Marvin-static-Analyzer/settings.py at master · programa-stic/Marvin-static-Analyzer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# Copyright (c) 2015, Fundacion Dr. Manuel Sadosky
# All rights reserved.

# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:

# 1. Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.

# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.

# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


# ======================================GLOBAL PROPERTIES====================================================================
show_java = False  # DISABLE SHOW JAVA IN SSL REPORT
FUZZY_LEVEL_THRESHOLD = 2  # INACCURACY LEVEL TO TOLERATE FOR SAAF MODULE (NUMBER OF BACKTRACKED REGISTERS)
# ======================================GLOBAL PROPERTIES====================================================================

STATIC_VULN_TYPES = {
    "UNPROTECTED_EXPORTED_ACTIVITY" : "2",
    "UNPROTECTED_EXPORTED_SERVICE" : "4",
    "UNPROTECTED_EXPORTED_PROVIDER" : "7",
    "UNPROTECTED_EXPORTED_RECEIVER" : "4",
	"NON_SIGNATURE_PROTECTED_EXPORTED_ACTIVITY" : "2",
	"NON_SIGNATURE_PROTECTED_EXPORTED_SERVICE" : "4",
	"NON_SIGNATURE_PROTECTED_EXPORTED_PROVIDER" : "7",
	"NON_SIGNATURE_PROTECTED_EXPORTED_RECEIVER" : "4",
    "JAVASCRIPTINTERFACE" : "7",
    "FRAGMENT_INJECTION" : "4",
    "APPLICATION_DEBUGGABLE" : "5",
    "APPLICATION_BACKUP" : "5" ,
    "PHONEGAP_JS_INJECTION" : "8",
    "PHONEGAP_CVE_3500_URL" : "8",
    "PHONEGAP_CVE_3500_ERRORURL" : "8",
    "PHONEGAP_CVE_3501" : "8",
    "PHONEGAP_WHITELIST_BYPASS_REGEX" : "4",
    "PHONEGAP_CVE_3500_REMOTE" : "10",
    "PHONEGAP_DEBUG_LOGGING" : "5",
    "PHONEGAP_NO_WHITELIST" : "5",
    "REDIS" : "10",
    "VUNGLE" : "8",
    "SSL_CUSTOM_TRUSTMANAGER" : "9",
    "SSL_CUSTOM_HOSTNAMEVERIFIER" : "9",
    "SSL_ALLOWALL_HOSTNAMEVERIFIER" : "9",
    "SSL_INSECURE_SOCKET_FACTORY" : "9",
    "SSL_WEBVIEW_ERROR" : "9",
    "WEBVIEW_FILE_SCHEME" : "6",
    "CRYPTOGRAPHY" : "7",
    "INSECURE_STORAGE_WORLD_READABLE/WRITEABLE" : "5",
    "ACTIVITY_HIJACKING" : "2",
    "BROADCASTRECEIVER_HIJACKING" : "5",
    "SERVICE_HIJACKING" : "7",
    "UNPROTECTED_DYNAMICALLY_REGISTERED_RECEIVER" : "2" ,
    "STICKY_BROADCAST_INTENT" : "5",
    "AUTOCOMPLETE_PASSWORD_INPUT" : "8",
    "WEBVIEW_SAVED_PASSWORD" : "8",
    "INSECURE_RUNTIME_EXEC_COMMAND" : "10",
    "INSECURE_PATHCLASSLOADER": "10",
    "PROVIDER_PATH_TRAVERSAL": "8",
    "BAAS_PARSE" : "5",
    "BAAS_AWS" : "5",
    "BAAS_CLOUDMINE": "5",
    "BAAS_AZURE" : "5",
    "BOLTS" : "7",
    "SURREPTITIOUS_SHARING": "5"}

DYNAMIC_VULN_TYPES={"ZIP_PATH_TRAVERSAL" : "10",
    "INSECURE_TRANSMISSION" : "8",
    "INSECURE_STORAGE": "5"}