Upload New File

aeb51ea0 · alejper · ddb94eaa · aeb51ea0
Commit aeb51ea0 authored 9 months ago by alejper
--- a/analizar-app/analizar_app.py
+++ b/analizar-app/analizar_app.py
+from requests import get
+import urllib3
+import sys
+
+
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
+
+# Comprobaciones sobre las apps
+RED_FLAGS = {
+    # Test OWASP sobre acceso al almacenamiento externo
+    "OWASP MASTG-TEST-0202": 
+        ["android.permission.READ_EXTERNAL_STORAGE", 
+         "android.permission.WRITE_EXTERNAL_STORAGE"],
+
+    # Cambio en la política de Google sobre el acceso a todos los archivos
+    "Google Policy Review Requirements - All files access": 
+        ["android.permission.MANAGE_EXTERNAL_STORAGE"],
+
+    # Cambio en la política de Google sobre el acceso a fotografías y videos
+    "Google Policy Review Requirements - Photo and Video access": 
+        ["android.permission.READ_MEDIA_IMAGES", 
+         "android.permission.READ_MEDIA_VIDEO"]
+}
+
+
+# URL de consulta a App-PIMD
+APP_PIMD_URL = "https://apkfalcon.infor.uva.es:8080/get/app/package?package={}"
+
+
+# Función que analiza las apps listadas en función a las red flags definidas
+def analyze_apps(apps_list, red_flags):
+    print("Iniciando análisis de {} apps.\n".format(len(apps_list)), flush=True)
+
+    results = {}
+    for app in apps_list:
+        print("Obteniendo metadatos de {}. ".format(app), end="", flush=True)
+
+        req = get(APP_PIMD_URL.format(app), verify=False)
+        print("✔️" if req.status_code == 200 else "❌", flush=True)
+
+        if req.status_code == 200:
+            print("Analizando {} en busca de red flags. ".format(app), end="", flush=True)
+
+            result_i = {}
+            j = 0
+            for red_flag in red_flags:
+
+                i = 0
+                for permission in red_flags[red_flag]:
+                    i += 1 if permission in req.text else 0
+
+                j += i
+                result_i[red_flag] = i
+
+            print("{} red flags encontradas.\n".format(j), flush=True)
+
+            results[app] = result_i
+
+    print("\nReporte del análisis:\n", flush=True)
+
+    for app in results:
+        print(app + ":", flush=True)
+        for red_flag in results[app]:
+            print("\t {:<60} \t {:>1}/{}".format(red_flag, results[app][red_flag], len(red_flags[red_flag])), flush=True)
+
+        print()
+
+    print("Análisis completo.", flush=True)
+
+
+if __name__ == "__main__":
+    if len(sys.argv) < 2:
+        print("Uso: python script.py <nombre_de_paquete_de_la_app>")
+        sys.exit(1)
+
+    app_package_name = sys.argv[1]
+
+    analyze_apps([app_package_name], RED_FLAGS)