mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-09-15 07:22:29 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Rework code

Browse source
This commit is contained in:
Jochen Sprickerhof 2022-04-28 15:40:45 +02:00 committed by Hans-Christoph Steiner
parent 7ec3905734
commit 91320fa10e
1 changed files with 15 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

37
fdroidserver/scanner.py
View file

@ -108,32 +108,27 @@ def get_embedded_classes(apkfile, depth=0):
:return: set of Java classes names as string :return: set of Java classes names as string
""" """
apk_regex = re.compile(r'.*\.apk')
class_regex = re.compile(r'classes.*\.dex')
with TemporaryDirectory() as tmp_dir:
apk_classes = set()
with zipfile.ZipFile(apkfile, 'r') as apk_zip:
# apk files can contain apk files, again
if depth > 10: # zipbomb protection if depth > 10: # zipbomb protection
logging.error(_('max recursion depth in zip file reached: %s') % apk_zip) logging.error(_('max recursion depth in zip file reached: %s') % apk_zip)
else: return set()
for apk in [name for name in apk_zip.namelist() if apk_regex.search(name)]:
with apk_zip.open(apk) as apk_fp:
apk_classes = apk_classes.union(get_embedded_classes(apk_fp, depth + 1))
dexes = [name for name in apk_zip.namelist() if class_regex.search(name)] apk_regex = re.compile(r'.*\.apk')
for name in dexes: class_regex = re.compile(r'classes.*\.dex')
apk_zip.extract(name, tmp_dir) classes = set()
if not dexes:
return apk_classes
tmp_dexes = ['{}/{}'.format(tmp_dir, dex) for dex in dexes] with TemporaryDirectory() as tmp_dir, zipfile.ZipFile(apkfile, 'r') as apk_zip:
run = common.SdkToolsPopen(["dexdump"] + tmp_dexes) for info in apk_zip.infolist():
classes = set(re.findall(r'[A-Z]+((?:\w+\/)+\w+)', run.output)) # apk files can contain apk files, again
if apk_regex.search(info.filename):
with apk_zip.open(info) as apk_fp:
classes = classes.union(get_embedded_classes(apk_fp, depth + 1))
return classes.union(apk_classes) elif class_regex.search(info.filename):
apk_zip.extract(info, tmp_dir)
run = common.SdkToolsPopen(["dexdump", '{}/{}'.format(tmp_dir, info.filename)])
classes = classes.union(set(re.findall(r'[A-Z]+((?:\w+\/)+\w+)', run.output)))
return classes
def scan_binary(apkfile): def scan_binary(apkfile):