package fuzion24.device.vulnerability.vulnerabilities.framework.jar;
import android.content.Context;
import fuzion24.device.vulnerability.util.CPUArch;
import fuzion24.device.vulnerability.vulnerabilities.VulnerabilityTest;
import java.io.File;
import java.util.ArrayList;
import java.util.List;
// https://android.googlesource.com/platform/libcore/+/cb11b9fff2a1af8bb4fcad18986003a7f59189c6 //Tests
// https://android.googlesource.com/platform/libcore/+/2bc5e811a817a8c667bca4318ae98582b0ee6dc6 //Fix
// http://bluebox.com/technical/android-fake-id-vulnerability/
// https://bluebox.com/wp-content/uploads/2014/08/us-14-Forristal-Android_FakeID_FINAL.compressed.pdf
public class JarBug13678484 implements VulnerabilityTest {
@Override
public List<CPUArch> getSupportedArchitectures() {
ArrayList<CPUArch> archs = new ArrayList<>();
archs.add(CPUArch.ALL);
return archs;
}
@Override
public String getCVEorID() {
return "JarBug13678484";
}
@Override
public boolean isVulnerable(Context context) throws Exception {
// Check for the existence of this constructor:
// public JarFile(File file, boolean verify, int mode, boolean chainCheck)
try {
java.util.jar.JarFile.class.getConstructor(File.class, boolean.class, int.class, boolean.class);
return false;
} catch(NoSuchMethodException e) {
return true;
}
}
}