Skip to content

feat: add custom gadget support & add custom github repo support#37

Open
ObjShadow wants to merge 3 commits intoksg97031:trunkfrom
ObjShadow:trunk
Open

feat: add custom gadget support & add custom github repo support#37
ObjShadow wants to merge 3 commits intoksg97031:trunkfrom
ObjShadow:trunk

Conversation

@ObjShadow
Copy link

Add Custom gadget support and Custom github repo support.
Add --custom-gadget-path and --github-repo CLI flags.
Update README.rst.
(PS: Fix support for config files whose interaction.type is listen or connect)

Add Custom gadget support and Custom github repo support.
Add --custom-gadget-path and --github-repo CLI flags.
Update README.rst.
@gemini-code-assist
Copy link

Summary of Changes

Hello @ObjShadow, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the tool's flexibility by introducing options for custom Frida gadget management. Users can now either supply their own pre-compiled gadget library directly or configure the tool to fetch gadgets from a specified GitHub repository, moving beyond the default Frida releases. Additionally, it includes a crucial fix to improve the robustness of configuration file parsing, particularly for network interaction types.

Highlights

  • Custom Frida Gadget Support: Users can now specify a local Frida gadget library file using the --custom-gadget-path CLI flag, bypassing the need to download from GitHub. This is useful for custom compiled gadgets or offline work.
  • Custom GitHub Repository Support: A new --github-repo CLI flag allows users to specify an alternative GitHub repository for downloading Frida gadgets, enabling the use of custom or forked Frida versions.
  • Config File Validation Fix: Improved handling for configuration files, specifically addressing cases where interaction.type is listen or connect, and ensuring interaction.type is always present for proper validation.
Changelog
  • README.rst
    • Added --custom-gadget-path and --github-repo options to the CLI usage documentation.
    • Included new sections with detailed examples for "Using Custom Frida Gadget File" and "Using Custom GitHub Repository".
  • scripts/cli.py
    • Updated download_gadget function to accept custom_gadget_path and github_repo parameters, enabling local file usage or custom repo fetching.
    • Modified inject_gadget_into_apk to pass the new gadget source parameters.
    • Introduced validation to ensure interaction.type exists in config files and refined interaction.path validation to apply only for script or script-directory types.
    • Integrated --custom-gadget-path and --github-repo as new command-line options.
    • Minor formatting changes for logger.debug and modified_dex_filename for readability.
  • scripts/frida_github.py
    • Enhanced the FridaGithub class constructor to accept a github_repo argument.
    • Implemented logic to dynamically construct GitHub API URLs based on the provided custom repository, supporting both owner/repo and full URL formats.
    • Converted GITHUB_LATEST_RELEASE and GITHUB_TAGGED_RELEASE into properties to utilize the dynamic base URL.
Activity
  • The pull request introduces new features for custom Frida gadget handling and includes a bug fix for config file parsing.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@ObjShadow
Copy link
Author

Quality Gate Failed Quality Gate failed

Failed conditions 1 Security Hotspot E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

This is a WRONG vulnerability detection of "http://". It's only used to match the URL provided by the user.

Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces useful features for providing a custom Frida gadget file or specifying a custom GitHub repository to download it from, along with documentation updates and a fix for Frida configuration files. However, the implementation contains a high-severity insecure temporary file creation vulnerability, susceptible to symlink attacks, and a medium-severity logic error in configuration validation that bypasses security checks. Additionally, there are areas for improvement regarding fragile logic for parsing GitHub repository URLs and a redundant import. Addressing these points is crucial for robustness, cleanliness, and security before merging.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 9, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant