dscanner - Drozer based post-build dynamic vulnerability scanner command

* New command `dscanner`, enables one to scan signed APKs with Drozer * Drozer is a dynamic vulnerability scanner for Android * Drozer runs in a emulator or on-device, this new `dscanner` command... * starts a docker image with Drozer and the Android Emulator pre-installed, * loads the signed APK into the emulator * activates Drozer automated tests for the APK * gathers the report output and places it next to the original APK * The Drozer docker image can be: * cached locally for re-use (just don't run --clean*) * retrieved from dockerhub.com for more efficient runtime * or be built from scratch (in the new "./docker" directory) * New "Vulnerability Scanning" documentation section (run gendocs.sh)
2025-09-13 14:32:28 +03:00 · 2016-12-06 13:57:04 +01:00 · 2016-12-06 13:57:04 +01:00 · df27bae6a0
commit df27bae6a0
parent f439266303
13 changed files with 1063 additions and 1 deletions
--- a/fdroidserver/build.py
+++ b/fdroidserver/build.py
@ -1006,6 +1006,8 @@ def parse_commandline():
                        help="Specify that we're running on the build server")
    parser.add_argument("--skip-scan", dest="skipscan", action="store_true", default=False,
                        help="Skip scanning the source code for binaries and other problems")
+    parser.add_argument("--dscanner", action="store_true", default=False,
+                        help="Setup an emulator, install the apk on it and perform a drozer scan")
    parser.add_argument("--no-tarball", dest="notarball", action="store_true", default=False,
                        help="Don't create a source tarball, useful when testing a build")
    parser.add_argument("--no-refresh", dest="refresh", action="store_false", default=True,
@ -1221,6 +1223,42 @@ def main():
        for fa in failed_apps:
            logging.info("Build for app %s failed:\n%s" % (fa, failed_apps[fa]))

+    # perform a drozer scan of all successful builds
+    if options.dscanner and build_succeeded:
+        from .dscanner import DockerDriver
+
+        docker = DockerDriver()
+
+        try:
+            for app in build_succeeded:
+
+                logging.info("Need to sign the app before we can install it.")
+                subprocess.call("fdroid publish {0}".format(app.id), shell=True)
+
+                apk_path = None
+
+                for f in os.listdir(repo_dir):
+                    if f.endswith('.apk') and f.startswith(app.id):
+                        apk_path = os.path.join(repo_dir, f)
+                        break
+
+                if not apk_path:
+                    raise Exception("No signed APK found at path: {0}".format(apk_path))
+
+                if not os.path.isdir(repo_dir):
+                    exit(1)
+
+                logging.info("Performing Drozer scan on {0}.".format(app))
+                docker.perform_drozer_scan(apk_path, app.id, repo_dir)
+        except Exception as e:
+            logging.error(str(e))
+            logging.error("An exception happened. Making sure to clean up")
+        else:
+            logging.info("Scan succeeded.")
+
+        logging.info("Cleaning up after ourselves.")
+        docker.clean()
+
    logging.info("Finished.")
    if len(build_succeeded) > 0:
        logging.info(str(len(build_succeeded)) + ' builds succeeded')