handle bad SDK Version values in APKs

Even though it is invalid to have *SdkVersion in AndroidManifest.xml set as
anything but an integer, sometimes people manage to get something in there.
`fdroid update` needs to be able to handle all that.

* https://developer.android.com/guide/topics/manifest/uses-sdk-element#min
* https://gitlab.com/souch/SMSbypass/blob/v0.9/app/src/main/AndroidManifest.xml#L29
* https://gitlab.com/souch/SMSbypass/blob/v0.9/app/src/main/res/values/strings.xml#L27

admin#65

diff --git a/fdroidserver/update.py b/fdroidserver/update.py
index 830a2252653dfb5cb7c7743d4d70351327d9f8f7..b108f38a4178e56623a917df67159647eb0f67d8 100644 (file)
--- a/fdroidserver/update.py
+++ b/fdroidserver/update.py
@@ -1181,6 +1181,25 @@ def scan_apk_aapt(apk, apkfile):
     apk['icons_src'] = _get_apk_icons_src(apkfile, icon_name)
 
 
+def _sanitize_sdk_version(value):
+    """Sanitize the raw values from androguard to handle bad values
+
+    minSdkVersion/targetSdkVersion/maxSdkVersion must be integers,
+    but that doesn't stop devs from doing strange things like
+    setting them using Android XML strings.
+
+    https://gitlab.com/souch/SMSbypass/blob/v0.9/app/src/main/AndroidManifest.xml#L29
+    https://gitlab.com/souch/SMSbypass/blob/v0.9/app/src/main/res/values/strings.xml#L27
+    """
+    try:
+        sdk_version = int(value)
+        if sdk_version > 0:
+            return str(sdk_version)  # heinous, but this is still str in the codebase
+    except (TypeError, ValueError):
+        pass
+    return None
+
+
 def scan_apk_androguard(apk, apkfile):
     try:
         from androguard.core.bytecodes.apk import APK
@@ -1221,12 +1240,17 @@ def scan_apk_androguard(apk, apkfile):
             except ValueError:
                 pass
 
-    if apkobject.get_max_sdk_version() is not None:
-        apk['maxSdkVersion'] = apkobject.get_max_sdk_version()
-    if apkobject.get_min_sdk_version() is not None:
-        apk['minSdkVersion'] = apkobject.get_min_sdk_version()
-    if apkobject.get_target_sdk_version() is not None:
-        apk['targetSdkVersion'] = apkobject.get_target_sdk_version()
+    minSdkVersion = _sanitize_sdk_version(apkobject.get_min_sdk_version())
+    if minSdkVersion is not None:
+        apk['minSdkVersion'] = minSdkVersion
+
+    targetSdkVersion = _sanitize_sdk_version(apkobject.get_target_sdk_version())
+    if targetSdkVersion is not None:
+        apk['targetSdkVersion'] = targetSdkVersion
+
+    maxSdkVersion = _sanitize_sdk_version(apkobject.get_max_sdk_version())
+    if maxSdkVersion is not None:
+        apk['maxSdkVersion'] = maxSdkVersion
 
     icon_id_str = apkobject.get_element("application", "icon")
     if icon_id_str:

diff --git a/tests/metadata/souch.smsbypass.txt b/tests/metadata/souch.smsbypass.txt
new file mode 100644 (file)
index 0000000..6b16e05
--- /dev/null
+++ b/tests/metadata/souch.smsbypass.txt
@@ -0,0 +1,52 @@
+Categories:Phone & SMS
+License:GPL-3.0
+Web Site:https://gitlab.com/souch/SMSbypass
+Source Code:https://gitlab.com/souch/SMSbypass/tree/HEAD
+Issue Tracker:https://gitlab.com/souch/SMSbypass/issues
+Donate:http://rodolphe.souchaud.free.fr/donate
+FlattrID:cad90e036b975ed129a3ce80a0750466
+
+Auto Name:Battery level
+Summary:Filter SMS and show them in a fake app
+Description:
+In order to keep away curious eyes, SMS-bypass filters incoming SMS messages
+before they reach your inbox. Based on bughunter2.smsfilter.
+
+Features:
+
+* Discrete fake app "Battery level": Long tap on Battery percentage will show SMS.
+* Filter incoming SMS specified address: redirect the SMS to SMS-bypass messages list; remove SMS arrival sound or vibration; show a discreet notification icon (battery level); vibrate if checked in settings
+* Add contact from contact list
+* Export messages to a text file
+.
+
+Repo Type:git
+Repo:https://gitlab.com/souch/SMSbypass.git
+
+Build:0.8,5
+    commit=v0.8
+    subdir=app
+    gradle=yes
+    prebuild=sed -i -e '/minSdkVersion/amaxSdkVersion 19\n' build.gradle
+
+Build:0.8b,6
+    disable=don't build, just use as template for AUM, correct VC is 8
+    commit=2bd6164ff6391906af2af2b484de69a4ff926a01
+    subdir=app
+    gradle=yes
+
+Build:0.8.1,8
+    disable=mistagged
+    commit=v0.8.1
+    subdir=app
+    gradle=yes
+
+Build:0.9,9
+    commit=v0.9
+    subdir=app
+    gradle=yes
+
+Auto Update Mode:Version v%v
+Update Check Mode:Tags
+Current Version:0.9
+Current Version Code:9

diff --git a/tests/repo/index-v1.json b/tests/repo/index-v1.json
index cda10cf2377ce265718c12b1ed472d7fbc3e4e3a..912f610c6a674ed7e4c63aaaca7dcdbeaa94c823 100644 (file)
--- a/tests/repo/index-v1.json
+++ b/tests/repo/index-v1.json
@@ -21,6 +21,26 @@
     ]
   },
   "apps": [
+    {
+      "categories": [
+        "Phone & SMS"
+      ],
+      "suggestedVersionName": "0.9",
+      "suggestedVersionCode": "9",
+      "description": "<p>In order to keep away curious eyes, SMS-bypass filters incoming SMS messages before they reach your inbox. Based on bughunter2.smsfilter.</p><p>Features:</p><ul><li> Discrete fake app \"Battery level\": Long tap on Battery percentage will show SMS.</li><li> Filter incoming SMS specified address: redirect the SMS to SMS-bypass messages list; remove SMS arrival sound or vibration; show a discreet notification icon (battery level); vibrate if checked in settings</li><li> Add contact from contact list</li><li> Export messages to a text file</li></ul>",
+      "donate": "http://rodolphe.souchaud.free.fr/donate",
+      "flattrID": "cad90e036b975ed129a3ce80a0750466",
+      "issueTracker": "https://gitlab.com/souch/SMSbypass/issues",
+      "license": "GPL-3.0",
+      "name": "Battery level",
+      "sourceCode": "https://gitlab.com/souch/SMSbypass/tree/HEAD",
+      "summary": "Filter SMS and show them in a fake app",
+      "webSite": "https://gitlab.com/souch/SMSbypass",
+      "added": 1524700800000,
+      "icon": "souch.smsbypass.9.png",
+      "packageName": "souch.smsbypass",
+      "lastUpdated": 1524700800000
+    },
     {
       "categories": [
         "tests"
@@ -525,6 +545,48 @@
         "versionCode": 1619,
         "versionName": "0.1"
       }
+    ],
+    "souch.smsbypass": [
+      {
+        "added": 1524700800000,
+        "apkName": "souch.smsbypass_9.apk",
+        "hash": "80b0ae68a1189baa3ee6717092e3dbf1a4210165f7f7e5f2f9616bd63a2ec01d",
+        "hashType": "sha256",
+        "minSdkVersion": "8",
+        "packageName": "souch.smsbypass",
+        "sig": "e50c99753cd45e2736d52cb49be07581",
+        "signer": "d3aec784b1fd71549fc22c999789122e3639895db6bd585da5835fbe3db6985c",
+        "size": 81295,
+        "targetSdkVersion": "18",
+        "uses-permission": [
+          [
+            "android.permission.RECEIVE_SMS",
+            null
+          ],
+          [
+            "android.permission.SEND_SMS",
+            null
+          ],
+          [
+            "android.permission.READ_CONTACTS",
+            null
+          ],
+          [
+            "android.permission.WRITE_EXTERNAL_STORAGE",
+            null
+          ],
+          [
+            "android.permission.VIBRATE",
+            null
+          ],
+          [
+            "android.permission.READ_EXTERNAL_STORAGE",
+            null
+          ]
+        ],
+        "versionCode": 9,
+        "versionName": "0.9"
+      }
     ]
   }
-}
+}
\ No newline at end of file

diff --git a/tests/repo/index.xml b/tests/repo/index.xml
index ef6988deaa9797a7e300ada566aba60817885f41..9b6ef50a170e0de1c6f9c07d189ab59881423c83 100644 (file)
--- a/tests/repo/index.xml
+++ b/tests/repo/index.xml
@@ -8,6 +8,37 @@
        <install packageName="org.adaway"/>
        <uninstall packageName="com.android.vending"/>
        <uninstall packageName="com.facebook.orca"/>
+       <application id="souch.smsbypass">
+               <id>souch.smsbypass</id>
+               <added>2018-04-26</added>
+               <lastupdated>2018-04-26</lastupdated>
+               <name>Battery level</name>
+               <summary>Filter SMS and show them in a fake app</summary>
+               <icon>souch.smsbypass.9.png</icon>
+               <desc>&lt;p&gt;In order to keep away curious eyes, SMS-bypass filters incoming SMS messages before they reach your inbox. Based on bughunter2.smsfilter.&lt;/p&gt;&lt;p&gt;Features:&lt;/p&gt;&lt;ul&gt;&lt;li&gt; Discrete fake app &quot;Battery level&quot;: Long tap on Battery percentage will show SMS.&lt;/li&gt;&lt;li&gt; Filter incoming SMS specified address: redirect the SMS to SMS-bypass messages list; remove SMS arrival sound or vibration; show a discreet notification icon (battery level); vibrate if checked in settings&lt;/li&gt;&lt;li&gt; Add contact from contact list&lt;/li&gt;&lt;li&gt; Export messages to a text file&lt;/li&gt;&lt;/ul&gt;</desc>
+               <license>GPL-3.0</license>
+               <categories>Phone &amp; SMS</categories>
+               <category>Phone &amp; SMS</category>
+               <web>https://gitlab.com/souch/SMSbypass</web>
+               <source>https://gitlab.com/souch/SMSbypass/tree/HEAD</source>
+               <tracker>https://gitlab.com/souch/SMSbypass/issues</tracker>
+               <donate>http://rodolphe.souchaud.free.fr/donate</donate>
+               <flattr>cad90e036b975ed129a3ce80a0750466</flattr>
+               <marketversion>0.9</marketversion>
+               <marketvercode>9</marketvercode>
+               <package>
+                       <version>0.9</version>
+                       <versioncode>9</versioncode>
+                       <apkname>souch.smsbypass_9.apk</apkname>
+                       <hash type="sha256">80b0ae68a1189baa3ee6717092e3dbf1a4210165f7f7e5f2f9616bd63a2ec01d</hash>
+                       <size>81295</size>
+                       <sdkver>8</sdkver>
+                       <targetSdkVersion>18</targetSdkVersion>
+                       <added>2018-04-26</added>
+                       <sig>e50c99753cd45e2736d52cb49be07581</sig>
+                       <permissions>READ_CONTACTS,READ_EXTERNAL_STORAGE,RECEIVE_SMS,SEND_SMS,VIBRATE,WRITE_EXTERNAL_STORAGE</permissions>
+               </package>
+       </application>
        <application id="duplicate.permisssions">
                <id>duplicate.permisssions</id>
                <added>2017-12-22</added>

diff --git a/tests/repo/souch.smsbypass_9.apk b/tests/repo/souch.smsbypass_9.apk
new file mode 100644 (file)
index 0000000..ce96f29
Binary files /dev/null and b/tests/repo/souch.smsbypass_9.apk differ

diff --git a/tests/stats/known_apks.txt b/tests/stats/known_apks.txt
index ef90c79742b3080a095ff6e3633dfe76d334f25e..392c68ffb079136ee613ac5b57844abea2dde7de 100644 (file)
--- a/tests/stats/known_apks.txt
+++ b/tests/stats/known_apks.txt
@@ -10,4 +10,5 @@ obb.main.twoversions_1101615.apk obb.main.twoversions 2016-01-01
 obb.main.twoversions_1101617.apk obb.main.twoversions 2016-06-20
 obb.mainpatch.current_1619.apk obb.mainpatch.current 2016-04-23
 obb.mainpatch.current_1619_another-release-key.apk obb.mainpatch.current 2017-06-01
+souch.smsbypass_9.apk souch.smsbypass 2018-04-26
 urzip-; Рахма́нинов, [rɐxˈmanʲɪnəf] سيرجي_رخمانينوف 谢尔盖·.apk info.guardianproject.urzip 2016-06-23

diff --git a/tests/update.TestCase b/tests/update.TestCase
index eb59c3d0848d25994f18e48b2306789a510c567b..6616669feff431bcbd8e40ab1932522aba950ad9 100755 (executable)
--- a/tests/update.TestCase
+++ b/tests/update.TestCase
@@ -253,7 +253,7 @@ class UpdateTest(unittest.TestCase):
         apps = fdroidserver.metadata.read_metadata(xref=True)
         knownapks = fdroidserver.common.KnownApks()
         apks, cachechanged = fdroidserver.update.process_apks({}, 'repo', knownapks, False)
-        self.assertEqual(len(apks), 13)
+        self.assertEqual(len(apks), 14)
         apk = apks[0]
         self.assertEqual(apk['packageName'], 'com.politedroid')
         self.assertEqual(apk['versionCode'], 3)
@@ -298,6 +298,10 @@ class UpdateTest(unittest.TestCase):
         if os.path.basename(os.getcwd()) != 'tests':
             raise Exception('This test must be run in the "tests/" subdir')
 
+        apk_info = fdroidserver.update.scan_apk('repo/souch.smsbypass_9.apk')
+        self.assertIsNone(apk_info.get('maxSdkVersion'))
+        self.assertEqual(apk_info.get('versionName'), '0.9')
+
         apk_info = fdroidserver.update.scan_apk('repo/duplicate.permisssions_9999999.apk')
         self.assertEqual(apk_info['icons_src'], {'160': 'res/drawable/ic_launcher.png',
                                                  '-1': 'res/drawable/ic_launcher.png'})
@@ -549,7 +553,7 @@ class UpdateTest(unittest.TestCase):
         knownapks = fdroidserver.common.KnownApks()
         apks, cachechanged = fdroidserver.update.process_apks({}, 'repo', knownapks, False)
         fdroidserver.update.translate_per_build_anti_features(apps, apks)
-        self.assertEqual(len(apks), 13)
+        self.assertEqual(len(apks), 14)
         foundtest = False
         for apk in apks:
             if apk['packageName'] == 'com.politedroid' and apk['versionCode'] == 3: