Info Call to dynamic code loading API

Description

List of all dynamic code loading API calls in the application. Loading code from untrsuted sources could allow the execution of malicious code in the context of the current application.

Recommendation

This entry is informative, no recommendations applicable.

Technical details

Method net.hockeyapp.android.CrashManager.contentsOfFile() calling method java.lang.System.getProperty()


    private static String contentsOfFile(ref.WeakReference p8, String p9)
    {
        java.io.IOException v6_3;
        if (p8 == null) {
            v6_3 = 0;
        } else {
            android.content.Context v1_1 = ((android.content.Context) p8.get());
            if (v1_1 == null) {
            } else {
                StringBuilder v0_1 = new StringBuilder();
                java.io.BufferedReader v4 = 0;
                try {
                    java.io.BufferedReader v5_1 = new java.io.BufferedReader(new java.io.InputStreamReader(v1_1.openFileInput(p9)));
                    try {
                        while(true) {
                            String v3 = v5_1.readLine();
                            v0_1.append(v3);
                            v0_1.append(System.getProperty("line.separator"));
                        }
                        if (v5_1 == null) {
                            v6_3 = v0_1.toString();
                        } else {
                            try {
                                v5_1.close();
                            } catch (java.io.IOException v6) {
                            }
                        }
                    } catch (java.io.IOException v6_2) {
                        v4 = v5_1;
                        if (v4 != null) {
                            try {
                                v4.close();
                            } catch (java.io.IOException v7) {
                            }
                        }
                        throw v6_2;
                    } catch (java.io.IOException v6) {
                        v4 = v5_1;
                        if (v4 == null) {
                        } else {
                            try {
                                v4.close();
                            } catch (java.io.IOException v6) {
                            }
                        }
                    } catch (java.io.IOException v2) {
                        v4 = v5_1;
                        v2.printStackTrace();
                        if (v4 == null) {
                        } else {
                            try {
                                v4.close();
                            } catch (java.io.IOException v6) {
                            }
                        }
                    }
                    if (v3 == null) {
                    }
                } catch (java.io.IOException v6_2) {
                } catch (java.io.IOException v6) {
                } catch (java.io.IOException v2) {
                }
            }
        }
        return v6_3;
    }

Method com.google.zxing.ReaderException.<clinit>() calling method java.lang.System.getProperty()


    static ReaderException()
    {
        StackTraceElement[] v0_2;
        if (System.getProperty("surefire.test.class.path") == null) {
            v0_2 = 0;
        } else {
            v0_2 = 1;
        }
        com.google.zxing.ReaderException.isStackTrace = v0_2;
        StackTraceElement[] v0_3 = new StackTraceElement[0];
        com.google.zxing.ReaderException.NO_TRACE = v0_3;
        return;
    }

Method com.google.android.gms.internal.zzaez.zzc() calling method java.lang.System.getProperty()


    public String zzc(com.google.android.gms.internal.zzaeu p6)
    {
        String v0_3 = System.getProperty("java.vm.name", "Unknown JVM");
        StringBuilder v1_4 = System.getProperty("java.specification.version", "Unknown");
        return new StringBuilder(((String.valueOf(v1_4).length() + 1) + String.valueOf(v0_3).length())).append(v1_4).append("/").append(v0_3).toString();
    }

Method com.google.android.gms.internal.zzaey.zzc() calling method java.lang.System.getProperty()


    public String zzc(com.google.android.gms.internal.zzaeu p6)
    {
        StringBuilder v1_3 = System.getProperty("java.specification.version", "Unknown");
        return new StringBuilder(((String.valueOf(v1_3).length() + 1) + String.valueOf("AppEngine").length())).append(v1_3).append("/").append("AppEngine").toString();
    }

Method bolts.BoltsExecutors.isAndroidRuntime() calling method java.lang.System.getProperty()


    private static boolean isAndroidRuntime()
    {
        boolean v1_1;
        String v0 = System.getProperty("java.runtime.name");
        if (v0 != null) {
            v1_1 = v0.toLowerCase(java.util.Locale.US).contains("android");
        } else {
            v1_1 = 0;
        }
        return v1_1;
    }

Method android.support.multidex.MultiDex.install() calling method java.lang.System.getProperty()


    public static void install(android.content.Context p11)
    {
        android.util.Log.i("MultiDex", "install");
        if (!android.support.multidex.MultiDex.IS_VM_MULTIDEX_CAPABLE) {
            if (android.os.Build$VERSION.SDK_INT >= 4) {
                try {
                    android.content.pm.ApplicationInfo v1 = android.support.multidex.MultiDex.getApplicationInfo(p11);
                } catch (RuntimeException v3_0) {
                    android.util.Log.e("MultiDex", "Multidex installation failure", v3_0);
                    throw new RuntimeException(new StringBuilder().append("Multi dex installation failed (").append(v3_0.getMessage()).append(").").toString());
                }
                if (v1 != null) {
                    String v0 = v1.sourceDir;
                    if (!android.support.multidex.MultiDex.installedApk.contains(v0)) {
                        android.support.multidex.MultiDex.installedApk.add(v0);
                        if (android.os.Build$VERSION.SDK_INT > 20) {
                            android.util.Log.w("MultiDex", new StringBuilder().append("MultiDex is not guaranteed to work in SDK version ").append(android.os.Build$VERSION.SDK_INT).append(": SDK version higher than ").append(20).append(" should be backed by ").append("runtime with built-in multidex capabilty but it\'s not the ").append("case here: java.vm.version=\"").append(System.getProperty("java.vm.version")).append("\"").toString());
                        }
                        try {
                            ClassLoader v5 = p11.getClassLoader();
                        } catch (RuntimeException v3_1) {
                            android.util.Log.w("MultiDex", "Failure while trying to obtain Context class loader. Must be running in test mode. Skip patching.", v3_1);
                        }
                        if (v5 != null) {
                            try {
                                android.support.multidex.MultiDex.clearOldDexDir(p11);
                            } catch (Throwable v6) {
                                android.util.Log.w("MultiDex", "Something went wrong when trying to clear old MultiDex extraction, continuing without cleaning.", v6);
                            }
                            java.io.File v2_1 = new java.io.File(v1.dataDir, android.support.multidex.MultiDex.SECONDARY_FOLDER_NAME);
                            java.util.List v4_0 = android.support.multidex.MultiDexExtractor.load(p11, v1, v2_1, 0);
                            if (!android.support.multidex.MultiDex.checkValidZipFiles(v4_0)) {
                                android.util.Log.w("MultiDex", "Files were not valid zip files.  Forcing a reload.");
                                java.util.List v4_1 = android.support.multidex.MultiDexExtractor.load(p11, v1, v2_1, 1);
                                if (!android.support.multidex.MultiDex.checkValidZipFiles(v4_1)) {
                                    throw new RuntimeException("Zip files were not valid.");
                                } else {
                                    android.support.multidex.MultiDex.installSecondaryDexes(v5, v2_1, v4_1);
                                }
                            } else {
                                android.support.multidex.MultiDex.installSecondaryDexes(v5, v2_1, v4_0);
                            }
                            android.util.Log.i("MultiDex", "install done");
                        } else {
                            android.util.Log.e("MultiDex", "Context class loader is null. Must be running in test mode. Skip patching.");
                        }
                    } else {
                    }
                }
            } else {
                throw new RuntimeException(new StringBuilder().append("Multi dex installation failed. SDK ").append(android.os.Build$VERSION.SDK_INT).append(" is unsupported. Min SDK version is ").append(4).append(".").toString());
            }
        } else {
            android.util.Log.i("MultiDex", "VM has multidex support, MultiDex support library is disabled.");
        }
        return;
    }

Method android.support.multidex.MultiDex.<clinit>() calling method java.lang.System.getProperty()


    static MultiDex()
    {
        android.support.multidex.MultiDex.SECONDARY_FOLDER_NAME = new StringBuilder().append("code_cache").append(java.io.File.separator).append("secondary-dexes").toString();
        android.support.multidex.MultiDex.installedApk = new java.util.HashSet();
        android.support.multidex.MultiDex.IS_VM_MULTIDEX_CAPABLE = android.support.multidex.MultiDex.isVMMultidexCapable(System.getProperty("java.vm.version"));
        return;
    }

Method android.support.multidex.MultiDex$V4.install() calling method dalvik.system.DexFile.loadDex()


    private static void install(ClassLoader p13, java.util.List p14)
    {
        int v5 = p14.size();
        reflect.Field v10 = android.support.multidex.MultiDex.access$300(p13, "path");
        StringBuilder v9_1 = new StringBuilder(((String) v10.get(p13)));
        String[] v4 = new String[v5];
        java.io.File[] v3 = new java.io.File[v5];
        java.util.zip.ZipFile[] v6 = new java.util.zip.ZipFile[v5];
        dalvik.system.DexFile[] v2 = new dalvik.system.DexFile[v5];
        java.util.ListIterator v8 = p14.listIterator();
        while (v8.hasNext()) {
            java.io.File v0_1 = ((java.io.File) v8.next());
            String v1 = v0_1.getAbsolutePath();
            v9_1.append(58).append(v1);
            int v7 = v8.previousIndex();
            v4[v7] = v1;
            v3[v7] = v0_1;
            v6[v7] = new java.util.zip.ZipFile(v0_1);
            v2[v7] = dalvik.system.DexFile.loadDex(v1, new StringBuilder().append(v1).append(".dex").toString(), 0);
        }
        v10.set(p13, v9_1.toString());
        android.support.multidex.MultiDex.access$400(p13, "mPaths", v4);
        android.support.multidex.MultiDex.access$400(p13, "mFiles", v3);
        android.support.multidex.MultiDex.access$400(p13, "mZips", v6);
        android.support.multidex.MultiDex.access$400(p13, "mDexs", v2);
        return;
    }

Method com.google.android.gms.internal.zzav.zzm() calling method dalvik.system.DexClassLoader.<init>()


    private boolean zzm(String p10)
    {
        try {
            String v0_4 = this.zzov.getCacheDir();
        } catch (String v0_13) {
            throw new com.google.android.gms.internal.zzau(v0_13);
        } catch (String v0_12) {
            throw new com.google.android.gms.internal.zzau(v0_12);
        } catch (String v0_11) {
            throw new com.google.android.gms.internal.zzau(v0_11);
        } catch (String v0_10) {
            throw new com.google.android.gms.internal.zzau(v0_10);
        }
        if (v0_4 == null) {
            v0_4 = this.zzov.getDir("dex", 0);
            if (v0_4 == null) {
                throw new com.google.android.gms.internal.zzau();
            }
        }
        int v1_0 = v0_4;
        String v2_0 = com.google.android.gms.internal.zzat.zzX();
        Object[] v3_0 = this.zza(p10, v1_0, v2_0);
        this.zzb(v1_0, v2_0);
        this.zzox = new dalvik.system.DexClassLoader(v3_0.getAbsolutePath(), v1_0.getAbsolutePath(), 0, this.zzov.getClassLoader());
        this.zza(v3_0);
        this.zza(v1_0, v2_0);
        Object[] v3_3 = new Object[2];
        v3_3[0] = v1_0;
        v3_3[1] = v2_0;
        this.zzn(String.format("%s/%s.dex", v3_3));
        return 1;
    }