dex

prabhu · prabhu · commit 18f00f8f46c2 · 2024-02-06T22:49:08.000Z
Signed-off-by: Prabhu Subramanian &lt;prabhu@appthreat.com&gt;
diff --git a/blint/android.py b/blint/android.py
@@ -140,7 +140,6 @@ def collect_version_files_metadata(app_file, app_temp_dir):
         rel_path = os.path.relpath(vf, app_temp_dir)
         group = ""
         name = ""
-        version_data = ""
         if "_" in file_name:
             parts = file_name.split("_")
             name = file_name
@@ -286,50 +285,40 @@ def collect_dex_files_metadata(app_file, parent_component, app_temp_dir):
             evidence=ComponentEvidence(
                 identity=Identity(
                     field=FieldModel.purl,
-                    confidence=0.5,
+                    confidence=0.2,
                     methods=[
                         Method(
                             technique=Technique.binary_analysis,
                             value=rel_path,
-                            confidence=0.5,
+                            confidence=0.2,
                         )
                     ],
                 )
             ),
             properties=[
                 Property(name="internal:srcFile", value=rel_path),
                 Property(name="internal:appFile", value=app_file),
-                Property(
-                    name="internal:header",
-                    value=", ".join(dex_metadata.get("header")),
-                ),
                 Property(
                     name="internal:functions",
-                    value=", ".join(dex_metadata.get("methods")),
+                    value=", ".join(
+                        set(
+                            [
+                                f"""{m.name}({','.join([_clean_type(p.underlying_array_type) for p in m.prototype.parameters_type])}):{_clean_type(m.prototype.return_type.underlying_array_type)}"""
+                                for m in dex_metadata.get("methods")
+                            ]
+                        )
+                    ),
                 ),
                 Property(
                     name="internal:classes",
-                    value=", ".join(dex_metadata.get("classes")),
-                ),
-                Property(
-                    name="internal:fields",
-                    value=", ".join(dex_metadata.get("fields")),
-                ),
-                Property(
-                    name="internal:strings",
-                    value=", ".join(dex_metadata.get("strings")),
-                ),
-                Property(
-                    name="internal:types",
-                    value=", ".join(dex_metadata.get("types")),
-                ),
-                Property(
-                    name="internal:prototypes",
-                    value=", ".join(dex_metadata.get("prototypes")),
-                ),
-                Property(
-                    name="internal:map",
-                    value=", ".join(dex_metadata.get("map")),
+                    value=", ".join(
+                        set(
+                            [
+                                _clean_type(c.fullname)
+                                for c in dex_metadata.get("classes")
+                            ]
+                        )
+                    ),
                 ),
             ],
         )
@@ -338,6 +327,10 @@ def collect_dex_files_metadata(app_file, parent_component, app_temp_dir):
     return file_components
 
 
+def _clean_type(t):
+    return str(t).replace("/", ".").removeprefix("L").removesuffix(";")
+
+
 def collect_files_metadata(app_file, parent_component, deep_mode):
     """
     Unzip the app and collect metadata
diff --git a/blint/binary.py b/blint/binary.py
@@ -94,19 +94,19 @@ def parse_relro(parsed_obj):
     now = False
     try:
         parsed_obj.get(lief.ELF.SEGMENT_TYPES.GNU_RELRO)
-    except lief.not_found:
+    except lief.lief_errors.not_found:
         return "no"
     try:
         dynamic_tags = parsed_obj.get(lief.ELF.DYNAMIC_TAGS.FLAGS)
         if dynamic_tags:
             bind_now = lief.ELF.DYNAMIC_FLAGS.BIND_NOW in dynamic_tags
-    except lief.not_found:
+    except lief.lief_errors.not_found:
         pass
     try:
         dynamic_tags = parsed_obj.get(lief.ELF.DYNAMIC_TAGS.FLAGS_1)
         if dynamic_tags:
             now = lief.ELF.DYNAMIC_FLAGS_1.NOW in dynamic_tags
-    except lief.not_found:
+    except lief.lief_errors.not_found:
         pass
     if bind_now or now:
         return "full"
@@ -597,19 +597,19 @@ def parse(exe_file):
                     if parsed_obj.get_symbol(section):
                         metadata["has_canary"] = True
                         break
-                except lief.not_found:
+                except lief.lief_errors.not_found:
                     metadata["has_canary"] = False
             # rpath check
             try:
                 if parsed_obj.get(lief.ELF.DYNAMIC_TAGS.RPATH):
                     metadata["has_rpath"] = True
-            except lief.not_found:
+            except lief.lief_errors.not_found:
                 metadata["has_rpath"] = False
             # runpath check
             try:
                 if parsed_obj.get(lief.ELF.DYNAMIC_TAGS.RUNPATH):
                     metadata["has_runpath"] = True
-            except lief.not_found:
+            except lief.lief_errors.not_found:
                 metadata["has_runpath"] = False
             static_symbols = parsed_obj.static_symbols
             if len(static_symbols):
@@ -762,9 +762,7 @@ def parse(exe_file):
                 metadata["subsystem"] = str(optional_header.subsystem).rsplit(
                     ".", maxsplit=1
                 )[-1]
-                metadata["is_gui"] = (
-                    True if metadata["subsystem"] == "WINDOWS_GUI" else False
-                )
+                metadata["is_gui"] = metadata["subsystem"] == "WINDOWS_GUI"
                 metadata["exe_type"] = (
                     "PE32"
                     if optional_header.magic == PE.PE_TYPE.PE32
@@ -1038,7 +1036,7 @@ def parse(exe_file):
                     metadata["has_main_command"] = True
                 if parsed_obj.thread_command:
                     metadata["has_thread_command"] = True
-            except lief.not_found:
+            except lief.lief_errors.not_found:
                 metadata["has_main"] = False
                 metadata["has_thread_command"] = False
             try:
@@ -1116,12 +1114,12 @@ def parse_dex(dex_file):
         dexfile_obj = DEX.parse(dex_file)
         metadata["version"] = dexfile_obj.version
         metadata["header"] = dexfile_obj.header
-        metadata["classes"] = dexfile_obj.classes
-        metadata["fields"] = dexfile_obj.fields
-        metadata["methods"] = dexfile_obj.methods
-        metadata["strings"] = dexfile_obj.strings
-        metadata["types"] = dexfile_obj.types
-        metadata["prototypes"] = dexfile_obj.prototypes
+        metadata["classes"] = [cls for cls in dexfile_obj.classes]
+        metadata["fields"] = [f for f in dexfile_obj.fields]
+        metadata["methods"] = [m for m in dexfile_obj.methods]
+        metadata["strings"] = list(dexfile_obj.strings)
+        metadata["types"] = [t for t in dexfile_obj.types]
+        metadata["prototypes"] = [p for p in dexfile_obj.prototypes]
         metadata["map"] = dexfile_obj.map
     except Exception as e:
         LOG.exception(e)
