对于"details"中的任何JsonObject,我需要输入:名称,描述,脆弱性ID,我可以尝试这样做:
JSONObject obj = new JSONObject(vulnerabilityResult.getBody().toString());
JSONObject details= obj.getJSONObject("details");
但是现在我不能放:JSONObject js= details.getJSONObject("ALLOW_BACKUP");
and JSONObject js= details.getJSONObject("CERT_SIGNED"); ecc,,因为响应总是不同的,也许在一个响应中,我可以用MODE_WORLD_READABLE_OR_MODE_WORLD_WRITEABLE代替ALLOW_BACKUP
or PERMISSION_EXPORTED而不是CERT_SIGNED,所以详细信息的响应始终是不同的,但内部始终是相同的(名称,说明。脆弱性ID)。
如何iterate响应JSON?
{
"_id": {
"$oid": "5c8b6e9de06fee000aff3816"
},
"analysis_duration": 50.159813,
"analysis_finish_time": {
"$date": 1552641693484
},
"analysis_start_time": {
"$date": 1552641643167
},
"analysis_status": "success",
"apk_file_size": "3.34 MB",
"apk_path": "/tmp/tmpv3JzHm/7a52372a02974eca1d2b6a8d0913409a.apk",
"ascii_obfuscation_rate": 0.0,
"details": {
"ALLOW_BACKUP": {
"count": 0,
"description": "ADB Backup is ENABLED for this app (default: ENABLED). ADB Backup is a good tool for backing up all of your files. If enabled, people with physical access to the device can copy all of the sensitive data of the app. The sensitive data may include a lifetime access token, username or password, etc.",
"level": "Low",
"name": "AndroidManifest ADB Backup Checking",
"references": {
"links": {
"1": "http://nelenkov.blogspot.co.uk/2012/06/unpacking-android-backups.html",
"2": "http://developer.android.com/guide/topics/manifest/application-element.html#allowbackup"
},
"text": "Further information about this problem and possible countermeasures can be found in blog posts [[1]] and in the Android Reference Guide [[2]]."
},
"remediation": "We suggest to set in the Android Manifest attribute `\"android:allowBackup\"` to \"false\" if the backup capability is not necessary.",
"vulnerability_id": "ALLOW_BACKUP",
"vulnerable_code": []
},
"CERT_SIGNED": {
"count": 1,
"description": "This app is signed with a certificate.",
"level": "Info",
"name": "Android App Signature",
"vulnerability_id": "CERT_SIGNED",
"vulnerable_code": [
{
"id": "OU=SI, CN=Dinesh ShettyOU=SI, CN=Dinesh Shetty",
"string": "[Issuer: organizationalUnitName=SI, commonName=Dinesh Shetty] [Subject: organizationalUnitName=SI, commonName=Dinesh Shetty]"
}
]
},
"COMMAND_MAYBE_SYSTEM": {
"count": 1,
"description": "The app may contain code checking for \"root\" permission, mounting filesystem operations or monitoring system.",
"level": "Info",
"name": "Executing root or System Privilege Checking",
"vulnerability_id": "COMMAND_MAYBE_SYSTEM",
"vulnerable_code": [
{
"class": "Lcom/android/insecurebankv2/PostLogin;",
"method": "doesSUexist",
"string": "Lcom/android/insecurebankv2/PostLogin;->doesSUexist()Z",
"type": "()Z"
}
]
},
"EXTERNAL_STORAGE": {
"count": 2,
"description": "Found external storage access API. Please remember not to write security-critical files to external storage.",
"level": "Low",
"name": "External Storage Accessing",
"references": {
"links": {
"1": "https://developer.android.com/training/basics/data-storage/files.html"
},
"text": "Further information on writing files can be found in the official documentation [[1]]."
},
"remediation": "Please revise all the external storage access in order to identify eventual leaks of critical information.",
"vulnerability_id": "EXTERNAL_STORAGE",
"vulnerable_code": [
{
"api_class": "Landroid/os/Environment;",
"api_method": "getExternalStorageDirectory",
"api_type": "()Ljava/io/File;",
"class": "Lcom/android/insecurebankv2/DoTransfer$RequestDoTransferTask$1;",
"id": "Landroid/os/Environment;->getExternalStorageDirectory()Ljava/io/File;",
"method": "run",
"string": "Lcom/android/insecurebankv2/DoTransfer$RequestDoTransferTask$1;->run()V ---> Landroid/os/Environment;->getExternalStorageDirectory()Ljava/io/File;",
"type": "()V"
},
{
"api_class": "Landroid/os/Environment;",
"api_method": "getExternalStorageDirectory",
"api_type": "()Ljava/io/File;",
"class": "Lcom/android/insecurebankv2/ViewStatement;",
"id": "Landroid/os/Environment;->getExternalStorageDirectory()Ljava/io/File;",
"method": "onCreate",
"string": "Lcom/android/insecurebankv2/ViewStatement;->onCreate(Landroid/os/Bundle;)V ---> Landroid/os/Environment;->getExternalStorageDirectory()Ljava/io/File;",
"type": "(Landroid/os/Bundle;)V"
}
]
}, .........