Merge branch 'frosting' into 'master'

scanner: scan frosting blocks in binary scanner

See merge request fdroid/fdroidserver!1548

fdroidserver/scanner.py

@@ -75,6 +75,20 @@ GRADLE_CATALOG_FILE_REGEX = re.compile(
 )
 VERSION_CATALOG_REGEX = re.compile(r'versionCatalogs\s*\{')
 
+FROSTING_BLOCK_TYPES = {
+    # 0x7109871a: 'SIGNv2',
+    # 0xf05368c0: 'SIGNv3',
+    0x2146444E: 'Google metadata',
+    # 0x42726577: 'Verity padding',
+    # 0x6DFF800D: 'Source stamp V2 X509 cert',
+    # JSON with some metadata, used by Chinese company Meituan
+    0x71777777: 'Meituan metadata',
+    # Dependencies metadata generated by Gradle and encrypted by Google Play.
+    # '...The data is compressed, encrypted by a Google Play signing key...'
+    # https://developer.android.com/studio/releases/gradle-plugin#dependency-metadata
+    0x504B4453: 'Dependency metadata',
+}
+
 
 class ExitCode(IntEnum):
     NONFREE_CODE = 1
@@ -654,6 +668,15 @@ def scan_binary(apkfile):
             if regexp.match(classname):
                 logging.debug("Problem: found class '%s'" % classname)
                 problems += 1
+
+    logging.info(_('Scanning APK for known frosting blocks.'))
+    a = common.get_androguard_APK(str(apkfile))
+    a.parse_v2_v3_signature()
+    for b in a._v2_blocks:
+        if b in FROSTING_BLOCK_TYPES:
+            logging.debug(f"Problem: found frosting block '{FROSTING_BLOCK_TYPES[b]}'")
+            problems += 1
+
     if warnings:
         logging.warning(
             _("Found {count} warnings in {filename}").format(