def target(self, queue):
# get all decompiled files that contains usage of TelephonyManager
files = common.text_scan(common.java_files, self.telephonyManagerRegex)
res = []
count = 0
for f in files:
count += 1
pub.sendMessage('progress', bar=self.getName(), percent=round(count * 100 / len(files)))
# get decompiled file body
fileName = f[1]
with open(fileName, 'r') as fi:
fileBody = fi.read()
# report if file contains inline call
if PluginUtil.contains(self.inlineRegex, fileBody):
PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res)
break
# report if any TelephonyManager variables invokes calls to get phone identifiers
for varName in PluginUtil.returnGroupMatches(self.varNameRegex, 2, fileBody):
if PluginUtil.contains(r'%s\.(getLine1Number|getDeviceId)\(.*?\)' % varName, fileBody):
PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res)
break
queue.put(res)
def target(self, queue):
# get all decompiled files that contains usage of WebView
files = common.text_scan(common.java_files, self.webViewRegex)
res = []
count = 0
for f in files:
count += 1
pub.sendMessage('progress',
bar=self.getName(),
percent=round(count * 100 / len(files)))
# get decompiled file body
fileName = f[1]
with open(fileName, 'r') as fi:
fileBody = fi.read()
# report if file contains any inline calls
if PluginUtil.contains(self.inlineRegex, fileBody):
PluginUtil.reportIssue(fileName,
self.createIssueDetails(fileName), res)
break
# report if any WebView variables invoke calls
for varName in PluginUtil.returnGroupMatches(
self.varNameRegex, 2, fileBody):
if PluginUtil.contains(
r'%s\.addJavascriptInterface\(.*?\)' % varName,
fileBody):
PluginUtil.reportIssue(fileName,
self.createIssueDetails(fileName),
res)
break
queue.put(res)
def target(self, queue):
# get all decompiled files that contains usage of TelephonyManager
files = common.text_scan(common.java_files, self.telephonyManagerRegex)
res = []
count = 0
for f in files:
count += 1
pub.sendMessage('progress',
bar=self.getName(),
percent=round(count * 100 / len(files)))
# get decompiled file body
fileName = f[1]
with open(fileName, 'r') as fi:
fileBody = fi.read()
# report if file contains inline call
if PluginUtil.contains(self.inlineRegex, fileBody):
PluginUtil.reportIssue(fileName,
self.createIssueDetails(fileName), res)
break
# report if any TelephonyManager variables invokes calls to get phone identifiers
for varName in PluginUtil.returnGroupMatches(
self.varNameRegex, 2, fileBody):
if PluginUtil.contains(
r'%s\.(getLine1Number|getDeviceId)\(.*?\)' % varName,
fileBody):
PluginUtil.reportIssue(fileName,
self.createIssueDetails(fileName),
res)
break
queue.put(res)
def target(self, queue):
# get all decompiled files that contains usage of WebView
files = common.text_scan(common.java_files, self.webViewRegex)
res = []
count = 0
for f in files:
count += 1
pub.sendMessage('progress', bar=self.getName(), percent=round(count * 100 / len(files)))
# get decompiled file body
fileName = f[1]
with open(fileName, 'r') as fi:
fileBody = fi.read()
# report if file contains any inline calls
if PluginUtil.contains(self.inlineRegex, fileBody):
PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res)
break
# report if any WebView variables invoke calls
for varName in PluginUtil.returnGroupMatches(self.varNameRegex, 2, fileBody):
if PluginUtil.contains(r'%s\.addJavascriptInterface\(.*?\)' % varName, fileBody):
PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res)
break
queue.put(res)
def testReportIssue():
res = []
PluginUtil.reportIssue('fileName', 'details', res)
assert len(res) == 2
assert res[0].getCategory() == ExploitType.PLUGIN
assert res[0].getSeverity() == Severity.VULNERABILITY
assert res[0].getFile() == 'fileName'
assert res[0].getDetails() == 'details'
assert res[1].getLevel() == Severity.VULNERABILITY
assert res[1].getData() == 'details'