def test_report_json_defaults(): report = Report() issue = Issue(category='Test', name='Test Issue', severity=Severity.VULNERABILITY, description='Test') report.issues.append(issue) report.generate(file_type='json') # We remove the issue we added to clean up after ourselves. report.issues.remove(issue) assert os.path.exists(os.path.join(DEFAULT_REPORT_PATH, 'report.json')) # We remove the report, to clean up after ourselves os.remove(os.path.join(DEFAULT_REPORT_PATH, 'report.json'))
def test_report_html_custom_template(): report = Report() issue = Issue(category='Test', name='Test Issue', severity=Severity.VULNERABILITY, description='Test') report.issues.append(issue) report.generate( template_file=os.path.join('templates', 'html_report.jinja')) # We remove the issue we added to clean up after ourselves. report.issues.remove(issue) assert os.path.exists(os.path.join(DEFAULT_REPORT_PATH, 'report.html')) # We remove the report, to clean up after ourselves os.remove(os.path.join(DEFAULT_REPORT_PATH, 'report.html'))
def cli(ctx, sdk_path, build_path, debug, source, report_type, exploit_apk, report_path, report_name): if not source: click.secho("Please pass a source for scanning through either --java or --apk") click.secho(ctx.get_help()) return if exploit_apk: if not sdk_path: # Try to set the SDK from environment variables if they exist # Follows the guidelines from https://developer.android.com/studio/command-line/variables if environ_path_variable_exists(ANDROID_SDK_HOME): sdk_path = os.environ[ANDROID_SDK_HOME] elif environ_path_variable_exists(ANDROID_HOME): sdk_path = os.environ[ANDROID_HOME] elif environ_path_variable_exists(ANDROID_SDK_ROOT): sdk_path = os.environ[ANDROID_SDK_ROOT] else: click.secho("Please provide path to android SDK if building exploit APK.") return # Debug controls the output to stderr, debug logs are ALWAYS stored in `qark_debug.log` if debug: level = "DEBUG" else: level = "INFO" initialize_logging(level) click.secho("Decompiling...") decompiler = Decompiler(path_to_source=source, build_directory=build_path) decompiler.run() click.secho("Running scans...") path_to_source = decompiler.path_to_source if decompiler.source_code else decompiler.build_directory scanner = Scanner(manifest_path=decompiler.manifest_path, path_to_source=path_to_source) scanner.run() click.secho("Finish scans...") click.secho("Writing report...") if report_path is not None: if report_name is not None: report = Report(issues=set(scanner.issues), report_path=report_path, report_name=report_name) else: report = Report(issues=set(scanner.issues), report_path=report_path) else: report = Report(issues=set(scanner.issues)) report_path = report.generate(file_type=report_type) click.secho("Finish writing report to {report_path} ...".format(report_path=report_path)) if exploit_apk: click.secho("Building exploit APK...") exploit_builder = APKBuilder(exploit_apk_path=build_path, issues=scanner.issues, apk_name=decompiler.apk_name, manifest_path=decompiler.manifest_path, sdk_path=sdk_path) exploit_builder.build() click.secho("Finish building exploit APK...")