feat(ts): add malware detection

Author: tompsota

package.json

@@ -1,6 +1,6 @@
 {
   "name": "freerasp-react-native",
-  "version": "3.9.2",
+  "version": "3.10.0",
   "description": "React Native plugin for improving app security and threat monitoring on Android and iOS mobile devices.",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -12,6 +12,7 @@
     "expo:typecheck": "cd plugin && tsc --noEmit",
     "lint": "eslint \"**/*.{js,ts,tsx}\"",
     "prepack": "bob build && yarn build:plugin",
+    "build": "bob build",
     "example": "yarn --cwd example",
     "bootstrap": "yarn example && yarn install && yarn example pods",
     "clean": "del-cli android/build example/android/build example/android/app/build example/ios/build",
@@ -43,12 +44,16 @@
   "publishConfig": {
     "registry": "https://registry.npmjs.org/"
   },
+  "dependencies": {
+    "base-64": "^1.0.0"
+  },
   "devDependencies": {
     "@react-native-community/eslint-config": "^3.0.2",
     "@release-it/conventional-changelog": "^5.0.0",
     "@tsconfig/node-lts": "^20.1.1",
     "@types/react": "17.0.21",
     "@types/react-native": "0.70.0",
+    "@types/base-64": "^1.0.2",
     "del-cli": "^5.0.0",
     "eslint": "^8.4.1",
     "eslint-config-prettier": "^8.5.0",

plugin/build/index.d.ts

@@ -1,4 +1,3 @@
-import { ConfigPlugin } from '@expo/config-plugins';
 import { type PluginConfigType } from './pluginConfig';
 declare const _default: ConfigPlugin<PluginConfigType>;
 export default _default;

src/definitions.ts

@@ -1,19 +1,44 @@
 import { Platform } from 'react-native';
 
 export type TalsecConfig = {
-  androidConfig?: {
-    packageName: string;
-    certificateHashes: string[];
-    supportedAlternativeStores?: string[];
-  };
-  iosConfig?: {
-    appBundleId: string;
-    appTeamId: string;
-  };
+  androidConfig?: TalsecAndroidConfig;
+  iosConfig?: TalsecIosConfig;
   watcherMail: string;
   isProd?: boolean;
 };
 
+export type TalsecAndroidConfig = {
+  packageName: string;
+  certificateHashes: string[];
+  supportedAlternativeStores?: string[];
+  malware?: TalsecMalwareConfig;
+};
+
+export type TalsecIosConfig = {
+  appBundleId: string;
+  appTeamId: string;
+};
+
+export type TalsecMalwareConfig = {
+  blocklistedHashes?: string[];
+  blocklistedPackageNames?: string[];
+  blocklistedPermissions?: string[][];
+  whitelistedInstallationSources?: string[];
+};
+
+export type SuspiciousAppInfo = {
+  packageInfo: PackageInfo;
+  reason: string;
+};
+
+export type PackageInfo = {
+  packageName: string;
+  appName?: string;
+  version?: string;
+  appIcon?: string;
+  installerStore?: string;
+};
+
 export type NativeEventEmitterActions = {
   privilegedAccess?: () => any;
   debug?: () => any;
@@ -28,6 +53,7 @@ export type NativeEventEmitterActions = {
   obfuscationIssues?: () => any;
   devMode?: () => any;
   systemVPN?: () => any;
+  malware?: (suspiciousApps: SuspiciousAppInfo[]) => any;
 };
 
 export class Threat {
@@ -46,6 +72,7 @@ export class Threat {
   static UnofficialStore = new Threat(0);
   static ObfuscationIssues = new Threat(0);
   static DevMode = new Threat(0);
+  static Malware = new Threat(0);
 
   constructor(value: number) {
     this.value = value;
@@ -66,6 +93,7 @@ export class Threat {
           this.UnofficialStore,
           this.ObfuscationIssues,
           this.DevMode,
+          this.Malware,
         ]
       : [
           this.AppIntegrity,

src/index.tsx

@@ -2,14 +2,18 @@ import { useEffect } from 'react';
 import {
   NativeEventEmitter,
   NativeModules,
+  Platform,
   type EmitterSubscription,
 } from 'react-native';
 import {
   Threat,
   type NativeEventEmitterActions,
+  type PackageInfo,
+  type SuspiciousAppInfo,
   type TalsecConfig,
 } from './definitions';
 import { getThreatCount, itemsHaveType } from './utils';
+import { decode } from 'base-64';
 
 const { FreeraspReactNative } = NativeModules;
 
@@ -31,9 +35,10 @@ const getThreatIdentifiers = async (): Promise<number[]> => {
   return identifiers;
 };
 
-const getThreatChannelData = async (): Promise<[string, string]> => {
+const getThreatChannelData = async (): Promise<[string, string, string]> => {
+  const dataLength = Platform.OS === 'ios' ? 2 : 3;
   let data = await FreeraspReactNative.getThreatChannelData();
-  if (data.length !== 2 || !itemsHaveType(data, 'string')) {
+  if (data.length !== dataLength || !itemsHaveType(data, 'string')) {
     onInvalidCallback();
   }
   return data;
@@ -48,10 +53,25 @@ const prepareMapping = async (): Promise<void> => {
   });
 };
 
+// parses base64-encoded malware data to SuspiciousAppInfo[]
+const parseMalwareData = (data: string[]): SuspiciousAppInfo[] => {
+  const result: SuspiciousAppInfo[] = [];
+  data.forEach((entry) => {
+    result.push(toSuspiciousAppInfo(entry));
+  });
+  return result;
+};
+
+const toSuspiciousAppInfo = (base64Value: string): SuspiciousAppInfo => {
+  const data = JSON.parse(decode(base64Value));
+  const packageInfo = data.packageInfo as PackageInfo;
+  return { packageInfo, reason: data.reason } as SuspiciousAppInfo;
+};
+
 export const setThreatListeners = async <T extends NativeEventEmitterActions>(
   config: T & Record<Exclude<keyof T, keyof NativeEventEmitterActions>, []>
 ) => {
-  const [channel, key] = await getThreatChannelData();
+  const [channel, key, malwareKey] = await getThreatChannelData();
   await prepareMapping();
 
   eventsListener = eventEmitter.addListener(channel, (event) => {
@@ -98,6 +118,9 @@ export const setThreatListeners = async <T extends NativeEventEmitterActions>(
       case Threat.SystemVPN.value:
         config.systemVPN?.();
         break;
+      case Threat.Malware.value:
+        config.malware?.(parseMalwareData(event[malwareKey]));
+        break;
       default:
         onInvalidCallback();
         break;
@@ -138,4 +161,12 @@ export const useFreeRasp = <T extends NativeEventEmitterActions>(
   }, []);
 };
 
+export const addToWhitelist = async (packageName: string): Promise<boolean> => {
+  if (Platform.OS === 'ios') {
+    return Promise.reject('Malware detection not available on iOS');
+  }
+  return FreeraspReactNative.addToWhitelist(packageName);
+};
+
+export * from './definitions';
 export default FreeraspReactNative;

yarn.lock

@@ -2606,6 +2606,11 @@
   dependencies:
     "@babel/types" "^7.20.7"
 
+"@types/base-64@^1.0.2":
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/@types/base-64/-/base-64-1.0.2.tgz#f7bc80d242306f20c57f076d79d1efe2d31032ca"
+  integrity sha512-uPgKMmM9fmn7I+Zi6YBqctOye4SlJsHKcisjHIMWpb2YKZRc36GpKyNuQ03JcT+oNXg1m7Uv4wU94EVltn8/cw==
+
 "@types/graceful-fs@^4.1.3":
   version "4.1.9"
   resolved "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz"
@@ -3513,6 +3518,11 @@ balanced-match@^1.0.0:
   resolved "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz"
   integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==
 
+base-64@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/base-64/-/base-64-1.0.0.tgz#09d0f2084e32a3fd08c2475b973788eee6ae8f4a"
+  integrity sha512-kwDPIFCGx0NZHog36dj+tHiwP4QMzsZ3AgMViUBKI0+V5n4U0ufTCUMhnQ04diaRI8EX/QcPfql7zlhZ7j4zgg==
+
 base64-js@^1.1.2, base64-js@^1.2.3, base64-js@^1.3.1, base64-js@^1.5.1:
   version "1.5.1"
   resolved "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz"