【安全性测试】编写APP四大组件之一activity扫描

　

# -*- coding: gbk -*-

import zipfile

def readActivity():
    #注意：命名规则：名词+动词+状态
    fileZip = zipfile.ZipFile("C:\\classes-dex2jar2.jar","r")
    
    fileRead = open("C:\\AndroidManifest.xml","r")
    linesRead = fileRead.readlines()
    i = 0
    activityPutList = []
    safeActivutyList = []
    
    #读取jar里面所有的Activity
    for filename in fileZip.namelist(): 
        if filename.endswith("Activity.class"):        
            #print filename.split("/")
            for activitynameclass in filename.split("/"):
                #print activityname
                if activitynameclass.endswith(".class"):
                    for activityname in activitynameclass.split(".class"):
                        #print activityname                   
                        if activityname != "":                        
                            #qactivity.put(activityname)
                            activityPutList.append(activityname)
    
    
    print "检测到一共有：",len(activityPutList),"个activity"
    print "继续检测是否有存在被攻击的activity......................."
    
    #读取安全没有问题的activity
    for activitylist in activityPutList:
        activitylistline = "uses-permission android:name"
        for line in linesRead:
            if activitylist in line:
                    if activitylistline in line:
                        safeActivutyList.append(activitylist)
                                      
    fileRead.close()
    
    #排列出有安全隐患的activity和说明原因
    dangerActivityList = []
    for danger in activityPutList:
        if danger not in safeActivutyList:
            dangerActivityList.append(danger)
     
    print "检测结束..................................."       
    if len(dangerActivityList):
        print "可能存在串谋攻击，建议添加<uses-permission android:name=""/>,避免引起一个SecurityException安全异常。以下是所有可能遭受攻击的activity："
        for danger in dangerActivityList:
            print danger
    else:
        print "该APP的组件activity很安全！"    

if __name__=="__main__":
    readActivity()