Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add ManifestRisk #50

Merged
merged 2 commits into from
Nov 3, 2023
Merged

add ManifestRisk #50

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d1c7c43
add ManifestRisk
firmianay Sep 15, 2023
35977ca
Merge branch 'main' into dev
firmianay Nov 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 20 additions & 25 deletions src/main/kotlin/net/bytedance/security/app/android/AndroidUtils.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,6 @@ import java.util.zip.ZipFile
import kotlin.system.exitProcess


interface ManifestVulnerability {
fun check(manifest: ProcessManifest)
}

/**
* for convenience to recognize a particular structure during serialization
*/
Expand Down Expand Up @@ -127,6 +123,7 @@ object ComponentDescriptionDataSerializer : KSerializer<ComponentDescription> {
}
}


object AndroidUtils {
var apkAbsPath: String? = null
var JavaSourceDir: String? = null
Expand Down Expand Up @@ -164,28 +161,24 @@ object AndroidUtils {
var GlobalCompoXmlMap: MutableMap<String, ComponentDescription> = HashMap()
var layoutFileParser: LayoutFileParser? = null

/**
* user-defined permission
*/
// user-defined permission
var permissionMap: Map<String, String> = HashMap()


var usePermissionSet: Set<String> = HashSet()

// App info
var PackageName: String = ""

var ApplicationName: String = ""

var AppLabelName: String = ""

var VersionName: String = ""

var VersionCode = 0

var MinSdk = 0

var TargetSdk = 0
private var manifestVulnerability: ManifestVulnerability? = null

// Manifest risk
var debuggable: Boolean? = null
var allowBackup: Boolean? = null
var usesCleartextTraffic: Boolean? = null

private fun dexToJava(apkPath: String, outPath: String, jadxPath: String) {
JavaSourceDir = outPath + PLUtils.JAVA_SRC
val thread = Runtime.getRuntime().availableProcessors() / 2
Expand Down Expand Up @@ -294,6 +287,7 @@ object AndroidUtils {
}
return
}

getAppLabelNameIfNeeded(manifest)
usePermissionSet = manifest.permissions
permissionMap = getDefinedPermissions(manifest.manifest)
Expand All @@ -320,25 +314,30 @@ object AndroidUtils {
layoutFileParser!!.parseLayoutFileDirect(apkPath)
parseAllComponents(manifest)

this.manifestVulnerability?.check(manifest)
isApkParsed = true
debuggable = manifest.application.isDebuggable // 默认false
allowBackup = manifest.application.isAllowBackup // 默认true
usesCleartextTraffic = manifest.application.isUsesCleartextTraffic ?: (TargetSdk < 28) // API28以下默认true,否则默认false
Log.logDebug("debuggable $debuggable")
Log.logDebug("allowBackup $allowBackup")
Log.logDebug("usesCleartextTraffic $usesCleartextTraffic")

isApkParsed = true
}

private fun getAppLabelNameIfNeeded(manifest: ProcessManifest) {
//return if empty
if (AppLabelName != "") {
return
}
try {
AppLabelName = try {
val v = (manifest.application as BinaryAndroidApplication).aXmlNode.getAttribute("label").value as Int
println(v)
val r = resources!!.findResource(v) as StringResource
AppLabelName = r.value
r.value
} catch (e: Exception) {
e.printStackTrace()
Log.logErr("getAppLabelNameIfNeeded error")
AppLabelName = "unknown"
"unknown"
}
}

Expand Down Expand Up @@ -634,8 +633,4 @@ object AndroidUtils {
val fragments = layoutFileParser!!.fragments
return fragments[key]
}

fun setManifestVulnerability(manifestVulnerability: ManifestVulnerability) {
this.manifestVulnerability = manifestVulnerability
}
}
21 changes: 13 additions & 8 deletions src/main/kotlin/net/bytedance/security/app/result/OutputSecResults.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ import kotlin.system.exitProcess
@Serializable
class Results {
var AppInfo: AppInfo? = null
var ManifestRisk: ManifestRisk? = null
var SecurityInfo: MutableMap<String, MutableMap<String, SecurityRiskItem>> = HashMap()
var ComplianceInfo: MutableMap<String, MutableMap<String, SecurityRiskItem>> = HashMap()
var DeepLinkInfo: MutableMap<String, MutableSet<String>>? = null
Expand All @@ -53,23 +54,22 @@ class Results {
object OutputSecResults {

private var Results = Results()
private var BasicInfo = BasicInfo()

private var BasicInfo = BasicInfo()
private var DeepLinkInfo: MutableMap<String, MutableSet<String>> = HashMap()
var AppInfo = AppInfo()


var ManifestRisk = ManifestRisk()
var APIList: MutableList<HttpAPI> = ArrayList()

var JsBridgeList: MutableList<JsBridgeAPI> = ArrayList()

var JSList: MutableList<String> = ArrayList()
private var vulnerabilityItems = ArrayList<VulnerabilityItem>()

fun init() {
AppInfo.appsharkTakeTime = profiler.totalRange.takes
AppInfo.classCount = profiler.ProcessMethodStatistics.availableClasses
AppInfo.methodCount = profiler.ProcessMethodStatistics.availableMethods
Results.AppInfo = AppInfo
Results.ManifestRisk = ManifestRisk
Results.DeepLinkInfo = DeepLinkInfo
Results.HTTP_API = APIList
Results.JsBridgeInfo = JsBridgeList
Expand Down Expand Up @@ -98,6 +98,12 @@ object OutputSecResults {
profiler.AppInfo = AppInfo
}

private fun insertMani() {
ManifestRisk.debuggable = AndroidUtils.debuggable
ManifestRisk.allowBackup = AndroidUtils.allowBackup
ManifestRisk.usesCleartextTraffic = AndroidUtils.usesCleartextTraffic
}

private fun insertPerm() {
Results.UsePermissions = AndroidUtils.usePermissionSet
Results.DefinePermissions = AndroidUtils.permissionMap
Expand All @@ -111,7 +117,6 @@ object OutputSecResults {
s.addAll(set)
}


private suspend fun addManifest(ctx: PreAnalyzeContext) {
val manifestTaskQueue =
TaskQueue<Pair<String, VulnerabilityItem>>("manifest", getConfig().getMaxPreprocessorThread()) { task, _ ->
Expand Down Expand Up @@ -189,6 +194,7 @@ object OutputSecResults {
Results.Profile = profiler.finishAndSaveProfilerResult()
init()
insertPerm()
insertMani()
addManifest(ctx)
groupResult(removeDup())
val jsonName =
Expand All @@ -205,7 +211,6 @@ object OutputSecResults {
ex.printStackTrace()
exitProcess(21)
}

}

@Synchronized
Expand All @@ -221,4 +226,4 @@ object OutputSecResults {
fun testClearVulnerabilityItems() {
this.vulnerabilityItems.clear()
}
}
}
7 changes: 7 additions & 0 deletions src/main/kotlin/net/bytedance/security/app/result/model/result.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,13 @@ class AppInfo(
var appsharkTakeTime: Long = 0,
)

@Serializable
class ManifestRisk(
var debuggable: Boolean? = null,
var allowBackup: Boolean? = null,
var usesCleartextTraffic: Boolean? = null,
)

@Serializable
data class ComponentsInfo(
var exportedActivities: MutableList<String>,
Expand Down
Loading