Info Call to dynamic code loading API

Description

List of all dynamic code loading API calls in the application. Loading code from untrsuted sources could allow the execution of malicious code in the context of the current application.

Recommendation

This entry is informative, no recommendations applicable.

Technical details

Method org.apache.commons.lang3.SystemUtils.getUserDir() calling method java.lang.System.getProperty()


    public static java.io.File getUserDir()
    {
        return new java.io.File(System.getProperty("user.dir"));
    }

Method org.apache.commons.lang3.SystemUtils.getUserHome() calling method java.lang.System.getProperty()


    public static java.io.File getUserHome()
    {
        return new java.io.File(System.getProperty("user.home"));
    }

Method com.google.android.gms.internal.zzdb.zza() calling method dalvik.system.DexClassLoader.<init>()


    public static com.google.android.gms.internal.zzdb zza(android.content.Context p9, String p10, String p11, boolean p12)
    {
        int v0_0 = 1;
        void v3_0 = new com.google.android.gms.internal.zzdb(p9);
        v3_0.zzqF = java.util.concurrent.Executors.newCachedThreadPool();
        v3_0.zzqk = p12;
        if (p12) {
            v3_0.zzqK = v3_0.zzqF.submit(new com.google.android.gms.internal.zzdc(v3_0));
        }
        v3_0.zzqF.execute(new com.google.android.gms.internal.zzde(v3_0));
        try {
            String v2_5;
            com.google.android.gms.internal.zzdb.zzqS = com.google.android.gms.common.zze.zzoW();
        } catch (int v0) {
            v3_0.zza(0, 1);
            if ((!com.google.android.gms.internal.zzdg.zzS()) || (!((Boolean) com.google.android.gms.ads.internal.zzbs.zzbL().zzd(com.google.android.gms.internal.zzmo.zzFa)).booleanValue())) {
                v3_0.zzqH = new com.google.android.gms.internal.zzcw(0);
                v3_0.zzqI = v3_0.zzqH.zzl(p10);
                try {
                    int v0_38 = v3_0.zzqD.getCacheDir();
                } catch (int v0_17) {
                    throw new com.google.android.gms.internal.zzcy(v0_17);
                } catch (int v0_16) {
                    throw new com.google.android.gms.internal.zzcy(v0_16);
                }
                if (v0_38 == 0) {
                    v0_38 = v3_0.zzqD.getDir("dex", 0);
                    if (v0_38 == 0) {
                        throw new com.google.android.gms.internal.zzcy();
                    }
                }
                String v1_21 = v0_38;
                Object[] v5_8 = new Object[2];
                v5_8[0] = v1_21;
                v5_8[1] = "1489418796403";
                String v4_9 = new java.io.File(String.format("%s/%s.jar", v5_8));
                if (!v4_9.exists()) {
                    int v0_3 = v3_0.zzqH.zza(v3_0.zzqI, p11);
                    v4_9.createNewFile();
                    Object[] v5_2 = new java.io.FileOutputStream(v4_9);
                    v5_2.write(v0_3, 0, v0_3.length);
                    v5_2.close();
                }
                v3_0.zzb(v1_21, "1489418796403");
                try {
                    v3_0.zzqG = new dalvik.system.DexClassLoader(v4_9.getAbsolutePath(), v1_21.getAbsolutePath(), 0, v3_0.zzqD.getClassLoader());
                } catch (int v0_6) {
                    com.google.android.gms.internal.zzdb.zza(v4_9);
                    v3_0 = v3_0.zza(v1_21, "1489418796403");
                    Object[] v5_5 = new Object[2];
                    v5_5[0] = v1_21;
                    v5_5[1] = "1489418796403";
                    com.google.android.gms.internal.zzdb.zzm(String.format("%s/%s.dex", v5_5));
                    throw v0_6;
                }
                com.google.android.gms.internal.zzdb.zza(v4_9);
                v3_0 = v3_0.zza(v1_21, "1489418796403");
                String v4_4 = new Object[2];
                v4_4[0] = v1_21;
                v4_4[1] = "1489418796403";
                com.google.android.gms.internal.zzdb.zzm(String.format("%s/%s.dex", v4_4));
                v3_0.zzqN = new com.google.android.gms.internal.zzcn(v3_0);
                v3_0.zzqV = 1;
                return v3_0;
            } else {
                throw new IllegalStateException("Task Context initialization must not be called from the UI thread.");
            }
        }
        if (com.google.android.gms.common.zze.zzau(v3_0.zzqD) <= 0) {
            v2_5 = 0;
        } else {
            v2_5 = 1;
        }
        v3_0.zzqP = v2_5;
        if (com.google.android.gms.internal.zzdb.zzqS.isGooglePlayServicesAvailable(v3_0.zzqD) != 0) {
            v0_0 = 0;
        }
        v3_0.zzqR = v0_0;
        if (v3_0.zzqD.getApplicationContext() == null) {
        } else {
            v3_0.zzqO = new com.google.android.gms.common.api.GoogleApiClient$Builder(v3_0.zzqD).addApi(com.google.android.gms.internal.zzazn.API).build();
        }
    }

Method com.google.android.gms.dynamite.zzg.<init>() calling method dalvik.system.PathClassLoader.<init>()


    zzg(String p1, ClassLoader p2)
    {
        super(p1, p2);
        return;
    }

Method android.support.multidex.MultiDex$V4.install() calling method dalvik.system.DexFile.loadDex()


    private static void install(ClassLoader p13, java.util.List p14)
    {
        int v5 = p14.size();
        reflect.Field v10 = android.support.multidex.MultiDex.access$300(p13, "path");
        StringBuilder v9_1 = new StringBuilder(((String) v10.get(p13)));
        String[] v4 = new String[v5];
        java.io.File[] v3 = new java.io.File[v5];
        java.util.zip.ZipFile[] v6 = new java.util.zip.ZipFile[v5];
        dalvik.system.DexFile[] v2 = new dalvik.system.DexFile[v5];
        java.util.ListIterator v8 = p14.listIterator();
        while (v8.hasNext()) {
            java.io.File v0_1 = ((java.io.File) v8.next());
            String v1 = v0_1.getAbsolutePath();
            v9_1.append(58).append(v1);
            int v7 = v8.previousIndex();
            v4[v7] = v1;
            v3[v7] = v0_1;
            v6[v7] = new java.util.zip.ZipFile(v0_1);
            v2[v7] = dalvik.system.DexFile.loadDex(v1, new StringBuilder().append(v1).append(".dex").toString(), 0);
        }
        v10.set(p13, v9_1.toString());
        android.support.multidex.MultiDex.access$400(p13, "mPaths", v4);
        android.support.multidex.MultiDex.access$400(p13, "mFiles", v3);
        android.support.multidex.MultiDex.access$400(p13, "mZips", v6);
        android.support.multidex.MultiDex.access$400(p13, "mDexs", v2);
        return;
    }

Method android.support.multidex.MultiDex.<clinit>() calling method java.lang.System.getProperty()


    static MultiDex()
    {
        android.support.multidex.MultiDex.installedApk = new java.util.HashSet();
        android.support.multidex.MultiDex.IS_VM_MULTIDEX_CAPABLE = android.support.multidex.MultiDex.isVMMultidexCapable(System.getProperty("java.vm.version"));
        return;
    }

Method android.support.multidex.MultiDex.doInstallation() calling method java.lang.System.getProperty()


    private static void doInstallation(android.content.Context p9, java.io.File p10, java.io.File p11, String p12, String p13)
    {
        try {
            if (!android.support.multidex.MultiDex.installedApk.contains(p10)) {
                android.support.multidex.MultiDex.installedApk.add(p10);
                if (android.os.Build$VERSION.SDK_INT > 20) {
                    android.util.Log.w("MultiDex", new StringBuilder().append("MultiDex is not guaranteed to work in SDK version ").append(android.os.Build$VERSION.SDK_INT).append(": SDK version higher than ").append(20).append(" should be backed by ").append("runtime with built-in multidex capabilty but it\'s not the ").append("case here: java.vm.version=\"").append(System.getProperty("java.vm.version")).append("\"").toString());
                }
                try {
                    ClassLoader v3 = p9.getClassLoader();
                } catch (RuntimeException v1) {
                    android.util.Log.w("MultiDex", "Failure while trying to obtain Context class loader. Must be running in test mode. Skip patching.", v1);
                }
                if (v3 != null) {
                    try {
                        android.support.multidex.MultiDex.clearOldDexDir(p9);
                    } catch (Throwable v4) {
                        android.util.Log.w("MultiDex", "Something went wrong when trying to clear old MultiDex extraction, continuing without cleaning.", v4);
                    }
                    java.io.File v0 = android.support.multidex.MultiDex.getDexDir(p9, p11, p12);
                    android.support.multidex.MultiDex.installSecondaryDexes(v3, v0, android.support.multidex.MultiDexExtractor.load(p9, p10, v0, p13, 0));
                } else {
                    android.util.Log.e("MultiDex", "Context class loader is null. Must be running in test mode. Skip patching.");
                }
            } else {
            }
        } catch (int v5_8) {
            throw v5_8;
        }
        return;
    }

Method bolts.BoltsExecutors.isAndroidRuntime() calling method java.lang.System.getProperty()


    private static boolean isAndroidRuntime()
    {
        boolean v1_1;
        String v0 = System.getProperty("java.runtime.name");
        if (v0 != null) {
            v1_1 = v0.toLowerCase(java.util.Locale.US).contains("android");
        } else {
            v1_1 = 0;
        }
        return v1_1;
    }

Method com.app.helpers.OSHelper.getDeviceInfo() calling method java.lang.System.getProperty()


    public static String getDeviceInfo()
    {
        return new StringBuilder().append(new StringBuilder().append(new StringBuilder().append(new StringBuilder().append(new StringBuilder().append(new StringBuilder().append("Debug-infos:").append("\n OS Version: ").append(System.getProperty("os.version")).append("(").append(android.os.Build$VERSION.INCREMENTAL).append(")").toString()).append("\n OS API Level: ").append(android.os.Build$VERSION.SDK_INT).toString()).append("\n Device: ").append(android.os.Build.DEVICE).toString()).append("\n Display: ").append(android.os.Build.DISPLAY).toString()).append("\n Has External Storage: ").append(com.app.helpers.OSHelper.isExerternalStorageAvailable()).toString()).append("\n Model (and Product): ").append(android.os.Build.MODEL).append(" (").append(android.os.Build.PRODUCT).append(")").toString();
    }

Method com.bumptech.glide.load.model.LazyHeaders$Builder.<clinit>() calling method java.lang.System.getProperty()


    static LazyHeaders$Builder()
    {
        com.bumptech.glide.load.model.LazyHeaders$Builder.DEFAULT_USER_AGENT = System.getProperty("http.agent");
        java.util.HashMap v0_1 = new java.util.HashMap(2);
        if (!android.text.TextUtils.isEmpty(com.bumptech.glide.load.model.LazyHeaders$Builder.DEFAULT_USER_AGENT)) {
            v0_1.put("User-Agent", java.util.Collections.singletonList(new com.bumptech.glide.load.model.LazyHeaders$StringHeaderFactory(com.bumptech.glide.load.model.LazyHeaders$Builder.DEFAULT_USER_AGENT)));
        }
        com.bumptech.glide.load.model.LazyHeaders$Builder.DEFAULT_HEADERS = java.util.Collections.unmodifiableMap(v0_1);
        return;
    }

Method com.google.android.gms.internal.ql.zzc() calling method java.lang.System.getProperty()


    public final String zzc(com.google.android.gms.internal.qd p5)
    {
        StringBuilder v1_3 = System.getProperty("java.specification.version", "Unknown");
        return new StringBuilder(((String.valueOf(v1_3).length() + 1) + String.valueOf("AppEngine").length())).append(v1_3).append("/").append("AppEngine").toString();
    }

Method com.google.android.gms.internal.qp.zzc() calling method java.lang.System.getProperty()


    public final String zzc(com.google.android.gms.internal.qd p5)
    {
        String v0_3 = System.getProperty("java.vm.name", "Unknown JVM");
        StringBuilder v1_4 = System.getProperty("java.specification.version", "Unknown");
        return new StringBuilder(((String.valueOf(v1_4).length() + 1) + String.valueOf(v0_3).length())).append(v1_4).append("/").append(v0_3).toString();
    }

Method org.apache.commons.lang3.SystemUtils.getJavaHome() calling method java.lang.System.getProperty()


    public static java.io.File getJavaHome()
    {
        return new java.io.File(System.getProperty("java.home"));
    }

Method org.apache.commons.lang3.SystemUtils.getJavaIoTmpDir() calling method java.lang.System.getProperty()


    public static java.io.File getJavaIoTmpDir()
    {
        return new java.io.File(System.getProperty("java.io.tmpdir"));
    }

Method org.apache.commons.lang3.SystemUtils.getSystemProperty() calling method java.lang.System.getProperty()


    private static String getSystemProperty(String p4)
    {
        try {
            int v1_0 = System.getProperty(p4);
        } catch (SecurityException v0) {
            System.err.println(new StringBuilder().append("Caught a SecurityException reading the system property \'").append(p4).append("\'; the SystemUtils property value will default to null.").toString());
            v1_0 = 0;
        }
        return v1_0;
    }

Method com.squareup.okhttp.ConnectionPool.<clinit>() calling method java.lang.System.getProperty()


    static ConnectionPool()
    {
        long v2;
        String v0 = System.getProperty("http.keepAlive");
        String v1 = System.getProperty("http.keepAliveDuration");
        String v4 = System.getProperty("http.maxConnections");
        if (v1 == null) {
            v2 = 300000;
        } else {
            v2 = Long.parseLong(v1);
        }
        if ((v0 == null) || (Boolean.parseBoolean(v0))) {
            if (v4 == null) {
                com.squareup.okhttp.ConnectionPool.systemDefault = new com.squareup.okhttp.ConnectionPool(5, v2);
            } else {
                com.squareup.okhttp.ConnectionPool.systemDefault = new com.squareup.okhttp.ConnectionPool(Integer.parseInt(v4), v2);
            }
        } else {
            com.squareup.okhttp.ConnectionPool.systemDefault = new com.squareup.okhttp.ConnectionPool(0, v2);
        }
        return;
    }

Method com.squareup.okhttp.internal.huc.HttpURLConnectionImpl.defaultUserAgent() calling method java.lang.System.getProperty()


    private String defaultUserAgent()
    {
        String v0 = System.getProperty("http.agent");
        if (v0 == null) {
            v0 = new StringBuilder().append("Java").append(System.getProperty("java.version")).toString();
        }
        return v0;
    }

Method org.apache.commons.lang3.JavaVersion.maxVersion() calling method java.lang.System.getProperty()


    private static float maxVersion()
    {
        int v0 = org.apache.commons.lang3.JavaVersion.toFloatVersion(System.getProperty("java.specification.version", "99.0"));
        if (v0 <= 0) {
            v0 = 1120272384;
        }
        return v0;
    }

Method org.apache.commons.lang3.text.StrLookup$SystemPropertiesStrLookup.lookup() calling method java.lang.System.getProperty()


    public String lookup(String p2)
    {
        SecurityException v0_1;
        if (p2.length() <= 0) {
            v0_1 = 0;
        } else {
            try {
                v0_1 = System.getProperty(p2);
            } catch (SecurityException v0) {
            }
        }
        return v0_1;
    }

Method retrofit.Platform.findPlatform() calling method java.lang.System.getProperty()


    private static retrofit.Platform findPlatform()
    {
        try {
            retrofit.Platform$Base v0_3;
            Class.forName("android.os.Build");
        } catch (retrofit.Platform$Base v0) {
            if (System.getProperty("com.google.appengine.runtime.version") == null) {
                v0_3 = new retrofit.Platform$Base(0);
                return v0_3;
            } else {
                v0_3 = new retrofit.Platform$AppEngine(0);
                return v0_3;
            }
        }
        if (android.os.Build$VERSION.SDK_INT == 0) {
        } else {
            v0_3 = new retrofit.Platform$Android(0);
            return v0_3;
        }
    }