OWASPAnalysis class¶
-
class
glorifiedgrep.android.OWASPAnalysis(source_path)¶ This class can be used to perform code analysis checks against an already decompiled APK
-
__init__(source_path)¶ The __init__ method for the CertInfo class
Parameters: cert_path (str) – Path to the CERT.RSA file >>> o = OWASPAnalysis('/path/to/some/dir') >>> c.owasp_insecure_random()
-
all_owasp_analysis()¶ Property runs all available checks in _OwaspMasvs
Returns: Dictionary of all other analysis Return type: dict >>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.all_owasp_analysis()
-
owasp_cloud_backup(show_code=False) → GreppedOut¶ Locate usage of BackupAgent and its variations in the decompiled code | Reference | Reference | Reference Android SDK
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_cloud_backup()
-
owasp_code_check_permission(show_code=False) → GreppedOut¶ Locate common exceptions thrown by RuntimeException from decompiled code. | Reference | Reference | Reference Android SDK
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_code_check_permission()
-
owasp_crypto_imports(show_code=False) → GreppedOut¶ Locate uses of the Java cryptographic imports in decompiled code | Reference | Reference | Reference CWE
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_crypto_imports()
-
owasp_crypto_primitives(show_code=False) → GreppedOut¶ Locate uses of the cryptographic primitives of the most frequently used classes and interfaces in decompiled code | Reference | Reference | Reference CWE
Parameters: - show_code (bool, optional) –
- show_code – See the full line of code, defaults to False
Returns: name, line number and match
Return type: dict
Returns: GreppedOut object
Return type: Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_crypto_primitives()
-
owasp_debug_code(show_code=False) → GreppedOut¶ Locate StrictMode code in the decompiled code. This will indicate if dev checks are left behind in the app. | Reference | Reference | Reference Android SDK
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_debug_code()
-
owasp_encrypted_sql_db(show_code=False) → GreppedOut¶ Locate usage of getWritableDatabase if a paramter is passed to this method. This could indicate hardcoded passwords. | Reference | Reference | Reference Android SDK | Reference CWE
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_external_storage()
-
owasp_external_cache_dir(show_code=False) → GreppedOut¶ Locate usage of getExternalCacheDir method usage. If the app is using the external cache dir. | Reference | Reference | Reference Android SDK | Reference CWE
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_external_cache_dir()
-
owasp_external_storage(show_code=False) → GreppedOut¶ Locate usage of getExternal method usage. This indicates sections of code where the external storage of the Android device is being interacted with. | Reference | Reference | Reference Android SDK | Reference CWE
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_external_storage()
-
owasp_get_secret_keys(show_code=False) → GreppedOut¶ Locate usage of getSecretKey and getPrivateKey methods. | Reference | Reference | Reference Android SDK | Reference Android SDK | Reference CWE
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_get_secret_keys()
-
owasp_hardcoded_keys(show_code=False) → GreppedOut¶ Locate hardcoded encryption keys and bytes used by SecretKeySpec. The decompiled code should be inspected to find hardcoded keys. | Reference | Reference | Reference CWE
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_hardcoded_keys()
-
owasp_insecure_fingerprint_auth(show_code=False) → GreppedOut¶ Locate insecure .authenticate public method where the first parameter is null. This results in purely event driven authentication and is not secure. | Reference | Reference | Reference CWE
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_insecure_fingerprint_auth()
-
owasp_insecure_random(show_code=False) → GreppedOut¶ Locate uses of the weak Ranom Java class. SecureRandom should be used instead | Reference | Reference | Reference Android SDK
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_insecure_random()
-
owasp_intent_parameter(show_code=False) → GreppedOut¶ Locate common exceptions thrown by RuntimeException from decompiled code. | Reference | Reference | Reference Android SDK
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_intent_parameter()
-
owasp_keychain_password(show_code=False) → GreppedOut¶ Locate usage of store(OutputStream… to check for hardcoded passwords for keychains. | Reference | Reference | Reference Android SDK | Reference CWE
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_keychain_password()
-
owasp_keystore_cert_pinning(show_code=False) → GreppedOut¶ Locate keystore ssl pinning in decompiled code. | Reference | Reference | Reference Android SDK
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_keystore_cert_pinning()
-
owasp_properly_signed(show_code=False) → GreppedOut¶ Returns the command that can be used to check if an app is properly signed. | Reference | Reference | Reference Android SDK
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_properly_signed()
-
owasp_runtime_exception_handling(show_code=False) → GreppedOut¶ Locate common exceptions thrown by RuntimeException from decompiled code. | Reference | Reference | Reference Android SDK
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_runtime_exception_handling()
-
owasp_ssl_no_hostname_verification(show_code=False) → GreppedOut¶ Locate usage of onReceivedSslError which amy indicate cases where SSL errors are being ingored by the application. | Reference | Reference | Reference Android SDK
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_ssl_no_hostname_verification()
-
owasp_webview_cert_pinning(show_code=False) → GreppedOut¶ Locate SSL cert pinning in webviews. | Reference | Reference | Reference Android SDK
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_webview_cert_pinning()
-
owasp_webview_loadurl(show_code=False) → GreppedOut¶ Locate where webviews are loading content from. | Reference | Reference | Reference Android SDK
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_webview_loadurl()
-
owasp_webview_native_function(show_code=False) → GreppedOut¶ Identify addJavascriptInterface which will allow JS to access native Java functions. | Reference | Reference | Reference Android SDK
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_webview_native_function()
-
owasp_webview_ssl_ignore(show_code=False) → GreppedOut¶ Locate usage of onReceivedSslError which amy indicate cases where SSL errors are being ingored by the application. | Reference | Reference | Reference Android SDK
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_webview_ssl_ignore()
-
owasp_world_read_write_files(show_code=False) → GreppedOut¶ Locate if shared preferences are world readable or world writeable | Reference | Reference | Reference CWE
Parameters: show_code (bool, optional) – Show the full matched line, by default False Returns: GreppedOut object Return type: GreppedOut Examples
>>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid('/path/to/apk') >>> a.owasp_world_read_write_files()
-
