forked from AndroBugs/AndroBugs_Framework
-
Notifications
You must be signed in to change notification settings - Fork 0
/
AndroBugs_ReportSummary.py
127 lines (98 loc) · 4.79 KB
/
AndroBugs_ReportSummary.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
from pymongo import MongoClient
import argparse
import sys
from ConfigParser import SafeConfigParser
import platform
import os
ANALYZE_MODE_SINGLE = "single"
ANALYZE_MODE_MASSIVE = "massive"
def parseArgument():
parser = argparse.ArgumentParser(description='AndroBugs Framework: Android APK Vulnerability Summary Reporter (Parameter Condition: and)')
parser.add_argument("-m", "--analyze_mode", help="Specify \"single\" or \"massive\"", type=str, required=True)
parser.add_argument("-b", "--analyze_engine_build", help="Analysis build number.", type=int, required=False, default=None)
parser.add_argument("-t", "--analyze_tag", help="Analysis tag to uniquely distinguish this time of analysis.", type=str, required=False, default=None)
parser.add_argument("-s", "--analyze_status", help="\"success\", \"fail\", or \"all\"(default)", type=str, required=False, default=None)
args = parser.parse_args()
return args
args = parseArgument()
print("## AndroBugs Framework: Android APK Vulnerability Summary Reporter ##")
print
if platform.system().lower() == "windows" :
import sys
db_config_file = os.path.join(os.path.dirname(sys.executable), 'androbugs-db.cfg')
print("[Notice] The output format is not good in Windows console")
else :
db_config_file = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'androbugs-db.cfg')
if not os.path.isfile(db_config_file) :
print("[ERROR] AndroBugs Framework DB config file not found: " + db_config_file)
traceback.print_exc()
configParser = SafeConfigParser()
configParser.read(db_config_file)
MongoDB_Hostname = configParser.get('DB_Config', 'MongoDB_Hostname')
MongoDB_Port = configParser.getint('DB_Config', 'MongoDB_Port')
MongoDB_Database = configParser.get('DB_Config', 'MongoDB_Database')
Collection_Analyze_Result = configParser.get('DB_Collections', 'Collection_Analyze_Result')
client = MongoClient(MongoDB_Hostname, MongoDB_Port)
db = client[MongoDB_Database] # Name is case-sensitive
collection_AppInfo = db[Collection_Analyze_Result] # Name is case-sensitive
# collection_AnalyzeResults = db['AnalyzeSuccessResults']
query_condition = dict()
if args.analyze_mode :
query_condition["analyze_mode"] = args.analyze_mode
if args.analyze_engine_build :
query_condition["analyze_engine_build"] = args.analyze_engine_build
if args.analyze_tag :
query_condition["analyze_tag"] = args.analyze_tag
if args.analyze_status :
if args.analyze_status != "all" :
query_condition["analyze_status"] = args.analyze_status
# ------------------------------------------------------------------------------------
vector_to_level_count_list = {}
count_success = 0
count_fail = 0
total_count = 0
for report in collection_AppInfo.find(query_condition) :
if (report["analyze_status"] == "success") :
count_success = count_success + 1
elif (report["analyze_status"] == "fail") :
count_fail = count_fail + 1
if "details" in report :
details = report["details"]
for key, value in details.items() :
if key not in vector_to_level_count_list :
vector_to_level_count_list[key] = { "Critical":0, "Warning":0, "Notice":0, "Info":0 }
level_tag = value["level"]
vector_to_level_count_list[key][level_tag] = vector_to_level_count_list[key][level_tag] + 1
total_count = count_success + count_fail
print("%50s %9s %9s %9s %9s %9s %17s %14s %14s %14s %17s" % ("Vector Name",
"Critical", "Warning", "Notice", "Info", "Total",
"% of Critical", "% of Warning", "% of Notice", "% of Info", "% of Non-Info"))
print('-' * 190)
if total_count == 0 :
print("No Data.")
else :
for key, level_count_list in sorted(vector_to_level_count_list.items()) :
if count_success == 0 :
print("%50s : %9s %9s %9s %9s %9s %16.2f%% %13.2f%% %13.2f%% %13.2f%% %16.2f%%" % (
key,
level_count_list["Critical"], level_count_list["Warning"], level_count_list["Notice"], level_count_list["Info"],
count_success,
0, 0, 0, 0, 0
))
else :
print("%50s : %9s %9s %9s %9s %9s %16.2f%% %13.2f%% %13.2f%% %13.2f%% %16.2f%%" % (
key,
level_count_list["Critical"], level_count_list["Warning"], level_count_list["Notice"], level_count_list["Info"],
count_success,
(level_count_list["Critical"]/float(count_success)*100), (level_count_list["Warning"]/float(count_success)*100),
(level_count_list["Notice"]/float(count_success)*100), (level_count_list["Info"]/float(count_success)*100),
((1-(level_count_list["Info"]/float(count_success)))*100)
))
print('-' * 190)
# ------------------------------------------------------------------------------------
count_total = count_success + count_fail
if (count_total > 0) :
print("Total(Success + Fail to analyze) APKs: %d; Success to analyze APKs: %d (%.2f%%); Fail to analyze APKs: %d (%.2f%%)" % (
count_total, count_success, ((count_success / float(count_total)) * 100 ), count_fail, ((count_fail / float(count_total)) * 100 )
))
print