mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-11-14 11:00:10 +01:00
df27bae6a0
* New command `dscanner`, enables one to scan signed APKs with Drozer * Drozer is a dynamic vulnerability scanner for Android * Drozer runs in a emulator or on-device, this new `dscanner` command... * starts a docker image with Drozer and the Android Emulator pre-installed, * loads the signed APK into the emulator * activates Drozer automated tests for the APK * gathers the report output and places it next to the original APK * The Drozer docker image can be: * cached locally for re-use (just don't run --clean*) * retrieved from dockerhub.com for more efficient runtime * or be built from scratch (in the new "./docker" directory) * New "Vulnerability Scanning" documentation section (run gendocs.sh)
150 lines
5.4 KiB
Python
Executable File
150 lines
5.4 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
#
|
|
# fdroid.py - part of the FDroid server tools
|
|
# Copyright (C) 2010-2015, Ciaran Gultnieks, ciaran@ciarang.com
|
|
# Copyright (C) 2013-2014 Daniel Marti <mvdan@mvdan.cc>
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
import sys
|
|
import logging
|
|
|
|
import fdroidserver.common
|
|
import fdroidserver.metadata
|
|
from argparse import ArgumentError
|
|
|
|
commands = {
|
|
"build": "Build a package from source",
|
|
"init": "Quickly start a new repository",
|
|
"publish": "Sign and place packages in the repo",
|
|
"gpgsign": "Add gpg signatures for packages in repo",
|
|
"update": "Update repo information for new packages",
|
|
"verify": "Verify the integrity of downloaded packages",
|
|
"checkupdates": "Check for updates to applications",
|
|
"import": "Add a new application from its source code",
|
|
"install": "Install built packages on devices",
|
|
"readmeta": "Read all the metadata files and exit",
|
|
"rewritemeta": "Rewrite all the metadata files",
|
|
"lint": "Warn about possible metadata errors",
|
|
"scanner": "Scan the source code of a package",
|
|
"dscanner": "Dynamically scan APKs post build",
|
|
"stats": "Update the stats of the repo",
|
|
"server": "Interact with the repo HTTP server",
|
|
"signindex": "Sign indexes created using update --nosign",
|
|
}
|
|
|
|
|
|
def print_help():
|
|
print("usage: fdroid [-h|--help|--version] <command> [<args>]")
|
|
print("")
|
|
print("Valid commands are:")
|
|
for cmd, summary in commands.items():
|
|
print(" " + cmd + ' ' * (15 - len(cmd)) + summary)
|
|
print("")
|
|
|
|
|
|
def main():
|
|
|
|
if len(sys.argv) <= 1:
|
|
print_help()
|
|
sys.exit(0)
|
|
|
|
command = sys.argv[1]
|
|
if command not in commands:
|
|
if command in ('-h', '--help'):
|
|
print_help()
|
|
sys.exit(0)
|
|
elif command == '--version':
|
|
import os.path
|
|
output = 'no version info found!'
|
|
cmddir = os.path.realpath(os.path.dirname(__file__))
|
|
moduledir = os.path.realpath(os.path.dirname(fdroidserver.common.__file__) + '/..')
|
|
if cmddir == moduledir:
|
|
# running from git
|
|
os.chdir(cmddir)
|
|
if os.path.isdir('.git'):
|
|
import subprocess
|
|
try:
|
|
output = subprocess.check_output(['git', 'describe'],
|
|
stderr=subprocess.STDOUT,
|
|
universal_newlines=True)
|
|
except subprocess.CalledProcessError:
|
|
output = 'git commit ' + subprocess.check_output(['git', 'rev-parse', 'HEAD'],
|
|
universal_newlines=True)
|
|
elif os.path.exists('setup.py'):
|
|
import re
|
|
m = re.search(r'''.*[\s,\(]+version\s*=\s*["']([0-9a-z.]+)["'].*''',
|
|
open('setup.py').read(), flags=re.MULTILINE)
|
|
if m:
|
|
output = m.group(1) + '\n'
|
|
else:
|
|
from pkg_resources import get_distribution
|
|
output = get_distribution('fdroidserver').version + '\n'
|
|
print(output),
|
|
sys.exit(0)
|
|
else:
|
|
print("Command '%s' not recognised.\n" % command)
|
|
print_help()
|
|
sys.exit(1)
|
|
|
|
verbose = any(s in sys.argv for s in ['-v', '--verbose'])
|
|
quiet = any(s in sys.argv for s in ['-q', '--quiet'])
|
|
|
|
# Helpful to differentiate warnings from errors even when on quiet
|
|
logformat = '%(levelname)s: %(message)s'
|
|
loglevel = logging.INFO
|
|
if verbose:
|
|
loglevel = logging.DEBUG
|
|
elif quiet:
|
|
loglevel = logging.WARN
|
|
|
|
logging.basicConfig(format=logformat, level=loglevel)
|
|
|
|
if verbose and quiet:
|
|
logging.critical("Specifying --verbose and --quiet and the same time is silly")
|
|
sys.exit(1)
|
|
|
|
# Trick optparse into displaying the right usage when --help is used.
|
|
sys.argv[0] += ' ' + command
|
|
|
|
del sys.argv[1]
|
|
mod = __import__('fdroidserver.' + command, None, None, [command])
|
|
|
|
try:
|
|
mod.main()
|
|
# These are ours, contain a proper message and are "expected"
|
|
except (fdroidserver.common.FDroidException,
|
|
fdroidserver.metadata.MetaDataException) as e:
|
|
if verbose:
|
|
raise
|
|
else:
|
|
logging.critical(str(e))
|
|
sys.exit(1)
|
|
except ArgumentError as e:
|
|
logging.critical(str(e))
|
|
sys.exit(1)
|
|
except KeyboardInterrupt:
|
|
print('')
|
|
sys.exit(1)
|
|
# These should only be unexpected crashes due to bugs in the code
|
|
# str(e) often doesn't contain a reason, so just show the backtrace
|
|
except Exception as e:
|
|
logging.critical("Unknown exception found!")
|
|
raise
|
|
sys.exit(0)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|