def get_cert(self):
try:
pinfo("开始获取签名文件")
files = [
f for f in os.listdir(self.cert_file)
if os.path.isfile(os.path.join(self.cert_file, f))
]
for file_name in files:
if file_name.lower().split('.')[-1] in ['rsa', 'dsa']:
args = [
ToolSettings.JAVA_PATH, '-jar',
ToolSettings.TOOL_CERTPRINT,
os.path.join(self.cert_file, file_name)
]
issued = 'good'
dat = subprocess.check_output(args)
if re.findall(
r"Issuer: CN=Android Debug|Subject: CN=Android Debug",
dat):
issued = 'bad'
if re.findall(r"\[SHA1withRSA\]", dat):
issued = 'bad hash'
result = {
'cert_file': file_name,
'cert_info': dat,
'issued': issued
}
return result
except:
einfo("签名获取异常")
def _parse_(self, xml):
t = {}
t['feature'] = xml['feature']
t['line'] = xml['line']
t['level'] = xml['level']
t['attr'] = []
if xml['level'] == 0 or xml['level'] == 1:
pass
elif xml['level'] == 2:
self.AAPT_XML['manifest'].append(t)
elif xml['level'] > 2:
LEN = []
floor = xml['level'] - 2
c_mani = self.AAPT_XML['manifest']
LEN.append(len(c_mani))
for i in range(0, floor):
try:
t_mani = c_mani[LEN[i] - 1]
c_len = len(t_mani['attr'])
LEN.append(c_len)
if i + 1 < floor:
c_mani = t_mani['attr']
except Exception as e:
einfo("aapt获得XML错误!" + str(e))
pass
para_str = ''
for i in range(0, floor):
para_str += '[' + str(LEN[i] - 1) + ''']['attr']'''
s = '''self.AAPT_XML['manifest']''' + para_str + '''.append(t)'''
try:
exec(s)
except Exception as e:
einfo("从aapt获得XML错误!这个APP没治了..." + str(e))
def manifest_analysis(self):
try:
manifest = Manifest(self.extract_path)
context = manifest.get_component_from_xml()
context.update(manifest.xml_analysis())
except Exception as e:
einfo(e)
context = self.aapt.get_info_from_xml()
self.static_context.update(context)
def handle(self):
file_type = self.get_file_type()
if file_type == 'APK':
app = AndroidAnalyzer(self.file_name)
app.get_base_info()
elif file_type == 'IOS':
app = IosAnalyzer(self.file_name)
else:
einfo('未知文件类型')
return
app.start()
def find_redundancy_permissions(self):
redundancy_permissions = []
pinfo("Now finding the redundancy permissions...")
try:
apk, d, dx = AnalyzeAPK(self.APP_PATH, decompiler="dad")
used_permissions = show_Permissions(dx)
for perm in self.PERMISSIONS:
if perm not in used_permissions.keys():
redundancy_permissions.append(perm)
except Exception as e:
einfo("Find redundancy permissions occured error: " + str(e))
finally:
return redundancy_permissions
def get_hardcoded_cert_keystore(self):
pinfo('开始获取硬编码Certificates/Keystores')
certz = []
key_store = []
try:
for file_name in self.files:
ext = file_name.split('.')[-1]
if re.search("cer|pem|cert|crt|pub|key|pfx|p12", ext):
pinfo('获取到硬编码证书文件')
certz.append(file_name)
if re.search("jks|bks", ext):
pinfo('获取到硬编码keystore文件')
key_store.append(file_name)
except:
einfo("获取硬编码Certificates/Keystores错误")
result = {'certz': certz, 'key_store': key_store}
return result
def exec_sql(self, val):
try:
self.cu.execute(val)
self.cx.commit()
except Exception as e:
einfo(e)
def analysis_code(self):
column = []
code_vul_db = []
for vul_item in code_vul_db:
column.append(vul_item.flag)
context = {key: [] for key in column}
urllist = []
emaillist = []
JS = os.path.join(self.extract_path, 'java_source')
url_reg = re.compile(
ur'((?:https?://|s?ftps?://|file://|javascript:|data:|www\d{0,3}[.])[\w().=/;,#:@?&~*+!$%\'{}-]+)',
re.UNICODE)
email_reg = re.compile("[\w.-]+@[\w-]+\.[\w.]+")
pinfo("Code Analysis Started on - " + JS)
for dirName, subDir, files in os.walk(JS):
for jfile in files:
jfile_path = os.path.join(JS, dirName, jfile)
if "+" in jfile:
p2 = os.path.join(JS, dirName, jfile.replace("+", "x"))
shutil.move(jfile_path, p2)
jfile_path = p2
repath = jfile_path.replace(JS, '')
# 排除分析默认框架的源码 及 第三方SDK源码
if not self.init_blacklist(repath):
with io.open(jfile_path,
mode='r',
encoding="utf8",
errors="ignore") as f:
dat = f.read()
f.close()
for vul in code_vul_db:
result = False
features = getattr(vul, 'check_feature')
for feature in features:
is_found = True
if isinstance(feature, list):
# pinfo('Now checking %s' % feature)
for i in feature:
try:
t_reg = re.compile(i)
if not t_reg.findall(dat):
is_found = False
except Exception as e:
einfo('Code analysis error! ' + str(e))
else:
try:
t_reg = re.compile(feature)
if not t_reg.findall(dat):
is_found = False
except Exception as e:
einfo('Code analysis error! ' + str(e))
result = result or is_found
if result:
t_column = getattr(vul, 'flag')
context[t_column].append(jfile_path.replace(
JS, ''))
# URLs My Custom regex
for url in re.findall(url_reg, dat.lower()):
urllist.append(url)
# Email Etraction Regex
for email in email_reg.findall(dat.lower()):
emaillist.append(email)
context['URLs'] = list(set(urllist))
context['Emails'] = []
for email in list(set(emaillist)):
if not email.startswith('//'):
context['Emails'].append(email)
print "[INFO] Finished Code Analysis, Email and URL Extraction"
return context