mirror of
https://github.com/f-droid/fdroidserver.git
synced 2025-09-13 22:42:29 +03:00
Find blobs by magic numbers
This commit is contained in:
Daniel Martí
parent
99510de07a
commit
779476e6f4
2 changed files with 33 additions and 34 deletions
|
|
@ -138,6 +138,8 @@ Vagrant (gem install vagrant)
|
||||||
Paramiko (debian package python-paramiko)
|
Paramiko (debian package python-paramiko)
|
||||||
@item
|
@item
|
||||||
Imaging (debian package python-imaging)
|
Imaging (debian package python-imaging)
|
||||||
|
@item
|
||||||
|
Filemagic (pip install filemagic)
|
||||||
@end itemize
|
@end itemize
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,7 @@ import subprocess
|
||||||
import time
|
import time
|
||||||
import operator
|
import operator
|
||||||
import cgi
|
import cgi
|
||||||
|
import magic
|
||||||
|
|
||||||
def getvcs(vcstype, remote, local, sdk_path):
|
def getvcs(vcstype, remote, local, sdk_path):
|
||||||
if vcstype == 'git':
|
if vcstype == 'git':
|
||||||
|
|
@ -1590,46 +1591,42 @@ def scan_source(build_dir, root_dir, thisbuild):
|
||||||
ignore = []
|
ignore = []
|
||||||
|
|
||||||
# Iterate through all files in the source code...
|
# Iterate through all files in the source code...
|
||||||
for r,d,f in os.walk(build_dir):
|
with magic.Magic(flags=magic.MAGIC_MIME_TYPE) as m:
|
||||||
for curfile in f:
|
for r,d,f in os.walk(build_dir):
|
||||||
|
for curfile in f:
|
||||||
|
|
||||||
if '/.hg' in r or '/.git' in r or '/.svn' in r:
|
if '/.hg' in r or '/.git' in r or '/.svn' in r:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
# Path (relative) to the file...
|
# Path (relative) to the file...
|
||||||
fp = os.path.join(r, curfile)
|
fp = os.path.join(r, curfile)
|
||||||
|
|
||||||
# Check if this file has been explicitly excluded from scanning...
|
# Check if this file has been explicitly excluded from scanning...
|
||||||
ignorethis = False
|
ignorethis = False
|
||||||
for i in ignore:
|
for i in ignore:
|
||||||
if fp.startswith(i):
|
if fp.startswith(i):
|
||||||
ignorethis = True
|
ignorethis = True
|
||||||
break
|
break
|
||||||
if ignorethis:
|
if ignorethis:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
for suspect in usual_suspects:
|
for suspect in usual_suspects:
|
||||||
if suspect in curfile.lower():
|
if suspect in curfile.lower():
|
||||||
msg = 'Found probable non-free blob ' + fp
|
problems.append('Found probable non-free blob ' + fp)
|
||||||
problems.append(msg)
|
|
||||||
|
|
||||||
if curfile.endswith('.apk'):
|
mime = m.id_filename(fp)
|
||||||
msg = 'Found apk file, which should not be in the source - ' + fp
|
if mime == 'application/x-sharedlib':
|
||||||
problems.append(msg)
|
problems.append('Found shared library at ' + fp)
|
||||||
|
elif mime == 'application/octet-stream':
|
||||||
|
problems.append('Found binary at ' + fp)
|
||||||
|
elif mime == 'application/vnd.android.package-archive' or fp.endswith('.apk'):
|
||||||
|
problems.append('Found apk at ' + fp)
|
||||||
|
|
||||||
elif curfile.endswith('.elf'):
|
elif curfile.endswith('.java'):
|
||||||
msg = 'Found .elf at ' + fp
|
for line in file(fp):
|
||||||
problems.append(msg)
|
if 'DexClassLoader' in line:
|
||||||
|
problems.append('Found DexClassLoader in ' + fp)
|
||||||
elif curfile.endswith('.so'):
|
break
|
||||||
msg = 'Found .so at ' + fp
|
|
||||||
problems.append(msg)
|
|
||||||
|
|
||||||
elif curfile.endswith('.java'):
|
|
||||||
for line in file(fp):
|
|
||||||
if 'DexClassLoader' in line:
|
|
||||||
msg = 'Found DexClassLoader in ' + fp
|
|
||||||
problems.append(msg)
|
|
||||||
|
|
||||||
# Presence of a jni directory without buildjni=yes might
|
# Presence of a jni directory without buildjni=yes might
|
||||||
# indicate a problem... (if it's not a problem, explicitly use
|
# indicate a problem... (if it's not a problem, explicitly use
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue