initial fixes before going public

vincentcox · Feb 7, 2018 · 48bade3 · 48bade3
1 parent 5b8ca06
commit 48bade3
Show file tree

Hide file tree

Showing 9 changed files with 97 additions and 44 deletions.
diff --git a/README.md b/README.md
@@ -14,7 +14,7 @@ This tool was created with a big focus on usability and graphical guidance in th
 
 For the impatient ones, grab the download on the [releases page](https://github.com/vincentcox/StaCoAn/releases).
 
-<p style="font-size: 0.6em"> 
+<p style="font-size: 0.6em">
 \*: note that currently only apk files are supported, but ipa files will follow very shortly.
 </p>
 

diff --git a/config/db_search_words.txt b/config/db_search_words.txt
@@ -0,0 +1,18 @@
+password|||10|||triggers unwanted classes like password reset, hence the low score
+privatekey|||80
+private_key|||80
+apikey|||75
+http:|||10
+https:|||7
+database_secret|||80
+database_password|||80
+databasepassword|||80
+databasesecret|||80
+(https|http):\/\/.*api.*|||60||| This regex matches any URL containing 'api'
+(https|http):\/\/.*test.*|||60||| This regex matches any URL containing 'test'
+(https|http):\/\/.*uat.*|||60||| This regex matches any URL containing 'uat'
+^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|||40||| Matching IP adresses
+^[a-f0-9]{32}$|||70||| MD5 hash
+\b([a-f0-9]{40})\b|||70||| SHA1 hash
+^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$|||70||| base64 string
+Authorization: Basic|||95||| Basic authentication
diff --git a/config/src_search_words.txt b/config/src_search_words.txt
@@ -0,0 +1,20 @@
+password|||10|||triggers unwanted classes like password reset, hence the low score
+privatekey|||80
+private_key|||80
+apikey|||75
+http:|||10
+https:|||7
+database_secret|||80
+database_password|||80
+databasepassword|||80
+databasesecret|||80
+(https|http):\/\/.*api.*|||60||| This regex matches any URL containing 'api'
+(https|http):\/\/.*test.*|||60||| This regex matches any URL containing 'test'
+(https|http):\/\/.*uat.*|||60||| This regex matches any URL containing 'uat'
+^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|||40||| Matching IP adresses
+^[a-f0-9]{32}$|||70||| MD5 hash
+\b([a-f0-9]{40})\b|||70||| SHA1 hash
+^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$|||70||| base64 string
+Authorization: Basic|||95||| Basic authentication
+SELECT \* FROM|||40||| Intersting SQL transaction
+INSERT INTO .* VALUES|||40||| Intersting SQL transaction
diff --git a/diva-beta2.apk b/diva-beta2.apk
diff --git a/file.py b/file.py
@@ -49,10 +49,10 @@ def find_matches_in_db_file(self):
 
     def find_matches_in_src_file(self, CODE_OFFSET, QUERY_IMPORTANCE):
         try:
-            with open(self.file_path, "r") as file:
+            with open(self.file_path, "r", encoding="utf8", errors='ignore') as file:
                 lines_in_file = file.read().splitlines()
-        except:
-            Logger.logmodule[0].log("could not open file '%s'" % self.file_path, 1)
+        except IOError as e:
+            Logger.logmodule[0].log("could not open file "+self.file_path+". Error:"+e.strerror, 2)
             return list()
         line_index = 1
         for line in lines_in_file:

diff --git a/html_page.py b/html_page.py
@@ -102,11 +102,11 @@ def navigation(self):
                   <ul id="nav-mobile" class="right hide-on-med-and-down">
 
                             """)
-        if not hasattr(self, "this_is_a_log_html_page"):
-            self.doc.asis("""
-                    <li><a href="start.html">Treeview</a></li>
-                    <li><a href="lootbox.html">Lootbox</a></li>
-            """)
+        self.doc.asis("""
+                <li><a href="start.html">Treeview</a></li>
+                <li><a href="lootbox.html">Lootbox</a></li>
+                <li><a href="log.html">Logs</a></li>
+        """)
 
         self.doc.asis("""        
                     <li><a href="#" data-activates="slide-out" id="button-collapse" class="button"><i class="material-icons">settings</i></a></li>

diff --git a/main.py b/main.py
@@ -101,6 +101,12 @@ def program():
     with open(lootbox_html_report_file, 'w') as f:
         print(lootbox_html_report.gethtml(), file=f)
 
+    # Generate the treeview
+    tree_js_file_path = os.path.join(report_folder, "tree_js_content.js")
+    with open(tree_js_file_path, 'w') as f:
+        print(Report_html.Tree_builder.tree_js_file(Project.projects[project_path]), file=f)
+
+
     # Generate looty.js file, for the zip creation process at the lootbox page
     Report_html.make_loot_report_content()
 

diff --git a/project.py b/project.py
@@ -107,10 +107,12 @@ def app_prepper(self):
                     os.makedirs(jadx_folder)
                 cmd = [ os.path.join(os.getcwd(), "jadx", "bin", "jadx"), '-d', jadx_folder, self.application_file ]
                 jadx_process = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
+                output_jadx = "--------- JADX OUTPUT BELOW --------- \n "
                 for line in jadx_process.stdout:
-                    Logger.logmodule[0].log(str(line), 3)
+                    output_jadx += str(line)
+                Logger.logmodule[0].log(str(output_jadx), 3)
                 jadx_process.wait()
-                Logger.logmodule[0].log(jadx_process.returncode, 3)
+                Logger.logmodule[0].log("jadx return code: "+str(jadx_process.returncode), 3)
             # TO DO: ipa decompiling tool
             elif self.application_file.lower().endswith("ipa"):
                 Logger.logmodule[0].log(".ipa files not implemented yet.", 1)

diff --git a/report_html.py b/report_html.py
@@ -168,7 +168,7 @@ def get_source_code_from_file(self, file_path, project):
                                                 self.text(line)
                                                 self.doc.nl()
                                 except:
-                                    Logger.logmodule[0].log("could not open file" + file_path, 1)
+                                    Logger.logmodule[0].log("could not open file" + file_path, 2)
 
         elif file_path in Project.projects[project.name].src_files:
             file = Project.projects[project.name].src_files[file_path]
@@ -309,7 +309,7 @@ def get_source_code_from_file(self, file_path, project):
                                             self.text(line)
                                             self.doc.nl()
                                 except:
-                                    Logger.logmodule[0].log("could not open file '%s'" % file_path, 1)
+                                    Logger.logmodule[0].log("could not open file '%s'" % file_path, 2)
 
 
 
@@ -537,29 +537,14 @@ def __init__(self, project, file):
             self.project = project
             self.current_file = file
 
-    def tree_view(self, project, FILE):
-        # This class builds the HTML page for the Treeview.
-        with self.tag('div', klass=os.path.basename(project.workfolder) + "_div"):
-            with self.tag('h1', klass=os.path.basename(project.workfolder) + "_title center-align"):
-                self.text("Project: " + os.path.basename(project.name))
-            with self.tag("div", klass="row"):
-                with self.tag("div", id="tree", klass="col s12 m12 l3"):
-                    self.text("")
-                with self.tag("div", id="codeview", klass="col s12 m12 l9"):
-                    if FILE != "":
-                        self.get_source_code_from_file(
-                            FILE,
-                            project)
-                    else:
-                        #this is the startpage of the project
-                        self.html_wordlist(project)
-            self.doc.asis("""
-                  <script>
+        def tree_js_file(project):
+            tree_js_file_content=""
+            tree_js_file_content+="""
                   $("#tree").fancytree({
-                  source: [""")
-            self.doc.asis(json.dumps(project.tree_object, indent=2, sort_keys=True)) # speed improvement of 0.5s per created file
-            #self.doc.asis(json.dumps(Report_html.Tree_builder(project, FILE).return_tree_object(), indent=2, sort_keys=True))
-            self.doc.asis("""
+                  source: ["""
+            tree_js_file_content+=json.dumps(project.tree_object, indent=2, sort_keys=True)  # speed improvement of 0.5s per created file
+            # self.doc.asis(json.dumps(Report_html.Tree_builder(project, FILE).return_tree_object(), indent=2, sort_keys=True))
+            tree_js_file_content+="""
                   ],
                   extensions: ["glyph", "persist"],
                   persist: {
@@ -619,8 +604,8 @@ def tree_view(self, project, FILE):
                     $( document ).ready(function() {
                         var loot_files = JSON.parse(localStorage.getItem("loot_files"));
                     });
-  
-
+    
+    
                     $(document).dblclick(function(event) {
                     try {
                           var node = $.ui.fancytree.getNode(event),
@@ -634,7 +619,7 @@ def tree_view(self, project, FILE):
                           }
                     }
                     catch(err) {
-                            
+    
                     }
                 });
                 $("#lootbox").on("click", ".close", function(){ 
@@ -646,19 +631,41 @@ def tree_view(self, project, FILE):
                     console.log(i);
                     if (current_file === String(entry)) 
                     {
-                        console.log("kak");
                         if (String(i) === String(0)){
                         loot_files = loot_files.splice(i, 1);
                         i = i -1;
                         }else{
-
+    
                         }
                         localStorage.setItem("loot_files", JSON.stringify(loot_files));
                     }
-                    //shit is here
                     i += 1;  
                 });
-                 
+    
                 ;});
-                </script>
-                """)
+                
+                """
+            return tree_js_file_content
+
+
+
+
+    def tree_view(self, project, FILE):
+        # This class builds the HTML page for the Treeview.
+        with self.tag('div', klass=os.path.basename(project.workfolder) + "_div"):
+            with self.tag('h1', klass=os.path.basename(project.workfolder) + "_title center-align"):
+                self.text("Project: " + os.path.basename(project.name))
+            with self.tag("div", klass="row"):
+                with self.tag("div", id="tree", klass="col s12 m12 l3"):
+                    self.text("")
+                with self.tag("div", id="codeview", klass="col s12 m12 l9"):
+                    if FILE != "":
+                        self.get_source_code_from_file(
+                            FILE,
+                            project)
+                    else:
+                        #this is the startpage of the project
+                        self.html_wordlist(project)
+            self.doc.asis("""
+            <script src="tree_js_content.js"></script>
+            """)