Parse dex

Signed-off-by: Prabhu Subramanian <[email protected]>

Author: prabhu

blint/android.py

@@ -4,7 +4,7 @@
 import sys
 import tempfile
 
-from blint.binary import parse
+from blint.binary import parse, parse_dex
 from blint.cyclonedx.spec import (
     Component,
     ComponentEvidence,
@@ -64,7 +64,7 @@ def exec_tool(args, cwd=None, stdout=subprocess.PIPE):
         return None
 
 
-def collect_app_metadata(app_file):
+def collect_app_metadata(app_file, deep_mode):
     """
     Collect various metadata about an android app
     """
@@ -81,7 +81,7 @@ def collect_app_metadata(app_file):
             parent_component.properties.append(
                 Property(name="internal.appPermissions", value=permissions)
             )
-    components = collect_files_metadata(app_file)
+    components = collect_files_metadata(app_file, parent_component, deep_mode)
     return parent_component, components
 
 
@@ -257,7 +257,88 @@ def collect_so_files_metadata(app_file, app_temp_dir):
     return file_components
 
 
-def collect_files_metadata(app_file):
+def collect_dex_files_metadata(app_file, parent_component, app_temp_dir):
+    file_components = []
+    # Parse all .dex files
+    dex_files = find_files(app_temp_dir, [".dex"])
+    for adex in dex_files:
+        dex_metadata = parse_dex(adex)
+        name = os.path.basename(adex).removesuffix(".dex")
+        rel_path = os.path.relpath(adex, app_temp_dir)
+        group = (
+            parent_component.group
+            if parent_component and parent_component.group
+            else ""
+        )
+        version = (
+            parent_component.version
+            if parent_component and parent_component.version
+            else "latest"
+        )
+        purl = f"pkg:generic/{name}@{version}"
+        component = Component(
+            type=Type.file,
+            group=group,
+            name=name,
+            version=version,
+            purl=purl,
+            scope=Scope.required,
+            evidence=ComponentEvidence(
+                identity=Identity(
+                    field=FieldModel.purl,
+                    confidence=0.5,
+                    methods=[
+                        Method(
+                            technique=Technique.binary_analysis,
+                            value=rel_path,
+                            confidence=0.5,
+                        )
+                    ],
+                )
+            ),
+            properties=[
+                Property(name="internal:srcFile", value=rel_path),
+                Property(name="internal:appFile", value=app_file),
+                Property(
+                    name="internal:header",
+                    value=", ".join(dex_metadata.get("header")),
+                ),
+                Property(
+                    name="internal:functions",
+                    value=", ".join(dex_metadata.get("methods")),
+                ),
+                Property(
+                    name="internal:classes",
+                    value=", ".join(dex_metadata.get("classes")),
+                ),
+                Property(
+                    name="internal:fields",
+                    value=", ".join(dex_metadata.get("fields")),
+                ),
+                Property(
+                    name="internal:strings",
+                    value=", ".join(dex_metadata.get("strings")),
+                ),
+                Property(
+                    name="internal:types",
+                    value=", ".join(dex_metadata.get("types")),
+                ),
+                Property(
+                    name="internal:prototypes",
+                    value=", ".join(dex_metadata.get("prototypes")),
+                ),
+                Property(
+                    name="internal:map",
+                    value=", ".join(dex_metadata.get("map")),
+                ),
+            ],
+        )
+        component.bom_ref = RefType(purl)
+        file_components.append(component)
+    return file_components
+
+
+def collect_files_metadata(app_file, parent_component, deep_mode):
     """
     Unzip the app and collect metadata
     """
@@ -266,6 +347,10 @@ def collect_files_metadata(app_file):
     unzip_unsafe(app_file, app_temp_dir)
     file_components += collect_version_files_metadata(app_file, app_temp_dir)
     file_components += collect_so_files_metadata(app_file, app_temp_dir)
+    if deep_mode:
+        file_components += collect_dex_files_metadata(
+            app_file, parent_component, app_temp_dir
+        )
     shutil.rmtree(app_temp_dir, ignore_errors=True)
     return file_components
 

blint/binary.py

@@ -1,7 +1,7 @@
 import sys
 
 import lief
-from lief import ELF, PE, MachO
+from lief import DEX, ELF, PE, MachO
 
 from blint.logger import LOG
 from blint.utils import calculate_entropy, check_secret, decode_base64
@@ -1107,3 +1107,22 @@ def parse(exe_file):
     except Exception as e:
         LOG.exception(e)
     return metadata
+
+
+def parse_dex(dex_file):
+    """Parse dex files"""
+    metadata = {"file_path": dex_file}
+    try:
+        dexfile_obj = DEX.parse(dex_file)
+        metadata["version"] = dexfile_obj.version
+        metadata["header"] = dexfile_obj.header
+        metadata["classes"] = dexfile_obj.classes
+        metadata["fields"] = dexfile_obj.fields
+        metadata["methods"] = dexfile_obj.methods
+        metadata["strings"] = dexfile_obj.strings
+        metadata["types"] = dexfile_obj.types
+        metadata["prototypes"] = dexfile_obj.prototypes
+        metadata["map"] = dexfile_obj.map
+    except Exception as e:
+        LOG.exception(e)
+    return metadata

blint/cli.py

@@ -132,7 +132,7 @@ def main():
             sbom_output = args.sbom_output
         else:
             sbom_output = os.path.join(os.getcwd(), "bom.json")
-        generate(src_dirs, sbom_output)
+        generate(src_dirs, sbom_output, args.deep_mode)
     # Default case
     else:
         # Create reports directory

blint/sbom.py

@@ -53,7 +53,7 @@ def default_metadata(src_dirs):
     return metadata
 
 
-def generate(src_dirs, output_file):
+def generate(src_dirs, output_file, deep_mode):
     android_files = []
     components = []
     dependencies = []
@@ -84,7 +84,9 @@ def generate(src_dirs, output_file):
         for f in android_files:
             dependencies_dict = {}
             progress.update(task, description=f"Processing [bold]{f}[/bold]")
-            parent_component, app_components = collect_app_metadata(f)
+            parent_component, app_components = collect_app_metadata(
+                f, deep_mode
+            )
             if parent_component:
                 if not sbom.metadata.component.components:
                     sbom.metadata.component.components = []