def target(self, queue): # get all decompiled files that contains usage of TelephonyManager files = common.text_scan(common.java_files, self.telephonyManagerRegex) res = [] count = 0 for f in files: count += 1 pub.sendMessage('progress', bar=self.getName(), percent=round(count * 100 / len(files))) # get decompiled file body fileName = f[1] with open(fileName, 'r') as fi: fileBody = fi.read() # report if file contains inline call if PluginUtil.contains(self.inlineRegex, fileBody): PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res) break # report if any TelephonyManager variables invokes calls to get phone identifiers for varName in PluginUtil.returnGroupMatches(self.varNameRegex, 2, fileBody): if PluginUtil.contains(r'%s\.(getLine1Number|getDeviceId)\(.*?\)' % varName, fileBody): PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res) break queue.put(res)
def target(self, queue): # get all decompiled files that contains usage of WebView files = common.text_scan(common.java_files, self.webViewRegex) res = [] count = 0 for f in files: count += 1 pub.sendMessage('progress', bar=self.getName(), percent=round(count * 100 / len(files))) # get decompiled file body fileName = f[1] with open(fileName, 'r') as fi: fileBody = fi.read() # report if file contains any inline calls if PluginUtil.contains(self.inlineRegex, fileBody): PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res) break # report if any WebView variables invoke calls for varName in PluginUtil.returnGroupMatches( self.varNameRegex, 2, fileBody): if PluginUtil.contains( r'%s\.addJavascriptInterface\(.*?\)' % varName, fileBody): PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res) break queue.put(res)
def target(self, queue): # get all decompiled files that contains usage of TelephonyManager files = common.text_scan(common.java_files, self.telephonyManagerRegex) res = [] count = 0 for f in files: count += 1 pub.sendMessage('progress', bar=self.getName(), percent=round(count * 100 / len(files))) # get decompiled file body fileName = f[1] with open(fileName, 'r') as fi: fileBody = fi.read() # report if file contains inline call if PluginUtil.contains(self.inlineRegex, fileBody): PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res) break # report if any TelephonyManager variables invokes calls to get phone identifiers for varName in PluginUtil.returnGroupMatches( self.varNameRegex, 2, fileBody): if PluginUtil.contains( r'%s\.(getLine1Number|getDeviceId)\(.*?\)' % varName, fileBody): PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res) break queue.put(res)
def target(self, queue): # get all decompiled files that contains usage of WebView files = common.text_scan(common.java_files, self.webViewRegex) res = [] count = 0 for f in files: count += 1 pub.sendMessage('progress', bar=self.getName(), percent=round(count * 100 / len(files))) # get decompiled file body fileName = f[1] with open(fileName, 'r') as fi: fileBody = fi.read() # report if file contains any inline calls if PluginUtil.contains(self.inlineRegex, fileBody): PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res) break # report if any WebView variables invoke calls for varName in PluginUtil.returnGroupMatches(self.varNameRegex, 2, fileBody): if PluginUtil.contains(r'%s\.addJavascriptInterface\(.*?\)' % varName, fileBody): PluginUtil.reportIssue(fileName, self.createIssueDetails(fileName), res) break queue.put(res)
def testReportIssue(): res = [] PluginUtil.reportIssue('fileName', 'details', res) assert len(res) == 2 assert res[0].getCategory() == ExploitType.PLUGIN assert res[0].getSeverity() == Severity.VULNERABILITY assert res[0].getFile() == 'fileName' assert res[0].getDetails() == 'details' assert res[1].getLevel() == Severity.VULNERABILITY assert res[1].getData() == 'details'