ZipBug9695860.java example

Explorer

android-vts-master
- app
  - src
    - main
      - java
        android
        framework
        langlang
        UnsafeByteSequence.java
        libcore
        io
        Streams.java
        org
        apache
        harmony
        security_custom
        asn1
        ASN1Any.java
        ASN1BitString.java
        ASN1Boolean.java
        ASN1Choice.java
        ASN1Constants.java
        ASN1Constructed.java
        ASN1Enumerated.java
        ASN1Exception.java
        ASN1Explicit.java
        ASN1GeneralizedTime.java
        ASN1Implicit.java
        ASN1Integer.java
        ASN1OctetString.java
        ASN1Oid.java
        ASN1Primitive.java
        ASN1Sequence.java
        ASN1SequenceOf.java
        ASN1Set.java
        ASN1SetOf.java
        ASN1StringType.java
        ASN1Time.java
        ASN1Type.java
        ASN1TypeCollection.java
        ASN1UTCTime.java
        ASN1ValueCollection.java
        BerInputStream.java
        BerOutputStream.java
        BitString.java
        DerInputStream.java
        DerOutputStream.java
        ObjectIdentifier.java
        pkcs7
        AuthenticatedAttributes.java
        ContentInfo.java
        SignedData.java
        SignerInfo.java
        provider
        cert
        Cache.java
        DRLCertFactory.java
        X509CRLEntryImpl.java
        X509CRLImpl.java
        X509CertFactoryImpl.java
        X509CertImpl.java
        X509CertPathImpl.java
        utils
        AlgNameMapper.java
        Array.java
        JarUtils.java
        ObjectIdentifier.java
        x501
        AttributeTypeAndValue.java
        AttributeTypeAndValueComparator.java
        AttributeValue.java
        DirectoryString.java
        Name.java
        x509
        AccessDescription.java
        AlgorithmIdentifier.java
        AlternativeName.java
        AuthorityKeyIdentifier.java
        BasicConstraints.java
        CRLDistributionPoints.java
        CRLNumber.java
        Certificate.java
        CertificateIssuer.java
        CertificateList.java
        CertificatePolicies.java
        DNParser.java
        DistributionPoint.java
        DistributionPointName.java
        EDIPartyName.java
        ExtendedKeyUsage.java
        Extension.java
        ExtensionValue.java
        Extensions.java
        GeneralName.java
        GeneralNames.java
        GeneralSubtree.java
        GeneralSubtrees.java
        InfoAccessSyntax.java
        InhibitAnyPolicy.java
        InvalidityDate.java
        IssuingDistributionPoint.java
        KeyUsage.java
        NameConstraints.java
        ORAddress.java
        OtherName.java
        PolicyConstraints.java
        PolicyInformation.java
        PolicyQualifierInfo.java
        PrivateKeyUsagePeriod.java
        ReasonCode.java
        ReasonFlags.java
        SubjectKeyIdentifier.java
        SubjectPublicKeyInfo.java
        TBSCertList.java
        TBSCertificate.java
        Time.java
        Validity.java
        X509PublicKey.java
        tsp
        MessageImprint.java
        PKIFailureInfo.java
        PKIStatus.java
        PKIStatusInfo.java
        TSTInfo.java
        TimeStampReq.java
        TimeStampResp.java
        util
        jar
        Attributes.java
        InitManifest.java
        JarEntry.java
        JarException.java
        JarFile.java
        JarFileHelper.java
        JarInputStream.java
        JarOutputStream.java
        JarVerifier.java
        Manifest.java
        Pack200.java
        com
        android
        org
        conscrypt
        ZpenSSLX509Certificate.java
        fr
        xgouchet
        axml
        Attribute.java
        CompressedXmlDomListener.java
        CompressedXmlParser.java
        CompressedXmlParserListener.java
        CompressedXmlUtils.java
        fuzion24
        application
        vulnerability
        detector
        ApplicationResultsCallback.java
        ApplicationVulnTestResult.java
        ApplicationVulnerabilityTester.java
        device
        vulnerability
        broadcastreceiver
        ApplicationUpdateBroadcastReceiver.java
        ScanRunnerBroadcastReceiver.java
        test
        AndroidVTSApplication.java
        ResultsCallback.java
        ScrollingFABBehavior.java
        ShareViaGoogleForm.java
        VulnerabilityDescriptor.java
        VulnerabilityTestResult.java
        VulnerabilityTestRunner.java
        adapter
        RecyclerAdapter.java
        viewholder
        RecyclerItemViewHolder.java
        job
        AndroidVTSJobCreator.java
        CheckForUpdatesJob.java
        ui
        AppIntroActivity.java
        MainActivity.java
        OpenSourceLicencesActivity.java
        SplashScreenActivity.java
        update
        client
        RetrofitClient.java
        model
        GithubRelease.java
        GithubReleaseAssets.java
        service
        GithubApiService.java
        util
        CPUArch.java
        DeviceInfo.java
        GenericUtils.java
        SharedPreferencesUtils.java
        vulnerabilities
        VulnerabilityOrganizer.java
        VulnerabilityResultSerialzier.java
        VulnerabilityTest.java
        framework
        graphics
        GraphicBufferTest.java
        jar
        JarBug13678484.java
        media
        CVE_2015_6602.java
        CVE_2015_6608.java
        CVE_2015_6616.java
        StageFright.java
        securerandom
        SecureRandomTest.java
        serialization
        ObjectSerializationBugTest.java
        OpenSSLTransientBug.java
        zip
        ZipBug8219321.java
        ZipBug9695860.java
        ZipBug9950697.java
        helper
        BinaryAssets.java
        CrashCheck.java
        DeviceUpdateChecker.java
        KMPMatch.java
        SystemUtils.java
        TestResult.java
        kernel
        CVE_2011_1149.java
        CVE_2013_6282.java
        CVE_2014_3153.java
        CVE_2014_4943.java
        CVE_2015_3636.java
        system
        CVE20151528.java
        CVE20153860.java
        CVE_2016_0807.java
        SamsungCREDzip.java
        StumpRoot.java
        WeakSauce.java
        ZergRush.java
        org
        apache
        commons
        compress
        archivers
        zip
        ModdedZipArchiveEntry.java
        ModdedZipArchiveOutputStream.java

package fuzion24.device.vulnerability.vulnerabilities.framework.zip;

import android.content.Context;

import org.apache.commons.compress.archivers.zip.ModdedZipArchiveEntry;
import org.apache.commons.compress.archivers.zip.ModdedZipArchiveOutputStream;
import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.zip.CRC32;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;

import fuzion24.device.vulnerability.util.CPUArch;
import fuzion24.device.vulnerability.vulnerabilities.VulnerabilityTest;

public class ZipBug9695860 implements VulnerabilityTest {
    /*

     */
    @Override
    public String getCVEorID() {
        return "ZipBug 9695860";
    }



    @Override
    public List<CPUArch> getSupportedArchitectures() {
        ArrayList<CPUArch> archs = new ArrayList<>();
        archs.add(CPUArch.ALL);
        return archs;
    }

    private long getCRC(byte[]data){
        CRC32 crc = new CRC32();
        crc.reset();
        crc.update(data);
        return crc.getValue();
    }

    @Override
    public boolean isVulnerable(Context context) throws Exception {
        String fileName1 = "test_file_name1";
        String fileName2 = "test_file_name2";

        byte []file1Data = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".getBytes();
        byte []file2data = "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB".getBytes();

        // create the template data
        ByteArrayOutputStream bytesOut = new ByteArrayOutputStream();
        ModdedZipArchiveOutputStream out = new ModdedZipArchiveOutputStream(bytesOut);

        ModdedZipArchiveEntry ze1 = new ModdedZipArchiveEntry(fileName1);
        ze1.setCrc(getCRC(file1Data));
        ze1.setSize(file1Data.length);
        ze1.setMethod(ZipEntry.STORED);

        ModdedZipArchiveEntry ze2 = new ModdedZipArchiveEntry(fileName2);
        ze2.setCrc(getCRC(file2data));
        ze2.setSize(file2data.length);
        ze2.setMethod(ZipEntry.STORED);

        out.putArchiveEntry(ze1);
        out.write(file1Data);
        out.closeArchiveEntry();

        out.putArchiveEntry(ze2);
        out.write(file2data);
        out.closeArchiveEntry();

        List<ZipArchiveEntry> normalEntries = new ArrayList<>();
        List<ZipArchiveEntry> moddedEntries = new ArrayList<>();
        normalEntries.add(ze1);
        moddedEntries.add(ze2);

        out.flush();
        out.finish(normalEntries, moddedEntries);

        // write the result to a file
        File outputDir = context.getCacheDir();
        File badZip = File.createTempFile("prefix", "extension", outputDir);
        badZip.deleteOnExit();
        FileOutputStream outstream = new FileOutputStream(badZip);
        outstream.write(bytesOut.toByteArray());
        outstream.close();

        // see if we can still handle it
        ZipFile bad = new ZipFile(badZip);
        final Enumeration<? extends ZipEntry> entries = bad.entries();
        while ( entries.hasMoreElements() )
        {
            final ZipEntry entry = entries.nextElement();
            if(entry.getName().equals(fileName2))
                return true;
        }
        bad.close();
        return false;

    }
}