kamp/fdroidserver
1
0
Fork 0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-07-04 16:30:12 +02:00
Code Activity
bde0558d82
fdroidserver/tests
History
Hans-Christoph Steiner bde0558d82 update: reject APKs with invalid file sig, probably Janus exploits 
This just checks the first four bytes of the APK file, aka the "file
signature", to make sure it is the ZIP signature and not the DEX signature.
This was checked against the test APK, and I ran it against some known
malware and all of f-droid.org to make sure it works.

All valid ZIP files (therefore APK files) should start with the ZIP
Local File Header of four bytes.

https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures
2017-12-14 16:57:22 +01:00
..
extra rewritemeta yaml: fixed boolen mapping for build flags 2017-07-04 11:51:08 +02:00
getsig include test cases for python getsig replacement 2014-11-07 09:20:33 +00:00
gnupghome gpg-sign all valid files in the repo, including source tarballs 2016-11-07 14:53:01 +01:00
metadata Add Liberapay support 2017-12-12 11:53:31 +01:00
metadata-rewrite-yml moved some yaml test files into a separate forlder to avoid conflicts with other test cases 2017-07-04 13:35:05 +02:00
repo rename test files to work round filename length limits 2017-11-27 16:57:30 +01:00
signindex Support ETag when downloading repository index 2017-05-02 15:37:02 -03:00
source-files add Conversations as gradle flavor test case 2017-12-14 16:52:02 +01:00
stats rename test files to work round filename length limits 2017-11-27 16:57:30 +01:00
androguard_test.py update: find aapt when it is not in the PATH 2017-05-18 17:21:05 +02:00
bad-unicode-πÇÇ现代通用字-български-عربي1.apk rename test files to work round filename length limits 2017-11-27 16:57:30 +01:00
build.TestCase tests: use standard dir setup so all tests start in same dir 2017-11-30 17:32:53 +01:00
common.TestCase Merge branch 'fixFlavor' into 'master' 2017-12-14 16:56:01 +01:00
complete-ci-tests gitlab-ci: move sdist test run to new fedora job 2017-12-06 20:20:17 +01:00
config.py test for original "v0" index XML compatibility 2017-02-24 11:01:01 +01:00
description-parsing.py tests: switch to python3 2016-03-11 13:27:00 +00:00
dummy-keystore.jks added functions for storing/loading signer fingerprints to stats 2017-09-26 14:11:09 +02:00
dump_internal_metadata_format.py fix metadata dump test to run on CI servers 2017-02-28 12:08:04 +01:00
exception.TestCase tests: pre-set failfast as reminder of a handy time saver 2017-10-25 23:01:25 +02:00
import_proxy.py add a basic test of fdroid import 2015-09-10 11:08:40 +02:00
import.TestCase tests: use standard dir setup so all tests start in same dir 2017-11-30 17:32:53 +01:00
index.TestCase handle jarsigner/apksigner output cleanly for rational logging 2017-12-07 17:32:14 +01:00
install.TestCase tests: pre-set failfast as reminder of a handy time saver 2017-10-25 23:01:25 +02:00
IsMD5Disabled.java tests: support Java setups where MD5 is not disabled by default 2017-09-19 20:16:08 +02:00
janus.apk update: reject APKs with invalid file sig, probably Janus exploits 2017-12-14 16:57:22 +01:00
keystore.jks test for original "v0" index XML compatibility 2017-02-24 11:01:01 +01:00
lint.TestCase tests: name temp test dir after test function that used it 2017-11-30 17:32:53 +01:00
metadata.TestCase tests: use standard dir setup so all tests start in same dir 2017-11-30 17:32:53 +01:00
openssl-version-check-test.py update: update openssl KnownVuln scan to handle all recent versions 2017-07-06 13:31:42 +02:00
org.bitbucket.tickytacky.mirrormirror_1.apk update: allow_disabled_algorithms option to keep MD5 sigs in repo 2017-07-03 10:02:51 +02:00
org.bitbucket.tickytacky.mirrormirror_2.apk update: allow_disabled_algorithms option to keep MD5 sigs in repo 2017-07-03 10:02:51 +02:00
org.bitbucket.tickytacky.mirrormirror_3.apk update: allow_disabled_algorithms option to keep MD5 sigs in repo 2017-07-03 10:02:51 +02:00
org.bitbucket.tickytacky.mirrormirror_4.apk update: allow_disabled_algorithms option to keep MD5 sigs in repo 2017-07-03 10:02:51 +02:00
org.dyndns.fules.ck_20.apk use androguard if aapt isn't found 2017-05-04 23:35:17 +02:00
publish.TestCase tests: use standard dir setup so all tests start in same dir 2017-11-30 17:32:53 +01:00
run-tests update: reject APKs with invalid file sig, probably Janus exploits 2017-12-14 16:57:22 +01:00
signatures.TestCase tests: pre-set failfast as reminder of a handy time saver 2017-10-25 23:01:25 +02:00
testcommon.py added signatures subcommand 2017-09-07 00:03:35 +02:00
update.TestCase update: reject APKs with invalid file sig, probably Janus exploits 2017-12-14 16:57:22 +01:00
urzip-badcert.apk include test cases for python getsig replacement 2014-11-07 09:20:33 +00:00
urzip-badsig.apk include test cases for python getsig replacement 2014-11-07 09:20:33 +00:00
urzip-release-unsigned.apk added test case for common.isApkDebuggable() 2014-12-14 13:25:20 +01:00
urzip-release.apk added test case for common.isApkDebuggable() 2014-12-14 13:25:20 +01:00
urzip.apk tests: try fdroid update after adding an APK to an existing repo 2014-06-04 21:54:55 -04:00