Prevent doctypes declarations

2024-12-05 02:22:55 +01:00 · 2017-05-27 15:12:54 -04:00 · 2017-05-27 15:12:54 -04:00 · f19317d87c
commit f19317d87c
parent 6e47d3687b
4 changed files with 98 additions and 2 deletions
--- a/brut.apktool/apktool-lib/src/main/java/brut/androlib/res/xml/ResXmlPatcher.java
+++ b/brut.apktool/apktool-lib/src/main/java/brut/androlib/res/xml/ResXmlPatcher.java
@ -246,6 +246,8 @@ public final class ResXmlPatcher {
            throws IOException, SAXException, ParserConfigurationException {

        DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
+        docFactory.setFeature(FEATURE_DISABLE_DOCTYPE_DECL, true);
+
        DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
        return docBuilder.parse(file);
    }
@ -264,10 +266,10 @@ public final class ResXmlPatcher {

        TransformerFactory transformerFactory = TransformerFactory.newInstance();
        Transformer transformer = transformerFactory.newTransformer();
-        transformer.setOutputProperty(OutputKeys.INDENT, "yes");
-        transformer.setOutputProperty(OutputKeys.STANDALONE,"yes");
        DOMSource source = new DOMSource(doc);
        StreamResult result = new StreamResult(file);
        transformer.transform(source, result);
    }
+
+    private static final String FEATURE_DISABLE_DOCTYPE_DECL = "http://apache.org/xml/features/disallow-doctype-decl";
 }
--- a/brut.apktool/apktool-lib/src/test/java/brut/androlib/ExternalEntityTest.java
+++ b/brut.apktool/apktool-lib/src/test/java/brut/androlib/ExternalEntityTest.java
@ -0,0 +1,76 @@
+/**
+ *  Copyright 2014 Ryszard Wiśniewski <brut.alll@gmail.com>
+ *  Copyright 2016 Connor Tumbleson <connor.tumbleson@gmail.com>
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package brut.androlib;
+
+import brut.directory.ExtFile;
+import brut.common.BrutException;
+import brut.util.OS;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.logging.Logger;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * @author Connor Tumbleson <connor.tumbleson@gmail.com>
+ */
+public class ExternalEntityTest {
+
+    @BeforeClass
+    public static void beforeClass() throws Exception {
+        sOrigDir = new ExtFile(OS.createTempDirectory());
+        TestUtils.copyResourceDir(ExternalEntityTest.class, "brut/apktool/doctype/", sOrigDir);
+
+        LOGGER.info("Building doctype.apk...");
+        File testApk = new File(sOrigDir, "doctype.apk");
+        new Androlib().build(sOrigDir, testApk);
+
+        LOGGER.info("Decoding doctype.apk...");
+        ApkDecoder apkDecoder = new ApkDecoder(testApk);
+        apkDecoder.setOutDir(new File(sOrigDir + File.separator + "output"));
+        apkDecoder.decode();
+    }
+
+    @AfterClass
+    public static void afterClass() throws BrutException {
+        OS.rmdir(sOrigDir);
+    }
+
+    @Test
+    public void doctypeTest() throws BrutException, IOException {
+
+        String expected = TestUtils.replaceNewlines("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" +
+                "<manifest android:versionCode=\"1\" android:versionName=\"1.0\" hardwareAccelerated=\"true\" package=\"com.ibotpeaches.doctype\" platformBuildVersionCode=\"23\" platformBuildVersionName=\"6.0-2438415\"\n" +
+                "  xmlns:android=\"http://schemas.android.com/apk/res/android\">\n" +
+                "    <supports-screens android:anyDensity=\"true\" android:smallScreens=\"true\" android:normalScreens=\"true\" android:largeScreens=\"true\" android:resizeable=\"true\" android:xlargeScreens=\"true\" />\n" +
+                "</manifest>");
+
+        byte[] encoded = Files.readAllBytes(Paths.get(sOrigDir + File.separator + "output" + File.separator + "AndroidManifest.xml"));
+        String obtained = TestUtils.replaceNewlines(new String(encoded));
+        assertEquals(expected, obtained);
+    }
+
+    private static ExtFile sOrigDir;
+
+    private final static Logger LOGGER = Logger.getLogger(ExternalEntityTest.class.getName());
+}
--- a/brut.apktool/apktool-lib/src/test/resources/brut/apktool/doctype/AndroidManifest.xml
+++ b/brut.apktool/apktool-lib/src/test/resources/brut/apktool/doctype/AndroidManifest.xml
@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!DOCTYPE manifest [<!ENTITY e1 SYSTEM 'http://ibotpeaches.com?z=APKTOOLXXE;'>]>
+<manifest hardwareAccelerated="true" package="com.ibotpeaches.doctype" platformBuildVersionCode="24" platformBuildVersionName="6.0-2456767" xmlns:android="http://schemas.android.com/apk/res/android">
+    &e1;
+<supports-screens android:anyDensity="true" android:largeScreens="true" android:normalScreens="true" android:resizeable="true" android:smallScreens="true" android:xlargeScreens="true"/>
+</manifest>
--- a/brut.apktool/apktool-lib/src/test/resources/brut/apktool/doctype/apktool.yml
+++ b/brut.apktool/apktool-lib/src/test/resources/brut/apktool/doctype/apktool.yml
@ -0,0 +1,12 @@
+version: 2.0.0
+apkFileName: doctype.apk
+isFrameworkApk: false
+usesFramework:
+  ids:
+  - 1
+packageInfo:
+  forced-package-id: '127'
+versionInfo:
+  versionCode: '1'
+  versionName: '1.0'
+compressionType: false