2 # -*- coding: utf-8 -*-
4 # scanner.py - part of the FDroid server tools
5 # Copyright (C) 2010-13, Ciaran Gultnieks, ciaran@ciarang.com
7 # This program is free software: you can redistribute it and/or modify
8 # it under the terms of the GNU Affero General Public License as published by
9 # the Free Software Foundation, either version 3 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU Affero General Public License for more details.
17 # You should have received a copy of the GNU Affero General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 from argparse import ArgumentParser
28 from common import BuildException, VCSException
34 # Scan the source code in the given directory (and all subdirectories)
35 # and return the number of fatal problems encountered
36 def scan_source(build_dir, root_dir, thisbuild):
40 # Common known non-free blobs (always lower case):
42 re.compile(r'.*flurryagent', re.IGNORECASE),
43 re.compile(r'.*paypal.*mpl', re.IGNORECASE),
44 re.compile(r'.*google.*analytics', re.IGNORECASE),
45 re.compile(r'.*admob.*sdk.*android', re.IGNORECASE),
46 re.compile(r'.*google.*ad.*view', re.IGNORECASE),
47 re.compile(r'.*google.*admob', re.IGNORECASE),
48 re.compile(r'.*google.*play.*services', re.IGNORECASE),
49 re.compile(r'.*crittercism', re.IGNORECASE),
50 re.compile(r'.*heyzap', re.IGNORECASE),
51 re.compile(r'.*jpct.*ae', re.IGNORECASE),
52 re.compile(r'.*youtube.*android.*player.*api', re.IGNORECASE),
53 re.compile(r'.*bugsense', re.IGNORECASE),
54 re.compile(r'.*crashlytics', re.IGNORECASE),
55 re.compile(r'.*ouya.*sdk', re.IGNORECASE),
56 re.compile(r'.*libspen23', re.IGNORECASE),
59 scanignore = common.getpaths(build_dir, thisbuild, 'scanignore')
60 scandelete = common.getpaths(build_dir, thisbuild, 'scandelete')
62 scanignore_worked = set()
63 scandelete_worked = set()
68 scanignore_worked.add(p)
75 scandelete_worked.add(p)
79 def ignoreproblem(what, fd, fp):
80 logging.info('Ignoring %s at %s' % (what, fd))
83 def removeproblem(what, fd, fp):
84 logging.info('Removing %s at %s' % (what, fd))
88 def warnproblem(what, fd):
89 logging.warn('Found %s at %s' % (what, fd))
91 def handleproblem(what, fd, fp):
93 return ignoreproblem(what, fd, fp)
95 return removeproblem(what, fd, fp)
96 logging.error('Found %s at %s' % (what, fd))
99 def is_executable(path):
100 return os.path.exists(path) and os.access(path, os.X_OK)
102 textchars = bytearray({7, 8, 9, 10, 12, 13, 27} | set(range(0x20, 0x100)) - {0x7f})
106 with open(path, 'rb') as f:
108 return bool(d.translate(None, textchars))
110 # Iterate through all files in the source code
111 for r, d, f in os.walk(build_dir, topdown=True):
113 # It's topdown, so checking the basename is enough
114 for ignoredir in ('.hg', '.git', '.svn', '.bzr'):
120 # Path (relative) to the file
121 fp = os.path.join(r, curfile)
122 fd = fp[len(build_dir) + 1:]
124 ext = common.get_extension(fd)
127 count += handleproblem('shared library', fd, fp)
129 count += handleproblem('static library', fd, fp)
131 count += handleproblem('Java compiled class', fd, fp)
133 removeproblem('APK file', fd, fp)
136 if any(suspect.match(curfile) for suspect in usual_suspects):
137 count += handleproblem('usual supect', fd, fp)
139 warnproblem('JAR file', fd)
142 if not os.path.isfile(fp):
144 for line in file(fp):
145 if 'DexClassLoader' in line:
146 count += handleproblem('DexClassLoader', fd, fp)
149 elif ext == 'gradle':
150 if not os.path.isfile(fp):
152 for i, line in enumerate(file(fp)):
154 if any(suspect.match(line) for suspect in usual_suspects):
155 count += handleproblem('usual suspect at line %d' % i, fd, fp)
159 if is_executable(fp):
160 count += handleproblem('executable binary', fd, fp)
162 count += handleproblem('unknown binary', fd, fp)
165 if p not in scanignore_worked:
166 logging.error('Unused scanignore path: %s' % p)
170 if p not in scandelete_worked:
171 logging.error('Unused scandelete path: %s' % p)
174 # Presence of a jni directory without buildjni=yes might
175 # indicate a problem (if it's not a problem, explicitly use
176 # buildjni=no to bypass this check)
177 if (os.path.exists(os.path.join(root_dir, 'jni')) and
178 not thisbuild['buildjni']):
179 logging.error('Found jni directory, but buildjni is not enabled. Set it to \'no\' to ignore.')
187 global config, options
189 # Parse command line...
190 parser = ArgumentParser(usage="%(prog)s [options] [APPID[:VERCODE] [APPID[:VERCODE] ...]]")
191 common.setup_global_opts(parser)
192 parser.add_argument("appid", nargs='*', help="app-id with optional versioncode in the form APPID[:VERCODE]")
193 options = parser.parse_args()
195 config = common.read_config(options)
197 # Read all app and srclib metadata
198 allapps = metadata.read_metadata()
199 apps = common.read_app_args(options.appid, allapps, True)
204 if not os.path.isdir(build_dir):
205 logging.info("Creating build directory")
206 os.makedirs(build_dir)
207 srclib_dir = os.path.join(build_dir, 'srclib')
208 extlib_dir = os.path.join(build_dir, 'extlib')
210 for appid, app in apps.iteritems():
213 logging.info("Skipping %s: disabled" % appid)
215 if not app['builds']:
216 logging.info("Skipping %s: no builds specified" % appid)
219 logging.info("Processing " + appid)
223 if app['Repo Type'] == 'srclib':
224 build_dir = os.path.join('build', 'srclib', app['Repo'])
226 build_dir = os.path.join('build', appid)
228 # Set up vcs interface and make sure we have the latest code...
229 vcs = common.getvcs(app['Repo Type'], app['Repo'], build_dir)
231 for thisbuild in app['builds']:
233 if thisbuild['disable']:
234 logging.info("...skipping version %s - %s" % (
235 thisbuild['version'], thisbuild.get('disable', thisbuild['commit'][1:])))
237 logging.info("...scanning version " + thisbuild['version'])
239 # Prepare the source code...
240 root_dir, _ = common.prepare_source(vcs, app, thisbuild,
241 build_dir, srclib_dir,
245 count = scan_source(build_dir, root_dir, thisbuild)
247 logging.warn('Scanner found %d problems in %s (%s)' % (
248 count, appid, thisbuild['vercode']))
251 except BuildException as be:
252 logging.warn("Could not scan app %s due to BuildException: %s" % (
255 except VCSException as vcse:
256 logging.warn("VCS error while scanning app %s: %s" % (appid, vcse))
259 logging.warn("Could not scan app %s due to unknown error: %s" % (
260 appid, traceback.format_exc()))
263 logging.info("Finished:")
264 print "%d problems found" % probcount
266 if __name__ == "__main__":