apps.js 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418
  1. var myApp = angular.module('myApp');
  2. myApp.controller('AppsController', ['$scope', '$http', '$location', '$routeParams', '$window', function($scope, $http, $location, $routeParams, $window){
  3. console.log('AppsController loaded...');
  4. $scope.app = {};
  5. $scope.privacyRisksTC = [];
  6. $scope.securityRisksTC = [];
  7. $scope.appResultList = new Array(200);
  8. $scope.reputationHTI = false;
  9. $scope.spHTI = false;
  10. $scope.finalHTI = false;
  11. $scope.getApps = function(){
  12. angular.element('*[id^="tviz"]').remove();
  13. var genre = $routeParams.genre;
  14. var query = "";
  15. if(genre) {
  16. query += "/?genre=" + genre;
  17. }
  18. $http.get('/crawler/downloadedapps' + query).then(function(response){
  19. $scope.apps = response.data;
  20. });
  21. }
  22. $scope.getApp = function(){
  23. angular.element('*[id^="tviz"]').remove();
  24. var id = $routeParams.id;
  25. var posture = $routeParams.posture;
  26. var query = "";
  27. if(posture) {
  28. query += "/?posture=" + posture;
  29. }
  30. $http.get('/crawler/downloadedapps/'+id+query).then(function(response){
  31. $scope.app = response.data;
  32. //showCT($scope.app);
  33. $scope.privacyRisksTC = [
  34. "Client communication used?",
  35. "SSL/TLS used?",
  36. "Domains accessed with http AND https: ",
  37. "Custom SSL/TLS trust manager implemented?",
  38. "Faulty custom SSL/TLS trust manager implemented?",
  39. "SSL/TLS using custom error handling?",
  40. "SSL/TLS using faulty custom error handling?",
  41. "SSL/TLS using manual domain name verification?",
  42. "Unprotected communication?",
  43. "Unprotected HTML?",
  44. "Cryptographic Primitives: ",
  45. "Application needs dangerous permissions? ",
  46. "JavaScript to SDK API bridge usage?",
  47. "Is application overprivileged?",
  48. "Userdefined permission usage: ",
  49. "WiFi-Direct enabled?",
  50. "App can handle documents of mimeType: ",
  51. "Screenshot protection used?",
  52. "Tap Jacking Protection used?",
  53. //"",
  54. "Scheduled Alarm Manager registered?",
  55. "Dynamically loaded code at runtime?",
  56. "Allow app debugging Flag?",
  57. "Allow autoexecute after Phone Reboot?",
  58. //"",
  59. "App uses outdated signature key?",
  60. "Contains native libraries: "
  61. ];
  62. $scope.securityRisksTC = [
  63. "Obfuscation used?",
  64. "Device administration policy entries: ",
  65. "Accessed unique identifier(s): ",
  66. "Advertisment-/tracking frameworks found: ",
  67. "App provides public accessible activities?",
  68. "Backup of app is allowed?",
  69. "Log Statement Enabled?",
  70. "Permission to access address book?",
  71. //"",
  72. "Unprotected preference files found?"
  73. ];
  74. });
  75. }
  76. $scope.getApp2 = function(app, $index){
  77. angular.element('*[id^="tviz"]').remove();
  78. if(app.reviews.length && app.permissions.length) {
  79. $http.get('/crawler/downloadedapps/'+app.appId).then(function(response) {
  80. //$scope.app = response.data;
  81. $scope.appResultList[$index] = response.data;
  82. //$scope.showTviz(response.data, $index);
  83. $scope.securityRisksTC = [
  84. "Client communication used?",
  85. "SSL/TLS used?",
  86. "Domains accessed with http AND https: ",
  87. "Custom SSL/TLS trust manager implemented?",
  88. "Faulty custom SSL/TLS trust manager implemented?",
  89. "SSL/TLS using custom error handling?",
  90. "SSL/TLS using faulty custom error handling?",
  91. "SSL/TLS using manual domain name verification?",
  92. "Unprotected communication?",
  93. "Unprotected HTML?",
  94. "Cryptographic Primitives: ",
  95. "Application needs dangerous permissions? ",
  96. "JavaScript to SDK API bridge usage?",
  97. "Is application overprivileged?",
  98. "Userdefined permission usage: ",
  99. "WiFi-Direct enabled?",
  100. "App can handle documents of mimeType: ",
  101. "Screenshot protection used?",
  102. "Tap Jacking Protection used?",
  103. //"",
  104. "Scheduled Alarm Manager registered?",
  105. "Dynamically loaded code at runtime?",
  106. "Allow app debugging Flag?",
  107. "Allow autoexecute after Phone Reboot?",
  108. //"",
  109. "App uses outdated signature key?",
  110. "Contains native libraries: "
  111. ];
  112. $scope.privacyRisksTC = [
  113. "Obfuscation used?",
  114. "Device administration policy entries: ",
  115. "Accessed unique identifier(s): ",
  116. "Advertisment-/tracking frameworks found: ",
  117. "App provides public accessible activities?",
  118. "Backup of app is allowed?",
  119. "Log Statement Enabled?",
  120. "Permission to access address book?",
  121. //"",
  122. "Unprotected preference files found?"
  123. ];
  124. });
  125. }
  126. }
  127. $scope.getSPResult = function(testName) {
  128. var testCases = $scope.app.appicaptor.indicator;
  129. var indicator = _.filter(testCases, function(testCase) {
  130. return testCase.attr.text == testName;
  131. })[0];
  132. return indicator ? indicator.attr.value : "";
  133. }
  134. $scope.getRatingsTCF = function(app) {
  135. var output = "(";
  136. output += Number(app.averageRatingTrustValue.toFixed(2)) + ",";
  137. output += Number(app.averageRatingConfidenceValue.toFixed(2)) + ",";
  138. output += "NA" + ")";
  139. return output;
  140. }
  141. $scope.getReviewsTCF = function(app) {
  142. var output = "(";
  143. output += Number(app.reviewsTrustValue.toFixed(2)) + ",";
  144. output += Number(app.reviewsConfidenceValue.toFixed(2)) + ",";
  145. output += "NA" + ")";
  146. return output;
  147. }
  148. $scope.getPermissionsTCF = function(app) {
  149. var output = "(";
  150. output += Number(app.permissionsTrustValue.toFixed(2)) + ",";
  151. output += Number(app.cofidenceInNumberofPermissions.toFixed(2)) + ",";
  152. output += "NA" + ")";
  153. return output;
  154. }
  155. $scope.getSecurityRisksTCF = function(app) {
  156. var output = "(";
  157. output += Number(app.sTrustValue.toFixed(2)) + ",";
  158. output += Number(app.sConfidenceValue.toFixed(2)) + ",";
  159. output += "NA" + ")";
  160. return output;
  161. }
  162. $scope.getPrivacyRisksTCF = function(app) {
  163. var output = "(";
  164. output += Number(app.pTrustValue.toFixed(2)) + ",";
  165. output += Number(app.pConfidenceValue.toFixed(2)) + ",";
  166. output += "NA" + ")";
  167. return output;
  168. }
  169. $scope.getTrustPlusFrameworkScore = function(app) {
  170. var weight = 1/3;
  171. var ratingMetric = (app.score-1)/4;
  172. var score = (weight*ratingMetric*app.averageRatingConfidenceValue) + (weight*app.reviewMetric*app.reviewsConfidenceValue);
  173. return Number(score.toFixed(2));
  174. }
  175. $scope.$watch('app', function (newValue, oldValue, scope) {
  176. if(newValue.appId) {
  177. $scope.showCertainTrust();
  178. }
  179. });
  180. $scope.showCategoryCertainTrust = function () { //this will just calculate the expectation of the Reputaion and SP QUality category considering the sub categories
  181. var f = 0.0;
  182. var CT_objects = [];
  183. var CT_names = ['ratingsCT', 'reviewsCT', 'permissionsCT', 'reputationAndResult', 'securityRisksCT', 'privacyRisksCT', 'spQualityAndResult'];
  184. var ANDObserver = {
  185. update: function () {
  186. // calculate the CertainTrust.AND for both values
  187. var CT_result = CT_objects['ratingsCT'].AND(CT_objects['reviewsCT']).AND(CT_objects['permissionsCT']);
  188. // update the HTI which displays the result
  189. CT_objects['reputationAndResult'].setF(CT_result.getF());
  190. CT_objects['reputationAndResult'].setTC(CT_result.getT(), CT_result.getC());
  191. }
  192. };
  193. var app = $scope.app;
  194. for (var i = 0, element; element = CT_names[i]; ++i) {
  195. var CT_object;
  196. if (-1 !== element.indexOf('ratings')) {
  197. CT_object = new CertainTrust(Number(app.averageRatingTrustValue.toFixed(2)), Number(app.averageRatingConfidenceValue.toFixed(2)), f, 3);
  198. }
  199. if (-1 !== element.indexOf('reviews')) {
  200. CT_object = new CertainTrust(Number(app.reviewsTrustValue.toFixed(2)), Number(app.reviewsConfidenceValue.toFixed(2)), f, 3);
  201. }
  202. if (-1 !== element.indexOf('permissions')) {
  203. CT_object = new CertainTrust(Number(app.permissionsTrustValue.toFixed(2)), Number(app.cofidenceInNumberofPermissions.toFixed(2)), f, 3);
  204. }
  205. if (-1 !== element.indexOf('security')) {
  206. CT_object = new CertainTrust(Number(app.sTrustValue.toFixed(2)), Number(app.sConfidenceValue.toFixed(2)), f, 3);
  207. }
  208. if (-1 !== element.indexOf('privacy')) {
  209. CT_object = new CertainTrust(Number(app.pTrustValue.toFixed(2)), Number(app.pConfidenceValue.toFixed(2)), f, 3);
  210. }
  211. if (-1 !== element.indexOf('Result')) {
  212. CT_object = new CertainTrust(1, 1, 1, 3);
  213. }
  214. // the result HTIs should be read-only
  215. // var isResultHTI = (-1 !== element.indexOf('Result'));
  216. var HTI = new CertainTrustHTI(CT_object, { domParent: element, readonly: true });
  217. // register our observers for the calculation
  218. // if (!isResultHTI) {
  219. // CT_object.addObserver(ANDObserver);
  220. // }
  221. // store the created objects for easy access in the Arrays
  222. CT_objects[element] = CT_object;
  223. }
  224. // ANDObserver.update();
  225. // calculate the CertainTrust.AND for both values
  226. var repuatationCT_result = CT_objects['ratingsCT'].AND(CT_objects['reviewsCT']).AND(CT_objects['permissionsCT']);
  227. var spQualityCT_result = CT_objects['securityRisksCT'].AND(CT_objects['privacyRisksCT']);
  228. // update the HTI which displays the result
  229. CT_objects['reputationAndResult'].setF(repuatationCT_result.getF());
  230. CT_objects['reputationAndResult'].setTC(repuatationCT_result.getT(), repuatationCT_result.getC());
  231. CT_objects['spQualityAndResult'].setF(spQualityCT_result.getF());
  232. CT_objects['spQualityAndResult'].setTC(spQualityCT_result.getT(), spQualityCT_result.getC());
  233. f = 0.9;
  234. var wFusionArr = new Array();
  235. wFusionArr.push(CT_objects['ratingsCT']);
  236. wFusionArr.push(CT_objects['reviewsCT']);
  237. wFusionArr.push(CT_objects['permissionsCT']);
  238. var wFusionWeightArr = new Array();
  239. wFusionWeightArr.push(1);
  240. wFusionWeightArr.push(2);
  241. wFusionWeightArr.push(1);
  242. var repuatationWFusionCT_result = CT_objects['ratingsCT'].wFusion(wFusionArr,wFusionWeightArr);
  243. repuatationWFusionCT_result.setF(f);
  244. var HTI1 = new CertainTrustHTI(repuatationWFusionCT_result, { domParent: "reputationWFusionResult", readonly: true });
  245. var repuatationCFusionCT_result = CT_objects['ratingsCT'].cFusion(wFusionArr,wFusionWeightArr);
  246. var HTI11 = new CertainTrustHTI(repuatationCFusionCT_result, { domParent: "reputationCFusionResult", readonly: true });
  247. var wFusionSPArr = new Array();
  248. wFusionSPArr.push(CT_objects['securityRisksCT']);
  249. wFusionSPArr.push(CT_objects['privacyRisksCT']);
  250. var wFusionSPWeightArr = new Array();
  251. wFusionSPWeightArr.push(1);
  252. wFusionSPWeightArr.push(1);
  253. var spQualityWFusionCT_result = CT_objects['securityRisksCT'].wFusion(wFusionSPArr,wFusionSPWeightArr);
  254. spQualityWFusionCT_result.setF(f);
  255. var HTI2 = new CertainTrustHTI(spQualityWFusionCT_result, { domParent: "spQualityWFusionResult", readonly: true });
  256. var spQualityCFusionCT_result = CT_objects['securityRisksCT'].cFusion(wFusionSPArr,wFusionSPWeightArr);
  257. var HTI22 = new CertainTrustHTI(spQualityCFusionCT_result, { domParent: "spQualityCFusionResult", readonly: true });
  258. var finalAndCT_result = repuatationCT_result.AND(spQualityCT_result);
  259. var HTI3 = new CertainTrustHTI(finalAndCT_result, { domParent: "finalAndResult", readonly: true });
  260. var finalWFusionCT_result = repuatationWFusionCT_result.AND(spQualityWFusionCT_result);
  261. var HTI33 = new CertainTrustHTI(finalWFusionCT_result, { domParent: "finalWFusionResult", readonly: true });
  262. var finalCFusionCT_result = repuatationCFusionCT_result.AND(spQualityCFusionCT_result);
  263. var HTI333 = new CertainTrustHTI(finalCFusionCT_result, { domParent: "finalCFusionResult", readonly: true });
  264. }
  265. $scope.showCertainTrust = function () { //this will just calculate the expectation of the Reputaion and SP QUality category considering the sub categories
  266. var f = 0.0;
  267. var CT_objects = [];
  268. var CT_names = ['ratingsCT', 'reviewsCT', 'securityRisksCT', 'privacyRisksCT'];
  269. var ANDObserver = {
  270. update: function () {
  271. // calculate the CertainTrust.AND for both values
  272. var CT_result = CT_objects['ratingsCT'].AND(CT_objects['reviewsCT']).AND(CT_objects['permissionsCT']);
  273. // update the HTI which displays the result
  274. CT_objects['reputationAndResult'].setF(CT_result.getF());
  275. CT_objects['reputationAndResult'].setTC(CT_result.getT(), CT_result.getC());
  276. }
  277. };
  278. var app = $scope.app;
  279. for (var i = 0, element; element = CT_names[i]; ++i) {
  280. var CT_object;
  281. if (-1 !== element.indexOf('ratings')) {
  282. CT_object = new CertainTrust(Number(app.averageRatingTrustValue.toFixed(2)), Number(app.averageRatingConfidenceValue.toFixed(2)), f, 3);
  283. }
  284. if (-1 !== element.indexOf('reviews')) {
  285. CT_object = new CertainTrust(Number(app.reviewsTrustValue.toFixed(2)), Number(app.reviewsConfidenceValue.toFixed(2)), f, 3);
  286. }
  287. if (-1 !== element.indexOf('security')) {
  288. CT_object = new CertainTrust(Number(app.sTrustValue.toFixed(2)), Number(app.sConfidenceValue.toFixed(2)), f, 3);
  289. }
  290. if (-1 !== element.indexOf('privacy')) {
  291. CT_object = new CertainTrust(Number(app.pTrustValue.toFixed(2)), Number(app.pConfidenceValue.toFixed(2)), f, 3);
  292. }
  293. // the result HTIs should be read-only
  294. var HTI = new CertainTrustHTI(CT_object, { domParent: element, readonly: true });
  295. CT_objects[element] = CT_object;
  296. }
  297. // ANDObserver.update();
  298. f = 0.9;
  299. var spQualityCT_result = CT_objects['securityRisksCT'].AND(CT_objects['privacyRisksCT']);
  300. spQualityCT_result.setF(f);
  301. var HTI2 = new CertainTrustHTI(spQualityCT_result, { domParent: "spQualityAndResult", readonly: true });
  302. var wFusionArr = new Array();
  303. wFusionArr.push(CT_objects['ratingsCT']);
  304. wFusionArr.push(CT_objects['reviewsCT']);
  305. var wFusionWeightArr = new Array();
  306. wFusionWeightArr.push(1/3);
  307. wFusionWeightArr.push(2/3);
  308. var repuatationWFusionCT_result = CT_objects['ratingsCT'].wFusion(wFusionArr,wFusionWeightArr);
  309. repuatationWFusionCT_result.setF(f);
  310. var HTI1 = new CertainTrustHTI(repuatationWFusionCT_result, { domParent: "reputationWFusionResult", readonly: true });
  311. var finalAndCT_result = repuatationWFusionCT_result.AND(spQualityCT_result);
  312. var HTI3 = new CertainTrustHTI(finalAndCT_result, { domParent: "finalAndResult", readonly: true });
  313. var ct1 = new CertainTrust("Reputation",repuatationWFusionCT_result.getT(), repuatationWFusionCT_result.getC(),repuatationWFusionCT_result.getF(),3);
  314. var ct2 = new CertainTrust("S&p Quality",spQualityCT_result.getT(), spQualityCT_result.getC(),spQualityCT_result.getF(),3);
  315. new CertainTrustTViz([ct1,ct2], { id: "tvizAnd", middle: "AND",
  316. onClick: function(certainTrust) {
  317. if (certainTrust.getName() === "Reputation") $scope.reputationHTI = true;
  318. else $scope.spHTI = true;
  319. $scope.$apply();
  320. },
  321. onMiddleClick: function(certainTrust) {
  322. $scope.finalHTI = true;
  323. $scope.$apply();
  324. }
  325. });
  326. new CertainTrustTViz([ct1,ct2], { id: "tvizAverage", middle: "AVERAGE" });
  327. }
  328. $scope.showTviz = function(app, index) {
  329. var f = 0.0;
  330. var CT_Ratings = new CertainTrust(Number(app.averageRatingTrustValue.toFixed(2)), Number(app.averageRatingConfidenceValue.toFixed(2)), f, 3);
  331. var CT_Reviews = new CertainTrust(Number(app.reviewsTrustValue.toFixed(2)), Number(app.reviewsConfidenceValue.toFixed(2)), f, 3);
  332. var CT_Security = new CertainTrust(Number(app.sTrustValue.toFixed(2)), Number(app.sConfidenceValue.toFixed(2)), f, 3);
  333. var CT_Privacy = new CertainTrust(Number(app.pTrustValue.toFixed(2)), Number(app.pConfidenceValue.toFixed(2)), f, 3);
  334. f = 0.9;
  335. var spQualityCT_result = CT_Security.AND(CT_Privacy);
  336. spQualityCT_result.setF(f);
  337. var wFusionArr = new Array();
  338. wFusionArr.push(CT_Ratings);
  339. wFusionArr.push(CT_Reviews);
  340. var wFusionWeightArr = new Array();
  341. wFusionWeightArr.push(1/3);
  342. wFusionWeightArr.push(2/3);
  343. var repuatationWFusionCT_result = CT_Ratings.wFusion(wFusionArr,wFusionWeightArr);
  344. repuatationWFusionCT_result.setF(f);
  345. var tvizid = "tviz" + index;
  346. var ct1 = new CertainTrust("Reputation",repuatationWFusionCT_result.getT(), repuatationWFusionCT_result.getC(),repuatationWFusionCT_result.getF(),3);
  347. var ct2 = new CertainTrust("S&p Quality",spQualityCT_result.getT(), spQualityCT_result.getC(),spQualityCT_result.getF(),3);
  348. new CertainTrustTViz([ct1,ct2], { canvas: { height: 200, width: 200 }, id: tvizid, middle: "AND" });
  349. }
  350. }]);