Skip to content

Commit

Permalink
[HOTFIX] ChatGPT Permission Mapping + Improved Description (#2308)
Browse files Browse the repository at this point in the history 
* Android Permission Mapping, generated with ChatGPT + axplorer. Addressed #1772 
* Android Permission description enhancement generated with ChatGPT
* Added new permissions to permission analyzer
  • Loading branch information
@ajinabraham
ajinabraham authored Dec 18, 2023
1 parent c6f0371 commit 1f8c609
Show file tree
Hide file tree
Showing 11 changed files with 5,803 additions and 270 deletions.
1 change: 1 addition & 0 deletions mobsf/StaticAnalyzer/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ class StaticAnalyzerAndroid(models.Model):
ANDROID_API = models.TextField(default={})
CODE_ANALYSIS = models.TextField(default={})
NIAP_ANALYSIS = models.TextField(default={})
PERMISSION_MAPPING = models.TextField(default={})
URLS = models.TextField(default=[])
DOMAINS = models.TextField(default={})
EMAILS = models.TextField(default=[])
Expand Down
59 changes: 54 additions & 5 deletions mobsf/StaticAnalyzer/views/android/code_analysis.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,13 @@
"""Module holding the functions for code analysis."""

import logging
import tempfile
from pathlib import Path

from django.conf import settings

import yaml

from mobsf.MobSF.utils import (
filename_from_path,
get_android_src_dir,
Expand All @@ -21,15 +24,48 @@
logger = logging.getLogger(__name__)


def code_analysis(app_dir, typ, manifest_file):
def get_perm_rules(perm_rules, android_permissions):
"""Get applicablepermission rules."""
try:
if not android_permissions:
return None
dynamic_rules = []
with perm_rules.open('r') as perm_file:
prules = yaml.load(perm_file, Loader=yaml.FullLoader)
for p in prules:
if p['id'] in android_permissions.keys():
dynamic_rules.append(p)
rules = yaml.dump(dynamic_rules)
if rules:
tmp = tempfile.NamedTemporaryFile(mode='w')
tmp.write(rules)
tmp.flush()
return tmp
except Exception:
logger.error('Getting Permission Rules')
return None


def permission_transform(perm_mappings):
"""Simply permission mappings."""
mappings = {}
for k, v in perm_mappings.items():
mappings[k] = v['files']
return mappings


def code_analysis(app_dir, typ, manifest_file, android_permissions):
"""Perform the code analysis."""
try:
root = Path(settings.BASE_DIR) / 'StaticAnalyzer' / 'views'
code_rules = root / 'android' / 'rules' / 'android_rules.yaml'
api_rules = root / 'android' / 'rules' / 'android_apis.yaml'
niap_rules = root / 'android' / 'rules' / 'android_niap.yaml'
and_rules = root / 'android' / 'rules'
code_rules = and_rules / 'android_rules.yaml'
api_rules = and_rules / 'android_apis.yaml'
perm_rules = and_rules / 'android_permissions.yaml'
niap_rules = and_rules / 'android_niap.yaml'
code_findings = {}
api_findings = {}
perm_mappings = {}
email_n_file = []
url_n_file = []
url_list = []
Expand All @@ -38,19 +74,31 @@ def code_analysis(app_dir, typ, manifest_file):
skp = settings.SKIP_CLASS_PATH
logger.info('Code Analysis Started on - %s',
filename_from_path(src))
# Code and API Analysis
# Code Analysis
code_findings = scan(
code_rules.as_posix(),
{'.java', '.kt'},
[src],
skp)
logger.info('Android SAST Completed')
# API Analysis
logger.info('Android API Analysis Started')
api_findings = scan(
api_rules.as_posix(),
{'.java', '.kt'},
[src],
skp)
# Permission Mapping
rule_file = get_perm_rules(perm_rules, android_permissions)
if rule_file:
logger.info('Android Permission Mapping Started')
perm_mappings = permission_transform(scan(
rule_file.name,
{'.java', '.kt'},
[src],
{}))
logger.info('Android Permission Mapping Completed')
rule_file.close()
# NIAP Scan
niap_findings = niap_scan(
niap_rules.as_posix(),
Expand Down Expand Up @@ -80,6 +128,7 @@ def code_analysis(app_dir, typ, manifest_file):
logger.info('Finished Code Analysis, Email and URL Extraction')
code_an_dic = {
'api': api_findings,
'perm_mappings': perm_mappings,
'findings': code_findings,
'niap': niap_findings,
'urls_list': url_list,
Expand Down
41 changes: 17 additions & 24 deletions mobsf/StaticAnalyzer/views/android/db_interaction.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ def get_context_from_db_entry(db_entry: QuerySet) -> dict:
'android_api': python_dict(db_entry[0].ANDROID_API),
'code_analysis': code,
'niap_analysis': python_dict(db_entry[0].NIAP_ANALYSIS),
'permission_mapping': python_dict(db_entry[0].PERMISSION_MAPPING),
'urls': python_list(db_entry[0].URLS),
'domains': python_dict(db_entry[0].DOMAINS),
'emails': python_list(db_entry[0].EMAILS),
Expand Down Expand Up @@ -136,6 +137,7 @@ def get_context_from_analysis(app_dic,
'android_api': code_an_dic['api'],
'code_analysis': code,
'niap_analysis': code_an_dic['niap'],
'permission_mapping': code_an_dic['perm_mappings'],
'urls': code_an_dic['urls'],
'domains': code_an_dic['domains'],
'emails': code_an_dic['emails'],
Expand Down Expand Up @@ -197,6 +199,7 @@ def save_or_update(update_type,
'ANDROID_API': code_an_dic['api'],
'CODE_ANALYSIS': code_an_dic['findings'],
'NIAP_ANALYSIS': code_an_dic['niap'],
'PERMISSION_MAPPING': code_an_dic['perm_mappings'],
'URLS': code_an_dic['urls'],
'DOMAINS': code_an_dic['domains'],
'EMAILS': code_an_dic['emails'],
Expand Down Expand Up @@ -237,33 +240,23 @@ def save_get_ctx(app, man, m_anal, code, cert, elf, apkid, quark, trk, rscn):
# SAVE TO DB
if rscn:
logger.info('Updating Database...')
save_or_update(
'update',
app,
man,
m_anal,
code,
cert,
elf,
apkid,
quark,
trk,
)
action = 'update'
update_scan_timestamp(app['md5'])
else:
logger.info('Saving to Database')
save_or_update(
'save',
app,
man,
m_anal,
code,
cert,
elf,
apkid,
quark,
trk,
)
action = 'save'
save_or_update(
action,
app,
man,
m_anal,
code,
cert,
elf,
apkid,
quark,
trk,
)
return get_context_from_analysis(
app,
man,
Expand Down
Loading

0 comments on commit 1f8c609

Please sign in to comment.