Merge pull request #35 from talsec/rename_callbacks

Rename callbacks

Author: xprikryl2

CHANGELOG.md

@@ -1,3 +1,9 @@
+# freeRASP 3.5.0
+
+- ⚠️ Updated the `talsecStart()` method to return `Promise<string>`. If freeRASP starts successfuly, the method will return `freeRASP started` string. There are not any changes of the interface if you are using the provided `useFreeRasp` hook.
+- ⚡ Improved the message passing between native iOS/Android and React Native sides
+- ✔️ Restricted message passing to valid callbacks only. If an invalid callback is received, the SDK will kill the app
+
 # freeRASP 3.4.0
 
 - 📄 Documentation updates and improvements

android/src/main/java/com/freeraspreactnative/FreeraspDeviceStateListener.kt

@@ -4,93 +4,85 @@ import com.aheaditec.talsec_security.security.api.Talsec
 import com.aheaditec.talsec_security.security.api.TalsecConfig
 import com.aheaditec.talsec_security.security.api.ThreatListener
 import com.facebook.react.bridge.Arguments
+import com.facebook.react.bridge.Promise
 import com.facebook.react.bridge.ReactApplicationContext
 import com.facebook.react.bridge.ReactContextBaseJavaModule
 import com.facebook.react.bridge.ReactMethod
-import com.facebook.react.bridge.WritableMap
 import com.facebook.react.bridge.ReadableMap
+import com.facebook.react.bridge.WritableArray
 import com.facebook.react.modules.core.DeviceEventManagerModule
 
 class FreeraspReactNativeModule(val reactContext: ReactApplicationContext) :
-  ReactContextBaseJavaModule(reactContext), ThreatListener.ThreatDetected,
-  FreeraspDeviceStateListener.DeviceStateListener {
+  ReactContextBaseJavaModule(reactContext) {
 
-  private val listener = ThreatListener(this, FreeraspDeviceStateListener)
+  private val listener = ThreatListener(FreeraspThreatHandler, FreeraspThreatHandler)
 
   override fun getName(): String {
     return NAME
   }
 
+  init {
+    appReactContext = reactContext
+  }
+
   @ReactMethod
   fun talsecStart(
-    options: ReadableMap
+    options: ReadableMap,
+    promise: Promise
   ) {
 
     try {
       val config = parseTalsecConfig(options)
-      FreeraspDeviceStateListener.listener = this
+      FreeraspThreatHandler.listener = ThreatListener
       listener.registerListener(reactContext)
       Talsec.start(reactContext, config)
-      sendOngoingPluginResult("started", null)
+      promise.resolve("freeRASP started")
 
     } catch (e: Exception) {
       val params = Arguments.createMap().apply {
         putString("message", e.message)
       }
-      sendOngoingPluginResult("initializationError", params)
+      promise.reject("initializationError", params)
     }
   }
 
+  /**
+   * Method to get the random identifiers of callbacks
+   */
   @ReactMethod
-  fun addListener(@Suppress("UNUSED_PARAMETER") eventName: String) {
-    // Set up any upstream listeners or background tasks as necessary
+  fun getThreatIdentifiers(promise: Promise) {
+    promise.resolve(Threat.getThreatValues())
   }
 
+  /**
+   * Method to setup the message passing between native and React Native
+   * @return list of [THREAT_CHANNEL_NAME, THREAT_CHANNEL_KEY]
+   */
   @ReactMethod
-  fun removeListeners(@Suppress("UNUSED_PARAMETER") count: Int) {
-    // Remove upstream listeners, stop unnecessary background tasks
-  }
-
-  override fun onRootDetected() {
-    sendOngoingPluginResult("privilegedAccess", null)
-  }
-
-  override fun onDebuggerDetected() {
-    sendOngoingPluginResult("debug", null)
-  }
-
-  override fun onEmulatorDetected() {
-    sendOngoingPluginResult("simulator", null)
-  }
-
-  override fun onTamperDetected() {
-    sendOngoingPluginResult("appIntegrity", null)
-  }
-
-  override fun onUntrustedInstallationSourceDetected() {
-    sendOngoingPluginResult("unofficialStore", null)
+  fun getThreatChannelData(promise: Promise) {
+    val channelData: WritableArray = Arguments.createArray()
+    channelData.pushString(THREAT_CHANNEL_NAME)
+    channelData.pushString(THREAT_CHANNEL_KEY)
+    promise.resolve(channelData)
   }
 
-  override fun onHookDetected() {
-    sendOngoingPluginResult("hooks", null)
-  }
-
-  override fun onDeviceBindingDetected() {
-    sendOngoingPluginResult("deviceBinding", null)
-  }
-
-  override fun onObfuscationIssuesDetected() {
-    sendOngoingPluginResult("obfuscationIssues", null)
+  /**
+   * We never send an invalid callback over our channel.
+   * Therefore, if this happens, we want to kill the app.
+   */
+  @ReactMethod
+  fun onInvalidCallback() {
+    android.os.Process.killProcess(android.os.Process.myPid())
   }
 
-  override fun deviceStateChangeDetected(threatType: String) {
-    sendOngoingPluginResult(threatType, null)
+  @ReactMethod
+  fun addListener(@Suppress("UNUSED_PARAMETER") eventName: String) {
+    // Set up any upstream listeners or background tasks as necessary
   }
 
-  private fun sendOngoingPluginResult(eventName: String, params: WritableMap?) {
-    reactContext
-      .getJSModule(DeviceEventManagerModule.RCTDeviceEventEmitter::class.java)
-      .emit(eventName, params)
+  @ReactMethod
+  fun removeListeners(@Suppress("UNUSED_PARAMETER") count: Int) {
+    // Remove upstream listeners, stop unnecessary background tasks
   }
 
   private fun parseTalsecConfig(config: ReadableMap): TalsecConfig {
@@ -125,5 +117,23 @@ class FreeraspReactNativeModule(val reactContext: ReactApplicationContext) :
 
   companion object {
     const val NAME = "FreeraspReactNative"
+    val THREAT_CHANNEL_NAME = (10000..999999999).random()
+      .toString() // name of the channel over which threat callbacks are sent
+    val THREAT_CHANNEL_KEY = (10000..999999999).random()
+      .toString() // key of the argument map under which threats are expected
+    private lateinit var appReactContext: ReactApplicationContext
+    private fun notifyListeners(threat: Threat) {
+      val params = Arguments.createMap()
+      params.putInt(THREAT_CHANNEL_KEY, threat.value)
+      appReactContext
+        .getJSModule(DeviceEventManagerModule.RCTDeviceEventEmitter::class.java)
+        .emit(THREAT_CHANNEL_NAME, params)
+    }
+  }
+
+  internal object ThreatListener : FreeraspThreatHandler.TalsecReactNative {
+    override fun threatDetected(threatType: Threat) {
+      notifyListeners(threatType)
+    }
   }
 }

android/src/main/java/com/freeraspreactnative/FreeraspReactNativeModule.kt

@@ -0,0 +1,52 @@
+package com.freeraspreactnative
+
+import com.aheaditec.talsec_security.security.api.ThreatListener
+
+internal object FreeraspThreatHandler : ThreatListener.ThreatDetected, ThreatListener.DeviceState {
+
+  internal var listener: TalsecReactNative? = null
+
+  override fun onRootDetected() {
+    listener?.threatDetected(Threat.PrivilegedAccess)
+  }
+
+  override fun onDebuggerDetected() {
+    listener?.threatDetected(Threat.Debug)
+  }
+
+  override fun onEmulatorDetected() {
+    listener?.threatDetected(Threat.Simulator)
+  }
+
+  override fun onTamperDetected() {
+    listener?.threatDetected(Threat.AppIntegrity)
+  }
+
+  override fun onUntrustedInstallationSourceDetected() {
+    listener?.threatDetected(Threat.UnofficialStore)
+  }
+
+  override fun onHookDetected() {
+    listener?.threatDetected(Threat.Hooks)
+  }
+
+  override fun onDeviceBindingDetected() {
+    listener?.threatDetected(Threat.DeviceBinding)
+  }
+
+  override fun onObfuscationIssuesDetected() {
+    listener?.threatDetected(Threat.ObfuscationIssues)
+  }
+
+  override fun onUnlockedDeviceDetected() {
+    listener?.threatDetected(Threat.Passcode)
+  }
+
+  override fun onHardwareBackedKeystoreNotAvailableDetected() {
+    listener?.threatDetected(Threat.SecureHardwareNotAvailable)
+  }
+
+  internal interface TalsecReactNative {
+    fun threatDetected(threatType: Threat)
+  }
+}

android/src/main/java/com/freeraspreactnative/FreeraspThreatHandler.kt

@@ -0,0 +1,44 @@
+package com.freeraspreactnative
+
+import com.facebook.react.bridge.Arguments
+import com.facebook.react.bridge.WritableArray
+
+/**
+ * Sealed class to represent the error codes.
+ *
+ * Sealed classes are used because of obfuscation - enums classes are not obfuscated well enough.
+ *
+ * @property value integer value of the error code.
+ */
+internal sealed class Threat(val value: Int) {
+  object AppIntegrity : Threat((10000..999999999).random())
+  object PrivilegedAccess : Threat((10000..999999999).random())
+  object Debug : Threat((10000..999999999).random())
+  object Hooks : Threat((10000..999999999).random())
+  object Passcode : Threat((10000..999999999).random())
+  object Simulator : Threat((10000..999999999).random())
+  object SecureHardwareNotAvailable : Threat((10000..999999999).random())
+  object DeviceBinding : Threat((10000..999999999).random())
+  object UnofficialStore : Threat((10000..999999999).random())
+  object ObfuscationIssues : Threat((10000..999999999).random())
+
+  companion object {
+    internal fun getThreatValues(): WritableArray {
+      return Arguments.fromList(
+        listOf(
+          AppIntegrity.value,
+          PrivilegedAccess.value,
+          Debug.value,
+          Hooks.value,
+          Passcode.value,
+          Simulator.value,
+          SecureHardwareNotAvailable.value,
+          DeviceBinding.value,
+          UnofficialStore.value,
+          ObfuscationIssues.value
+        )
+      )
+
+    }
+  }
+}

android/src/main/java/com/freeraspreactnative/Threat.kt

@@ -4,7 +4,14 @@
 
 @interface RCT_EXTERN_MODULE(FreeraspReactNative, RCTEventEmitter)
 
-RCT_EXTERN_METHOD(talsecStart:(NSDictionary*)options)
+RCT_EXTERN_METHOD(talsecStart:(NSDictionary*)options
+                  withResolver:(RCTPromiseResolveBlock)resolve
+                  withRejecter:(RCTPromiseRejectBlock)reject)
+RCT_EXTERN_METHOD(getThreatChannelData:(RCTPromiseResolveBlock)resolve
+                  withRejecter:(RCTPromiseRejectBlock)reject)
+RCT_EXTERN_METHOD(getThreatIdentifiers:(RCTPromiseResolveBlock)resolve
+                  withRejecter:(RCTPromiseRejectBlock)reject)
+RCT_EXTERN_METHOD(onInvalidCallback)
 
 + (BOOL)requiresMainQueueSetup
 {