App Permission Models

The following models should be used to add extracted permissions to an app. Each app permission will be represented by an object of AppPermission which will then be mapped to a PermissionFinding instance. With that model, we have to create the app permissions only once and just have to mapp them to scans.

Overview of models related to app permissions — Figure 1: App-Permissions that can be created on the plugin page of each MAST-F instance will be mapped to a finding.

class mastf.MASTF.models.AppPermission(*args, **kwargs)[source]

Represents an application permission with its related attributes.

static create_unknown(identifier, protection_level) → AppPermission[source]

Create an AppPermission instance for an unknown permission.

Parameters:

identifier (str) – The string identifier of the permission.
protection_level (str) – The protection level of the permission.

Returns:

An AppPermission instance for the unknown permission.

Return type:

AppPermission

dangerous: A flag indicating whether the permission is dangerous or not.

description: A full description of the permission.

group: The group to which the permission belongs. Can be null.

identifier: The string identifier of the permission.

Hint

While Android permission identifiers start with something like android.permission, Apple’s permission strings does not contain a package name. To emulate that, a custom package name will be added: !apple.permission.

name: The name of the permission. Can be null.

permission_uuid: The unique ID of the permission.

property plevel_status: dict

Get a dictionary that maps the protection levels of the permission to their respective color codes.

Returns:: A dictionary that maps the protection levels of the permission to their respective color codes.
Return type:: dict

protection_level: The protection level of the permission. Can be empty.

risk: The risk associated with the permission. Can be empty.

short_description: A short description of the permission. Can be empty.

class mastf.MASTF.models.PermissionFinding(*args, **kwargs)[source]

The PermissionFinding class is a model class that represents a finding for a permission.

discovery_date: Stores the date this vulnerability or finding was detected.

finding_id: A unique identifier for the finding

permission: A foreign key that associates a permission with a finding.

scan: A foreign key that links the finding to a specific scan.

scanner: The scanner that found the vulnerability or finding

severity: The severity of the finding

snippet: A foreign key that links the finding to a specific code snippet

template: The finding template used to create the finding