added build stuff for pupi and versioning

README.md

@@ -35,12 +35,15 @@ To scan an application:
 truegaze scan test.apk
 truegaze scan test.ipa
 ```
+To view the installed version:
+```
+truegaze version
+```
 
 ## Sample output
 Listing modules:
 ```
-user@localhost:~/$ truegaze.py list
-
+user@localhost:~/$ truegaze list
 Total active plugins: 1
 +----------------+------------------------------------------+---------+------+
 |      Name      |               Description                | Android | iOS  |
@@ -52,8 +55,7 @@ Total active plugins: 1
 
 Scanning an application:
 ```
-user@localhost:~/$ truegaze.py scan ~/test.ipa
- 
+user@localhost:~/$ truegaze scan ~/test.ipa
 Identified as an iOS application via a manifest located at: Payload/IPAPatch-DummyApp.app/Info.plist
 Scanning using the "AdobeMobileSdk" plugin
 -- Found 1 configuration file(s)
@@ -66,6 +68,12 @@ Scanning using the "AdobeMobileSdk" plugin
 Done!
 ```
 
+Display installed version:
+```
+user@localhost:~/$ truegaze version
+Current version: v0.2
+```
+
 ## Structure
 The application is command line and will consist of several modules that check for various
 vulnerabilities. Each module does its own scanning, and all results get printed to command line.

scripts/release_package.sh

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2019 Nightwatch Cybersecurity.
+#
+# This file is part of truegaze
+# (see https://github.com/nightwatchcybersecurity/truegaze).
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+#
+# This script builds and uploads a new release to PYPI. Make sure that the version gets updated in utils.py,
+# and a release is done on GitHub at the same time.
+#
+# Package can be viewed online at:
+# Sandbox: https://test.pypi.org/project/truegaze/
+# Prod: https://pypi.org/project/truegaze/
+
+# Installs requirements
+echo Installing required tools...
+pip3 install -q setuptools twine setupext-janitor
+
+# Ask the user if production PYPI should be used, otherwise it will be the sandbox
+read -p "Upload to production (y/n)?" choice
+case "$choice" in
+  y|Y ) PYPI_URL="https://upload.pypi.org/legacy/";;
+  n|N ) PYPI_URL="https://test.pypi.org/legacy/";;
+  *) exit;;
+esac
+
+# Build
+echo
+echo Building...
+python3 setup.py sdist bdist_wheel
+
+# Upload to PYPI
+echo
+echo Uploading to the following URL: $PYPI_URL
+twine upload --repository-url $PYPI_URL dist/*
+
+# Clean
+echo
+echo Cleaning...
+python3 setup.py clean --dist --eggs

setup.py

@@ -1,19 +1,20 @@
 from setuptools import find_packages, setup
+from truegaze.utils import TruegazeUtils
 
 with open("README.md", "r") as fh:
     long_description = fh.read()
 
 setup(
     name='truegaze',
-    version='0.1',
+    version=TruegazeUtils.get_version(),
     description='Static analysis tool for Android/iOS apps focusing on security issues outside the source code.',
     long_description=long_description,
     long_description_content_type="text/markdown",
     url='https://github.com/nightwatchcybersecurity/truegaze',
     author='Nightwatch Cybersecurity',
     author_email='research@nightwatchcybersecurity.com',
     license='GNU',
-    packages=find_packages(),
+    packages=find_packages(exclude=["scripts.*", "scripts", "tests.*", "tests"]),
     include_package_data=True,
     install_requires=[
         'beautifultable',

tests/plugins/test_package.py

@@ -0,0 +1,33 @@
+#
+# Copyright (c) 2019 Nightwatch Cybersecurity.
+#
+# This file is part of truegaze
+# (see https://github.com/nightwatchcybersecurity/truegaze).
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+from truegaze.plugins import ACTIVE_PLUGINS
+from truegaze.plugins.base import BasePlugin
+from truegaze.plugins.adobe_mobile_sdk import AdobeMobileSdkPlugin
+
+# Tests for the package itself
+class TestPluginsPackage(object):
+    def test_active_plugins(self):
+        assert len(ACTIVE_PLUGINS) == 1
+        assert BasePlugin not in ACTIVE_PLUGINS
+        assert AdobeMobileSdkPlugin in ACTIVE_PLUGINS

truegaze/cli.py

@@ -32,8 +32,11 @@
 @click.group()
 def cli():
     """
-    A static analysis tool for Android and iOS applications focusing on security issues outside the source code
-    such as resource strings, third party libraries and configuration files
+    truegaze - A static analysis tool for Android and iOS applications focusing on security issues
+    outside the source code such as resource strings, third party libraries and configuration files.
+
+    Copyright (c) 2019 Nightwatch Cybersecurity.
+    Source code: https://github.com/nightwatchcybersecurity/truegaze
     """
 
 
@@ -91,6 +94,11 @@ def scan(filename):
 
     click.echo("Done!")
 
+@cli.command('version')
+def version():
+    """Displays current version"""
+    click.echo("Current version: v" + TruegazeUtils.get_version())
+
 
 if __name__ == '__main__':
     cli()

truegaze/plugins/__init__.py

@@ -0,0 +1,7 @@
+from truegaze.plugins.adobe_mobile_sdk import  AdobeMobileSdkPlugin
+
+# List of active plugins - when developing a new plugin, it should be added here.
+# BasePlugin should never be added to this list.
+ACTIVE_PLUGINS = [
+    AdobeMobileSdkPlugin
+]

truegaze/plugins/adobe_mobile_sdk.py

@@ -58,7 +58,7 @@ def scan(self):
 
         # Search all paths for the config file
         paths = AdobeMobileSdkPlugin.get_paths(self.zip_file)
-        if not paths == 0:
+        if len(paths) == 0:
             click.echo('-- Cannot find the "ADBMobileConfig.json" file, skipping')
             return
 

truegaze/utils.py

@@ -33,6 +33,11 @@
 
 
 class TruegazeUtils(object):
+    # Gets the current version
+    @staticmethod
+    def get_version():
+        return "0.2"
+
     # Tries to open the application file as a ZIP file
     @staticmethod
     def open_file_as_zip(filename):