Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

TaintDroid Runner 0.6 Upload, final

  • Loading branch information...
commit d544e3f0714598bd800ff6ef22d1a4422fa48218 1 parent 1ffd97a
@dbaeumges authored
View
10 README
@@ -42,6 +42,16 @@ Log files:
** log (main): <reportPathSuffix>_yyyyMMdd-HHmm/taintdroid_runner_main_log.log
** log (app): <reportPathSuffix>_yyyyMMdd-HHmm/<apkname>_log.log
** logcat: <reportPathSuffix>_yyyyMMdd-HHmm/<apkname>_logcat.log
+** html (main): <reportPathSuffix>_yyyyMMdd-HHmm/report.html
+** html (app): <reportPathSuffix>_yyyyMMdd-HHmm/report_app_<id>.html
+
+* json mode
+** log (main): <reportPathSuffix>_yyyyMMdd-HHmm/taintdroid_runner_main_log.log
+** log (app): <reportPathSuffix>_yyyyMMdd-HHmm/<apkname>_log.log
+** logcat: <reportPathSuffix>_yyyyMMdd-HHmm/<apkname>_logcat.log
+** json (main): <reportPathSuffix>_yyyyMMdd-HHmm/report.json
+** html (main): <reportPathSuffix>_yyyyMMdd-HHmm/report.html
+** html (app): <reportPathSuffix>_yyyyMMdd-HHmm/report_app_<id>.html
Version 0.5:
View
6 common.py
@@ -190,7 +190,11 @@ def appendTaintTags(theTag1, theTag2):
@staticmethod
def getTaintString(theTag):
- tagInt = int(theTag, 16)
+ try:
+ tagInt = int(theTag, 16)
+ except TypeError, typeErr:
+ if theTag == 0:
+ tagInt = theTag
tagString = str(theTag) + ' ('
if tagInt == TaintTagEnum.TAINT_CLEAR:
tagString += 'No Tag)'
View
371 helper_analyzer.py
@@ -24,6 +24,7 @@ def __init__(self, theDirs, theMode=0, theSdkPath=None):
self.baseAppDir = None
self.printDictFile = None
self.htmlOutputDir = None
+ self.reportAppDir = None
def getRuntime(self, theObj):
startTime = datetime.datetime(int(theObj.startTime[0:4]),
@@ -82,19 +83,37 @@ def getAppTaintLog(self, theDir, theLogcatFile):
logcatFile = os.path.join(theDir, theLogcatFile)
else:
logcatFile = os.path.join(theDir, logcatFileParts[1])
- logAnalyzer = TaintLogAnalyzer(theLogger=Logger(theLevel=LogLevel.ERROR))
+ logAnalyzer1 = TaintLogAnalyzer(theLogger=Logger(theLevel=LogLevel.ERROR))
try:
- logAnalyzer.setLogFile(logcatFile)
+ logAnalyzer1.setLogFile(logcatFile)
except IOError, ioErr:
#raw_input('getAppTaintLog::IOError')
return None
- logAnalyzer.extractLogEntries()
- if len(logAnalyzer.getLogEntryList()) == 0:
- logAnalyzer.numControlChars = 1
- logAnalyzer.extractLogEntries()
- if len(logAnalyzer.getLogEntryList()) == 0:
+ logAnalyzer1.extractLogEntries()
+
+ logAnalyzer2 = TaintLogAnalyzer(theLogger=Logger(theLevel=LogLevel.ERROR))
+ logAnalyzer2.setLogFile(logcatFile)
+ logAnalyzer2.numControlChars = 2
+ logAnalyzer2.extractLogEntries()
+
+ #print len(logAnalyzer1.getLogEntryList())
+ #print len(logAnalyzer1.getJson2PyFailedList())
+ #print '2: ', len(logAnalyzer2.getLogEntryList())
+ #print len(logAnalyzer2.getJson2PyFailedList())
+ #raw_input('xx')
+
+ if len(logAnalyzer1.getLogEntryList()) > len(logAnalyzer2.getLogEntryList()) and \
+ len(logAnalyzer1.getJson2PyFailedList()) < len(logAnalyzer2.getJson2PyFailedList()):
+ logAnalyzer = logAnalyzer1
+ else:
+ logAnalyzer = logAnalyzer2
+
+ #if len(logAnalyzer.getLogEntryList()) == 0:
+ # logAnalyzer.numControlChars = 2
+ # logAnalyzer.extractLogEntries()
+ #if len(logAnalyzer.getLogEntryList()) == 0:
#raw_input('XX')
- pass
+ # pass
logAnalyzer.postProcessLogObjects()
return logAnalyzer
@@ -121,21 +140,32 @@ def printToLatexFile(self, theFile, theDict):
'location':[0,[]],
'other':[0,[]],
'nothing':[0,[]]}
- def evalTagNumbers(self, theTaintLog, theApk, theBaseObj, theNumbers, theAppendApkFlag=True):
+ def evalTagNumbers(self, theTaintLog, theApk, theBaseObj, theNumbers, theReportMode=False):
oneMatch = False
noTag = copy.deepcopy(theBaseObj)
noTag.tag = -1
if theTaintLog.doesMatch([noTag]):
- theNumbers['noTag'][0] += 1
- if theAppendApkFlag: theNumbers['noTag'][1].append(theApk)
+ if theReportMode:
+ theNumbers['noTag'][0] += len(theTaintLog.getMatchingLogEntries([noTag]))
+ else:
+ theNumbers['noTag'][0] += 1
+ theNumbers['noTag'][1].append(theApk)
oneMatch = True
+
+ if isinstance(theBaseObj, CallActionLogEntry) and oneMatch:
+ for key, value in self.INITIAL_NUMBERS_DICT.iteritems():
+ if key != 'noTag' and key != 'nothing':
+ theNumbers[key][0] -= 1
contact = copy.deepcopy(theBaseObj)
contact.tagList.append(TaintTagEnum.TAINT_CONTACTS)
if theTaintLog.doesMatch([contact]):
- theNumbers['contact'][0] += 1
- if theAppendApkFlag: theNumbers['contact'][1].append(theApk)
+ if theReportMode:
+ theNumbers['contact'][0] += len(theTaintLog.getMatchingLogEntries([contact]))
+ else:
+ theNumbers['contact'][0] += 1
+ theNumbers['contact'][1].append(theApk)
oneMatch = True
deviceInfos = copy.deepcopy(theBaseObj)
@@ -145,22 +175,31 @@ def evalTagNumbers(self, theTaintLog, theApk, theBaseObj, theNumbers, theAppendA
deviceInfos.tagList.append(TaintTagEnum.TAINT_ICCID)
deviceInfos.tagList.append(TaintTagEnum.TAINT_DEVICE_SN)
if theTaintLog.doesMatch([deviceInfos]):
- theNumbers['deviceInfos'][0] += 1
- if theAppendApkFlag: theNumbers['deviceInfos'][1].append(theApk)
+ if theReportMode:
+ theNumbers['deviceInfos'][0] += len(theTaintLog.getMatchingLogEntries([deviceInfos]))
+ else:
+ theNumbers['deviceInfos'][0] += 1
+ theNumbers['deviceInfos'][1].append(theApk)
oneMatch = True
userInput = copy.deepcopy(theBaseObj)
userInput.tagList.append(TaintTagEnum.TAINT_USER_INPUT)
if theTaintLog.doesMatch([userInput]):
- theNumbers['userInput'][0] += 1
- if theAppendApkFlag: theNumbers['userInput'][1].append(theApk)
+ if theReportMode:
+ theNumbers['userInput'][0] += len(theTaintLog.getMatchingLogEntries([userInput]))
+ else:
+ theNumbers['userInput'][0] += 1
+ theNumbers['userInput'][1].append(theApk)
oneMatch = True
incomingData = copy.deepcopy(theBaseObj)
incomingData.tagList.append(TaintTagEnum.TAINT_INCOMING_DATA)
if theTaintLog.doesMatch([incomingData]):
- theNumbers['incomingData'][0] += 1
- if theAppendApkFlag: theNumbers['incomingData'][1].append(theApk)
+ if theReportMode:
+ theNumbers['incomingData'][0] += len(theTaintLog.getMatchingLogEntries([incomingData]))
+ else:
+ theNumbers['incomingData'][0] += 1
+ theNumbers['incomingData'][1].append(theApk)
oneMatch = True
location = copy.deepcopy(theBaseObj)
@@ -169,8 +208,11 @@ def evalTagNumbers(self, theTaintLog, theApk, theBaseObj, theNumbers, theAppendA
location.tagList.append(TaintTagEnum.TAINT_LOCATION_NET)
location.tagList.append(TaintTagEnum.TAINT_LOCATION_LAST)
if theTaintLog.doesMatch([location]):
- theNumbers['location'][0] += 1
- if theAppendApkFlag: theNumbers['location'][1].append(theApk)
+ if theReportMode:
+ theNumbers['location'][0] += len(theTaintLog.getMatchingLogEntries([location]))
+ else:
+ theNumbers['location'][0] += 1
+ theNumbers['location'][1].append(theApk)
oneMatch = True
other = copy.deepcopy(theBaseObj)
@@ -181,31 +223,34 @@ def evalTagNumbers(self, theTaintLog, theApk, theBaseObj, theNumbers, theAppendA
other.tagList.append(TaintTagEnum.TAINT_MEDIA)
other.tagList.append(TaintTagEnum.TAINT_SMS)
if theTaintLog.doesMatch([other]):
- theNumbers['other'][0] += 1
- if theAppendApkFlag: theNumbers['other'][1].append(theApk)
+ if theReportMode:
+ theNumbers['other'][0] += len(theTaintLog.getMatchingLogEntries([other]))
+ else:
+ theNumbers['other'][0] += 1
+ theNumbers['other'][1].append(theApk)
oneMatch = True
if not oneMatch:
theNumbers['nothing'][0] += 1
- if theAppendApkFlag: theNumbers['nothing'][1].append(theApk)
+ if theReportMode: theNumbers['nothing'][1].append(theApk)
return oneMatch
- def evalSmsDestTagNumbers(self, theTaintLog, theApk, theBaseObj, theNumbers, theAppendApkFlag=True):
+ def evalSmsDestTagNumbers(self, theTaintLog, theApk, theBaseObj, theNumbers):
oneMatch = False
noTag = copy.deepcopy(theBaseObj)
noTag.destinationTag = -1
if theTaintLog.doesMatch([noTag]):
theNumbers['noTag'][0] += 1
- if theAppendApkFlag: theNumbers['noTag'][1].append(theApk)
+ theNumbers['noTag'][1].append(theApk)
oneMatch = True
contact = copy.deepcopy(theBaseObj)
contact.destinationTagList.append(TaintTagEnum.TAINT_CONTACTS)
if theTaintLog.doesMatch([contact]):
theNumbers['contact'][0] += 1
- if theAppendApkFlag: theNumbers['contact'][1].append(theApk)
+ theNumbers['contact'][1].append(theApk)
oneMatch = True
deviceInfos = copy.deepcopy(theBaseObj)
@@ -216,21 +261,21 @@ def evalSmsDestTagNumbers(self, theTaintLog, theApk, theBaseObj, theNumbers, the
deviceInfos.destinationTagList.append(TaintTagEnum.TAINT_DEVICE_SN)
if theTaintLog.doesMatch([deviceInfos]):
theNumbers['deviceInfos'][0] += 1
- if theAppendApkFlag: theNumbers['deviceInfos'][1].append(theApk)
+ theNumbers['deviceInfos'][1].append(theApk)
oneMatch = True
userInput = copy.deepcopy(theBaseObj)
userInput.destinationTagList.append(TaintTagEnum.TAINT_USER_INPUT)
if theTaintLog.doesMatch([userInput]):
theNumbers['userInput'][0] += 1
- if theAppendApkFlag: theNumbers['userInput'][1].append(theApk)
+ theNumbers['userInput'][1].append(theApk)
oneMatch = True
incomingData = copy.deepcopy(theBaseObj)
incomingData.destinationTagList.append(TaintTagEnum.TAINT_INCOMING_DATA)
if theTaintLog.doesMatch([incomingData]):
theNumbers['incomingData'][0] += 1
- if theAppendApkFlag: theNumbers['incomingData'][1].append(theApk)
+ theNumbers['incomingData'][1].append(theApk)
oneMatch = True
location = copy.deepcopy(theBaseObj)
@@ -240,7 +285,7 @@ def evalSmsDestTagNumbers(self, theTaintLog, theApk, theBaseObj, theNumbers, the
location.destinationTagList.append(TaintTagEnum.TAINT_LOCATION_LAST)
if theTaintLog.doesMatch([location]):
theNumbers['location'][0] += 1
- if theAppendApkFlag: theNumbers['location'][1].append(theApk)
+ theNumbers['location'][1].append(theApk)
oneMatch = True
other = copy.deepcopy(theBaseObj)
@@ -252,12 +297,12 @@ def evalSmsDestTagNumbers(self, theTaintLog, theApk, theBaseObj, theNumbers, the
other.destinationTagList.append(TaintTagEnum.TAINT_SMS)
if theTaintLog.doesMatch([other]):
theNumbers['other'][0] += 1
- if theAppendApkFlag: theNumbers['other'][1].append(theApk)
+ theNumbers['other'][1].append(theApk)
oneMatch = True
if not oneMatch:
theNumbers['nothing'][0] += 1
- if theAppendApkFlag: theNumbers['nothing'][1].append(theApk)
+ theNumbers['nothing'][1].append(theApk)
return oneMatch
@@ -672,10 +717,19 @@ def generateHtmlReport(self):
# Collect information of all apps
result = {} # app: {}
resultType = {'apk':None,
+ 'sortName':'',
'taintLogList':[],
'taintLogFileNameList':[],
'logFileNameList':[],
'overview':copy.deepcopy(self.INITIAL_NUMBERS_DICT),
+ 'overview2':{'sms':0,
+ 'call':0,
+ 'netRead':0,
+ 'netWrite':0,
+ 'fsRead':0,
+ 'fsWrite':0,
+ 'cipher':0,
+ 'ssl':0},
'details':{'sms' : copy.deepcopy(self.INITIAL_NUMBERS_DICT),
'smsDest' : copy.deepcopy(self.INITIAL_NUMBERS_DICT),
'call' : copy.deepcopy(self.INITIAL_NUMBERS_DICT),
@@ -685,7 +739,8 @@ def generateHtmlReport(self):
'fsWrite' : copy.deepcopy(self.INITIAL_NUMBERS_DICT),
'cipher' : copy.deepcopy(self.INITIAL_NUMBERS_DICT),
'ssl' : copy.deepcopy(self.INITIAL_NUMBERS_DICT)},
- 'fileName':''}
+ 'fileName':'',
+ 'rawDirectory':[]}
for directory in self.dirs:
mainReport = self.getMainReport(directory, jsonFactory)
@@ -698,57 +753,99 @@ def generateHtmlReport(self):
result[md5] = copy.deepcopy(resultType)
result[md5]['apk'] = apk
- # Taint log
+ # Taint log and appropriate file names
taintLog = self.getAppTaintLog(directory, appReport.logcatFile)
if taintLog is None:
- pass
+ fileNameList = os.listdir(directory)
+ for logFile in fileNameList:
+ if logFile.endswith('_%s_log.log' % str(appReport.id)):
+ result[md5]['logFileNameList'].append(logFile)
+ break
else:
result[md5]['taintLogFileNameList'].append(appReport.logcatFile)
result[md5]['taintLogList'].append(taintLog)
+ result[md5]['logFileNameList'].append(appReport.logcatFile[:-7] + '.log')
+
+ # Raw directory
+ fileNameParts = directory.split('/')
+ if len(fileNameParts) < 2:
+ rawDir = directory
+ else:
+ if fileNameParts[-1] != '':
+ rawDir = fileNameParts[-1]
+ else:
+ rawDir = fileNameParts[-2]
+ result[md5]['rawDirectory'].append(rawDir)
- # Log file(s)
- result[md5]['logFileNameList'].append(appReport.logcatFile[:-7] + '.log')
+ # Sort name
+ result[md5]['sortName'] = '%s-%s' % (apk.getPackage(), md5)
# Evaluate results
for appMd5, appResult in result.iteritems():
for taintLog in appResult['taintLogList']:
- oneMatch = self.evalTagNumbers(taintLog, appResult['apk'], CallActionLogEntry(tagList=[]), appResult['details']['call'])
- oneMatch |= self.evalTagNumbers(taintLog, appResult['apk'], CipherUsageLogEntry(tagList=[]), appResult['details']['cipher'])
+ oneMatch = self.evalTagNumbers(taintLog, appResult['apk'], CallActionLogEntry(tagList=[]), appResult['details']['call'], theReportMode=True)
+ oneMatch |= self.evalTagNumbers(taintLog, appResult['apk'], CipherUsageLogEntry(tagList=[]), appResult['details']['cipher'], theReportMode=True)
oneMatch |= self.evalTagNumbers(taintLog, appResult['apk'], FileSystemLogEntry(actionList=[TaintLogActionEnum.FS_READ_ACTION,
TaintLogActionEnum.FS_READ_DIRECT_ACTION,
TaintLogActionEnum.FS_READV_ACTION],
tagList=[]),
- appResult['details']['fsRead'])
+ appResult['details']['fsRead'], theReportMode=True)
oneMatch |= self.evalTagNumbers(taintLog, appResult['apk'], FileSystemLogEntry(actionList=[TaintLogActionEnum.FS_WRITE_ACTION,
TaintLogActionEnum.FS_WRITE_DIRECT_ACTION,
TaintLogActionEnum.FS_WRITEV_ACTION],
tagList=[]),
- appResult['details']['fsWrite'])
+ appResult['details']['fsWrite'], theReportMode=True)
oneMatch |= self.evalTagNumbers(taintLog, appResult['apk'], NetworkSendLogEntry(actionList=[TaintLogActionEnum.NET_READ_ACTION,
TaintLogActionEnum.NET_READ_DIRECT_ACTION,
TaintLogActionEnum.NET_RECV_ACTION,
TaintLogActionEnum.NET_RECV_DIRECT_ACTION],
tagList=[]),
- appResult['details']['netRead'])
+ appResult['details']['netRead'], theReportMode=True)
oneMatch |= self.evalTagNumbers(taintLog, appResult['apk'], NetworkSendLogEntry(actionList=[TaintLogActionEnum.NET_SEND_ACTION,
TaintLogActionEnum.NET_SEND_DIRECT_ACTION,
TaintLogActionEnum.NET_SEND_URGENT_ACTION,
TaintLogActionEnum.NET_WRITE_ACTION,
TaintLogActionEnum.NET_WRITE_DIRECT_ACTION],
tagList=[]),
- appResult['details']['netWrite'])
- oneMatch |= self.evalTagNumbers(taintLog, appResult['apk'], SSLLogEntry(tagList=[]), appResult['details']['ssl'])
- oneMatch |= self.evalTagNumbers(taintLog, appResult['apk'], SendSmsLogEntry(tagList=[]), appResult['details']['sms'])
+ appResult['details']['netWrite'], theReportMode=True)
+ oneMatch |= self.evalTagNumbers(taintLog, appResult['apk'], SSLLogEntry(tagList=[]), appResult['details']['ssl'], theReportMode=True)
+ oneMatch |= self.evalTagNumbers(taintLog, appResult['apk'], SendSmsLogEntry(tagList=[]), appResult['details']['sms'], theReportMode=True)
oneMatch |= self.evalSmsDestTagNumbers(taintLog, appResult['apk'], SendSmsLogEntry(destinationTagList=[]), appResult['details']['smsDest'])
# Nothing happens
if not oneMatch:
pass
+ # Get numbers of several actions
+ appResult['overview2']['sms'] += taintLog.getNumLogEntries(theType=SendSmsLogEntry)
+ appResult['overview2']['ssl'] += taintLog.getNumLogEntries(theType=SSLLogEntry)
+ appResult['overview2']['call'] += taintLog.getNumLogEntries(theType=CallActionLogEntry)
+ appResult['overview2']['cipher'] += taintLog.getNumLogEntries(theType=CipherUsageLogEntry)
+ appResult['overview2']['netRead'] += len(taintLog.getMatchingLogEntries([NetworkSendLogEntry(actionList=[TaintLogActionEnum.NET_READ_ACTION,
+ TaintLogActionEnum.NET_READ_DIRECT_ACTION,
+ TaintLogActionEnum.NET_RECV_ACTION,
+ TaintLogActionEnum.NET_RECV_DIRECT_ACTION],
+ tagList=[])]))
+ appResult['overview2']['netWrite'] += len(taintLog.getMatchingLogEntries([NetworkSendLogEntry(actionList=[TaintLogActionEnum.NET_SEND_ACTION,
+ TaintLogActionEnum.NET_SEND_DIRECT_ACTION,
+ TaintLogActionEnum.NET_SEND_URGENT_ACTION,
+ TaintLogActionEnum.NET_WRITE_ACTION,
+ TaintLogActionEnum.NET_WRITE_DIRECT_ACTION],
+ tagList=[])]))
+ appResult['overview2']['fsRead'] += len(taintLog.getMatchingLogEntries([FileSystemLogEntry(actionList=[TaintLogActionEnum.FS_READ_ACTION,
+ TaintLogActionEnum.FS_READ_DIRECT_ACTION,
+ TaintLogActionEnum.FS_READV_ACTION],
+ tagList=[])]))
+ appResult['overview2']['fsWrite'] += len(taintLog.getMatchingLogEntries([FileSystemLogEntry(actionList=[TaintLogActionEnum.FS_WRITE_ACTION,
+ TaintLogActionEnum.FS_WRITE_DIRECT_ACTION,
+ TaintLogActionEnum.FS_WRITEV_ACTION],
+ tagList=[])]))
+
# Add numbers to overview table
for tag, overviewNumbers in appResult['overview'].iteritems():
for action, actionEntry in appResult['details'].iteritems():
- overviewNumbers[0] += actionEntry[tag][0]
+ if actionEntry[tag][0] > 0:
+ overviewNumbers[0] += 1
# Print report (per app)
descrDict = {'call':'Call', 'cipher':'Cipher Usage', 'fsRead':'File System Read', 'fsWrite':'File System Write', 'netRead':'Network Read', 'netWrite':'Network Write', 'ssl':'SSL', 'sms':'SMS', 'smsDest':'SMS Destination'}
@@ -757,13 +854,20 @@ def generateHtmlReport(self):
for appMd5, appResult in result.iteritems():
appReportFileName = '%s_%s.html' % (appResult['apk'].getPackage(), appMd5)
appResult['fileName'] = os.path.join('html', appReportFileName)
- appReport = open(os.path.join(appHtmlOutputDir, appReportFileName), 'w')
- appReport.write('<html><head><title>TaintDroid Runner Report for %s</title></head><body><p>' % appResult['apk'].getPackage())
- appReport.write('<h1>TaintDroid Runner Report for %s</h1>' % appResult['apk'].getPackage())
+ appReport = open(os.path.join(appHtmlOutputDir, appReportFileName), 'w')
+ if appResult['apk'].getPackage() != '':
+ appReport.write('<html><head><title>TaintDroid Runner Report for %s</title></head><body><p>' % appResult['apk'].getPackage())
+ appReport.write('<h1>TaintDroid Runner Report for %s</h1>' % appResult['apk'].getPackage())
+ else: # appResult['apk'].getPackage() == ''
+ appReport.write('<html><head><title>TaintDroid Runner Report for %s</title></head><body><p>' % appMd5)
+ appReport.write('<h1>TaintDroid Runner Report for %s</h1>' % appMd5)
appReport.write('<br /><h2>Application</h2>')
- appReport.write('<li><b>Package</b>: %s</li>' % (appResult['apk'].getPackage()))
- appReport.write('<li><b>MD5</b>: %s</li>' % (appResult['apk'].getMd5Hash()))
+ appReport.write('<li><b>APK</b>: <a href="../../%s/%s-%s.apk">%s-%s.apk</a></li>' % (self.reportAppDir, appResult['apk'].getPackage(), appMd5, appResult['apk'].getPackage(), appMd5))
+ appReport.write('<li><b>Package</b>: %s (<a href="http://www.google.com/#sclient=psy-ab&hl=de&source=hp&q=Android+%s" target="_blank">Search Google</a>)</li>' % (appResult['apk'].getPackage(), appResult['apk'].getPackage()))
+ appReport.write('<li><b>MD5</b>: %s (<a href="http://www.google.com/#sclient=psy-ab&hl=de&source=hp&q=Android+%s" target="_blank">Search Google</a>)</li>' % (appResult['apk'].getMd5Hash(), appResult['apk'].getMd5Hash()))
appReport.write('<li><b>Sha256</b>: %s</li>' % (appResult['apk'].getSha256Hash()))
+ appReport.write('<li><b>Number of analysis runs</b>: %d</li>' % len(appResult['logFileNameList']))
+ appReport.write('<li><b>Number of successful analysis runs</b>: %d</li>' % len(appResult['taintLogList']))
appReport.write('<br /><h2>Overview</h2>')
appReport.write('<table border="1" rules="groups">')
@@ -790,10 +894,10 @@ def generateHtmlReport(self):
appReport.write('</tr>')
appReport.write('</tbody>')
- appReport.write('<tfoot><tr><td></td>')
- for tagType in tagTypeList:
- appReport.write('<td align="center">%d</td>' % (sumDict[tagType]))
- appReport.write('</tr></tfoot>')
+ #appReport.write('<tfoot><tr><td></td>')
+ #for tagType in tagTypeList:
+ # appReport.write('<td align="center">%d</td>' % (sumDict[tagType]))
+ #appReport.write('</tr></tfoot>')
appReport.write('</table>')
@@ -808,19 +912,96 @@ def generateHtmlReport(self):
continue
appReport.write('<h3>%s</h3>' % (descrDict[action]))
+ relevantLogEntries = []
+ for taintLog in appResult['taintLogList']:
+ if action == 'call':
+ relevantLogEntries.extend(taintLog.getLogEntryList(theType=CallActionLogEntry))
+ columnList = ['Tag', 'DialString']
+ elif action == 'cipher':
+ relevantLogEntries.extend(taintLog.getLogEntryList(theType=CipherUsageLogEntry))
+ columnList = ['Tag', 'Mode', 'Data']
+ elif action == 'fsRead':
+ relevantLogEntries.extend(taintLog.getMatchingLogEntries([FileSystemLogEntry(actionList=[TaintLogActionEnum.FS_READ_ACTION,
+ TaintLogActionEnum.FS_READ_DIRECT_ACTION,
+ TaintLogActionEnum.FS_READV_ACTION],
+ tagList=[])]))
+ columnList = ['Tag', 'Action', 'File Path', 'Data']
+ elif action == 'fsWrite':
+ relevantLogEntries.extend(taintLog.getMatchingLogEntries([FileSystemLogEntry(actionList=[TaintLogActionEnum.FS_WRITE_ACTION,
+ TaintLogActionEnum.FS_WRITE_DIRECT_ACTION,
+ TaintLogActionEnum.FS_WRITEV_ACTION],
+ tagList=[])]))
+ columnList = ['Tag', 'Action', 'File Path', 'Data']
+ elif action == 'netRead':
+ relevantLogEntries.extend(taintLog.getMatchingLogEntries([NetworkSendLogEntry(actionList=[TaintLogActionEnum.NET_READ_ACTION,
+ TaintLogActionEnum.NET_READ_DIRECT_ACTION,
+ TaintLogActionEnum.NET_RECV_ACTION,
+ TaintLogActionEnum.NET_RECV_DIRECT_ACTION],
+ tagList=[])]))
+ columnList = ['Tag', 'Action', 'Destination', 'Data']
+ elif action == 'netWrite':
+ relevantLogEntries.extend(taintLog.getMatchingLogEntries([NetworkSendLogEntry(actionList=[TaintLogActionEnum.NET_SEND_ACTION,
+ TaintLogActionEnum.NET_SEND_DIRECT_ACTION,
+ TaintLogActionEnum.NET_SEND_URGENT_ACTION,
+ TaintLogActionEnum.NET_WRITE_ACTION,
+ TaintLogActionEnum.NET_WRITE_DIRECT_ACTION],
+ tagList=[])]))
+ columnList = ['Tag', 'Action', 'Destination', 'Data']
+ elif action == 'ssl':
+ relevantLogEntries.extend(taintLog.getLogEntryList(theType=SSLLogEntry))
+ columnList = ['Tag', 'Action', 'Destination/Source', 'Data']
+ elif action == 'sms':
+ relevantLogEntries.extend(taintLog.getLogEntryList(theType=SendSmsLogEntry))
+ columnList = ['Tag (Text)', 'Action', 'Source Addr', 'Destination', 'Tag Destination', 'Text']
+
+ appReport.write('<table>')
+ appReport.write('<tr>')
+ for col in columnList:
+ appReport.write('<th align="left">%s</th>' % col)
+ appReport.write('</tr>')
+
+ for relevantLogEntry in relevantLogEntries:
+ appReport.write('<tr>')
+ for col in relevantLogEntry.getHtmlReportColumnList(False):
+ appReport.write('<td>')
+ if not col is None:
+ try:
+ appReport.write(col)
+ except:
+ pass
+ appReport.write('</td>')
+ appReport.write('</tr>')
+
+ appReport.write('</table>')
appReport.write('<br /><h2>Raw Files</h2>')
for i in xrange(len(appResult['taintLogFileNameList'])):
- appReport.write('<li>Logcat output (%d): <a href="%s">%s</a></li>' % ((i+1), appResult['taintLogFileNameList'][i], appResult['taintLogFileNameList'][i]))
+ fileNameParts = appResult['taintLogFileNameList'][i].split('/')
+ if len(fileNameParts) < 2:
+ fileName = appResult['taintLogFileNameList'][i]
+ else:
+ fileName = fileNameParts[1]
+
+ hrefPath = os.path.join('raw', appResult['rawDirectory'][i], fileName)
+ appReport.write('<li>Logcat output (%d): <a href="../%s">%s</a></li>' % ((i+1), hrefPath, fileName))
for i in xrange(len(appResult['logFileNameList'])):
- appReport.write('<li>Log output (%d): <a href="%s">%s</a></li>' % ((i+1), appResult['logFileNameList'][i], appResult['logFileNameList'][i]))
+ fileNameParts = appResult['logFileNameList'][i].split('/')
+ if len(fileNameParts) < 2:
+ fileName = appResult['logFileNameList'][i]
+ else:
+ fileName = fileNameParts[1]
+
+ hrefPath = os.path.join('raw', appResult['rawDirectory'][i], fileName)
+ appReport.write('<li>Log output (%d): <a href="../%s">%s</a></li>' % ((i+1), hrefPath, fileName))
appReport.write('</p></body></html>')
# Print main report
mainReport = open(os.path.join(self.htmlOutputDir, 'index.html'), 'w')
mainReport.write('<html><head><title>TaintDroid Runner Report</title></head><body><p>')
mainReport.write('<h1>TaintDroid Runner Report</h1>')
+ mainReport.write('[<a href="#tag">By Tag</a>] [<a href="#action">By Action</a>]')
+ mainReport.write('<h2><a name="tag">Overview by Tag</a></h2>')
mainReport.write('<table border="1" rules="rows">')
mainReport.write("""<thead><tr><th></th>
<th align="center">Dev. Info</th>
@@ -834,7 +1015,10 @@ def generateHtmlReport(self):
mainReport.write('<tbody>')
for appMd5, appResult in result.iteritems():
mainReport.write('<tr>')
- mainReport.write('<td><a href="%s">%s</a> (%s)</td>' % (appResult['fileName'], appResult['apk'].getPackage(), appMd5))
+ if appResult['apk'].getPackage() != '':
+ mainReport.write('<td><a href="%s">%s</a> (%s)</td>' % (appResult['fileName'], appResult['apk'].getPackage(), appMd5))
+ else: # appResult['apk'].getPackage() == ''
+ mainReport.write('<td>(<a href="%s">%s</a>)</td>' % (appResult['fileName'], appMd5))
for tagType in tagTypeList:
mainReport.write('<td align="center">%d</td>' % (appResult['overview'][tagType][0]))
if sumDict.has_key(tagType):
@@ -844,13 +1028,42 @@ def generateHtmlReport(self):
mainReport.write('</tr>')
mainReport.write('</tbody>')
- mainReport.write('<tfoot><tr><td></td>')
- for tagType in tagTypeList:
- mainReport.write('<td align="center">%d</td>' % (sumDict[tagType]))
- mainReport.write('</tr></tfoot>')
+ #mainReport.write('<tfoot><tr><td></td>')
+ #for tagType in tagTypeList:
+ # mainReport.write('<td align="center">%d</td>' % (sumDict[tagType]))
+ #mainReport.write('</tr></tfoot>')
mainReport.write('</table>')
- mainReport.write('</p></body></html>')
+
+ mainReport.write('<h2><a name="action">Overview by Action</a></h2>')
+ mainReport.write('<table border="1" rules="rows">')
+ mainReport.write('<thead><tr><th></th>')
+ for action in actionList[:-1]:
+ mainReport.write('<th align="center">%s</th>' % descrDict[action])
+ mainReport.write('</tr></thead>')
+
+ sumDict = {}
+ mainReport.write('<tbody>')
+ for appMd5, appResult in result.iteritems():
+ mainReport.write('<tr>')
+ if appResult['apk'].getPackage() != '':
+ mainReport.write('<td><a href="%s">%s</a> (%s)</td>' % (appResult['fileName'], appResult['apk'].getPackage(), appMd5))
+ else: # appResult['apk'].getPackage() == ''
+ mainReport.write('<td>(<a href="%s">%s</a>)</td>' % (appResult['fileName'], appMd5))
+ for action in actionList[:-1]:
+ mainReport.write('<td align="center">%d</td>' % (appResult['overview2'][action]))
+ if sumDict.has_key(action):
+ sumDict[action] += appResult['overview2'][action]
+ else:
+ sumDict[action] = appResult['overview2'][action]
+ mainReport.write('</tbody>')
+
+ #mainReport.write('<tfoot><tr><td></td>')
+ #for action in actionList[:-1]:
+ # mainReport.write('<td align="center">%d</td>' % (sumDict[action]))
+ #mainReport.write('</tr></tfoot>')
+
+ mainReport.write('</table></p></body></html>')
def findNotInstrumentedPatterns(self):
@@ -875,6 +1088,7 @@ def findNotInstrumentedPatterns(self):
jsonFactory = JsonFactory()
for directory in self.dirs:
+ print 'Look in %s' % directory
mainReport = self.getMainReport(directory, jsonFactory)
for appReport in mainReport.appList:
apk = self.getAppApk(appReport.appPath)
@@ -883,6 +1097,25 @@ def findNotInstrumentedPatterns(self):
if taintLog.doesMatch(notInstrumentedPatterns): # check for not instrumented patters
print '--------------------'
taintLog.printOverview()
+ raw_input('FOUND NOT INSTRUMENTED PATTERN (!)')
+
+ def findPatterns(self):
+ patterns = []
+ appList = []
+ jsonFactory = JsonFactory()
+ for directory in self.dirs:
+ print 'Look in %s' % directory
+ mainReport = self.getMainReport(directory, jsonFactory)
+ for appReport in mainReport.appList:
+ apk = self.getAppApk(appReport.appPath)
+ taintLog = self.getAppTaintLog(directory, appReport.logcatFile)
+ if not taintLog is None:
+ if taintLog.doesMatch(patterns): # check for not instrumented patters
+ appList.append(apk)
+
+ print '--------------------'
+ for app in appList:
+ print '- %s (%s)' % (app.getPackage(), app.getMd5Hash())
def analyze(self):
if int(self.mode) == 0:
@@ -895,6 +1128,8 @@ def analyze(self):
self.generateHtmlReport()
elif int(self.mode) == 4:
self.findNotInstrumentedPatterns()
+ elif int(self.mode) == 5:
+ self.findPatterns()
# ================================================================================
# Main method
@@ -909,6 +1144,7 @@ def analyze(self):
parser.add_option('', '--baseAppDir', metavar='<path>', default=None, help='Set path to dicrectory in which applications are stored')
parser.add_option('', '--printDictFile', metavar='<path>', default=None, help='Set path to file in which output dict should be printed')
parser.add_option('', '--htmlOutputDir', metavar='<path>', default=None, help='Output directory for generated HTML report')
+ parser.add_option('', '--reportAppDir', metavar='<path>', default=None, help='Default app directory on USB stick')
(options, args) = parser.parse_args()
# Get report dir
@@ -926,4 +1162,11 @@ def analyze(self):
analyzer.baseAppDir = options.baseAppDir
analyzer.printDictFile = options.printDictFile
analyzer.htmlOutputDir = options.htmlOutputDir
+ analyzer.reportAppDir = options.reportAppDir
analyzer.analyze()
+
+ # malware full: python helper_analyzer.py -m 0 --baseAppDir /home/daniel/Documents/Malware/thesis_analysis/ ~/Documents/Malware/reports/mw_nb_1_20120112-213037/ ~/Documents/Malware/reports/mw_nb_2_20120122-111827/ ~/Documents/Malware/reports/mw_nb_3_20120122-143747/ ~/Documents/Malware/reports/mw_nb_4_20120123-215147/ ~/Documents/Malware/reports/mw_rub_full_20120123-214357/ ~/Documents/Malware/reports/mw_desk_full/
+
+ # goodware full: python helper_analyzer.py -m 0 --baseAppDir /home/daniel/Documents/MarketApps/apps/ ~/Documents/Malware/reports/gw_nb_1_20120124-064525/ ~/Documents/Malware/reports/gw_nb_2_20120124-204758/ ~/Documents/Malware/reports/gw_nb_3_20120125-210805/ ~/Documents/Malware/reports/gw_nb_4_20120126-223959/ ~/Documents/Malware/reports/gw_nb_5_20120127-195917/ ~/Documents/Malware/reports/gw_nb_6_20120129-115712/ ~/Documents/Malware/reports/gw_nb_7_20120204-195305/ ~/Documents/Malware/reports/gw_nb_8_20120205-192907/ ~/Documents/Malware/reports/gw_nb_9_20120206-194602/ ~/Documents/Malware/reports/gw_nb_10_20120207-201340/ ~/Documents/Malware/reports/gw_nb_11_20120208-192600/ ~/Documents/Malware/reports/gw_nb_12_20120209-202213/ ~/Documents/Malware/reports/gw_nb_13_20120210-205101/ ~/Documents/Malware/reports/gw_rub_1_20120125-210650/
+
+ # python helper_analyzer.py -m 3 --htmlOutputDir html_goodware --reportAppDir marketApps --baseAppDir /home/daniel/Documents/MarketApps/apps/ ~/Documents/Malware/reports/gw_nb_1_20120124-064525/ ~/Documents/Malware/reports/gw_nb_2_20120124-204758/ ~/Documents/Malware/reports/gw_nb_3_20120125-210805/ ~/Documents/Malware/reports/gw_nb_4_20120126-223959/ ~/Documents/Malware/reports/gw_nb_5_20120127-195917/ ~/Documents/Malware/reports/gw_nb_6_20120129-115712/ ~/Documents/Malware/reports/gw_nb_7_20120204-195305/ ~/Documents/Malware/reports/gw_nb_8_20120205-192907/ ~/Documents/Malware/reports/gw_nb_9_20120206-194602/ ~/Documents/Malware/reports/gw_nb_10_20120207-201340/ ~/Documents/Malware/reports/gw_nb_11_20120208-192600/ ~/Documents/Malware/reports/gw_nb_12_20120209-202213/ ~/Documents/Malware/reports/gw_nb_13_20120210-205101/ ~/Documents/Malware/reports/gw_rub_1_20120125-210650/
View
610 helper_lists.py
@@ -0,0 +1,610 @@
+gwListRead = [
+ '83.169.42.67',
+ '205.234.238.42',
+ '173.194.65.118',
+ '112.213.88.17',
+ '219.234.85.220',
+ '219.234.85.222', #20, distinct: 1)
+ '165.193.245.41', #238, distinct: 87)
+ '184.82.243.172', #6, distinct: 2)
+ '107.21.253.152', #19, distinct: 10)
+ '184.73.198.91', #22, distinct: 12)
+ '176.32.91.242', #1, distinct: 1)
+ '174.35.66.78', #4, distinct: 1)
+ '110.45.215.186', #2, distinct: 1)
+ '67.159.5.93', #2, distinct: 1)
+ '72.21.194.16', #3, distinct: 1)
+ '175.158.9.171', #6, distinct: 4)
+ '175.158.9.170', #15, distinct: 2)
+ '175.158.9.173', #3, distinct: 1)
+ '175.158.9.172', #2, distinct: 2)
+ '50.62.1.47', #17, distinct: 3)
+ '66.196.65.174', #1, distinct: 1)
+ '213.171.218.186', #1, distinct: 1)
+ '76.13.114.90', #8, distinct: 1)
+ '209.85.148.120', #56, distinct: 38)
+ '209.85.148.121', #1, distinct: 1)
+ '216.35.221.76', #40, distinct: 1)
+ '64.234.192.37', #4, distinct: 1)
+ '50.16.251.238', #2, distinct: 1)
+ '174.120.170.9', #7, distinct: 1)
+ '74.120.121.80', #3, distinct: 1)
+ '203.145.77.89', #9, distinct: 1)
+ '205.186.134.152', #3, distinct: 1)
+ '50.17.217.30', #4, distinct: 2)
+ '80.92.76.28', #8, distinct: 2)
+ '174.129.198.92', #14, distinct: 6)
+ '50.17.206.163', #4, distinct: 2)
+ '92.42.123.97', #2, distinct: 1)
+ '219.234.85.236', #4, distinct: 1)
+ '188.95.145.131', #3, distinct: 1)
+ '195.211.72.42', #1, distinct: 1)
+ '93.176.84.108', #1, distinct: 1)
+ '93.176.84.109', #1, distinct: 1)
+ '202.45.165.135', #3, distinct: 1)
+ '174.35.6.5', #2, distinct: 1)
+ '212.68.137.219', #5, distinct: 1)
+ '173.194.70.102', #1, distinct: 1)
+ '173.194.70.101', #1, distinct: 1)
+ '96.46.148.190', #2, distinct: 1)
+ '193.93.174.118', #11, distinct: 1)
+ '121.14.234.141', #1, distinct: 1)
+ '199.59.148.82', #5, distinct: 2)
+ '212.201.100.170', #15, distinct: 8)
+ '220.181.111.147', #2, distinct: 1)
+ '217.146.69.18', #1, distinct: 1)
+ '174.37.77.248', #3, distinct: 1)
+ '194.232.15.25', #2, distinct: 1)
+ '209.85.148.139', #4, distinct: 3)
+ '209.85.148.138', #2, distinct: 1)
+ '219.94.203.140', #5, distinct: 1)
+ '209.85.148.156', #74, distinct: 52)
+ '175.158.9.166', #6, distinct: 3)
+ '175.158.9.167', #1, distinct: 1)
+ '211.63.185.119', #1, distinct: 1)
+ '14.63.214.51', #12, distinct: 1)
+ '88.198.14.198', #3, distinct: 1)
+ '80.154.79.115', #4, distinct: 2)
+ '67.214.210.61', #1, distinct: 1)
+ '84.37.86.172', #1, distinct: 1)
+ '212.100.244.244', #2, distinct: 1)
+ '72.14.203.141', #1, distinct: 1)
+ '68.233.254.129', #8, distinct: 1)
+ '8.12.43.175', #1, distinct: 1)
+ '95.100.146.110', #2, distinct: 1)
+ '211.233.50.233', #7, distinct: 1)
+ '124.247.204.23', #5, distinct: 1)
+ '203.185.132.242', #4, distinct: 1)
+ '222.122.140.152', #16, distinct: 1)
+ '107.22.188.195', #1, distinct: 1)
+ '64.56.194.150', #5, distinct: 1)
+ '50.22.178.194', #11, distinct: 3)
+ '74.125.31.141', #1, distinct: 1)
+ '117.104.139.18', #1, distinct: 1)
+ '199.59.149.198', #9, distinct: 2)
+ '218.19.141.173', #1, distinct: 1)
+ '209.85.148.118', #1, distinct: 1)
+ '50.16.191.28', #54, distinct: 17)
+ '199.59.148.10', #6, distinct: 1)
+ '117.104.139.17', #3, distinct: 1)
+ '195.24.233.55', #20, distinct: 1)
+ '212.92.23.146', #1, distinct: 1)
+ '8.27.130.126', #2, distinct: 1)
+ '212.201.100.144', #1, distinct: 1)
+ '67.214.212.167', #3, distinct: 1)
+ '211.151.139.246', #12, distinct: 2)
+ '212.201.100.142', #4, distinct: 1)
+ '74.50.95.18', #2, distinct: 2)
+ '66.211.169.74', #1, distinct: 1)
+ '112.140.185.238', #24, distinct: 1)
+ '109.193.192.163', #24, distinct: 14)
+ '205.234.175.175', #345, distinct: 17)
+ '109.193.192.161', #20, distinct: 13)
+ '195.70.49.3', #2, distinct: 1)
+ '194.71.95.73', #8, distinct: 1)
+ '173.194.69.147', #2, distinct: 1)
+ '67.214.210.54', #5, distinct: 2)
+ '209.85.148.100', #6, distinct: 2)
+ '209.85.148.101', #2, distinct: 2)
+ '209.85.148.102', #13, distinct: 3)
+ '173.241.240.12', #7, distinct: 4)
+ '194.25.167.52', #4, distinct: 2)
+ '87.248.217.253', #1, distinct: 1)
+ '91.220.161.58', #1, distinct: 1)
+ '69.63.181.47', #2, distinct: 1)
+ '211.255.206.195', #1, distinct: 1)
+ '80.253.180.9', #1, distinct: 1)
+ '107.20.150.111', #2, distinct: 1)
+ '93.184.220.20', #47, distinct: 18)
+ '184.106.208.208', #5, distinct: 1)
+ '80.154.79.35', #1, distinct: 1)
+ '209.200.227.229', #42, distinct: 3)
+ '107.21.126.200', #1, distinct: 1)
+ '173.194.70.95', #2, distinct: 1)
+ '212.201.100.136', #1, distinct: 1)
+ '173.194.69.99', #14, distinct: 1)
+ '207.171.163.226', #1, distinct: 1)
+ '69.28.152.76', #3, distinct: 1)
+ '213.186.41.151', #14, distinct: 1)
+ '190.12.98.98', #6, distinct: 1)
+ '107.22.189.16', #3, distinct: 1)
+ '217.196.148.17', #7, distinct: 1)
+ '50.16.214.161', #2, distinct: 1)
+ '195.24.232.205', #10, distinct: 1)
+ '209.85.148.113', #1, distinct: 1)
+ '199.59.148.201', #1, distinct: 1)
+ '67.214.210.43', #2, distinct: 2)
+ '206.130.170.35', #16, distinct: 1)
+ '69.171.229.13', #2, distinct: 1)
+ '50.17.231.154', #8, distinct: 1)
+ '141.101.124.232', #10, distinct: 5)
+ '180.70.93.20', #1, distinct: 1)
+ '107.20.194.188', #4, distinct: 1)
+ '173.1.44.18', #20, distinct: 1)
+ '207.171.163.152', #3, distinct: 1)
+ '81.169.145.153', #17, distinct: 1)
+ '107.21.237.183', #1, distinct: 1)
+ '107.20.176.85', #16, distinct: 10)
+ '184.18.181.12', #3, distinct: 1)
+ '199.9.250.75', #1, distinct: 1)
+ '66.211.168.136', #1, distinct: 1)
+ '74.113.152.32', #4, distinct: 1)
+ '199.59.149.200', #11, distinct: 1)
+ '188.95.146.131', #4, distinct: 1)
+ '173.194.70.154', #61, distinct: 39)
+ '173.194.70.155', #61, distinct: 37)
+ '173.194.70.156', #66, distinct: 42)
+ '173.194.70.157', #50, distinct: 34)
+ '165.193.245.84', #57, distinct: 6)
+ '112.175.227.217', #3, distinct: 1)
+ '70.32.132.54', #313, distinct: 88)
+ '122.228.202.156', #2, distinct: 1)
+ '8.27.131.126', #9, distinct: 1)
+ '107.21.110.83', #1, distinct: 1)
+ '123.196.120.182', #6, distinct: 1)
+ '58.6.33.109', #1, distinct: 1)
+ '91.143.226.9', #9, distinct: 1)
+ '66.151.232.17', #30, distinct: 1)
+ '84.22.168.58', #2, distinct: 1)
+ '2.18.175.139', #1, distinct: 1)
+ '91.121.42.18', #10, distinct: 1)
+ '107.20.164.39', #37, distinct: 24)
+ '209.114.41.214', #2, distinct: 1)
+ '110.45.160.215', #4, distinct: 1)
+ '110.45.160.217', #3, distinct: 3)
+ '211.240.60.82', #6, distinct: 1)
+ '211.136.85.208', #29, distinct: 2)
+ '66.220.158.54', #7, distinct: 1)
+ '87.106.30.33', #1, distinct: 1)
+ 'unknown', #2, distinct: 2)
+ '204.16.242.151', #1, distinct: 1)
+ '118.139.186.1', #6, distinct: 3)
+ '183.60.196.56', #12, distinct: 1)
+ '38.96.148.65', #5, distinct: 1)
+ '205.251.242.197', #3, distinct: 1)
+ '223.255.134.98', #24, distinct: 1)
+ '199.59.149.230', #8, distinct: 2)
+ '173.194.65.141', #1, distinct: 1)
+ '173.194.70.141', #5, distinct: 3)
+ '210.171.135.116', #1, distinct: 1)
+ '210.171.135.117', #1, distinct: 1)
+ '210.171.135.115', #9, distinct: 4)
+ '210.171.135.118', #6, distinct: 4)
+ '174.129.211.219', #13, distinct: 1)
+ '173.241.240.153', #1, distinct: 1)
+ '64.7.194.247', #2, distinct: 1)
+ '87.104.236.199', #1, distinct: 1)
+ '58.83.208.70', #5, distinct: 1)
+ '109.193.192.152', #13, distinct: 7)
+ '109.193.192.153', #22, distinct: 7)
+ '184.73.197.27', #11, distinct: 7)
+ '66.147.242.184', #10, distinct: 1)
+ '211.234.125.200', #3, distinct: 1)
+ '66.211.168.66', #4, distinct: 1)
+ '72.21.211.200', #2, distinct: 1)
+ '27.96.52.75', #1, distinct: 1)
+ '216.205.25.33', #2, distinct: 1)
+ '69.72.194.90', #2, distinct: 1)
+ '70.32.130.40', #2, distinct: 2)
+ '109.193.192.162', #3, distinct: 3)
+ '69.63.190.12', #1, distinct: 1)
+ '175.41.150.91', #2, distinct: 1)
+ '184.172.209.251', #21, distinct: 5)
+ '121.14.234.180', #1, distinct: 1)
+ '184.73.230.183', #2, distinct: 1)
+ '50.23.12.23', #5, distinct: 1)
+ '217.20.135.20', #1, distinct: 1)
+ '203.171.30.77', #14, distinct: 1)
+ '213.4.130.112', #3, distinct: 1)
+ '116.120.57.3', #4, distinct: 2)
+ '174.36.200.146', #3, distinct: 1)
+ '174.36.200.147', #1, distinct: 1)
+ '85.25.97.198', #3, distinct: 1)
+ '69.174.245.162', #12, distinct: 1)
+ '61.220.104.63', #4, distinct: 1)
+ '99.146.175.19', #7, distinct: 1)
+ '202.175.83.21', #2, distinct: 1)
+ '207.171.185.201', #2, distinct: 1)
+ '151.1.68.25', #18, distinct: 1)
+ '210.71.219.51', #9, distinct: 1)
+ '210.71.219.50', #5, distinct: 1)
+ '74.125.71.141', #3, distinct: 1)
+ '69.171.242.23', #4, distinct: 2)
+ '69.63.189.32', #2, distinct: 1)
+ '173.194.69.103', #3, distinct: 1)
+ '95.172.94.62', #2, distinct: 1)
+ '65.182.101.156', #7, distinct: 1)
+ '94.127.76.170', #6, distinct: 1)
+ '127.0.0.1', #14, distinct: 2)
+ '173.194.70.139', #8, distinct: 3)
+ '80.91.79.37', #23, distinct: 1)
+ '80.120.3.103', #2, distinct: 1)
+ '174.140.140.34', #3, distinct: 1)
+ '98.137.223.105', #5, distinct: 5)
+ '75.101.162.96', #1, distinct: 1)
+ '194.158.132.89', #4, distinct: 1)
+ '204.41.1.36', #4, distinct: 1)
+ '212.201.100.149', #3, distinct: 1)
+ '199.59.148.87', #4, distinct: 1)
+ '184.173.8.190', #5, distinct: 1)
+ '66.211.171.194', #4, distinct: 2)
+ '212.242.37.110', #2, distinct: 1)
+ '182.50.146.128', #28, distinct: 1)
+ '117.79.88.203', #38, distinct: 10)
+ '211.244.82.25', #4, distinct: 1)
+ '209.85.148.141', #8, distinct: 2)
+ '173.194.70.138', #1, distinct: 1)
+ '74.125.79.121', #1, distinct: 1)
+ '173.194.69.106', #2, distinct: 1)
+ '4.23.38.254', #2, distinct: 1)
+ '212.201.100.186', #13, distinct: 9)
+ '190.183.59.240', #24, distinct: 1)
+ '125.141.149.139', #5, distinct: 1)
+ '31.186.231.25', #1, distinct: 1)
+ '125.141.149.133', #1, distinct: 1)
+ '174.132.56.121', #2, distinct: 1)
+ '184.168.54.1', #2, distinct: 1)
+ '196.38.83.82', #11, distinct: 1)
+ '203.249.102.34', #2, distinct: 1)
+ '58.181.248.4', #23, distinct: 1)
+ '107.22.251.194', #2, distinct: 2)
+ '174.123.20.130', #5, distinct: 1)
+ '173.194.70.121', #1, distinct: 1)
+ '173.194.70.120', #36, distinct: 29)
+ '184.168.69.138', #1, distinct: 1)
+ '109.193.192.138', #6, distinct: 2)
+ '183.111.12.20', #12, distinct: 1)
+ '92.123.68.41', #1, distinct: 1)
+ '173.194.69.139', #1, distinct: 1)
+ '213.186.33.19', #1, distinct: 1)
+ '184.73.183.161', #2, distinct: 1)
+ '107.20.164.42', #46, distinct: 26)
+ '59.120.212.55', #14, distinct: 1)
+ '209.85.148.157', #77, distinct: 53)
+ '50.19.126.45', #1, distinct: 1)
+ '209.85.148.155', #78, distinct: 52)
+ '209.85.148.154', #85, distinct: 52)
+ '64.94.140.201', #1, distinct: 1)
+ '50.16.204.38', #14, distinct: 9)
+ '216.74.41.14', #20, distinct: 6)
+ '184.106.124.83', #1, distinct: 1)
+ '122.11.61.106', #11, distinct: 1)
+ '80.63.11.86', #1, distinct: 1)
+ '141.101.125.232', #21, distinct: 11)
+ '210.134.60.21', #7, distinct: 2)
+ '50.18.57.251', #15, distinct: 2)
+ '120.88.53.33', #4, distinct: 1)
+ '107.21.215.230', #8, distinct: 1)
+ '82.165.217.226', #15, distinct: 1)
+ '204.236.198.221', #1, distinct: 1)
+ '184.169.78.33' #2, distinct: 1)
+ ]
+
+gwListWrite = [
+ '205.234.238.42', #1, distinct: 1)
+ '173.194.65.118', #5, distinct: 4)
+ '219.234.85.220', #2, distinct: 1)
+ '165.193.245.41', #3, distinct: 1)
+ '174.35.66.78', #1, distinct: 1)
+ '209.85.148.120', #6, distinct: 5)
+ '216.35.221.76', #1, distinct: 1)
+ '64.234.192.37', #1, distinct: 1)
+ '50.16.251.238', #1, distinct: 1)
+ '203.145.77.89', #1, distinct: 1)
+ '80.92.76.28', #4, distinct: 2)
+ '174.129.198.92', #1, distinct: 1)
+ '50.23.12.23', #3, distinct: 1)
+ '69.174.245.162', #14, distinct: 1)
+ '202.45.165.135', #1, distinct: 1)
+ '212.68.137.219', #1, distinct: 1)
+ '173.194.70.102', #2, distinct: 1)
+ '96.46.148.190', #322, distinct: 1)
+ '212.201.100.170', #4, distinct: 3)
+ '209.85.148.139', #1, distinct: 1)
+ '199.59.148.82', #1, distinct: 1)
+ '194.232.15.25', #1, distinct: 1)
+ '14.63.214.51', #6, distinct: 1)
+ '74.50.95.18', #2, distinct: 2)
+ '50.62.1.47', #5, distinct: 3)
+ '68.233.254.129', #2, distinct: 1)
+ '61.111.245.252', #2, distinct: 1)
+ '222.122.140.152', #5, distinct: 1)
+ '38.96.148.65', #2, distinct: 1)
+ '83.169.42.67', #4, distinct: 1)
+ '199.59.149.198', #1, distinct: 1)
+ '50.16.191.28', #4, distinct: 4)
+ '212.201.100.144', #1, distinct: 1)
+ '212.201.100.142', #1, distinct: 1)
+ '80.154.79.35', #1, distinct: 1)
+ '112.140.185.238', #2, distinct: 1)
+ '205.234.175.175', #13, distinct: 8)
+ '109.193.192.161', #5, distinct: 2)
+ '195.70.49.3', #6, distinct: 1)
+ '209.85.148.101', #2, distinct: 2)
+ '209.85.148.102', #2, distinct: 2)
+ '173.241.240.12', #2, distinct: 2)
+ '69.63.181.47', #709, distinct: 1)
+ '184.168.54.1', #1, distinct: 1)
+ '107.20.150.111', #1, distinct: 1)
+ '66.211.169.74', #1, distinct: 1)
+ '209.200.227.229', #1, distinct: 1)
+ '173.194.70.95', #2, distinct: 1)
+ '207.171.163.226', #2, distinct: 1)
+ '69.28.152.76', #1, distinct: 1)
+ '213.186.41.151', #2, distinct: 1)
+ '217.196.148.17', #1, distinct: 1)
+ '78.46.120.231', #1, distinct: 1)
+ '206.130.170.35', #1, distinct: 1)
+ '50.17.231.154', #1, distinct: 1)
+ '141.101.124.232', #1, distinct: 1)
+ '217.20.135.20', #1, distinct: 1)
+ '209.85.148.118', #1, distinct: 1)
+ '207.171.163.152', #1, distinct: 1)
+ '81.169.145.153', #4, distinct: 1)
+ '184.18.181.12', #1, distinct: 1)
+ '66.211.168.136', #1, distinct: 1)
+ '199.59.149.200', #1, distinct: 1)
+ '173.194.70.154', #20, distinct: 14)
+ '173.194.70.155', #27, distinct: 13)
+ '173.194.70.156', #30, distinct: 15)
+ '173.194.70.157', #18, distinct: 9)
+ '165.193.245.84', #4, distinct: 4)
+ '112.175.227.217', #1, distinct: 1)
+ '70.32.132.54', #16, distinct: 12)
+ '66.151.232.17', #2, distinct: 1)
+ '91.121.42.18', #1, distinct: 1)
+ '107.20.164.39', #6, distinct: 6)
+ '193.93.174.118', #6, distinct: 1)
+ '110.45.140.48', #1, distinct: 1)
+ '66.220.158.54', #7, distinct: 1)
+ '107.20.194.188', #1, distinct: 1)
+ '211.240.60.82', #4, distinct: 1)
+ '183.60.196.56', #1, distinct: 1)
+ '118.139.186.1', #2, distinct: 2)
+ '223.255.134.98', #2, distinct: 1)
+ '199.59.149.230', #2, distinct: 2)
+ '110.45.229.135', #1, distinct: 1)
+ '116.120.57.3', #1, distinct: 1)
+ '210.171.135.115', #1, distinct: 1)
+ '210.171.135.118', #1, distinct: 1)
+ '174.129.211.219', #1, distinct: 1)
+ '64.56.194.150', #1, distinct: 1)
+ '69.162.67.179', #1, distinct: 1)
+ '109.193.192.152', #2, distinct: 1)
+ '184.169.78.33', #2, distinct: 1)
+ '66.147.242.184', #1, distinct: 1)
+ '211.234.125.200', #1, distinct: 1)
+ '66.211.168.66', #4, distinct: 1)
+ '216.205.25.33', #4, distinct: 1)
+ '69.72.194.90', #1, distinct: 1)
+ '207.46.203.78', #379, distinct: 1)
+ '92.42.123.97', #230, distinct: 1)
+ '8.27.130.126', #1, distinct: 1)
+ '87.248.217.253', #1, distinct: 1)
+ '61.220.104.63', #1, distinct: 1)
+ '99.146.175.19', #1, distinct: 1)
+ '202.175.83.21', #2, distinct: 1)
+ '210.71.219.51', #2, distinct: 1)
+ '69.171.242.23', #2, distinct: 1)
+ '69.63.189.32', #9, distinct: 1)
+ '121.189.24.194', #1, distinct: 1)
+ '127.0.0.1', #2, distinct: 2)
+ '80.120.3.103', #79, distinct: 1)
+ '204.41.1.36', #2, distinct: 1)
+ '182.50.146.128', #2, distinct: 1)
+ '117.79.88.203', #6, distinct: 6)
+ '173.194.70.138', #1, distinct: 1)
+ '212.201.100.186', #2, distinct: 2)
+ '190.183.59.240', #2, distinct: 1)
+ '216.137.61.221', #1, distinct: 1)
+ '210.96.235.111', #1, distinct: 1)
+ '196.38.83.82', #2, distinct: 1)
+ '203.249.102.34', #1, distinct: 1)
+ '58.181.248.4', #2, distinct: 1)
+ '174.123.20.130', #1, distinct: 1)
+ '173.194.70.120', #8, distinct: 6)
+ '184.168.69.138', #1, distinct: 1)
+ '109.193.192.138', #3, distinct: 2)
+ '183.111.12.20', #1, distinct: 1)
+ '107.20.164.42', #5, distinct: 3)
+ '59.120.212.55', #1, distinct: 1)
+ '209.85.148.157', #30, distinct: 17)
+ '209.85.148.156', #21, distinct: 14)
+ '209.85.148.155', #27, distinct: 15)
+ '209.85.148.154', #38, distinct: 13)
+ '64.94.140.201', #2, distinct: 1)
+ '216.74.41.14', #1, distinct: 1)
+ '174.120.170.9', #3, distinct: 1)
+ '122.11.61.106', #1, distinct: 1)
+ '141.101.125.232', #1, distinct: 1)
+ '210.134.60.21', #6, distinct: 1)
+ '50.18.57.251', #12, distinct: 2)
+ '120.88.53.33', #1, distinct: 1)
+ '82.165.217.226', #9, distinct: 1)
+ '109.193.192.153', #1, distinct: 1)
+ ]
+
+mwListRead = [
+ '173.194.70.154', #8, distinct: 2)
+ '173.194.70.155', #11, distinct: 3)
+ '173.194.70.156', #1, distinct: 1)
+ '50.19.117.244', #1, distinct: 1)
+ '107.22.194.172', #1, distinct: 1)
+ '207.97.227.245', #20, distinct: 1)
+ '107.20.132.78', #1, distinct: 1)
+ '119.254.87.201', #16, distinct: 1)
+ '165.193.245.41', #6, distinct: 4)
+ '220.181.111.147', #1, distinct: 1)
+ '94.127.76.140', #2, distinct: 1)
+ '173.194.70.113', #1, distinct: 1)
+ '116.255.202.188', #48, distinct: 1)
+ '211.151.139.246', #6, distinct: 1)
+ '98.129.229.189', #1, distinct: 1)
+ '173.194.69.103', #2, distinct: 2)
+ '114.80.156.144', #12, distinct: 1)
+ '173.194.69.104', #2, distinct: 1)
+ '127.0.0.1', #3, distinct: 1)
+ '82.98.86.161', #3, distinct: 2)
+ '209.85.148.100', #2, distinct: 1)
+ '209.85.148.101', #1, distinct: 1)
+ '209.85.148.102', #1, distinct: 1)
+ '50.19.125.229', #1, distinct: 1)
+ 'unknown', #3, distinct: 1)
+ '70.32.132.54', #8, distinct: 4)
+ '107.21.236.243', #3, distinct: 1)
+ '184.73.194.128', #11, distinct: 1)
+ '114.255.171.253', #28, distinct: 1)
+ '58.63.244.76', #10, distinct: 1)
+ '123.126.51.197', #2, distinct: 1)
+ '124.232.145.39', #11, distinct: 1)
+ '74.220.223.124', #12, distinct: 2)
+ '62.157.140.133', #3, distinct: 1)
+ '80.156.86.78', #1, distinct: 1)
+ '74.220.199.6', #6, distinct: 1)
+ '173.192.187.130', #5, distinct: 1)
+ '202.91.248.158', #5, distinct: 2)
+ '123.103.103.108', #4, distinct: 1)
+ '59.151.123.133', #6, distinct: 1)
+ '118.26.192.171', #20, distinct: 1)
+ '162.105.131.113', #3, distinct: 2)
+ '59.151.123.134', #4, distinct: 1)
+ '208.91.197.104', #4, distinct: 2)
+ '211.100.97.91', #4, distinct: 1)
+ '219.238.160.86', #11, distinct: 1)
+ '209.85.148.157', #23, distinct: 4)
+ '107.22.188.195', #1, distinct: 1)
+ '209.85.148.155', #5, distinct: 2)
+ '209.85.148.154', #32, distinct: 5)
+ '74.220.199.8', #26, distinct: 4)
+ '216.74.41.14', #5, distinct: 1)
+ '107.21.237.183', #3, distinct: 2)
+ '122.11.61.106', #60, distinct: 1)
+ '222.89.191.11', #5, distinct: 2)
+ '58.63.244.77', #19, distinct: 1)
+ '59.151.121.116', #22, distinct: 1)
+ '122.11.61.102', #10, distinct: 1)
+ '91.213.175.148', #39, distinct: 4)
+ '112.125.65.152', #14, distinct: 1)
+ '124.207.233.124', #13, distinct: 1)
+ '216.157.12.18', #11, distinct: 1)
+ '107.21.238.43', #1, distinct: 1)
+ ]
+
+mwListWrite = [
+ '173.194.70.154', #9, distinct: 2)
+ '173.194.70.155', #16, distinct: 3)
+ '173.194.70.156', #2, distinct: 1)
+ '207.97.227.245', #313, distinct: 1)
+ '114.255.171.253', #55, distinct: 1)
+ '165.193.245.41', #18, distinct: 4)
+ '118.26.192.171', #25, distinct: 1)
+ '94.127.76.140', #1, distinct: 1)
+ '116.255.202.188', #42, distinct: 1)
+ '211.151.139.246', #3, distinct: 1)
+ '114.80.156.144', #24, distinct: 1)
+ '173.194.69.104', #2, distinct: 1)
+ '127.0.0.1', #2, distinct: 1)
+ '82.98.86.161', #1, distinct: 1)
+ '123.103.103.108', #1, distinct: 1)
+ 'unknown', #2, distinct: 1)
+ '70.32.132.54', #14, distinct: 4)
+ '220.181.111.147', #5, distinct: 1)
+ '184.73.194.128', #1, distinct: 1)
+ '58.63.244.76', #101, distinct: 1)
+ '123.126.51.197', #28, distinct: 1)
+ '124.232.145.39', #40, distinct: 1)
+ '74.220.223.124', #4, distinct: 2)
+ '112.25.14.13', #1, distinct: 1)
+ '62.157.140.133', #1, distinct: 1)
+ '80.156.86.78', #1, distinct: 1)
+ '74.220.199.6', #4, distinct: 1)
+ '173.192.187.130', #10, distinct: 1)
+ '202.91.248.158', #17, distinct: 2)
+ '59.151.123.133', #31, distinct: 1)
+ '162.105.131.113', #9, distinct: 2)
+ '59.151.123.134', #29, distinct: 1)
+ '211.100.97.91', #47, distinct: 1)
+ '219.238.160.86', #37, distinct: 1)
+ '209.85.148.157', #39, distinct: 4)
+ '209.85.148.155', #9, distinct: 2)
+ '209.85.148.154', #53, distinct: 5)
+ '74.220.199.8', #4, distinct: 2)
+ '107.21.237.183', #1, distinct: 1)
+ '122.11.61.106', #58, distinct: 2)
+ '222.89.191.11', #3, distinct: 2)
+ '58.63.244.77', #79, distinct: 1)
+ '59.151.121.116', #18, distinct: 1)
+ '122.11.61.102', #104, distinct: 1)
+ '91.213.175.148', #413, distinct: 4)
+ '112.125.65.152', #45, distinct: 1)
+ '124.207.233.124', #1, distinct: 1)
+ '216.157.12.18', #9, distinct: 1)
+ ]
+
+googleList = [
+ '173.241.240.12',
+ '173.194.70.120',
+ '173.194.70.141',
+ '173.194.70.154',
+ '173.194.70.155',
+ '173.194.70.156',
+ '173.194.70.157',
+ '173.194.65.118',
+ '173.194.69.103',
+ '175.158.9.170',
+ '175.158.9.171',
+ '175.158.9.172',
+ '175.158.9.173',
+ '209.85.148.120',
+ '209.85.148.100',
+ '209.85.148.101',
+ '209.85.148.102',
+ '209.85.148.139',
+ '209.85.148.141',
+ '209.85.148.154',
+ '209.85.148.155',
+ '209.85.148.156',
+ '209.85.148.157',
+ ]
+
+matchedItems = []
+for item in gwListRead:
+ if item in mwListRead:
+ if not item in matchedItems: matchedItems.append(item)
+ elif item in mwListWrite:
+ if not item in matchedItems: matchedItems.append(item)
+
+for item in gwListWrite:
+ if item in mwListRead:
+ if not item in matchedItems: matchedItems.append(item)
+ elif item in mwListWrite:
+ if not item in matchedItems: matchedItems.append(item)
+
+matchedItems.sort()
+print len(matchedItems)
+print matchedItems
+
+print 'Without Google'
+for item in matchedItems:
+ if not item in googleList:
+ print '- %s' % item
View
BIN  mobile_sandbox/mobile_sandbox.db
Binary file not shown
View
1  taintdroid_runner.py
@@ -307,6 +307,7 @@ def runApp(self, theEmulator, theApp, theSteps):
theEmulator.startLogcatRedirect(logcatRedirectFile, self.maxLogcatSize)
# Switch on taint tracking
+ #theEmulator.setProperty('tdroid.global.taintmask', '7176')
theEmulator.changeGlobalTaintLogState('1', True)
# Start all services
View
63 taintlog_analyzer.py
@@ -47,7 +47,7 @@ def setLogFile(self, theFile):
logFile = open(theFile, 'r')
for line in logFile:
self.logLines.append(line)
- self.numControlChars = 2
+ self.numControlChars = 1
def setLogString(self, theStr):
"""
@@ -174,7 +174,9 @@ def postProcessLogObjects(self, theDeleteStaleObjectsFlag=True):
- Set file path for OSFileAccess
"""
cipherUsageDict = {}
-
+ netUsageDict = {}
+ fileSystemUsageDict = {}
+
filteredLogEntryList = []
logEntryIndex = 0
for logEntry in self.logEntryList:
@@ -228,6 +230,46 @@ def postProcessLogObjects(self, theDeleteStaleObjectsFlag=True):
timestamp=logEntry.timestamp)
cipherUsageDict[logEntry.id] = [cipherUsageLogEntry, [logEntryIndex]]
self.log.info("CipherUsageLogEntry with action '%s' found without starting init" % logEntry.action)
+
+ # Network cleaning (combine multiple calls)
+ if isinstance(logEntry, NetworkSendLogEntry):
+ if logEntry.taintLogId == 0: continue
+ if netUsageDict.has_key(logEntry.taintLogId):
+ netUsageDict[logEntry.taintLogId][0].tag = TaintTagEnum.appendTaintTags(netUsageDict[logEntry.taintLogId][0].tag, logEntry.tag)
+ netUsageDict[logEntry.taintLogId][0].data = netUsageDict[logEntry.taintLogId][0].data + logEntry.data
+ netUsageDict[logEntry.taintLogId][1].append(logEntryIndex)
+
+ else:
+ netSendLogEntry = NetworkSendLogEntry(action=logEntry.action,
+ tag=logEntry.tag,
+ destination=logEntry.destination,
+ port=logEntry.port,
+ taintLogId=logEntry.taintLogId,
+ data=logEntry.data,
+ stackTraceStr=logEntry.stackTraceStr,
+ stackTrace=logEntry.stackTrace,
+ timestamp=logEntry.timestamp)
+ netUsageDict[logEntry.taintLogId] = [netSendLogEntry, [logEntryIndex]]
+
+ # File system cleaning (combine multiple calls)
+ if isinstance(logEntry, FileSystemLogEntry):
+ if logEntry.taintLogId == 0: continue
+ if fileSystemUsageDict.has_key(logEntry.taintLogId):
+ fileSystemUsageDict[logEntry.taintLogId][0].tag = TaintTagEnum.appendTaintTags(fileSystemUsageDict[logEntry.taintLogId][0].tag, logEntry.tag)
+ fileSystemUsageDict[logEntry.taintLogId][0].data = fileSystemUsageDict[logEntry.taintLogId][0].data + logEntry.data
+ fileSystemUsageDict[logEntry.taintLogId][1].append(logEntryIndex)
+
+ else:
+ fileSystemLogEntry = NetworkSendLogEntry(action=logEntry.action,
+ tag=logEntry.tag,
+ fileDescriptor=logEntry.fileDescriptor,
+ filePath=logEntry.filePath,
+ taintLogId=logEntry.taintLogId,
+ data=logEntry.data,
+ stackTraceStr=logEntry.stackTraceStr,
+ stackTrace=logEntry.stackTrace,
+ timestamp=logEntry.timestamp)
+ fileSystemUsageDict[logEntry.taintLogId] = [fileSystemLogEntry, [logEntryIndex]]
# Update index
logEntryIndex += 1
@@ -241,6 +283,14 @@ def postProcessLogObjects(self, theDeleteStaleObjectsFlag=True):
for id, logEntry in cipherUsageDict.iteritems():
delLogEntryIdxList.extend(logEntry[1])
+ # Net log entry
+ for id, logEntry in netUsageDict.iteritems():
+ delLogEntryIdxList.extend(logEntry[1])
+
+ # File system log entry
+ for id, logEntry in fileSystemUsageDict.iteritems():
+ delLogEntryIdxList.extend(logEntry[1])
+
# Do drop
self.__deleteStaleLogObjects(delLogEntryIdxList)
@@ -249,6 +299,15 @@ def postProcessLogObjects(self, theDeleteStaleObjectsFlag=True):
for id, logEntry in cipherUsageDict.iteritems():
self.logEntryList.append(logEntry[0])
+ # Add cleaned network objects
+ for id, logEntry in netUsageDict.iteritems():
+ self.logEntryList.append(logEntry[0])
+
+ # Add cleaned file system objects
+ for id, logEntry in fileSystemUsageDict.iteritems():
+ self.logEntryList.append(logEntry[0])
+
+
def __deleteStaleLogObjects(self, theDelLogEntryIdxList):
"""
Delete all log entries whose indices are included in the provided
View
40 taintlog_json.py
@@ -142,11 +142,11 @@ def doesMatch(self, theOther):
def getOverviewLogStr(self):
return 'CallAction, dialString: %s' % (self.dialString)
- def getHtmlReportColumnList(self):
+ def getHtmlReportColumnList(self, theDetailsFlag=True):
columnList = [TaintTagEnum.getTaintString(self.tag)]
columnList.append(self.dialString)
- columnList.append(self.timestamp)
- columnList.append(self.stackTraceStr)
+ if theDetailsFlag: columnList.append(self.timestamp)
+ if theDetailsFlag: columnList.append(self.stackTraceStr)
return columnList
@@ -177,7 +177,7 @@ def doesMatch(self, theOther):
def getOverviewLogStr(self):
return 'CipherUsage (%s), id: %d, tag: %s, mode: %d' % (self.action, self.id, TaintTagEnum.getTaintString(self.tag), self.mode)
- def getHtmlReportColumnList(self):
+ def getHtmlReportColumnList(self, theDetailsFlag=True):
columnList = [TaintTagEnum.getTaintString(self.tag)]
if self.mode == CipherModeEnum.ENCRYPT_MODE:
columnList.append('encrypt')
@@ -185,8 +185,8 @@ def getHtmlReportColumnList(self):
else:
columnList.append('decrypt')
columnList.append(self.output)
- columnList.append(self.timestamp)
- columnList.append(self.stackTraceStr)
+ if theDetailsFlag: columnList.append(self.timestamp)
+ if theDetailsFlag: columnList.append(self.stackTraceStr)
return columnList
class FileSystemLogEntry(BaseLogEntry):
@@ -218,14 +218,14 @@ def doesMatch(self, theOther):
def getOverviewLogStr(self):
return 'FileSystemAccess (%s), tag: %s, file: %s (%d)' % (TaintLogActionEnum.getActionString(self.action), TaintTagEnum.getTaintString(self.tag), self.filePath, self.fileDescriptor)
- def getHtmlReportColumnList(self):
+ def getHtmlReportColumnList(self, theDetailsFlag=True):
columnList = [TaintTagEnum.getTaintString(self.tag)]
columnList.append(TaintLogActionEnum.getActionString(self.action))
columnList.append(self.filePath)
- columnList.append('%d' % self.taintLogId)
+ if theDetailsFlag: columnList.append('%d' % self.taintLogId)
columnList.append(self.data)
- columnList.append(self.timestamp)
- columnList.append(self.stackTraceStr)
+ if theDetailsFlag: columnList.append(self.timestamp)
+ if theDetailsFlag: columnList.append(self.stackTraceStr)
return columnList
class NetworkSendLogEntry(BaseLogEntry):
@@ -259,14 +259,14 @@ def doesMatch(self, theOther):
def getOverviewLogStr(self):
return 'NetworkAccess (%s), tag: %s, destination: %s:%d' % (TaintLogActionEnum.getActionString(self.action), TaintTagEnum.getTaintString(self.tag), self.destination, self.port)
- def getHtmlReportColumnList(self):
+ def getHtmlReportColumnList(self, theDetailsFlag=True):
columnList = [TaintTagEnum.getTaintString(self.tag)]
columnList.append(TaintLogActionEnum.getActionString(self.action))
columnList.append('%s:%d' % (self.destination, self.port))
- columnList.append('%d' % self.taintLogId)
+ if theDetailsFlag: columnList.append('%d' % self.taintLogId)
columnList.append(self.data)
- columnList.append(self.timestamp)
- columnList.append(self.stackTraceStr)
+ if theDetailsFlag: columnList.append(self.timestamp)
+ if theDetailsFlag: columnList.append(self.stackTraceStr)
return columnList
class SSLLogEntry(BaseLogEntry):
@@ -297,13 +297,13 @@ def doesMatch(self, theOther):
def getOverviewLogStr(self):
return 'SSL (%s), tag: %s, destination: %s:%d' % (TaintLogActionEnum.getActionString(self.action), TaintTagEnum.getTaintString(self.tag), self.destination, self.port)
- def getHtmlReportColumnList(self):
+ def getHtmlReportColumnList(self, theDetailsFlag=True):
columnList = [TaintTagEnum.getTaintString(self.tag)]
columnList.append(TaintLogActionEnum.getActionString(self.action))
columnList.append('%s:%d' % (self.destination, self.port))
columnList.append(self.data)
- columnList.append(self.timestamp)
- columnList.append(self.stackTraceStr)
+ if theDetailsFlag: columnList.append(self.timestamp)
+ if theDetailsFlag: columnList.append(self.stackTraceStr)
return columnList
class SendSmsLogEntry(BaseLogEntry):
@@ -344,15 +344,15 @@ def doesMatch(self, theOther):
def getOverviewLogStr(self):
return 'SMS (%s), tag: %s, destination: %s (%s), source: %s, text: %s, timestamp: %s' % (TaintLogActionEnum.getActionString(self.action), TaintTagEnum.getTaintString(self.tag), self.destination, TaintTagEnum.getTaintString(self.destinationTag), self.scAddress, self.text, self.timestamp)
- def getHtmlReportColumnList(self):
+ def getHtmlReportColumnList(self, theDetailsFlag=True):
columnList = [TaintTagEnum.getTaintString(self.tag)]
columnList.append(TaintLogActionEnum.getActionString(self.action))
columnList.append(self.scAddress)
columnList.append(self.destination)
columnList.append(TaintTagEnum.getTaintString(self.destinationTag))
columnList.append(self.text)
- columnList.append(self.timestamp)
- columnList.append(self.stackTraceStr)
+ if theDetailsFlag: columnList.append(self.timestamp)
+ if theDetailsFlag: columnList.append(self.stackTraceStr)
return columnList
Please sign in to comment.
Something went wrong with that request. Please try again.