ChatGPT Permission Mapping + Improved Description

mobsf/StaticAnalyzer/models.py

@@ -46,6 +46,7 @@ class StaticAnalyzerAndroid(models.Model):
     ANDROID_API = models.TextField(default={})
     CODE_ANALYSIS = models.TextField(default={})
     NIAP_ANALYSIS = models.TextField(default={})
+    PERMISSION_MAPPING = models.TextField(default={})
     URLS = models.TextField(default=[])
     DOMAINS = models.TextField(default={})
     EMAILS = models.TextField(default=[])

mobsf/StaticAnalyzer/views/android/code_analysis.py

@@ -2,10 +2,13 @@
 """Module holding the functions for code analysis."""
 
 import logging
+import tempfile
 from pathlib import Path
 
 from django.conf import settings
 
+import yaml
+
 from mobsf.MobSF.utils import (
     filename_from_path,
     get_android_src_dir,
@@ -21,15 +24,48 @@
 logger = logging.getLogger(__name__)
 
 
-def code_analysis(app_dir, typ, manifest_file):
+def get_perm_rules(perm_rules, android_permissions):
+    """Get applicablepermission rules."""
+    try:
+        if not android_permissions:
+            return None
+        dynamic_rules = []
+        with perm_rules.open('r') as perm_file:
+            prules = yaml.load(perm_file, Loader=yaml.FullLoader)
+        for p in prules:
+            if p['id'] in android_permissions.keys():
+                dynamic_rules.append(p)
+        rules = yaml.dump(dynamic_rules)
+        if rules:
+            tmp = tempfile.NamedTemporaryFile(mode='w')
+            tmp.write(rules)
+            tmp.flush()
+            return tmp
+    except Exception:
+        logger.error('Getting Permission Rules')
+    return None
+
+
+def permission_transform(perm_mappings):
+    """Simply permission mappings."""
+    mappings = {}
+    for k, v in perm_mappings.items():
+        mappings[k] = v['files']
+    return mappings
+
+
+def code_analysis(app_dir, typ, manifest_file, android_permissions):
     """Perform the code analysis."""
     try:
         root = Path(settings.BASE_DIR) / 'StaticAnalyzer' / 'views'
-        code_rules = root / 'android' / 'rules' / 'android_rules.yaml'
-        api_rules = root / 'android' / 'rules' / 'android_apis.yaml'
-        niap_rules = root / 'android' / 'rules' / 'android_niap.yaml'
+        and_rules = root / 'android' / 'rules'
+        code_rules = and_rules / 'android_rules.yaml'
+        api_rules = and_rules / 'android_apis.yaml'
+        perm_rules = and_rules / 'android_permissions.yaml'
+        niap_rules = and_rules / 'android_niap.yaml'
         code_findings = {}
         api_findings = {}
+        perm_mappings = {}
         email_n_file = []
         url_n_file = []
         url_list = []
@@ -38,19 +74,31 @@ def code_analysis(app_dir, typ, manifest_file):
         skp = settings.SKIP_CLASS_PATH
         logger.info('Code Analysis Started on - %s',
                     filename_from_path(src))
-        # Code and API Analysis
+        # Code Analysis
         code_findings = scan(
             code_rules.as_posix(),
             {'.java', '.kt'},
             [src],
             skp)
         logger.info('Android SAST Completed')
+        # API Analysis
         logger.info('Android API Analysis Started')
         api_findings = scan(
             api_rules.as_posix(),
             {'.java', '.kt'},
             [src],
             skp)
+        # Permission Mapping
+        rule_file = get_perm_rules(perm_rules, android_permissions)
+        if rule_file:
+            logger.info('Android Permission Mapping Started')
+            perm_mappings = permission_transform(scan(
+                rule_file.name,
+                {'.java', '.kt'},
+                [src],
+                {}))
+            logger.info('Android Permission Mapping Completed')
+            rule_file.close()
         # NIAP Scan
         niap_findings = niap_scan(
             niap_rules.as_posix(),
@@ -80,6 +128,7 @@ def code_analysis(app_dir, typ, manifest_file):
         logger.info('Finished Code Analysis, Email and URL Extraction')
         code_an_dic = {
             'api': api_findings,
+            'perm_mappings': perm_mappings,
             'findings': code_findings,
             'niap': niap_findings,
             'urls_list': url_list,

mobsf/StaticAnalyzer/views/android/db_interaction.py

@@ -66,6 +66,7 @@ def get_context_from_db_entry(db_entry: QuerySet) -> dict:
             'android_api': python_dict(db_entry[0].ANDROID_API),
             'code_analysis': code,
             'niap_analysis': python_dict(db_entry[0].NIAP_ANALYSIS),
+            'permission_mapping': python_dict(db_entry[0].PERMISSION_MAPPING),
             'urls': python_list(db_entry[0].URLS),
             'domains': python_dict(db_entry[0].DOMAINS),
             'emails': python_list(db_entry[0].EMAILS),
@@ -136,6 +137,7 @@ def get_context_from_analysis(app_dic,
             'android_api': code_an_dic['api'],
             'code_analysis': code,
             'niap_analysis': code_an_dic['niap'],
+            'permission_mapping': code_an_dic['perm_mappings'],
             'urls': code_an_dic['urls'],
             'domains': code_an_dic['domains'],
             'emails': code_an_dic['emails'],
@@ -197,6 +199,7 @@ def save_or_update(update_type,
             'ANDROID_API': code_an_dic['api'],
             'CODE_ANALYSIS': code_an_dic['findings'],
             'NIAP_ANALYSIS': code_an_dic['niap'],
+            'PERMISSION_MAPPING': code_an_dic['perm_mappings'],
             'URLS': code_an_dic['urls'],
             'DOMAINS': code_an_dic['domains'],
             'EMAILS': code_an_dic['emails'],
@@ -237,33 +240,23 @@ def save_get_ctx(app, man, m_anal, code, cert, elf, apkid, quark, trk, rscn):
     # SAVE TO DB
     if rscn:
         logger.info('Updating Database...')
-        save_or_update(
-            'update',
-            app,
-            man,
-            m_anal,
-            code,
-            cert,
-            elf,
-            apkid,
-            quark,
-            trk,
-        )
+        action = 'update'
         update_scan_timestamp(app['md5'])
     else:
         logger.info('Saving to Database')
-        save_or_update(
-            'save',
-            app,
-            man,
-            m_anal,
-            code,
-            cert,
-            elf,
-            apkid,
-            quark,
-            trk,
-        )
+        action = 'save'
+    save_or_update(
+        action,
+        app,
+        man,
+        m_anal,
+        code,
+        cert,
+        elf,
+        apkid,
+        quark,
+        trk,
+    )
     return get_context_from_analysis(
         app,
         man,