Merge pull request #50 from firmianay/dev

add ManifestRisk
bytedance · Nov 3, 2023 · 22dffd8 · 22dffd8
2 parents 169459c + 35977ca
commit 22dffd8
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 33 deletions.
diff --git a/src/main/kotlin/net/bytedance/security/app/android/AndroidUtils.kt b/src/main/kotlin/net/bytedance/security/app/android/AndroidUtils.kt
@@ -57,10 +57,6 @@ import java.util.zip.ZipFile
 import kotlin.system.exitProcess
 
 
-interface ManifestVulnerability {
-    fun check(manifest: ProcessManifest)
-}
-
 /**
  * for convenience to recognize a particular structure during serialization
  */
@@ -127,6 +123,7 @@ object ComponentDescriptionDataSerializer : KSerializer<ComponentDescription> {
     }
 }
 
+
 object AndroidUtils {
     var apkAbsPath: String? = null
     var JavaSourceDir: String? = null
@@ -164,28 +161,24 @@ object AndroidUtils {
     var GlobalCompoXmlMap: MutableMap<String, ComponentDescription> = HashMap()
     var layoutFileParser: LayoutFileParser? = null
 
-    /**
-     *  user-defined permission
-     */
+    // user-defined permission
     var permissionMap: Map<String, String> = HashMap()
-
-
     var usePermissionSet: Set<String> = HashSet()
 
+    // App info
     var PackageName: String = ""
-
     var ApplicationName: String = ""
-
     var AppLabelName: String = ""
-
     var VersionName: String = ""
-
     var VersionCode = 0
-
     var MinSdk = 0
-
     var TargetSdk = 0
-    private var manifestVulnerability: ManifestVulnerability? = null
+
+    // Manifest risk
+    var debuggable: Boolean? = null
+    var allowBackup: Boolean? = null
+    var usesCleartextTraffic: Boolean? = null
+
     private fun dexToJava(apkPath: String, outPath: String, jadxPath: String) {
         JavaSourceDir = outPath + PLUtils.JAVA_SRC
         val thread = Runtime.getRuntime().availableProcessors() / 2
@@ -294,6 +287,7 @@ object AndroidUtils {
             }
             return
         }
+
         getAppLabelNameIfNeeded(manifest)
         usePermissionSet = manifest.permissions
         permissionMap = getDefinedPermissions(manifest.manifest)
@@ -320,25 +314,30 @@ object AndroidUtils {
         layoutFileParser!!.parseLayoutFileDirect(apkPath)
         parseAllComponents(manifest)
 
-        this.manifestVulnerability?.check(manifest)
-        isApkParsed = true
+        debuggable = manifest.application.isDebuggable      // 默认false
+        allowBackup = manifest.application.isAllowBackup    // 默认true
+        usesCleartextTraffic = manifest.application.isUsesCleartextTraffic ?: (TargetSdk < 28)  // API28以下默认true，否则默认false
+        Log.logDebug("debuggable $debuggable")
+        Log.logDebug("allowBackup $allowBackup")
+        Log.logDebug("usesCleartextTraffic $usesCleartextTraffic")
 
+        isApkParsed = true
     }
 
     private fun getAppLabelNameIfNeeded(manifest: ProcessManifest) {
         //return if empty
         if (AppLabelName != "") {
             return
         }
-        try {
+        AppLabelName = try {
             val v = (manifest.application as BinaryAndroidApplication).aXmlNode.getAttribute("label").value as Int
             println(v)
             val r = resources!!.findResource(v) as StringResource
-            AppLabelName = r.value
+            r.value
         } catch (e: Exception) {
             e.printStackTrace()
             Log.logErr("getAppLabelNameIfNeeded error")
-            AppLabelName = "unknown"
+            "unknown"
         }
     }
 
@@ -634,8 +633,4 @@ object AndroidUtils {
         val fragments = layoutFileParser!!.fragments
         return fragments[key]
     }
-
-    fun setManifestVulnerability(manifestVulnerability: ManifestVulnerability) {
-        this.manifestVulnerability = manifestVulnerability
-    }
 }
diff --git a/src/main/kotlin/net/bytedance/security/app/result/OutputSecResults.kt b/src/main/kotlin/net/bytedance/security/app/result/OutputSecResults.kt
@@ -35,6 +35,7 @@ import kotlin.system.exitProcess
 @Serializable
 class Results {
     var AppInfo: AppInfo? = null
+    var ManifestRisk: ManifestRisk? = null
     var SecurityInfo: MutableMap<String, MutableMap<String, SecurityRiskItem>> = HashMap()
     var ComplianceInfo: MutableMap<String, MutableMap<String, SecurityRiskItem>> = HashMap()
     var DeepLinkInfo: MutableMap<String, MutableSet<String>>? = null
@@ -53,23 +54,22 @@ class Results {
 object OutputSecResults {
 
     private var Results = Results()
-    private var BasicInfo = BasicInfo()
 
+    private var BasicInfo = BasicInfo()
     private var DeepLinkInfo: MutableMap<String, MutableSet<String>> = HashMap()
     var AppInfo = AppInfo()
-
-
+    var ManifestRisk = ManifestRisk()
     var APIList: MutableList<HttpAPI> = ArrayList()
-
     var JsBridgeList: MutableList<JsBridgeAPI> = ArrayList()
-
     var JSList: MutableList<String> = ArrayList()
     private var vulnerabilityItems = ArrayList<VulnerabilityItem>()
+
     fun init() {
         AppInfo.appsharkTakeTime = profiler.totalRange.takes
         AppInfo.classCount = profiler.ProcessMethodStatistics.availableClasses
         AppInfo.methodCount = profiler.ProcessMethodStatistics.availableMethods
         Results.AppInfo = AppInfo
+        Results.ManifestRisk = ManifestRisk
         Results.DeepLinkInfo = DeepLinkInfo
         Results.HTTP_API = APIList
         Results.JsBridgeInfo = JsBridgeList
@@ -98,6 +98,12 @@ object OutputSecResults {
         profiler.AppInfo = AppInfo
     }
 
+    private fun insertMani() {
+        ManifestRisk.debuggable = AndroidUtils.debuggable
+        ManifestRisk.allowBackup = AndroidUtils.allowBackup
+        ManifestRisk.usesCleartextTraffic = AndroidUtils.usesCleartextTraffic
+    }
+
     private fun insertPerm() {
         Results.UsePermissions = AndroidUtils.usePermissionSet
         Results.DefinePermissions = AndroidUtils.permissionMap
@@ -111,7 +117,6 @@ object OutputSecResults {
         s.addAll(set)
     }
 
-
     private suspend fun addManifest(ctx: PreAnalyzeContext) {
         val manifestTaskQueue =
             TaskQueue<Pair<String, VulnerabilityItem>>("manifest", getConfig().getMaxPreprocessorThread()) { task, _ ->
@@ -189,6 +194,7 @@ object OutputSecResults {
             Results.Profile = profiler.finishAndSaveProfilerResult()
             init()
             insertPerm()
+            insertMani()
             addManifest(ctx)
             groupResult(removeDup())
             val jsonName =
@@ -205,7 +211,6 @@ object OutputSecResults {
             ex.printStackTrace()
             exitProcess(21)
         }
-
     }
 
     @Synchronized
@@ -221,4 +226,4 @@ object OutputSecResults {
     fun testClearVulnerabilityItems() {
         this.vulnerabilityItems.clear()
     }
-}
+}
diff --git a/src/main/kotlin/net/bytedance/security/app/result/model/result.kt b/src/main/kotlin/net/bytedance/security/app/result/model/result.kt
@@ -85,6 +85,13 @@ class AppInfo(
     var appsharkTakeTime: Long = 0,
 )
 
+@Serializable
+class ManifestRisk(
+    var debuggable: Boolean? = null,
+    var allowBackup: Boolean? = null,
+    var usesCleartextTraffic: Boolean? = null,
+)
+
 @Serializable
 data class ComponentsInfo(
     var exportedActivities: MutableList<String>,