
allowUserCAValueTopic = TopicElement()
if str(domain['allowUserCA']) == "True":
allowUserCAValueTopic.setTitle("Yes")
allowUserCAValueTopic.addMarker('flag-red')
else:
allowUserCAValueTopic.setTitle("No")
allowUserCAValueTopic.addMarker('flag-green')
allowUserCATopic.addSubTopic(allowUserCAValueTopic)
pinningTopic = TopicElement()
pinningTopic.setTitle("Pinning Configured")
pinningValueTopic = TopicElement()
if str(domain['pinning']) == "True":
pinningValueTopic.setTitle("Yes")
pinningValueTopic.addMarker('flag-green')
pinningExpirationTopic = TopicElement()
pinningExpirationValueTopic = TopicElement()
pinningExpirationTopic.setTitle("Pinning Expiration")
if domain['pinningExpiration'] != '':
date_format = "%Y-%m-%d"
a = datetime.strptime(domain['pinningExpiration'],
date_format)
b = datetime.strptime(time.strftime("%Y-%m-%d"),
date_format)
days = (a - b).days
pinningExpirationValueTopic.setTitle(
domain['pinningExpiration'])
if days <= 0:
pinningExpirationValueTopic.addMarker(
'flag-red')
pinningExpirationValueTopic.setPlainNotes(
'Certificate Pinning is disabled. The expiration date on the pin-set has been reached.'
)
elif days < 60:
pinningExpirationValueTopic.addMarker(
'flag-yellow')
pinningExpirationValueTopic.setPlainNotes(
str + (days) +
' days for Certificate Pinning to be disabled.'
)
else:
pinningExpirationValueTopic.setTitle(
"No expiration")
pinningExpirationTopic.addSubTopic(
pinningExpirationValueTopic)
pinningTopic.addSubTopic(pinningExpirationTopic)
else:
pinningValueTopic.setTitle("No")
pinningValueTopic.addMarker('flag-yellow')
pinningTopic.addSubTopic(pinningValueTopic)
domainTopic.addSubTopic(clearTextAllowedTopic)
domainTopic.addSubTopic(allowUserCATopic)
domainTopic.addSubTopic(pinningTopic)
networkSecurityConfig.addSubTopic(domainTopic)
else:
networkSecurityConfig.setTitle(
"No usage of NetworkSecurityConfig file.")
networkSecurityConfig.addMarker('flag-yellow')
else:
networkSecurityConfig.setTitle(
"NetworkSecurityConfig check ignored.")
networkSecurityConfig.addMarker('flag-green')
networkSecurityConfig.setPlainNotes(
"App is not targeting Android versions >= Nougat 7.0")
topicElement.getSubTopicByIndex(0).addSubTopic(networkSecurityConfig)
certificatePinningTopic = TopicElement()
certificatePinningTopic.setURLHyperlink(
"https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning"
)
if len(self.app.smaliChecks.getOkHTTPCertificatePinningLocations()
) > 0 or len(self.app.smaliChecks.
getCustomCertificatePinningLocations()) > 0:
certificatePinningTopic.setTitle(
"Possible Certificate Pinning Usage")
certificatePinningTopic.addMarker('flag-green')
okHttpCertificatePinningTopic = TopicElement()
if len(self.app.smaliChecks.getOkHTTPCertificatePinningLocations()
) > 0:
okHttpCertificatePinningTopic.setTitle(
"OkHTTP Certificate Pinning.")
self.createSubTopics(
okHttpCertificatePinningTopic,
self.app.smaliChecks.getOkHTTPCertificatePinningLocations(
))
certificatePinningTopic.addSubTopic(
okHttpCertificatePinningTopic)
customCertificatePinningTopic = TopicElement()
if len(self.app.smaliChecks.getCustomCertificatePinningLocations()
) > 0:
customCertificatePinningTopic.setTitle(
"Custom Certificate Pinning")
self.createSubTopics(
customCertificatePinningTopic,
self.app.smaliChecks.getCustomCertificatePinningLocations(
))
certificatePinningTopic.addSubTopic(
customCertificatePinningTopic)
else:
certificatePinningTopic.setTitle("No usage of Certificate Pinning")
certificatePinningTopic.addMarker('flag-yellow')
topicElement.getSubTopicByIndex(0).addSubTopic(certificatePinningTopic)
sslImplementationTopic = topicElement.getSubTopicByIndex(0)
sslImplementationTopic.getSubTopicByIndex(0).setURLHyperlink \
("https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#verifying-the-server-certificate")
sslImplementationTopic.getSubTopicByIndex(1).setURLHyperlink \
("https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#hostname-verification#hostname-verification")
sslImplementationTopic.getSubTopicByIndex(2).setURLHyperlink \
("https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning")
methodologyTopic.addSubTopic(topicElement)
# Insecure Data Storage Topic
topicElement = TopicElement()
topicElement.setTitle("Insecure Data Storage")
idsSubTopics = [
"Sensitive information stored in cleartext in sdcard/sandbox?",
"Sensitive information saved to system logs?",
"Background screenshot with sensitive information?"
]
self.createSubTopics(topicElement, idsSubTopics)
activitiesWithoutSecureFlagSubTopic = TopicElement()
activitiesWithoutSecureFlagSubTopic.setURLHyperlink(
"https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#finding-sensitive-information-in-auto-generated-screenshots"
)
if len(self.app.getActivitiesWithoutSecureFlag()) != 0:
activitiesWithoutSecureFlagSubTopic.setTitle(
"Activities without FLAG_SECURE or android:excludeFromRecents :"
)
activitiesWithoutSecureFlagSubTopic.addMarker('flag-yellow')
self.createSubTopics(activitiesWithoutSecureFlagSubTopic,
self.app.getActivitiesWithoutSecureFlag())
activitiesWithoutSecureFlagSubTopic.setFolded()
if len(self.app.getActivitiesWithoutSecureFlag()
) > self.configuration.getXmindTopipFoldAt():
activitiesWithoutSecureFlagSubTopic.setFolded()
else:
activitiesWithoutSecureFlagSubTopic.setTitle(
"All activities have FLAG_SECURE or android:excludeFromRecents."
)
activitiesWithoutSecureFlagSubTopic.addMarker('flag-green')
topicElement.addSubTopic(activitiesWithoutSecureFlagSubTopic)
topicElement.getSubTopicByIndex(0).setURLHyperlink \
("https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data")
topicElement.getSubTopicByIndex(1).setURLHyperlink \
("https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-logs-for-sensitive-data")
topicElement.getSubTopicByIndex(2).setURLHyperlink \
("https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#finding-sensitive-information-in-auto-generated-screenshots")
methodologyTopic.addSubTopic(topicElement)
# Insufficient Cryptography Topic
topicElement = TopicElement()
topicElement.setTitle("Insufficient Cryptography")
icrSubTopics = [
"Using weak algorithms/modes?", "Using hardcoded properties?"
]
self.createSubTopics(topicElement, icrSubTopics)
topicElement.getSubTopicByIndex(0).setURLHyperlink \
("https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms")
topicElement.getSubTopicByIndex(1).setURLHyperlink \
("https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05e-Testing-Cryptography.md#verifying-the-configuration-of-cryptographic-standard-algorithms")
AESTopic = TopicElement()
AESTopic.setURLHyperlink(
"https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms"
)
if len(self.app.smaliChecks.getAESwithECBLocations()) > 0:
AESTopic.setTitle("Usage of AES with ECB Mode")
self.createSubTopics(AESTopic,
self.app.smaliChecks.getAESwithECBLocations())
AESTopic.addMarker('flag-red')
else:
AESTopic.setTitle("No usage of AES with ECB Mode")
AESTopic.addMarker('flag-green')
topicElement.addSubTopic(AESTopic)
DESTopic = TopicElement()
DESTopic.setURLHyperlink(
"https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms"
)
if len(self.app.smaliChecks.getDESLocations()) > 0:
DESTopic.setTitle("Usage of DES or 3DES")
self.createSubTopics(DESTopic,
self.app.smaliChecks.getDESLocations())
DESTopic.addMarker('flag-red')
else:
DESTopic.setTitle("No usage of DES or 3DES")
DESTopic.addMarker('flag-green')
topicElement.addSubTopic(DESTopic)
keystoreTopic = TopicElement()
if len(self.app.smaliChecks.getKeystoreLocations()) > 0:
keystoreTopic.setTitle("Usage of Android KeyStore")
keystoreTopic.addMarker('flag-green')
self.createSubTopics(keystoreTopic,
self.app.smaliChecks.getKeystoreLocations())
else:
keystoreTopic.setTitle("No usage of Android KeyStore")
keystoreTopic.addMarker('flag-yellow')
topicElement.addSubTopic(keystoreTopic)
methodologyTopic.addSubTopic(topicElement)
# Code Tampering Topic
topicElement = TopicElement()
topicElement.setTitle("Code Tampering")
ctSubTopics = ["Lack of root detection?", "Lack of hooking detection?"]
self.createSubTopics(topicElement, ctSubTopics)
topicElement.getSubTopicByIndex(0).setURLHyperlink \
("https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection")
topicElement.getSubTopicByIndex(1).setURLHyperlink \
("https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-detection-of-reverse-engineering-tools")
methodologyTopic.addSubTopic(topicElement)
# Reverse Engineering Topic
topicElement = TopicElement()
topicElement.setTitle("Reverse Engineering")
reSubTopics = ["Lack of code obfuscation?"]
self.createSubTopics(topicElement, reSubTopics)
topicElement.getSubTopicByIndex(0).setURLHyperlink \
("https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-obfuscation")
methodologyTopic.addSubTopic(topicElement)
self.getRootTopic().addSubTopic(informationGatheringTopic)
self.getRootTopic().addSubTopic(methodologyTopic)
from xmind.core.topic import TopicElement
from xmind.core import workbook,saver
import xmind
myWorkbook = xmind.load("please-always-overwrite-the-output.xmind") # load an existing file or create a new workbook if nothing is found
mainSheet=myWorkbook.getPrimarySheet()
mainSheet.setTitle("first sheet")
rootTopic=mainSheet.getRootTopic()
rootTopic.setTitle("root node")
topics = ["first", "second", "third", "fourth", "fifth"]
for topic in topics:
newTopic = TopicElement() # Initialize topic object
newTopic.setTitle(topic) # Set node text
rootTopic.addSubTopic(newTopic) # Attach the topic to the root topic
myWorkbook.addSheet(mainSheet) # the second sheet is now added to the workbook
xmind.save(myWorkbook,"test.xmind") # and we save
from xmind.core.topic import TopicElement
from xmind.core import workbook, saver
import xmind
myWorkbook = xmind.load(
"please-always-overwrite-the-output.xmind"
) # load an existing file or create a new workbook if nothing is found
mainSheet = myWorkbook.getPrimarySheet()
mainSheet.setTitle("first sheet")
rootTopic = mainSheet.getRootTopic()
rootTopic.setTitle("root node")
topics = ["first", "second", "third", "fourth", "fifth"]
for topic in topics:
newTopic = TopicElement() # Initialize topic object
newTopic.setTitle(topic) # Set node text
rootTopic.addSubTopic(newTopic) # Attach the topic to the root topic
myWorkbook.addSheet(mainSheet) # the second sheet is now added to the workbook
xmind.save(myWorkbook, "test.xmind") # and we save
def getChild(issue_id, level, t):
# print level, Id
top = TopicElement()
# Split on '->' due to issue title on TRAR project
top.setTitle(connection.getIssue(issue_id).summary.split('->')[-1])
top.addMarker(setImpStatus(issue_id))
top.addMarker(setPriority(issue_id))
top.addMarker(setState(issue_id))
top.setURLHyperlink(server + 'issue/' + issue_id)
comments = getCommentsByID(issue_id)
if len(comments) > 0:
top.setPlainNotes(comments)
t.addSubTopic(top)
for i in getSubtasks(issue_id):
getChild(i.id, level + 1, top)
def createSubTopics(self, topic, subTopics):
for subtopic in subTopics:
newTopic = TopicElement()
newTopic.setTitle(subtopic)
topic.addSubTopic(newTopic)
def creatTopic(self,title):
topic = TopicElement()
topic.setTitle(title)
return topic
