Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

data filtering after user's choice fully working

  • Loading branch information...
commit d44dd5a46a4550c9549a67b25ec019de7fec42c2 1 parent 80b20e5
maaaaz authored
View
68 androwarn/analysis/analysis.py
@@ -112,65 +112,65 @@ def perform_analysis(apk_file, a, d, x, no_connection) :
data = []
data.append(
- { "application_information" :
+ { 'application_information' :
[
- ( "application_name", [app_name] ),
- ( "application_version", [grab_androidversion_name(a)] ),
- ( "package_name", [app_package_name] ),
- ( "description", app_description )#inserer icone dans desc
+ ( 'application_name', [app_name] ),
+ ( 'application_version', [grab_androidversion_name(a)] ),
+ ( 'package_name', [app_package_name] ),
+ ( 'description', app_description )
]
}
)
data.append(
- { "analysis_results" :
+ { 'analysis_results' :
[
- ( "telephony_identifiers_leakage", gather_telephony_identifiers_leakage(x) ),
- ( "device_settings_harvesting", gather_device_settings_harvesting(x) ),
- ( "location_lookup", gather_location_lookup(x) ),
- ( "connection_interfaces_exfiltration", gather_connection_interfaces_exfiltration(x) ),
- ( "telephony_services_abuse", gather_telephony_services_abuse(x) ),
- ( "audio_video_eavesdropping", gather_audio_video_eavesdropping(x) ),
- ( "suspicious_connection_establishment",gather_suspicious_connection_establishment(x) ),
- ( "PIM_data_leakage", gather_PIM_data_leakage(x) ),
- ( "code_execution", gather_code_execution(x) ),
+ ( 'telephony_identifiers_leakage', gather_telephony_identifiers_leakage(x) ),
+ ( 'device_settings_harvesting', gather_device_settings_harvesting(x) ),
+ ( 'location_lookup', gather_location_lookup(x) ),
+ ( 'connection_interfaces_exfiltration', gather_connection_interfaces_exfiltration(x) ),
+ ( 'telephony_services_abuse', gather_telephony_services_abuse(x) ),
+ ( 'audio_video_eavesdropping', gather_audio_video_eavesdropping(x) ),
+ ( 'suspicious_connection_establishment', gather_suspicious_connection_establishment(x) ),
+ ( 'PIM_data_leakage', gather_PIM_data_leakage(x) ),
+ ( 'code_execution', gather_code_execution(x) ),
],
}
)
data.append(
- { "apk_file" :
+ { 'apk_file' :
[
- ( "apk_file_name", [grab_filename(a)] ),
- ( "SHA-1_hash", [grab_apk_file_sha1_hash(apk_file)] ),
- ( "file_list", grab_file_list(a) ),
- ( "certificate_information", grab_certificate_information(a) )
+ ( 'apk_file_name', [grab_filename(a)] ),
+ ( 'SHA-1_hash', [grab_apk_file_sha1_hash(apk_file)] ),
+ ( 'file_list', grab_file_list(a) ),
+ ( 'certificate_information', grab_certificate_information(a) )
]
}
)
data.append(
- { "androidmanifest.xml" :
+ { 'androidmanifest.xml' :
[
- ( "main_activity", [grab_main_activity(a)] ),
- ( "activities", grab_activities(a) ),
- ( "receivers", grab_services(a) ),
- ( "providers", grab_providers(a) ),
- ( "permissions", grab_permissions(a) ),
- ( "features", grab_features(a) ),
- ( "librairies", grab_libraries(a) )
+ ( 'main_activity', [grab_main_activity(a)] ),
+ ( 'activities', grab_activities(a) ),
+ ( 'receivers', grab_services(a) ),
+ ( 'providers', grab_providers(a) ),
+ ( 'permissions', grab_permissions(a) ),
+ ( 'features', grab_features(a) ),
+ ( 'libraries', grab_libraries(a) )
]
}
)
data.append(
- { "apis_used" :
+ { 'apis_used' :
[
- ( "classes_list", grab_classes_list(x) ),
- ( "internal_classes_list", grab_internal_classes_list(x) ),
- ( "external_classes_list", grab_external_classes_list(x) ),
- ( "internal_packages_list", grab_internal_packages_list(x) ),
- ( "external_packages_list", grab_external_packages_list(x) )
+ ( 'classes_list', grab_classes_list(x) ),
+ ( 'internal_classes_list', grab_internal_classes_list(x) ),
+ ( 'external_classes_list', grab_external_classes_list(x) ),
+ ( 'internal_packages_list', grab_internal_packages_list(x) ),
+ ( 'external_packages_list', grab_external_packages_list(x) )
]
}
)
View
153 androwarn/report/report.py
@@ -49,71 +49,97 @@
VERBOSE_EXPERT = '3'
VERBOSE_LEVEL = [VERBOSE_ESSENTIAL, VERBOSE_ADVANCED, VERBOSE_EXPERT]
-# Analysis data levels (must match with the analysis module)
-data_level = [
- # Application
- { 'application_package_name' : 1 },
- { 'application_name' : 1 } ,
- { 'application_description' : 1 } ,
-
- # APK
- { 'apk_file_SHA1_hash' : 1 },
- { 'apk_file_name' : 1 },
- { 'file_list' : 2 },
-
- # Manifest
- { 'androidversion_code' : 3 },
- { 'androidversion_name' : 2 },
- { 'main_activity' : 3 },
- { 'activities' : 3 },
- { 'services' : 3 },
- { 'receivers' : 3 },
- { 'providers' : 3 },
- { 'permissions' : 1 },
- { 'features' : 2 },
- { 'libraries' : 2 },
- { 'certificate_information' : 2 },
-
- # Malicious Behaviours Detection
- # -- Telephony identifiers leakage
- { 'telephony_identifiers_leakage' : 1 },
-
- # -- Device settings harvesting
- { 'device_settings_harvesting' : 1 },
-
- # -- Physical location lookup
- { 'location_lookup' : 1 },
+def filter_analysis_results(data, verbosity) :
+
+ # Analysis data levels (must match with the analysis module)
+ data_level = {
+ # Application
+ 'application_name' : 1 ,
+ 'application_version' : 1 ,
+ 'package_name' : 1 ,
+ 'description' : 1 ,
+
+
+ # Malicious Behaviours Detection
+ # -- Telephony identifiers leakage
+ 'telephony_identifiers_leakage' : 1 ,
+
+ # -- Device settings harvesting
+ 'device_settings_harvesting' : 1 ,
+
+ # -- Physical location lookup
+ 'location_lookup' : 1 ,
- # -- Connection interfaces information exfiltration
- { 'connection_interfaces_exfiltration' : 1 },
+ # -- Connection interfaces information exfiltration
+ 'connection_interfaces_exfiltration' : 1 ,
- # -- Telephony services abuse
- { 'telephony_services_abuse' : 1 },
-
- # -- Audio/Video eavesdropping
- { 'media_recorder_abuse' : 1 },
-
- # -- Suspicious connection establishment
- { 'suspicious_connection_establishment' : 1 },
+ # -- Telephony services abuse
+ 'telephony_services_abuse' : 1 ,
+
+ # -- Audio/Video eavesdropping
+ 'audio_video_eavesdropping' : 1 ,
+
+ # -- Suspicious connection establishment
+ 'suspicious_connection_establishment' : 1 ,
- # -- PIM dataleakage
- { 'PIM_data_leakage' : 1 },
+ # -- PIM dataleakage
+ 'PIM_data_leakage' : 1 ,
+
+ # -- Native code execution
+ 'code_execution' : 1 ,
+
+ # APK
+ 'apk_file_name' : 1 ,
+ 'SHA-1_hash' : 1 ,
+ 'file_list' : 2 ,
+ 'certificate_information' : 2 ,
+
+
+ # Manifest
+ 'main_activity' : 3 ,
+ 'activities' : 3 ,
+ 'services' : 3 ,
+ 'receivers' : 3 ,
+ 'providers' : 3 ,
+ 'permissions' : 1 ,
+ 'features' : 2 ,
+ 'libraries' : 2 ,
+
+
+ # APIs
+ 'classes_list' : 3 ,
+ 'internal_classes_list' : 3 ,
+ 'external_classes_list' : 3 ,
+ 'internal_packages_list' : 3 ,
+ 'external_packages_list' : 3
+ }
+
+ if data :
+ purge_category = []
+
+ for category_index, item in enumerate(data) :
+ for category, element_tuple in item.iteritems() :
+ purge_tuple = []
+
+ for tuple_index, tuple in enumerate(element_tuple) :
+ name, content = tuple
+
+ # if the defined level for an item is above the user's chosen verbosity, remove it
+ if (name in data_level) and (int(data_level[name]) > int(verbosity)) :
+ purge_tuple.append(tuple_index)
+ elif not(name in data_level) :
+ log.error("'%s' item has no defined level of verbosity", name)
- # -- Native code execution
- { 'code_execution' : 1 },
+ clean_list(element_tuple,purge_tuple)
+ # if there's no item for a category, remove the entire category
+ if not(element_tuple) :
+ purge_category.append(category_index)
+
+ clean_list(data,purge_category)
- # Code
- # -- Classes
- { 'classes_list' : 3 },
- { 'internal_new_classes_list' : 3 },
- { 'external_classes_list' : 3 },
- { 'internal_packages_list' : 3 },
- { 'internal_new_packages_list' : 3 },
- { 'external_packages_list' : 3 }
-
- ]
-
+
+ return data
def generate_report_txt(data,verbosity, report, output_file) :
@@ -125,9 +151,9 @@ def generate_report_txt(data,verbosity, report, output_file) :
"""
output_file = "%s%s.txt" % (OUTPUT_DIR, output_file)
- with open(output_file, 'w') as fd :
- dump_analysis_results(data, fd)
- fd.close()
+ with open(output_file, 'w') as f_out :
+ dump_analysis_results(data, f_out)
+ f_out.close()
print("[+] Analysis successfully completed and TXT file report available '%s'" % output_file)
@@ -143,6 +169,7 @@ def generate_report_html(data, verbosity, report, output_file) :
# In this case we are forced to dump the html into the Report folder as it contains css/img/ico
output_file = "%s%s.html" % (OUTPUT_DIR, output_file.split('/')[-1])
+
template.stream(data=data).dump(output_file, encoding='utf-8')
print("[+] Analysis successfully completed and HTML file report available '%s'" % output_file)
@@ -155,6 +182,8 @@ def generate_report(package_name, data, verbosity, report) :
"""
output_file = package_name
+ filter_analysis_results(data,verbosity)
+
if cmp(report, REPORT_TXT) == 0 :
generate_report_txt(data,verbosity, report, output_file)
View
14 androwarn/util/util.py
@@ -101,6 +101,18 @@ def strip_HTML_tags(html):
return s.get_data()
+# Data tab cleaner
+def clean_list(list_to_clean,purge_list) :
+ """
+ @param list_to_clean : a list to be cleaned up
+ @param purge_list : the list of elements to remove in the list
+
+ @rtype : a cleaned list
+ """
+ if list_to_clean and purge_list :
+ for i in reversed(purge_list) :
+ del list_to_clean[i]
+
# Dump
def flush_simple_string(string, file) :
"""
@@ -128,7 +140,7 @@ def dump_analysis_results(data, file_descriptor) :
flush_simple_string("\t[.] %s" % (name.encode('ascii','ignore').replace('_',' ').title().ljust(40)), file_descriptor)
for element in content :
if isinstance(element,str) :
- flush_simple_string("\t\t- %s" % element.encode('ascii','ignore').replace('_',' ').title(), file_descriptor)
+ flush_simple_string("\t\t- %s" % element.encode('ascii','ignore'), file_descriptor)
flush_simple_string("", file_descriptor)
flush_simple_string("", file_descriptor)
Please sign in to comment.
Something went wrong with that request. Please try again.