From 699b3e4c698c370bb69de8308de5299705a813a2 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 14 Feb 2018 22:00:42 +0100 Subject: [PATCH 1/3] update: fix min/target/max edge case parsing with androguard In order to test that aapt defaults minSdkVersion to 3, I ran this script then compared the output with meld: cd $ANDROID_HOME/build-tools for d in *.*; do echo $d; $ANDROID_HOME/build-tools/$d/aapt dump badging /home/hans/code/fdroid/server/tests/repo/com.politedroid_3.apk > /tmp/${d}.txt; done meld /tmp/17.0.0.txt /tmp/26.0.2.txt /tmp/27.0.3.txt --- fdroidserver/update.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/fdroidserver/update.py b/fdroidserver/update.py index 10705a8f..a2f1a04c 100644 --- a/fdroidserver/update.py +++ b/fdroidserver/update.py @@ -1069,7 +1069,9 @@ def scan_apk(apk_file): if 'minSdkVersion' not in apk: logging.warning("No SDK version information found in {0}".format(apk_file)) - apk['minSdkVersion'] = 1 + apk['minSdkVersion'] = 3 # aapt defaults to 3 as the min + if 'targetSdkVersion' not in apk: + apk['targetSdkVersion'] = apk['minSdkVersion'] # Check for known vulnerabilities if has_known_vulnerability(apk_file): @@ -1125,9 +1127,6 @@ def scan_apk_aapt(apk, apkfile): + ' is not a valid minSdkVersion!') else: apk['minSdkVersion'] = m.group(1) - # if target not set, default to min - if 'targetSdkVersion' not in apk: - apk['targetSdkVersion'] = m.group(1) elif line.startswith("targetSdkVersion:"): m = re.match(APK_SDK_VERSION_PAT, line) if m is None: @@ -1209,8 +1208,10 @@ def scan_apk_androguard(apk, apkfile): if apkobject.get_max_sdk_version() is not None: apk['maxSdkVersion'] = apkobject.get_max_sdk_version() - apk['minSdkVersion'] = apkobject.get_min_sdk_version() - apk['targetSdkVersion'] = apkobject.get_target_sdk_version() + if apkobject.get_min_sdk_version() is not None: + apk['minSdkVersion'] = apkobject.get_min_sdk_version() + if apkobject.get_target_sdk_version() is not None: + apk['targetSdkVersion'] = apkobject.get_target_sdk_version() icon_id = int(apkobject.get_element("application", "icon").replace("@", "0x"), 16) icon_name = arsc.get_id(apk['packageName'], icon_id)[1] From 5281228ea5e1c3d615cf508f19cf1740a8829a57 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 14 Feb 2018 22:03:00 +0100 Subject: [PATCH 2/3] update: switch to new androguard v3.1 API based on lxml apkobject.get_android_manifest_xml() used to return a xml.dom.minidom object, now it returns an lxml.etree.Element object. --- fdroidserver/update.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/fdroidserver/update.py b/fdroidserver/update.py index a2f1a04c..16a7c3ba 100644 --- a/fdroidserver/update.py +++ b/fdroidserver/update.py @@ -1240,28 +1240,28 @@ def scan_apk_androguard(apk, apkfile): xml = apkobject.get_android_manifest_xml() - for item in xml.getElementsByTagName('uses-permission'): - name = str(item.getAttribute("android:name")) - maxSdkVersion = item.getAttribute("android:maxSdkVersion") - maxSdkVersion = None if maxSdkVersion is '' else int(maxSdkVersion) + for item in xml.findall('uses-permission'): + name = str(item.attrib['{' + xml.nsmap['android'] + '}name']) + maxSdkVersion = item.attrib.get('{' + xml.nsmap['android'] + '}maxSdkVersion') + maxSdkVersion = int(maxSdkVersion) if maxSdkVersion else None permission = UsesPermission( name, maxSdkVersion ) apk['uses-permission'].append(permission) - for item in xml.getElementsByTagName('uses-permission-sdk-23'): - name = str(item.getAttribute("android:name")) - maxSdkVersion = item.getAttribute("android:maxSdkVersion") - maxSdkVersion = None if maxSdkVersion is '' else int(maxSdkVersion) + for item in xml.findall('uses-permission-sdk-23'): + name = str(item.attrib['{' + xml.nsmap['android'] + '}name']) + maxSdkVersion = item.attrib.get('{' + xml.nsmap['android'] + '}maxSdkVersion') + maxSdkVersion = int(maxSdkVersion) if maxSdkVersion else None permission_sdk_23 = UsesPermissionSdk23( name, maxSdkVersion ) apk['uses-permission-sdk-23'].append(permission_sdk_23) - for item in xml.getElementsByTagName('uses-feature'): - feature = str(item.getAttribute("android:name")) + for item in xml.findall('uses-feature'): + feature = str(item.attrib['{' + xml.nsmap['android'] + '}name']) if feature != "android.hardware.screen.portrait" \ and feature != "android.hardware.screen.landscape": if feature.startswith("android.feature."): From d1ded7f64d0e3e2b1734dabc3604a0d8ead75b07 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 14 Feb 2018 17:22:25 +0100 Subject: [PATCH 3/3] update: use androguard by default if it is available closes #236 --- fdroidserver/update.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/fdroidserver/update.py b/fdroidserver/update.py index 16a7c3ba..fc945670 100644 --- a/fdroidserver/update.py +++ b/fdroidserver/update.py @@ -1049,10 +1049,12 @@ def scan_apk(apk_file): 'antiFeatures': set(), } - if SdkToolsPopen(['aapt', 'version'], output=False): - scan_apk_aapt(apk, apk_file) - else: + try: + import androguard + androguard # silence pyflakes scan_apk_androguard(apk, apk_file) + except ImportError: + scan_apk_aapt(apk, apk_file) # Get the signature, or rather the signing key fingerprints logging.debug('Getting signature of {0}'.format(os.path.basename(apk_file)))