├── .cargo
    └── config
├── .github
    └── ISSUE_TEMPLATE
    │   ├── bug_report.md
    │   └── feature_request.md
├── .gitignore
├── .travis.yml
├── CHANGELOG.md
├── CODE_OF_CONDUCT.md
├── Cargo.lock
├── Cargo.toml
├── DCO.txt
├── LICENSE
├── PULL_REQUEST_TEMPLATE.md
├── README.md
├── build.rs
├── centos_build.sh
├── clippy.toml
├── config.toml
├── config.toml.sample
├── contributing.md
├── debian_build.sh
├── fedora_build.sh
├── rpmbuild
    └── super.spec
├── rules.json
├── src
    ├── banner.txt
    ├── cli.rs
    ├── config.rs
    ├── criticality.rs
    ├── decompilation.rs
    ├── error.rs
    ├── lib.rs
    ├── main.rs
    ├── results
    │   ├── handlebars_helpers.rs
    │   ├── mod.rs
    │   ├── report
    │   │   ├── handlebars.rs
    │   │   ├── json.rs
    │   │   └── mod.rs
    │   ├── sdk_number.rs
    │   └── utils.rs
    ├── static_analysis
    │   ├── certificate.rs
    │   ├── code.rs
    │   ├── manifest.rs
    │   └── mod.rs
    └── utils.rs
├── templates
    └── super
    │   ├── code.hbs
    │   ├── css
    │       ├── androidstudio.css
    │       └── style.css
    │   ├── img
    │       ├── folder.svg
    │       ├── java.svg
    │       ├── logo.svg
    │       ├── report.svg
    │       └── xml.svg
    │   ├── js
    │       ├── highlight.js.LICENSE
    │       ├── highlight.pack.js
    │       ├── jquery-3.3.1.slim.min.js
    │       ├── jquery.LICENSE
    │       └── src_nav.js
    │   ├── report.hbs
    │   ├── src.hbs
    │   └── vulnerability.hbs
├── travis-helper.sh
├── ubuntu_build.sh
└── vendor
    ├── dex2jar-2.1-SNAPSHOT
        ├── LICENSE.txt
        ├── NOTICE.txt
        ├── bin
        │   ├── dex-tools
        │   └── dex-tools.bat
        ├── d2j-apk-sign.bat
        ├── d2j-apk-sign.sh
        ├── d2j-asm-verify.bat
        ├── d2j-asm-verify.sh
        ├── d2j-baksmali.bat
        ├── d2j-baksmali.sh
        ├── d2j-class-version-switch.bat
        ├── d2j-class-version-switch.sh
        ├── d2j-decrypt-string.bat
        ├── d2j-decrypt-string.sh
        ├── d2j-dex-recompute-checksum.bat
        ├── d2j-dex-recompute-checksum.sh
        ├── d2j-dex-weaver.bat
        ├── d2j-dex-weaver.sh
        ├── d2j-dex2jar.bat
        ├── d2j-dex2jar.sh
        ├── d2j-dex2smali.bat
        ├── d2j-dex2smali.sh
        ├── d2j-jar-access.bat
        ├── d2j-jar-access.sh
        ├── d2j-jar-weaver.bat
        ├── d2j-jar-weaver.sh
        ├── d2j-jar2dex.bat
        ├── d2j-jar2dex.sh
        ├── d2j-jar2jasmin.bat
        ├── d2j-jar2jasmin.sh
        ├── d2j-jasmin2jar.bat
        ├── d2j-jasmin2jar.sh
        ├── d2j-smali.bat
        ├── d2j-smali.sh
        ├── d2j-std-apk.bat
        ├── d2j-std-apk.sh
        ├── d2j_invoke.bat
        ├── d2j_invoke.sh
        └── lib
        │   ├── ST4-4.0.8.jar
        │   ├── antlr-3.5.2.jar
        │   ├── antlr-runtime-3.5.2.jar
        │   ├── antlr4-4.5.jar
        │   ├── antlr4-runtime-4.5.jar
        │   ├── asm-debug-all-5.0.3.jar
        │   ├── d2j-base-cmd-2.1-SNAPSHOT.jar
        │   ├── d2j-jasmin-2.1-SNAPSHOT.jar
        │   ├── d2j-smali-2.1-SNAPSHOT.jar
        │   ├── dex-ir-2.1-SNAPSHOT.jar
        │   ├── dex-reader-2.1-SNAPSHOT.jar
        │   ├── dex-reader-api-2.1-SNAPSHOT.jar
        │   ├── dex-tools-2.1-SNAPSHOT.jar
        │   ├── dex-translator-2.1-SNAPSHOT.jar
        │   ├── dex-writer-2.1-SNAPSHOT.jar
        │   ├── dx-23.0.0.jar
        │   ├── open-source-license.txt
        │   └── org.abego.treelayout.core-1.0.1.jar
    ├── jd-cmd.LICENSE.txt
    └── jd-cmd.jar


/.cargo/config:
--------------------------------------------------------------------------------
1 | [target.x86_64-pc-windows-gnu]
2 | ar="x86_64-w64-mingw32-gcc"
3 | linker="x86_64-w64-mingw32-gcc"
4 | 
5 | [target.i686-pc-windows-gnu]
6 | ar="i686-w64-mingw32-gcc"
7 | linker="i686-w64-mingw32-gcc"
8 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Bug report
 3 | about: Create a report to help us improve
 4 | 
 5 | ---
 6 | 
 7 | **Bug description**
 8 | A clear and concise description of what the bug is.
 9 | 
10 | **To Reproduce**
11 | Steps to reproduce the behavior (example):
12 | 1. Download '...'
13 | 2. Run '...'
14 | 3. Check report at '...'
15 | 4. See error
16 | 
17 | **Expected behavior**
18 | A clear and concise description of what you expected to happen.
19 | 
20 | **Screenshots**
21 | If applicable, add screenshots to help explain your problem.
22 | 
23 | **Setup (please complete the following information):**
24 |  - OS: [e.g. Windows 10]
25 |  - SUPER Version: [e.g. 0.5.0]
26 |  - Browser (for reports): [e.g. firefox, opera]
27 | 
28 | **Additional context**
29 | Add any other context about the problem here.
30 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Feature request
 3 | about: Suggest an idea for this project
 4 | 
 5 | ---
 6 | 
 7 | **Is your feature request related to a problem? Please describe.**
 8 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
 9 | 
10 | **Describe the solution you'd like**
11 | A clear and concise description of what you want to happen.
12 | 
13 | **Describe alternatives you've considered**
14 | A clear and concise description of any alternative solutions or features you've considered.
15 | 
16 | **Additional context**
17 | Add any other context or screenshots about the feature request here.
18 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | downloads/*
 2 | dist/*
 3 | results/*
 4 | target/*
 5 | releases/*
 6 | rpmbuild/*
 7 | !rpmbuild/super.spec
 8 | *.bk
 9 | *.apk
10 | .DS_Store
11 | *.zip
12 | *.log
13 | .vscode
14 | CHECKSUM_FILE_BEFORE


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
  1 | language: rust
  2 | cache:
  3 |   cargo: true
  4 |   timeout: 500
  5 | dist: xenial
  6 | sudo: true
  7 | 
  8 | # Run builds in Linux, MacOS X and Windows
  9 | os:
 10 | - linux
 11 | - osx
 12 | - windows
 13 | 
 14 | # Run builds for all the supported trains
 15 | rust:
 16 | - 1.31.0
 17 | - stable
 18 | - beta
 19 | - nightly
 20 | 
 21 | stages:
 22 | - test
 23 | - deploy
 24 | 
 25 | # Extra jobs to include
 26 | jobs:
 27 |   include:
 28 |   # Test package generation for multiple distributions
 29 |   - name: "Debian packaging"
 30 |     os: linux
 31 |     rust: stable
 32 |     stage: test
 33 |     env: CACHE_NAME=DEBIAN
 34 |     services: docker
 35 |     script: ./travis-helper.sh dist_test debian
 36 |   - name: "Ubuntu packaging"
 37 |     os: linux
 38 |     rust: stable
 39 |     stage: test
 40 |     env: CACHE_NAME=UBUNTU
 41 |     services: docker
 42 |     script: ./travis-helper.sh dist_test ubuntu
 43 |   - name: "Fedora packaging"
 44 |     os: linux
 45 |     rust: stable
 46 |     stage: test
 47 |     env: CACHE_NAME=FEDORA
 48 |     services: docker
 49 |     script: ./travis-helper.sh dist_test fedora
 50 |   - name: "CentOS packaging"
 51 |     os: linux
 52 |     rust: stable
 53 |     stage: test
 54 |     env: CACHE_NAME=CENTOS
 55 |     services: docker
 56 |     script: ./travis-helper.sh dist_test centos
 57 |   # Test unstable features
 58 |   - name: "Unstable features"
 59 |     os: linux
 60 |     rust: nightly
 61 |     stage: test
 62 |     env: CACHE_NAME=UNSTABLE
 63 |     services: docker
 64 |     script: ./travis-helper.sh test_unstable
 65 |   # Upload documentation
 66 |   - name: "Documentation upload"
 67 |     os: linux
 68 |     rust: stable
 69 |     stage: deploy
 70 |     env: CACHE_NAME=DOCS
 71 |     script: ./travis-helper.sh documentation
 72 |     deploy: &pages
 73 |       provider: pages
 74 |       github-token: $GH_TOKEN
 75 |       local-dir: target/doc/
 76 |       skip_cleanup: true
 77 |       keep-history: true
 78 |       on:
 79 |         repo: SUPERAndroidAnalyzer/super
 80 |         branch: develop
 81 |   # Deploy the release
 82 |   - name: "Release deployment"
 83 |     os: linux
 84 |     rust: stable
 85 |     stage: deploy
 86 |     env: CACHE_NAME=DEPLOY
 87 |     script: ./travis-helper.sh deploy
 88 |     deploy: &releases
 89 |       provider: releases
 90 |       api_key: $GH_TOKEN
 91 |       file_glob: true
 92 |       file: releases/*
 93 |       skip_cleanup: true
 94 |       prerelease: true # TODO: remove on 1.0
 95 |       name: "SUPER $TRAVIS_TAG"
 96 |       on:
 97 |         repo: SUPERAndroidAnalyzer/super
 98 |         tags: true
 99 | 
100 | matrix:
101 |   allow_failures:
102 |   - os: windows
103 | 
104 | before_script:
105 | - export PATH=$PATH:~/.cargo/bin
106 |   # TODO: change tag when bumping version number. (Maintain in sync with Cargo.toml)
107 | - |
108 |   if [[ $TRAVIS_TAG ]]; then
109 |     export TAG=$TRAVIS_TAG;
110 |   else
111 |     export TAG="0.5.1";
112 |   fi
113 | 
114 | # Run the multiple tests.
115 | script:
116 | - ./travis-helper.sh fmt_check
117 | - ./travis-helper.sh clippy_check
118 | - ./travis-helper.sh test
119 | - ./travis-helper.sh test_ignored
120 | 
121 | # Upload code coverage report
122 | after_success:
123 | - ./travis-helper.sh upload_code_coverage
124 | 
125 | notifications:
126 |   email:
127 |     recipients:
128 |     - razican@protonmail.ch
129 |     - brunoop@protonmail.ch
130 |     - sergiodlo@protonmail.com
131 |     - jaimesr@protonmail.ch
132 |     on_success: change
133 |     on_failure: always
134 | 


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
  1 | # Changelog
  2 | 
  3 | ## SUPER 0.5.1
  4 | 
  5 | This release is the first SUPER release targeting Rust 2018 edition. It contains some internal
  6 | improvements that will make future development easier and more efficient. It also has some
  7 | internal enhancements. Additionally, we have fixed a bunch of spelling mistakes and upgraded some
  8 | dependencies.
  9 | 
 10 | ### Internal Changes
 11 | 
 12 | - SUPER now requires Rust 1.31.0 (Rust 2018 edition) to be built.
 13 | - Upgraded dependencies:
 14 |   - `lazy_static`: 1.1 => **1.2**
 15 |   - `md5`: 0.5 => **0.6**
 16 |   - `regex`: 1.0 => **1.1**
 17 |   - `abxml`: 0.6 => **0.7**
 18 |   - Some other minor upgrades.
 19 | 
 20 | - Multiple syntax changes to adapt the codebase to Rust 2018.
 21 | 
 22 | ## SUPER 0.5.0
 23 | 
 24 | This release contains multiple improvements that have been accumulated in the last year. We also
 25 | improved our repository by adding a Code of Conduct and templates for issues and pull requests.
 26 | Packages for Ubuntu, Debian, Fedora and CentOS are now generated automatically in each build, and
 27 | deployed in each release. Here you can find the rest of the changes for this version.
 28 | 
 29 | ### Features
 30 | 
 31 | - Added SDK version strings to Android versions. Reports will now show the Android version of the
 32 |   target and minimum SDKs.
 33 | - SUPER logo is now an SVG, so that it looks great in multiple resolutions.
 34 | - All icons in the source tree viewer are now SVGs too.
 35 | 
 36 | ### Internal Changes
 37 | 
 38 | - SUPER now requires Rust 1.30.0 to be built.
 39 | - Removed `error-chain` dependency in favor of `failure`.
 40 | - Upgraded dependencies:
 41 |   - `clap`: 2.25 => **2.32**
 42 |   - `xml-rs`: 0.4 => **0.8**
 43 |   - `serde`: 0.9 => **1.0**
 44 |   - `chrono`: 0.3 => **0.4**
 45 |   - `toml`: 0.3 => **0.4**
 46 |   - `regex`: 0.2 => **1.0**
 47 |   - `lazy_static`: 0.2 => **1.1**
 48 |   - `bytecount`: 0.1 => **0.4**
 49 |   - `log`: 0.3 => **0.4**
 50 |   - `env_logger`: 0.4 => **0.5**
 51 |   - `sha1`: 0.2 => **0.6**
 52 |   - `sha2`: 0.5 => **0.8**
 53 |   - `abxml`: 0.2 => **0.6**
 54 |   - `handlebars`: 0.25 => **1.1**
 55 |   - Some other minor upgrades.
 56 | - New dependencies:
 57 |   - `failure`: 0.1
 58 |   - `semver`: 0.9
 59 |   - `hex`: 0.3
 60 |   - `num_cpus`: 1.8
 61 | - Multiple documentation improvements.
 62 | - Code quality improved by using new syntax.
 63 | - Fixed multiple performance bottlenecks.
 64 | - Switched to library/binary architechture.
 65 | 
 66 | ### Bug Fixes
 67 | 
 68 | - Fixed decompilation of badly formatted APK files.
 69 | - Fixed strange characters in Windows Console.
 70 | 
 71 | ## SUPER 0.4.1
 72 | 
 73 | ### Internal Changes
 74 | 
 75 | - Upgraded `abxml` to **0.2.0**.
 76 | 
 77 | ### Bug Fixes
 78 | 
 79 | - SUPER now properly creates `dist` and `results` directories if they do not exist.
 80 | 
 81 | ## SUPER 0.4.0
 82 | 
 83 | ### Features
 84 | 
 85 | - Removed ApkTool dependency, analysis are now about 20% - 50% faster.
 86 | - Removed all ApkTool related configuration and CLI directives.
 87 | - The `--force` flag is now less aggressive. It won't remove a JSON report if only the HTML report
 88 |   is being generated, and the othey way around: it won't remove the HTML report if only the JSON
 89 |   report is being generated.
 90 | 
 91 | ### Internal Changes
 92 | 
 93 | - SUPER now requires Rust 1.16.0 to be built.
 94 | - Errors moved to their own module.
 95 | - Upgraded dependencies:
 96 |   - `clap`: 2.20 => **2.23**
 97 |   - `xml-rs`: 0.3 => **0.4**
 98 |   - And some other minor upgrades.
 99 | - Dependency in `yaml-rust` has been removed.
100 | - Dependency in `error-chain` 0.10 has been added.
101 | - Dependency in `rust-crypto` has been removed and dependencies in `md5`, `sha1` and `sha2` have
102 |   been added.
103 | - Dependency in `abxml` has been added to remove the ApkTool dependency.
104 | - Added more documentation for some modules.
105 | 
106 | ### Bug Fixes
107 | 
108 | - Fixed error when adding `--open` flag on JSON-only reports.
109 | 
110 | ## SUPER 0.3.1
111 | 
112 | ### Bug Fixes
113 | 
114 | - SUPER will now have `super-analyzer` as package name. This avoids conflicts with Debian
115 |   repositories.
116 | 
117 | ## SUPER 0.3.0
118 | 
119 | ### Features
120 | 
121 | - You can now specify the minimum criticality of a vulnerability for being reported. Using the
122 |   `--min-criticality` CLI option, you can specify if the minimum reported criticality should be
123 |   *warning*, *low*, *medium*, *high* or *critical*.
124 | - Optional JSON and HTML reports: By default, SUPER will generate an HTML report, but no JSON
125 |   report. This behaviour can be changed either by changing two configuration options in the
126 |   *config.toml* file (`html_report` and `json_report`) or by invoking the script with `--json` or
127 |   `--html` parameters. By default, if `--json` is used, the HTML report won't get generated, but if
128 |   you want both, you can specify so by using both options: `--json --html`.
129 | - Tab completions: If you now install SUPER using one of the provided packages for UNIX, you will
130 |   get tab completions. So, anytime you don't exactly know the command, you can simply press TAB and
131 |   you will get suggestions or even command completions. This works for Bash, Fish and ZSH.
132 | 
133 | ### Internal Changes
134 | 
135 | - SUPER now requires Rust 1.15.1.
136 | - Converted all `try!()` statements to use the new `?` Rust operator.
137 | - Reduced cyclomatic complexity of Config::load_from_file() (#78): This makes configuration loading
138 |   faster and easily maintainable.
139 | - Improved logging using the `log` crate.
140 | - Upgraded dependencies:
141 |   - `clap`: 2.18 => **2.20**
142 |   - `colored`: 1.3 => **1.4**
143 |   - `serde`: 0.8 => **0.9**
144 |   - `handlebars`: 0.22 => **0.25**
145 |   - `chrono`: 0.2 => **0.3**
146 |   - `regex`: 0.1 => **0.2**
147 |   And some other minor upgrades. Both the `regex` and the `serde` dependencies have been the major
148 |   upgrades and should improve our future releases.
149 | 
150 | ### Changes in Rules
151 | 
152 | - Changed some regexes to match the new `regex` crate classes.
153 | - The files to be searched with a given rule can now be filtered by two new fields:
154 |   - `include_file_regex`: A regex that all tested files will match.
155 |   - `exclude_file_regex`: A regex that will whitelist files matched by the previous regex.
156 |   This enables much better file searching: If you need to search for `R` class variables, no need
157 |   to search other files than `R.java`.
158 | 
159 | ### Bug Fixes
160 | 
161 | - SUPER no longer prints to `stderr` on tests.
162 | - Finally fixed all output coloring errors.
163 | 
164 | ### Contributions
165 | 
166 | Apart from the core team, the following people has contributed to this release:
167 | - **[@gnieto](https://github.com/gnieto)**
168 | 
169 | ## SUPER 0.2.0
170 | 
171 | ### Features
172 | 
173 | - SUPER now uses templates for report generation. This is one of the biggest changes of the
174 |   release, and enables users to create their own report templates.
175 | - Installation package for Mac OS.
176 | - Line highlighting is now shown in the vulnerable line of the code in found vulnerabilities,
177 |   colored depending on the criticality of the vulnerability.
178 | - Reports now show the version of SUPER used to generate them.
179 | - SUPER now supports analysis of applications placed anywhere instead of having to place them
180 |   in a folder.
181 | - Added the `--open` option to automatically open reports.
182 | - Added the `--test-all` option to the CLI, that will test all *.apk* files in the *downloads*
183 |   folder.
184 | - Added options to the CLI to modify the properties in the config file. We now have
185 |   `--downloads`, `--threads`, `--dist`, `--results`, `--apktool`, `--dex2jar`, `--jd-cmd`,
186 |   `--rules` or `--template` options in the CLI.
187 | 
188 | ### Changes in Rules
189 | 
190 | - SUPER now detects `exported` attributes in `<provider>`, `<receiver>`, `<activity>`,
191 |   `<activity-alias>` and `<service>` tags in the *AndroidManifest.xml*, and reports potential
192 |   vulnerabilities. This still needs work since we still don't have all the required information to
193 |   show real vulnerabilities.
194 | 
195 | ### Bug Fixes
196 | 
197 | - Changed paths for better multiplatform support.
198 | - Regular Expressions:
199 |   - URL Disclosure no longer detects content providers (`content://...`).
200 | - Solved some coloring errors when combining styling and color in the same print.
201 | 
202 | ### Contributions
203 | 
204 | Apart from the core team, the following people has contributed to this release:
205 | - **[@pocket7878](https://github.com/pocket7878)**
206 | - **[@VoltBit](https://github.com/VoltBit)**
207 | - **[@b52](https://github.com/b52)**
208 | - **[@nxnfufunezn](https://github.com/nxnfufunezn)**
209 | - **[@atk](https://github.com/atk)**
210 | 
211 | 
212 | ## SUPER 0.1.0
213 | 
214 | ### Features
215 | 
216 | - Release of 64-bit packages for Linux (Debian 8.6, Ubuntu 16.04, CentOS 7, Fedora 24) and Windows
217 |   (8.1+).
218 | - *AndroidManifest.xml* analysis (Dangerous permission checks).
219 | - Certificate analysis (Certificate validity checks).
220 | - Code analysis (37 rules for checking the source code):
221 |   - SQLi
222 |   - XSS
223 |   - URL Disclosure
224 |   - Weak algorithms
225 |   - Insecure WebViews
226 |   - Generic exceptions
227 |   - Root detection
228 |   - ...
229 | - HTML and JSON report generation.
230 | - Classification of vulnerabilities (Critical, High, Medium, Low, Info).
231 | - Application related info.
232 | - File fingerprinting.
233 | 


--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Contributor Covenant Code of Conduct
 2 | 
 3 | ## Our Pledge
 4 | 
 5 | In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
 6 | 
 7 | ## Our Standards
 8 | 
 9 | Examples of behavior that contributes to creating a positive environment include:
10 | 
11 | * Using welcoming and inclusive language
12 | * Being respectful of differing viewpoints and experiences
13 | * Gracefully accepting constructive criticism
14 | * Focusing on what is best for the community
15 | * Showing empathy towards other community members
16 | 
17 | Examples of unacceptable behavior by participants include:
18 | 
19 | * The use of sexualized language or imagery and unwelcome sexual attention or advances
20 | * Trolling, insulting/derogatory comments, and personal or political attacks
21 | * Public or private harassment
22 | * Publishing others' private information, such as a physical or electronic address, without explicit permission
23 | * Other conduct which could reasonably be considered inappropriate in a professional setting
24 | 
25 | ## Our Responsibilities
26 | 
27 | Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
28 | 
29 | Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
30 | 
31 | ## Scope
32 | 
33 | This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
34 | 
35 | ## Enforcement
36 | 
37 | Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at contact@superanalyzer.rocks. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
38 | 
39 | Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
40 | 
41 | ## Attribution
42 | 
43 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
44 | 
45 | [homepage]: http://contributor-covenant.org
46 | [version]: http://contributor-covenant.org/version/1/4/
47 | 


--------------------------------------------------------------------------------
/Cargo.toml:
--------------------------------------------------------------------------------
  1 | [package]
  2 | name = "super-analyzer"
  3 | version = "0.5.1"
  4 | authors = [
  5 |     "Iban Eguia <razican@protonmail.ch>",
  6 |     "Jaime Salas <jaimesr@protonmail.ch>",
  7 |     "Bruno Pin <brunoop@protonmail.ch>",
  8 |     "Sergio de los Dolores <sergiodlo@protonmail.com>"]
  9 | edition = "2018"
 10 | license = "GPL-3.0"
 11 | readme = "README.md"
 12 | repository = "https://github.com/SUPERAndroidAnalyzer/super"
 13 | homepage = "https://superanalyzer.rocks"
 14 | description = """\
 15 | Secure, Unified, Powerful and Extensible Rust Android Analyzer. Core software\
 16 | with CLI.\
 17 | """
 18 | keywords = ["Android", "security", "audit", "super", "analyzer"]
 19 | categories = ["command-line-utilities", "development-tools"]
 20 | 
 21 | [package.metadata.deb]
 22 | maintainer = "SUPER Team <contact@superanalyzer.rocks>"
 23 | copyright = "2016 - 2018, SUPER Team <contact@superanalyzer.rocks>"
 24 | license-file = ["LICENSE", "0"]
 25 | extended-description = """\
 26 | Secure, Unified, Powerful and Extensible Rust Android Analyzer. Core software\
 27 | with CLI."""
 28 | depends = "libc6, libgcc1, default-jre-headless, bash"
 29 | section = "devel"
 30 | priority = "optional"
 31 | assets = [
 32 |     # Executable
 33 |     ["target/release/super-analyzer", "usr/bin/", "755"],
 34 | 
 35 |     # Completion scripts
 36 |     #["target/release/super.bash", "usr/share/bash-completion/completions/", "755"],
 37 |     #["target/release/super.fish", "usr/share/fish/vendor_completions.d/", "755"],
 38 |     #["target/release/_super", "usr/share/zsh/vendor-completions/", "755"],
 39 | 
 40 |     # JD-CMD
 41 |     ["vendor/jd-cmd.jar", "usr/share/super-analyzer/vendor/", "755"],
 42 |     ["vendor/jd-cmd.LICENSE.txt", "usr/share/super-analyzer/vendor/", "644"],
 43 | 
 44 |     # Dex2Jar
 45 |     ["vendor/dex2jar-2.1-SNAPSHOT/LICENSE.txt", "usr/share/super-analyzer/vendor/dex2jar-2.1-SNAPSHOT/", "644"],
 46 |     ["vendor/dex2jar-2.1-SNAPSHOT/*.sh", "usr/share/super-analyzer/vendor/dex2jar-2.1-SNAPSHOT/", "755"],
 47 |     ["vendor/dex2jar-2.1-SNAPSHOT/lib/*", "usr/share/super-analyzer/vendor/dex2jar-2.1-SNAPSHOT/lib/", "755"],
 48 |     ["vendor/dex2jar-2.1-SNAPSHOT/bin/dex-tools", "usr/share/super-analyzer/vendor/dex2jar-2.1-SNAPSHOT/bin/", "755"],
 49 | 
 50 |     # Web assets
 51 |     ["templates/super/css/*", "usr/share/super-analyzer/templates/super/css/", "644"],
 52 |     ["templates/super/img/*", "usr/share/super-analyzer/templates/super/img/", "644"],
 53 |     ["templates/super/js/*", "usr/share/super-analyzer/templates/super/js/", "644"],
 54 | 
 55 |     # Templates
 56 |     ["templates/super/*", "usr/share/super-analyzer/templates/super/", "644"],
 57 | 
 58 |     # Configuration
 59 |     ["rules.json", "etc/super-analyzer/", "644"],
 60 |     ["config.toml", "etc/super-analyzer/", "644"],
 61 |     ["config.toml.sample", "etc/super-analyzer/", "644"],
 62 | 
 63 |     # README
 64 |     ["README.md", "usr/share/doc/super-analyzer/README.md", "644"],
 65 | ]
 66 | 
 67 | [badges]
 68 | travis-ci = { repository = "SUPERAndroidAnalyzer/super", branch = "master" }
 69 | codecov = { repository = "SUPERAndroidAnalyzer/super", branch = "master", service = "github" }
 70 | is-it-maintained-issue-resolution = { repository = "SUPERAndroidAnalyzer/super" }
 71 | is-it-maintained-open-issues = { repository = "SUPERAndroidAnalyzer/super" }
 72 | maintenance = { status = "experimental" }
 73 | 
 74 | [[bin]]
 75 | name = "super-analyzer"
 76 | path = "src/main.rs"
 77 | 
 78 | [lib]
 79 | name = "super_analyzer_core"
 80 | path = "src/lib.rs"
 81 | 
 82 | [dependencies]
 83 | failure = "0.1.3"
 84 | failure_derive = "0.1.3"
 85 | clap = "2.32.0"
 86 | xml-rs = "0.8.0"
 87 | serde = "1.0.81"
 88 | serde_derive = "1.0.81"
 89 | serde_json = "1.0.33"
 90 | chrono = { version = "0.4.6", features = ["serde"] }
 91 | toml = "0.4.10"
 92 | regex = "1.1.0"
 93 | lazy_static = "1.2.0"
 94 | open = "1.2.2"
 95 | bytecount = "0.4.0"
 96 | log = "0.4.6"
 97 | env_logger = "0.6.0"
 98 | md5 = "0.6.0"
 99 | sha1 = "0.6.0"
100 | sha2 = "0.8.0"
101 | abxml = "0.7.1"
102 | handlebars = "1.1.0"
103 | semver = "0.9.0"
104 | hex = "0.3.2"
105 | num_cpus = "1.8.0"
106 | colored = "1.6.1"
107 | 
108 | [build-dependencies]
109 | clap = "2.32.0"
110 | 
111 | [dev-dependencies]
112 | reqwest = "0.9.5"
113 | 
114 | [features]
115 | default = []
116 | unstable = ["certificate"]
117 | no-color = ["colored/no-color"]
118 | certificate = []
119 | 
120 | # The release profile, used for `cargo build`.
121 | [profile.dev]
122 | incremental = true
123 | opt-level = 0
124 | debug = true
125 | rpath = false
126 | lto = false
127 | debug-assertions = true
128 | overflow-checks = true
129 | panic = 'unwind'
130 | 
131 | # The release profile, used for `cargo build --release`.
132 | [profile.release]
133 | incremental = false
134 | opt-level = 3
135 | debug = false
136 | rpath = false
137 | codegen-units = 1
138 | lto = true
139 | debug-assertions = false
140 | overflow-checks = false
141 | panic = 'unwind'
142 | 


--------------------------------------------------------------------------------
/DCO.txt:
--------------------------------------------------------------------------------
 1 | Developer's Certificate of Origin 1.1
 2 | 
 3 | By making a contribution to this project, I certify that:
 4 | 
 5 | (a) The contribution was created in whole or in part by me and I
 6 |     have the right to submit it under the open source license
 7 |     indicated in the file; or
 8 | 
 9 | (b) The contribution is based upon previous work that, to the best
10 |     of my knowledge, is covered under an appropriate open source
11 |     license and I have the right under that license to submit that
12 |     work with modifications, whether created in whole or in part
13 |     by me, under the same open source license (unless I am
14 |     permitted to submit under a different license), as indicated
15 |     in the file; or
16 | 
17 | (c) The contribution was provided directly to me by some other
18 |     person who certified (a), (b) or (c) and I have not modified
19 |     it.
20 | 
21 | (d) I understand and agree that this project and the contribution
22 |     are public and that a record of the contribution (including all
23 |     personal information I submit with it, including my sign-off) is
24 |     maintained indefinitely and may be redistributed consistent with
25 |     this project or the open source license(s) involved.
26 | 


--------------------------------------------------------------------------------
/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | **Description**
 2 | A clear and concise description of what the pull request is about.
 3 | If it's a new feature, explain what it does, if it's a fix, explain what it fixes.
 4 | 
 5 | **Related issues**
 6 | Mention any issue that this pull request might fix or could be related to. You can use the `#123` notation.
 7 | 
 8 | **Ping contributors**
 9 | Mention any relevant contributor to the project using the `@` notation, such as `@Razican`.
10 | If you don't know who to mention, `@SUPERAndroidAnalyzer/all` is a safe bet.
11 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # SUPER Android Analyzer #
  2 | 
  3 | [![Build Status][linux_mac_build_img]][linux_mac_build]
  4 | [![codecov][coverage_img]][coverage]
  5 | 
  6 | <img src="templates/super/img/logo.svg" alt="SUPER Android Analyzer logo" title="SUPER Android Analyzer" width="150">
  7 | 
  8 | *Secure, Unified, Powerful and Extensible Rust Android Analyzer*
  9 | 
 10 | SUPER is a command-line application that can be used in Windows, MacOS X and Linux, that analyzes
 11 | *.apk* files in search for vulnerabilities. It does this by decompressing APKs and applying a series
 12 | of rules to detect those vulnerabilities.
 13 | 
 14 | But, why create a new analyzer? Is it not enough with MobSF, Qark, Androbugs…? Well, we think it's
 15 | not enough. All of them have two main issues we wanted to fix: They are written in Java or Python
 16 | and they are not easily extensible. They are not meant to be used by businesses directly working in
 17 | Android analysis, and don't put that kind of functionality first.
 18 | 
 19 | Our approach solves those issues in different ways: We first decided to use **Rust** as our
 20 | programming language. The language developed openly by Mozilla Foundation gives us lots of
 21 | utilities to work with regular expressions, files etc. and, most importantly, it enables us to
 22 | create a secure software that does not depend in *JVM* or *JIT* compilers. With Rust, stack
 23 | overflows, segmentation faults etc. are directly not possible, which makes sense in a security
 24 | centered application. And it also gives us enough power to do efficient analysis, giving us the
 25 | option to automate it in high volume. This is given by Rust zero-cost abstractions, that gives us
 26 | an efficiency only comparable to C/C++.
 27 | 
 28 | And secondly, we decided to make the software 100% extensible: All rules are centered in a
 29 | `rules.json` file, and each company or tester could create its own rules to analyze what they need.
 30 | It's also modular, so that new developments can easily add new functionality. Finally, a templating
 31 | system for results reports gives users the ability to personalize the report.
 32 | 
 33 | It also gives great code review tools, directly in the HTML report, so that anyone can search
 34 | through the generated code with syntax highlighting for even better vulnerability analysis.
 35 | 
 36 | ## Installation ##
 37 | 
 38 | We have released some binaries in the [download page][downloads] for Windows (8.1+), Linux, and
 39 | MacOS X. We only have 64-bit packages for now. If you need to use SUPER in a 32-bit system, you
 40 | will need to [compile SUPER from source][compile]. For that, you will need to install **Rust** with
 41 | [rustup.rs][rustup].
 42 | 
 43 | *Note: It requires Java 1.7+ to run.*
 44 | 
 45 | ## Usage ##
 46 | 
 47 | SUPER is very easy to use. Just download the desired *.apk* into the *downloads* folder (create
 48 | that folder if necessary) and use the name as an argument when running the program. After the
 49 | execution, a detailed report will appear in the *results* folder with that application name. There
 50 | are a few usage options available:
 51 | 
 52 | ```
 53 | USAGE:
 54 |     super [FLAGS] [OPTIONS] <package>
 55 | 
 56 | FLAGS:
 57 |         --bench       Show benchmarks for the analysis
 58 |         --force       If you'd like to force the auditor to do everything from the beginning
 59 |     -h, --help        Prints help information
 60 |         --html        Generates the reults in HTML format
 61 |         --json        Generates the reults in JSON format
 62 |         --open        Open the report in a browser once it is complete
 63 |     -q, --quiet       If you'd like a zen auditor that won't output anything in stdout
 64 |     -a, --test-all    Test all .apk files in the downloads directory
 65 |     -V, --version     Prints version information
 66 |     -v, --verbose     If you'd like the auditor to talk more than necessary
 67 | 
 68 | OPTIONS:
 69 |         --dex2jar <dex2jar>                    Where to store the jar files
 70 |         --dist <dist>                          Folder where distribution files will be extracted
 71 |         --downloads <downloads>                Folder where the downloads are stored
 72 |         --jd-cmd <jd-cmd>                      Path to the jd-cmd file
 73 |         --min-criticality <min_criticality>    Set a minimum criticality to analyze (Critical, High, Medium, Low)
 74 |         --results <results>                    Folder where to store the results
 75 |         --rules <rules>                        Path to a JSON rules file
 76 |         --template <template>                  Path to a results template file
 77 |     -t, --threads <threads>                    Number of threads to use, by default it will use one thread per logical CPU core
 78 | 
 79 | ARGS:
 80 |     <package>    The package string of the application to test
 81 | ```
 82 | 
 83 | ## Contributing ##
 84 | 
 85 | Everybody is welcome to contribute to SUPER. Please check out the
 86 | [SUPER Contribution Guidelines][contributing] for instructions about how to proceed.
 87 | 
 88 | [Development documentation][documentation]
 89 | 
 90 | ## License ##
 91 | 
 92 | This program is free software: you can redistribute it and/or modify it under the terms of the GNU
 93 | General Public License as published by the Free Software Foundation, either version 3 of the
 94 | License, or (at your option) any later version.
 95 | 
 96 | [linux_mac_build_img]: https://travis-ci.org/SUPERAndroidAnalyzer/super.svg?branch=master
 97 | [linux_mac_build]: https://travis-ci.org/SUPERAndroidAnalyzer/super
 98 | [coverage_img]: https://codecov.io/gh/SUPERAndroidAnalyzer/super/branch/master/graph/badge.svg
 99 | [coverage]: https://codecov.io/gh/SUPERAndroidAnalyzer/super
100 | [compile]: https://superanalyzer.rocks/download.html#compile-from-source
101 | [downloads]: https://superanalyzer.rocks/download.html
102 | [rustup]: https://www.rustup.rs/
103 | [contributing]: https://github.com/SUPERAndroidAnalyzer/super/blob/master/contributing.md
104 | [documentation]: https://superandroidanalyzer.github.io/super/
105 | 


--------------------------------------------------------------------------------
/build.rs:
--------------------------------------------------------------------------------
 1 | extern crate clap;
 2 | 
 3 | use clap::Shell;
 4 | use std::env;
 5 | use std::path::PathBuf;
 6 | 
 7 | #[path = "src/cli.rs"]
 8 | mod cli;
 9 | 
10 | fn main() {
11 |     let mut cli = cli::generate();
12 |     let mut out_dir = PathBuf::from(env::var("OUT_DIR").expect("OUT_DIR variable was not set"));
13 | 
14 |     // This will output the completions in the target/release or target/debug directories.
15 |     out_dir.pop();
16 |     out_dir.pop();
17 |     out_dir.pop();
18 | 
19 |     cli.gen_completions("super", Shell::Bash, &out_dir);
20 |     cli.gen_completions("super", Shell::Fish, &out_dir);
21 |     cli.gen_completions("super", Shell::Zsh, out_dir);
22 | }
23 | 


--------------------------------------------------------------------------------
/centos_build.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Create the package
 4 | cd /root &&
 5 | mkdir -vp super-analyzer-$TAG &&
 6 | cp -r super/* super-analyzer-$TAG/ &&
 7 | rm -fr super-analyzer-$TAG/target super-analyzer-$TAG/rpmbuild super-analyzer-$TAG/.git super-analyzer-$TAG/dist super-analyzer-$TAG/downloads super-analyzer-$TAG/results &&
 8 | tar -czvf /root/rpmbuild/SOURCES/$TAG.tar.gz super-analyzer-$TAG &&
 9 | 
10 | # Build the RPM
11 | cp /root/super/rpmbuild/super.spec /root/rpmbuild/SPECS/ &&
12 | rpmbuild -v -bb /root/rpmbuild/SPECS/super.spec &&
13 | mv /root/rpmbuild/RPMS/x86_64/super-analyzer-$TAG-1.el7.x86_64.rpm /root/super/releases/
14 | 


--------------------------------------------------------------------------------
/clippy.toml:
--------------------------------------------------------------------------------
1 | cyclomatic-complexity-threshold = 25
2 | single-char-binding-names-threshold = 4
3 | too-many-arguments-threshold = 7
4 | type-complexity-threshold = 150
5 | 


--------------------------------------------------------------------------------
/config.toml:
--------------------------------------------------------------------------------
  1 | ### CONFIGURATION VARIABLES ###
  2 | # Uncomment and set variables if you wish to change the default ones
  3 | 
  4 | # Number of threads used
  5 | # threads = 2 # Number of threads for the application
  6 | 
  7 | # Folder to look for applications
  8 | # downloads_folder = "downloads" # Folder for APK files
  9 | 
 10 | # Folder where the source code will be extracted
 11 | # dist_folder = "dist"
 12 | 
 13 | # Folder where results will be generated
 14 | # results_folder = "results"
 15 | 
 16 | # Dex2Jar folder
 17 | # dex2jar_folder = "/usr/share/super-analyzer/vendor/dex2jar-2.1-SNAPSHOT"
 18 | 
 19 | # JD-cmd JAR file
 20 | # jd_cmd_file = "/usr/share/super-analyzer/vendor/jd-cmd.jar"
 21 | 
 22 | # Templates folder
 23 | # templates_folder = "/usr/share/super-analyzer/templates"
 24 | 
 25 | # Results template used
 26 | # template = "super"
 27 | 
 28 | # Vulnerability rules JSON
 29 | # rules_json = "/etc/super-analyzer/rules.json"
 30 | 
 31 | # Generates HTML report
 32 | # html_report = true
 33 | 
 34 | # Generates JSON report
 35 | # json_report = false
 36 | 
 37 | ### PERMISSIONS ###
 38 | # Add or remove permissions if you wish to change them. The format is the following:
 39 | #[[permissions]]
 40 | #name = "unknown" # Unknown permissions
 41 | #criticality = "low"
 42 | #description = "Even if the application can create its own permissions, it's discouraged, since it can lead to missunderstanding between developers."
 43 | 
 44 | #[[permissions]]
 45 | #name = "android.permission.INTERNET" # Internet access permission
 46 | #criticality = "warning"
 47 | #label = "Internet permission"
 48 | #description = "Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet. Check if the permission is actually needed."
 49 | 
 50 | # Vulnerable or potentially vulnerable permissions
 51 | [[permissions]]
 52 | name = "android.permission.INTERNET"
 53 | criticality = "warning"
 54 | label = "Internet permission"
 55 | description = "Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet. Check if the permission is actually needed."
 56 | 
 57 | [[permissions]]
 58 | name = "android.permission.READ_CALENDAR"
 59 | criticality = "warning"
 60 | label = "Read calendar permission"
 61 | description = "Allows the app to read all calendar events stored on your phone, including those of friends or co-workers. This may allow the app to share or save your calendar data, regardless of confidentiality or sensitivity. Check if the permission is actually needed."
 62 | 
 63 | [[permissions]]
 64 | name = "android.permission.WRITE_CALENDAR"
 65 | criticality = "warning"
 66 | label = "Write calendar permission"
 67 | description = "Allows the app to add, remove, change events that you can modify on your phone, including those of friends or co-workers. This may allow the app to send messages that appear to come from calendar owners, or modify events without the owners' knowledge. Check if the permission is actually needed."
 68 | 
 69 | [[permissions]]
 70 | name = "android.permission.CAMERA"
 71 | criticality = "warning"
 72 | label = "Camera permission"
 73 | description = "Allows the app to take pictures and videos with the camera. This permission allows the app to use the camera at any time without your confirmation. Check if the permission is actually needed."
 74 | 
 75 | [[permissions]]
 76 | name = "android.permission.READ_CONTACTS"
 77 | criticality = "warning"
 78 | label = "Read contacts permission"
 79 | description = "Allows the app to read data about your contacts stored on your phone, including the frequency with which you've called, emailed, or communicated in other ways with specific individuals. This permission allows apps to save your contact data, and malicious apps may share contact data without your knowledge. Check if the permission is actually needed."
 80 | 
 81 | [[permissions]]
 82 | name = "android.permission.WRITE_CONTACTS"
 83 | criticality = "warning"
 84 | label = "Write contacts permission"
 85 | description = "Allows the app to modify the data about your contacts stored on your phone, including the frequency with which you've called, emailed, or communicated in other ways with specific contacts. This permission allows apps to delete contact data. Check if the permission is actually needed."
 86 | 
 87 | [[permissions]]
 88 | name = "android.permission.GET_ACCOUNTS"
 89 | criticality = "warning"
 90 | label = "Get accounts permission"
 91 | description = "Allows the app to get the list of accounts known by the phone. This may include any accounts created by applications you have installed. Check if the permission is actually needed."
 92 | 
 93 | [[permissions]]
 94 | name = "android.permission.ACCESS_FINE_LOCATION"
 95 | criticality = "warning"
 96 | label = "Access fine location permission"
 97 | description = "Allows the app to get your precise location using the Global Positioning System (GPS) or network location sources such as cell towers and Wi-Fi. These location services must be turned on and available to your device for the app to use them. Apps may use this to determine where you are, and may consume additional battery power. Check if the permission is actually needed."
 98 | 
 99 | [[permissions]]
100 | name = "android.permission.ACCESS_COARSE_LOCATION"
101 | criticality = "warning"
102 | label = "Access coarse location permission"
103 | description = "Allows the app to get your approximate location. This location is derived by location services using network location sources such as cell towers and Wi-Fi. These location services must be turned on and available to your device for the app to use them. Apps may use this to determine approximately where you are. Check if the permission is actually needed."
104 | 
105 | [[permissions]]
106 | name = "android.permission.RECORD_AUDIO"
107 | criticality = "warning"
108 | label = "Record audio permission"
109 | description = "Allows the app to record audio with the microphone. This permission allows the app to record audio at any time without your confirmation. Check if the permission is actually needed."
110 | 
111 | [[permissions]]
112 | name = "android.permission.READ_PHONE_STATE"
113 | criticality = "warning"
114 | label = "Read phone state permission"
115 | description = "Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call. Check if the permission is actually needed."
116 | 
117 | [[permissions]]
118 | name = "android.permission.CALL_PHONE"
119 | criticality = "warning"
120 | label = "Call phone permission"
121 | description = "Allows the app to call phone numbers without your intervention. This may result in unexpected charges or calls. Note that this doesn't allow the app to call emergency numbers. Malicious apps may cost you money by making calls without your confirmation. Check if the permission is actually needed."
122 | 
123 | [[permissions]]
124 | name = "android.permission.READ_CALL_LOG"
125 | criticality = "warning"
126 | label = "Read call log permission"
127 | description = "Allows the app to read your phone's call log, including data about incoming and outgoing calls. This permission allows apps to save your call log data, and malicious apps may share call log data without your knowledge. Check if the permission is actually needed."
128 | 
129 | [[permissions]]
130 | name = "android.permission.WRITE_CALL_LOG"
131 | criticality = "warning"
132 | label = "Write call log permission"
133 | description = "Allows the app to modify your phone's call log, including data about incoming and outgoing calls. Malicious apps may use this to erase or modify your call log. Check if the permission is actually needed."
134 | 
135 | [[permissions]]
136 | name = "com.android.voicemail.permission.ADD_VOICEMAIL"
137 | criticality = "warning"
138 | label = "Add voicemail permission"
139 | description = "Allows the app to add messages to your voicemail inbox. Check if the permission is actually needed."
140 | 
141 | [[permissions]]
142 | name = "android.permission.USE_SIP"
143 | criticality = "warning"
144 | label = "Use SIP permission"
145 | description = "Allows the app to use the SIP service to make/receive Internet calls. Check if the permission is actually needed."
146 | 
147 | [[permissions]]
148 | name = "android.permission.PROCESS_OUTGOING_CALLS"
149 | criticality = "warning"
150 | label = "Process outgoing calls permission"
151 | description = "Allows the app to process outgoing calls and change the number to be dialed. This permission allows the app to monitor, redirect, or prevent outgoing calls. Check if the permission is actually needed."
152 | 
153 | [[permissions]]
154 | name = "android.permission.BODY_SENSORS"
155 | criticality = "warning"
156 | label = "Body sensors permission"
157 | description = "Allows an application to access data from sensors that the user uses to measure what is happening inside his/her body, such as heart rate. Check if the permission is actually needed."
158 | 
159 | [[permissions]]
160 | name = "android.permission.SEND_SMS"
161 | criticality = "warning"
162 | label = "Send SMS permission"
163 | description = "Allows the app to send SMS messages. This may result in unexpected charges. Malicious apps may cost you money by sending messages without your confirmation. Check if the permission is actually needed."
164 | 
165 | [[permissions]]
166 | name = "android.permission.RECEIVE_SMS"
167 | criticality = "warning"
168 | label = "Receive SMS permission"
169 | description = "Allows the app to receive and process SMS messages. This means the app could monitor or delete messages sent to your device without showing them to you. Check if the permission is actually needed."
170 | 
171 | [[permissions]]
172 | name = "android.permission.RECEIVE_WAP_PUSH"
173 | criticality = "warning"
174 | label = "Receive WAP push permission"
175 | description = "Allows the app to receive and process WAP messages. This permission includes the ability to monitor or delete messages sent to you without showing them to you. Check if the permission is actually needed."
176 | 
177 | [[permissions]]
178 | name = "android.permission.RECEIVE_MMS"
179 | criticality = "warning"
180 | label = "Receive MMS permission"
181 | description = "Allows an application to monitor incoming MMS messages. Check if the permission is actually needed."
182 | 
183 | [[permissions]]
184 | name = "android.permission.READ_EXTERNAL_STORAGE"
185 | criticality = "warning"
186 | label = "Read external storage permission"
187 | description = "Allows the app to read the contents of your SD card. Check if the permission is actually needed."
188 | 
189 | [[permissions]]
190 | name = "android.permission.WRITE_EXTERNAL_STORAGE"
191 | criticality = "warning"
192 | label = "Write external storage permission"
193 | description = "Allows the app to write to the SD card. Check if the permission is actually needed."
194 | 
195 | [[permissions]]
196 | name = "android.permission.WRITE_SECURE_SETTINGS"
197 | criticality = "warning"
198 | label = "Write secure settings"
199 | description = "Allows the app to change system configuration of the device. Check if the permission is actually needed."
200 | 


--------------------------------------------------------------------------------
/config.toml.sample:
--------------------------------------------------------------------------------
 1 | threads = 2 # Number of threads for the application
 2 | downloads_folder = "downloads" # Folder for APK files
 3 | dist_folder = "dist" # Folder where the source code will be extracted
 4 | results_folder = "results" # Folder where results will be generated
 5 | dex2jar_folder = "/usr/share/super-analyzer/vendor/dex2jar-2.1-SNAPSHOT" # Dex2Jar folder
 6 | jd_cmd_file = "/usr/share/super-analyzer/vendor/jd-cmd.jar" # JD-cmd JAR file
 7 | templates_folder = "/usr/share/super-analyzer/templates"
 8 | template = "super" # Results template
 9 | rules_json = "/etc/super-analyzer/rules.json" # Vulnerability rules JSON
10 | 
11 | # Vulnerable or potentially vulnerable permissions
12 | [unknown_permissions]
13 | criticality = "low"
14 | description = "Even if the application can create its own permissions, it's discouraged, since it can lead to missunderstanding between developers."
15 | 
16 | # Vulnerable or potentially vulnerable permissions
17 | [[permissions]]
18 | name = "android.permission.INTERNET" # Internet access permission
19 | criticality = "warning"
20 | label = "Internet permission"
21 | description = "Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet. Check if the permission is actually needed."
22 | 


--------------------------------------------------------------------------------
/contributing.md:
--------------------------------------------------------------------------------
  1 | # Contributing to SUPER #
  2 | 
  3 | SUPER is an open source project and accepts contributions from the community. These contributions
  4 | are made in the form of Issues or
  5 | [Pull Requests](https://help.github.com/articles/about-pull-requests/) on the
  6 | [SUPER repositories](https://github.com/SUPERAndroidAnalyzer) on GitHub.
  7 | 
  8 | Issues are a quick way to point out a bug. If you find a bug or documentation error in SUPER then
  9 | please check a few things first:
 10 | 
 11 | 1. It is not already an open issue.
 12 | 2. The issue has already been fixed (check the develop branch, or look for closed issues).
 13 | 3. Can you solve the issue yourself?
 14 | 
 15 | Reporting issues is helpful but an even better approach is to send a pull request, which is done by
 16 | *forking* the main repository and committing to your own copy. This will require you to use the
 17 | version control system called Git.
 18 | 
 19 | The bug tracker of the SUPER repository is located at
 20 | [GitHub](https://github.com/SUPERAndroidAnalyzer/super/issues). Please post your issues there.
 21 | 
 22 | ## Guidelines ##
 23 | 
 24 | Before we look into how, here are the guidelines. If your pull Requests fail to pass these
 25 | guidelines it will be declined and you will need to re-submit when you've made the changes. This
 26 | might sound a bit tough, but it is required for us to maintain quality of the code-base.
 27 | 
 28 | ### Code style ###
 29 | 
 30 | All Rust code must meet the [Rust official style guidelines](https://doc.rust-lang.org/style/).
 31 | This makes certain that all code is the same format as the existing code and means it will be as
 32 | readable as possible.
 33 | 
 34 | ### Compatibility ###
 35 | 
 36 | SUPER must be compatible with the latest Rust stable release, and it must use all the benefits of
 37 | that release as far as possible. It must also be compatible with the latest Rust beta and nightly
 38 | builds. It will also use all the possible lints, and warnings will not be permitted from version
 39 | 1.0.0 onwards.
 40 | 
 41 | ### Branching ###
 42 | 
 43 | SUPER uses the [Git-Flow](http://nvie.com/posts/a-successful-git-branching-model/) branching model
 44 | which requires all pull requests to be sent to the *develop* branch. This is where the next planned
 45 | version will be developed. The *master* branch will always contain the latest stable version and is
 46 | kept clean so a *hotfix* (e.g: an emergency security patch) can be applied to master to create a
 47 | new version, without worrying about other features holding it up. For this reason all commits need
 48 | to be made to *develop* and any sent to *master* will be closed automatically. If you have multiple
 49 | changes to submit, please place all changes into their own branch on your fork, since this will
 50 | allow your master branch to be up to date with upstream.
 51 | 
 52 | One thing at a time: A pull request should only contain one change. That does not mean only one
 53 | commit, but one change - however many commits it took. The reason for this is that if you change X
 54 | and Y but send a pull request for both at the same time, we might really want X but disagree with
 55 | Y, meaning we cannot merge the request. Using the Git-Flow branching model you can create new
 56 | branches for both of these features and send two requests.
 57 | 
 58 | ### Signing ###
 59 | 
 60 | You must sign your work, certifying that you either wrote the work or otherwise have the right to
 61 | pass it on to an open source project. Git makes this trivial as you merely have to use `--signoff`
 62 | on your commits to your SUPER fork.
 63 | 
 64 | `git commit --signoff`
 65 | 
 66 | or simply
 67 | 
 68 | `git commit -s`
 69 | 
 70 | This will sign your commits with the information setup in your git config, e.g.
 71 | 
 72 | `Signed-off-by: Iban Eguia <razican@protonmail.ch>`
 73 | 
 74 | By signing your work in this manner, you certify to a "Developer's Certificate of Origin". The
 75 | current version of this certificate is in the `DCO.txt` file in the root of this repository. More
 76 | information on how to sign your commits can be found
 77 | [here](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work). The GPG key can be set with the
 78 | `user.signingkey` Git configuration option.
 79 | 
 80 | ## How-to Guide ##
 81 | 
 82 | There are two ways to make changes, the easy way and the hard way. Either way you will need to
 83 | [join GitHub](https://github.com/join).
 84 | 
 85 | Easy way GitHub allows in-line editing of files for making simple typo changes and quick-fixes.
 86 | This is not the best way as you are unable to test if the code works. If you do this you could be
 87 | introducing syntax errors, etc, but for a Git-phobic user this is good for a quick-fix.
 88 | 
 89 | Hard way the best way to contribute is to *clone* your fork of SUPER to your development area. That
 90 | sounds like some jargon, but *forking* on GitHub means "making a copy of that repo to your account"
 91 | and *cloning* means "copying that code to your environment so you can work on it".
 92 | 
 93 | 1. Set up Git ([Windows](https://help.github.com/articles/set-up-git/#platform-windows),
 94 | [Mac](https://help.github.com/articles/set-up-git/#platform-mac) &
 95 | [Linux](https://help.github.com/articles/set-up-git/#platform-linux)).
 96 | 2. Go to the SUPER repo you want to contribute to.
 97 | 3. Fork it.
 98 | 4. Clone your SUPER repo.
 99 | 5. Checkout the *develop* branch.
100 | 6. Create a **new** branch for your changes. At this point you are ready to start making changes.
101 | 6. Fix existing bugs on the issue tracker after taking a look to see nobody else is working on them.
102 | 7. Commit the files.
103 | 8. Push your branch to your fork.
104 | 9. [Send a pull request](https://help.github.com/articles/about-pull-requests/).
105 | 
106 | The core developers will now be alerted about the change and at least one of the team will respond.
107 | If your change fails to meet the guidelines it will be bounced, or feedback will be provided to
108 | help you improve it.
109 | 
110 | Once the core developer handling your pull request is happy with it they will merge it into
111 | *develop* and your patch will be part of the next release.
112 | 
113 | ### Keeping your fork up-to-date ###
114 | 
115 | Unlike systems like Subversion, Git can have multiple remotes. A remote is the name for a URL of a
116 | Git repository. By default your fork will have a remote named *origin* which points to your fork,
117 | but you can add another remote named *upstream* which points to the SUPER repository. This is a
118 | read-only remote but you can pull from this develop branch to update your own.
119 | 
120 | If you are using command-line you can do the following:
121 | 
122 | 1. `git remote add upstream {SUPER repo}`
123 | 2. `git pull upstream develop`
124 | 3. `git push origin develop`
125 | 
126 | Now your fork is up to date. This should be done regularly, or before you send a pull request at
127 | least.
128 | 


--------------------------------------------------------------------------------
/debian_build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | source ~/.cargo/env &&
4 | cd /root/super &&
5 | 
6 | # Generate the .deb file
7 | cargo deb -v &&
8 | mv target/debian/super-analyzer_`echo $TAG`_amd64.deb releases/super-analyzer_`echo $TAG`_debian_amd64.deb
9 | 


--------------------------------------------------------------------------------
/fedora_build.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Create the package
 4 | cd /root &&
 5 | mkdir -v super-analyzer-$TAG &&
 6 | cp -r super/* super-analyzer-$TAG/ &&
 7 | rm -fr super-analyzer-$TAG/target super-analyzer-$TAG/rpmbuild super-analyzer-$TAG/.git super-analyzer-$TAG/dist super-analyzer-$TAG/downloads super-analyzer-$TAG/results &&
 8 | tar -czvf super/rpmbuild/$TAG.tar.gz super-analyzer-$TAG &&
 9 | 
10 | # Define Fedora version constants
11 | source /etc/os-release &&
12 | 
13 | # Build the RPM
14 | cd /root/super/rpmbuild &&
15 | fedpkg -v --release f$VERSION_ID local &&
16 | mv x86_64/super-analyzer-$TAG-1.fc$VERSION_ID.x86_64.rpm ../releases/
17 | 


--------------------------------------------------------------------------------
/rpmbuild/super.spec:
--------------------------------------------------------------------------------
 1 | Name:    super-analyzer
 2 | Version: 0.5.1
 3 | Release: 1%{?dist}
 4 | Summary: Secure, Unified, Powerful and Extensible Rust Android Analyzer.
 5 | URL:     https://superanalyzer.rocks/
 6 | License: GPLv3+
 7 | 
 8 | Source0: https://github.com/SUPERAndroidAnalyzer/super/archive/%{version}.tar.gz
 9 | Requires: java-1.8.0-openjdk-headless, bash
10 | 
11 | %description
12 | Secure, Unified, Powerful and Extensible Rust Android Analyzer.
13 | 
14 | %global debug_package %{nil}
15 | 
16 | %prep
17 | %autosetup
18 | /usr/bin/curl https://sh.rustup.rs -sSf | sh -s -- -y
19 | ~/.cargo/bin/rustup update
20 | 
21 | %build
22 | ~/.cargo/bin/cargo build --release
23 | 
24 | %install
25 | mkdir -p %{buildroot}%{_bindir}
26 | mkdir -p %{buildroot}%{_datadir}/bash-completion/completions
27 | mkdir -p %{buildroot}%{_datadir}/fish/vendor_completions.d
28 | mkdir -p %{buildroot}%{_datadir}/zsh/site-functions
29 | mkdir -p %{buildroot}%{_datadir}/%{name}/templates/super/css
30 | mkdir -p %{buildroot}%{_datadir}/%{name}/templates/super/img
31 | mkdir -p %{buildroot}%{_datadir}/%{name}/templates/super/js
32 | mkdir -p %{buildroot}%{_datadir}/%{name}/vendor/dex2jar-2.1-SNAPSHOT/lib
33 | mkdir -p %{buildroot}%{_datadir}/%{name}/vendor/dex2jar-2.1-SNAPSHOT/bin
34 | mkdir -p %{buildroot}%{_sysconfdir}/%{name}/
35 | mkdir -p %{buildroot}%{_defaultdocdir}/%{name}/
36 | install -p -d -m 755 %{buildroot}%{_datadir}/%{name}
37 | install -p -m 755 target/release/%{name} %{buildroot}%{_bindir}/
38 | install -p -m 755 target/release/super.bash %{buildroot}%{_datadir}/bash-completion/completions/
39 | install -p -m 755 target/release/super.fish %{buildroot}%{_datadir}/fish/vendor_completions.d/
40 | install -p -m 755 target/release/_super %{buildroot}%{_datadir}/zsh/site-functions/
41 | install -p -m 755 -D vendor/dex2jar-2.1-SNAPSHOT/lib/* %{buildroot}%{_datadir}/%{name}/vendor/dex2jar-2.1-SNAPSHOT/lib/
42 | install -p -m 755 -D vendor/dex2jar-2.1-SNAPSHOT/bin/dex-tools %{buildroot}%{_datadir}/%{name}/vendor/dex2jar-2.1-SNAPSHOT/bin/
43 | install -p -m 755 -D vendor/dex2jar-2.1-SNAPSHOT/*.sh %{buildroot}%{_datadir}/%{name}/vendor/dex2jar-2.1-SNAPSHOT/
44 | install -p -m 644 -D vendor/dex2jar-2.1-SNAPSHOT/LICENSE.txt %{buildroot}%{_datadir}/%{name}/vendor/dex2jar-2.1-SNAPSHOT/
45 | install -p -m 644 -D templates/super/css/* %{buildroot}%{_datadir}/%{name}/templates/super/css/
46 | install -p -m 644 -D templates/super/img/* %{buildroot}%{_datadir}/%{name}/templates/super/img/
47 | install -p -m 644 -D templates/super/js/* %{buildroot}%{_datadir}/%{name}/templates/super/js/
48 | install -p -m 644 -D templates/super/*.hbs %{buildroot}%{_datadir}/%{name}/templates/super/
49 | install -p -m 755 -D vendor/jd-cmd.jar %{buildroot}%{_datadir}/%{name}/vendor/
50 | install -p -m 644 -D vendor/jd-cmd.LICENSE.txt %{buildroot}%{_datadir}/%{name}/vendor/
51 | install -p -m 644 rules.json %{buildroot}%{_sysconfdir}/%{name}/
52 | install -p -m 644 config.toml %{buildroot}%{_sysconfdir}/%{name}/
53 | install -p -m 644 config.toml.sample %{buildroot}%{_sysconfdir}/%{name}/
54 | install -p -m 644 README.md %{buildroot}%{_defaultdocdir}/%{name}/
55 | 
56 | %files
57 | %doc README.md
58 | %license LICENSE
59 | %{_bindir}/*
60 | %{_datadir}/*
61 | %config(noreplace) %{_sysconfdir}/*
62 | 
63 | %changelog
64 | 


--------------------------------------------------------------------------------
/src/banner.txt:
--------------------------------------------------------------------------------
 1 |                           //                         */
 2 |                            //        */////*        //
 3 |                             /////////////////////////
 4 |                           /////////////////////////////
 5 |                        ,/////////////////////////////////.
 6 |                      */////@####%(///////////@######@//////,
 7 |                     /////(###%/ @##%(##########%, &###%//////
 8 |                    ///(&@###/     ############*     @##%@/////
 9 |                   ##########   (# ###########%      ##########@
10 |                  %###%######   @@@###########%@&,   ###########@
11 |                 //(@%#####%&&//////////////////( @###########&%//
12 |                 /%###%(///////////////////////////////////#%####(
13 |                 //%///////////////////////////////////////////@@/
14 |       ////                                                             ////
15 |     /////////   /////////////////////////////////////////////////   /////////
16 |    //////////,  /////////////////.....,,,,,,..*//////////////////  ,//////////
17 |   .///////////  /////////////.../@@@@@@@@@@@@@@/,.///////////////  ///////////
18 |   .///////////  /////////&@..,////////////////////,,/@@%/////////  ///////////
19 |   .///////////  ///////@@. ,////////////////////////../@@@///////  ///////////
20 |   .///////////  /////@@&  /@/// /////// / /// /(//// /,*/@@@/////  ///////////
21 |   .///////////  ////@@/ , ///// /////// /////./&//// /#.///@@(///  ///////////
22 |   .///////////  /////@% ,/ (/// /////// /////./&//// / . &@@/////  ///////////
23 |   ./////////// @//////..@//(&%/ (/@/&(/ // //.//(%&/ /&(.@///////  ///////////
24 |   .///////////@@//////.*////////////////////////////////.*///////  ///////////
25 |   .///////////@#//////..////////////////////////////////.////////  ///////////
26 |   .///////////##///////.///////////////////////////////  ////////  ///////////
27 |   .///////////##((/*//*,.@@///////////////////////////  /////////  ///////////
28 |   .//////(((%&&&&#(,,///,.&@@///////////////////////@  //////////  ///////////
29 |   .((#%&&&%#///#%////////*..@@@///////////////////@/  ///////////   //////////
30 |  &&&%(//(#//####///////////,..@@@(//////////////@   /////////////@   ////////
31 |   (%   @@#######//////////////,..*@@//////////....///////////////@@
32 |       @@#######%/////////////////*,,..........///////////////////@@%
33 |      @@#######%%/////////////////////////////////////////////////#@@,
34 |     @@%#####%%%%%///////////////////////////////////////////////###@@
35 |    @@@####%%%%%%%%%(/////////////////////////////////////////(######@@
36 |   @@@####%%%%%%%%%%%%@%%%#///////////####%%%///////////#%%###########@@
37 |   @@###%%%%%%%%%%%%%@#%%##///////////###%%%%///////////%%%%###########@@.
38 |  @@&#%%%%%%%%%%%%%%%%%%%##///////////###%%%@///////////%%%%%###########@@#
39 |  @@&@@@@@@@&%%%%%%%%%%%###///////////##%%%@%///////////%%%%%%############@@
40 | 


--------------------------------------------------------------------------------
/src/cli.rs:
--------------------------------------------------------------------------------
  1 | //! Command line interface module.
  2 | //!
  3 | //! This module contains the `generate()` function, that generates the complete command line
  4 | //! for the SUPER launcher. It's also used to generate command line completion scripts in the
  5 | //! `build.rs` file.
  6 | 
  7 | use clap::{crate_version, App, Arg};
  8 | 
  9 | /// Generates the command line interface.
 10 | pub fn generate() -> App<'static, 'static> {
 11 |     App::new("SUPER Android Analyzer")
 12 |         .version(crate_version!())
 13 |         .author("SUPER Team <contact@superanalyzer.rocks>")
 14 |         .about("Audits Android apps (.apk files) for vulnerabilities")
 15 |         .arg(
 16 |             Arg::with_name("package")
 17 |                 .help("The package string of the application to test")
 18 |                 .value_name("package")
 19 |                 .required_unless("test-all")
 20 |                 .conflicts_with("test-all")
 21 |                 .takes_value(true),
 22 |         )
 23 |         .arg(
 24 |             Arg::with_name("test-all")
 25 |                 .short("a")
 26 |                 .long("test-all")
 27 |                 .conflicts_with("package")
 28 |                 .conflicts_with("open")
 29 |                 .help("Test all .apk files in the downloads directory"),
 30 |         )
 31 |         .arg(
 32 |             Arg::with_name("verbose")
 33 |                 .short("v")
 34 |                 .long("verbose")
 35 |                 .conflicts_with("quiet")
 36 |                 .help("If you'd like the auditor to talk more than necessary"),
 37 |         )
 38 |         .arg(
 39 |             Arg::with_name("force")
 40 |                 .long("force")
 41 |                 .help("If you'd like to force the auditor to do everything from the beginning"),
 42 |         )
 43 |         .arg(
 44 |             Arg::with_name("bench")
 45 |                 .long("bench")
 46 |                 .help("Show benchmarks for the analysis"),
 47 |         )
 48 |         .arg(
 49 |             Arg::with_name("quiet")
 50 |                 .short("q")
 51 |                 .long("quiet")
 52 |                 .conflicts_with("verbose")
 53 |                 .help("If you'd like a zen auditor that won't output anything in stdout"),
 54 |         )
 55 |         .arg(
 56 |             Arg::with_name("open")
 57 |                 .long("open")
 58 |                 .conflicts_with("test-all")
 59 |                 .help("Open the report in a browser once it is complete"),
 60 |         )
 61 |         .arg(
 62 |             Arg::with_name("json")
 63 |                 .long("json")
 64 |                 .help("Generates the results in JSON format"),
 65 |         )
 66 |         .arg(
 67 |             Arg::with_name("html")
 68 |                 .long("html")
 69 |                 .help("Generates the results in HTML format"),
 70 |         )
 71 |         .arg(
 72 |             Arg::with_name("min_criticality")
 73 |                 .long("min-criticality")
 74 |                 .help("Set a minimum criticality to analyze (Critical, High, Medium, Low)")
 75 |                 .takes_value(true),
 76 |         )
 77 |         .arg(
 78 |             Arg::with_name("threads")
 79 |                 .short("t")
 80 |                 .long("threads")
 81 |                 .help(
 82 |                     "Number of threads to use, by default it will use one thread per logical CPU \
 83 |                      core",
 84 |                 )
 85 |                 .takes_value(true),
 86 |         )
 87 |         .arg(
 88 |             Arg::with_name("downloads")
 89 |                 .long("downloads")
 90 |                 .help("Folder where the downloads are stored")
 91 |                 .takes_value(true),
 92 |         )
 93 |         .arg(
 94 |             Arg::with_name("dist")
 95 |                 .long("dist")
 96 |                 .help("Folder where distribution files will be extracted")
 97 |                 .takes_value(true),
 98 |         )
 99 |         .arg(
100 |             Arg::with_name("results")
101 |                 .long("results")
102 |                 .help("Folder where to store the results")
103 |                 .takes_value(true),
104 |         )
105 |         .arg(
106 |             Arg::with_name("dex2jar")
107 |                 .long("dex2jar")
108 |                 .help("Where to store the jar files")
109 |                 .takes_value(true),
110 |         )
111 |         .arg(
112 |             Arg::with_name("jd-cmd")
113 |                 .long("jd-cmd")
114 |                 .help("Path to the jd-cmd file")
115 |                 .takes_value(true),
116 |         )
117 |         .arg(
118 |             Arg::with_name("template")
119 |                 .long("template")
120 |                 .help("Path to a results template file")
121 |                 .takes_value(true),
122 |         )
123 |         .arg(
124 |             Arg::with_name("rules")
125 |                 .long("rules")
126 |                 .help("Path to a JSON rules file")
127 |                 .takes_value(true),
128 |         )
129 | }
130 | 


--------------------------------------------------------------------------------
/src/criticality.rs:
--------------------------------------------------------------------------------
 1 | //! Criticality module.
 2 | 
 3 | use std::{
 4 |     fmt::{self, Display},
 5 |     str::FromStr,
 6 | };
 7 | 
 8 | use serde::{de, Deserialize, Deserializer, Serialize, Serializer};
 9 | 
10 | use crate::error;
11 | 
12 | /// Vulnerability criticality
13 | #[derive(Debug, PartialEq, Eq, PartialOrd, Ord, Copy, Clone)]
14 | pub enum Criticality {
15 |     /// Warning.
16 |     Warning,
17 |     /// Low criticality vulnerability.
18 |     Low,
19 |     /// Medium criticality vulnerability.
20 |     Medium,
21 |     /// High criticality vulnerability.
22 |     High,
23 |     /// Critical vulnerability.
24 |     Critical,
25 | }
26 | 
27 | impl Display for Criticality {
28 |     #[allow(clippy::use_debug)]
29 |     fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
30 |         write!(f, "{}", format!("{:?}", self).to_lowercase())
31 |     }
32 | }
33 | 
34 | impl Serialize for Criticality {
35 |     fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
36 |     where
37 |         S: Serializer,
38 |     {
39 |         serializer.serialize_str(format!("{}", self).as_str())
40 |     }
41 | }
42 | 
43 | impl<'de> Deserialize<'de> for Criticality {
44 |     fn deserialize<D>(de: D) -> Result<Self, D::Error>
45 |     where
46 |         D: Deserializer<'de>,
47 |     {
48 |         let criticality_str: String = Deserialize::deserialize(de)?;
49 | 
50 |         match Self::from_str(criticality_str.as_str()) {
51 |             Ok(criticality) => Ok(criticality),
52 |             Err(_) => Err(de::Error::custom(format!(
53 |                 "unknown criticality: `{}`",
54 |                 criticality_str
55 |             ))),
56 |         }
57 |     }
58 | }
59 | 
60 | impl FromStr for Criticality {
61 |     type Err = error::Kind;
62 |     fn from_str(s: &str) -> Result<Self, Self::Err> {
63 |         match s.to_lowercase().as_str() {
64 |             "critical" => Ok(Criticality::Critical),
65 |             "high" => Ok(Criticality::High),
66 |             "medium" => Ok(Criticality::Medium),
67 |             "low" => Ok(Criticality::Low),
68 |             "warning" => Ok(Criticality::Warning),
69 |             _ => Err(error::Kind::Parse),
70 |         }
71 |     }
72 | }
73 | 


--------------------------------------------------------------------------------
/src/decompilation.rs:
--------------------------------------------------------------------------------
  1 | //! Decompilation module.
  2 | //!
  3 | //! Handles the extraction, decompression and  decompilation of `_.apks_`
  4 | 
  5 | use std::{fs, path::Path, process::Command};
  6 | 
  7 | use abxml::apk::Apk;
  8 | use colored::Colorize;
  9 | use failure::{bail, format_err, Error, ResultExt};
 10 | 
 11 | use crate::{get_package_name, print_warning, Config};
 12 | 
 13 | /// Decompresses the application using `_Apktool_`.
 14 | pub fn decompress<P: AsRef<Path>>(config: &mut Config, package: P) -> Result<(), Error> {
 15 |     let path = config
 16 |         .dist_folder()
 17 |         .join(package.as_ref().file_stem().unwrap());
 18 |     if !path.exists() || config.is_force() {
 19 |         if path.exists() {
 20 |             if config.is_verbose() {
 21 |                 println!("The application decompression folder exists. But no more…");
 22 |             }
 23 | 
 24 |             if let Err(e) = fs::remove_dir_all(&path) {
 25 |                 print_warning(format!(
 26 |                     "there was an error when removing the decompression folder: {}",
 27 |                     e
 28 |                 ));
 29 |             }
 30 |         }
 31 |         config.set_force();
 32 | 
 33 |         if config.is_verbose() {
 34 |             println!();
 35 |             println!("Decompressing the application…");
 36 |         }
 37 | 
 38 |         let mut apk = Apk::from_path(package.as_ref()).context("error loading apk file")?;
 39 |         apk.export(&path, true).context(format_err!(
 40 |             "could not decompress the apk file. Tried to decompile at: {}",
 41 |             path.display()
 42 |         ))?;
 43 | 
 44 |         if config.is_verbose() {
 45 |             println!(
 46 |                 "{}",
 47 |                 format!(
 48 |                     "The application has been decompressed in {}.",
 49 |                     path.display()
 50 |                 )
 51 |                 .green()
 52 |             );
 53 |         } else if !config.is_quiet() {
 54 |             println!("Application decompressed.");
 55 |         }
 56 |     } else if config.is_verbose() {
 57 |         println!(
 58 |             "Seems that the application has already been decompressed. There is no need to do it \
 59 |              again."
 60 |         );
 61 |     } else {
 62 |         println!("Skipping decompression.");
 63 |     }
 64 | 
 65 |     Ok(())
 66 | }
 67 | 
 68 | /// Converts `_.dex_` files to `_.jar_` using `_Dex2jar_`.
 69 | pub fn dex_to_jar<P: AsRef<Path>>(config: &mut Config, package: P) -> Result<(), Error> {
 70 |     let package_name = get_package_name(package.as_ref());
 71 |     let classes = config.dist_folder().join(&package_name).join("classes.jar");
 72 |     if config.is_force() || !classes.exists() {
 73 |         config.set_force();
 74 | 
 75 |         // Command to convert .dex to .jar. using dex2jar.
 76 |         // "-o path" to specify an output file
 77 |         let output = Command::new(config.dex2jar_folder().join(
 78 |             if cfg!(target_family = "windows") {
 79 |                 "d2j-dex2jar.bat"
 80 |             } else {
 81 |                 "d2j-dex2jar.sh"
 82 |             },
 83 |         ))
 84 |         .arg(config.dist_folder().join(&package_name).join("classes.dex"))
 85 |         .arg("-f")
 86 |         .arg("-o")
 87 |         .arg(&classes)
 88 |         .output()
 89 |         .context(format_err!(
 90 |             "there was an error when executing the {} to {} conversion command",
 91 |             ".dex".italic(),
 92 |             ".jar".italic()
 93 |         ))?;
 94 | 
 95 |         let stderr = String::from_utf8_lossy(&output.stderr);
 96 |         // Here a small hack: seems that dex2jar outputs in stderr even if everything went well,
 97 |         // and the status is always success. So the only difference is if we detect the actual
 98 |         // exception that was produced. But in some cases it does not return an exception, so we
 99 |         // have to check if errors such as "use certain option" occur.
100 |         let mut call_ok = output.status.success() || !stderr.contains("use");
101 |         if stderr.find('\n') != Some(stderr.len() - 1) {
102 |             if stderr.starts_with("Picked up _JAVA_OPTIONS:") {
103 |                 call_ok = stderr.lines().count() == 2;
104 |             } else {
105 |                 call_ok = false;
106 |             }
107 |         }
108 |         if !call_ok {
109 |             bail!(
110 |                 "the {} to {} conversion command returned an error. More info: {}",
111 |                 ".dex".italic(),
112 |                 ".jar".italic(),
113 |                 stderr
114 |             );
115 |         }
116 | 
117 |         if config.is_verbose() {
118 |             println!(
119 |                 "{}",
120 |                 format!(
121 |                     "The application {} {} {}",
122 |                     ".jar".italic(),
123 |                     "file has been generated in".green(),
124 |                     format!("{}", classes.display()).green()
125 |                 )
126 |                 .green()
127 |             );
128 |         } else if !config.is_quiet() {
129 |             println!("Jar file generated.");
130 |         }
131 |     } else if config.is_verbose() {
132 |         println!(
133 |             "Seems that there is already a {} file for the application. There is no need to \
134 |              create it again.",
135 |             ".jar".italic()
136 |         );
137 |     } else {
138 |         println!("Skipping {} file generation.", ".jar".italic());
139 |     }
140 | 
141 |     Ok(())
142 | }
143 | 
144 | /// Decompiles the application using `_jd\_cmd_`.
145 | pub fn decompile<P: AsRef<Path>>(config: &mut Config, package: P) -> Result<(), Error> {
146 |     let package_name = get_package_name(package.as_ref());
147 |     let out_path = config.dist_folder().join(&package_name).join("classes");
148 |     if config.is_force() || !out_path.exists() {
149 |         config.set_force();
150 | 
151 |         // Command to decompile the application using `jd_cmd`.
152 |         // "-od path" to specify an output directory
153 |         let output = Command::new("java")
154 |             .arg("-jar")
155 |             .arg(config.jd_cmd_file())
156 |             .arg(config.dist_folder().join(&package_name).join("classes.jar"))
157 |             .arg("-od")
158 |             .arg(&out_path)
159 |             .output()
160 |             .context("there was an unknown error decompiling the application")?;
161 | 
162 |         if !output.status.success() {
163 |             bail!(
164 |                 "the decompilation command returned an error. More info:\n{}",
165 |                 String::from_utf8_lossy(&output.stdout)
166 |             );
167 |         }
168 | 
169 |         if config.is_verbose() {
170 |             println!(
171 |                 "{}",
172 |                 "The application has been successfully decompiled!".green()
173 |             );
174 |         } else if !config.is_quiet() {
175 |             println!("Application decompiled.");
176 |         }
177 |     } else if config.is_verbose() {
178 |         println!(
179 |             "Seems that there is already a source folder for the application. There is no need to \
180 |              decompile it again."
181 |         );
182 |     } else {
183 |         println!("Skipping decompilation.");
184 |     }
185 | 
186 |     Ok(())
187 | }
188 | 


--------------------------------------------------------------------------------
/src/error.rs:
--------------------------------------------------------------------------------
 1 | //! Module containing the definition of error types.
 2 | 
 3 | /// Enumeration of the different error kinds.
 4 | #[derive(Debug, Fail)]
 5 | pub enum Kind {
 6 |     /// Configuration error.
 7 |     #[fail(display = "there was an error in the configuration: {}", message)]
 8 |     Config {
 9 |         /// Error message.
10 |         message: String,
11 |     },
12 |     /// Parsing error.
13 |     #[fail(display = "there was an error in the parsing process")]
14 |     Parse,
15 |     /// Template name error.
16 |     #[fail(display = "invalid template name: {}", message)]
17 |     TemplateName {
18 |         /// Error message.
19 |         message: String,
20 |     },
21 |     /// Code not found.
22 |     #[fail(display = "no code was found in the file")]
23 |     CodeNotFound,
24 | }
25 | 


--------------------------------------------------------------------------------
/src/main.rs:
--------------------------------------------------------------------------------
  1 | //! SUPER Android Analyzer launcher.
  2 | //!
  3 | //! This code controls the CLI of the application and launches the analysis of the application
  4 | //! using the core library.
  5 | 
  6 | #![forbid(anonymous_parameters)]
  7 | #![warn(clippy::pedantic)]
  8 | #![deny(
  9 |     clippy::all,
 10 |     variant_size_differences,
 11 |     unused_results,
 12 |     unused_qualifications,
 13 |     unused_import_braces,
 14 |     unsafe_code,
 15 |     trivial_numeric_casts,
 16 |     trivial_casts,
 17 |     missing_debug_implementations,
 18 |     missing_docs,
 19 |     missing_copy_implementations
 20 | )]
 21 | 
 22 | #[macro_use]
 23 | extern crate log;
 24 | 
 25 | use std::{
 26 |     collections::BTreeMap,
 27 |     io::{self, Write},
 28 |     thread::sleep,
 29 |     time::{Duration, Instant},
 30 | };
 31 | 
 32 | use colored::Colorize;
 33 | use failure::{Error, ResultExt};
 34 | use log::Level;
 35 | 
 36 | use super_analyzer_core::{
 37 |     analyze_package, cli, error, initialize_config, initialize_logger, Benchmark, BANNER,
 38 | };
 39 | 
 40 | /// Program entry point.
 41 | ///
 42 | /// This function will just call the `run()` function and report any fatal error that comes out
 43 | /// of it. It will also exit with a non-zero exit code if things go wrong.
 44 | fn main() {
 45 |     // Call the `run()` function and check for errors.
 46 |     if let Err(e) = run() {
 47 |         error!("{}", e);
 48 | 
 49 |         // After printing the error, print the causes, in order.
 50 |         for e in e.iter_causes() {
 51 |             println!("\t{}{}", "Caused by: ".bold(), e);
 52 |         }
 53 | 
 54 |         // If the verbose mode is not enabled, we add a message so that the user knows that can
 55 |         // get further information with the `-v` flag in the CLI.
 56 |         if !log_enabled!(Level::Debug) {
 57 |             println!(
 58 |                 "If you need more information, try to run the program again with the {} flag.",
 59 |                 "-v".bold()
 60 |             );
 61 |         }
 62 | 
 63 |         // Exit with a non-zero exit code.
 64 |         ::std::process::exit(1);
 65 |     }
 66 | }
 67 | 
 68 | /// Execute the analysis.
 69 | ///
 70 | /// This runs the actual analysis. It checks the CLI, creates the logger, loads the configuration
 71 | /// and if everything goes well, it starts the analysis. It also runs benchmarks and shows the
 72 | /// results.
 73 | fn run() -> Result<(), Error> {
 74 |     // Check the CLI arguments.
 75 |     let cli = cli::generate().get_matches();
 76 |     let verbose = cli.is_present("verbose");
 77 |     // Initialize all logger, specifying if the user wanted verbose mode.
 78 |     initialize_logger(verbose).context("could not initialize the logger")?;
 79 | 
 80 |     // Load the configuration.
 81 |     let mut config = initialize_config(&cli)?;
 82 | 
 83 |     // Check the configuration and return an error with the loaded files.
 84 |     if !config.check() {
 85 |         let mut error_string = String::from("configuration errors were found:\n");
 86 |         for error in config.errors() {
 87 |             error_string.push_str(&error);
 88 |             error_string.push('\n');
 89 |         }
 90 |         error_string.push_str(
 91 |             "the configuration was loaded, in order, from the following files: \
 92 |              \n\t- Default built-in configuration\n",
 93 |         );
 94 |         for file in config.loaded_config_files() {
 95 |             error_string.push_str(&format!("\t- {}\n", file.display()));
 96 |         }
 97 | 
 98 |         return Err(error::Kind::Config {
 99 |             message: error_string,
100 |         }
101 |         .into());
102 |     }
103 | 
104 |     // Print the banner if we are in verbose mode.
105 |     if config.is_verbose() {
106 |         for c in BANNER.chars() {
107 |             print!("{}", c);
108 |             io::stdout().flush().expect("error flushing stdout");
109 |             sleep(Duration::from_millis(3));
110 |         }
111 |         println!(
112 |             "Welcome to the SUPER Android Analyzer. We will now try to audit the given application."
113 |         );
114 |         println!(
115 |             "You activated the verbose mode. {}",
116 |             "May Tux be with you!".bold()
117 |         );
118 |         println!();
119 |         sleep(Duration::from_millis(1250));
120 |     }
121 | 
122 |     // Start benchmarks.
123 |     let mut benchmarks = BTreeMap::new();
124 | 
125 |     let total_start = Instant::now();
126 |     // Analyze each apk one by one.
127 |     for package in config.app_packages() {
128 |         config.reset_force();
129 |         analyze_package(package, &mut config, &mut benchmarks)
130 |             .context("application analysis failed")?;
131 |     }
132 | 
133 |     // Print benchmarks if in benchmark mode.
134 |     if config.is_bench() {
135 |         let total_time = Benchmark::new("Total time", total_start.elapsed());
136 |         println!();
137 |         println!("{}", "Benchmarks:".bold());
138 |         for (package_name, benchmarks) in benchmarks {
139 |             println!("{}:", package_name.italic());
140 |             for bench in benchmarks {
141 |                 println!("{}", bench);
142 |             }
143 |             println!();
144 |         }
145 |         println!("{}", total_time);
146 |     }
147 | 
148 |     Ok(())
149 | }
150 | 


--------------------------------------------------------------------------------
/src/results/report/handlebars.rs:
--------------------------------------------------------------------------------
  1 | //! Handlebars report generation module.
  2 | 
  3 | use std::{
  4 |     collections::BTreeMap,
  5 |     fs::{self, File},
  6 |     io::Write,
  7 |     path::Path,
  8 | };
  9 | 
 10 | use colored::Colorize;
 11 | use failure::{Error, ResultExt};
 12 | use handlebars::Handlebars;
 13 | use serde_json::{value::Value, Map};
 14 | 
 15 | use crate::{
 16 |     config::Config,
 17 |     copy_folder, error,
 18 |     results::{
 19 |         handlebars_helpers::{
 20 |             all_code, all_lines, generate_menu, html_code, line_numbers, report_index,
 21 |         },
 22 |         report::Generator,
 23 |         utils::html_escape,
 24 |         Results,
 25 |     },
 26 | };
 27 | 
 28 | /// Handlebars report generator.
 29 | pub struct Report {
 30 |     /// Handlebars template structure.
 31 |     handler: Handlebars,
 32 |     /// Package name.
 33 |     package: String,
 34 | }
 35 | 
 36 | impl Report {
 37 |     /// Creates a new handlebars report generator.
 38 |     pub fn from_path<P: AsRef<Path>, S: Into<String>>(
 39 |         template_path: P,
 40 |         package: S,
 41 |     ) -> Result<Self, Error> {
 42 |         let handlebars_handler =
 43 |             Self::load_templates(template_path).context("Could not load handlebars templates")?;
 44 | 
 45 |         Ok(Self {
 46 |             handler: handlebars_handler,
 47 |             package: package.into(),
 48 |         })
 49 |     }
 50 | 
 51 |     /// Loads templates from the given path.
 52 |     fn load_templates<P: AsRef<Path>>(template_path: P) -> Result<Handlebars, Error> {
 53 |         let mut handlebars = Handlebars::new();
 54 |         handlebars.register_escape_fn(|s| html_escape(s).into_owned());
 55 |         let _ = handlebars.register_helper("line_numbers", Box::new(line_numbers));
 56 |         let _ = handlebars.register_helper("html_code", Box::new(html_code));
 57 |         let _ = handlebars.register_helper("report_index", Box::new(report_index));
 58 |         let _ = handlebars.register_helper("all_code", Box::new(all_code));
 59 |         let _ = handlebars.register_helper("all_lines", Box::new(all_lines));
 60 |         let _ = handlebars.register_helper("generate_menu", Box::new(generate_menu));
 61 |         for dir_entry in fs::read_dir(template_path)? {
 62 |             let dir_entry = dir_entry?;
 63 |             if let Some(ext) = dir_entry.path().extension() {
 64 |                 if ext == "hbs" {
 65 |                     let path = dir_entry.path();
 66 |                     let template_file = path
 67 |                         .file_stem()
 68 |                         .ok_or_else(|| error::Kind::TemplateName {
 69 |                             message: "template files must have a file name".to_owned(),
 70 |                         })
 71 |                         .and_then(|stem| {
 72 |                             stem.to_str().ok_or_else(|| error::Kind::TemplateName {
 73 |                                 message: "template names must be unicode".to_string(),
 74 |                             })
 75 |                         })?;
 76 | 
 77 |                     handlebars
 78 |                         .register_template_file(template_file, dir_entry.path())
 79 |                         .context("error registering template file")?;
 80 |                 }
 81 |             }
 82 |         }
 83 | 
 84 |         if handlebars.get_template("report").is_none()
 85 |             || handlebars.get_template("src").is_none()
 86 |             || handlebars.get_template("code").is_none()
 87 |         {
 88 |             let message = format!(
 89 |                 "templates must include {}, {} and {} templates",
 90 |                 "report".italic(),
 91 |                 "src".italic(),
 92 |                 "code".italic()
 93 |             );
 94 | 
 95 |             Err(error::Kind::TemplateName { message }.into())
 96 |         } else {
 97 |             Ok(handlebars)
 98 |         }
 99 |     }
100 | 
101 |     /// Generates the HTML files for the code.
102 |     fn generate_code_html_files(&self, config: &Config, results: &Results) -> Result<(), Error> {
103 |         let menu = Value::Array(self.generate_code_html_folder("", config, results)?);
104 | 
105 |         let mut f = File::create(
106 |             config
107 |                 .results_folder()
108 |                 .join(&results.app_package())
109 |                 .join("src")
110 |                 .join("index.html"),
111 |         )?;
112 | 
113 |         let mut data = BTreeMap::new();
114 |         let _ = data.insert("menu", menu);
115 |         f.write_all(self.handler.render("src", &data)?.as_bytes())?;
116 | 
117 |         Ok(())
118 |     }
119 | 
120 |     /// Generates a folder with HTML files with the source code of the application.
121 |     fn generate_code_html_folder<P: AsRef<Path>>(
122 |         &self,
123 |         path: P,
124 |         config: &Config,
125 |         results: &Results,
126 |     ) -> Result<Vec<Value>, Error> {
127 |         if path.as_ref() == Path::new("classes/android")
128 |             || path.as_ref() == Path::new("classes/com/google/android/gms")
129 |             || path.as_ref() == Path::new("smali")
130 |         {
131 |             return Ok(Vec::new());
132 |         }
133 |         let dir_iter = fs::read_dir(config.dist_folder().join(&self.package).join(path.as_ref()))?;
134 | 
135 |         fs::create_dir_all(
136 |             config
137 |                 .results_folder()
138 |                 .join(&results.app_package())
139 |                 .join("src")
140 |                 .join(path.as_ref()),
141 |         )?;
142 | 
143 |         let mut menu = Vec::new();
144 |         for entry in dir_iter {
145 |             let entry = entry?;
146 |             let path = entry.path();
147 | 
148 |             let prefix = config.dist_folder().join(&self.package);
149 |             let stripped = path
150 |                 .strip_prefix(&prefix)
151 |                 .expect("could not remove path prefix");
152 | 
153 |             if path.is_dir() {
154 |                 if stripped != Path::new("original") {
155 |                     let inner_menu = self.generate_code_html_folder(stripped, config, results)?;
156 |                     if inner_menu.is_empty() {
157 |                         let path = config
158 |                             .results_folder()
159 |                             .join(&results.app_package())
160 |                             .join("src")
161 |                             .join(stripped);
162 |                         if path.exists() {
163 |                             fs::remove_dir_all(path)?;
164 |                         }
165 |                     } else {
166 |                         let mut object = Map::with_capacity(2);
167 |                         let name = path.file_name().unwrap().to_string_lossy().into_owned();
168 | 
169 |                         let _ = object.insert("name".to_owned(), Value::String(name));
170 |                         let _ = object.insert("menu".to_owned(), Value::Array(inner_menu));
171 |                         menu.push(Value::Object(object));
172 |                     }
173 |                 }
174 |             } else {
175 |                 match path.extension() {
176 |                     Some(e) if e == "xml" || e == "java" => {
177 |                         self.generate_code_html_for(&stripped, config, results, &self.package)?;
178 |                         let name = path.file_name().unwrap().to_string_lossy().into_owned();
179 |                         let mut data = Map::with_capacity(3);
180 |                         let _ = data.insert("name".to_owned(), Value::String(name));
181 |                         let _ = data.insert(
182 |                             "path".to_owned(),
183 |                             Value::String(format!("{}", stripped.display())),
184 |                         );
185 |                         let _ = data.insert(
186 |                             "type".to_owned(),
187 |                             Value::String(e.to_string_lossy().into_owned()),
188 |                         );
189 |                         menu.push(Value::Object(data));
190 |                     }
191 |                     _ => {}
192 |                 }
193 |             }
194 |         }
195 | 
196 |         Ok(menu)
197 |     }
198 | 
199 |     /// Generates an HTML file with source code for the given path.
200 |     fn generate_code_html_for<P: AsRef<Path>, S: AsRef<str>>(
201 |         &self,
202 |         path: P,
203 |         config: &Config,
204 |         results: &Results,
205 |         cli_package_name: S,
206 |     ) -> Result<(), Error> {
207 |         let code = fs::read_to_string(
208 |             config
209 |                 .dist_folder()
210 |                 .join(cli_package_name.as_ref())
211 |                 .join(path.as_ref()),
212 |         )?;
213 |         let mut f_out = File::create(format!(
214 |             "{}.html",
215 |             config
216 |                 .results_folder()
217 |                 .join(&results.app_package())
218 |                 .join("src")
219 |                 .join(path.as_ref())
220 |                 .display()
221 |         ))?;
222 | 
223 |         let mut back_path = String::new();
224 |         for _ in path.as_ref().components() {
225 |             back_path.push_str("../");
226 |         }
227 | 
228 |         let mut data = BTreeMap::new();
229 |         let _ = data.insert(
230 |             String::from("path"),
231 |             Value::String(format!("{}", path.as_ref().display())),
232 |         );
233 |         let _ = data.insert(String::from("code"), Value::String(code));
234 |         let _ = data.insert(String::from("back_path"), Value::String(back_path));
235 | 
236 |         f_out.write_all(self.handler.render("code", &data)?.as_bytes())?;
237 | 
238 |         Ok(())
239 |     }
240 | }
241 | 
242 | impl Generator for Report {
243 |     #[allow(clippy::print_stdout)]
244 |     fn generate(&mut self, config: &Config, results: &Results) -> Result<(), Error> {
245 |         if config.is_verbose() {
246 |             println!("Starting HTML report generation. First we create the file.")
247 |         }
248 |         let mut f = File::create(
249 |             config
250 |                 .results_folder()
251 |                 .join(&results.app_package)
252 |                 .join("index.html"),
253 |         )?;
254 |         if config.is_verbose() {
255 |             println!("The report file has been created. Now it's time to fill it.")
256 |         }
257 | 
258 |         f.write_all(self.handler.render("report", results)?.as_bytes())?;
259 | 
260 |         for entry in fs::read_dir(config.template_path())? {
261 |             let entry = entry?;
262 |             let entry_path = entry.path();
263 |             if entry.file_type()?.is_dir() {
264 |                 copy_folder(
265 |                     &entry_path,
266 |                     &config
267 |                         .results_folder()
268 |                         .join(&results.app_package())
269 |                         .join(entry_path.file_name().unwrap()),
270 |                 )?;
271 |             } else {
272 |                 match entry_path.as_path().extension() {
273 |                     Some(e) if e == "hbs" => {}
274 |                     None => {}
275 |                     _ => {
276 |                         let _ = fs::copy(
277 |                             &entry_path,
278 |                             &config.results_folder().join(&results.app_package()),
279 |                         )?;
280 |                     }
281 |                 }
282 |             }
283 |         }
284 | 
285 |         self.generate_code_html_files(config, results)?;
286 | 
287 |         Ok(())
288 |     }
289 | }
290 | 
291 | /// Handlebars templates testing module.
292 | #[cfg(test)]
293 | mod test {
294 |     use super::Report;
295 |     use crate::config::Config;
296 | 
297 |     /// Test the creation of a new report.
298 |     #[test]
299 |     fn it_new() {
300 |         let _ = Report::from_path(&Config::default().template_path(), "test").unwrap();
301 |     }
302 | 
303 |     /// Test the failure of the creation of an invalid new report.
304 |     #[test]
305 |     fn it_new_failure() {
306 |         assert!(Report::from_path("random path", "test").is_err());
307 |     }
308 | 
309 |     /// Tests handlebars template loading.
310 |     #[test]
311 |     fn it_load_templates() {
312 |         let _ = Report::load_templates(&Config::default().template_path()).unwrap();
313 |     }
314 | }
315 | 


--------------------------------------------------------------------------------
/src/results/report/json.rs:
--------------------------------------------------------------------------------
 1 | //! JSON report generation module.
 2 | 
 3 | use std::{fs::File, io::BufWriter};
 4 | 
 5 | use failure::Error;
 6 | use serde_json::ser;
 7 | 
 8 | use crate::{
 9 |     config::Config,
10 |     results::{report::Generator, Results},
11 | };
12 | 
13 | /// JSON report generator.
14 | pub struct Json;
15 | 
16 | impl Json {
17 |     /// Creates a new JSON report generator.
18 |     pub fn new() -> Self {
19 |         Json
20 |     }
21 | }
22 | 
23 | impl Generator for Json {
24 |     #[allow(clippy::print_stdout)]
25 |     fn generate(&mut self, config: &Config, results: &Results) -> Result<(), Error> {
26 |         if config.is_verbose() {
27 |             println!("Starting JSON report generation. First we create the file.")
28 |         }
29 |         let mut f = BufWriter::new(File::create(
30 |             config
31 |                 .results_folder()
32 |                 .join(&results.app_package())
33 |                 .join("results.json"),
34 |         )?);
35 |         if config.is_verbose() {
36 |             println!("The report file has been created. Now it's time to fill it.")
37 |         }
38 |         ser::to_writer(&mut f, results)?;
39 | 
40 |         Ok(())
41 |     }
42 | }
43 | 


--------------------------------------------------------------------------------
/src/results/report/mod.rs:
--------------------------------------------------------------------------------
 1 | //! Report generation module.
 2 | 
 3 | mod handlebars;
 4 | mod json;
 5 | 
 6 | use failure::Error;
 7 | 
 8 | pub use self::{handlebars::Report as HandlebarsReport, json::Json};
 9 | use crate::{config::Config, results::Results};
10 | 
11 | /// Trait that represents a type that can generate a report.
12 | pub trait Generator {
13 |     /// Generates an actual report.
14 |     fn generate(&mut self, config: &Config, result: &Results) -> Result<(), Error>;
15 | }
16 | 


--------------------------------------------------------------------------------
/src/results/utils.rs:
--------------------------------------------------------------------------------
  1 | //! Utilities for results generation.
  2 | //!
  3 | //! In this module you can find structures like `Vulnerability` and `Fingerprint` that contain the
  4 | //! information for results.
  5 | 
  6 | use std::{
  7 |     borrow::Cow,
  8 |     cmp::Ordering,
  9 |     fs::File,
 10 |     io::Read,
 11 |     path::{Path, PathBuf},
 12 | };
 13 | 
 14 | use failure::Error;
 15 | use hex::ToHex;
 16 | use lazy_static::lazy_static;
 17 | use regex::Regex;
 18 | use serde::ser::{Serialize, SerializeStruct, Serializer};
 19 | use {md5, sha1, sha2};
 20 | 
 21 | use crate::criticality::Criticality;
 22 | 
 23 | /// Structure to store information about a vulnerability.
 24 | #[derive(Debug, Clone, PartialEq, Eq, Ord)]
 25 | pub struct Vulnerability {
 26 |     /// Vulnerability criticality.
 27 |     criticality: Criticality,
 28 |     /// Name of the vulnerability.
 29 |     name: String,
 30 |     /// Description of the vulnerability.
 31 |     description: String,
 32 |     /// Optional file were the vulnerability was present.
 33 |     file: Option<PathBuf>,
 34 |     /// Optional starting line in the given file.
 35 |     start_line: Option<usize>,
 36 |     /// Optional ending line in the given file.
 37 |     end_line: Option<usize>,
 38 |     /// The vulnerable code snippet.
 39 |     code: Option<String>,
 40 | }
 41 | 
 42 | impl Vulnerability {
 43 |     /// Creates a new vulnerability.
 44 |     pub fn new<N: Into<String>, D: Into<String>, P: AsRef<Path>, C: Into<String>>(
 45 |         criticality: Criticality,
 46 |         name: N,
 47 |         description: D,
 48 |         file: Option<P>,
 49 |         start_line: Option<usize>,
 50 |         end_line: Option<usize>,
 51 |         code: Option<C>,
 52 |     ) -> Self {
 53 |         Self {
 54 |             criticality,
 55 |             name: name.into(),
 56 |             description: description.into(),
 57 |             file: match file {
 58 |                 Some(p) => Some(p.as_ref().to_path_buf()),
 59 |                 None => None,
 60 |             },
 61 |             start_line,
 62 |             end_line,
 63 |             code: match code {
 64 |                 Some(c) => Some(c.into()),
 65 |                 None => None,
 66 |             },
 67 |         }
 68 |     }
 69 | 
 70 |     /// Gets the criticality of the vulnerability.
 71 |     pub fn get_criticality(&self) -> Criticality {
 72 |         self.criticality
 73 |     }
 74 | }
 75 | 
 76 | impl Serialize for Vulnerability {
 77 |     fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
 78 |     where
 79 |         S: Serializer,
 80 |     {
 81 |         let mut ser_struct = serializer.serialize_struct(
 82 |             "Vulnerability",
 83 |             if self.code.is_some() {
 84 |                 if self.start_line == self.end_line {
 85 |                     7
 86 |                 } else {
 87 |                     8
 88 |                 }
 89 |             } else {
 90 |                 4
 91 |             },
 92 |         )?;
 93 |         ser_struct.serialize_field("criticality", &self.criticality)?;
 94 |         ser_struct.serialize_field("name", self.name.as_str())?;
 95 |         ser_struct.serialize_field("description", self.description.as_str())?;
 96 |         ser_struct.serialize_field("file", &self.file)?;
 97 |         if self.code.is_some() {
 98 |             ser_struct.serialize_field(
 99 |                 "language",
100 |                 &self
101 |                     .file
102 |                     .as_ref()
103 |                     .unwrap()
104 |                     .extension()
105 |                     .unwrap()
106 |                     .to_string_lossy(),
107 |             )?;
108 |             if self.start_line == self.end_line {
109 |                 ser_struct.serialize_field("line", &(self.start_line.unwrap() + 1))?;
110 |             } else {
111 |                 ser_struct.serialize_field("start_line", &(self.start_line.unwrap() + 1))?;
112 |                 ser_struct.serialize_field("end_line", &(self.end_line.unwrap() + 1))?;
113 |             }
114 |             ser_struct.serialize_field("code", &self.code)?;
115 |         }
116 |         ser_struct.end()
117 |     }
118 | }
119 | 
120 | impl PartialOrd for Vulnerability {
121 |     fn partial_cmp(&self, other: &Self) -> Option<Ordering> {
122 |         Some(
123 |             (
124 |                 &self.criticality,
125 |                 &self.file,
126 |                 &self.start_line,
127 |                 &self.end_line,
128 |                 &self.name,
129 |             )
130 |                 .cmp(&(
131 |                     &other.criticality,
132 |                     &other.file,
133 |                     &other.start_line,
134 |                     &other.end_line,
135 |                     &other.name,
136 |                 )),
137 |         )
138 |     }
139 | }
140 | 
141 | /// Structure to store the application fingerprint.
142 | pub struct FingerPrint {
143 |     /// MD5 hash.
144 |     md5: md5::Digest,
145 |     /// SHA-1 hash.
146 |     sha1: sha1::Digest,
147 |     /// SHA-256 hash.
148 |     sha256: [u8; 32],
149 | }
150 | 
151 | impl FingerPrint {
152 |     /// Creates a new fingerprint.
153 |     ///
154 |     /// This function will read the complete file and generate its MD5, SHA-1 and SHA-256 hashes.
155 |     pub fn from_package<P: AsRef<Path>>(package: P) -> Result<Self, Error> {
156 |         use sha2::Digest;
157 | 
158 |         let mut f = File::open(package)?;
159 |         let mut buffer = Vec::with_capacity(f.metadata()?.len() as usize);
160 |         let _ = f.read_to_end(&mut buffer)?;
161 | 
162 |         let mut sha1 = sha1::Sha1::new();
163 |         sha1.update(&buffer);
164 | 
165 |         let mut sha256 = sha2::Sha256::default();
166 |         sha256.input(&buffer);
167 | 
168 |         let mut sha256_res = [0_u8; 32];
169 |         sha256_res.clone_from_slice(&sha256.result()[..]);
170 |         Ok(Self {
171 |             md5: md5::compute(&buffer),
172 |             sha1: sha1.digest(),
173 |             sha256: sha256_res,
174 |         })
175 |     }
176 | }
177 | 
178 | impl Serialize for FingerPrint {
179 |     fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
180 |     where
181 |         S: Serializer,
182 |     {
183 |         let mut ser_struct = serializer.serialize_struct("fingerprint", 3)?;
184 |         ser_struct.serialize_field("md5", &format!("{:x}", self.md5))?;
185 |         ser_struct.serialize_field("sha1", &self.sha1.to_string())?;
186 |         let mut sha256_hex = String::new();
187 |         // It should never fail, we are writing directly to memory, without I/O access
188 |         // That's why the `expect()` should never panic.
189 |         self.sha256
190 |             .write_hex(&mut sha256_hex)
191 |             .expect("the SHA-256 fingerprinting of the application failed");
192 |         ser_struct.serialize_field("sha256", &sha256_hex)?;
193 |         ser_struct.end()
194 |     }
195 | }
196 | 
197 | /// Split line into indentation and the rest of the line.
198 | pub fn split_indent(line: &str) -> (&str, &str) {
199 |     match line.find(|c: char| !c.is_whitespace()) {
200 |         Some(p) => line.split_at(p),
201 |         None => ("", line),
202 |     }
203 | }
204 | 
205 | /// Escapes the given input's HTML special characters.
206 | ///
207 | /// It changes the following characters:
208 | ///  - `<` => `&lt;`
209 | ///  - `>` => `&gt;`
210 | ///  - `&` => `&amp;`
211 | pub fn html_escape<'a, S: Into<Cow<'a, str>>>(input: S) -> Cow<'a, str> {
212 |     lazy_static! {
213 |         static ref REGEX: Regex = Regex::new("[<>&]").unwrap();
214 |     }
215 |     let input = input.into();
216 |     let mut last_match = 0;
217 | 
218 |     if REGEX.is_match(&input) {
219 |         let matches = REGEX.find_iter(&input);
220 |         let mut output = String::with_capacity(input.len());
221 |         for m in matches {
222 |             output.push_str(&input[last_match..m.start()]);
223 |             match &input[m.start()..m.end()] {
224 |                 "<" => output.push_str("&lt;"),
225 |                 ">" => output.push_str("&gt;"),
226 |                 "&" => output.push_str("&amp;"),
227 |                 _ => unreachable!(),
228 |             }
229 |             last_match = m.end();
230 |         }
231 |         output.push_str(&input[last_match..]);
232 |         Cow::Owned(output)
233 |     } else {
234 |         input
235 |     }
236 | }
237 | 


--------------------------------------------------------------------------------
/src/static_analysis/certificate.rs:
--------------------------------------------------------------------------------
  1 | //! This module performs the static analysis of the certificate of the application.
  2 | 
  3 | use std::{borrow::Borrow, fs, process::Command};
  4 | 
  5 | use chrono::{Datelike, Local};
  6 | use colored::Colorize;
  7 | use failure::{bail, Error, ResultExt};
  8 | 
  9 | use crate::{
 10 |     criticality::Criticality,
 11 |     print_vulnerability, print_warning,
 12 |     results::{Results, Vulnerability},
 13 |     Config,
 14 | };
 15 | 
 16 | /// Parses the given month string.
 17 | ///
 18 | /// It will convert it to an integer representing the month number in the year.
 19 | fn parse_month<S: AsRef<str>>(month_str: S) -> u32 {
 20 |     match month_str.as_ref() {
 21 |         "Jan" => 1,
 22 |         "Feb" => 2,
 23 |         "Mar" => 3,
 24 |         "Apr" => 4,
 25 |         "May" => 5,
 26 |         "Jun" => 6,
 27 |         "Jul" => 7,
 28 |         "Aug" => 8,
 29 |         "Sep" => 9,
 30 |         "Oct" => 10,
 31 |         "Nov" => 11,
 32 |         "Dec" => 12,
 33 |         _ => 0,
 34 |     }
 35 | }
 36 | 
 37 | /// Performs the certificate analysis.
 38 | ///
 39 | /// *Note: This requires OpenSSL.*
 40 | pub fn certificate_analysis<S: AsRef<str>>(
 41 |     config: &Config,
 42 |     package: S,
 43 |     results: &mut Results,
 44 | ) -> Result<(), Error> {
 45 |     if config.is_verbose() {
 46 |         println!("Reading and analyzing the certificates…")
 47 |     }
 48 | 
 49 |     // Gets the path to the certificate files.
 50 |     let path = config
 51 |         .dist_folder()
 52 |         .join(package.as_ref())
 53 |         .join("original")
 54 |         .join("META-INF");
 55 |     let dir_iter = fs::read_dir(&path)?;
 56 | 
 57 |     for f in dir_iter {
 58 |         let f = match f {
 59 |             Ok(f) => f,
 60 |             Err(e) => {
 61 |                 print_warning(format!(
 62 |                     "An error occurred when reading the {} dir searching certificates. Certificate \
 63 |                      analysis will be skipped. More info: {}",
 64 |                     path.display(),
 65 |                     e
 66 |                 ));
 67 |                 break;
 68 |             }
 69 |         };
 70 | 
 71 |         let path_file = match f.path().file_name() {
 72 |             Some(n) => n.to_os_string().into_string().unwrap(),
 73 |             None => String::new(),
 74 |         };
 75 | 
 76 |         let mut is_cert = false;
 77 |         match f.path().extension() {
 78 |             None => {}
 79 |             Some(e) => {
 80 |                 if e.to_string_lossy() == "RSA" || e.to_string_lossy() == "DSA" {
 81 |                     is_cert = true;
 82 |                 }
 83 |             }
 84 |         }
 85 | 
 86 |         // We found a certificate, let's get its information.
 87 |         if is_cert {
 88 |             let output = Command::new("openssl")
 89 |                 .arg("pkcs7")
 90 |                 .arg("-inform")
 91 |                 .arg("DER")
 92 |                 .arg("-in")
 93 |                 .arg(f.path().to_str().unwrap())
 94 |                 .arg("-noout")
 95 |                 .arg("-print_certs")
 96 |                 .arg("-text")
 97 |                 .output()
 98 |                 .context("there was an error when executing the openssl command to check the certificate")?;
 99 | 
100 |             if !output.status.success() {
101 |                 bail!(
102 |                     "the openssl command returned an error. More info: {}",
103 |                     String::from_utf8_lossy(&output.stderr[..])
104 |                 );
105 |             };
106 | 
107 |             let cmd = String::from_utf8_lossy(&output.stdout);
108 |             if config.is_verbose() {
109 |                 println!(
110 |                     "The application is signed with the following certificate: {}",
111 |                     path_file.bold()
112 |                 );
113 | 
114 |                 println!("{}", cmd);
115 |             }
116 |             results.set_certificate(cmd.borrow());
117 | 
118 |             // Get the information we need.
119 |             let mut issuer = String::new();
120 |             let mut subject = String::new();
121 |             let mut after = String::new();
122 |             for line in cmd.lines() {
123 |                 if line.contains("Issuer:") {
124 |                     issuer = line.to_owned();
125 |                 }
126 |                 if line.contains("Subject:") {
127 |                     subject = line.to_owned();
128 |                 }
129 |                 if line.contains("Not After :") {
130 |                     after = line.to_owned();
131 |                 }
132 |             }
133 | 
134 |             let mut issuer = issuer.split(": ");
135 |             let mut subject = subject.split(": ");
136 |             let mut after = after.split(": ");
137 | 
138 |             // Detect Android debug certificate.
139 |             if issuer.nth(1).unwrap().contains("Android Debug") {
140 |                 let criticality = Criticality::Critical;
141 |                 let description = "The application is signed with the Android Debug Certificate. \
142 |                                    This certificate should never be used for publishing an app.";
143 | 
144 |                 let vulnerability = Vulnerability::new(
145 |                     criticality,
146 |                     "Android Debug Certificate",
147 |                     description,
148 |                     None::<String>,
149 |                     None,
150 |                     None,
151 |                     None::<String>,
152 |                 );
153 |                 results.add_vulnerability(vulnerability);
154 |                 print_vulnerability(description, criticality);
155 |             }
156 |             if issuer.nth(1) == subject.nth(1) {
157 |                 // TODO: This means it is self signed. Should we do something?
158 |             }
159 | 
160 |             // Check certificate expiration.
161 |             let now = Local::now();
162 |             let year = now.year();
163 |             let month = now.month();
164 |             let day = now.day();
165 | 
166 |             let after = after.nth(1).unwrap();
167 |             let cert_year = after[16..20].parse::<i32>().unwrap();
168 |             let cert_month = parse_month(&after[0..3]);
169 |             let cert_day = match after[4..6].parse::<u32>() {
170 |                 //if day<10 parse 1 number
171 |                 Ok(n) => n,
172 |                 Err(_) => after[5..6].parse::<u32>().unwrap(),
173 |             };
174 | 
175 |             if year > cert_year
176 |                 || (year == cert_year && month > cert_month)
177 |                 || (year == cert_year && month == cert_month && day > cert_day)
178 |             {
179 |                 let criticality = Criticality::High;
180 |                 let description = "The certificate of the application has expired. You should not \
181 |                                    use applications with expired certificates since the app is \
182 |                                    not secure anymore.";
183 | 
184 |                 let vulnerability = Vulnerability::new(
185 |                     criticality,
186 |                     "Expired certificate",
187 |                     description,
188 |                     None::<String>,
189 |                     None,
190 |                     None,
191 |                     None::<String>,
192 |                 );
193 |                 results.add_vulnerability(vulnerability);
194 |                 print_vulnerability(description, criticality);
195 |             }
196 |         }
197 |     }
198 | 
199 |     if config.is_verbose() {
200 |         println!();
201 |         println!("{}", "The certificates were analyzed correctly!".green());
202 |         println!();
203 |     } else if !config.is_quiet() {
204 |         println!("Certificates analyzed.");
205 |     }
206 |     Ok(())
207 | }
208 | 


--------------------------------------------------------------------------------
/src/static_analysis/mod.rs:
--------------------------------------------------------------------------------
 1 | //! Static analysis for manifest, certificate and code files.
 2 | //!
 3 | //! The static analysis of the application's source files is used to search for vulnerable
 4 | //! code, settings and any other form of implementation that might be used as an exploit.
 5 | 
 6 | #[cfg(feature = "certificate")]
 7 | pub mod certificate;
 8 | pub mod code;
 9 | pub mod manifest;
10 | 
11 | #[cfg(feature = "certificate")]
12 | use self::certificate::certificate_analysis;
13 | #[cfg(feature = "certificate")]
14 | use crate::print_warning;
15 | use crate::{results::Results, Config};
16 | 
17 | /// Runs the analysis for manifest, certificate and code files.
18 | ///
19 | /// * Benchmarking support.
20 | pub fn static_analysis<S: AsRef<str>>(config: &Config, package: S, results: &mut Results) {
21 |     if config.is_verbose() {
22 |         println!(
23 |             "It's time to analyze the application. First, a static analysis will be performed, \
24 |              starting with the AndroidManifest.xml file and then going through the actual code. \
25 |              Let's start!"
26 |         );
27 |     }
28 | 
29 |     // Run analysis for manifest file.
30 |     let manifest = manifest::analysis(config, package.as_ref(), results);
31 | 
32 |     #[cfg(feature = "certificate")]
33 |     {
34 |         // Run analysis for certificate file.
35 |         if let Err(e) = certificate_analysis(config, package.as_ref(), results) {
36 |             print_warning(format!(
37 |                 "there was an error analyzing the certificate: {}",
38 |                 e
39 |             ))
40 |         }
41 |     }
42 | 
43 |     // Run analysis for source code files.
44 |     code::analysis(manifest, config, package.as_ref(), results)
45 | }
46 | 


--------------------------------------------------------------------------------
/src/utils.rs:
--------------------------------------------------------------------------------
  1 | //! General utilities module.
  2 | 
  3 | use std::{fmt, fs, path::Path, thread::sleep, time::Duration};
  4 | 
  5 | use colored::Colorize;
  6 | use failure::Error;
  7 | use lazy_static::lazy_static;
  8 | use log::Level::Debug;
  9 | use xml::{
 10 |     reader::{EventReader, XmlEvent},
 11 |     ParserConfig,
 12 | };
 13 | 
 14 | use crate::{config::Config, criticality::Criticality};
 15 | 
 16 | /// Configuration for the XML parser.
 17 | lazy_static! {
 18 |     /// XML parser configuration.
 19 |     #[allow(missing_debug_implementations)]
 20 |     pub static ref PARSER_CONFIG: ParserConfig = ParserConfig::new()
 21 |     .trim_whitespace(true)
 22 |     .whitespace_to_characters(true)
 23 |     .cdata_to_characters(false)
 24 |     .ignore_comments(true)
 25 |     .coalesce_characters(true);
 26 | }
 27 | 
 28 | /// Prints a warning to `stderr` in yellow.
 29 | #[allow(clippy::print_stdout)]
 30 | pub fn print_warning<S: AsRef<str>>(warning: S) {
 31 |     if cfg!(not(test)) {
 32 |         warn!("{}", warning.as_ref());
 33 | 
 34 |         if log_enabled!(Debug) {
 35 |             sleep(Duration::from_millis(200));
 36 |         } else {
 37 |             println!(
 38 |                 "If you need more information, try to run the program again with the {} flag.",
 39 |                 "-v".bold()
 40 |             )
 41 |         }
 42 |     }
 43 | }
 44 | 
 45 | /// Prints a vulnerability to `stdout` in a color depending on the criticality.
 46 | #[allow(clippy::print_stdout)]
 47 | pub fn print_vulnerability<S: AsRef<str>>(text: S, criticality: Criticality) {
 48 |     if cfg!(not(test)) && log_enabled!(Debug) {
 49 |         let message = format!(
 50 |             "Possible {} criticality vulnerability found!: {}",
 51 |             criticality,
 52 |             text.as_ref()
 53 |         );
 54 | 
 55 |         let formatted_message = match criticality {
 56 |             Criticality::Low => message.cyan(),
 57 |             Criticality::Medium => message.yellow(),
 58 |             Criticality::High | Criticality::Critical => message.red(),
 59 |             _ => return,
 60 |         };
 61 | 
 62 |         println!("{}", formatted_message);
 63 |         sleep(Duration::from_millis(200));
 64 |     }
 65 | }
 66 | 
 67 | /// Gets the name of the package from the path of the *.apk* file.
 68 | ///
 69 | /// Note: it will panic if the path has no `file_stem`.
 70 | pub fn get_package_name<P: AsRef<Path>>(path: P) -> String {
 71 |     path.as_ref()
 72 |         .file_stem()
 73 |         .expect("expected package name")
 74 |         .to_string_lossy()
 75 |         .into_owned()
 76 | }
 77 | 
 78 | /// Gets the code snippet near the start and end lines.
 79 | ///
 80 | /// It will return 5 lines above and 5 lines below the vulnerability.
 81 | #[allow(clippy::nonminimal_bool)]
 82 | pub fn get_code<S: AsRef<str>>(code: S, s_line: usize, e_line: usize) -> String {
 83 |     let mut result = String::new();
 84 |     for (i, text) in code.as_ref().lines().enumerate() {
 85 |         if i >= (e_line + 5) {
 86 |             break;
 87 |         } else if (s_line >= 5 && i > s_line - 5) || (s_line < 5 && i < s_line + 5) {
 88 |             result.push_str(text);
 89 |             result.push_str("\n");
 90 |         }
 91 |     }
 92 |     result
 93 | }
 94 | 
 95 | /// Gets a string from the strings XML file.
 96 | pub fn get_string<L: AsRef<str>, P: AsRef<str>>(
 97 |     label: L,
 98 |     config: &Config,
 99 |     package: P,
100 | ) -> Result<String, Error> {
101 |     let code = fs::read_to_string({
102 |         let path = config
103 |             .dist_folder()
104 |             .join(package.as_ref())
105 |             .join("res")
106 |             .join("values-en")
107 |             .join("strings.xml");
108 | 
109 |         if path.exists() {
110 |             path
111 |         } else {
112 |             config
113 |                 .dist_folder()
114 |                 .join(package.as_ref())
115 |                 .join("res")
116 |                 .join("values")
117 |                 .join("strings.xml")
118 |         }
119 |     })?;
120 | 
121 |     let bytes = code.into_bytes();
122 |     let parser = EventReader::new_with_config(bytes.as_slice(), PARSER_CONFIG.clone());
123 | 
124 |     let mut found = false;
125 |     for e in parser {
126 |         match e {
127 |             Ok(XmlEvent::StartElement {
128 |                 name, attributes, ..
129 |             }) => {
130 |                 if let "string" = name.local_name.as_str() {
131 |                     for attr in attributes {
132 |                         if attr.name.local_name == "name" && attr.value == label.as_ref() {
133 |                             found = true;
134 |                         }
135 |                     }
136 |                 }
137 |             }
138 |             Ok(XmlEvent::Characters(data)) => {
139 |                 if found {
140 |                     return Ok(data);
141 |                 }
142 |             }
143 |             _ => {}
144 |         }
145 |     }
146 |     Ok(String::new())
147 | }
148 | 
149 | /// Structure to store a benchmark information.
150 | #[derive(Debug)]
151 | pub struct Benchmark {
152 |     /// The label for the benchmark.
153 |     label: String,
154 |     /// The benchmark duration.
155 |     duration: Duration,
156 | }
157 | 
158 | impl Benchmark {
159 |     /// Creates a new benchmark.
160 |     pub fn new<S: Into<String>>(label: S, duration: Duration) -> Self {
161 |         Self {
162 |             label: label.into(),
163 |             duration,
164 |         }
165 |     }
166 | }
167 | 
168 | impl fmt::Display for Benchmark {
169 |     fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
170 |         write!(
171 |             f,
172 |             "{}: {}.{}s",
173 |             self.label,
174 |             self.duration.as_secs(),
175 |             self.duration.subsec_nanos()
176 |         )
177 |     }
178 | }
179 | 
180 | #[cfg(test)]
181 | mod test {
182 |     use crate::get_code;
183 | 
184 |     #[test]
185 |     fn it_get_code() {
186 |         let code = "Lorem ipsum dolor sit amet, consectetur adipiscing elit.\nCurabitur tortor. \
187 |                     Pellentesque nibh. Aenean quam.\nSed lacinia, urna non tincidunt mattis, \
188 |                     tortor neque\nPraesent blandit dolor. Sed non quam. In vel mi\nSed aliquet \
189 |                     risus a tortor. Integer id quam. Morbi mi.\nNullam mauris orci, aliquet et, \
190 |                     iaculis et, viverra vitae, ligula.\nPraesent mauris. Fusce nec tellus sed \
191 |                     ugue semper porta. Mauris massa.\nProin ut ligula vel nunc egestas porttitor. \
192 |                     Morbi lectus risus,\nVestibulum sapien. Proin quam. Etiam ultrices. \
193 |                     Suspendisse in\nVestibulum tincidunt malesuada tellus. Ut ultrices ultrices \
194 |                     enim.\nAenean laoreet. Vestibulum nisi lectus, commodo ac, facilisis\nInteger \
195 |                     nec odio. Praesent libero. Sed cursus ante dapibus diam.\nPellentesque nibh. \
196 |                     Aenean quam. In scelerisque sem at dolor.\nSed lacinia, urna non tincidunt \
197 |                     mattis, tortor neque adipiscing\nVestibulum ante ipsum primis in faucibus \
198 |                     orci luctus et ultrices";
199 | 
200 |         assert_eq!(
201 |             get_code(code, 1, 1),
202 |             "Lorem ipsum dolor sit amet, consectetur adipiscing elit.\n\
203 |              Curabitur tortor. Pellentesque nibh. Aenean quam.\n\
204 |              Sed lacinia, urna non tincidunt mattis, tortor neque\n\
205 |              Praesent blandit dolor. Sed non quam. In vel mi\n\
206 |              Sed aliquet risus a tortor. Integer id quam. Morbi mi.\n\
207 |              Nullam mauris orci, aliquet et, iaculis et, viverra vitae, ligula.\n"
208 |         );
209 | 
210 |         assert_eq!(
211 |             get_code(code, 13, 13),
212 |             "Vestibulum tincidunt malesuada tellus. Ut ultrices ultrices enim.\n\
213 |              Aenean laoreet. Vestibulum nisi lectus, commodo ac, facilisis\n\
214 |              Integer nec odio. Praesent libero. Sed cursus ante dapibus diam.\n\
215 |              Pellentesque nibh. Aenean quam. In scelerisque sem at dolor.\n\
216 |              Sed lacinia, urna non tincidunt mattis, tortor neque adipiscing\n\
217 |              Vestibulum ante ipsum primis in faucibus orci luctus et ultrices\n"
218 |         );
219 | 
220 |         assert_eq!(
221 |             get_code(code, 7, 7),
222 |             "Praesent blandit dolor. Sed non quam. In vel mi\n\
223 |              Sed aliquet risus a tortor. Integer id quam. Morbi mi.\n\
224 |              Nullam mauris orci, aliquet et, iaculis et, viverra vitae, ligula.\n\
225 |              Praesent mauris. Fusce nec tellus sed ugue semper porta. Mauris massa.\n\
226 |              Proin ut ligula vel nunc egestas porttitor. Morbi lectus risus,\n\
227 |              Vestibulum sapien. Proin quam. Etiam ultrices. Suspendisse in\n\
228 |              Vestibulum tincidunt malesuada tellus. Ut ultrices ultrices enim.\n\
229 |              Aenean laoreet. Vestibulum nisi lectus, commodo ac, facilisis\n\
230 |              Integer nec odio. Praesent libero. Sed cursus ante dapibus diam.\n"
231 |         );
232 | 
233 |         assert_eq!(
234 |             get_code(code, 7, 9),
235 |             "Praesent blandit dolor. Sed non quam. In vel mi\n\
236 |              Sed aliquet risus a tortor. Integer id quam. Morbi mi.\n\
237 |              Nullam mauris orci, aliquet et, iaculis et, viverra vitae, ligula.\n\
238 |              Praesent mauris. Fusce nec tellus sed ugue semper porta. Mauris massa.\n\
239 |              Proin ut ligula vel nunc egestas porttitor. Morbi lectus risus,\n\
240 |              Vestibulum sapien. Proin quam. Etiam ultrices. Suspendisse in\n\
241 |              Vestibulum tincidunt malesuada tellus. Ut ultrices ultrices enim.\n\
242 |              Aenean laoreet. Vestibulum nisi lectus, commodo ac, facilisis\n\
243 |              Integer nec odio. Praesent libero. Sed cursus ante dapibus diam.\n\
244 |              Pellentesque nibh. Aenean quam. In scelerisque sem at dolor.\n\
245 |              Sed lacinia, urna non tincidunt mattis, tortor neque adipiscing\n"
246 |         );
247 |     }
248 | }
249 | 


--------------------------------------------------------------------------------
/templates/super/code.hbs:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="en">
 3 | 
 4 |     <head>
 5 |         <meta charset="UTF-8">
 6 |         <title>Source - {{ path }}</title>
 7 |         <link rel="stylesheet" href="{{ back_path }}css/androidstudio.css">
 8 |         <link rel="stylesheet" href="{{ back_path }}css/style.css">
 9 |     </head>
10 | 
11 |     <body>
12 |         <div>
13 |             <div class="line_numbers">{{ all_lines code }}</div>
14 |             <div class="code">
15 |                 <pre><code>{{ all_code code }}</code></pre>
16 |             </div>
17 |         </div>
18 |         <script src="{{ back_path }}js/jquery-3.3.1.slim.min.js"></script>
19 |         <script src="{{ back_path }}js/highlight.pack.js"></script>
20 |         <script>hljs.initHighlightingOnLoad();</script>
21 |         <script>
22 |             var query_params = decodeURIComponent(window.location.search.substring(1)),
23 |                 variables = query_params.split('&'),
24 |                 start_line,
25 |                 end_line,
26 |                 criticality;
27 |             for (var i = 0; i < variables.length; i++) {
28 |                 var pair = variables[i].split('=');
29 |                 if (pair[0] == "start_line") {
30 |                     start_line = pair[1];
31 |                 }
32 |                 if (pair[0] == "end_line") {
33 |                     end_line = pair[1];
34 |                 }
35 |                 if (pair[0] == "criticality") {
36 |                     criticality = pair[1];
37 |                 }
38 |             }
39 |             for (var i = start_line; i <= end_line; i++) {
40 |                 $("#code-line-" + i).addClass("vulnerable_line " + criticality);
41 |             }
42 |         </script>
43 |     </body>
44 | 
45 | </html>


--------------------------------------------------------------------------------
/templates/super/css/androidstudio.css:
--------------------------------------------------------------------------------
 1 | /*
 2 | Date: 24 Fev 2015
 3 | Author: Pedro Oliveira <kanytu@gmail . com>
 4 | */
 5 | 
 6 | .hljs {
 7 |   color: #a9b7c6;
 8 |   background: #282b2e;
 9 |   display: block;
10 |   overflow-x: auto;
11 |   padding: 0.5em;
12 | }
13 | 
14 | .hljs-number,
15 | .hljs-literal,
16 | .hljs-symbol,
17 | .hljs-bullet {
18 |   color: #6897BB;
19 | }
20 | 
21 | .hljs-keyword,
22 | .hljs-selector-tag,
23 | .hljs-deletion {
24 |   color: #cc7832;
25 | }
26 | 
27 | .hljs-variable,
28 | .hljs-template-variable,
29 | .hljs-link {
30 |   color: #629755;
31 | }
32 | 
33 | .hljs-comment,
34 | .hljs-quote {
35 |   color: #808080;
36 | }
37 | 
38 | .hljs-meta {
39 |   color: #bbb529;
40 | }
41 | 
42 | .hljs-string,
43 | .hljs-attribute,
44 | .hljs-addition {
45 |   color: #6A8759;
46 | }
47 | 
48 | .hljs-section,
49 | .hljs-title,
50 | .hljs-type {
51 |   color: #ffc66d;
52 | }
53 | 
54 | .hljs-name,
55 | .hljs-selector-id,
56 | .hljs-selector-class {
57 |   color: #e8bf6a;
58 | }
59 | 
60 | .hljs-emphasis {
61 |   font-style: italic;
62 | }
63 | 
64 | .hljs-strong {
65 |   font-weight: bold;
66 | }
67 | 


--------------------------------------------------------------------------------
/templates/super/css/style.css:
--------------------------------------------------------------------------------
  1 | html, body {
  2 |     height: 100%;
  3 |     margin: 0;
  4 | }
  5 | 
  6 | body.src {
  7 |     background-color: #33373C;
  8 | }
  9 | 
 10 | section.report {
 11 |     margin: 4em;
 12 | }
 13 | 
 14 | a img {
 15 |     text-decoration: none;
 16 |     max-height: 23em;
 17 |     float: left;
 18 |     margin-right: 1em;
 19 | }
 20 | 
 21 | footer {
 22 |     margin: 2em;
 23 | }
 24 | 
 25 | h1, h2, h3, h4 {
 26 |     font-family: sans-serif;
 27 | }
 28 | 
 29 | ul {
 30 |     list-style-type: none;
 31 | }
 32 | 
 33 | nav li:not(.open) ul{
 34 |     display: none;
 35 | }
 36 | 
 37 | nav li a {
 38 |     color: #CCCCCC;
 39 |     font-family: sans-serif;
 40 | }
 41 | 
 42 | nav {
 43 |     float: left;
 44 |     width: 20%;
 45 |     height: 100%;
 46 |     font-size: 0.8em;
 47 |     background-color: #33373C;
 48 | }
 49 | 
 50 | nav ul {
 51 |     padding-left: 0.5em;
 52 | }
 53 | 
 54 | nav > ul {
 55 |     height: 70%;
 56 |     overflow: auto;
 57 | }
 58 | 
 59 | nav img {
 60 |     height: 1.2em;
 61 |     margin-right: 0.5em;
 62 | }
 63 | 
 64 | nav h2 {
 65 |     color: #CCCCCC;
 66 |     margin: 1.5em;
 67 |     font-size: 1.3em;
 68 |     border: 1px solid #CCCCCC;
 69 |     text-align: center;
 70 |     padding: 1em;
 71 | }
 72 | 
 73 | nav h2 img {
 74 |     height: 3.5em;
 75 | }
 76 | 
 77 | iframe {
 78 |     width: 80%;
 79 |     height: 100%;
 80 |     float: left;
 81 |     padding: 0;
 82 |     border: none;
 83 |     overflow: scroll;
 84 | }
 85 | 
 86 | body > div > div.code {
 87 |     margin-top: -0.8em;
 88 | }
 89 | 
 90 | section.vulnerability li {
 91 |     margin-left: -1.5em;
 92 | }
 93 | 
 94 | section.vulnerability {
 95 |     border: 1px solid #CCCCCC;
 96 |     margin: 1em 5em;
 97 |     padding: 1.5em 3em;
 98 | }
 99 | 
100 | span.critical, span.high {
101 |     color: #F93A3A;
102 | }
103 | 
104 | span.medium {
105 |     color: #F9AD3A;
106 | }
107 | 
108 | span.low {
109 |     color: #3A9BF9;
110 | }
111 | 
112 | .vulnerability div.code code {
113 |     border-radius: 0 1em 1em 0;
114 | }
115 | 
116 | .vulnerability div.code code code {
117 |     border-radius: 0;
118 | }
119 | 
120 | a {
121 |     text-decoration: none;
122 |     color: #74B1ED;
123 | }
124 | 
125 | div.line_numbers {
126 |     float: left;
127 |     font-family: monospace;
128 |     padding: 0.5em 0.3em 0.5em 1em;
129 |     color: #A9B7C6;
130 |     background: #3E4348;
131 |     border-radius: 1em 0 0 1em;
132 |     margin-left: -0.8em;
133 |     text-align: right;
134 | }
135 | 
136 | div.line_numbers em {
137 |     font-weight: bolder;
138 |     text-decoration: underline;
139 |     font-style: normal;
140 | }
141 | 
142 | code.vulnerable_line > span.line_body {
143 |   border-bottom: 1px dotted;
144 | }
145 | 
146 | code.vulnerable_line.warning > span.line_body {
147 |   border-bottom-color: #FFF;
148 | }
149 | 
150 | code.vulnerable_line.critical > span.line_body {
151 |   border-bottom-color: #F93A3A;
152 | }
153 | 
154 | code.vulnerable_line.high > span.line_body {
155 |   border-bottom-color: #F93A3A;
156 | }
157 | 
158 | code.vulnerable_line.medium > span.line_body {
159 |   border-bottom-color: #F9AD3A;
160 | }
161 | 
162 | code.vulnerable_line.low > span.line_body {
163 |   border-bottom-color: #3A9BF9;
164 | }
165 | 


--------------------------------------------------------------------------------
/templates/super/img/folder.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 2 | <svg id="svg2" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" width="64" version="1.1" xmlns:cc="http://creativecommons.org/ns#" height="64" viewBox="0 0 64.000001 64.000001" xmlns:dc="http://purl.org/dc/elements/1.1/">
 3 |  <metadata id="metadata7">
 4 |   <rdf:RDF>
 5 |    <cc:Work rdf:about="">
 6 |     <dc:format>image/svg+xml</dc:format>
 7 |     <dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage"/>
 8 |     <dc:title/>
 9 |    </cc:Work>
10 |   </rdf:RDF>
11 |  </metadata>
12 |  <g id="layer1" transform="translate(0 -988.36)">
13 |   <path id="path5171" d="m7 1035.9v-34.988c0-1.3845 1.1235-2.653 2.5-2.5001h19.5l6 4.9992h19.628s2.3718 0 2.3718 2.4992v29.99c0 1.3845-1.115 2.4992-2.5 2.4992h-44.999c-1.385 0-2.5-1.1146-2.5-2.4992z" fill="#5895dc"/>
14 |   <path id="path5041" opacity=".1" d="m33.68 1003.3-3.68 4.088h-20.5c-2.5 0-2.5 2.396-2.5 2.396v2s0-2.396 2.5-2.396h20.5l4.5-5h0.48633l-1.3066-1.0879zm22.355 1.5645c0.57756 0.4666 0.95676 1.2108 0.96289 2.0039-0.0091-1.0703-0.45872-1.6611-0.96289-2.0039z"/>
15 |   <path id="path5173" d="m57 1040.9v-35c0-1.385-1.1235-2.653-2.5-2.5h-20l-4.5 5h-20.5c-2.5 0-2.5 2.3959-2.5 2.3959v30.104c0 1.385 1.115 2.5 2.5 2.5h45c1.385 0 2.5-1.115 2.5-2.5z" fill="#6ba4e7"/>
16 |   <path id="path5029" opacity=".1" transform="translate(0 988.36)" fill="#fff" d="m34.5 15l-4.5 5h-20.5c-2.5 0-2.5 2.396-2.5 2.396v1s0-2.396 2.5-2.396h20.5l4.5-5h20c1.377-0.153 2.5 1.115 2.5 2.5v-1c0-1.385-1.123-2.653-2.5-2.5h-20z"/>
17 |   <path id="path5034" opacity=".2" d="m7 1040.9v1c0 1.385 1.115 2.5 2.5 2.5h45c1.385 0 2.5-1.115 2.5-2.5v-1c0 1.385-1.115 2.5-2.5 2.5h-45c-1.385 0-2.5-1.115-2.5-2.5z"/>
18 |   <path id="path5024" opacity=".1" transform="translate(0 988.36)" fill="#fff" d="m9.5 10.014c-1.3765-0.1536-2.5 1.115-2.5 2.5v1c0-1.385 1.1235-2.654 2.5-2.5h19.5l6 4.998h19.629s2.371 0.001 2.371 2.5v-1c0-2.499-2.371-2.5-2.371-2.5h-19.629l-6-4.998h-19.5z"/>
19 |  </g>
20 | </svg>
21 | 


--------------------------------------------------------------------------------
/templates/super/img/java.svg:
--------------------------------------------------------------------------------
 1 | <svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" version="1">
 2 |  <path style="opacity:0.2" d="M 14.5,8 C 13.115,8 12,9.115 12,10.5 v 45 c 0,1.385 1.115,2.5 2.5,2.5 h 35 C 50.885,58 52,56.885 52,55.5 V 23 L 38.25,21.75 37,8 Z"/>
 3 |  <path fill="#e74c3c" d="m14.5 7c-1.385 0-2.5 1.115-2.5 2.5v45c0 1.385 1.115 2.5 2.5 2.5h35c1.385 0 2.5-1.115 2.5-2.5v-32.5l-13.75-1.25-1.25-13.75z"/>
 4 |  <g style="clip-rule:evenodd;opacity:0.2;fill-rule:evenodd;enable-background:new" transform="matrix(0.37149,0,0,0.39385,60.354,17.209154)">
 5 |   <path d="m -86.682,70.021 c 0,0 -2.2303,1.2982 1.5891,1.7362 4.6278,0.52836 6.9927,0.45227 12.091,-0.51144 0,0 1.3431,0.84021 3.2156,1.5679 -11.433,4.8982 -25.875,-0.28382 -16.896,-2.7927 z"/>
 6 |   <path d="m -88.08,63.628 c 0,0 -2.5019,1.8524 1.3204,2.2474 4.944,0.5104 8.8468,0.55226 15.604,-0.74823 0,0 0.93244,0.94717 2.4009,1.4648 -13.821,4.0426 -29.214,0.31805 -19.326,-2.964 z"/>
 7 |   <path d="m -76.304,52.781 c 2.8185,3.2444 -0.73906,6.1616 -0.73906,6.1616 0,0 7.1525,-3.6917 3.8684,-8.3168 -3.0684,-4.3112 -5.4208,-6.4528 7.3147,-13.839 1.29e-4,0 -19.992,4.9918 -10.444,15.994 z"/>
 8 |   <path d="m -61.183,74.75 c 0,0 1.6511,1.3611 -1.8185,2.4137 -6.5975,1.9983 -27.465,2.6011 -33.261,0.07996 -2.082,-0.90686 1.8242,-2.1638 3.0532,-2.4293 1.2815,-0.27723 2.0132,-0.22659 2.0132,-0.22659 -2.3172,-1.6317 -14.977,3.2046 -6.4297,4.5917 23.308,3.7781 42.488,-1.7017 36.442,-4.4294 z"/>
 9 |   <path d="m -85.609,57.003 c 0,0 -10.613,2.5215 -3.7582,3.4379 2.8952,0.38742 8.6634,0.29828 14.04,-0.15282 4.393,-0.36869 8.8016,-1.1572 8.8016,-1.1572 0,0 -1.5479,0.664 -2.6685,1.4288 -10.78,2.8352 -31.6,1.5148 -25.605,-1.3838 5.0675,-2.4515 9.1898,-2.1729 9.1898,-2.1729 z"/>
10 |   <path d="m -66.569,67.644 c 10.957,-5.6922 5.8904,-11.163 2.3541,-10.426 -0.86475,0.18047 -1.2527,0.33678 -1.2527,0.33678 0,0 0.32218,-0.50472 0.93567,-0.72187 6.9959,-2.4584 12.375,7.2531 -2.256,11.099 -1.3e-4,0 0.1682,-0.15244 0.21896,-0.28808 z"/>
11 |   <path d="m -73.174,24.859 c 0,0 6.0668,6.0703 -5.756,15.402 -9.4811,7.4886 -2.1617,11.757 -0.0034,16.636 -5.5348,-4.9933 -9.5945,-9.3895 -6.8715,-13.48 3.9987,-6.0043 15.078,-8.9163 12.631,-18.558 z"/>
12 |   <path d="m -84.532,83.074 c 10.515,0.67227 26.667,-0.37411 27.049,-5.3501 0,0 -0.73479,1.8863 -8.6909,3.383 -8.9758,1.6898 -20.049,1.4931 -26.614,0.40912 0,0 1.3449,1.1132 8.2557,1.5579 z"/>
13 |  </g>
14 |  <path style="opacity:0.2" d="m 37,8 v 12.5 c 0,1.3808 1.1193,2.5 2.5,2.5 H 52 Z"/>
15 |  <path fill="#f5877c" d="m37 7v12.5c0 1.3808 1.1193 2.5 2.5 2.5h12.5l-15-15z"/>
16 |  <g fill="#fff" fill-rule="evenodd" style="enable-background:new" clip-rule="evenodd" transform="matrix(.37149 0 0 .39385 60.354 16.209)">
17 |   <path d="m-86.682 70.021s-2.2303 1.2982 1.5891 1.7362c4.6278 0.52836 6.9927 0.45227 12.091-0.51144 0 0 1.3431 0.84021 3.2156 1.5679-11.433 4.8982-25.875-0.28382-16.896-2.7927z"/>
18 |   <path d="m-88.08 63.628s-2.5019 1.8524 1.3204 2.2474c4.944 0.5104 8.8468 0.55226 15.604-0.74823 0 0 0.93244 0.94717 2.4009 1.4648-13.821 4.0426-29.214 0.31805-19.326-2.964z"/>
19 |   <path d="m-76.304 52.781c2.8185 3.2444-0.73906 6.1616-0.73906 6.1616s7.1525-3.6917 3.8684-8.3168c-3.0684-4.3112-5.4208-6.4528 7.3147-13.839 0.000129 0-19.992 4.9918-10.444 15.994z"/>
20 |   <path d="m-61.183 74.75s1.6511 1.3611-1.8185 2.4137c-6.5975 1.9983-27.465 2.6011-33.261 0.07996-2.082-0.90686 1.8242-2.1638 3.0532-2.4293 1.2815-0.27723 2.0132-0.22659 2.0132-0.22659-2.3172-1.6317-14.977 3.2046-6.4297 4.5917 23.308 3.7781 42.488-1.7017 36.442-4.4294z"/>
21 |   <path d="m-85.609 57.003s-10.613 2.5215-3.7582 3.4379c2.8952 0.38742 8.6634 0.29828 14.04-0.15282 4.393-0.36869 8.8016-1.1572 8.8016-1.1572s-1.5479 0.664-2.6685 1.4288c-10.78 2.8352-31.6 1.5148-25.605-1.3838 5.0675-2.4515 9.1898-2.1729 9.1898-2.1729z"/>
22 |   <path d="m-66.569 67.644c10.957-5.6922 5.8904-11.163 2.3541-10.426-0.86475 0.18047-1.2527 0.33678-1.2527 0.33678s0.32218-0.50472 0.93567-0.72187c6.9959-2.4584 12.375 7.2531-2.256 11.099-0.00013 0 0.1682-0.15244 0.21896-0.28808z"/>
23 |   <path d="m-73.174 24.859s6.0668 6.0703-5.756 15.402c-9.4811 7.4886-2.1617 11.757-0.0034 16.636-5.5348-4.9933-9.5945-9.3895-6.8715-13.48 3.9987-6.0043 15.078-8.9163 12.631-18.558z"/>
24 |   <path d="m-84.532 83.074c10.515 0.67227 26.667-0.37411 27.049-5.3501 0 0-0.73479 1.8863-8.6909 3.383-8.9758 1.6898-20.049 1.4931-26.614 0.40912 0 0 1.3449 1.1132 8.2557 1.5579z"/>
25 |  </g>
26 |  <path style="opacity:0.2;fill:#ffffff" d="M 14.5,7 C 13.115,7 12,8.115 12,9.5 v 1 C 12,9.115 13.115,8 14.5,8 H 37 c 0,-1 0,0 0,-1 z"/>
27 | </svg>
28 | 


--------------------------------------------------------------------------------
/templates/super/img/report.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 2 | <svg id="svg4211" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="48" viewBox="0 0 48 48.000001" width="48" version="1.1" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/">
 3 |  <metadata id="metadata4216">
 4 |   <rdf:RDF>
 5 |    <cc:Work rdf:about="">
 6 |     <dc:format>image/svg+xml</dc:format>
 7 |     <dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage"/>
 8 |     <dc:title/>
 9 |    </cc:Work>
10 |   </rdf:RDF>
11 |  </metadata>
12 |  <path id="path8375" d="m10 4c-1.108 0-2 0.892-2 2v36c0 1.108 0.892 2 2 2h28c1.108 0 2-0.892 2-2v-36c0-1.108-0.892-2-2-2h-28z" fill="#009587"/>
13 |  <path id="path4229" opacity=".2" d="m10 4c-1.108 0-2 0.892-2 2v36c0 1.108 0.892 2 2 2h3.9785v-40h-3.978z"/>
14 |  <path id="path4452" opacity=".2" style="enable-background:new" d="m31.979 4c-1 0-1 1-1 1v16.5l2.5-1.5 2.5 1.5v-16.5c0-1-1-1-1-1z"/>
15 |  <path id="path5078-2" d="m30.979 4v16.5l2.5-1.5 2.5 1.5v-16.5h-5z" style="enable-background:new" fill="#d8d8d8"/>
16 |  <path id="path4374" opacity=".2" d="m10 4c-1.108 0-2 0.892-2 2v1c0-1.108 0.892-2 2-2h28c1.108 0 2 0.892 2 2v-1c0-1.108-0.892-2-2-2h-28z" fill="#fff"/>
17 |  <path id="path4795" opacity=".2" d="m8 42v1c0 1.108 0.892 2 2 2h28c1.108 0 2-0.892 2-2v-1c0 1.108-0.892 2-2 2h-28c-1.108 0-2-0.892-2-2z"/>
18 | </svg>
19 | 


--------------------------------------------------------------------------------
/templates/super/img/xml.svg:
--------------------------------------------------------------------------------
1 | <svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" version="1">
2 |  <path style="opacity:0.2" d="m 14.5,7.9999996 c -1.385,0 -2.5,1.115 -2.5,2.5000004 v 45 c 0,1.385 1.115,2.5 2.5,2.5 h 35 C 50.885,58 52,56.885 52,55.5 V 23 L 38.25,21.75 37,7.9999996 Z"/>
3 |  <path fill="#e4e4e4" d="m14.5 7c-1.385 0-2.5 1.115-2.5 2.5v45c0 1.385 1.115 2.5 2.5 2.5h35c1.385 0 2.5-1.115 2.5-2.5v-32.5l-13.75-1.25-1.25-13.75z"/>
4 |  <path style="opacity:0.2" d="M 37,7.9999996 V 20.5 c 0,1.3808 1.1193,2.5 2.5,2.5 H 52 Z"/>
5 |  <path fill="#fafafa" d="m37 7v12.5c0 1.3808 1.1193 2.5 2.5 2.5h12.5l-15-15z"/>
6 |  <path d="m33.176 29.904l-5.176 19.319 2.898 0.777 5.176-19.318-2.898-0.778zm3.824 0.096v4l5 5-5 5v4l10-9-10-9zm-10 2l-10 9 10 9v-4l-5-5 5-5v-4z" style="fill:#9c40d3"/>
7 |  <path style="opacity:0.2;fill:#ffffff" d="m 14.5,6.9999996 c -1.385,0 -2.5,1.115 -2.5,2.5 V 10.5 C 12,9.1149996 13.115,7.9999996 14.5,7.9999996 H 37 c 0,-1 0,0 0,-1 z"/>
8 | </svg>
9 | 


--------------------------------------------------------------------------------
/templates/super/js/highlight.js.LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright (c) 2006, Ivan Sagalaev
 2 | All rights reserved.
 3 | Redistribution and use in source and binary forms, with or without
 4 | modification, are permitted provided that the following conditions are met:
 5 | 
 6 |     * Redistributions of source code must retain the above copyright
 7 |       notice, this list of conditions and the following disclaimer.
 8 |     * Redistributions in binary form must reproduce the above copyright
 9 |       notice, this list of conditions and the following disclaimer in the
10 |       documentation and/or other materials provided with the distribution.
11 |     * Neither the name of highlight.js nor the names of its contributors 
12 |       may be used to endorse or promote products derived from this software 
13 |       without specific prior written permission.
14 | 
15 | THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY
16 | EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 | DISCLAIMED. IN NO EVENT SHALL THE REGENTS AND CONTRIBUTORS BE LIABLE FOR ANY
19 | DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
21 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
22 | ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
24 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 | 


--------------------------------------------------------------------------------
/templates/super/js/highlight.pack.js:
--------------------------------------------------------------------------------
1 | /*! highlight.js v9.13.1 | BSD3 License | git.io/hljslicense */
2 | !function(e){var n="object"==typeof window&&window||"object"==typeof self&&self;"undefined"!=typeof exports?e(exports):n&&(n.hljs=e({}),"function"==typeof define&&define.amd&&define([],function(){return n.hljs}))}(function(e){function n(e){return e.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;")}function t(e){return e.nodeName.toLowerCase()}function r(e,n){var t=e&&e.exec(n);return t&&0===t.index}function a(e){return k.test(e)}function i(e){var n,t,r,i,o=e.className+" ";if(o+=e.parentNode?e.parentNode.className:"",t=M.exec(o))return w(t[1])?t[1]:"no-highlight";for(o=o.split(/\s+/),n=0,r=o.length;r>n;n++)if(i=o[n],a(i)||w(i))return i}function o(e){var n,t={},r=Array.prototype.slice.call(arguments,1);for(n in e)t[n]=e[n];return r.forEach(function(e){for(n in e)t[n]=e[n]}),t}function c(e){var n=[];return function r(e,a){for(var i=e.firstChild;i;i=i.nextSibling)3===i.nodeType?a+=i.nodeValue.length:1===i.nodeType&&(n.push({event:"start",offset:a,node:i}),a=r(i,a),t(i).match(/br|hr|img|input/)||n.push({event:"stop",offset:a,node:i}));return a}(e,0),n}function u(e,r,a){function i(){return e.length&&r.length?e[0].offset!==r[0].offset?e[0].offset<r[0].offset?e:r:"start"===r[0].event?e:r:e.length?e:r}function o(e){function r(e){return" "+e.nodeName+'="'+n(e.value).replace('"',"&quot;")+'"'}l+="<"+t(e)+E.map.call(e.attributes,r).join("")+">"}function c(e){l+="</"+t(e)+">"}function u(e){("start"===e.event?o:c)(e.node)}for(var s=0,l="",f=[];e.length||r.length;){var g=i();if(l+=n(a.substring(s,g[0].offset)),s=g[0].offset,g===e){f.reverse().forEach(c);do u(g.splice(0,1)[0]),g=i();while(g===e&&g.length&&g[0].offset===s);f.reverse().forEach(o)}else"start"===g[0].event?f.push(g[0].node):f.pop(),u(g.splice(0,1)[0])}return l+n(a.substr(s))}function s(e){return e.v&&!e.cached_variants&&(e.cached_variants=e.v.map(function(n){return o(e,{v:null},n)})),e.cached_variants||e.eW&&[o(e)]||[e]}function l(e){function n(e){return e&&e.source||e}function t(t,r){return new RegExp(n(t),"m"+(e.cI?"i":"")+(r?"g":""))}function r(a,i){if(!a.compiled){if(a.compiled=!0,a.k=a.k||a.bK,a.k){var o={},c=function(n,t){e.cI&&(t=t.toLowerCase()),t.split(" ").forEach(function(e){var t=e.split("|");o[t[0]]=[n,t[1]?Number(t[1]):1]})};"string"==typeof a.k?c("keyword",a.k):B(a.k).forEach(function(e){c(e,a.k[e])}),a.k=o}a.lR=t(a.l||/\w+/,!0),i&&(a.bK&&(a.b="\\b("+a.bK.split(" ").join("|")+")\\b"),a.b||(a.b=/\B|\b/),a.bR=t(a.b),a.endSameAsBegin&&(a.e=a.b),a.e||a.eW||(a.e=/\B|\b/),a.e&&(a.eR=t(a.e)),a.tE=n(a.e)||"",a.eW&&i.tE&&(a.tE+=(a.e?"|":"")+i.tE)),a.i&&(a.iR=t(a.i)),null==a.r&&(a.r=1),a.c||(a.c=[]),a.c=Array.prototype.concat.apply([],a.c.map(function(e){return s("self"===e?a:e)})),a.c.forEach(function(e){r(e,a)}),a.starts&&r(a.starts,i);var u=a.c.map(function(e){return e.bK?"\\.?("+e.b+")\\.?":e.b}).concat([a.tE,a.i]).map(n).filter(Boolean);a.t=u.length?t(u.join("|"),!0):{exec:function(){return null}}}}r(e)}function f(e,t,a,i){function o(e){return new RegExp(e.replace(/[-\/\\^$*+?.()|[\]{}]/g,"\\$&"),"m")}function c(e,n){var t,a;for(t=0,a=n.c.length;a>t;t++)if(r(n.c[t].bR,e))return n.c[t].endSameAsBegin&&(n.c[t].eR=o(n.c[t].bR.exec(e)[0])),n.c[t]}function u(e,n){if(r(e.eR,n)){for(;e.endsParent&&e.parent;)e=e.parent;return e}return e.eW?u(e.parent,n):void 0}function s(e,n){return!a&&r(n.iR,e)}function p(e,n){var t=R.cI?n[0].toLowerCase():n[0];return e.k.hasOwnProperty(t)&&e.k[t]}function d(e,n,t,r){var a=r?"":j.classPrefix,i='<span class="'+a,o=t?"":I;return i+=e+'">',i+n+o}function h(){var e,t,r,a;if(!E.k)return n(k);for(a="",t=0,E.lR.lastIndex=0,r=E.lR.exec(k);r;)a+=n(k.substring(t,r.index)),e=p(E,r),e?(M+=e[1],a+=d(e[0],n(r[0]))):a+=n(r[0]),t=E.lR.lastIndex,r=E.lR.exec(k);return a+n(k.substr(t))}function b(){var e="string"==typeof E.sL;if(e&&!L[E.sL])return n(k);var t=e?f(E.sL,k,!0,B[E.sL]):g(k,E.sL.length?E.sL:void 0);return E.r>0&&(M+=t.r),e&&(B[E.sL]=t.top),d(t.language,t.value,!1,!0)}function v(){y+=null!=E.sL?b():h(),k=""}function m(e){y+=e.cN?d(e.cN,"",!0):"",E=Object.create(e,{parent:{value:E}})}function N(e,n){if(k+=e,null==n)return v(),0;var t=c(n,E);if(t)return t.skip?k+=n:(t.eB&&(k+=n),v(),t.rB||t.eB||(k=n)),m(t,n),t.rB?0:n.length;var r=u(E,n);if(r){var a=E;a.skip?k+=n:(a.rE||a.eE||(k+=n),v(),a.eE&&(k=n));do E.cN&&(y+=I),E.skip||E.sL||(M+=E.r),E=E.parent;while(E!==r.parent);return r.starts&&(r.endSameAsBegin&&(r.starts.eR=r.eR),m(r.starts,"")),a.rE?0:n.length}if(s(n,E))throw new Error('Illegal lexeme "'+n+'" for mode "'+(E.cN||"<unnamed>")+'"');return k+=n,n.length||1}var R=w(e);if(!R)throw new Error('Unknown language: "'+e+'"');l(R);var x,E=i||R,B={},y="";for(x=E;x!==R;x=x.parent)x.cN&&(y=d(x.cN,"",!0)+y);var k="",M=0;try{for(var C,A,S=0;;){if(E.t.lastIndex=S,C=E.t.exec(t),!C)break;A=N(t.substring(S,C.index),C[0]),S=C.index+A}for(N(t.substr(S)),x=E;x.parent;x=x.parent)x.cN&&(y+=I);return{r:M,value:y,language:e,top:E}}catch(O){if(O.message&&-1!==O.message.indexOf("Illegal"))return{r:0,value:n(t)};throw O}}function g(e,t){t=t||j.languages||B(L);var r={r:0,value:n(e)},a=r;return t.filter(w).filter(x).forEach(function(n){var t=f(n,e,!1);t.language=n,t.r>a.r&&(a=t),t.r>r.r&&(a=r,r=t)}),a.language&&(r.second_best=a),r}function p(e){return j.tabReplace||j.useBR?e.replace(C,function(e,n){return j.useBR&&"\n"===e?"<br>":j.tabReplace?n.replace(/\t/g,j.tabReplace):""}):e}function d(e,n,t){var r=n?y[n]:t,a=[e.trim()];return e.match(/\bhljs\b/)||a.push("hljs"),-1===e.indexOf(r)&&a.push(r),a.join(" ").trim()}function h(e){var n,t,r,o,s,l=i(e);a(l)||(j.useBR?(n=document.createElementNS("http://www.w3.org/1999/xhtml","div"),n.innerHTML=e.innerHTML.replace(/\n/g,"").replace(/<br[ \/]*>/g,"\n")):n=e,s=n.textContent,r=l?f(l,s,!0):g(s),t=c(n),t.length&&(o=document.createElementNS("http://www.w3.org/1999/xhtml","div"),o.innerHTML=r.value,r.value=u(t,c(o),s)),r.value=p(r.value),e.innerHTML=r.value,e.className=d(e.className,l,r.language),e.result={language:r.language,re:r.r},r.second_best&&(e.second_best={language:r.second_best.language,re:r.second_best.r}))}function b(e){j=o(j,e)}function v(){if(!v.called){v.called=!0;var e=document.querySelectorAll("pre code");E.forEach.call(e,h)}}function m(){addEventListener("DOMContentLoaded",v,!1),addEventListener("load",v,!1)}function N(n,t){var r=L[n]=t(e);r.aliases&&r.aliases.forEach(function(e){y[e]=n})}function R(){return B(L)}function w(e){return e=(e||"").toLowerCase(),L[e]||L[y[e]]}function x(e){var n=w(e);return n&&!n.disableAutodetect}var E=[],B=Object.keys,L={},y={},k=/^(no-?highlight|plain|text)$/i,M=/\blang(?:uage)?-([\w-]+)\b/i,C=/((^(<[^>]+>|\t|)+|(?:\n)))/gm,I="</span>",j={classPrefix:"hljs-",tabReplace:null,useBR:!1,languages:void 0};return e.highlight=f,e.highlightAuto=g,e.fixMarkup=p,e.highlightBlock=h,e.configure=b,e.initHighlighting=v,e.initHighlightingOnLoad=m,e.registerLanguage=N,e.listLanguages=R,e.getLanguage=w,e.autoDetection=x,e.inherit=o,e.IR="[a-zA-Z]\\w*",e.UIR="[a-zA-Z_]\\w*",e.NR="\\b\\d+(\\.\\d+)?",e.CNR="(-?)(\\b0[xX][a-fA-F0-9]+|(\\b\\d+(\\.\\d*)?|\\.\\d+)([eE][-+]?\\d+)?)",e.BNR="\\b(0b[01]+)",e.RSR="!|!=|!==|%|%=|&|&&|&=|\\*|\\*=|\\+|\\+=|,|-|-=|/=|/|:|;|<<|<<=|<=|<|===|==|=|>>>=|>>=|>=|>>>|>>|>|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~",e.BE={b:"\\\\[\\s\\S]",r:0},e.ASM={cN:"string",b:"'",e:"'",i:"\\n",c:[e.BE]},e.QSM={cN:"string",b:'"',e:'"',i:"\\n",c:[e.BE]},e.PWM={b:/\b(a|an|the|are|I'm|isn't|don't|doesn't|won't|but|just|should|pretty|simply|enough|gonna|going|wtf|so|such|will|you|your|they|like|more)\b/},e.C=function(n,t,r){var a=e.inherit({cN:"comment",b:n,e:t,c:[]},r||{});return a.c.push(e.PWM),a.c.push({cN:"doctag",b:"(?:TODO|FIXME|NOTE|BUG|XXX):",r:0}),a},e.CLCM=e.C("//","$"),e.CBCM=e.C("/\\*","\\*/"),e.HCM=e.C("#","$"),e.NM={cN:"number",b:e.NR,r:0},e.CNM={cN:"number",b:e.CNR,r:0},e.BNM={cN:"number",b:e.BNR,r:0},e.CSSNM={cN:"number",b:e.NR+"(%|em|ex|ch|rem|vw|vh|vmin|vmax|cm|mm|in|pt|pc|px|deg|grad|rad|turn|s|ms|Hz|kHz|dpi|dpcm|dppx)?",r:0},e.RM={cN:"regexp",b:/\//,e:/\/[gimuy]*/,i:/\n/,c:[e.BE,{b:/\[/,e:/\]/,r:0,c:[e.BE]}]},e.TM={cN:"title",b:e.IR,r:0},e.UTM={cN:"title",b:e.UIR,r:0},e.METHOD_GUARD={b:"\\.\\s*"+e.UIR,r:0},e});hljs.registerLanguage("java",function(e){var a="[À-ʸa-zA-Z_$][À-ʸa-zA-Z_$0-9]*",t=a+"(<"+a+"(\\s*,\\s*"+a+")*>)?",r="false synchronized int abstract float private char boolean var static null if const for true while long strictfp finally protected import native final void enum else break transient catch instanceof byte super volatile case assert short package default double public try this switch continue throws protected public private module requires exports do",s="\\b(0[bB]([01]+[01_]+[01]+|[01]+)|0[xX]([a-fA-F0-9]+[a-fA-F0-9_]+[a-fA-F0-9]+|[a-fA-F0-9]+)|(([\\d]+[\\d_]+[\\d]+|[\\d]+)(\\.([\\d]+[\\d_]+[\\d]+|[\\d]+))?|\\.([\\d]+[\\d_]+[\\d]+|[\\d]+))([eE][-+]?\\d+)?)[lLfF]?",c={cN:"number",b:s,r:0};return{aliases:["jsp"],k:r,i:/<\/|#/,c:[e.C("/\\*\\*","\\*/",{r:0,c:[{b:/\w+@/,r:0},{cN:"doctag",b:"@[A-Za-z]+"}]}),e.CLCM,e.CBCM,e.ASM,e.QSM,{cN:"class",bK:"class interface",e:/[{;=]/,eE:!0,k:"class interface",i:/[:"\[\]]/,c:[{bK:"extends implements"},e.UTM]},{bK:"new throw return else",r:0},{cN:"function",b:"("+t+"\\s+)+"+e.UIR+"\\s*\\(",rB:!0,e:/[{;=]/,eE:!0,k:r,c:[{b:e.UIR+"\\s*\\(",rB:!0,r:0,c:[e.UTM]},{cN:"params",b:/\(/,e:/\)/,k:r,r:0,c:[e.ASM,e.QSM,e.CNM,e.CBCM]},e.CLCM,e.CBCM]},c,{cN:"meta",b:"@[A-Za-z]+"}]}});hljs.registerLanguage("xml",function(s){var e="[A-Za-z0-9\\._:-]+",t={eW:!0,i:/</,r:0,c:[{cN:"attr",b:e,r:0},{b:/=\s*/,r:0,c:[{cN:"string",endsParent:!0,v:[{b:/"/,e:/"/},{b:/'/,e:/'/},{b:/[^\s"'=<>`]+/}]}]}]};return{aliases:["html","xhtml","rss","atom","xjb","xsd","xsl","plist"],cI:!0,c:[{cN:"meta",b:"<!DOCTYPE",e:">",r:10,c:[{b:"\\[",e:"\\]"}]},s.C("<!--","-->",{r:10}),{b:"<\\!\\[CDATA\\[",e:"\\]\\]>",r:10},{cN:"meta",b:/<\?xml/,e:/\?>/,r:10},{b:/<\?(php)?/,e:/\?>/,sL:"php",c:[{b:"/\\*",e:"\\*/",skip:!0},{b:'b"',e:'"',skip:!0},{b:"b'",e:"'",skip:!0},s.inherit(s.ASM,{i:null,cN:null,c:null,skip:!0}),s.inherit(s.QSM,{i:null,cN:null,c:null,skip:!0})]},{cN:"tag",b:"<style(?=\\s|>|$)",e:">",k:{name:"style"},c:[t],starts:{e:"</style>",rE:!0,sL:["css","xml"]}},{cN:"tag",b:"<script(?=\\s|>|$)",e:">",k:{name:"script"},c:[t],starts:{e:"</script>",rE:!0,sL:["actionscript","javascript","handlebars","xml"]}},{cN:"tag",b:"</?",e:"/?>",c:[{cN:"name",b:/[^\/><\s]+/,r:0},t]}]}});


--------------------------------------------------------------------------------
/templates/super/js/jquery.LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright jQuery Foundation and other contributors, https://jquery.org/
 2 | 
 3 | This software consists of voluntary contributions made by many
 4 | individuals. For exact contribution history, see the revision history
 5 | available at https://github.com/jquery/jquery
 6 | 
 7 | The following license applies to all parts of this software except as
 8 | documented below:
 9 | 
10 | ====
11 | 
12 | Permission is hereby granted, free of charge, to any person obtaining
13 | a copy of this software and associated documentation files (the
14 | "Software"), to deal in the Software without restriction, including
15 | without limitation the rights to use, copy, modify, merge, publish,
16 | distribute, sublicense, and/or sell copies of the Software, and to
17 | permit persons to whom the Software is furnished to do so, subject to
18 | the following conditions:
19 | 
20 | The above copyright notice and this permission notice shall be
21 | included in all copies or substantial portions of the Software.
22 | 
23 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
27 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
28 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
29 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
30 | 
31 | ====
32 | 
33 | All files located in the node_modules and external directories are
34 | externally maintained libraries used by this software which have their
35 | own licenses; we recommend you read them, as their terms may differ from
36 | the terms above.
37 | 


--------------------------------------------------------------------------------
/templates/super/js/src_nav.js:
--------------------------------------------------------------------------------
 1 | $(function() {
 2 |     $("li > a").click(function() {
 3 |         if ($(this).parent().hasClass("open")) {
 4 |             $(this).parent().removeClass("open");
 5 |         } else if ($(this).parent().children("ul").length > 0) {
 6 |             $(this).parent().addClass("open");
 7 |         }
 8 |     })
 9 | });
10 | 


--------------------------------------------------------------------------------
/templates/super/report.hbs:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html>
  2 | <html lang="en">
  3 | 
  4 |     <head>
  5 |         <title>Vulnerability report</title>
  6 |         <meta charset="UTF-8">
  7 |         <link rel="stylesheet" href="css/style.css">
  8 |         <link rel="stylesheet" href="css/androidstudio.css">
  9 |     </head>
 10 | 
 11 |     <body>
 12 |         <section class="report">
 13 |             <a href="https://superanalyzer.rocks" title="SUPER Android Analyzer">
 14 |                 <img src="img/logo.svg" alt="SUPER Android Analyzer logo">
 15 |             </a>
 16 |             <h1 id="title">SUPER Android Analyzer Report</h1>
 17 |             <p>This is the vulnerability report for the android application
 18 |                 <em>{{ app_package }}</em>. Report generated on
 19 |                 <time datetime="now_rfc3339">{{ now_rfc2822 }}</time> with SUPER Android Analyzer {{ super_version }}.</p>
 20 |             <h2>Application data:</h2>
 21 |             <ul>
 22 |                 <li>
 23 |                     <strong>Package:</strong> {{ app_package }}</li>
 24 |                 <li>
 25 |                     <strong>Version:</strong> {{ app_version }}</li>
 26 |                 <li>
 27 |                     <strong>Version number:</strong> {{ app_version_number }}</li>
 28 |                 <li>
 29 |                     <strong>Minimum SDK version:</strong> {{ app_min_sdk_number }} (Android {{ app_min_sdk_version }}
 30 |                     <em>{{ app_min_sdk_name }}</em>)</li>
 31 |                 <li>
 32 |                     <strong>Target SDK:</strong>
 33 |                     {{#if app_target_sdk }}{{ app_min_sdk_number }} (Android {{ app_min_sdk_version }}
 34 |                         <em>{{ app_min_sdk_name }}</em>)
 35 |                     {{else}}None{{/if}}
 36 |                 </li>
 37 |                 <li>
 38 |                     <strong>Fingerprints:</strong>
 39 |                     <ul>
 40 |                         <li>MD5: {{ app_fingerprint.md5 }}</li>
 41 |                         <li>SHA-1: {{ app_fingerprint.sha1 }}</li>
 42 |                         <li>SHA-256: {{ app_fingerprint.sha256 }}</li>
 43 |                     </ul>
 44 |                 </li>
 45 |                 <li>
 46 |                     <a href="src/index.html" title="Source code">Check source code</a>
 47 |                 </li>
 48 |             </ul>
 49 |             <h3>Total vulnerabilities found: {{ total_vulnerabilities }}</h3>
 50 |             <ul>
 51 |                 <li>Critical:
 52 |                     {{#if criticals }}
 53 |                         <span class="critical">{{ criticals_len }}</span>
 54 |                         <a href="#critical" title="Critical">⇒</a>
 55 |                     {{else}}0{{/if}}
 56 |                 </li>
 57 |                 <li>High:
 58 |                     {{#if highs }}
 59 |                         <span class="high">{{ highs_len }}</span>
 60 |                         <a href="#high" title="High">⇒</a>
 61 |                     {{else}}0{{/if}}
 62 |                 </li>
 63 |                 <li>Medium:
 64 |                     {{#if mediums }}
 65 |                         <span class="medium">{{ mediums_len }}</span>
 66 |                         <a href="#medium" title="Medium">⇒</a>
 67 |                     {{else}}0{{/if}}
 68 |                 </li>
 69 |                 <li>Low:
 70 |                     {{#if lows }}
 71 |                         <span class="low">{{ lows_len }}</span>
 72 |                         <a href="#low" title="Low">⇒</a>
 73 |                     {{else}}0{{/if}}
 74 |                 </li>
 75 |                 <li>Warnings:
 76 |                     {{#if warnings }}
 77 |                         <span class="warning">{{ warnings_len }}</span>
 78 |                         <a href="#warnings" title="Warnings">⇒</a>
 79 |                     {{else}}0{{/if}}
 80 |                 </li>
 81 |             </ul>
 82 |             <h2>Vulnerabilities:</h2>
 83 |             {{#if criticals }}
 84 |                 <h3 id="critical">Critical vulnerabilities:
 85 |                     <a href="#title" title="Top">⇮</a>
 86 |                 </h3>
 87 |                 {{#each criticals }}
 88 |                     {{> vulnerability list_len=../criticals_len }}
 89 |                 {{/each}}
 90 |             {{/if}}
 91 |             {{#if highs }}
 92 |                 <h3 id="high">High criticality vulnerabilities:
 93 |                     <a href="#title" title="Top">⇮</a>
 94 |                 </h3>
 95 |                 {{#each highs }}
 96 |                     {{> vulnerability list_len=../highs_len }}
 97 |                 {{/each}}
 98 |             {{/if}}
 99 |             {{#if mediums }}
100 |                 <h3 id="medium">Medium criticality vulnerabilities:
101 |                     <a href="#title" title="Top">⇮</a>
102 |                 </h3>
103 |                 {{#each mediums }}
104 |                     {{> vulnerability list_len=../mediums_len}}
105 |                 {{/each}}
106 |             {{/if}}
107 |             {{#if lows }}
108 |                 <h3 id="low">Low criticality vulnerabilities:
109 |                     <a href="#title" title="Top">⇮</a>
110 |                 </h3>
111 |                 {{#each lows }}
112 |                     {{> vulnerability list_len=../lows_len }}
113 |                 {{/each}}
114 |             {{/if}}
115 |             {{#if warnings }}
116 |                 <h3 id="warning">Warnings:
117 |                     <a href="#title" title="Top">⇮</a>
118 |                 </h3>
119 |                 {{#each warnings }}
120 |                     {{> vulnerability list_len=../warnings_len }}
121 |                 {{/each}}
122 |             {{/if}}
123 |         </section>
124 |         <footer>
125 |             <p>Copyright © 2016 - 2018 SUPER Android Analyzer</p>
126 |         </footer>
127 |         <script src="js/highlight.pack.js"></script>
128 |         <script>hljs.initHighlightingOnLoad();</script>
129 |         <script src="js/jquery-3.3.1.slim.min.js"></script>
130 |         <script>
131 |             $('.vulnerability h4 a.collapse').click(function (event) {
132 |                 event.preventDefault();
133 |                 $(this).parents('section.vulnerability').find('ul div').hide('slow');
134 |                 $(this).hide('fast');
135 |                 $(this).prev('a').show('fast');
136 |             });
137 |             $('.vulnerability h4 a.show').click(function (event) {
138 |                 event.preventDefault();
139 |                 $(this).parents('section.vulnerability').find('ul div').show('slow');
140 |                 $(this).hide('fast');
141 |                 $(this).next('a').show('fast');
142 |             });
143 |         </script>
144 |     </body>
145 | 
146 | </html>


--------------------------------------------------------------------------------
/templates/super/src.hbs:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="en">
 3 | 
 4 |     <head>
 5 |         <title>Source code</title>
 6 |         <meta charset="UTF-8">
 7 |         <link rel="stylesheet" href="../css/style.css">
 8 |     </head>
 9 | 
10 |     <body class="src">
11 |         <nav>
12 |             <a href="../index.html" title="Return to report">
13 |                 <h2>
14 |                     <img src="../img/report.svg">
15 |                     <br>Return to report</h2>
16 |             </a>
17 |             <ul>
18 |                 {{generate_menu menu }}
19 |             </ul>
20 |         </nav>
21 |         <iframe name="code" src="AndroidManifest.xml.html"></iframe>
22 |         <script src="../js/jquery-3.3.1.slim.min.js"></script>
23 |         <script src="../js/src_nav.js"></script>
24 |     </body>
25 | 
26 | </html>


--------------------------------------------------------------------------------
/templates/super/vulnerability.hbs:
--------------------------------------------------------------------------------
 1 | <section class="vulnerability">
 2 |     <h4>{{ report_index this @index ../list_len }}:
 3 |         <a href="#" title="Display vulnerability" class="show">+</a>
 4 |         <a href="#" style="display: none" class="collapse" title="Collapse vulnerability">-</a>
 5 |     </h4>
 6 |     <ul>
 7 |         <li>
 8 |             <strong>Label:</strong> {{ name }}</li>
 9 |         <div style="display: none">
10 |             <li>
11 |                 <strong>Description:</strong> {{ description }}</li>
12 |             {{#if file }}
13 |                 <li>
14 |                     <strong>File:</strong>
15 |                     <a href="src/{{ file }}.html?start_line={{#if line }}{{ line }}{{else}}{{ start_line }}{{/if}}&amp;end_line={{#if line }}{{ line }}{{else}}{{ end_line }}{{/if}}&amp;criticality={{ criticality }}#code-line-{{#if line }}{{ line }}{{else}}{{ start_line }}{{/if}}">{{ file }}</a>
16 |                 </li>
17 |             {{/if}}
18 |             {{#if code }}
19 |                 <li>
20 |                     <strong>Line
21 |                         {{#unless line }}s{{/unless}}:</strong>
22 |                     {{#if line }}{{ line }}{{else}}{{ start_line }} – {{ end_line }}{{/if}}
23 |                 </li>
24 |                 <li>
25 |                     <p>
26 |                         <strong>Affected code:</strong>
27 |                     </p>
28 |                     <div>
29 |                         <div class="line_numbers">
30 |                             {{ line_numbers this }}
31 |                         </div>
32 |                         <div class="code">
33 |                             <pre><code class="{{ language }}">{{ html_code this }}</code></pre>
34 |                         </div>
35 |                     </div>
36 |                 </li>
37 |             {{/if}}
38 |         </div>
39 |     </ul>
40 | </section>


--------------------------------------------------------------------------------
/travis-helper.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | action="$1"
 4 | package="$2"
 5 | 
 6 | # Run unit and integration tests.
 7 | if [ "$action" = "test" ]; then
 8 |   cargo test --verbose
 9 | 
10 | # Run ignored unit and integration tests.
11 | elif [ "$action" = "test_ignored" ]; then
12 |   if [[ "$TRAVIS_RUST_VERSION" == "stable" &&
13 |         "$TRAVIS_OS_NAME" != "windows" &&
14 |         (-n "$TRAVIS_TAG") ]]; then
15 |     cargo test --verbose --features="no-color" -- --ignored
16 |   fi
17 | 
18 | # Run unit and integration tests with unstable features.
19 | elif [ "$action" = "test_unstable" ]; then
20 |     cargo test --verbose --features="unstable" &&
21 |     cargo test --verbose --features="unstable no-color" -- --ignored
22 | 
23 | # Check formatting.
24 | elif [ "$action" = "fmt_check" ]; then
25 |   if [[ "$TRAVIS_RUST_VERSION" == "stable" && "$TRAVIS_OS_NAME" == "linux" ]]; then
26 |     rustup component add rustfmt &&
27 |     cargo fmt --verbose -- --check
28 |   fi
29 | 
30 | # Run Clippy.
31 | elif [ "$action" = "clippy_check" ]; then
32 |   if [[ "$TRAVIS_RUST_VERSION" == "stable" && "$TRAVIS_OS_NAME" == "linux" ]]; then
33 |     rustup component add clippy &&
34 |     cargo clippy --verbose
35 |   fi
36 | 
37 | # Upload code coverage report for stable builds in Linux.
38 | elif [ "$action" = "upload_code_coverage" ]; then
39 |   if [[ "$TRAVIS_BUILD_STAGE_NAME" == "Test" &&
40 |         "$TRAVIS_RUST_VERSION" == "stable" &&
41 |         "$TRAVIS_OS_NAME" == "linux" &&
42 |         "$TRAVIS_JOB_NAME" != *"packaging"* ]]; then
43 |     sudo -E apt-get -yq --no-install-suggests --no-install-recommends install libcurl4-openssl-dev libelf-dev libdw-dev binutils-dev libiberty-dev zlib1g-dev &&
44 |     wget https://github.com/SimonKagstrom/kcov/archive/master.tar.gz &&
45 |     tar xzf master.tar.gz &&
46 |     cd kcov-master &&
47 |     mkdir build &&
48 |     cd build &&
49 |     cmake .. &&
50 |     make &&
51 |     sudo make install &&
52 |     cd ../.. &&
53 |     rm -rf kcov-master &&
54 |     for file in target/debug/super_analyzer*[^\.d]; do
55 |       mkdir -p "target/cov/$(basename $file)";
56 |       kcov --exclude-pattern=/.cargo,/usr/lib --verify "target/cov/$(basename $file)" "$file";
57 |     done &&
58 |     bash <(curl -s https://codecov.io/bash) &&
59 |     echo "Uploaded code coverage"
60 |   fi
61 | 
62 | # Upload development documentation for the develop branch.
63 | elif [ "$action" = "documentation" ]; then
64 |   if [ "$TRAVIS_BRANCH" = "develop" ]; then
65 |     cargo doc -v --document-private-items &&
66 |     echo "<meta http-equiv=refresh content=0;url=super/index.html>" > target/doc/index.html
67 |   fi
68 | 
69 | # Runs packaging tests for pull requests, new releases or release preparations in Ubuntu and Fedora.
70 | elif [ "$action" = "dist_test" ]; then
71 |     mkdir -pv releases &&
72 |     docker pull "superandroidanalyzer/$package:latest" &&
73 |     docker run -d -t -e TAG=$TAG -v $TRAVIS_BUILD_DIR:/root/super --name "$package" --privileged "superandroidanalyzer/$package:latest" "/bin/bash" &&
74 |     docker exec "$package" "/root/super/`echo $package`_build.sh"
75 | 
76 | elif [ "$action" = "deploy" ]; then
77 |   if [[ $TRAVIS_TAG ]]; then
78 |     mkdir -pv releases &&
79 |     for PACKAGE in "debian" "ubuntu" "fedora" "centos"; do
80 |       echo "Making distribution package for $PACKAGE release" &&
81 |       docker pull "superandroidanalyzer/$PACKAGE:latest" &&
82 |       docker run -d -t -e TAG=$TAG -v $TRAVIS_BUILD_DIR:/root/super --name "$PACKAGE" --privileged "superandroidanalyzer/$PACKAGE:latest" "/bin/bash" &&
83 |       docker exec "$PACKAGE" "/root/super/`echo $PACKAGE`_build.sh"
84 |     done
85 |   fi
86 | 
87 | fi
88 | exit $?
89 | 


--------------------------------------------------------------------------------
/ubuntu_build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | source ~/.cargo/env &&
4 | cd /root/super &&
5 | 
6 | # Generate the .deb file
7 | cargo deb -v &&
8 | mv target/debian/super-analyzer_`echo $TAG`_amd64.deb releases/super-analyzer_`echo $TAG`_ubuntu_amd64.deb
9 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/NOTICE.txt:
--------------------------------------------------------------------------------
 1 | dex2jar - Tools to work with android .dex and java .class files
 2 | Copyright (c) 2009-2014 Panxiaobo
 3 | 
 4 | contributors
 5 |   - Bob Pan <pxb1988#gmail.com>
 6 |   - Enea Stanzani <aeneas.ltr#gmail.com>
 7 |   - t3stwhat <t3stwhat#gmail.com>
 8 |   - paulhooijenga <paulhooijenga#gmail.com>
 9 |   - yyjdelete <yyjdelete#gmail.com>
10 |   - jcmdev0 <jcmdev0#gmail.com>
11 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/bin/dex-tools:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env sh
  2 | 
  3 | ##############################################################################
  4 | ##
  5 | ##  dex-tools start up script for UN*X
  6 | ##
  7 | ##############################################################################
  8 | 
  9 | # Attempt to set APP_HOME
 10 | # Resolve links: $0 may be a link
 11 | PRG="$0"
 12 | # Need this for relative symlinks.
 13 | while [ -h "$PRG" ] ; do
 14 |     ls=`ls -ld "$PRG"`
 15 |     link=`expr "$ls" : '.*-> \(.*\)$'`
 16 |     if expr "$link" : '/.*' > /dev/null; then
 17 |         PRG="$link"
 18 |     else
 19 |         PRG=`dirname "$PRG"`"/$link"
 20 |     fi
 21 | done
 22 | SAVED="`pwd`"
 23 | cd "`dirname \"$PRG\"`/.." >/dev/null
 24 | APP_HOME="`pwd -P`"
 25 | cd "$SAVED" >/dev/null
 26 | 
 27 | APP_NAME="dex-tools"
 28 | APP_BASE_NAME=`basename "$0"`
 29 | 
 30 | # Add default JVM options here. You can also use JAVA_OPTS and DEX_TOOLS_OPTS to pass JVM options to this script.
 31 | DEFAULT_JVM_OPTS=""
 32 | 
 33 | # Use the maximum available, or set MAX_FD != -1 to use that value.
 34 | MAX_FD="maximum"
 35 | 
 36 | warn () {
 37 |     echo "$*"
 38 | }
 39 | 
 40 | die () {
 41 |     echo
 42 |     echo "$*"
 43 |     echo
 44 |     exit 1
 45 | }
 46 | 
 47 | # OS specific support (must be 'true' or 'false').
 48 | cygwin=false
 49 | msys=false
 50 | darwin=false
 51 | nonstop=false
 52 | case "`uname`" in
 53 |   CYGWIN* )
 54 |     cygwin=true
 55 |     ;;
 56 |   Darwin* )
 57 |     darwin=true
 58 |     ;;
 59 |   MINGW* )
 60 |     msys=true
 61 |     ;;
 62 |   NONSTOP* )
 63 |     nonstop=true
 64 |     ;;
 65 | esac
 66 | 
 67 | CLASSPATH=$APP_HOME/lib/ST4-4.0.8.jar:$APP_HOME/lib/org.abego.treelayout.core-1.0.1.jar:$APP_HOME/lib/antlr4-runtime-4.5.jar:$APP_HOME/lib/d2j-smali-2.1-SNAPSHOT.jar:$APP_HOME/lib/dex-writer-2.1-SNAPSHOT.jar:$APP_HOME/lib/antlr-runtime-3.5.2.jar:$APP_HOME/lib/asm-debug-all-5.0.3.jar:$APP_HOME/lib/dex-translator-2.1-SNAPSHOT.jar:$APP_HOME/lib/dex-reader-2.1-SNAPSHOT.jar:$APP_HOME/lib/dx-23.0.0.jar:$APP_HOME/lib/dex-reader-api-2.1-SNAPSHOT.jar:$APP_HOME/lib/antlr4-4.5.jar:$APP_HOME/lib/dex-tools-2.1-SNAPSHOT.jar:$APP_HOME/lib/d2j-jasmin-2.1-SNAPSHOT.jar:$APP_HOME/lib/dex-ir-2.1-SNAPSHOT.jar:$APP_HOME/lib/d2j-base-cmd-2.1-SNAPSHOT.jar:$APP_HOME/lib/antlr-3.5.2.jar
 68 | 
 69 | # Determine the Java command to use to start the JVM.
 70 | if [ -n "$JAVA_HOME" ] ; then
 71 |     if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
 72 |         # IBM's JDK on AIX uses strange locations for the executables
 73 |         JAVACMD="$JAVA_HOME/jre/sh/java"
 74 |     else
 75 |         JAVACMD="$JAVA_HOME/bin/java"
 76 |     fi
 77 |     if [ ! -x "$JAVACMD" ] ; then
 78 |         die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
 79 | 
 80 | Please set the JAVA_HOME variable in your environment to match the
 81 | location of your Java installation."
 82 |     fi
 83 | else
 84 |     JAVACMD="java"
 85 |     which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 86 | 
 87 | Please set the JAVA_HOME variable in your environment to match the
 88 | location of your Java installation."
 89 | fi
 90 | 
 91 | # Increase the maximum file descriptors if we can.
 92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
 93 |     MAX_FD_LIMIT=`ulimit -H -n`
 94 |     if [ $? -eq 0 ] ; then
 95 |         if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
 96 |             MAX_FD="$MAX_FD_LIMIT"
 97 |         fi
 98 |         ulimit -n $MAX_FD
 99 |         if [ $? -ne 0 ] ; then
100 |             warn "Could not set maximum file descriptor limit: $MAX_FD"
101 |         fi
102 |     else
103 |         warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
104 |     fi
105 | fi
106 | 
107 | # For Darwin, add options to specify how the application appears in the dock
108 | if $darwin; then
109 |     GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
110 | fi
111 | 
112 | # For Cygwin, switch paths to Windows format before running java
113 | if $cygwin ; then
114 |     APP_HOME=`cygpath --path --mixed "$APP_HOME"`
115 |     CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
116 |     JAVACMD=`cygpath --unix "$JAVACMD"`
117 | 
118 |     # We build the pattern for arguments to be converted via cygpath
119 |     ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
120 |     SEP=""
121 |     for dir in $ROOTDIRSRAW ; do
122 |         ROOTDIRS="$ROOTDIRS$SEP$dir"
123 |         SEP="|"
124 |     done
125 |     OURCYGPATTERN="(^($ROOTDIRS))"
126 |     # Add a user-defined pattern to the cygpath arguments
127 |     if [ "$GRADLE_CYGPATTERN" != "" ] ; then
128 |         OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
129 |     fi
130 |     # Now convert the arguments - kludge to limit ourselves to /bin/sh
131 |     i=0
132 |     for arg in "$@" ; do
133 |         CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
134 |         CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
135 | 
136 |         if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
137 |             eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
138 |         else
139 |             eval `echo args$i`="\"$arg\""
140 |         fi
141 |         i=$((i+1))
142 |     done
143 |     case $i in
144 |         (0) set -- ;;
145 |         (1) set -- "$args0" ;;
146 |         (2) set -- "$args0" "$args1" ;;
147 |         (3) set -- "$args0" "$args1" "$args2" ;;
148 |         (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
149 |         (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
150 |         (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
151 |         (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
152 |         (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
153 |         (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
154 |     esac
155 | fi
156 | 
157 | # Escape application args
158 | save () {
159 |     for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
160 |     echo " "
161 | }
162 | APP_ARGS=$(save "$@")
163 | 
164 | # Collect all arguments for the java command, following the shell quoting and substitution rules
165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $DEX_TOOLS_OPTS -classpath "\"$CLASSPATH\"" com.googlecode.dex2jar.tools.BaseCmd "$APP_ARGS"
166 | 
167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
169 |   cd "$(dirname "$0")"
170 | fi
171 | 
172 | exec "$JAVACMD" "$@"
173 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/bin/dex-tools.bat:
--------------------------------------------------------------------------------
 1 | @if "%DEBUG%" == "" @echo off
 2 | @rem ##########################################################################
 3 | @rem
 4 | @rem  dex-tools startup script for Windows
 5 | @rem
 6 | @rem ##########################################################################
 7 | 
 8 | @rem Set local scope for the variables with windows NT shell
 9 | if "%OS%"=="Windows_NT" setlocal
10 | 
11 | set DIRNAME=%~dp0
12 | if "%DIRNAME%" == "" set DIRNAME=.
13 | set APP_BASE_NAME=%~n0
14 | set APP_HOME=%DIRNAME%..
15 | 
16 | @rem Add default JVM options here. You can also use JAVA_OPTS and DEX_TOOLS_OPTS to pass JVM options to this script.
17 | set DEFAULT_JVM_OPTS=
18 | 
19 | @rem Find java.exe
20 | if defined JAVA_HOME goto findJavaFromJavaHome
21 | 
22 | set JAVA_EXE=java.exe
23 | %JAVA_EXE% -version >NUL 2>&1
24 | if "%ERRORLEVEL%" == "0" goto init
25 | 
26 | echo.
27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
28 | echo.
29 | echo Please set the JAVA_HOME variable in your environment to match the
30 | echo location of your Java installation.
31 | 
32 | goto fail
33 | 
34 | :findJavaFromJavaHome
35 | set JAVA_HOME=%JAVA_HOME:"=%
36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe
37 | 
38 | if exist "%JAVA_EXE%" goto init
39 | 
40 | echo.
41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
42 | echo.
43 | echo Please set the JAVA_HOME variable in your environment to match the
44 | echo location of your Java installation.
45 | 
46 | goto fail
47 | 
48 | :init
49 | @rem Get command-line arguments, handling Windows variants
50 | 
51 | if not "%OS%" == "Windows_NT" goto win9xME_args
52 | 
53 | :win9xME_args
54 | @rem Slurp the command line arguments.
55 | set CMD_LINE_ARGS=
56 | set _SKIP=2
57 | 
58 | :win9xME_args_slurp
59 | if "x%~1" == "x" goto execute
60 | 
61 | set CMD_LINE_ARGS=%*
62 | 
63 | :execute
64 | @rem Setup the command line
65 | 
66 | set CLASSPATH=%APP_HOME%\lib\ST4-4.0.8.jar;%APP_HOME%\lib\org.abego.treelayout.core-1.0.1.jar;%APP_HOME%\lib\antlr4-runtime-4.5.jar;%APP_HOME%\lib\d2j-smali-2.1-SNAPSHOT.jar;%APP_HOME%\lib\dex-writer-2.1-SNAPSHOT.jar;%APP_HOME%\lib\antlr-runtime-3.5.2.jar;%APP_HOME%\lib\asm-debug-all-5.0.3.jar;%APP_HOME%\lib\dex-translator-2.1-SNAPSHOT.jar;%APP_HOME%\lib\dex-reader-2.1-SNAPSHOT.jar;%APP_HOME%\lib\dx-23.0.0.jar;%APP_HOME%\lib\dex-reader-api-2.1-SNAPSHOT.jar;%APP_HOME%\lib\antlr4-4.5.jar;%APP_HOME%\lib\dex-tools-2.1-SNAPSHOT.jar;%APP_HOME%\lib\d2j-jasmin-2.1-SNAPSHOT.jar;%APP_HOME%\lib\dex-ir-2.1-SNAPSHOT.jar;%APP_HOME%\lib\d2j-base-cmd-2.1-SNAPSHOT.jar;%APP_HOME%\lib\antlr-3.5.2.jar
67 | 
68 | @rem Execute dex-tools
69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %DEX_TOOLS_OPTS%  -classpath "%CLASSPATH%" com.googlecode.dex2jar.tools.BaseCmd %CMD_LINE_ARGS%
70 | 
71 | :end
72 | @rem End local scope for the variables with windows NT shell
73 | if "%ERRORLEVEL%"=="0" goto mainEnd
74 | 
75 | :fail
76 | rem Set variable DEX_TOOLS_EXIT_CONSOLE if you need the _script_ return code instead of
77 | rem the _cmd.exe /c_ return code!
78 | if  not "" == "%DEX_TOOLS_EXIT_CONSOLE%" exit 1
79 | exit /b 1
80 | 
81 | :mainEnd
82 | if "%OS%"=="Windows_NT" endlocal
83 | 
84 | :omega
85 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-apk-sign.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.dex2jar.tools.ApkSign %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-apk-sign.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.dex2jar.tools.ApkSign" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-asm-verify.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.dex2jar.tools.AsmVerify %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-asm-verify.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.dex2jar.tools.AsmVerify" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-baksmali.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.d2j.smali.BaksmaliCmd %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-baksmali.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.d2j.smali.BaksmaliCmd" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-class-version-switch.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.dex2jar.tools.ClassVersionSwitch %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-class-version-switch.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.dex2jar.tools.ClassVersionSwitch" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-decrypt-string.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.dex2jar.tools.DecryptStringCmd %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-decrypt-string.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.dex2jar.tools.DecryptStringCmd" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-dex-recompute-checksum.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.dex2jar.tools.DexRecomputeChecksum %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-dex-recompute-checksum.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.dex2jar.tools.DexRecomputeChecksum" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-dex-weaver.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.dex2jar.tools.DexWeaverCmd %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-dex-weaver.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.dex2jar.tools.DexWeaverCmd" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-dex2jar.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.dex2jar.tools.Dex2jarCmd %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-dex2jar.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.dex2jar.tools.Dex2jarCmd" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-dex2smali.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.d2j.smali.BaksmaliCmd %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-dex2smali.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.d2j.smali.BaksmaliCmd" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-jar-access.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.dex2jar.tools.JarAccessCmd %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-jar-access.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.dex2jar.tools.JarAccessCmd" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-jar-weaver.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.dex2jar.tools.JarWeaverCmd %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-jar-weaver.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.dex2jar.tools.JarWeaverCmd" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-jar2dex.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.dex2jar.tools.Jar2Dex %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-jar2dex.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.dex2jar.tools.Jar2Dex" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-jar2jasmin.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.d2j.jasmin.Jar2JasminCmd %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-jar2jasmin.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.d2j.jasmin.Jar2JasminCmd" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-jasmin2jar.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.d2j.jasmin.Jasmin2JarCmd %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-jasmin2jar.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.d2j.jasmin.Jasmin2JarCmd" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-smali.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.d2j.smali.SmaliCmd %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-smali.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.d2j.smali.SmaliCmd" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-std-apk.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | 
 3 | REM
 4 | REM dex2jar - Tools to work with android .dex and java .class files
 5 | REM Copyright (c) 2009-2013 Panxiaobo
 6 | REM 
 7 | REM Licensed under the Apache License, Version 2.0 (the "License");
 8 | REM you may not use this file except in compliance with the License.
 9 | REM You may obtain a copy of the License at
10 | REM 
11 | REM      http://www.apache.org/licenses/LICENSE-2.0
12 | REM 
13 | REM Unless required by applicable law or agreed to in writing, software
14 | REM distributed under the License is distributed on an "AS IS" BASIS,
15 | REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | REM See the License for the specific language governing permissions and
17 | REM limitations under the License.
18 | REM
19 | 
20 | REM call d2j_invoke.bat to setup java environment
21 | @"%~dp0d2j_invoke.bat" com.googlecode.dex2jar.tools.StdApkCmd %*
22 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j-std-apk.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "com.googlecode.dex2jar.tools.StdApkCmd" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j_invoke.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | REM better invocation scripts for windows from lanchon, release in public domain. thanks!
 3 | REM https://code.google.com/p/dex2jar/issues/detail?id=192
 4 | 
 5 | setlocal enabledelayedexpansion
 6 | 
 7 | set LIB=%~dp0lib
 8 | 
 9 | set CP=
10 | for %%X in ("%LIB%"\*.jar) do (
11 |     set CP=!CP!%%X;
12 | )
13 | 
14 | java -Xms512m -Xmx1024m -cp "%CP%" %*
15 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/d2j_invoke.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # dex2jar - Tools to work with android .dex and java .class files
 5 | # Copyright (c) 2009-2013 Panxiaobo
 6 | # 
 7 | # Licensed under the Apache License, Version 2.0 (the "License");
 8 | # you may not use this file except in compliance with the License.
 9 | # You may obtain a copy of the License at
10 | # 
11 | #      http://www.apache.org/licenses/LICENSE-2.0
12 | # 
13 | # Unless required by applicable law or agreed to in writing, software
14 | # distributed under the License is distributed on an "AS IS" BASIS,
15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | # See the License for the specific language governing permissions and
17 | # limitations under the License.
18 | #
19 | 
20 | # copy from $Tomcat/bin/startup.sh
21 | # resolve links - $0 may be a softlink
22 | PRG="$0"
23 | while [ -h "$PRG" ] ; do
24 |   ls=`ls -ld "$PRG"`
25 |   link=`expr "$ls" : '.*-> \(.*\)$'`
26 |   if expr "$link" : '/.*' > /dev/null; then
27 |     PRG="$link"
28 |   else
29 |     PRG=`dirname "$PRG"`/"$link"
30 |   fi
31 | done
32 | PRGDIR=`dirname "$PRG"`
33 | #
34 | 
35 | _classpath="."
36 | if [ `uname -a | grep -i -c cygwin` -ne 0 ]; then # Cygwin, translate the path
37 |     for k in "$PRGDIR"/lib/*.jar
38 |     do
39 |         _classpath="${_classpath};`cygpath -w ${k}`"
40 |     done
41 | else
42 |     for k in "$PRGDIR"/lib/*.jar
43 |     do
44 |         _classpath="${_classpath}:${k}"
45 |     done
46 | fi
47 | 
48 | java -Xms512m -Xmx1024m -classpath "${_classpath}" "$@"
49 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/ST4-4.0.8.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/ST4-4.0.8.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/antlr-3.5.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/antlr-3.5.2.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/antlr-runtime-3.5.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/antlr-runtime-3.5.2.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/antlr4-4.5.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/antlr4-4.5.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/antlr4-runtime-4.5.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/antlr4-runtime-4.5.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/asm-debug-all-5.0.3.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/asm-debug-all-5.0.3.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/d2j-base-cmd-2.1-SNAPSHOT.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/d2j-base-cmd-2.1-SNAPSHOT.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/d2j-jasmin-2.1-SNAPSHOT.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/d2j-jasmin-2.1-SNAPSHOT.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/d2j-smali-2.1-SNAPSHOT.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/d2j-smali-2.1-SNAPSHOT.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/dex-ir-2.1-SNAPSHOT.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/dex-ir-2.1-SNAPSHOT.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/dex-reader-2.1-SNAPSHOT.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/dex-reader-2.1-SNAPSHOT.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/dex-reader-api-2.1-SNAPSHOT.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/dex-reader-api-2.1-SNAPSHOT.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/dex-tools-2.1-SNAPSHOT.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/dex-tools-2.1-SNAPSHOT.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/dex-translator-2.1-SNAPSHOT.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/dex-translator-2.1-SNAPSHOT.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/dex-writer-2.1-SNAPSHOT.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/dex-writer-2.1-SNAPSHOT.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/dx-23.0.0.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/dx-23.0.0.jar


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/open-source-license.txt:
--------------------------------------------------------------------------------
 1 | ==== dx-*.jar
 2 | Apache 2.0 http://www.apache.org/licenses/LICENSE-2.0.html
 3 | 
 4 | 
 5 | ==== antlr-*.jar
 6 | [The BSD License]
 7 | Copyright (c) 2003-2007, Terence Parr
 8 | All rights reserved.
 9 | 
10 | Redistribution and use in source and binary forms, with or without
11 | modification, are permitted provided that the following conditions
12 | are met:
13 | 
14 | * Redistributions of source code must retain the above copyright
15 |   notice, this list of conditions and the following disclaimer.
16 | * Redistributions in binary form must reproduce the above copyright
17 |   notice, this list of conditions and the following disclaimer in
18 |   the documentation and/or other materials provided with the
19 |   distribution.
20 | * Neither the name of the author nor the names of its contributors
21 |   may be used to endorse or promote products derived from this
22 |   software without specific prior written permission.
23 | 
24 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
25 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
26 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
27 | FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
28 | COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
29 | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
30 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
31 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
32 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 | LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
34 | ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35 | POSSIBILITY OF SUCH DAMAGE.
36 | 
37 | 
38 | ==== asm-*.jar
39 | 
40 |  ASM: a very small and fast Java bytecode manipulation framework
41 |  Copyright (c) 2000-2005 INRIA, France Telecom
42 |  All rights reserved.
43 | 
44 |  Redistribution and use in source and binary forms, with or without
45 |  modification, are permitted provided that the following conditions
46 |  are met:
47 |  1. Redistributions of source code must retain the above copyright
48 |     notice, this list of conditions and the following disclaimer.
49 |  2. Redistributions in binary form must reproduce the above copyright
50 |     notice, this list of conditions and the following disclaimer in the
51 |     documentation and/or other materials provided with the distribution.
52 |  3. Neither the name of the copyright holders nor the names of its
53 |     contributors may be used to endorse or promote products derived from
54 |     this software without specific prior written permission.
55 | 
56 |  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
57 |  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
58 |  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
59 |  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
60 |  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
61 |  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
62 |  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
63 |  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
64 |  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
65 |  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
66 |  THE POSSIBILITY OF SUCH DAMAGE.
67 | 
68 | 


--------------------------------------------------------------------------------
/vendor/dex2jar-2.1-SNAPSHOT/lib/org.abego.treelayout.core-1.0.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/dex2jar-2.1-SNAPSHOT/lib/org.abego.treelayout.core-1.0.1.jar


--------------------------------------------------------------------------------
/vendor/jd-cmd.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SUPERAndroidAnalyzer/super/1886c6f8ed9cb36e6b7793c911f28b70e612bea2/vendor/jd-cmd.jar


--------------------------------------------------------------------------------