def ios_source_analysis(src): """iOS Objective-C Code Analysis""" try: print("[INFO] Starting iOS Source Code and PLIST Analysis") api_rules = ios_apis.CODE_APIS code_rules = ios_rules.CODE_RULES code_findings = {} api_findings = {} email_n_file = [] url_n_file = [] url_list = [] domains = {} for dirname, _, files in os.walk(src): for jfile in files: if jfile.endswith(".m"): jfile_path = os.path.join(src, dirname, jfile) if "+" in jfile: new_path = os.path.join(src, dirname, jfile.replace("+", "x")) shutil.move(jfile_path, new_path) jfile_path = new_path dat = '' with io.open(jfile_path, mode='r', encoding="utf8", errors="ignore") as flip: dat = flip.read() # Code Analysis relative_src_path = jfile_path.replace(src, '') code_rule_matcher(code_findings, [], dat, relative_src_path, code_rules) # API Analysis api_rule_matcher(api_findings, [], dat, relative_src_path, api_rules) # Extract URLs and Emails urls, urls_nf, emails_nf = url_n_email_extract( dat, relative_src_path) url_list.extend(urls) url_n_file.extend(urls_nf) email_n_file.extend(emails_nf) # Domain Extraction and Malware Check print("[INFO] Performing Malware Check on extracted Domains") domains = malware_check(list(set(url_list))) print("[INFO] Finished Code Analysis, Email and URL Extraction") code_analysis_dict = { 'api': api_findings, 'code_anal': code_findings, 'urlnfile': url_n_file, 'domains': domains, 'emailnfile': email_n_file, } return code_analysis_dict except: PrintException("[ERROR] iOS Source Code Analysis")
def ios_source_analysis(src): """iOS Objective-C Code Analysis""" try: logger.info("Starting iOS Source Code and PLIST Analysis") api_rules = ios_apis.CODE_APIS code_rules = ios_rules.CODE_RULES code_findings = {} api_findings = {} email_n_file = [] url_n_file = [] url_list = [] domains = {} for dirname, _, files in os.walk(src): for jfile in files: if jfile.endswith(".m"): jfile_path = os.path.join(src, dirname, jfile) if "+" in jfile: new_path = os.path.join( src, dirname, jfile.replace("+", "x")) shutil.move(jfile_path, new_path) jfile_path = new_path dat = '' with io.open(jfile_path, mode='r', encoding="utf8", errors="ignore") as flip: dat = flip.read() # Code Analysis relative_src_path = jfile_path.replace(src, '') code_rule_matcher(code_findings, [], dat, relative_src_path, code_rules) # API Analysis api_rule_matcher(api_findings, [], dat, relative_src_path, api_rules) # Extract URLs and Emails urls, urls_nf, emails_nf = url_n_email_extract(dat, relative_src_path) url_list.extend(urls) url_n_file.extend(urls_nf) email_n_file.extend(emails_nf) urls_list = list(set(url_list)) # Domain Extraction and Malware Check logger.info("Performing Malware Check on extracted Domains") domains = malware_check(urls_list) logger.info("Finished Code Analysis, Email and URL Extraction") code_analysis_dict = { 'api': api_findings, 'code_anal': code_findings, 'urls_list': urls_list, 'urlnfile': url_n_file, 'domains': domains, 'emailnfile': email_n_file, } return code_analysis_dict except: PrintException("iOS Source Code Analysis")
def code_analysis(app_dir, perms, typ): """Perform the code analysis.""" try: logger.info("Static Android Code Analysis Started") api_rules = android_apis.APIS code_rules = android_rules.RULES code_findings = {} api_findings = {} email_n_file = [] url_n_file = [] url_list = [] domains = {} if typ == "apk": java_src = os.path.join(app_dir, 'java_source/') elif typ == "studio": java_src = os.path.join(app_dir, 'app/src/main/java/') elif typ == "eclipse": java_src = os.path.join(app_dir, 'src/') logger.info("Code Analysis Started on - " + java_src) # pylint: disable=unused-variable # Needed by os.walk for dir_name, sub_dir, files in os.walk(java_src): for jfile in files: jfile_path = os.path.join(java_src, dir_name, jfile) if "+" in jfile: p_2 = os.path.join(java_src, dir_name, jfile.replace("+", "x")) shutil.move(jfile_path, p_2) jfile_path = p_2 repath = dir_name.replace(java_src, '') if (jfile.endswith('.java') and any( re.search(cls, repath) for cls in settings.SKIP_CLASSES) is False): dat = '' with io.open(jfile_path, mode='r', encoding="utf8", errors="ignore") as file_pointer: dat = file_pointer.read() # Code Analysis # print "[INFO] Doing Code Analysis on - " + jfile_path relative_java_path = jfile_path.replace(java_src, '') code_rule_matcher(code_findings, list(perms.keys()), dat, relative_java_path, code_rules) # API Check api_rule_matcher(api_findings, list(perms.keys()), dat, relative_java_path, api_rules) # Extract URLs and Emails urls, urls_nf, emails_nf = url_n_email_extract( dat, relative_java_path) url_list.extend(urls) url_n_file.extend(urls_nf) email_n_file.extend(emails_nf) # Domain Extraction and Malware Check logger.info("Performing Malware Check on extracted Domains") domains = malware_check(list(set(url_list))) logger.info("Finished Code Analysis, Email and URL Extraction") code_an_dic = { 'api': api_findings, 'findings': code_findings, 'urls': url_n_file, 'domains': domains, 'emails': email_n_file, } return code_an_dic except: PrintException("Performing Code Analysis")
def ios_source_analysis(src): """IOS Objective-C Code Analysis.""" try: logger.info('Starting iOS Source Code and PLIST Analysis') api_rules = ios_apis.CODE_APIS code_rules = ios_rules.CODE_RULES code_findings = {} api_findings = {} email_n_file = [] url_n_file = [] url_list = [] domains = {} for dirname, _, files in os.walk(src): for jfile in files: if jfile.endswith('.m'): jfile_path = os.path.join(src, dirname, jfile) if '+' in jfile: new_path = os.path.join(src, dirname, jfile.replace('+', 'x')) shutil.move(jfile_path, new_path) jfile_path = new_path dat = '' with io.open(jfile_path, mode='r', encoding='utf8', errors='ignore') as flip: dat = flip.read() # Code Analysis relative_src_path = jfile_path.replace(src, '') code_rule_matcher(code_findings, [], dat, relative_src_path, code_rules) # API Analysis api_rule_matcher(api_findings, [], dat, relative_src_path, api_rules) # Extract URLs and Emails urls, urls_nf, emails_nf = url_n_email_extract( dat, relative_src_path) url_list.extend(urls) url_n_file.extend(urls_nf) email_n_file.extend(emails_nf) urls_list = list(set(url_list)) # Domain Extraction and Malware Check logger.info('Performing Malware Check on extracted Domains') domains = malware_check(urls_list) logger.info('Finished Code Analysis, Email and URL Extraction') code_analysis_dict = { 'api': api_findings, 'code_anal': code_findings, 'urls_list': urls_list, 'urlnfile': url_n_file, 'domains': domains, 'emailnfile': email_n_file, } return code_analysis_dict except Exception: logger.exception('iOS Source Code Analysis')
def code_analysis(app_dir, perms, typ): """Perform the code analysis.""" try: logger.info('Static Android Code Analysis Started') api_rules = android_apis.APIS code_rules = android_rules.RULES code_findings = {} api_findings = {} email_n_file = [] url_n_file = [] url_list = [] if typ == 'apk': java_src = os.path.join(app_dir, 'java_source/') elif typ == 'studio': java_src = os.path.join(app_dir, 'app/src/main/java/') elif typ == 'eclipse': java_src = os.path.join(app_dir, 'src/') logger.info('Code Analysis Started on - %s', filename_from_path(java_src)) # pylint: disable=unused-variable # Needed by os.walk for dir_name, _sub_dir, files in os.walk(java_src): for jfile in files: jfile_path = os.path.join(java_src, dir_name, jfile) if '+' in jfile: p_2 = os.path.join(java_src, dir_name, jfile.replace('+', 'x')) shutil.move(jfile_path, p_2) jfile_path = p_2 repath = dir_name.replace(java_src, '') + '/' if (jfile.endswith('.java') and any( re.search(cls, repath) for cls in settings.SKIP_CLASSES) is False): dat = '' with io.open( jfile_path, mode='r', encoding='utf8', errors='ignore', ) as file_pointer: dat = file_pointer.read() # Code Analysis relative_java_path = jfile_path.replace(java_src, '') code_rule_matcher(code_findings, list(perms.keys()), dat, relative_java_path, code_rules) # API Check api_rule_matcher(api_findings, list(perms.keys()), dat, relative_java_path, api_rules) # Extract URLs and Emails urls, urls_nf, emails_nf = url_n_email_extract( dat, relative_java_path) url_list.extend(urls) url_n_file.extend(urls_nf) email_n_file.extend(emails_nf) logger.info('Finished Code Analysis, Email and URL Extraction') code_an_dic = { 'api': api_findings, 'findings': code_findings, 'urls_list': url_list, 'urls': url_n_file, 'emails': email_n_file, } return code_an_dic except Exception: logger.exception('Performing Code Analysis')
def code_analysis(app_dir, perms, typ): """Perform the code analysis.""" try: logger.info("Static Android Code Analysis Started") api_rules = android_apis.APIS code_rules = android_rules.RULES code_findings = {} api_findings = {} email_n_file = [] url_n_file = [] url_list = [] domains = {} if typ == "apk": java_src = os.path.join(app_dir, 'java_source/') elif typ == "studio": java_src = os.path.join(app_dir, 'app/src/main/java/') elif typ == "eclipse": java_src = os.path.join(app_dir, 'src/') logger.info("Code Analysis Started on - " + filename_from_path(java_src)) # pylint: disable=unused-variable # Needed by os.walk for dir_name, sub_dir, files in os.walk(java_src): for jfile in files: jfile_path = os.path.join(java_src, dir_name, jfile) if "+" in jfile: p_2 = os.path.join(java_src, dir_name, jfile.replace("+", "x")) shutil.move(jfile_path, p_2) jfile_path = p_2 repath = dir_name.replace(java_src, '') if ( jfile.endswith('.java') and any(re.search(cls, repath) for cls in settings.SKIP_CLASSES) is False ): dat = '' with io.open( jfile_path, mode='r', encoding="utf8", errors="ignore" ) as file_pointer: dat = file_pointer.read() # Code Analysis # print "[INFO] Doing Code Analysis on - " + jfile_path relative_java_path = jfile_path.replace(java_src, '') code_rule_matcher( code_findings, list(perms.keys()), dat, relative_java_path, code_rules) # API Check api_rule_matcher(api_findings, list(perms.keys()), dat, relative_java_path, api_rules) # Extract URLs and Emails urls, urls_nf, emails_nf = url_n_email_extract(dat, relative_java_path) url_list.extend(urls) url_n_file.extend(urls_nf) email_n_file.extend(emails_nf) logger.info("Finished Code Analysis, Email and URL Extraction") code_an_dic = { 'api': api_findings, 'findings': code_findings, 'urls_list': url_list, 'urls': url_n_file, 'emails': email_n_file, } return code_an_dic except: PrintException("Performing Code Analysis")