diff --git a/Analyze.py b/Analyze.py index 2e6b000..be510d9 100644 --- a/Analyze.py +++ b/Analyze.py @@ -5,10 +5,12 @@ import fnmatch import os +from Permissions import Permissions + class Analyze: """Analyze object that scrapes project source looking for permissions matches.""" - def __init__(self, project_root, package_name, permissions): + def __init__(self, project_root, package_name, permissions, ignore): """Init method of Analyze.""" self.project_root = project_root self.package_name = package_name @@ -16,14 +18,32 @@ def __init__(self, project_root, package_name, permissions): self.report_file_name = "reports/source_report_" + self.package_name + ".txt" self.source_files = [] self.lines = [] + self.ignore = ignore def search_project_root(self): """Looks in the source root for matching files with permissions.""" print("Analyzing from project root....") - search_string = "permission" + source_root = self.project_root + "/app/src/" matches = [] + # Add any ignored group permissions to the set of individual perms + dangerous_permissions = Permissions().dangerous_permissions + if len(self.ignore['groups']) > 0: + for group in self.ignore['groups']: + + # Get the specific list of permission group and permissions + ignored_permissions = dangerous_permissions[group] + for permission in ignored_permissions: + dangerous_permission = "android.permission." + permission + self.ignore['individual'].add(dangerous_permission) + + # Ignore specific permissions + if len(self.ignore['individual']) > 0: + print("Based on config, ignoring the following permissions:") + for permission in self.ignore['individual']: + print("Ignoring: " + permission) + # Search for matching java files for root, dirnames, filenames in os.walk(source_root): for filename in fnmatch.filter(filenames, "*.java"): @@ -32,12 +52,19 @@ def search_project_root(self): current_file = "" with open(file) as java_file: for index, line in enumerate(java_file): - if search_string in line: - if current_file is not java_file.name: - current_file = java_file.name - self.lines.append(('{} {:>4}\n'.format("\nFile: ", current_file))) - self.source_files.append(current_file) - self.lines.append(('{:>4} {}'.format(index, line.rstrip()))) + if "permission" in line: + + # Ignore the line if it has an ignored permission, + # otherwise add the line to the source_lines list + for ignored_permission in self.ignore['individual']: + if ignored_permission in line: + break + else: + if current_file is not java_file.name: + current_file = java_file.name + self.lines.append(('{} {:>4}\n'.format("\nFile: ", current_file))) + self.source_files.append(current_file) + self.lines.append(('{:>4} {}'.format(index, line.rstrip()))) print("Analyzing finished!") # Print the source report diff --git a/MPerm.py b/MPerm.py index e2e14f8..a51a802 100644 --- a/MPerm.py +++ b/MPerm.py @@ -110,7 +110,7 @@ def main(): print("Looking in root for a config.txt...") ignore = { 'groups': set(), - 'permissions': set() + 'individual': set() } try: with open("./config.txt") as config: @@ -125,7 +125,7 @@ def main(): elif line != '\n': # specific permissions sanitized = line.rstrip() - ignore['permissions'].add(sanitized) + ignore['individual'].add(sanitized) print("Config found. Analysis will ignore the stated permissions.") except FileNotFoundError: @@ -146,7 +146,7 @@ def main(): third_party_permissions = get_third_party_permissions(manifest_tree) # Scrape the source - analyzer = Analyze(source_path, package_name, permissions) + analyzer = Analyze(source_path, package_name, permissions, ignore) source_report = analyzer.search_project_root() # Analyze and print results