first commit

rasta_exp/docker/amandroid/RASTA_VERSION

@@ -0,0 +1 @@
+home_build

rasta_exp/docker/amandroid/README.md

@@ -0,0 +1,10 @@
+# Amandroid
+
+- [source](https://github.com/arguslab/Argus-SAF)
+- [fork](https://github.com/ForceOfp/Argus-SAF)
+- [paper](https://dl.acm.org/doi/10.1145/3183575)
+- language: Scala/Java (Python2 for native droid, but != amandroid)
+- JVM: Java 10 ? Hard to find and looks like java 8 works
+- Build: sbt
+- number of years without at least 1 commit since first commit: 3
+- License: Apache 2.0

rasta_exp/docker/amandroid/home_build/Dockerfile

@@ -0,0 +1,33 @@
+FROM ubuntu:22.04
+
+# RUN sed -i -e "s/archive.ubuntu.com/old-releases.ubuntu.com/g" /etc/apt/sources.list
+
+RUN apt-get update && apt-get install -y git time unzip wget
+
+RUN mkdir /workspace
+RUN git init /workspace/amandroid && \
+    cd /workspace/amandroid && \
+    git remote add origin https://github.com/arguslab/Argus-SAF.git && \
+    git fetch --depth=1 origin v3.2.0 && \
+    git reset --hard FETCH_HEAD
+
+# Avoid downloading this each time we launch a new docker
+RUN mkdir -p /workspace/.amandroid_stash && \
+    cd /workspace/.amandroid_stash && \
+    wget https://www.fengguow.dev/resources/amandroid.zip && \
+    wget https://www.fengguow.dev/resources/amandroid.checksum && \
+    unzip amandroid.zip
+
+RUN apt-get update && apt-get install -y openjdk-8-jdk
+
+RUN cd /workspace/amandroid && \
+    sed -i 's/val remotec = getRemoteChecksum("amandroid.checksum")/\/\/val remotec = getRemoteChecksum("amandroid.checksum")/' /workspace/amandroid/amandroid/src/main/scala/org/argus/amandroid/core/AndroidGlobalConfig.scala && \
+    sed -i '46i\\    val remotec = localc' /workspace/amandroid/amandroid/src/main/scala/org/argus/amandroid/core/AndroidGlobalConfig.scala && \ 
+    sed -i '164i javacOptions in jawa ++= Seq("-encoding", "UTF-8")' /workspace/amandroid/build.sbt
+
+RUN cd /workspace/amandroid && \
+    ./tools/bin/sbt -Duser.home=/workspace clean compile assembly test 
+
+RUN ln -s /workspace/amandroid/target/scala-2.12/argus-saf-3.2.0-assembly.jar /workspace/amandroid/argus-saf.jar
+
+COPY run.sh /

rasta_exp/docker/amandroid/home_build/run.sh

@@ -0,0 +1,20 @@
+APK_FILENAME=$1
+
+export TIME="time: %e
+kernel-cpu-time: %S
+user-cpu-time: %U
+max-rss-mem: %M
+avg-rss-mem: %t
+avg-total-mem: %K
+page-size: %Z
+nb-major-page-fault: %F
+nb-minor-page-fault: %R
+nb-fs-input: %I
+nb-fs-output: %O
+nb-socket-msg-received: %r
+nb-socket-msg-sent: %s
+nb-signal-delivered: %k
+exit-status: %x"
+
+
+/usr/bin/time -o /mnt/report -q /usr/bin/timeout --kill-after=20s ${TIMEOUT} java ${JAVA_PARAM} -Duser.home=/workspace -jar /workspace/amandroid/argus-saf.jar taint -a COMPONENT_BASED -o /mnt/out /mnt/${APK_filename} > /mnt/stdout 2> /mnt/stderr

rasta_exp/docker/amandroid/provided_build/Dockerfile

@@ -0,0 +1,23 @@
+FROM ubuntu:18.04
+
+# RUN sed -i -e "s/archive.ubuntu.com/old-releases.ubuntu.com/g" /etc/apt/sources.list
+
+RUN apt-get update && apt-get install -y git time unzip wget
+
+RUN mkdir /workspace
+RUN git init /workspace/amandroid && \
+    cd /workspace/amandroid && \
+    git remote add origin https://github.com/arguslab/Argus-SAF.git && \
+    git fetch --depth=1 origin 06596c6bb03fe2560030b52bf2b47d17d1bd3068 && \
+    git reset --hard FETCH_HEAD
+
+# Avoid downloading this each time we launch a new docker
+RUN mkdir -p /root/.amandroid_stash && \
+    cd /root/.amandroid_stash && \
+    wget https://www.fengguow.dev/resources/amandroid.zip && \
+    wget https://www.fengguow.dev/resources/amandroid.checksum && \
+    unzip amandroid.zip
+
+RUN apt-get update && apt-get install -y openjdk-8-jdk
+
+RUN ln -s /workspace/amandroid/binaries/argus-saf-3.2.1-SNAPSHOT-assembly.jar /workspace/amandroid/argus-saf.jar

rasta_exp/docker/amandroid/test.py

@@ -0,0 +1,98 @@
+import datetime
+import importlib.util
+import logging
+
+from typing import Any, Type
+from pathlib import Path
+
+if __name__ == "__main__":
+    import sys
+
+    sys.path.append(str(Path(__file__).resolve().parent.parent))
+
+import orchestrator
+
+errors = orchestrator.error_collector
+utils = orchestrator.utils
+
+TIMEOUT = 900
+
+GUEST_MNT = "/mnt"
+PATH_APK = f"{GUEST_MNT}/app.apk"
+
+WORKDIR = "/"
+CMD = f"java -jar /workspace/amandroid/argus-saf.jar taint -a COMPONENT_BASED -o /mnt/out {PATH_APK}"
+
+TOOL_NAME = "amandroid"
+
+# Version name -> folder name
+TOOL_VERSIONS = {
+    "home_build": "home_build",
+    "provided_build": "provided_build",
+}
+# Name of the default version (default folder = TOOL_VERSIONS[DEFAULT_TOOL_VERSION])
+DEFAULT_TOOL_VERSION = "home_build"
+
+# Not much parsable error with this tool, so I just try to catch java errors just in case
+EXPECTED_ERROR_TYPES: list[Type[errors.LoggedError]] = [
+    errors.JavaError,
+    errors.NoPrefixJavaError,
+]
+
+
+def analyse_artifacts(path: Path) -> dict[str, Any]:
+    """Analyse the artifacts of a test located at `path`."""
+    report = utils.parse_report(path / "report")
+    report["errors"] = list(
+        map(
+            lambda e: e.get_dict(),
+            errors.get_errors(path / "stderr", EXPECTED_ERROR_TYPES),
+        )
+    )
+    report["errors"].extend(
+        map(
+            lambda e: e.get_dict(),
+            errors.get_errors(path / "stdout", EXPECTED_ERROR_TYPES),
+        )
+    )
+    if report["timeout"]:
+        report["tool-status"] = "TIMEOUT"
+    elif check_success(path):
+        report["tool-status"] = "FINISHED"
+    else:
+        report["tool-status"] = "FAILED"
+    report["tool-name"] = TOOL_NAME
+    report["date"] = str(datetime.datetime.now())
+    report["apk"] = utils.sha256_sum(path / "app.apk").upper()
+    return report
+
+
+def check_success(path: Path) -> bool:
+    """Check if the analysis finished without crashing."""
+    return (path / "out" / "app" / "result" / "AppData.txt").exists()
+
+
+if __name__ == "__main__":
+    import docker  # type: ignore
+
+    args = orchestrator.get_test_args(TOOL_NAME)
+
+    tool_folder = Path(__file__).resolve().parent
+    api_key = orchestrator.get_androzoo_key()
+    if args.get_apk_info:
+        orchestrator.load_apk_info(args.apk_refs, args.androzoo_list, api_key)
+    client = docker.from_env()
+
+    logging.info("Command tested: ")
+    logging.info(f"[{WORKDIR}]$ {CMD}")
+
+    for apk_ref in args.apk_refs:
+        orchestrator.test_tool_on_apk(
+            client,
+            tool_folder,
+            api_key,
+            apk_ref,
+            args.tool_version,
+            args.keep_artifacts,
+            args.force_test,
+        )