public void NonExistingFile()
{
AndroidManifestFile manifestFile = GetAndroidManifestFile("NonExistingFile.xml");
XElement element = manifestFile.GetXElement();
Assert.AreEqual("Content", element.Value);
}
public void InvalidDocument()
{
AndroidManifestFile manifestFile = GetAndroidManifestFile("InvalidDocument.txt");
XElement element = manifestFile.GetXElement();
Assert.AreEqual("Content", element.Value);
}
public override void Analyze(AndroidManifestFile androidManifestFile)
{
var vulnerabilities = androidManifestFile.GetXElement()
.Elements("uses-sdk")
.Where(IsOutdated)
.Select(e => new Vulnerability
{
Code = "MinSdk",
Title = "App supports outdated Android version",
Description = "Apps should no longer support Android Gingerbread or lower. This version is used by less than 0.3% of all devices and the latest release was in 2011.",
FilePath = androidManifestFile.FilePath,
FullyQualifiedName = "AndroidManifest.xml",
LineNumber = ((IXmlLineInfo)e).LineNumber
}).ToList();
vulnerabilities.ForEach(OnVulnerabilityDiscovered);
}
public override void Analyze(AndroidManifestFile androidManifestFile)
{
var vulnerabilities = androidManifestFile.GetXElement()
.Elements("application")
.Where(IsBackupAllowed)
.Select(e => new Vulnerability
{
Code = "AllowBackup",
Title = "Backups are enabled",
Description = $"Enabling backups may leak sensitive data to the cloud.",
FilePath = androidManifestFile.FilePath,
FullyQualifiedName = "AndroidManifest.xml",
LineNumber = ((IXmlLineInfo)e).LineNumber
}).ToList();
vulnerabilities.ForEach(OnVulnerabilityDiscovered);
}
public override void Analyze(AndroidManifestFile androidManifestFile)
{
var vulnerabilities = androidManifestFile.GetXElement()
.Elements("application")
.Where(IsDebuggable)
.Select(e => new Vulnerability
{
Code = "Debuggable",
Title = "App has debugging enabled",
Description = "Enabling debugging makes it easier for an attacker to reverse engineer your app.",
FilePath = androidManifestFile.FilePath,
FullyQualifiedName = "AndroidManifest.xml",
LineNumber = ((IXmlLineInfo)e).LineNumber
}).ToList();
vulnerabilities.ForEach(OnVulnerabilityDiscovered);
}
public override void Analyze(AndroidManifestFile androidManifestFile)
{
var vulnerabilities = androidManifestFile.GetXElement()
.Elements("application")
.Where(IsBackupAllowed)
.Select(e => new Vulnerability
{
Code = "AllowBackup",
Title = "Backups are enabled",
SeverityLevel = SeverityLevel.Medium,
Description = $"Enabling backups may leak (sensitive) app data to Google's cloud services. If you would like to disable this feature, set 'allowBackup' to false in the <application> element.",
FilePath = androidManifestFile.FilePath,
FullyQualifiedName = "AndroidManifest.xml",
LineNumber = ((IXmlLineInfo)e).LineNumber
}).ToList();
vulnerabilities.ForEach(OnVulnerabilityDiscovered);
}
