Info Call to dynamic code loading API

Description

List of all dynamic code loading API calls in the application. Loading code from untrsuted sources could allow the execution of malicious code in the context of the current application.

Recommendation

This entry is informative, no recommendations applicable.

Technical details

Method com.learnium.RNDeviceInfo.RNDeviceModule.getConstants() calling method java.lang.System.getProperty()


    public java.util.Map getConstants()
    {
        java.util.HashMap v0_1 = new java.util.HashMap();
        android.content.pm.PackageManager v5 = this.reactContext.getPackageManager();
        String v6 = this.reactContext.getPackageName();
        v0_1.put("appVersion", "not available");
        v0_1.put("buildVersion", "not available");
        v0_1.put("buildNumber", Integer.valueOf(0));
        v0_1.put("buildType", "not available");
        try {
            String v7_10;
            android.content.pm.PackageInfo v3 = v5.getPackageInfo(v6, 0);
            v0_1.put("appVersion", v3.versionName);
            v0_1.put("buildNumber", Integer.valueOf(v3.versionCode));
        } catch (Exception v2_0) {
            v2_0.printStackTrace();
            try {
                String v1 = android.bluetooth.BluetoothAdapter.getDefaultAdapter().getName();
            } catch (Exception v2_1) {
                v2_1.printStackTrace();
            }
            v0_1.put("deviceName", v1);
            v0_1.put("systemName", "Android");
            v0_1.put("systemVersion", android.os.Build$VERSION.RELEASE);
            v0_1.put("model", android.os.Build.MODEL);
            v0_1.put("deviceId", android.os.Build.BOARD);
            v0_1.put("deviceLocale", this.getCurrentLanguage());
            v0_1.put("deviceCountry", this.getCurrentCountry());
            v0_1.put("uniqueId", android.provider.Settings$Secure.getString(this.reactContext.getContentResolver(), "android_id"));
            v0_1.put("systemManufacturer", android.os.Build.MANUFACTURER);
            v0_1.put("bundleId", v6);
            v0_1.put("userAgent", System.getProperty("http.agent"));
            return v0_1;
        }
        if ((v3.applicationInfo.flags & 2) == 0) {
            v7_10 = "production";
        } else {
            v7_10 = "development";
        }
        v0_1.put("buildType", v7_10);
    }

Method com.fasterxml.jackson.core.util.DefaultPrettyPrinter$Lf2SpacesIndenter.<clinit>() calling method java.lang.System.getProperty()


    static DefaultPrettyPrinter$Lf2SpacesIndenter()
    {
        com.fasterxml.jackson.core.util.DefaultPrettyPrinter$Lf2SpacesIndenter.instance = new com.fasterxml.jackson.core.util.DefaultPrettyPrinter$Lf2SpacesIndenter();
        try {
            char[] v0_5 = System.getProperty("line.separator");
        } catch (int v1) {
        }
        if (v0_5 == null) {
            v0_5 = "\n";
        }
        com.fasterxml.jackson.core.util.DefaultPrettyPrinter$Lf2SpacesIndenter.SYS_LF = v0_5;
        char[] v0_3 = new char[64];
        com.fasterxml.jackson.core.util.DefaultPrettyPrinter$Lf2SpacesIndenter.SPACES = v0_3;
        java.util.Arrays.fill(com.fasterxml.jackson.core.util.DefaultPrettyPrinter$Lf2SpacesIndenter.SPACES, 32);
        return;
    }

Method okhttp3.internal.huc.OkHttpURLConnection.defaultUserAgent() calling method java.lang.System.getProperty()


    private String defaultUserAgent()
    {
        String v1_1;
        String v0 = System.getProperty("http.agent");
        if (v0 == null) {
            v1_1 = okhttp3.internal.Version.userAgent();
        } else {
            v1_1 = okhttp3.internal.Util.toHumanReadableAscii(v0);
        }
        return v1_1;
    }

Method okhttp3.internal.SystemPropertiesConnectionPool.<clinit>() calling method java.lang.System.getProperty()


    static SystemPropertiesConnectionPool()
    {
        int v4;
        String v0 = System.getProperty("http.keepAlive");
        if ((v0 == null) || (Boolean.parseBoolean(v0))) {
            String v5 = System.getProperty("http.maxConnections");
            if (v5 == null) {
                v4 = 5;
            } else {
                v4 = Integer.parseInt(v5);
            }
        } else {
            v4 = 0;
        }
        long v2;
        String v1 = System.getProperty("http.keepAliveDuration");
        if (v1 == null) {
            v2 = 300000;
        } else {
            v2 = Long.parseLong(v1);
        }
        okhttp3.internal.SystemPropertiesConnectionPool.INSTANCE = new okhttp3.ConnectionPool(v4, v2, java.util.concurrent.TimeUnit.MILLISECONDS);
        return;
    }

Method com.facebook.soloader.SoLoader.loadLibrary() calling method java.lang.System.getProperty()


    public static declared_synchronized void loadLibrary(String p5)
    {
        try {
            if (com.facebook.soloader.SoLoader.sSoSources != null) {
                try {
                    com.facebook.soloader.SoLoader.loadLibraryBySoName(System.mapLibraryName(p5), 0);
                } catch (UnsatisfiedLinkError v0_1) {
                    throw new RuntimeException(v0_1);
                }
            } else {
                if (!"http://www.android.com/".equals(System.getProperty("java.vendor.url"))) {
                    System.loadLibrary(p5);
                } else {
                    com.facebook.soloader.SoLoader.assertInitialized();
                }
            }
        } catch (com.facebook.soloader.SoLoader$WrongAbiError v2_9) {
            throw v2_9;
        }
        return;
    }

Method bolts.BoltsExecutors.isAndroidRuntime() calling method java.lang.System.getProperty()


    private static boolean isAndroidRuntime()
    {
        boolean v1_1;
        String v0 = System.getProperty("java.runtime.name");
        if (v0 != null) {
            v1_1 = v0.toLowerCase(java.util.Locale.US).contains("android");
        } else {
            v1_1 = 0;
        }
        return v1_1;
    }

Method com.facebook.soloader.SoLoader.initImpl() calling method java.lang.System.getenv()


    private static declared_synchronized void initImpl(android.content.Context p20, int p21)
    {
        try {
            if (com.facebook.soloader.SoLoader.sSoSources == null) {
                com.facebook.soloader.SoLoader.sFlags = p21;
                java.util.ArrayList v13_1 = new java.util.ArrayList();
                String v3 = System.getenv("LD_LIBRARY_PATH");
                if (v3 == null) {
                    v3 = "/vendor/lib:/system/lib";
                }
                String[] v14 = v3.split(":");
                int v7_0 = 0;
                while (v7_0 < v14.length) {
                    int v16_2 = new com.facebook.soloader.DirectorySoSource;
                    v16_2(new java.io.File(v14[v7_0]), 2);
                    v13_1.add(v16_2);
                    v7_0++;
                }
                if (p20 != null) {
                    if ((p21 & 1) == 0) {
                        int v9;
                        android.content.pm.ApplicationInfo v5 = p20.getApplicationInfo();
                        if (((v5.flags & 1) == 0) || ((v5.flags & 128) != 0)) {
                            v9 = 0;
                        } else {
                            v9 = 1;
                        }
                        int v4;
                        if (v9 == 0) {
                            v4 = 1;
                            int v11 = 0;
                            if (android.os.Build$VERSION.SDK_INT <= 17) {
                                v11 = (0 | 1);
                            }
                            int v16_12 = new java.io.File;
                            v16_12(v5.nativeLibraryDir);
                            v13_1.add(0, new com.facebook.soloader.DirectorySoSource(v16_12, v11));
                        } else {
                            v4 = 0;
                        }
                        String v18_3 = new com.facebook.soloader.ApkSoSource;
                        v18_3(p20, com.facebook.soloader.SoLoader.SO_STORE_NAME_MAIN, v4);
                        v13_1.add(0, v18_3);
                    } else {
                        String v18_4 = new com.facebook.soloader.ExoSoSource;
                        v18_4(p20, com.facebook.soloader.SoLoader.SO_STORE_NAME_MAIN);
                        v13_1.add(0, v18_4);
                    }
                }
                int v0_19 = new com.facebook.soloader.SoSource[v13_1.size()];
                com.facebook.soloader.SoSource[] v6_1 = ((com.facebook.soloader.SoSource[]) v13_1.toArray(v0_19));
                int v12 = com.facebook.soloader.SoLoader.makePrepareFlags();
                int v8 = v6_1.length;
                while(true) {
                    int v7_2 = (v8 - 1);
                    if (v8 <= 0) {
                        break;
                    }
                    v6_1[v7_2].prepare(v12);
                    v8 = v7_2;
                }
                com.facebook.soloader.SoLoader.sSoSources = v6_1;
            }
        } catch (int v16_4) {
            throw v16_4;
        }
        return;
    }

Method com.facebook.soloader.DirectorySoSource.loadLibraryFrom() calling method java.lang.System.load()


    protected int loadLibraryFrom(String p6, int p7, java.io.File p8)
    {
        int v4_4;
        java.io.File v3_1 = new java.io.File(p8, p6);
        if (v3_1.exists()) {
            if (((p7 & 1) == 0) || ((this.flags & 2) == 0)) {
                if ((this.flags & 1) != 0) {
                    String[] v0 = com.facebook.soloader.DirectorySoSource.getDependencies(v3_1);
                    int v2 = 0;
                    while (v2 < v0.length) {
                        String v1 = v0[v2];
                        if (!v1.startsWith("/")) {
                            com.facebook.soloader.SoLoader.loadLibraryBySoName(v1, (p7 | 1));
                        }
                        v2++;
                    }
                }
                System.load(v3_1.getAbsolutePath());
                v4_4 = 1;
            } else {
                v4_4 = 2;
            }
        } else {
            v4_4 = 0;
        }
        return v4_4;
    }

Method com.facebook.csslayout.CSSNodeJNI.<clinit>() calling method java.lang.System.loadLibrary()


    static CSSNodeJNI()
    {
        try {
            com.facebook.soloader.SoLoader.loadLibrary("csslayout");
        } catch (Exception v0) {
            System.out.println("Falling back to System.loadLibrary()");
            System.loadLibrary("csslayout");
        }
        return;
    }

Method com.facebook.common.soloader.SoLoaderShim$DefaultHandler.loadLibrary() calling method java.lang.System.loadLibrary()


    public void loadLibrary(String p1)
    {
        System.loadLibrary(p1);
        return;
    }

Method com.facebook.soloader.SoLoader.loadLibrary() calling method java.lang.System.loadLibrary()


    public static declared_synchronized void loadLibrary(String p5)
    {
        try {
            if (com.facebook.soloader.SoLoader.sSoSources != null) {
                try {
                    com.facebook.soloader.SoLoader.loadLibraryBySoName(System.mapLibraryName(p5), 0);
                } catch (UnsatisfiedLinkError v0_1) {
                    throw new RuntimeException(v0_1);
                }
            } else {
                if (!"http://www.android.com/".equals(System.getProperty("java.vendor.url"))) {
                    System.loadLibrary(p5);
                } else {
                    com.facebook.soloader.SoLoader.assertInitialized();
                }
            }
        } catch (com.facebook.soloader.SoLoader$WrongAbiError v2_9) {
            throw v2_9;
        }
        return;
    }