Second commit

author: jvoisin 2022-09-03 16:00:53 +0200
committer: jvoisin 2022-09-03 16:42:39 +0200
commit: 2bc593e990e2915d63503df8d4be72d10fa77e9d (patch)
tree: 61a6aa1fe7c84aeb995a4e13cc5962389fea56aa
parent: 2d6d30a2d11704df48c4bb46b75243d582bcc4c8 (diff)
7 files changed, 76 insertions, 20 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..50598f3
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+build/
+__pycache__
+ven*
+*.egg-info
diff --git a/README.md b/README.md
index 4616caa..49f78c0 100644
--- a/README.md
+++ b/README.md
@@ -18,10 +18,15 @@ Extract various information from APK.
 {
    "type": "sample",
    "kind": "analyzed",
+    "sample": <Resource>,
    "payload": {
-        "sample": <Resource>,
+        "attributes": {
-        "certificate": <string>,
+          "certificate": <string>,
-        "package": <string>
+          "main_activity": <string>,
+          "package": <string>
+          "activities": <list<string>>
+          "permissions": <list<string>>
+        }
    }
 }
 ```
diff --git a/karton/android/android.py b/karton/android/android.py
index be4a11a..b05bce2 100644
--- a/karton/android/android.py
+++ b/karton/android/android.py
@@ -1,13 +1,12 @@
-import sys
+import androguard.core.bytecodes.apk  # type: ignore
+from karton.core import Karton, Task  # type: ignore
-import androguard
-from karton.core import Karton, Task
 from .__version__ import __version__
 class Android(Karton):
    """
-    Augment apk files with various information.
+    Augment apk files with various metadata.
    """
    identity = "karton.android"
@@ -19,27 +18,31 @@ class Android(Karton):
    def process(self, task: Task) -> None:
        sample = task.get_resource("sample")
-        a = androguard.core.bytecodes.apk.APK(sample)
+        a = androguard.core.bytecodes.apk.APK(sample.content, raw=True)
        if not a.is_valid_APK():
            self.log.info("Not a valid APK file.")
            return
        metadata = {
-           'package': a.package,
+            "package": [a.package],
-           'sample': sample,
+            "activities": sorted(a.get_activities()),
-           'activities': a.get_activites(),
+            "main_activity": [a.get_main_activity()],
-           'main_activity': a.get_main_activity(),
+            "permissions": sorted(a.get_permissions()),
-           'permissions': a.get_permissions(),
        }
        if a.is_signed() or a.is_signed_v3():
-            metadata['certificate'] = a.get_certificates()[0].sha1_fingerprint.replace(" ", "")
+            certs = a.get_certificates()
+            if len(certs):
+                cert = certs[0]
+                sha1_cert = cert.sha1_fingerprint.replace(" ", "")
+                metadata["certificate"] = [sha1_cert]
        self.send_task(
            Task(
-                headers={"type": "sample", "stage": "analyzed"},
+                headers={
-                payload=metadata)
+                    "type": "sample",
+                    "stage": "analyzed",
+                },
+                payload={"attributes": metadata},
            )
+        )
-if __name__ == "__main__":
-    Android().loop()
diff --git a/requirements.txt b/requirements.txt
index 7676504..e6cad7f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +1,2 @@
 androguard
+karton-core
diff --git a/tests/__init__.py b/tests/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tests/__init__.py
diff --git a/tests/test_android.py b/tests/test_android.py
new file mode 100644
index 0000000..a72f8d8
--- /dev/null
+++ b/tests/test_android.py
@@ -0,0 +1,43 @@
+import os
+from karton.android import Android
+from karton.core import Task
+from karton.core.test import KartonTestCase, TestResource
+class AndroidMagicTestCase(KartonTestCase):
+    karton_class = Android
+    def test_android(self):
+        testcase = os.path.join(os.path.dirname(__file__), "testsdata", "example.apk")
+        with self.subTest(testcase):
+            with open(testcase, "rb") as f:
+                content = f.read()
+            sample = TestResource(testcase, content)
+            expected = Task(
+                {
+                    "type": "sample",
+                    "stage": "analyzed",
+                    "origin": "karton.android",
+                },
+                payload={
+                    'attributes': {
+                      "certificate": ["61ED377E85D386A8DFEE6B864BD85B0BFAA5AF81"],
+                      "main_activity": ["com.example.android.contactmanager..ContactManager"],
+                      "package": ["com.example.android.contactmanager"],
+                      "activities": ["com.example.android.contactmanager..ContactManager", "com.example.android.contactmanager.ContactAdder"],
+                      "permissions": ["android.permission.GET_ACCOUNTS", "android.permission.READ_CONTACTS", "android.permission.WRITE_CONTACTS"],
+                    }
+                },
+            )
+            task = Task(
+                {
+                    "type": "sample",
+                    "extension": "apk",
+                },
+                payload={"sample": sample},
+            )
+            results = self.run_task(task)
+            self.assertTasksEqual(results, [expected])
diff --git a/tests/testsdata/example.apk b/tests/testsdata/example.apk
new file mode 100644
index 0000000..418f504
--- /dev/null
+++ b/tests/testsdata/example.apk
Binary files differ
author	jvoisin	2022-09-03 16:00:53 +0200
committer	jvoisin	2022-09-03 16:42:39 +0200
commit	2bc593e990e2915d63503df8d4be72d10fa77e9d (patch)
tree	61a6aa1fe7c84aeb995a4e13cc5962389fea56aa
parent	2d6d30a2d11704df48c4bb46b75243d582bcc4c8 (diff)

diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..50598f3 --- /dev/null +++ b/.gitignore
@@ -0,0 +1,4 @@
		1	build/
		2	__pycache__
		3	ven*
		4	*.egg-info


diff --git a/README.md b/README.md index 4616caa..49f78c0 100644 --- a/README.md +++ b/README.md
@@ -18,10 +18,15 @@ Extract various information from APK.
18	{	18	{
19	"type": "sample",	19	"type": "sample",
20	"kind": "analyzed",	20	"kind": "analyzed",
		21	"sample": <Resource>,
21	"payload": {	22	"payload": {
22	"sample": <Resource>,	23	"attributes": {
23	"certificate": <string>,	24	"certificate": <string>,
24	"package": <string>	25	"main_activity": <string>,
		26	"package": <string>
		27	"activities": <list<string>>
		28	"permissions": <list<string>>
		29	}
25	}	30	}
26	}	31	}
27	```	32	```


diff --git a/karton/android/android.py b/karton/android/android.py index be4a11a..b05bce2 100644 --- a/karton/android/android.py +++ b/karton/android/android.py
@@ -1,13 +1,12 @@
1	import sys	1	import androguard.core.bytecodes.apk # type: ignore
2		2	from karton.core import Karton, Task # type: ignore
3	import androguard
4	from karton.core import Karton, Task
5		3
6	from .__version__ import __version__	4	from .__version__ import __version__
7		5
		6
8	class Android(Karton):	7	class Android(Karton):
9	"""	8	"""
10	Augment apk files with various information.	9	Augment apk files with various metadata.
11	"""	10	"""
12		11
13	identity = "karton.android"	12	identity = "karton.android"
@@ -19,27 +18,31 @@ class Android(Karton):
19	def process(self, task: Task) -> None:	18	def process(self, task: Task) -> None:
20	sample = task.get_resource("sample")	19	sample = task.get_resource("sample")
21		20
22	a = androguard.core.bytecodes.apk.APK(sample)	21	a = androguard.core.bytecodes.apk.APK(sample.content, raw=True)
23	if not a.is_valid_APK():	22	if not a.is_valid_APK():
24	self.log.info("Not a valid APK file.")	23	self.log.info("Not a valid APK file.")
25	return	24	return
26		25
27	metadata = {	26	metadata = {
28	'package': a.package,	27	"package": [a.package],
29	'sample': sample,	28	"activities": sorted(a.get_activities()),
30	'activities': a.get_activites(),	29	"main_activity": [a.get_main_activity()],
31	'main_activity': a.get_main_activity(),	30	"permissions": sorted(a.get_permissions()),
32	'permissions': a.get_permissions(),
33	}	31	}
34		32
35	if a.is_signed() or a.is_signed_v3():	33	if a.is_signed() or a.is_signed_v3():
36	metadata['certificate'] = a.get_certificates()[0].sha1_fingerprint.replace(" ", "")	34	certs = a.get_certificates()
		35	if len(certs):
		36	cert = certs[0]
		37	sha1_cert = cert.sha1_fingerprint.replace(" ", "")
		38	metadata["certificate"] = [sha1_cert]
37		39
38	self.send_task(	40	self.send_task(
39	Task(	41	Task(
40	headers={"type": "sample", "stage": "analyzed"},	42	headers={
41	payload=metadata)	43	"type": "sample",
		44	"stage": "analyzed",
		45	},
		46	payload={"attributes": metadata},
42	)	47	)
43		48	)
44	if __name__ == "__main__":
45	Android().loop()


diff --git a/requirements.txt b/requirements.txt index 7676504..e6cad7f 100644 --- a/requirements.txt +++ b/requirements.txt
@@ -1 +1,2 @@
1	androguard	1	androguard
		2	karton-core


diff --git a/tests/__init__.py b/tests/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/__init__.py


diff --git a/tests/test_android.py b/tests/test_android.py new file mode 100644 index 0000000..a72f8d8 --- /dev/null +++ b/tests/test_android.py
@@ -0,0 +1,43 @@
		1	import os
		2
		3	from karton.android import Android
		4
		5	from karton.core import Task
		6	from karton.core.test import KartonTestCase, TestResource
		7
		8
		9	class AndroidMagicTestCase(KartonTestCase):
		10	karton_class = Android
		11
		12	def test_android(self):
		13	testcase = os.path.join(os.path.dirname(__file__), "testsdata", "example.apk")
		14	with self.subTest(testcase):
		15	with open(testcase, "rb") as f:
		16	content = f.read()
		17	sample = TestResource(testcase, content)
		18	expected = Task(
		19	{
		20	"type": "sample",
		21	"stage": "analyzed",
		22	"origin": "karton.android",
		23	},
		24	payload={
		25	'attributes': {
		26	"certificate": ["61ED377E85D386A8DFEE6B864BD85B0BFAA5AF81"],
		27	"main_activity": ["com.example.android.contactmanager..ContactManager"],
		28	"package": ["com.example.android.contactmanager"],
		29	"activities": ["com.example.android.contactmanager..ContactManager", "com.example.android.contactmanager.ContactAdder"],
		30	"permissions": ["android.permission.GET_ACCOUNTS", "android.permission.READ_CONTACTS", "android.permission.WRITE_CONTACTS"],
		31	}
		32	},
		33	)
		34	task = Task(
		35	{
		36	"type": "sample",
		37	"extension": "apk",
		38	},
		39	payload={"sample": sample},
		40	)
		41	results = self.run_task(task)
		42
		43	self.assertTasksEqual(results, [expected])


diff --git a/tests/testsdata/example.apk b/tests/testsdata/example.apk new file mode 100644 index 0000000..418f504 --- /dev/null +++ b/tests/testsdata/example.apk
Binary files differ