Merge pull request #76 from Fuzion24/feature/vulnerability_sorting

Matches Vulnerability results with their descriptions and allows filtering sorting

Author: Fuzion24

app/src/main/assets/vuln_map.json

@@ -15,7 +15,7 @@
       "https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326"
     ],
     "cvssv2": 4.9,
-    "cvedate": "2012-04-21"
+    "cvedate": "08/05/2015"
   },
   "CVE-2014-4943": {
     "cve": "CVE-2014-4943",
@@ -32,7 +32,7 @@
     "patch": [
       "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3cf521f7dc87c031617fd47e4b7aa2593c2f3daf"
     ],
-    "cvedate": "2015-08-05"
+    "cvedate": "07/19/2014"
   },
   "CVE-2015-1528": {
     "cve": "CVE-2015-1528",
@@ -67,7 +67,7 @@
     "patch": [
       "https://android.googlesource.com/platform/libcore/+/2bc5e811a817a8c667bca4318ae98582b0ee6dc6"
     ],
-    "cvedate": ""
+    "cvedate": "08/01/2014"
   },
   "CVE-2015-6602": {
     "cve": "CVE-2015-6602",
@@ -138,10 +138,11 @@
     ],
     "cvedate": "08/10/2015"
   },
-  "ZipBug 8219321": {
-    "cve": "ZipBug 8219321",
+  "CVE-2013-4787": {
+    "cve": "CVE-2013-4787",
     "altnames": [
-      "Masterkey"
+      "Masterkey",
+      "ZipBug 8219321"
     ],
     "description": "Zip bug allows modifying apk files without breaking the signature.  Essentially, you can replace existing files in an app.  Fixed around Android 4.4",
     "impact": "A local attacker can modify a system apk file and gain elevated privileges.  A remote attacker can try to trick the user (or another app) into installing the malicious apk file.",
@@ -256,41 +257,7 @@
     "__comment": "calculated using (AV:N/AC:L/AU:N/C:P/I:P/A:C/E:ND/RL:ND/RC:ND/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND).  ",
     "cvssv2": 9.0,
     "patch": [],
-    "cvedate": ""
-  },
-  "StumpRoot": {
-    "cve": "StumpRoot",
-    "altnames": [
-      ""
-    ],
-    "description": "",
-    "impact": "",
-    "external_links": [
-      "",
-      ""
-    ],
-    "cvssv2": 0,
-    "patch": [
-      ""
-    ],
-    "cvedate": ""
-  },
-  "WeakSauce": {
-    "cve": "WeakSauce",
-    "altnames": [
-      ""
-    ],
-    "description": "",
-    "impact": "",
-    "external_links": [
-      "",
-      ""
-    ],
-    "cvssv2": 0,
-    "patch": [
-      ""
-    ],
-    "cvedate": ""
+    "cvedate": "10/27/2015"
   },
   "CVE-2011-3874": {
     "cve": "CVE-2011-3874",

app/src/main/java/fuzion24/device/vulnerability/test/VulnerabilityDescriptor.java

@@ -0,0 +1,145 @@
+package fuzion24.device.vulnerability.test;
+
+import android.content.Context;
+
+import org.json.JSONArray;
+import org.json.JSONObject;
+
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import fuzion24.device.vulnerability.vulnerabilities.VulnerabilityTest;
+import fuzion24.device.vulnerability.vulnerabilities.helper.BinaryAssets;
+
+/**
+ * Created by fuzion24 on 11/23/15.
+ */
+public class VulnerabilityDescriptor {
+
+
+    private final String CVEorID;
+    private final String description;
+    private final String impact;
+    private final Double CVSSV2Score;
+    private final Date CVEDate;
+    private final List<String> externalLinks;
+    private final List<String> altNames;
+    private final List<String> patches;
+
+    private VulnerabilityDescriptor(String cve,
+                                    String desc,
+                                    String impact,
+                                    Double cvssv2,
+                                    String cveDate,
+                                    List<String> externLinks,
+                                    List<String> altNames,
+                                    List<String> patches) throws Exception {
+        this.CVEorID = cve;
+        this.description = desc;
+        this.impact = impact;
+        this.CVSSV2Score = cvssv2;
+        this.externalLinks = externLinks;
+        this.altNames = altNames;
+        this.patches = patches;
+
+        SimpleDateFormat sdf = new SimpleDateFormat("MM/dd/yyyy");
+        Date d = sdf.parse(cveDate);
+        this.CVEDate = d;
+    }
+
+
+    private static List<String> extractStringArray(JSONObject obj, String arrayName) throws Exception {
+        JSONArray jsonStringArray = obj.getJSONArray(arrayName);
+        List<String> items = new ArrayList<String>();
+        for (int i = 0; i < jsonStringArray.length(); i++) {
+            items.add(jsonStringArray.getString(i));
+        }
+        return items;
+    }
+
+
+    public static Map<String, VulnerabilityDescriptor> getParsedVulnMap(Context ctx) throws Exception {
+        String jsonVulns = BinaryAssets.extractAsset(ctx, "vuln_map.json");
+        JSONObject vulnMap = new JSONObject(jsonVulns);
+
+        Map<String, VulnerabilityDescriptor> descriptorMap = new HashMap<String, VulnerabilityDescriptor>();
+        Iterator<String> keys = vulnMap.keys();
+
+        while (keys.hasNext()) {
+            JSONObject jobj = null;
+            String description = null;
+            String impact = null;
+            Double cvssV2Score = null;
+            String cveDate = null;
+            List<String> externalLinks = null;
+            List<String> altNames = null;
+            List<String> patches = null;
+
+            String key = keys.next();
+            jobj = vulnMap.getJSONObject(key);
+            String cve = jobj.getString("cve");
+            altNames = extractStringArray(jobj, "altnames");
+            description = jobj.getString("description");
+            impact = jobj.getString("impact");
+            externalLinks = extractStringArray(jobj, "external_links");
+            cvssV2Score = jobj.getDouble("cvssv2");
+            patches = extractStringArray(jobj, "patch");
+            cveDate = jobj.getString("cvedate");
+
+            VulnerabilityDescriptor vd = new VulnerabilityDescriptor(
+                    cve,
+                    description,
+                    impact,
+                    cvssV2Score,
+                    cveDate,
+                    externalLinks,
+                    altNames,
+                    patches);
+
+            descriptorMap.put(key, vd);
+        }
+
+        return descriptorMap;
+    }
+
+
+    public String getCVEorID() {
+        return CVEorID;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public String getImpact() {
+        return impact;
+    }
+
+    public Double getCVSSV2Score() {
+        return CVSSV2Score;
+    }
+
+    public Date getCVEDate() {
+        return CVEDate;
+    }
+
+    public List<String> getExternalLinks() {
+        return externalLinks;
+    }
+
+    public List<String> getAltNames() {
+        return altNames;
+    }
+
+    public List<String> getPatches() {
+        return patches;
+    }
+
+
+
+}

app/src/main/java/fuzion24/device/vulnerability/test/adapter/RecyclerAdapter.java

@@ -4,6 +4,8 @@
 import android.graphics.Color;
 import android.support.v7.widget.RecyclerView;
 import android.text.TextUtils;
+import android.util.Log;
+import android.util.Pair;
 import android.view.LayoutInflater;
 import android.view.View;
 import android.view.ViewGroup;
@@ -14,28 +16,52 @@
 import org.json.JSONObject;
 
 import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
 
+import fuzion24.device.vulnerability.test.VulnerabilityDescriptor;
 import fuzion24.device.vulnerability.test.VulnerabilityTestResult;
 import fuzion24.device.vulnerability.test.adapter.viewholder.RecyclerItemViewHolder;
 import fuzion24.device.vulnerability.vulnerabilities.helper.BinaryAssets;
 
 public class RecyclerAdapter extends RecyclerView.Adapter<RecyclerView.ViewHolder> {
 
-    private List<VulnerabilityTestResult> mResults;
+    private static final String TAG = "RecycleAdapter";
+    final private List<Pair<VulnerabilityTestResult, VulnerabilityDescriptor>> mResults;
     private Context mContext;
-    private JSONObject mVulnMap;
 
     public RecyclerAdapter(Context context, List<VulnerabilityTestResult> itemList) {
         this.mContext = context;
-        this.mResults = itemList;
+        List<Pair<VulnerabilityTestResult, VulnerabilityDescriptor>> res = new ArrayList<>();
 
         try {
-            String jsonVulns = BinaryAssets.extractAsset(context, "vuln_map.json");
-            mVulnMap = new JSONObject(jsonVulns);
-        } catch (Exception e) {
+            Map<String, VulnerabilityDescriptor> vMap = VulnerabilityDescriptor.getParsedVulnMap(context);
+
+            for (VulnerabilityTestResult vtr : itemList) {
+                String cveOrId = vtr.getCVEorID();
+                VulnerabilityDescriptor vd = vMap.get(cveOrId);
+                if(vd == null){
+                    Log.d(TAG, cveOrId + " has a null vulnerability descriptor");
+                }
+                res.add(Pair.create(vtr, vd));
+            }
+
+            Collections.sort(res, new Comparator<Pair<VulnerabilityTestResult, VulnerabilityDescriptor>>() {
+                @Override
+                public int compare(Pair<VulnerabilityTestResult, VulnerabilityDescriptor> lhs, Pair<VulnerabilityTestResult, VulnerabilityDescriptor> rhs) {
+                    VulnerabilityDescriptor lhDesc = lhs.second;
+                    VulnerabilityDescriptor rhDesc = rhs.second;
+                    return lhDesc.getCVEDate().before(rhDesc.getCVEDate()) ? 1 : -1;
+                }
+            });
+        }catch(Exception e){
             e.printStackTrace();
         }
+        mResults = res;
     }
 
     @Override
@@ -46,52 +72,23 @@ public RecyclerView.ViewHolder onCreateViewHolder(ViewGroup parent, int viewType
         return RecyclerItemViewHolder.newInstance(view);
     }
 
-    private List<String> extractStringArray(JSONObject obj, String arrayName) throws Exception {
-        JSONArray jsonStringArray = obj.getJSONArray(arrayName);
-        List<String> items = new ArrayList<String>();
-        for (int i = 0; i < jsonStringArray.length(); i++) {
-            items.add(jsonStringArray.getString(i));
-        }
-        return items;
-    }
 
     @Override
     public void onBindViewHolder(RecyclerView.ViewHolder viewHolder, int position) {
         RecyclerItemViewHolder holder = (RecyclerItemViewHolder) viewHolder;
-        VulnerabilityTestResult item = mResults.get(position);
+        Pair<VulnerabilityTestResult, VulnerabilityDescriptor> item = mResults.get(position);
 
-        holder.setItemTestName(item.getCVEorID());
+        VulnerabilityTestResult vulnRes = item.first;
+        VulnerabilityDescriptor vulnDesc = item.second;
 
-        JSONObject jobj = null;
-        String description = null;
-        String impact = null;
-        Double cvssV2Score = null;
-        String cveDate = null;
-        List<String> externalLinks = null;
-        List<String> altNames = null;
-        List<String> patches = null;
+        holder.setItemTestName(vulnRes.getCVEorID());
 
-        try {
-            jobj = mVulnMap.getJSONObject(item.getCVEorID());
-            String cve = jobj.getString("cve");
-            altNames = extractStringArray(jobj, "altnames");
-            description = jobj.getString("description");
-            impact = jobj.getString("impact");
-            externalLinks = extractStringArray(jobj, "external_links");
-            cvssV2Score = jobj.getDouble("cvssv2");
-            patches = extractStringArray(jobj, "patch");
-            cveDate = jobj.getString("cvedate");
-
-        } catch (Exception e) {
-            //We dont have an entry or are missing necessary components of it
-            e.printStackTrace();
-        }
 
-        if (item.getException() != null) {
-            holder.setItemTestResult(mContext.getString(R.string.error_test, item.getException().getMessage()));
+        if (vulnRes.getException() != null) {
+            holder.setItemTestResult(mContext.getString(R.string.error_test, vulnRes.getException().getMessage()));
             holder.setItemTestResultColor(mContext.getResources().getColor(R.color.orange));
         } else {
-            if (item.getResult()) {
+            if (vulnRes.getResult()) {
                 holder.setItemTestResultColor(mContext.getResources().getColor(R.color.red));
                 holder.setItemTestResult(mContext.getString(R.string.test_result_failure));
             } else {
@@ -100,19 +97,16 @@ public void onBindViewHolder(RecyclerView.ViewHolder viewHolder, int position) {
             }
         }
 
-        if (!TextUtils.isEmpty(description)) {
-            holder.setItemTestResultDescription(description);
-            holder.setButtonShowDetailsClickListner(mContext, item.getCVEorID(), altNames, description, impact, externalLinks, patches, cvssV2Score, cveDate);
-        } else {
-            holder.setItemTestResultDescription(mContext.getString(R.string.information_not_available));
-
-            if (jobj != null) {
-                holder.setButtonShowDetailsClickListner(mContext, item.getCVEorID(), altNames, description, impact, externalLinks, patches, cvssV2Score, cveDate);
-            } else {
-                holder.setButtonShowDetailsClickListner(mContext, item.getCVEorID());
-            }
-        }
-
+        holder.setItemTestResultDescription(vulnDesc.getDescription());
+        holder.setButtonShowDetailsClickListner(mContext,
+                vulnRes.getCVEorID(),
+                vulnDesc.getAltNames(),
+                vulnDesc.getDescription(),
+                vulnDesc.getImpact(),
+                vulnDesc.getExternalLinks(),
+                vulnDesc.getPatches(),
+                vulnDesc.getCVSSV2Score(),
+                vulnDesc.getCVEDate().toString());
     }
 
     @Override

app/src/main/java/fuzion24/device/vulnerability/vulnerabilities/framework/media/CVE_2015_6608.java

@@ -29,8 +29,6 @@
 1|shell@flounder_lte:/ $ grep -F "b/23881715" /system/lib64/libstagefright.so
 */
 
-
-
 public class CVE_2015_6608 implements VulnerabilityTest {
 
     private static final String TAG = "CVE-2015-6608";