def target(self, queue):
# get all decompiled files that contains usage of TelephonyManager
files = common.text_scan(common.java_files, self.telephonyManagerRegex)
res = []
count = 0
for f in files:
count += 1
pub.sendMessage('progress', bar=self.getName(), percent=round(count * 100 / len(files)))
# get decompiled file body
fileName = f[1]
with open(fileName, 'r') as fi:
fileBody = fi.read()
# report if file contains inline call
if PluginUtil.contains(self.inlineRegex, fileBody):
PluginUtil.reportInfo(fileName, self.PhoneIdentifierIssueDetails(fileName), res)
break
# report if any TelephonyManager variables invokes calls to get phone identifiers
for varName in PluginUtil.returnGroupMatches(self.varNameRegex, 2, fileBody):
if PluginUtil.contains(r'%s\.(getLine1Number|getDeviceId)\(.*?\)' % varName, fileBody):
PluginUtil.reportInfo(fileName, self.PhoneIdentifierIssueDetails(fileName), res)
break
queue.put(res)
def target(self, queue):
# get all decompiled files that contains usage of WebView
files = common.text_scan(common.java_files, self.webViewRegex)
res = []
count = 0
for f in files:
count += 1
pub.sendMessage('progress', bar=self.getName(), percent=round(count * 100 / len(files)))
# get decompiled file body
fileName = f[1]
with open(fileName, 'r') as fi:
fileBody = fi.read()
# report if file contains any inline calls
if PluginUtil.contains(self.inlineRegex, fileBody):
PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res)
break
# report if any WebView variables invoke calls
for varName in PluginUtil.returnGroupMatches(self.varNameRegex, 2, fileBody):
if PluginUtil.contains(r'%s\.addJavascriptInterface\(.*?\)' % varName, fileBody):
PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res)
break
queue.put(res)
def target(self, queue):
files = common.java_files
global filepath, tree
parser = plyj.Parser()
tree = ''
res = []
count = 0
for f in files:
count += 1
pub.sendMessage('progress', bar=self.name, percent=round(count * 100 / len(files)))
filepath = str(f)
try:
tree = parser.parse_file(f)
except Exception as e:
common.logger.exception(
"Unable to parse the file and generate as AST. Error: " + str(e))
continue
try:
for import_decl in tree.import_declarations:
# Check if Intent is called in the import statement
if 'Intent' in import_decl.name.value:
with open(filepath, 'r') as r:
file_body = r.read()
if PluginUtil.contains(self.NEW_TASK, file_body):
PluginUtil.reportInfo(filepath, new_task(filepath), res)
break
if PluginUtil.contains(self.MULTIPLE_TASK_TASK, file_body):
PluginUtil.reportInfo(filepath, multiple_task(filepath), res)
break
except Exception as e:
common.logger.debug("Plyj parser failed while parsing the file: " + filepath + "\nError" + str(e))
continue
queue.put(res)
def test_check_perm_regex7():
assert PluginUtil.contains(plugin.CHECK_PERMISSION, 'SelfUriPermission') is False
def test_check_perm_regex2():
assert PluginUtil.contains(plugin.CHECK_PERMISSION, 'checkPermission') is True
def testlog_regex():
assert PluginUtil.contains(plugin.debug_regex, 'Log.d') is True
def testlog_regex2():
assert PluginUtil.contains(plugin.verbose_regex, 'Log.v') is True
def testTelephonyManagerRegex():
assert PluginUtil.contains(plugin.telephonyManagerRegex, 'import android.telephony.TelephonyManager') is True
def test_regex5():
assert not PluginUtil.contains(plugin.CHECK_PUBLIC_DIR, 'GetExternalStoragePublicDirectory')
def test_regex2():
text = 'intent.setFlags(Intent.FLAG_ACTIVITY_MULTIPLE_TASK);'
assert not PluginUtil.contains(plugin.NEW_TASK, text)
def test_regex():
assert PluginUtil.contains(plugin.DEX_CLASS_LOADER, 'DexClassLoader') is True
def test_regex5():
assert PluginUtil.contains(plugin.DYNAMIC_BROADCAST_RECEIVER, 'RegisterReceiver') is False
def test_regex3():
assert PluginUtil.contains(plugin.CLASS_LOADER, 'Classload') is False
def test_regex2():
assert PluginUtil.contains(plugin.CLASS_LOADER, 'loadClass') is True
def test_regex():
text = 'intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);'
assert PluginUtil.contains(plugin.NEW_TASK, text)
def test_regex5():
text = 'intent.setFlags(Intent.FLAGACTIVITYMULTIPLETASK);'
assert not PluginUtil.contains(plugin.MULTIPLE_TASK, text)
def test_enforce_perm_regex2():
text = 'enforcePermission'
assert PluginUtil.contains(plugin.ENFORCE_PERMISSION, text) is True
def test_regex1():
assert PluginUtil.contains(plugin.DEX_CLASS_LOADER, 'ClassLoader') is False
def test_enforce_perm_regex8():
text = 'enforcePermission("santos.benign.permission","Not allowed to start MyService")'
assert PluginUtil.contains(plugin.ENFORCE_PERMISSION, text) is True
def test_regex2():
text = '"NtY163ManCAb"'
assert not PluginUtil.contains(plugin.API_KEY_REGEX, text)
def test_regex1():
text = 'intent.setFlags(Intent.FLAGACTIVITYNEWTASK);'
assert not PluginUtil.contains(plugin.NEW_TASK, text)
def test_regex4():
text = 'public static final String API_TOKEN = "1234thisisaninvalidapitoken937235"'
assert PluginUtil.contains(plugin.API_KEY_REGEX, text)
def testInlineWithoutPackageName():
text = '((TelephonyManager)paramContext.getSystemService("phone")).getLine1Number();'
assert PluginUtil.contains(plugin.inlineRegex, text) is True
def test_regex5():
text = 'public static final String API_TOKEN = "$%#%~!^"'
assert PluginUtil.contains(plugin.SPECIAL_CHAR_REGEX, text)
def testNotContains():
assert PluginUtil.contains(r'test123', 'test321') is False
def test_regex1():
text = 'public static final String API_TOKEN = "Nti4kWY-qRHTYq3dsbeip0P1tbGCzs2BAY163ManCAb"'
assert PluginUtil.contains(plugin.API_KEY_REGEX, text)
def testlog_regex3():
assert PluginUtil.contains(plugin.verbose_regex, 'v') is False
def test_regex1():
assert PluginUtil.contains(plugin.PATH_USAGE,
'android:pathPrefix=') is False
def testlog_regex1():
assert PluginUtil.contains(plugin.debug_regex, 'd') is False
def test_regex2():
assert PluginUtil.contains(plugin.PATH_USAGE,
'android:pathPattern') is False
def test_check_perm_regex6():
assert PluginUtil.contains(plugin.CHECK_PERMISSION, 'checkCalling') is False
def test_regex3():
text = "android:launchMode='singleTask'"
assert PluginUtil.contains(plugin.LAUNCH_MODE, text) is True
def test_enforce_perm_regex1():
text = 'enforceCallingOrSelfUriPermission'
assert PluginUtil.contains(plugin.ENFORCE_PERMISSION, text) is True
def test_regex4():
text = 'android:launchMode="singleTask"'
assert PluginUtil.contains(plugin.LAUNCH_MODE, text) is True
def test_enforce_perm_regex6():
text = 'enforceCallingPermission'
assert PluginUtil.contains(plugin.ENFORCE_PERMISSION, text) is False
def test_regex5():
text = "android:allowTaskReparenting='true'"
assert PluginUtil.contains(plugin.TASK_REPARENTING, text) is True
def test_check_perm_regex1():
assert PluginUtil.contains(plugin.CHECK_PERMISSION, 'checkCallingOrSelfUriPermission') is True
def test_regex6():
text = 'android:allowTaskReparenting="true"'
assert PluginUtil.contains(plugin.TASK_REPARENTING, text) is True
def test_regex5():
text = 'intent.setFlags(Intent.FLAGACTIVITYMULTIPLETASK);'
assert not PluginUtil.contains(plugin.MULTIPLE_TASK, text)
def test_regex8():
text = '<receiver android:name=".FormatOutgoingCallReceiver" android:enabled="true" android:exported="true"'
assert PluginUtil.contains(plugin.RECEIVER_REGEX, text) is False
def test_regex3():
assert not PluginUtil.contains(plugin.CHECK_EXTERNAL_MEDIA, 'GetExternalMediaDirs')
def test_regex11():
text = 'Priority'
assert PluginUtil.contains(plugin.PRIORITY_REGEX, text) is False
def test_regex():
assert PluginUtil.contains(plugin.CHECK_EXTERNAL_STORAGE, 'getExternalFilesDir')
def target(self, queue):
global filepath, tree
files = common.java_files
parser = plyj.Parser()
tree = ''
external_pub_dir, external_media, external_storage, res = (
[] for _ in xrange(4))
count = 0
for f in files:
count += 1
pub.sendMessage('progress',
bar=self.name,
percent=round(count * 100 / len(files)))
filepath = str(f)
try:
tree = parser.parse_file(f)
except Exception as e:
common.logger.exception(
"Unable to parse the file and generate as AST. Error: " +
str(e))
continue
try:
for import_decl in tree.import_declarations:
if 'File' in import_decl.name.value:
with open(filepath, 'r') as fr:
file_body = fr.read()
if PluginUtil.contains(self.CHECK_EXTERNAL_STORAGE,
file_body):
external_storage.append(filepath)
break
if PluginUtil.contains(self.CHECK_EXTERNAL_MEDIA,
file_body):
external_media.append(filepath)
break
if PluginUtil.contains(self.CHECK_PUBLIC_DIR,
file_body):
external_pub_dir.append(filepath)
break
except Exception as e:
common.logger.debug(
"Plyj parser failed while parsing the file: " + filepath +
"\nError" + str(e))
continue
# Store the content obtained above in a column format
storage = "\n".join(external_storage)
media = "\n".join(external_media)
pub_dir = "\n".join(external_pub_dir)
if external_storage:
PluginUtil.reportWarning(filepath, check_external_storage(storage),
res)
if external_media:
PluginUtil.reportWarning(filepath, check_media_directory(media),
res)
if external_pub_dir:
PluginUtil.reportWarning(filepath, check_public_directory(pub_dir),
res)
queue.put(res)
def testInlineGetDeviceId():
text = '((android.telephony.TelephonyManager)paramContext.getSystemService("phone")).getDeviceId();'
assert PluginUtil.contains(plugin.inlineRegex, text) is True
def test_regex1():
text = 'call(String method, String args, Bundle extras)'
assert PluginUtil.contains(plugin.CALL_FUNCTION, text)
def test_regex():
text = 'call'
assert PluginUtil.contains(plugin.CALL_FUNCTION, text)
def testContains():
assert PluginUtil.contains(r'test123', 'test123') is True