Python FormUtil 예제들

예제 #1

파일: view_source.py 프로젝트: knoxknox/mobsf

def run(request, api=False):
    """View the source of a file."""
    try:
        logger.info("View Android Source File")
        if api:
            fil = request.POST['file']
            md5 = request.POST['hash']
            typ = request.POST['type']
            viewsource_form = ViewSourceAndroidApiForm(request.POST)
        else:
            fil = request.GET['file']
            md5 = request.GET['md5']
            typ = request.GET['type']
            viewsource_form = ViewSourceAndroidForm(request.GET)
        if not viewsource_form.is_valid():
            err = FormUtil.errors_message(viewsource_form)
            if api:
                return err
            context = {
                'title': 'Error',
                'exp': 'Error Description',
                'doc': err
            }
            template = "general/error.html"
            return render(request, template, context, status=400)
        if fil.endswith('.java'):
            if typ == 'eclipse':
                src = os.path.join(settings.UPLD_DIR, md5 + '/src/')
            elif typ == 'studio':
                src = os.path.join(settings.UPLD_DIR,
                                   md5 + '/app/src/main/java/')
            elif typ == 'apk':
                src = os.path.join(settings.UPLD_DIR, md5 + '/java_source/')
        elif fil.endswith('.smali'):
            src = os.path.join(settings.UPLD_DIR, md5 + '/smali_source/')
        sfile = os.path.join(src, fil)
        dat = ''
        with io.open(sfile, mode='r', encoding="utf8",
                     errors="ignore") as file_pointer:
            dat = file_pointer.read()
        context = {
            'title': escape(ntpath.basename(fil)),
            'file': escape(ntpath.basename(fil)),
            'dat': dat
        }
        template = "static_analysis/view_source.html"
        if api:
            return context
        return render(request, template, context)
    except Exception as exp:
        msg = str(exp)
        exp = exp.__doc__
        if api:
            return print_n_send_error_response(request, msg, True, exp)
        else:
            return print_n_send_error_response(request, msg, False, exp)

예제 #2

def api_viewsource_ios(request):
    """
    viewsource for ios file
    """
    viewsource_form = ViewSourceIosForm(request.GET)
    if not viewsource_form.is_valid():
        return JsonResponse(FormUtil.errors_message(viewsource_form),
                            status=BAD_REQUEST)

    view_source = ViewSourceIos(request)
    return view_source.api()

예제 #3

def run(request, api=False):
    """View the source of a file."""
    try:
        logger.info('View Android Source File')
        exp = 'Error Description'
        if api:
            fil = request.POST['file']
            md5 = request.POST['hash']
            typ = request.POST['type']
            viewsource_form = ViewSourceAndroidApiForm(request.POST)
        else:
            fil = request.GET['file']
            md5 = request.GET['md5']
            typ = request.GET['type']
            viewsource_form = ViewSourceAndroidForm(request.GET)
        if not viewsource_form.is_valid():
            err = FormUtil.errors_message(viewsource_form)
            return print_n_send_error_response(request, err, api, exp)

        base = Path(settings.UPLD_DIR) / md5
        if typ == 'smali':
            src = base / 'smali_source'
            syntax = 'smali'
        else:
            try:
                src, syntax, _ = find_java_source_folder(base)
            except StopIteration:
                msg = 'Invalid Directory Structure'
                return print_n_send_error_response(request, msg, api)

        sfile = src / fil
        if not is_safe_path(src, sfile.as_posix()):
            msg = 'Path Traversal Detected!'
            return print_n_send_error_response(request, msg, api)
        context = {
            'title': escape(ntpath.basename(fil)),
            'file': escape(ntpath.basename(fil)),
            'data': sfile.read_text('utf-8', 'ignore'),
            'type': syntax,
            'sqlite': {},
            'version': settings.MOBSF_VER,
        }
        template = 'general/view.html'
        if api:
            return context
        return render(request, template, context)
    except Exception as exp:
        logger.exception('Error Viewing Source')
        msg = str(exp)
        exp = exp.__doc__
        return print_n_send_error_response(request, msg, api, exp)

예제 #4

 def upload_api(self):
     """API File Upload."""
     api_response = {}
     request = self.request
     if not self.form.is_valid():
         api_response['error'] = FormUtil.errors_message(self.form)
         return api_response, HTTP_BAD_REQUEST
     self.file = request.FILES['file']
     self.file_type = FileType(self.file)
     if not self.file_type.is_allow_file():
         api_response['error'] = 'File format not Supported!'
         return api_response, HTTP_BAD_REQUEST
     api_response = self.upload()
     return api_response, 200

예제 #5

파일: home.py 프로젝트: PleXone2019/Mobile-Security-Framework-MobSF.

 def upload_api(self):
     """API File Upload."""
     api_response = {}
     request = self.request
     if not self.form.is_valid():
         api_response['error'] = FormUtil.errors_message(self.form)
         return api_response, HTTP_BAD_REQUEST
     self.file_content_type = request.FILES['file'].content_type
     self.file_name_lower = request.FILES['file'].name.lower()
     self.file_type = FileType(self.file_content_type, self.file_name_lower)
     if not self.file_type.is_allow_file():
         api_response['error'] = 'File format not Supported!'
         return api_response, HTTP_BAD_REQUEST
     data = self.upload()
     api_response = {
         'scan_type': data['scan_type'],
         'hash': data['hash'],
         'file_name': data['file_name'],
     }
     return api_response, 200

예제 #6

    def upload_api(self):
        api_response = {}

        request = self.request
        if not self.form.is_valid():
            api_response['error'] = FormUtil.errors_message(self.form)
            return JsonResponse(data=api_response, status=HTTP_BAD_REQUEST)

        self.file_content_type = request.FILES['file'].content_type
        self.file_name_lower = request.FILES['file'].name.lower()
        self.file_type = FileType(self.file_content_type, self.file_name_lower)

        if not self.file_type.is_allow_file():
            api_response["error"] = "File format not Supported!"
            return JsonResponse(data=api_response, status=HTTP_BAD_REQUEST)
        data = self.upload()
        return JsonResponse({
            'scan_type': data['scan_type'],
            'hash': data['hash'],
            'file_name': data['file_name']
        })

예제 #7

파일: home.py 프로젝트: EsteveM/Mobile-Security-Framework-MobSF

 def upload_api(self):
     """
     API File Upload
     """
     api_response = {}
     request = self.request
     if not self.form.is_valid():
         api_response['error'] = FormUtil.errors_message(self.form)
         return api_response, HTTP_BAD_REQUEST
     self.file_content_type = request.FILES['file'].content_type
     self.file_name_lower = request.FILES['file'].name.lower()
     self.file_type = FileType(self.file_content_type, self.file_name_lower)
     if not self.file_type.is_allow_file():
         api_response["error"] = "File format not Supported!"
         return api_response, HTTP_BAD_REQUEST
     data = self.upload()
     api_response = {
         'scan_type': data['scan_type'],
         'hash': data['hash'],
         'file_name': data['file_name']
     }
     return api_response, 200

예제 #8

파일: view_source.py 프로젝트: EsteveM/Mobile-Security-Framework-MobSF

def run(request, api=False):
    """View the source of a file."""
    try:
        print("[INFO] View Android Source File")
        if api:
            fil = request.POST['file']
            md5 = request.POST['hash']
            typ = request.POST['type']
            viewsource_form = ViewSourceAndroidApiForm(request.POST)
        else:
            fil = request.GET['file']
            md5 = request.GET['md5']
            typ = request.GET['type']
            viewsource_form = ViewSourceAndroidForm(request.GET)
        if not viewsource_form.is_valid():
            err = FormUtil.errors_message(viewsource_form)
            if api:
                return err
            context = {
                'title': 'Error',
                'exp': 'Error Description',
                'doc': err
            }
            template = "general/error.html"
            return render(request, template, context, status=400)
        if fil.endswith('.java'):
            if typ == 'eclipse':
                src = os.path.join(settings.UPLD_DIR, md5 + '/src/')
            elif typ == 'studio':
                src = os.path.join(
                    settings.UPLD_DIR, md5 + '/app/src/main/java/')
            elif typ == 'apk':
                src = os.path.join(
                    settings.UPLD_DIR, md5 + '/java_source/')
        elif fil.endswith('.smali'):
            src = os.path.join(settings.UPLD_DIR,
                               md5 + '/smali_source/')
        sfile = os.path.join(src, fil)
        dat = ''
        with io.open(
            sfile,
            mode='r',
            encoding="utf8",
            errors="ignore"
        ) as file_pointer:
            dat = file_pointer.read()
        context = {
            'title': escape(ntpath.basename(fil)),
            'file': escape(ntpath.basename(fil)),
            'dat': dat
        }
        template = "static_analysis/view_source.html"
        if api:
            return context
        return render(request, template, context)
    except Exception as exp:
        msg = str(exp)
        exp = exp.__doc__
        if api:
            return print_n_send_error_response(request, msg, True, exp)
        else:
            return print_n_send_error_response(request, msg, False, exp)

예제 #9

파일: view_source.py 프로젝트: zxd260/Mobile-Security-Framework-MobSF

def run(request, api=False):
    """View iOS Files."""
    try:
        logger.info('View iOS Source File')
        file_format = 'cpp'
        if api:
            fil = request.POST['file']
            md5_hash = request.POST['hash']
            mode = request.POST['type']
            viewsource_form = ViewSourceIOSApiForm(request.POST)
        else:
            fil = request.GET['file']
            md5_hash = request.GET['md5']
            mode = request.GET['type']
            viewsource_form = ViewSourceIOSForm(request.GET)
        typ = set_ext_api(fil)
        if not viewsource_form.is_valid():
            err = FormUtil.errors_message(viewsource_form)
            if api:
                return err
            context = {
                'title': 'Error',
                'exp': 'Error Description',
                'doc': err,
            }
            template = 'general/error.html'
            return render(request, template, context, status=400)
        if mode == 'ipa':
            src = os.path.join(settings.UPLD_DIR, md5_hash + '/Payload/')
        elif mode == 'ios':
            src = os.path.join(settings.UPLD_DIR, md5_hash + '/')
        sfile = os.path.join(src, fil)
        dat = ''
        if typ == 'm':
            file_format = 'cpp'
            with io.open(sfile, mode='r', encoding='utf8',
                         errors='ignore') as flip:
                dat = flip.read()
        elif typ == 'xml':
            file_format = 'xml'
            with io.open(sfile, mode='r', encoding='utf8',
                         errors='ignore') as flip:
                dat = flip.read()
        elif typ == 'plist':
            file_format = 'json'
            dat = biplist.readPlist(sfile)
            try:
                dat = json.dumps(dat, indent=4, sort_keys=True)
            except Exception:
                pass
        elif typ == 'db':
            file_format = 'asciidoc'
            dat = read_sqlite(sfile)
        elif typ == 'txt' and fil == 'classdump.txt':
            file_format = 'cpp'
            app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/')
            cls_dump_file = os.path.join(app_dir, 'classdump.txt')
            if is_file_exists(cls_dump_file):
                with io.open(cls_dump_file,
                             mode='r',
                             encoding='utf8',
                             errors='ignore') as flip:
                    dat = flip.read()
            else:
                dat = 'Class Dump result not Found'
        else:
            if api:
                return {'error': 'Invalid Parameters'}
            return HttpResponseRedirect('/error/')
        context = {
            'title': escape(ntpath.basename(fil)),
            'file': escape(ntpath.basename(fil)),
            'type': file_format,
            'dat': dat
        }
        template = 'general/view.html'
        if api:
            return context
        return render(request, template, context)
    except Exception as exp:
        logger.exception('Error Viewing Source')
        msg = str(exp)
        exp = exp.__doc__
        if api:
            return print_n_send_error_response(request, msg, True, exp)
        else:
            return print_n_send_error_response(request, msg, False, exp)

예제 #10

파일: view_source.py 프로젝트: EsteveM/Mobile-Security-Framework-MobSF

def run(request, api=False):
    """View iOS Files"""
    try:
        print("[INFO] View iOS Source File")
        file_format = "cpp"
        if api:
            fil = request.POST['file']
            md5_hash = request.POST['hash']
            mode = request.POST['type']
            viewsource_form = ViewSourceIOSApiForm(request.POST)
        else:
            fil = request.GET['file']
            md5_hash = request.GET['md5']
            mode = request.GET['type']
            viewsource_form = ViewSourceIOSForm(request.GET)
        typ = set_ext_api(fil)
        if not viewsource_form.is_valid():
            err = FormUtil.errors_message(viewsource_form)
            if api:
                return err
            context = {
                'title': 'Error',
                'exp': 'Error Description',
                'doc': err
            }
            template = "general/error.html"
            return render(request, template, context, status=400)
        if mode == 'ipa':
            src = os.path.join(settings.UPLD_DIR,
                               md5_hash + '/Payload/')
        elif mode == 'ios':
            src = os.path.join(settings.UPLD_DIR, md5_hash + '/')
        sfile = os.path.join(src, fil)
        dat = ''
        if typ == 'm':
            file_format = 'cpp'
            with io.open(sfile, mode='r', encoding="utf8", errors="ignore") as flip:
                dat = flip.read()
        elif typ == 'xml':
            file_format = 'xml'
            with io.open(sfile, mode='r', encoding="utf8", errors="ignore") as flip:
                dat = flip.read()
        elif typ == 'db':
            file_format = 'asciidoc'
            dat = read_sqlite(sfile)
        elif typ == 'txt' and fil == "classdump.txt":
            file_format = 'cpp'
            app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/')
            cls_dump_file = os.path.join(app_dir, "classdump.txt")
            if isFileExists(cls_dump_file):
                with io.open(cls_dump_file,
                             mode='r',
                             encoding="utf8",
                             errors="ignore"
                             ) as flip:
                    dat = flip.read()
            else:
                dat = "Class Dump result not Found"
        else:
            if api:
                return {"error": "Invalid Parameters"}
            return HttpResponseRedirect('/error/')
        context = {'title': escape(ntpath.basename(fil)),
                   'file': escape(ntpath.basename(fil)),
                   'type': file_format,
                   'dat': dat}
        template = "general/view.html"
        if api:
            return context
        return render(request, template, context)
    except Exception as exp:
        msg = str(exp)
        exp = exp.__doc__
        if api:
            return print_n_send_error_response(request, msg, True, exp)
        else:
            return print_n_send_error_response(request, msg, False, exp)

예제 #11

파일: view_source.py 프로젝트: yunjiaxiaojiu/Mobile-Security-Framework-MobSF

def run(request, api=False):
    """View the source of a file."""
    try:
        logger.info('View Android Source File')
        exp = 'Error Description'
        if api:
            fil = request.POST['file']
            md5 = request.POST['hash']
            typ = request.POST['type']
            viewsource_form = ViewSourceAndroidApiForm(request.POST)
        else:
            fil = request.GET['file']
            md5 = request.GET['md5']
            typ = request.GET['type']
            viewsource_form = ViewSourceAndroidForm(request.GET)
        if not viewsource_form.is_valid():
            err = FormUtil.errors_message(viewsource_form)
            if api:
                return err
            return print_n_send_error_response(request, err, False, exp)

        base = Path(settings.UPLD_DIR) / md5
        syntax = 'java'
        if fil.endswith(('.java', '.kt')):
            if typ == 'eclipse':
                src = base / 'src'
            elif typ == 'studio':
                src = base / 'app' / 'src' / 'main' / 'java'
                kt = base / 'app' / 'src' / 'main' / 'kotlin'
                if not src.exists() and kt.exists():
                    src = kt
                    syntax = 'kotlin'
            elif typ == 'apk':
                src = base / 'java_source'
        elif fil.endswith('.smali'):
            src = base / 'smali_source'
            syntax = 'smali'
        else:
            msg = 'Not Found'
            doc = 'File not Found!'
            is_api = False
            if api:
                is_api = True
            return print_n_send_error_response(request, msg, is_api, doc)
        sfile = src / fil
        if not is_safe_path(src, sfile.as_posix()):
            msg = 'Path Traversal Detected!'
            if api:
                return {'error': 'Path Traversal Detected!'}
            return print_n_send_error_response(request, msg, False, exp)
        context = {
            'title': escape(ntpath.basename(fil)),
            'file': escape(ntpath.basename(fil)),
            'data': sfile.read_text('utf-8', 'ignore'),
            'type': syntax,
            'sqlite': {},
            'version': settings.MOBSF_VER,
        }
        template = 'general/view.html'
        if api:
            return context
        return render(request, template, context)
    except Exception as exp:
        logger.exception('Error Viewing Source')
        msg = str(exp)
        exp = exp.__doc__
        if api:
            return print_n_send_error_response(request, msg, True, exp)
        else:
            return print_n_send_error_response(request, msg, False, exp)

예제 #12

파일: view_source.py 프로젝트: zhukaiang7/Mobile-Security-Framework-MobSF

def run(request, api=False):
    """View iOS Files"""
    try:
        print("[INFO] View iOS Source File")
        file_format = "cpp"
        if api:
            fil = request.POST['file']
            md5_hash = request.POST['hash']
            mode = request.POST['type']
            viewsource_form = ViewSourceIOSApiForm(request.POST)
        else:
            fil = request.GET['file']
            md5_hash = request.GET['md5']
            mode = request.GET['type']
            viewsource_form = ViewSourceIOSForm(request.GET)
        typ = set_ext_api(fil)
        if not viewsource_form.is_valid():
            err = FormUtil.errors_message(viewsource_form)
            if api:
                return err
            context = {
                'title': 'Error',
                'exp': 'Error Description',
                'doc': err
            }
            template = "general/error.html"
            return render(request, template, context, status=400)
        if mode == 'ipa':
            src = os.path.join(settings.UPLD_DIR, md5_hash + '/Payload/')
        elif mode == 'ios':
            src = os.path.join(settings.UPLD_DIR, md5_hash + '/')
        sfile = os.path.join(src, fil)
        dat = ''
        if typ == 'm':
            file_format = 'cpp'
            with io.open(sfile, mode='r', encoding="utf8",
                         errors="ignore") as flip:
                dat = flip.read()
        elif typ == 'xml':
            file_format = 'xml'
            with io.open(sfile, mode='r', encoding="utf8",
                         errors="ignore") as flip:
                dat = flip.read()
        elif typ == 'db':
            file_format = 'asciidoc'
            dat = read_sqlite(sfile)
        elif typ == 'txt' and fil == "classdump.txt":
            file_format = 'cpp'
            app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/')
            cls_dump_file = os.path.join(app_dir, "classdump.txt")
            if isFileExists(cls_dump_file):
                with io.open(cls_dump_file,
                             mode='r',
                             encoding="utf8",
                             errors="ignore") as flip:
                    dat = flip.read()
            else:
                dat = "Class Dump result not Found"
        else:
            if api:
                return {"error": "Invalid Parameters"}
            return HttpResponseRedirect('/error/')
        context = {
            'title': escape(ntpath.basename(fil)),
            'file': escape(ntpath.basename(fil)),
            'type': file_format,
            'dat': dat
        }
        template = "general/view.html"
        if api:
            return context
        return render(request, template, context)
    except Exception as exp:
        msg = str(exp)
        exp = exp.__doc__
        if api:
            return print_n_send_error_response(request, msg, True, exp)
        else:
            return print_n_send_error_response(request, msg, False, exp)

예제 #13

def api_find(request):
    form = forms.FindForm(request.POST)
    if not form.is_valid():
        return JsonResponse(FormUtil.errors_message(form), status=400)
    return find.run(request, IS_API)

예제 #14

def api_java_file(request):
    form = forms.JavaFileForm(request.GET)
    if not form.is_valid():
        return JsonResponse(FormUtil.errors_message(form), status=400)
    return java_file.run(request, IS_API)

예제 #15

파일: view_source.py 프로젝트: zxd260/Mobile-Security-Framework-MobSF

def run(request, api=False):
    """View the source of a file."""
    try:
        logger.info('View Android Source File')
        if api:
            fil = request.POST['file']
            md5 = request.POST['hash']
            typ = request.POST['type']
            viewsource_form = ViewSourceAndroidApiForm(request.POST)
        else:
            fil = request.GET['file']
            md5 = request.GET['md5']
            typ = request.GET['type']
            viewsource_form = ViewSourceAndroidForm(request.GET)
        if not viewsource_form.is_valid():
            err = FormUtil.errors_message(viewsource_form)
            if api:
                return err
            context = {
                'title': 'Error',
                'exp': 'Error Description',
                'doc': err,
            }
            template = 'general/error.html'
            return render(request, template, context, status=400)
        if fil.endswith('.java'):
            if typ == 'eclipse':
                src = os.path.join(settings.UPLD_DIR, md5 + '/src/')
            elif typ == 'studio':
                src = os.path.join(settings.UPLD_DIR,
                                   md5 + '/app/src/main/java/')
            elif typ == 'apk':
                src = os.path.join(settings.UPLD_DIR, md5 + '/java_source/')
        elif fil.endswith('.smali'):
            src = os.path.join(settings.UPLD_DIR, md5 + '/smali_source/')
        else:
            msg = 'Not Found'
            doc = 'File not Found!'
            is_api = False
            if api:
                is_api = True
            return print_n_send_error_response(request, msg, is_api, doc)
            # Unset SRC for any other case.
            # Otherwise it will cause Directory Traversal
        sfile = os.path.join(src, fil)
        dat = ''
        with io.open(
                sfile,
                mode='r',
                encoding='utf8',
                errors='ignore',
        ) as file_pointer:
            dat = file_pointer.read()
        context = {
            'title': escape(ntpath.basename(fil)),
            'file': escape(ntpath.basename(fil)),
            'dat': dat,
        }
        template = 'static_analysis/view_source.html'
        if api:
            return context
        return render(request, template, context)
    except Exception as exp:
        logger.exception('Error Viewing Source')
        msg = str(exp)
        exp = exp.__doc__
        if api:
            return print_n_send_error_response(request, msg, True, exp)
        else:
            return print_n_send_error_response(request, msg, False, exp)

예제 #16

def run(request, api=False):
    """View iOS Files."""
    try:
        logger.info('View iOS Source File')
        exp = 'Error Description'
        file_format = None
        if api:
            fil = request.POST['file']
            md5_hash = request.POST['hash']
            mode = request.POST['type']
            viewsource_form = ViewSourceIOSApiForm(request.POST)
        else:
            fil = request.GET['file']
            md5_hash = request.GET['md5']
            mode = request.GET['type']
            viewsource_form = ViewSourceIOSForm(request.GET)
        typ = set_ext_api(fil)
        if not viewsource_form.is_valid():
            err = FormUtil.errors_message(viewsource_form)
            if api:
                return err
            return print_n_send_error_response(request, err, False, exp)
        base = Path(settings.UPLD_DIR) / md5_hash
        if mode == 'ipa':
            src1 = base / 'payload'
            src2 = base / 'Payload'
            if src1.exists():
                src = src1
            elif src2.exists():
                src = src2
            else:
                raise Exception('MobSF cannot find Payload directory')
        elif mode == 'ios':
            src = base
        sfile = src / fil
        sfile = sfile.as_posix()
        if not is_safe_path(src, sfile):
            msg = 'Path Traversal Detected!'
            if api:
                return {'error': 'Path Traversal Detected!'}
            return print_n_send_error_response(request, msg, False, exp)
        dat = ''
        sql_dump = {}
        if typ == 'm':
            file_format = 'cpp'
            with io.open(sfile, mode='r', encoding='utf8',
                         errors='ignore') as flip:
                dat = flip.read()
        elif typ == 'xml':
            file_format = 'xml'
            with io.open(sfile, mode='r', encoding='utf8',
                         errors='ignore') as flip:
                dat = flip.read()
        elif typ == 'plist':
            file_format = 'json'
            dat = biplist.readPlist(sfile)
            try:
                dat = json.dumps(dat, indent=4, sort_keys=True)
            except Exception:
                pass
        elif typ == 'db':
            file_format = 'asciidoc'
            sql_dump = read_sqlite(sfile)
        elif typ == 'txt' and fil == 'classdump.txt':
            file_format = 'cpp'
            app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/')
            cls_dump_file = os.path.join(app_dir, 'classdump.txt')
            if is_file_exists(cls_dump_file):
                with io.open(cls_dump_file,
                             mode='r',
                             encoding='utf8',
                             errors='ignore') as flip:
                    dat = flip.read()
            else:
                dat = 'Class Dump result not Found'
        elif typ == 'txt':
            file_format = 'text'
            with io.open(sfile, mode='r', encoding='utf8',
                         errors='ignore') as flip:
                dat = flip.read()
        else:
            if api:
                return {'error': 'Invalid Parameters'}
            return HttpResponseRedirect('/error/')
        context = {
            'title': escape(ntpath.basename(fil)),
            'file': escape(ntpath.basename(fil)),
            'type': file_format,
            'dat': dat,
            'sql': sql_dump,
            'version': settings.MOBSF_VER,
        }
        template = 'general/view.html'
        if api:
            return context
        return render(request, template, context)
    except Exception as exp:
        logger.exception('Error Viewing Source')
        msg = str(exp)
        exp = exp.__doc__
        if api:
            return print_n_send_error_response(request, msg, True, exp)
        return print_n_send_error_response(request, msg, False, exp)

예제 #17

파일: view_source.py 프로젝트: zhoujunhaowzh/Mobile-Security-Framework-MobSF

def run(request, api=False):
    """View the source of a file."""
    try:
        logger.info('View Android Source File')
        exp = 'Error Description'
        if api:
            fil = request.POST['file']
            md5 = request.POST['hash']
            typ = request.POST['type']
            viewsource_form = ViewSourceAndroidApiForm(request.POST)
        else:
            fil = request.GET['file']
            md5 = request.GET['md5']
            typ = request.GET['type']
            viewsource_form = ViewSourceAndroidForm(request.GET)
        if not viewsource_form.is_valid():
            err = FormUtil.errors_message(viewsource_form)
            if api:
                return err
            return print_n_send_error_response(request, err, False, exp)
        if fil.endswith(('.java', '.kt')):
            if typ == 'eclipse':
                src = os.path.join(settings.UPLD_DIR, md5 + '/src/')
            elif typ == 'studio':
                src = os.path.join(
                    settings.UPLD_DIR, md5 + '/app/src/main/java/')
            elif typ == 'apk':
                src = os.path.join(
                    settings.UPLD_DIR, md5 + '/java_source/')
        elif fil.endswith('.smali'):
            src = os.path.join(settings.UPLD_DIR,
                               md5 + '/smali_source/')
        else:
            msg = 'Not Found'
            doc = 'File not Found!'
            is_api = False
            if api:
                is_api = True
            return print_n_send_error_response(request, msg, is_api, doc)
        sfile = os.path.join(src, fil)
        if not is_safe_path(src, sfile):
            msg = 'Path Traversal Detected!'
            if api:
                return {'error': 'Path Traversal Detected!'}
            return print_n_send_error_response(request, msg, False, exp)
        dat = ''
        with io.open(
            sfile,
            mode='r',
            encoding='utf8',
            errors='ignore',
        ) as file_pointer:
            dat = file_pointer.read()
        context = {
            'title': escape(ntpath.basename(fil)),
            'file': escape(ntpath.basename(fil)),
            'dat': dat,
            'type': 'java',
            'sql': {},
            'version': settings.MOBSF_VER,
        }
        template = 'general/view.html'
        if api:
            return context
        return render(request, template, context)
    except Exception as exp:
        logger.exception('Error Viewing Source')
        msg = str(exp)
        exp = exp.__doc__
        if api:
            return print_n_send_error_response(request, msg, True, exp)
        else:
            return print_n_send_error_response(request, msg, False, exp)