代码静态检查与安全测试_20181216

安全测试

frida

pip install frida-tools
frida-trace -i "recv*" -i "read*" *Safari*
#android
#https://github.com/frida/frida/releases 下载对应模拟器版本的frida-server genymotion默认是x86
adb push frida-server-12.2.27-android-x86 /data/local/tmp/frida-server
adb shell "chmod +x /data/local/tmp/frida-server"
adb shell "/data/local/tmp/frida-server &"

XPosed

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.testerhome.hogwarts.xposed_demo">

    <application
        android:allowBackup="true"
        android:icon="@mipmap/ic_launcher"
        android:label="@string/app_name"
        android:roundIcon="@mipmap/ic_launcher_round"
        android:supportsRtl="true"
        android:theme="@style/AppTheme">
        <meta-data
            android:name="xposedmodule"
            android:value="true" />
        <meta-data
            android:name="xposeddescription"
            android:value="霍格沃兹测试学院线下第三期练习作品" />
        <meta-data
            android:name="xposedminversion"
            android:value="53" />
        <activity
            android:name=".MainActivity"
            android:label="@string/app_name">
            <intent-filter>
                <action android:name="android.intent.action.MAIN" />

                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
        </activity>
    </application>

</manifest>
package com.testerhome.hogwarts.xposed_demo;

import android.graphics.Color;
import android.widget.TextView;

import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.callbacks.XC_LoadPackage;

import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;

public class XposedDemo implements IXposedHookLoadPackage {
    public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) throws Throwable {
        if (!lpparam.packageName.equals("com.android.systemui"))
            return;

        findAndHookMethod("com.android.systemui.statusbar.policy.Clock",
                lpparam.classLoader, "updateClock", new XC_MethodHook() {
            @Override
            protected void afterHookedMethod(XC_MethodHook.MethodHookParam param) throws Throwable {
                TextView tv = (TextView) param.thisObject;
                String text = tv.getText().toString();
                tv.setText(text + " :) hello from hogwarts");
                tv.setTextColor(Color.RED);
            }
        });
    }
}

如果gradle的版本比较新,使用compileOnly代替provided

dependencies {
    implementation fileTree(dir: 'libs', include: ['*.jar'])
    implementation 'com.android.support:appcompat-v7:28.0.0-alpha1'
    implementation 'com.android.support:design:28.0.0-alpha1'
    implementation 'com.android.support.constraint:constraint-layout:1.1.0'
    implementation 'com.android.support:support-vector-drawable:28.0.0-alpha1'
    testImplementation 'junit:junit:4.12'
    androidTestImplementation 'com.android.support.test:runner:1.0.2'
    androidTestImplementation 'com.android.support.test.espresso:espresso-core:3.0.2'
    compileOnly 'de.robv.android.xposed:api:53'
    compileOnly 'de.robv.android.xposed:api:53:sources'
}

代码插桩三个阶段

  • 源代码层面硬埋点
  • 源代码结合插桩框架比如asm
  • dex文件指令插桩借助于apktool
  • 系统层面动态修改所有代码,借助于xposed

代码审计

入门基础

有xinxi同学带大家入门

  • 环境安装
  • android项目分析
  • java项目分析
  • ios项目分析

高级内容

思寒带大家练习

  • 测试用例
  • 覆盖率统计
  • 其他

安装

docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 registry.docker-cn.com/library/sonarqube

公共演练环境: http://sonar.testing-studio.com:9000/

Scanner官方示例

sonar-scanner -Dsonar.host.url=http://sonar.testing-studio.com:9000

通用数据

  • issues
  • 测试用例
  • 覆盖率

项目管理

api使用

  • 获取图标
  • 获取度量数据

作业1

  • 把覆盖率数据导入到项目中
  • 把通用的测试用例数据导入到项目中

作业2

分析开源项目的代码质量

  • 开源项目的bilibili
  • 开源的testerhome native客户端
  • 你自己产品的源代码

自己搭建sonarqube,并把分析截图到回复里

关闭