first commit

2023-11-15 15:59:13 +01:00 · 2023-11-15 15:59:13 +01:00 · cd1e91bb99
commit cd1e91bb99
287 changed files with 86425 additions and 0 deletions
--- a/rasta_exp/docker/wognsen_et_al/RASTA_VERSION
+++ b/rasta_exp/docker/wognsen_et_al/RASTA_VERSION
@ -0,0 +1 @@
+latest
--- a/rasta_exp/docker/wognsen_et_al/README.md
+++ b/rasta_exp/docker/wognsen_et_al/README.md
@ -0,0 +1,8 @@
+# Wognsen et al
+
+- [source](https://bitbucket.org/erw/dalvik-bytecode-analysis-tool/src/master/)
+- [paper](https://www.sciencedirect.com/science/article/pii/S0167642313003304)
+- language: Python2, Prolog
+- dep: apktool/backsmali
+- number of years without at least 1 commit since first commit: 10
+- License: None
--- a/rasta_exp/docker/wognsen_et_al/latest/Dockerfile
+++ b/rasta_exp/docker/wognsen_et_al/latest/Dockerfile
@ -0,0 +1,49 @@
+FROM ubuntu:22.04
+
+# RUN sed -i -e "s/archive.ubuntu.com/old-releases.ubuntu.com/g" /etc/apt/sources.list
+
+RUN apt-get update && apt-get install -y git time wget
+
+RUN mkdir /workspace
+RUN git init /workspace/dalvik-bytecode-analysis-tool && \
+    cd /workspace/dalvik-bytecode-analysis-tool && \
+    git remote add origin https://bitbucket.org/erw/dalvik-bytecode-analysis-tool.git && \
+    git fetch --depth=1 origin 33f952eaf9048d8a040de369c8dd6c4a21477b07 && \
+    git reset --hard FETCH_HEAD
+
+RUN apt-get update && apt-get install -y python2.7 wget && \
+    ln -s /usr/bin/python2.7 /usr/bin/python
+
+RUN wget https://bootstrap.pypa.io/pip/2.7/get-pip.py && \
+    python2.7 get-pip.py && \
+    rm get-pip.py && \
+    python2.7 -m pip install pydot
+
+
+# Install a compatible version of apktool
+RUN apt-get update && apt-get install -y  bzip2 openjdk-8-jdk && \
+    cd /workspace && \
+    wget https://connortumbleson.com/apktool/googlecode/apktool1.5.2.tar.bz2 && \
+    tar -xjf apktool1.5.2.tar.bz2 && rm apktool1.5.2.tar.bz2 && \
+    mkdir bin && \
+    echo '#!/bin/sh' > bin/apktool && \
+    echo 'java -jar /workspace/apktool1.5.2/apktool.jar $@' >> bin/apktool && \
+    chmod +x bin/apktool
+
+# Install XDB
+RUN apt-get update && apt-get install -y gcc make && \
+    cd /workspace && \
+    wget https://xsb.sourceforge.net/downloads/XSB.tar.gz && \
+    tar -xzf XSB.tar.gz && rm XSB.tar.gz && \
+    cd /workspace/XSB/build && \
+    ./configure && ./makexsb
+# according to the doc xdb is a little picky about its invocation, this way we always use
+# the absolute path
+RUN echo '#!/bin/sh' > /workspace/bin/xsb && \
+    echo '/workspace/XSB/bin/xsb "$@"' >> /workspace/bin/xsb && \
+    chmod +x /workspace/bin/xsb
+
+ENV PATH="${PATH}:/workspace/bin"
+
+COPY run.sh /
+COPY subrun.sh /
--- a/rasta_exp/docker/wognsen_et_al/latest/run.sh
+++ b/rasta_exp/docker/wognsen_et_al/latest/run.sh
@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+APK_FILENAME=$1
+
+export TIME="time: %e
+kernel-cpu-time: %S
+user-cpu-time: %U
+max-rss-mem: %M
+avg-rss-mem: %t
+avg-total-mem: %K
+page-size: %Z
+nb-major-page-fault: %F
+nb-minor-page-fault: %R
+nb-fs-input: %I
+nb-fs-output: %O
+nb-socket-msg-received: %r
+nb-socket-msg-sent: %s
+nb-signal-delivered: %k
+exit-status: %x"
+
+cd /
+
+/usr/bin/time -o /mnt/report -q /usr/bin/timeout --kill-after=20s ${TIMEOUT} bash subrun.sh ${APK_FILENAME} >> /mnt/stdout 2>> /mnt/stderr
+
--- a/rasta_exp/docker/wognsen_et_al/latest/subrun.sh
+++ b/rasta_exp/docker/wognsen_et_al/latest/subrun.sh
@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+APK_FILENAME=$1
+
+cd /mnt
+
+# Patch for defining user.home for java commands (apktool uses the home dir)
+# https://stackoverflow.com/questions/1501235/change-user-home-system-property
+export _JAVA_OPTIONS=-Duser.home=/mnt
+
+apktool d ${APK_FILENAME} > /mnt/stdout 2> /mnt/stderr
+
+HASH=`echo ${APK_FILENAME} | cut -d '.' -f '1'`
+
+# Fix misshandling of escaped quote in generator.py
+find ${HASH} -name '*.smali' -exec sed -i "s#\\\'#BACKSLASH-SINGLEQ#g" {} \;
+
+python2.7 /workspace/dalvik-bytecode-analysis-tool/prolog/generator.py ./${HASH}/
+
+xsb -S --noprompt -e "['out.pl'], printMethodCalls, printStats, halt."
--- a/rasta_exp/docker/wognsen_et_al/test.py
+++ b/rasta_exp/docker/wognsen_et_al/test.py
@ -0,0 +1,99 @@
+import datetime
+import importlib.util
+import logging
+
+from typing import Any, Type
+from pathlib import Path
+
+if __name__ == "__main__":
+    import sys
+
+    sys.path.append(str(Path(__file__).resolve().parent.parent))
+
+import orchestrator
+
+errors = orchestrator.error_collector
+utils = orchestrator.utils
+
+TIMEOUT = 900
+
+GUEST_MNT = "/mnt"
+PATH_APK = f"{GUEST_MNT}/app.apk"
+
+WORKDIR = "/mnt"
+CMD = f"/workspace/run.sh"
+
+TOOL_NAME = "wognsen_et_al"
+
+# Version name -> folder name
+TOOL_VERSIONS = {
+    "latest": "latest",
+}
+# Name of the default version (default folder = TOOL_VERSIONS[DEFAULT_TOOL_VERSION])
+DEFAULT_TOOL_VERSION = "latest"
+
+EXPECTED_ERROR_TYPES: list[Type[errors.LoggedError]] = [
+    errors.JavaError,
+    errors.NoPrefixJavaError,
+    errors.PythonError,
+]
+
+
+def analyse_artifacts(path: Path) -> dict[str, Any]:
+    """Analyse the artifacts of a test located at `path`."""
+    report = utils.parse_report(path / "report")
+    report["errors"] = list(
+        map(
+            lambda e: e.get_dict(),
+            errors.get_errors(path / "stderr", EXPECTED_ERROR_TYPES),
+        )
+    )
+    report["errors"].extend(
+        map(
+            lambda e: e.get_dict(),
+            errors.get_errors(path / "stdout", EXPECTED_ERROR_TYPES),
+        )
+    )
+    if report["timeout"]:
+        report["tool-status"] = "TIMEOUT"
+    elif check_success(path):
+        report["tool-status"] = "FINISHED"
+    else:
+        report["tool-status"] = "FAILED"
+    report["tool-name"] = TOOL_NAME
+    report["date"] = str(datetime.datetime.now())
+    report["apk"] = utils.sha256_sum(path / "app.apk").upper()
+    return report
+
+
+def check_success(path: Path) -> bool:
+    """Check if the analysis finished without crashing."""
+    # The tool is supposed to print the graph to stdout, if stdout
+    # is empty, it means the tool failled.
+    return (path / "stdout").stat().st_size > 1
+
+
+if __name__ == "__main__":
+    import docker  # type: ignore
+
+    args = orchestrator.get_test_args(TOOL_NAME)
+
+    tool_folder = Path(__file__).resolve().parent
+    api_key = orchestrator.get_androzoo_key()
+    if args.get_apk_info:
+        orchestrator.load_apk_info(args.apk_refs, args.androzoo_list, api_key)
+    client = docker.from_env()
+
+    logging.info("Command tested: ")
+    logging.info(f"[{WORKDIR}]$ {CMD}")
+
+    for apk_ref in args.apk_refs:
+        orchestrator.test_tool_on_apk(
+            client,
+            tool_folder,
+            api_key,
+            apk_ref,
+            args.tool_version,
+            args.keep_artifacts,
+            args.force_test,
+        )