From 2bc593e990e2915d63503df8d4be72d10fa77e9d Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Sat, 3 Sep 2022 16:00:53 +0200
Subject: Second commit

---
 .gitignore                  |   4 ++++
 README.md                   |  11 ++++++++---
 karton/android/android.py   |  37 ++++++++++++++++++++-----------------
 requirements.txt            |   1 +
 tests/__init__.py           |   0
 tests/test_android.py       |  43 +++++++++++++++++++++++++++++++++++++++++++
 tests/testsdata/example.apk | Bin 0 -> 25931 bytes
 7 files changed, 76 insertions(+), 20 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 tests/__init__.py
 create mode 100644 tests/test_android.py
 create mode 100644 tests/testsdata/example.apk

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..50598f3
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+build/
+__pycache__
+ven*
+*.egg-info
diff --git a/README.md b/README.md
index 4616caa..49f78c0 100644
--- a/README.md
+++ b/README.md
@@ -18,10 +18,15 @@ Extract various information from APK.
 {
     "type": "sample",
     "kind": "analyzed",
+    "sample": <Resource>,
     "payload": {
-        "sample": <Resource>,
-        "certificate": <string>,
-        "package": <string>
+	"attributes": {
+          "certificate": <string>,
+          "main_activity": <string>,
+          "package": <string>
+          "activities": <list<string>>
+          "permissions": <list<string>>
+	}
     }
 }
 ```
diff --git a/karton/android/android.py b/karton/android/android.py
index be4a11a..b05bce2 100644
--- a/karton/android/android.py
+++ b/karton/android/android.py
@@ -1,13 +1,12 @@
-import sys
-
-import androguard
-from karton.core import Karton, Task
+import androguard.core.bytecodes.apk  # type: ignore
+from karton.core import Karton, Task  # type: ignore
 
 from .__version__ import __version__
 
+
 class Android(Karton):
     """
-    Augment apk files with various information.
+    Augment apk files with various metadata.
     """
 
     identity = "karton.android"
@@ -19,27 +18,31 @@ class Android(Karton):
     def process(self, task: Task) -> None:
         sample = task.get_resource("sample")
 
-        a = androguard.core.bytecodes.apk.APK(sample)
+        a = androguard.core.bytecodes.apk.APK(sample.content, raw=True)
         if not a.is_valid_APK():
             self.log.info("Not a valid APK file.")
             return
 
         metadata = {
-           'package': a.package,
-           'sample': sample,
-           'activities': a.get_activites(),
-           'main_activity': a.get_main_activity(),
-           'permissions': a.get_permissions(),
+            "package": [a.package],
+            "activities": sorted(a.get_activities()),
+            "main_activity": [a.get_main_activity()],
+            "permissions": sorted(a.get_permissions()),
         }
 
         if a.is_signed() or a.is_signed_v3():
-            metadata['certificate'] = a.get_certificates()[0].sha1_fingerprint.replace(" ", "")
+            certs = a.get_certificates()
+            if len(certs):
+                cert = certs[0]
+                sha1_cert = cert.sha1_fingerprint.replace(" ", "")
+                metadata["certificate"] = [sha1_cert]
 
         self.send_task(
             Task(
-                headers={"type": "sample", "stage": "analyzed"},
-                payload=metadata)
+                headers={
+                    "type": "sample",
+                    "stage": "analyzed",
+                },
+                payload={"attributes": metadata},
             )
-
-if __name__ == "__main__":
-    Android().loop()
+        )
diff --git a/requirements.txt b/requirements.txt
index 7676504..e6cad7f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +1,2 @@
 androguard
+karton-core
diff --git a/tests/__init__.py b/tests/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/tests/test_android.py b/tests/test_android.py
new file mode 100644
index 0000000..a72f8d8
--- /dev/null
+++ b/tests/test_android.py
@@ -0,0 +1,43 @@
+import os
+
+from karton.android import Android
+
+from karton.core import Task
+from karton.core.test import KartonTestCase, TestResource
+
+
+class AndroidMagicTestCase(KartonTestCase):
+    karton_class = Android
+
+    def test_android(self):
+        testcase = os.path.join(os.path.dirname(__file__), "testsdata", "example.apk")
+        with self.subTest(testcase):
+            with open(testcase, "rb") as f:
+                content = f.read()
+            sample = TestResource(testcase, content)
+            expected = Task(
+                {
+                    "type": "sample",
+                    "stage": "analyzed",
+                    "origin": "karton.android",
+                },
+                payload={
+                    'attributes': {
+                      "certificate": ["61ED377E85D386A8DFEE6B864BD85B0BFAA5AF81"],
+                      "main_activity": ["com.example.android.contactmanager..ContactManager"],
+                      "package": ["com.example.android.contactmanager"],
+                      "activities": ["com.example.android.contactmanager..ContactManager", "com.example.android.contactmanager.ContactAdder"],
+                      "permissions": ["android.permission.GET_ACCOUNTS", "android.permission.READ_CONTACTS", "android.permission.WRITE_CONTACTS"],
+                    }
+                },
+            )
+            task = Task(
+                {
+                    "type": "sample",
+                    "extension": "apk",
+                },
+                payload={"sample": sample},
+            )
+            results = self.run_task(task)
+
+            self.assertTasksEqual(results, [expected])
diff --git a/tests/testsdata/example.apk b/tests/testsdata/example.apk
new file mode 100644
index 0000000..418f504
Binary files /dev/null and b/tests/testsdata/example.apk differ
-- 
cgit v1.3