public void NonExistingFile() { AndroidManifestFile manifestFile = GetAndroidManifestFile("NonExistingFile.xml"); XElement element = manifestFile.GetXElement(); Assert.AreEqual("Content", element.Value); }
public void InvalidDocument() { AndroidManifestFile manifestFile = GetAndroidManifestFile("InvalidDocument.txt"); XElement element = manifestFile.GetXElement(); Assert.AreEqual("Content", element.Value); }
public override void Analyze(AndroidManifestFile androidManifestFile) { var vulnerabilities = androidManifestFile.GetXElement() .Elements("uses-sdk") .Where(IsOutdated) .Select(e => new Vulnerability { Code = "MinSdk", Title = "App supports outdated Android version", Description = "Apps should no longer support Android Gingerbread or lower. This version is used by less than 0.3% of all devices and the latest release was in 2011.", FilePath = androidManifestFile.FilePath, FullyQualifiedName = "AndroidManifest.xml", LineNumber = ((IXmlLineInfo)e).LineNumber }).ToList(); vulnerabilities.ForEach(OnVulnerabilityDiscovered); }
public override void Analyze(AndroidManifestFile androidManifestFile) { var vulnerabilities = androidManifestFile.GetXElement() .Elements("application") .Where(IsBackupAllowed) .Select(e => new Vulnerability { Code = "AllowBackup", Title = "Backups are enabled", Description = $"Enabling backups may leak sensitive data to the cloud.", FilePath = androidManifestFile.FilePath, FullyQualifiedName = "AndroidManifest.xml", LineNumber = ((IXmlLineInfo)e).LineNumber }).ToList(); vulnerabilities.ForEach(OnVulnerabilityDiscovered); }
public override void Analyze(AndroidManifestFile androidManifestFile) { var vulnerabilities = androidManifestFile.GetXElement() .Elements("application") .Where(IsDebuggable) .Select(e => new Vulnerability { Code = "Debuggable", Title = "App has debugging enabled", Description = "Enabling debugging makes it easier for an attacker to reverse engineer your app.", FilePath = androidManifestFile.FilePath, FullyQualifiedName = "AndroidManifest.xml", LineNumber = ((IXmlLineInfo)e).LineNumber }).ToList(); vulnerabilities.ForEach(OnVulnerabilityDiscovered); }
public override void Analyze(AndroidManifestFile androidManifestFile) { var vulnerabilities = androidManifestFile.GetXElement() .Elements("application") .Where(IsBackupAllowed) .Select(e => new Vulnerability { Code = "AllowBackup", Title = "Backups are enabled", SeverityLevel = SeverityLevel.Medium, Description = $"Enabling backups may leak (sensitive) app data to Google's cloud services. If you would like to disable this feature, set 'allowBackup' to false in the <application> element.", FilePath = androidManifestFile.FilePath, FullyQualifiedName = "AndroidManifest.xml", LineNumber = ((IXmlLineInfo)e).LineNumber }).ToList(); vulnerabilities.ForEach(OnVulnerabilityDiscovered); }