in ioXt/uraniborg/scripts/python/risk_analyzer.py [0:0]
def compute_base_score(self, hubble, normalize):
"""Computes the base score of cleartext traffic risk.
Args:
hubble: A HubbleParser instance containing build to be evaluated.
normalize: A boolean indicating whether or not to normalize the computed
base score against a baseline.
Returns:
An int representing the base or raw score of this metric.
"""
logger = self.logger
packages = hubble.packages
baseline = BaselinePackages.get_instance(hubble.get_api_level())
gms_packages = GMS.PACKAGES if self.google_discount else []
total_score = 0
update_apps = False
if not self.related_apps and normalize:
update_apps = True
for package in packages:
package_name = package["name"]
if normalize:
fuzzy_matched_package = PackageWhitelists.package_name_fuzzy_match(
logger, package_name, baseline.get_all_packages())
if fuzzy_matched_package:
logger.debug("^%s skipped - fuzzy matched to GSI package %s",
package_name, fuzzy_matched_package)
continue
if package_name in gms_packages:
if GMS.is_gms_package(package):
logger.debug("^%s is GMS package. Skipping...", package_name)
continue
else:
logger.warning("%s's signature does not match database. Careful!",
package_name)
if not package["hasCode"]:
logger.debug("^%s has no code. Skipping for now...", package_name)
continue
if package["usesCleartextTraffic"]:
logger.debug("+%s uses cleartext traffic!", package_name)
total_score += 1
if "android.permission.INTERNET" not in package["permissionsGranted"]:
logger.debug("-%s has no INTERNET permission? Discounting...",
package_name)
total_score -= 1
elif update_apps:
self.related_apps.append(package)
return total_score