java_audit.sh 2.55 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#!/bin/bash -e

if [ $# -ne 3 ]; then
    echo "usage: <path/to/repo> <old commit> <new commit>"
    exit 1
fi

REPO_DIR=$1

OLD=$2
NEW=$3

SCOPE="java" # string: this is the java audit

declare -a KEYWORDS

#KEYWORDS+=('\+\+\+\ ')

# URL access
KEYWORDS+=(URLConnection)
KEYWORDS+=(UrlConnectionDownloader)

# Proxy settings
KEYWORDS+=(ProxySelector)

# Android and java networking and 3rd party libs
KEYWORDS+=("openConnection\(")
KEYWORDS+=("java.net")
KEYWORDS+=("javax.net")
KEYWORDS+=(android.net)
KEYWORDS+=(android.webkit)

# Third Party http libs
KEYWORDS+=(ch.boye.httpclientandroidlib.impl.client)
KEYWORDS+=(okhttp)

# Intents
KEYWORDS+=(IntentHelper)
KEYWORDS+=(openUriExternal)
KEYWORDS+=(getHandlersForMimeType)
KEYWORDS+=(getHandlersForURL)
KEYWORDS+=(getHandlersForIntent)
# KEYOWRDS+=(android.content.Intent) # Common
KEYWORDS+=(startActivity)
KEYWORDS+=(startActivities)
KEYWORDS+=(startBroadcast)
KEYWORDS+=(sendBroadcast)
KEYWORDS+=(sendOrderedBroadcast)
KEYWORDS+=(startService)
KEYWORDS+=(bindService)
KEYWORDS+=(android.app.PendingIntent)
KEYWORDS+=(ActivityHandlerHelper.startIntentAndCatch)
KEYWORDS+=(AppLinksInterceptor)
KEYWORDS+=(AppLinksUseCases)

56
57
58
59
60
61
62
# Rust symbols
KEYWORDS+=("connect\(")
KEYWORDS+=("recvmsg\(")
KEYWORDS+=("sendmsg\(")
KEYWORDS+=("::post\(")
KEYWORDS+=("::get\(")

63
64
65
66
cd $REPO_DIR
#function join_by { local d=$1; shift; local f=$1; shift; printf %s "$f" "${@/#/ $d}"; }
#GREP_LINE="$(join_by \-G ${KEYWORDS[@]})"

67
#base=`git merge-base ${OLD} ${NEW}`
68

69
70
if [ ! -f "release-${OLD}-${NEW}.diff" ];
#if [ ! -f "release-${base}-${NEW}.diff" ];
71
then
72
73
74
75
  echo "Diffing release-${OLD}-${NEW}.diff"
  #echo "Diffing release-${base}-${NEW}.diff"
  git diff --color=always --color-moved $OLD $NEW -U20 > release-${OLD}-${NEW}.diff
  #git diff --color=always --color-moved $base $NEW -U20 > release-${base}-${NEW}.diff
76
77
78
79
80
81
82
83
84
85
86
87
  #git diff --color=always --color-moved -G${GREP_LINE} $OLD $NEW -U20 > release-${OLD}-${NEW}-G.diff
fi

echo "Done with diff"

function join_by { local d=$1; shift; local f=$1; shift; printf %s "$f" "${@/#/$d}"; }

GREP_LINE="$(join_by \| ${KEYWORDS[@]})"
#GREP_LINE="\+\+\+ |$(join_by \| ${KEYWORDS[@]})"

export GREP_COLOR="05;37;41"

88
# XXX: Arg this sometimes misses file context
89
90
#egrep -A40 -B40 --color=always "${GREP_LINE}" release-${base}-${NEW}.diff > keywords-${base}-${NEW}-$SCOPE.diff
egrep -A40 -B40 --color=always "${GREP_LINE}" release-${OLD}-${NEW}.diff > keywords-${OLD}-${NEW}-$SCOPE.diff
91
92

echo "Diff generated. View it with:"
93
94
#echo "  less -R $REPO_DIR/keywords-$base-$NEW-$SCOPE.diff"
echo "  less -R $REPO_DIR/keywords-$OLD-$NEW-$SCOPE.diff"