def run(self):
result = {
"title": "Application Has Insecure ATS Configurations",
"details": "",
"severity": "Medium",
"report": False
}
info_content = plist(self.info)
Log.info("Parsing Info.plist file contents")
ats_xml = plist_dict_to_xml(info_content, self._ats_key)
Log.info("Analysing Info.plist file")
if self._ats_key not in info_content or not info_content[
self._ats_key]:
result.update({
"report":
True,
"details":
"No evidence of ATS being implemented found."
})
if any(option in ats_xml for option in self._insecure_options):
result.update({
"report":
True,
"details":
"The following insecure ATS configuration was \
found : {}".format(ats_xml)
})
return {"{}_result".format(self.name()): result}
def run(self):
result = {"print": "Could not find Info.plist."}
Log.info("Looking for Info.plist file")
app_path = application_path(self.unzipped_ipa)
filename = "{}/Info.plist".format(app_path)
if _exists(filename):
Log.info("Parsing Info.plist file")
# get plist info
info_plist = plist(filename)
identifier = info_plist["CFBundleIdentifier"]
result = {"{}_info".format(identifier): info_plist}
if hasattr(self, "output") and self.output:
Log.info("Converting Info.plist to XML file")
filename = "{}/{}.info.xml".format(self.output, identifier)
with open(filename, "w") as fp:
fp.write(plist_dict_to_xml(info_plist))
result.update({
"{}_info_file".format(identifier):
filename,
"print":
"Info file saved in {}.".format(filename)
})
return result
def plist(self, plist_file_path):
"""
Returns the contents of a plist file on the remote device
:param str plist_file_path: the plist file to be read
:return: returns a dict with the plist contents
"""
from scrounger.utils.ios import plist
from scrounger.utils.general import execute
# get local file
local_file = "/tmp/Info.plist"
self.get(plist_file_path, local_file)
plist_content = plist(local_file)
# clean up tmp file
execute("rm -rf {}".format(local_file))
return plist_content
"""
def run(self):
result = {
"title": "Application Uses Excessive Permissions",
"details": "",
"severity": "Medium",
"report": False
}
ent_module = EModule()
ent_module.binary = self.binary
ent_result, entitlements = ent_module.run(), None
for key in ent_result:
if key.endswith("_entitlements"):
entitlements = ent_result[key]
if not entitlements:
return {"print": "Couldn't get entitlements from binary."}
Log.info("Analysing Entitlements")
permissions = []
if 'get-tasks-allow' in entitlements:
permissions += ['get-tasks-allow']
Log.info("Analysing Info.plist")
info_content = plist(self.info)
permissions += [
permission for permission in self.excessive_permissions.split("|")
if permission in info_content
]
if permissions:
result.update({
"report": True,
"details": "The following permissions were found: * {}".format(
"\n* ".join(sorted(permissions)))
})
return {
"{}_result".format(self.name()): result
}