Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in / Register
Toggle navigation
J
jadx
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
open-source
jadx
Commits
c0b2230b
Unverified
Commit
c0b2230b
authored
Jun 26, 2018
by
skylot
Committed by
GitHub
Jun 26, 2018
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #299 from skylot/public_xml_impl
Generates and saves public.xml in apktool style
parents
dda49f15
53fa8205
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
54 additions
and
6 deletions
+54
-6
ZipSecurity.java
...core/src/main/java/jadx/core/utils/files/ZipSecurity.java
+17
-5
ResTableParser.java
jadx-core/src/main/java/jadx/core/xmlgen/ResTableParser.java
+18
-1
ResourcesSaver.java
jadx-core/src/main/java/jadx/core/xmlgen/ResourcesSaver.java
+19
-0
No files found.
jadx-core/src/main/java/jadx/core/utils/files/ZipSecurity.java
View file @
c0b2230b
package
jadx
.
core
.
utils
.
files
;
package
jadx
.
core
.
utils
.
files
;
import
java.io.File
;
import
java.io.File
;
import
java.io.IOException
;
import
java.util.zip.ZipEntry
;
import
java.util.zip.ZipEntry
;
import
org.slf4j.Logger
;
import
org.slf4j.Logger
;
...
@@ -14,14 +15,25 @@ public class ZipSecurity {
...
@@ -14,14 +15,25 @@ public class ZipSecurity {
private
ZipSecurity
()
{}
private
ZipSecurity
()
{}
private
static
boolean
isInSubDirectory
(
File
base
,
File
f
ile
)
{
private
static
boolean
isInSubDirectory
Internal
(
File
baseDir
,
File
canonF
ile
)
{
if
(
f
ile
==
null
)
{
if
(
canonF
ile
==
null
)
{
return
false
;
return
false
;
}
}
if
(
file
.
equals
(
base
))
{
if
(
canonFile
.
equals
(
baseDir
))
{
return
true
;
return
true
;
}
}
return
isInSubDirectory
(
base
,
file
.
getParentFile
());
return
isInSubDirectoryInternal
(
baseDir
,
canonFile
.
getParentFile
());
}
public
static
boolean
isInSubDirectory
(
File
baseDir
,
File
file
)
{
try
{
file
=
file
.
getCanonicalFile
();
baseDir
=
baseDir
.
getCanonicalFile
();
}
catch
(
IOException
e
)
{
return
false
;
}
return
isInSubDirectoryInternal
(
baseDir
,
file
);
}
}
// checks that entry name contains no any traversals
// checks that entry name contains no any traversals
...
@@ -30,7 +42,7 @@ public class ZipSecurity {
...
@@ -30,7 +42,7 @@ public class ZipSecurity {
try
{
try
{
File
currentPath
=
new
File
(
"."
).
getCanonicalFile
();
File
currentPath
=
new
File
(
"."
).
getCanonicalFile
();
File
canonical
=
new
File
(
currentPath
,
entryName
).
getCanonicalFile
();
File
canonical
=
new
File
(
currentPath
,
entryName
).
getCanonicalFile
();
if
(
isInSubDirectory
(
currentPath
,
canonical
))
{
if
(
isInSubDirectory
Internal
(
currentPath
,
canonical
))
{
return
true
;
return
true
;
}
}
LOG
.
error
(
"Path traversal attack detected, invalid name: {}"
,
entryName
);
LOG
.
error
(
"Path traversal attack detected, invalid name: {}"
,
entryName
);
...
...
jadx-core/src/main/java/jadx/core/xmlgen/ResTableParser.java
View file @
c0b2230b
...
@@ -65,7 +65,7 @@ public class ResTableParser extends CommonBinaryParser {
...
@@ -65,7 +65,7 @@ public class ResTableParser extends CommonBinaryParser {
ResXmlGen
resGen
=
new
ResXmlGen
(
resStorage
,
vp
);
ResXmlGen
resGen
=
new
ResXmlGen
(
resStorage
,
vp
);
ResContainer
res
=
ResContainer
.
multiFile
(
"res"
);
ResContainer
res
=
ResContainer
.
multiFile
(
"res"
);
res
.
setContent
(
makeDump
());
res
.
setContent
(
make
Xml
Dump
());
res
.
getSubFiles
().
addAll
(
resGen
.
makeResourcesXml
());
res
.
getSubFiles
().
addAll
(
resGen
.
makeResourcesXml
());
return
res
;
return
res
;
}
}
...
@@ -83,6 +83,23 @@ public class ResTableParser extends CommonBinaryParser {
...
@@ -83,6 +83,23 @@ public class ResTableParser extends CommonBinaryParser {
return
writer
;
return
writer
;
}
}
public
CodeWriter
makeXmlDump
()
{
CodeWriter
writer
=
new
CodeWriter
();
writer
.
startLine
(
"<?xml version=\"1.0\" encoding=\"utf-8\"?>"
);
writer
.
startLine
(
"<resources>"
);
writer
.
incIndent
();
for
(
ResourceEntry
ri
:
resStorage
.
getResources
())
{
String
format
=
String
.
format
(
"<public type=\"%s\" name=\"%s\" id=\"%s\" />"
,
ri
.
getTypeName
(),
ri
.
getKeyName
(),
ri
.
getId
());
writer
.
startLine
(
format
);
}
writer
.
decIndent
();
writer
.
startLine
(
"</resources>"
);
writer
.
finish
();
return
writer
;
}
public
ResourceStorage
getResStorage
()
{
public
ResourceStorage
getResStorage
()
{
return
resStorage
;
return
resStorage
;
}
}
...
...
jadx-core/src/main/java/jadx/core/xmlgen/ResourcesSaver.java
View file @
c0b2230b
...
@@ -13,6 +13,7 @@ import org.slf4j.LoggerFactory;
...
@@ -13,6 +13,7 @@ import org.slf4j.LoggerFactory;
import
jadx.api.ResourceFile
;
import
jadx.api.ResourceFile
;
import
jadx.api.ResourceType
;
import
jadx.api.ResourceType
;
import
jadx.core.codegen.CodeWriter
;
import
jadx.core.codegen.CodeWriter
;
import
jadx.core.utils.files.ZipSecurity
;
import
static
jadx
.
core
.
utils
.
files
.
FileUtils
.
prepareFile
;
import
static
jadx
.
core
.
utils
.
files
.
FileUtils
.
prepareFile
;
...
@@ -46,6 +47,7 @@ public class ResourcesSaver implements Runnable {
...
@@ -46,6 +47,7 @@ public class ResourcesSaver implements Runnable {
if
(
subFiles
.
isEmpty
())
{
if
(
subFiles
.
isEmpty
())
{
save
(
rc
,
outDir
);
save
(
rc
,
outDir
);
}
else
{
}
else
{
saveToFile
(
rc
,
new
File
(
outDir
,
"res/values/public.xml"
));
for
(
ResContainer
subFile
:
subFiles
)
{
for
(
ResContainer
subFile
:
subFiles
)
{
saveResources
(
subFile
);
saveResources
(
subFile
);
}
}
...
@@ -59,12 +61,29 @@ public class ResourcesSaver implements Runnable {
...
@@ -59,12 +61,29 @@ public class ResourcesSaver implements Runnable {
String
ext
=
FilenameUtils
.
getExtension
(
outFile
.
getName
());
String
ext
=
FilenameUtils
.
getExtension
(
outFile
.
getName
());
try
{
try
{
outFile
=
prepareFile
(
outFile
);
outFile
=
prepareFile
(
outFile
);
if
(!
ZipSecurity
.
isInSubDirectory
(
outDir
,
outFile
))
{
LOG
.
error
(
"Path traversal attack detected, invalid resource name: {}"
,
outFile
.
getPath
());
return
;
}
ImageIO
.
write
(
image
,
ext
,
outFile
);
ImageIO
.
write
(
image
,
ext
,
outFile
);
}
catch
(
IOException
e
)
{
}
catch
(
IOException
e
)
{
LOG
.
error
(
"Failed to save image: {}"
,
rc
.
getName
(),
e
);
LOG
.
error
(
"Failed to save image: {}"
,
rc
.
getName
(),
e
);
}
}
return
;
return
;
}
}
if
(!
ZipSecurity
.
isInSubDirectory
(
outDir
,
outFile
))
{
LOG
.
error
(
"Path traversal attack detected, invalid resource name: {}"
,
rc
.
getFileName
());
return
;
}
saveToFile
(
rc
,
outFile
);
}
private
void
saveToFile
(
ResContainer
rc
,
File
outFile
)
{
CodeWriter
cw
=
rc
.
getContent
();
CodeWriter
cw
=
rc
.
getContent
();
if
(
cw
!=
null
)
{
if
(
cw
!=
null
)
{
cw
.
save
(
outFile
);
cw
.
save
(
outFile
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment