def apkid_analysis(sha256): es.update(index=settings.ELASTICSEARCH_TASKS_INDEX, id=sha256, body={'doc': { 'apkid_analysis': 1 }}, retry_on_conflict=5) options = Options( timeout=30, verbose=False, entry_max_scan_size=settings.DATA_UPLOAD_MAX_MEMORY_SIZE, recursive=True, ) output = OutputFormatter( json_output=True, output_dir=None, rules_manager=RulesManager(), include_types=False, ) rules = options.rules_manager.load() scanner = Scanner(rules, options) with NamedTemporaryFile() as f: f.write(default_storage.open(sha256).read()) f.seek(0) res = scanner.scan_file(f.name) try: findings = output.build_json_output(res)['files'] es.update(index=settings.ELASTICSEARCH_APK_INDEX, id=sha256, body={'doc': { 'apkid': findings }}, retry_on_conflict=5) es.update(index=settings.ELASTICSEARCH_TASKS_INDEX, id=sha256, body={'doc': { 'apkid_analysis': 2 }}, retry_on_conflict=5) except AttributeError: findings = {} es.update(index=settings.ELASTICSEARCH_APK_INDEX, id=sha256, body={'doc': { 'apkid': findings }}, retry_on_conflict=5) es.update(index=settings.ELASTICSEARCH_TASKS_INDEX, id=sha256, body={'doc': { 'apkid_analysis': -1 }}, retry_on_conflict=5) del findings, rules, scanner, output, options, res gc.collect() return {'status': 'success', 'info': ''}
def apkid_analysis(app_dir, apk_file, apk_name): """APKiD Analysis of DEX files""" if not settings.APKID_ENABLED: return {} if not os.path.exists(apk_file): logger.error("APKiD - APK not found") return {} from apkid import __version__ as apkid_ver from apkid.apkid import Scanner, Options from apkid.output import OutputFormatter from apkid.rules import RulesManager logger.info("Running APKiD %s", apkid_ver) options = Options(timeout=30, verbose=False, entry_max_scan_size=100 * 1024 * 1024, recursive=True) output = OutputFormatter(json_output=True, output_dir=None, rules_manager=RulesManager()) rules = options.rules_manager.load() scanner = Scanner(rules, options) res = scanner.scan_file(apk_file) findings = output._build_json_output(res)['files'] sanitized = {} for item in findings: filename = item['filename'] sanitized[filename] = item['matches'] return sanitized
def build_options(args) -> Options: return Options(timeout=args.timeout, verbose=args.verbose, json=args.json, output_dir=args.output_dir, typing=args.typing, entry_max_scan_size=args.entry_max_scan_size, scan_depth=args.scan_depth, recursive=args.recursive)
def apkid_analysis(app_dir, apk_file, apk_name): """APKID Analysis of DEX files.""" if not settings.APKID_ENABLED: return {} try: import apkid except ImportError: logger.error('APKiD - Could not import APKiD') return {} if not os.path.exists(apk_file): logger.error('APKiD - APK not found') return {} apkid_ver = apkid.__version__ from apkid.apkid import Scanner, Options from apkid.output import OutputFormatter from apkid.rules import RulesManager logger.info('Running APKiD %s', apkid_ver) options = Options( timeout=30, verbose=False, entry_max_scan_size=settings.DATA_UPLOAD_MAX_MEMORY_SIZE, recursive=True, ) output = OutputFormatter( json_output=True, output_dir=None, rules_manager=RulesManager(), include_types=False, ) rules = options.rules_manager.load() scanner = Scanner(rules, options) res = scanner.scan_file(apk_file) try: findings = output._build_json_output(res)['files'] except AttributeError: # apkid >= 2.0.3 try: findings = output.build_json_output(res)['files'] except AttributeError: logger.error('yara-python dependency required by ' 'APKiD is not installed properly. ' 'Skipping APKiD analysis!') findings = {} sanitized = {} for item in findings: filename = item['filename'] if '!' in filename: filename = filename.split('!', 1)[1] sanitized[filename] = item['matches'] return sanitized
def apkid_analysis(app_dir, apk_file, apk_name): """APKID Analysis of DEX files.""" if not settings.APKID_ENABLED: return {} try: import apkid except ImportError: logger.error('APKiD - Could not import APKiD') return {} if not os.path.exists(apk_file): logger.error('APKiD - APK not found') return {} apkid_ver = apkid.__version__ from apkid.apkid import Scanner, Options from apkid.output import OutputFormatter from apkid.rules import RulesManager logger.info('Running APKiD %s', apkid_ver) options = Options( timeout=30, verbose=False, entry_max_scan_size=100 * 1024 * 1024, recursive=True, ) output = OutputFormatter( json_output=True, output_dir=None, rules_manager=RulesManager(), include_types=False, ) rules = options.rules_manager.load() scanner = Scanner(rules, options) res = scanner.scan_file(apk_file) try: findings = output._build_json_output(res)['files'] except AttributeError: # apkid >= 2.0.3 findings = output.build_json_output(res)['files'] sanitized = {} for item in findings: filename = item['filename'] sanitized[filename] = item['matches'] return sanitized
def apkid_analysis(app_dir, apk_file, apk_name): """APKiD Analysis of DEX files""" apkid_res = {} if not settings.APKID_ENABLED: return apkid_res if not os.path.exists(apk_file): logger.error("APKiD - APK not found") return {'error': True} from apkid import __version__ as apkid_ver from apkid.apkid import Scanner, Options logger.info("Running APKiD") dest_dir = os.path.join(app_dir, "apkid") options = Options( timeout=30, verbose=None, json=True, output_dir=dest_dir, typing=None, entry_max_scan_size=100 * 1024 * 1024, scan_depth=2, recursive=True ) rules = options.rules_manager.load() scanner = Scanner(rules, options) scanner.scan(apk_file) file_name = filename_from_path(apk_file) report_file = file_name + "_apkid.json" report = os.path.join(dest_dir, report_file) with open(report, 'r') as flip: result = json.load(flip) for filep, res in result.items(): try: dex_file = filep.rsplit("!", 1)[1] except Exception: dex_file = apk_name apkid_res[dex_file] = res return apkid_res
def options(): return Options()