def cli(ctx, sdk_path, build_path, debug, source, report_type, exploit_apk, report_path, report_name):
if not source:
click.secho("Please pass a source for scanning through either --java or --apk")
click.secho(ctx.get_help())
return
if exploit_apk:
if not sdk_path:
# Try to set the SDK from environment variables if they exist
# Follows the guidelines from https://developer.android.com/studio/command-line/variables
if environ_path_variable_exists(ANDROID_SDK_HOME):
sdk_path = os.environ[ANDROID_SDK_HOME]
elif environ_path_variable_exists(ANDROID_HOME):
sdk_path = os.environ[ANDROID_HOME]
elif environ_path_variable_exists(ANDROID_SDK_ROOT):
sdk_path = os.environ[ANDROID_SDK_ROOT]
else:
click.secho("Please provide path to android SDK if building exploit APK.")
return
# Debug controls the output to stderr, debug logs are ALWAYS stored in `qark_debug.log`
if debug:
level = "DEBUG"
else:
level = "INFO"
initialize_logging(level)
click.secho("Decompiling...")
decompiler = Decompiler(path_to_source=source, build_directory=build_path)
decompiler.run()
click.secho("Running scans...")
path_to_source = decompiler.path_to_source if decompiler.source_code else decompiler.build_directory
scanner = Scanner(manifest_path=decompiler.manifest_path, path_to_source=path_to_source)
scanner.run()
click.secho("Finish scans...")
click.secho("Writing report...")
if report_path is not None:
if report_name is not None:
report = Report(issues=set(scanner.issues), report_path=report_path, report_name=report_name)
else:
report = Report(issues=set(scanner.issues), report_path=report_path)
else:
report = Report(issues=set(scanner.issues))
report_path = report.generate(file_type=report_type)
click.secho("Finish writing report to {report_path} ...".format(report_path=report_path))
if exploit_apk:
click.secho("Building exploit APK...")
exploit_builder = APKBuilder(exploit_apk_path=build_path, issues=scanner.issues, apk_name=decompiler.apk_name,
manifest_path=decompiler.manifest_path, sdk_path=sdk_path)
exploit_builder.build()
click.secho("Finish building exploit APK...")
def test_unpack_apk(decompiler):
classes_dex_path = os.path.join(decompiler.build_directory, "classes.dex")
assert classes_dex_path == decompiler._unpack_apk()
assert os.path.isfile(classes_dex_path)
shutil.rmtree(decompiler.build_directory)
assert not os.path.isdir(decompiler.build_directory)
with pytest.raises(ValueError):
bad_decompiler = Decompiler("1")
bad_decompiler._unpack_apk()
def module_decompiler(path_to_source, build_directory):
return Decompiler(path_to_source=path_to_source,
build_directory=build_directory)