Пример #1
0
def cli(ctx, sdk_path, build_path, debug, source, report_type, exploit_apk):
    if not source:
        click.secho("Please pass a source for scanning through either --java or --apk")
        click.secho(ctx.get_help())
        return

    if exploit_apk:

        if not sdk_path:
            # Try to set the SDK from environment variables if they exist
            # Follows the guidelines from https://developer.android.com/studio/command-line/variables
            if environ_path_variable_exists(ANDROID_SDK_HOME):
                sdk_path = os.environ[ANDROID_SDK_HOME]

            elif environ_path_variable_exists(ANDROID_HOME):
                sdk_path = os.environ[ANDROID_HOME]

            elif environ_path_variable_exists(ANDROID_SDK_ROOT):
                sdk_path = os.environ[ANDROID_SDK_ROOT]

            else:
                click.secho("Please provide path to android SDK if building exploit APK.")
                return

    # Debug controls the output to stderr, debug logs are ALWAYS stored in `qark_debug.log`
    if debug:
        level = "DEBUG"
    else:
        level = "INFO"

    initialize_logging(level)

    click.secho("Decompiling...")
    decompiler = Decompiler(path_to_source=source, build_directory=build_path)
    decompiler.run()

    click.secho("Running scans...")
    if decompiler.source_code:
        scanner = Scanner(manifest_path=decompiler.manifest_path, path_to_source=decompiler.path_to_source)
    else:
        scanner = Scanner(manifest_path=decompiler.manifest_path, path_to_source=decompiler.build_directory)
    scanner.run()
    grouped_issues = scanner.regroup_issues()

    click.secho("Finish scans...")

    click.secho("Writing report...")
    report = Report(issues=dict(grouped_issues))
    report_path = report.generate(file_type=report_type)
    click.secho("Finish writing report to {report_path} ...".format(report_path=report_path))

    if exploit_apk:
        click.secho("Building exploit APK...")
        exploit_builder = APKBuilder(exploit_apk_path=build_path, issues=scanner.issues, apk_name=decompiler.apk_name,
                                     manifest_path=decompiler.manifest_path, sdk_path=sdk_path)
        exploit_builder.build()
        click.secho("Finish building exploit APK...")
Пример #2
0
def test_report_json_defaults():
    report = Report()
    issue = Issue(category='Test',
                  name='Test Issue',
                  severity=Severity.VULNERABILITY,
                  description='Test')
    report.issues.append(issue)
    report.generate(file_type='json')
    # We remove the issue we added to clean up after ourselves.
    report.issues.remove(issue)
    assert os.path.exists(os.path.join(DEFAULT_REPORT_PATH, 'report.json'))
    # We remove the report, to clean up after ourselves
    os.remove(os.path.join(DEFAULT_REPORT_PATH, 'report.json'))
Пример #3
0
def test_report_html_custom_template():
    report = Report()
    issue = Issue(category='Test',
                  name='Test Issue',
                  severity=Severity.VULNERABILITY,
                  description='Test')
    report.issues.append(issue)
    report.generate(
        template_file=os.path.join('templates', 'html_report.jinja'))
    # We remove the issue we added to clean up after ourselves.
    report.issues.remove(issue)
    assert os.path.exists(os.path.join(DEFAULT_REPORT_PATH, 'report.html'))
    # We remove the report, to clean up after ourselves
    os.remove(os.path.join(DEFAULT_REPORT_PATH, 'report.html'))
Пример #4
0
def test_report_singleton():
    assert Report() is Report()
    report3 = Report()
    report4 = Report()
    assert report3 is report4
    report3.value = 4
    assert report4.value == 4
Пример #5
0
def test_report_with_report_path():
    assert Report(report_path=DEFAULT_REPORT_PATH) is Report(
        report_path=DEFAULT_REPORT_PATH)