This is a script that can be used to find the methods, libs and other stuff which can be responsible for logging and might display output in the logcat. So, it can check which sensitive might get displayed in logcat in SAST and can be reported or check more carefully.
chmod +x find_logs_leak.py
pythone3 find_logs_leak.py path/to/decomplied_code_directory -o findings.csv
I will add following things in later version
- progress bar
- colour output
- more flexible output (json, txt, grep, etc)
- directly cordinate with logcat dynamically
- more options and flexibility (like to show only high, medium, particular keywords, and more)
- least chance of false positive
- html report
Your suggestions are welcomed.