Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for scanning APK files #3517
Add support for scanning APK files #3517
Changes from 2 commits
3334239
38b636e
5efbacd
3133d4d
a8e51c1
3b15fbb
8d83df9
c99a4dc
21d0312
adb2ff7
a8276d0
866a5ba
971b9c9
cf3b23c
eac29fe
d2aac61
46d6239
0091202
640ce73
224dab1
b2497d4
454037b
68045e5
7404d53
b71039d
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for
.xapk
files here is how MobSF a popular security scanning tool handling it.its unzipping the archive -> reading the
manifest.json
file -> extracting the apk withbase
id and only scanning that apk.MobSF/Mobile-Security-Framework-MobSF@a558693
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.apkm
is another common format (at least for ApkMirror).There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bugbaba I appreciate the idea re:
.xapk
files. IMO the cleanest way to resolve the lack of.xapk
scanning is to address it in thearchive.go
file. Basically, unzip.xapk
like any other zip, and then call back out to theHandleFile
function inhandlers.go
, so that any unique file that requires a special handler can be dealt with. And maybe it's not that exact approach, but something along those lines.I'll put some effort into that in a different PR.