示例#1
0
def cli(ctx, sdk_path, build_path, debug, source, report_type, exploit_apk, report_path, report_name):
    if not source:
        click.secho("Please pass a source for scanning through either --java or --apk")
        click.secho(ctx.get_help())
        return

    if exploit_apk:

        if not sdk_path:
            # Try to set the SDK from environment variables if they exist
            # Follows the guidelines from https://developer.android.com/studio/command-line/variables
            if environ_path_variable_exists(ANDROID_SDK_HOME):
                sdk_path = os.environ[ANDROID_SDK_HOME]

            elif environ_path_variable_exists(ANDROID_HOME):
                sdk_path = os.environ[ANDROID_HOME]

            elif environ_path_variable_exists(ANDROID_SDK_ROOT):
                sdk_path = os.environ[ANDROID_SDK_ROOT]

            else:
                click.secho("Please provide path to android SDK if building exploit APK.")
                return

    # Debug controls the output to stderr, debug logs are ALWAYS stored in `qark_debug.log`
    if debug:
        level = "DEBUG"
    else:
        level = "INFO"

    initialize_logging(level)

    click.secho("Decompiling...")
    decompiler = Decompiler(path_to_source=source, build_directory=build_path)
    decompiler.run()

    click.secho("Running scans...")
    path_to_source = decompiler.path_to_source if decompiler.source_code else decompiler.build_directory

    scanner = Scanner(manifest_path=decompiler.manifest_path, path_to_source=path_to_source)
    scanner.run()
    click.secho("Finish scans...")

    click.secho("Writing report...")
    if report_path is not None:
        if report_name is not None:
            report = Report(issues=set(scanner.issues), report_path=report_path, report_name=report_name)
        else:
            report = Report(issues=set(scanner.issues), report_path=report_path)
    else:
        report = Report(issues=set(scanner.issues))
    report_path = report.generate(file_type=report_type)
    click.secho("Finish writing report to {report_path} ...".format(report_path=report_path))

    if exploit_apk:
        click.secho("Building exploit APK...")
        exploit_builder = APKBuilder(exploit_apk_path=build_path, issues=scanner.issues, apk_name=decompiler.apk_name,
                                     manifest_path=decompiler.manifest_path, sdk_path=sdk_path)
        exploit_builder.build()
        click.secho("Finish building exploit APK...")
示例#2
0
def test_report_singleton():
    assert Report() is Report()
    report3 = Report()
    report4 = Report()
    assert report3 is report4
    report3.value = 4
    assert report4.value == 4
示例#3
0
def test_report_json_defaults():
    report = Report()
    issue = Issue(category='Test',
                  name='Test Issue',
                  severity=Severity.VULNERABILITY,
                  description='Test')
    report.issues.append(issue)
    report.generate(file_type='json')
    # We remove the issue we added to clean up after ourselves.
    report.issues.remove(issue)
    assert os.path.exists(os.path.join(DEFAULT_REPORT_PATH, 'report.json'))
    # We remove the report, to clean up after ourselves
    os.remove(os.path.join(DEFAULT_REPORT_PATH, 'report.json'))
示例#4
0
def test_report_html_custom_template():
    report = Report()
    issue = Issue(category='Test',
                  name='Test Issue',
                  severity=Severity.VULNERABILITY,
                  description='Test')
    report.issues.append(issue)
    report.generate(
        template_file=os.path.join('templates', 'html_report.jinja'))
    # We remove the issue we added to clean up after ourselves.
    report.issues.remove(issue)
    assert os.path.exists(os.path.join(DEFAULT_REPORT_PATH, 'report.html'))
    # We remove the report, to clean up after ourselves
    os.remove(os.path.join(DEFAULT_REPORT_PATH, 'report.html'))
示例#5
0
def test_report_with_report_path():
    assert Report(report_path=DEFAULT_REPORT_PATH) is Report(
        report_path=DEFAULT_REPORT_PATH)