Python ManifestPlugin示例

示例#1

    def run(self):
        """
        Runs all the plugin checks by category.
        """
        plugins = []
        for category in PLUGIN_CATEGORIES:
            plugin_source = get_plugin_source(category=category)

            if category == "manifest":
                # Manifest plugins only need to run once, so we run them and continue
                manifest_plugins = get_plugins(category)
                ManifestPlugin.update_manifest(self.manifest_path)
                if ManifestPlugin.manifest_xml is not None:

                    for plugin in [
                            plugin_source.load_plugin(plugin_name).plugin
                            for plugin_name in manifest_plugins
                    ]:
                        # Give more detail to the ExportedTags manifest plugin as it is important for building the exploit
                        #   APK. Careful!
                        plugin.all_files = self.files

                        plugin.run()
                        self.issues.extend(plugin.issues)
                    continue

            for plugin_name in get_plugins(category):
                plugins.append(plugin_source.load_plugin(plugin_name).plugin)

        self._run_checks(plugins)

示例#2

文件： test_manifest_plugins.py 项目： whois5/qark-1

def test_vulnerable_exported_tags(vulnerable_manifest_path,
                                  vulnerable_receiver_path):
    ManifestPlugin.update_manifest(vulnerable_manifest_path)
    ExportedTags.all_files = [vulnerable_receiver_path]
    plugin = ExportedTags()
    plugin.run()
    assert len(plugin.issues) == 6
    for issue in plugin.issues:
        assert Severity.WARNING == issue.severity
        assert "Manifest" == issue.category

示例#3

文件： test_manifest_plugins.py 项目： whois5/qark-1

def test_vulnerable_min_sdk(min_sdk):
    ManifestPlugin.update_manifest(
        os.path.join(os.path.dirname(os.path.abspath(__file__)),
                     "test_min_sdk_tapjacking", "androidmanifest.xml"))
    ManifestPlugin.min_sdk = min_sdk
    plugin = MinSDK()
    plugin.run()
    assert 1 == len(plugin.issues)
    for issue in plugin.issues:
        assert Severity.VULNERABILITY == issue.severity
        assert "Tap Jacking possible" == issue.name
        assert TAP_JACKING == issue.description
        assert plugin.category == issue.category

示例#4

文件： test_manifest_plugins.py 项目： whois5/qark-1

def test_task_reparenting(vulnerable_manifest_path):
    ManifestPlugin.update_manifest(vulnerable_manifest_path)
    plugin = TaskReparenting()
    plugin.run()
    assert 1 == len(plugin.issues)

示例#5

文件： test_manifest_plugins.py 项目： whois5/qark-1

def test_single_task_launch_mode(vulnerable_manifest_path):
    ManifestPlugin.update_manifest(vulnerable_manifest_path)
    plugin = SingleTaskLaunchMode()
    plugin.run()
    assert 1 == len(plugin.issues)

示例#6

文件： test_manifest_plugins.py 项目： whois5/qark-1

def test_api_keys(vulnerable_manifest_path):
    ManifestPlugin.update_manifest(vulnerable_manifest_path)
    plugin = APIKeys()
    plugin.run()
    assert 1 == len(plugin.issues)

示例#7

文件： test_manifest_plugins.py 项目： whois5/qark-1

def test_android_path(vulnerable_manifest_path):
    ManifestPlugin.update_manifest(vulnerable_manifest_path)
    plugin = AndroidPath()
    plugin.run()
    assert 1 == len(plugin.issues)