下一篇:

检查Android项目中第三方库权限

背景:

爬取google官方的的权限等级,所以一定是比较全,比较正确的。

权限说明:

权限分为三种:

  1. 普通权限,如:android.permission.INTERNET
  2. 危险权限,如:android.permission.WRITE_EXTERNAL_STORAGE
  3. 特殊权限,如:android.permission.SYSTEM_ALERT_WINDOW

普通权限我们在AndroidManifest文件声明即可,像危险权限,就需要我们动态申请了,特殊权限则是需要跳转到设置,找到对应的应用,然后用户手动打开。因此,我们只需要对危险权限和特殊权限去做处理就好了

注意:

AndroidManifest.xml要和Python代码文件一个目录啊

AndroidManifest.xml要和Python代码文件一个目录啊

AndroidManifest.xml要和Python代码文件一个目录啊

。。。。。。

生成的权限报告说明:

需要处理的权限,小编已经用圈起来了哈

需要处理的权限,小编已经用圈起来了哈

需要处理的权限,小编已经用圈起来了哈

null 代表:

        是代表google也没有分配权限说明,可理解为和普通权限差不多,或者等级更弱,反正就是不需要申请。

权限等级:

普通:normal

危险:dangerous

特殊:signature|setup|appop|installer|pre23|development

Android系统测试脚本 安卓检测脚本_Android系统测试脚本

代码实现 - Python

需要环境:

  1.  安装Python
  2. pip install requests
  3. pip install bs4
  4. pip install BeautifulSoup
import requests
from bs4 import BeautifulSoup
import os

print('---------------------开始执行-------------------------')
url = 'https://developer.android.google.cn/reference/kotlin/android/Manifest.permission'
print(f'---------------爬取的url-----{url}')
html = requests.get(url).content
# print(html)
soup = BeautifulSoup(html, 'html.parser')

class PermissionData:
    def __init__(self,level,permission,describe='',pos=-1):
        self.level = level
        self.permission = permission
        self.describe = describe
        self.pos = pos

totalList = []

def listLog(l):
    for i in range(len(l)):
        print("\n\n")
        item = l[i]
        permission = "android.permission."+item.find('h3').contents[0]
        level = item.find_all('p')
        levelStr = 'null'
        for i in level:
            if not i:
                continue
            else:
                t = i.contents[0]

            if not t.find('strong'):
                continue
            else:
                if t.startswith('Protection level:'):
                    levelStr = t.split(':')[1].strip()

        totalList.append(PermissionData(levelStr,permission))
        print(f"item: title: android.permission.{permission} level:",levelStr)


total = 0
for i in range(100):
    list = soup.find_all('div', class_=f'api apilevel-{i}')
    if len(list) > 0:
        print(f"pos:{i + 1} list: ", len(list))
        total += len(list)
        listLog(list)
print("google 所以权限 total: ", total)

print('--------------------google all permission-------------start-----------------------------')
for p in totalList:
    print(p.permission,' ',p.level)
print('--------------------google all permission -------------end------------------------------')

# 获取权限说明
print('-----------------------获取权限说明--------------------------')
desList = soup.find_all('table', class_='responsive',id='constants')
print("权限说明 size:", len(desList))
desList2 = desList[0].find_all('tr')
for i in range(len(desList2)):
    if i > 0:
        tds = desList2[i].find_all('td')
        td2 = "android.permission." + tds[1].find('div').find('code').find('a').contents[0].strip()
        cs = tds[1].find('p').contents
        c = ''
        if len(cs) > 0:
            c = cs[0]
        print("权限说明:", td2, " ", c)
        for m in totalList:
            if m.permission == td2:
                m.describe = c


# 处理
# 匹配上的数据
resultList = []
# 未匹配上的数据
noMatchList = []
# 危险权限
dangerousList = []
currentPath = os.path.abspath(os.path.dirname(__file__)) + "\\"
path = currentPath + "AndroidManifest.xml"
m = open(path, 'r', encoding='utf-8')
content = m.read()
# print('AndroidManifest ---->: ',content)
manifestSoup = BeautifulSoup(content, 'html.parser')
manifestList = manifestSoup.find_all('uses-permission')
print('manifestList size: ', len(manifestList))
for i in manifestList:
    print('manifestList: ',i)
print("manifestList-----------------end------------")
for i in range(len(manifestList)):
    p = manifestList[i].get('android:name')
    for j in totalList:
        l = j.level
        ip = j.permission
        if p == ip:
            j.pos = i
            resultList.append(j)

for i in manifestList:
    p = i.get('android:name')

print("------result------------匹配到的权限-------------------")

for i in resultList:
    c = i.permission+" "+i.level
    print(c)

print("------------------开始处理 危险权限 和特殊权限 -------------------")
for i in resultList:
    if i.level != 'normal' and i.level != 'null':
        dangerousList.append(i)
print("-----------------------危险权限 和特殊权限 size: ",len(dangerousList))

for i in dangerousList:
    print(i.permission,' ',i.level,' ',i.describe)
m.close()

# 权限报告结果
def generateReportResults():
    resultPath = currentPath + "权限报告结果.txt"
    resultFile = open(resultPath,'w',encoding='utf-8')
    print("-------------开始生成 权限报告结果-----------------")
    resultFile.write("权限报告结果")
    resultFile.write("\n")
    resultFile.write("\n")

    # manifest 权限列表
    resultFile.write(f"manifest 权限列表 共计 {len(manifestList)}:")
    resultFile.write("\n")
    for i in range(len(manifestList)):
        p = manifestList[i].get('android:name')
        resultFile.write(p)
        resultFile.write("\n")
    resultFile.write("\n")
    # 匹配到的所有权限
    resultFile.write(f"匹配到的所有权限 共计 {len(resultList)}:")
    resultFile.write("\n")
    for i in resultList:
        resultFile.write(f"权限名称:{i.permission} 危险等级:{i.level}")
        resultFile.write("\n")
    resultFile.write("\n")
    # 危险权限
    resultFile.write(f"危险权限列表 共计 {len(dangerousList)}:")
    resultFile.write("\n")
    for i in dangerousList:
        resultFile.write(f"权限名称:{i.permission} 危险等级:{i.level}")
        resultFile.write("\n")
    # 关闭
    resultFile.close()
    print("-------------生成完毕 权限报告结果-----------------")

generateReportResults()