apps.js 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441
  1. var myApp = angular.module('myApp');
  2. myApp.controller('AppsController', ['$scope', '$http', '$location', '$routeParams', '$window', function($scope, $http, $location, $routeParams, $window){
  3. console.log('AppsController loaded...');
  4. $scope.app = {};
  5. $scope.privacyRisksTC = [];
  6. $scope.securityRisksTC = [];
  7. $scope.appResultList = new Array(200);
  8. $scope.reputationHTI = false;
  9. $scope.spHTI = false;
  10. $scope.finalHTI = false;
  11. $scope.total = 0;
  12. $scope.dataLoaded = false;
  13. $scope.appNumber = 0;
  14. $scope.setAppNumber = function(toAdd) {
  15. return $scope.appNumber + toAdd;
  16. }
  17. $scope.getApps = function() {
  18. angular.element('*[id^="tviz"]').remove();
  19. $scope.numPerPage = 10;
  20. $scope.currentPage = 1;
  21. var genre = $routeParams.genre;
  22. var page = $routeParams.page;
  23. var query = "";
  24. if(genre) {
  25. query += "/?genre=" + genre;
  26. }
  27. if(page) {
  28. $scope.currentPage = page;
  29. $scope.appNumber = (page - 1) * $scope.numPerPage;
  30. }
  31. if(query != "" && page) {
  32. query += "&page=" + page;
  33. } else if(query == "" && page) {
  34. query += "/?page=" + page;
  35. }
  36. $http.get('/crawler/downloadedapps' + query).then(function(response){
  37. $scope.dataLoaded = true;
  38. $scope.apps = response.data.apps;
  39. $scope.total = response.data.total;
  40. $scope.noOfPages = Math.ceil($scope.total / $scope.numPerPage);
  41. });
  42. }
  43. $scope.getApp = function(){
  44. angular.element('*[id^="tviz"]').remove();
  45. var id = $routeParams.id;
  46. var posture = $routeParams.posture;
  47. var query = "";
  48. if(posture) {
  49. query += "/?posture=" + posture;
  50. }
  51. $http.get('/crawler/downloadedapps/'+id+query).then(function(response){
  52. $scope.dataLoaded = true;
  53. $scope.app = response.data;
  54. //showCT($scope.app);
  55. $scope.privacyRisksTC = [
  56. "Client communication used?",
  57. "SSL/TLS used?",
  58. "Domains accessed with http AND https: ",
  59. "Custom SSL/TLS trust manager implemented?",
  60. "Faulty custom SSL/TLS trust manager implemented?",
  61. "SSL/TLS using custom error handling?",
  62. "SSL/TLS using faulty custom error handling?",
  63. "SSL/TLS using manual domain name verification?",
  64. "Unprotected communication?",
  65. "Unprotected HTML?",
  66. "Cryptographic Primitives: ",
  67. "Application needs dangerous permissions? ",
  68. "JavaScript to SDK API bridge usage?",
  69. "Is application overprivileged?",
  70. "Userdefined permission usage: ",
  71. "WiFi-Direct enabled?",
  72. "App can handle documents of mimeType: ",
  73. "Screenshot protection used?",
  74. "Tap Jacking Protection used?",
  75. //"",
  76. "Scheduled Alarm Manager registered?",
  77. "Dynamically loaded code at runtime?",
  78. "Allow app debugging Flag?",
  79. "Allow autoexecute after Phone Reboot?",
  80. //"",
  81. "App uses outdated signature key?",
  82. "Contains native libraries: "
  83. ];
  84. $scope.securityRisksTC = [
  85. "Obfuscation used?",
  86. "Device administration policy entries: ",
  87. "Accessed unique identifier(s): ",
  88. "Advertisment-/tracking frameworks found: ",
  89. "App provides public accessible activities?",
  90. "Backup of app is allowed?",
  91. "Log Statement Enabled?",
  92. "Permission to access address book?",
  93. //"",
  94. "Unprotected preference files found?"
  95. ];
  96. });
  97. }
  98. $scope.getApp2 = function(app, $index){
  99. angular.element('*[id^="tviz"]').remove();
  100. if(app.reviews.length && app.permissions.length) {
  101. $http.get('/crawler/downloadedapps/'+app.appId).then(function(response) {
  102. //$scope.app = response.data;
  103. $scope.appResultList[$index] = response.data;
  104. //$scope.showTviz(response.data, $index);
  105. $scope.securityRisksTC = [
  106. "Client communication used?",
  107. "SSL/TLS used?",
  108. "Domains accessed with http AND https: ",
  109. "Custom SSL/TLS trust manager implemented?",
  110. "Faulty custom SSL/TLS trust manager implemented?",
  111. "SSL/TLS using custom error handling?",
  112. "SSL/TLS using faulty custom error handling?",
  113. "SSL/TLS using manual domain name verification?",
  114. "Unprotected communication?",
  115. "Unprotected HTML?",
  116. "Cryptographic Primitives: ",
  117. "Application needs dangerous permissions? ",
  118. "JavaScript to SDK API bridge usage?",
  119. "Is application overprivileged?",
  120. "Userdefined permission usage: ",
  121. "WiFi-Direct enabled?",
  122. "App can handle documents of mimeType: ",
  123. "Screenshot protection used?",
  124. "Tap Jacking Protection used?",
  125. //"",
  126. "Scheduled Alarm Manager registered?",
  127. "Dynamically loaded code at runtime?",
  128. "Allow app debugging Flag?",
  129. "Allow autoexecute after Phone Reboot?",
  130. //"",
  131. "App uses outdated signature key?",
  132. "Contains native libraries: "
  133. ];
  134. $scope.privacyRisksTC = [
  135. "Obfuscation used?",
  136. "Device administration policy entries: ",
  137. "Accessed unique identifier(s): ",
  138. "Advertisment-/tracking frameworks found: ",
  139. "App provides public accessible activities?",
  140. "Backup of app is allowed?",
  141. "Log Statement Enabled?",
  142. "Permission to access address book?",
  143. //"",
  144. "Unprotected preference files found?"
  145. ];
  146. });
  147. }
  148. }
  149. $scope.getSPResult = function(testName) {
  150. var testCases = $scope.app.appicaptor.indicator;
  151. var indicator = _.filter(testCases, function(testCase) {
  152. return testCase.attr.text == testName;
  153. })[0];
  154. return indicator ? indicator.attr.value : "";
  155. }
  156. $scope.getRatingsTCF = function(app) {
  157. var output = "(";
  158. output += Number(app.averageRatingTrustValue.toFixed(2)) + ",";
  159. output += Number(app.averageRatingConfidenceValue.toFixed(2)) + ",";
  160. output += "NA" + ")";
  161. return output;
  162. }
  163. $scope.getReviewsTCF = function(app) {
  164. var output = "(";
  165. output += Number(app.reviewsTrustValue.toFixed(2)) + ",";
  166. output += Number(app.reviewsConfidenceValue.toFixed(2)) + ",";
  167. output += "NA" + ")";
  168. return output;
  169. }
  170. $scope.getPermissionsTCF = function(app) {
  171. var output = "(";
  172. output += Number(app.permissionsTrustValue.toFixed(2)) + ",";
  173. output += Number(app.cofidenceInNumberofPermissions.toFixed(2)) + ",";
  174. output += "NA" + ")";
  175. return output;
  176. }
  177. $scope.getSecurityRisksTCF = function(app) {
  178. var output = "(";
  179. output += Number(app.sTrustValue.toFixed(2)) + ",";
  180. output += Number(app.sConfidenceValue.toFixed(2)) + ",";
  181. output += "NA" + ")";
  182. return output;
  183. }
  184. $scope.getPrivacyRisksTCF = function(app) {
  185. var output = "(";
  186. output += Number(app.pTrustValue.toFixed(2)) + ",";
  187. output += Number(app.pConfidenceValue.toFixed(2)) + ",";
  188. output += "NA" + ")";
  189. return output;
  190. }
  191. $scope.getTrustPlusFrameworkScore = function(app) {
  192. var weight = 1/3;
  193. var ratingMetric = (app.score-1)/4;
  194. var score = (weight*ratingMetric*app.averageRatingConfidenceValue) + (weight*app.reviewMetric*app.reviewsConfidenceValue);
  195. return Number(score.toFixed(2));
  196. }
  197. $scope.$watch('app', function (newValue, oldValue, scope) {
  198. if(newValue.appId) {
  199. $scope.showCertainTrust();
  200. }
  201. });
  202. $scope.showCategoryCertainTrust = function () { //this will just calculate the expectation of the Reputaion and SP QUality category considering the sub categories
  203. var f = 0.0;
  204. var CT_objects = [];
  205. var CT_names = ['ratingsCT', 'reviewsCT', 'permissionsCT', 'reputationAndResult', 'securityRisksCT', 'privacyRisksCT', 'spQualityAndResult'];
  206. var ANDObserver = {
  207. update: function () {
  208. // calculate the CertainTrust.AND for both values
  209. var CT_result = CT_objects['ratingsCT'].AND(CT_objects['reviewsCT']).AND(CT_objects['permissionsCT']);
  210. // update the HTI which displays the result
  211. CT_objects['reputationAndResult'].setF(CT_result.getF());
  212. CT_objects['reputationAndResult'].setTC(CT_result.getT(), CT_result.getC());
  213. }
  214. };
  215. var app = $scope.app;
  216. for (var i = 0, element; element = CT_names[i]; ++i) {
  217. var CT_object;
  218. if (-1 !== element.indexOf('ratings')) {
  219. CT_object = new CertainTrust(Number(app.averageRatingTrustValue.toFixed(2)), Number(app.averageRatingConfidenceValue.toFixed(2)), f, 3);
  220. }
  221. if (-1 !== element.indexOf('reviews')) {
  222. CT_object = new CertainTrust(Number(app.reviewsTrustValue.toFixed(2)), Number(app.reviewsConfidenceValue.toFixed(2)), f, 3);
  223. }
  224. if (-1 !== element.indexOf('permissions')) {
  225. CT_object = new CertainTrust(Number(app.permissionsTrustValue.toFixed(2)), Number(app.cofidenceInNumberofPermissions.toFixed(2)), f, 3);
  226. }
  227. if (-1 !== element.indexOf('security')) {
  228. CT_object = new CertainTrust(Number(app.sTrustValue.toFixed(2)), Number(app.sConfidenceValue.toFixed(2)), f, 3);
  229. }
  230. if (-1 !== element.indexOf('privacy')) {
  231. CT_object = new CertainTrust(Number(app.pTrustValue.toFixed(2)), Number(app.pConfidenceValue.toFixed(2)), f, 3);
  232. }
  233. if (-1 !== element.indexOf('Result')) {
  234. CT_object = new CertainTrust(1, 1, 1, 3);
  235. }
  236. // the result HTIs should be read-only
  237. // var isResultHTI = (-1 !== element.indexOf('Result'));
  238. var HTI = new CertainTrustHTI(CT_object, { domParent: element, readonly: true });
  239. // register our observers for the calculation
  240. // if (!isResultHTI) {
  241. // CT_object.addObserver(ANDObserver);
  242. // }
  243. // store the created objects for easy access in the Arrays
  244. CT_objects[element] = CT_object;
  245. }
  246. // ANDObserver.update();
  247. // calculate the CertainTrust.AND for both values
  248. var repuatationCT_result = CT_objects['ratingsCT'].AND(CT_objects['reviewsCT']).AND(CT_objects['permissionsCT']);
  249. var spQualityCT_result = CT_objects['securityRisksCT'].AND(CT_objects['privacyRisksCT']);
  250. // update the HTI which displays the result
  251. CT_objects['reputationAndResult'].setF(repuatationCT_result.getF());
  252. CT_objects['reputationAndResult'].setTC(repuatationCT_result.getT(), repuatationCT_result.getC());
  253. CT_objects['spQualityAndResult'].setF(spQualityCT_result.getF());
  254. CT_objects['spQualityAndResult'].setTC(spQualityCT_result.getT(), spQualityCT_result.getC());
  255. f = 0.9;
  256. var wFusionArr = new Array();
  257. wFusionArr.push(CT_objects['ratingsCT']);
  258. wFusionArr.push(CT_objects['reviewsCT']);
  259. wFusionArr.push(CT_objects['permissionsCT']);
  260. var wFusionWeightArr = new Array();
  261. wFusionWeightArr.push(1);
  262. wFusionWeightArr.push(2);
  263. wFusionWeightArr.push(1);
  264. var repuatationWFusionCT_result = CT_objects['ratingsCT'].wFusion(wFusionArr,wFusionWeightArr);
  265. repuatationWFusionCT_result.setF(f);
  266. var HTI1 = new CertainTrustHTI(repuatationWFusionCT_result, { domParent: "reputationWFusionResult", readonly: true });
  267. var repuatationCFusionCT_result = CT_objects['ratingsCT'].cFusion(wFusionArr,wFusionWeightArr);
  268. var HTI11 = new CertainTrustHTI(repuatationCFusionCT_result, { domParent: "reputationCFusionResult", readonly: true });
  269. var wFusionSPArr = new Array();
  270. wFusionSPArr.push(CT_objects['securityRisksCT']);
  271. wFusionSPArr.push(CT_objects['privacyRisksCT']);
  272. var wFusionSPWeightArr = new Array();
  273. wFusionSPWeightArr.push(1);
  274. wFusionSPWeightArr.push(1);
  275. var spQualityWFusionCT_result = CT_objects['securityRisksCT'].wFusion(wFusionSPArr,wFusionSPWeightArr);
  276. spQualityWFusionCT_result.setF(f);
  277. var HTI2 = new CertainTrustHTI(spQualityWFusionCT_result, { domParent: "spQualityWFusionResult", readonly: true });
  278. var spQualityCFusionCT_result = CT_objects['securityRisksCT'].cFusion(wFusionSPArr,wFusionSPWeightArr);
  279. var HTI22 = new CertainTrustHTI(spQualityCFusionCT_result, { domParent: "spQualityCFusionResult", readonly: true });
  280. var finalAndCT_result = repuatationCT_result.AND(spQualityCT_result);
  281. var HTI3 = new CertainTrustHTI(finalAndCT_result, { domParent: "finalAndResult", readonly: true });
  282. var finalWFusionCT_result = repuatationWFusionCT_result.AND(spQualityWFusionCT_result);
  283. var HTI33 = new CertainTrustHTI(finalWFusionCT_result, { domParent: "finalWFusionResult", readonly: true });
  284. var finalCFusionCT_result = repuatationCFusionCT_result.AND(spQualityCFusionCT_result);
  285. var HTI333 = new CertainTrustHTI(finalCFusionCT_result, { domParent: "finalCFusionResult", readonly: true });
  286. }
  287. $scope.showCertainTrust = function () { //this will just calculate the expectation of the Reputaion and SP QUality category considering the sub categories
  288. var f = 0.0;
  289. var CT_objects = [];
  290. var CT_names = ['ratingsCT', 'reviewsCT', 'securityRisksCT', 'privacyRisksCT'];
  291. var ANDObserver = {
  292. update: function () {
  293. // calculate the CertainTrust.AND for both values
  294. var CT_result = CT_objects['ratingsCT'].AND(CT_objects['reviewsCT']).AND(CT_objects['permissionsCT']);
  295. // update the HTI which displays the result
  296. CT_objects['reputationAndResult'].setF(CT_result.getF());
  297. CT_objects['reputationAndResult'].setTC(CT_result.getT(), CT_result.getC());
  298. }
  299. };
  300. var app = $scope.app;
  301. for (var i = 0, element; element = CT_names[i]; ++i) {
  302. var CT_object;
  303. if (-1 !== element.indexOf('ratings')) {
  304. CT_object = new CertainTrust(Number(app.averageRatingTrustValue.toFixed(2)), Number(app.averageRatingConfidenceValue.toFixed(2)), f, 3);
  305. }
  306. if (-1 !== element.indexOf('reviews')) {
  307. CT_object = new CertainTrust(Number(app.reviewsTrustValue.toFixed(2)), Number(app.reviewsConfidenceValue.toFixed(2)), f, 3);
  308. }
  309. if (-1 !== element.indexOf('security')) {
  310. CT_object = new CertainTrust(Number(app.sTrustValue.toFixed(2)), Number(app.sConfidenceValue.toFixed(2)), f, 3);
  311. }
  312. if (-1 !== element.indexOf('privacy')) {
  313. CT_object = new CertainTrust(Number(app.pTrustValue.toFixed(2)), Number(app.pConfidenceValue.toFixed(2)), f, 3);
  314. }
  315. // the result HTIs should be read-only
  316. var HTI = new CertainTrustHTI(CT_object, { domParent: element, readonly: true });
  317. CT_objects[element] = CT_object;
  318. }
  319. // ANDObserver.update();
  320. f = 0.9;
  321. var spQualityCT_result = CT_objects['securityRisksCT'].AND(CT_objects['privacyRisksCT']);
  322. spQualityCT_result.setF(f);
  323. var HTI2 = new CertainTrustHTI(spQualityCT_result, { domParent: "spQualityAndResult", readonly: true });
  324. var wFusionArr = new Array();
  325. wFusionArr.push(CT_objects['ratingsCT']);
  326. wFusionArr.push(CT_objects['reviewsCT']);
  327. var wFusionWeightArr = new Array();
  328. wFusionWeightArr.push(1/3);
  329. wFusionWeightArr.push(2/3);
  330. var repuatationWFusionCT_result = CT_objects['ratingsCT'].wFusion(wFusionArr,wFusionWeightArr);
  331. repuatationWFusionCT_result.setF(f);
  332. var HTI1 = new CertainTrustHTI(repuatationWFusionCT_result, { domParent: "reputationWFusionResult", readonly: true });
  333. var finalAndCT_result = repuatationWFusionCT_result.AND(spQualityCT_result);
  334. var HTI3 = new CertainTrustHTI(finalAndCT_result, { domParent: "finalAndResult", readonly: true });
  335. var ct1 = new CertainTrust("Reputation",repuatationWFusionCT_result.getT(), repuatationWFusionCT_result.getC(),repuatationWFusionCT_result.getF(),3);
  336. var ct2 = new CertainTrust("S&p Quality",spQualityCT_result.getT(), spQualityCT_result.getC(),spQualityCT_result.getF(),3);
  337. new CertainTrustTViz([ct1,ct2], { id: "tvizAnd", middle: "AND",
  338. onClick: function(certainTrust) {
  339. if (certainTrust.getName() === "Reputation") $scope.reputationHTI = true;
  340. else $scope.spHTI = true;
  341. $scope.$apply();
  342. },
  343. onMiddleClick: function(certainTrust) {
  344. $scope.finalHTI = true;
  345. $scope.$apply();
  346. }
  347. });
  348. new CertainTrustTViz([ct1,ct2], { id: "tvizAverage", middle: "AVERAGE" });
  349. }
  350. $scope.showTviz = function(app, index) {
  351. var f = 0.0;
  352. var CT_Ratings = new CertainTrust(Number(app.averageRatingTrustValue.toFixed(2)), Number(app.averageRatingConfidenceValue.toFixed(2)), f, 3);
  353. var CT_Reviews = new CertainTrust(Number(app.reviewsTrustValue.toFixed(2)), Number(app.reviewsConfidenceValue.toFixed(2)), f, 3);
  354. var CT_Security = new CertainTrust(Number(app.sTrustValue.toFixed(2)), Number(app.sConfidenceValue.toFixed(2)), f, 3);
  355. var CT_Privacy = new CertainTrust(Number(app.pTrustValue.toFixed(2)), Number(app.pConfidenceValue.toFixed(2)), f, 3);
  356. f = 0.9;
  357. var spQualityCT_result = CT_Security.AND(CT_Privacy);
  358. spQualityCT_result.setF(f);
  359. var wFusionArr = new Array();
  360. wFusionArr.push(CT_Ratings);
  361. wFusionArr.push(CT_Reviews);
  362. var wFusionWeightArr = new Array();
  363. wFusionWeightArr.push(1/3);
  364. wFusionWeightArr.push(2/3);
  365. var repuatationWFusionCT_result = CT_Ratings.wFusion(wFusionArr,wFusionWeightArr);
  366. repuatationWFusionCT_result.setF(f);
  367. var tvizid = "tviz" + index;
  368. var ct1 = new CertainTrust("Reputation",repuatationWFusionCT_result.getT(), repuatationWFusionCT_result.getC(),repuatationWFusionCT_result.getF(),3);
  369. var ct2 = new CertainTrust("S&p Quality",spQualityCT_result.getT(), spQualityCT_result.getC(),spQualityCT_result.getF(),3);
  370. new CertainTrustTViz([ct1,ct2], { canvas: { height: 200, width: 200 }, id: tvizid, middle: "AND" });
  371. }
  372. }]);