-
Notifications
You must be signed in to change notification settings - Fork 116
/
Copy pathsrc-allinone_java.py
executable file
·183 lines (158 loc) · 6.58 KB
/
src-allinone_java.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
#!/usr/bin/python3
import json
import pyfiglet
import argparse
from pathlib import Path
from collections import defaultdict
from utils import *
from src_scan.src_build import build, build2
from src_scan.src_fireline import analysis as fireline
from src_scan.src_mobsf import analysis as mobsf
from src_scan.src_qark import analysis as qark
from src_scan.src_speck import analysis as speck
from src_scan.src_keyfinder import analysis as keyfinder
from src_scan.src_depcheck import analysis as depcheck
from src_scan.src_sonarqube import analysis as sonarqube
from src_scan.src_sonarqube import init_sonarqube, create_project
# 配置项
sonarqube_key = ''
env = {
'ANDROID_HOME': Path('~').expanduser().joinpath('Android/Sdk'),
'ANDROID_SDK_ROOT': Path('~').expanduser().joinpath('Android/Sdk'),
}
def argument():
parser = argparse.ArgumentParser()
parser.add_argument('--config', help='A config file containing source code path', type=str, required=True)
parser.add_argument("--build_config", help="A build config file", type=str, required=False)
parser.add_argument('--build', help='Build the APK before analysis', action='store_true')
return parser.parse_args()
if __name__ == '__main__':
print(pyfiglet.figlet_format('src-allinone_java'))
args = argument()
tools_path = Path(__file__).absolute().parent.joinpath('tools')
plugin = {
# 必选插件
'build': defaultdict(list),
# 可选插件
'fireline': defaultdict(list),
'mobsf': defaultdict(list),
'qark': defaultdict(list),
'speck': defaultdict(list),
'keyfinder': defaultdict(list),
'depcheck': defaultdict(list),
'sonarqube': defaultdict(list),
'semgrep': defaultdict(list)
}
src_dirs = open(args.config, 'r').read().splitlines()
if args.build_config:
with open(args.build_config, 'r') as f:
build_config = json.load(f)
else:
build_config = {}
for src in src_dirs:
print_focus(src)
src_path = Path(src)
report_path = src_path.joinpath('SecScan')
report_path.mkdir(parents=True, exist_ok=True)
# src_build
if args.build:
print_focus('Building ...')
if item := build_config.get(src_path.name):
if ret := build(src_path, item):
plugin['build']['faild'].append(src)
print_failed('[build] faild')
else:
plugin['build']['success'].append(src)
print_success('[build] success')
else:
print_focus(f'[build] 发现新APK:{src}')
ret, _, data = build2(src_path)
if ret:
plugin['build']['faild'].append(src)
print_failed('[build2] failed')
else:
plugin['build']['success'].append(src)
print_success(f'[build2] success java:{data.get("java")} gradle:{data.get("gradle")}')
# src_fireline
if 'fireline' in plugin:
if ret := fireline(src_path, tools_path):
plugin['fireline']['failed'].append(src)
print_failed('[fireline] failed')
else:
plugin['fireline']['success'].append(src)
print_success('[fireline] success')
# src_mobsf
if 'mobsf' in plugin:
if ret := mobsf(src_path):
plugin['mobsf']['failed'].append(src)
print_failed('[mobsf] failed')
else:
plugin['mobsf']['success'].append(src)
print_success('[mobsf] success')
# src_qark
if 'qark' in plugin:
if ret := qark(src_path, tools_path):
plugin['qark']['failed'].append(src)
print_failed('[qark] failed')
else:
plugin['qark']['success'].append(src)
print_success('[qark] success')
# src_speck
if 'speck' in plugin:
if ret := speck(src_path, tools_path):
plugin['speck']['failed'].append(src)
print_failed('[speck] failed')
else:
plugin['speck']['success'].append(src)
print_success('[speck] success')
# src_keyfinder
if 'keyfinder' in plugin:
if ret := keyfinder(src_path, tools_path):
plugin['keyfinder']['failed'].append(src)
print_failed('[keyfinder] failed')
else:
plugin['keyfinder']['success'].append(src)
print_success('[keyfinder] success')
# src_depcheck
if 'depcheck' in plugin:
if src_path.joinpath('gradlew').exists():
ret = depcheck(src_path, tools_path, 'gradle')
else:
ret = depcheck(src_path, tools_path, 'cli')
if ret:
plugin['depcheck']['failed'].append(src)
print_failed('[depcheck] failed')
else:
plugin['depcheck']['success'].append(src)
print_success('[depcheck] success')
# src_sonarqube
if 'sonarqube' in plugin:
sonar, sonarqube_key = init_sonarqube(sonarqube_key)
if create_project(sonar):
if ret := sonarqube(src_path, 'cli', sonarqube_key):
plugin['sonarqube']['failed'].append(src)
print_failed('[sonarqube] failed')
else:
plugin['sonarqube']['success'].append(src)
print_success('[sonarqube] success')
else:
print_focus('[sonarqube] pass')
# semgrep
if 'semgrep' in plugin:
def semgrep(src_path: Path, tools_path: Path):
report_file = report_path.joinpath('semgrep.txt')
config1 = tools_path.joinpath("semgrep/default/java")
config2 = tools_path.joinpath("semgrep/android/rules")
cmd = f'semgrep scan --lang java --config {config1} --config {config2} {src_path} -o {report_file}'
output, ret_code = shell_cmd(cmd)
if not report_file.exists():
with open(f'{report_file}.error', 'w+') as f:
f.write(output)
return ret_code
if ret := semgrep(src_path, tools_path):
plugin['semgrep']['failed'].append(src)
print_failed('[semgrep] failed')
else:
plugin['semgrep']['success'].append(src)
print_success('[semgrep] success')
print(plugin)