FROM openjdk:23-jdk-slim-bookworm AS apk_scanner-worker
COPY --from=firmwaredroid-base / /

#####################################
# Installing required packages      #
#####################################
RUN apt --allow-releaseinfo-change update -y

#####################################
# Install Exodus-core dependency (dexdump) #
# Install Android scommand line tools and sdk #
#####################################
# TODO FIX DEXDUMP Installation: https://github.com/Exodus-Privacy/exodus-standalone/issues/6
#RUN apt install -y dexdump android-libbacktrace # Debian dexdump package is broken
# Workaround: Installation via Android sdkmanager
RUN mkdir -p /android/sdk/cmdline-tools/latest && mkdir -p /android/sdk/avd && mkdir -p /android/sdk/platforms  \
    && mkdir -p /android/sdk/platforms && mkdir -p /android/sdk/platform-tools && mkdir -p /android/sdk/system-images  \
    && mkdir /android/tmp && mkdir -p /android/user_home/
WORKDIR /android
RUN wget https://dl.google.com/android/repository/commandlinetools-linux-10406996_latest.zip
RUN wget https://dl.google.com/android/repository/platform-tools-latest-linux.zip
RUN unzip commandlinetools-linux-10406996_latest.zip -d /android/tmp
RUN unzip platform-tools-latest-linux.zip -d /android/sdk/
RUN mv /android/tmp/cmdline-tools/* /android/sdk/cmdline-tools/latest/
ENV ANDROID_HOME=/android/sdk
ENV ANDROID_SDK_ROOT=/android/sdk
ENV ANDROID_AVD_HOME=/android/sdk/avd
ENV ANDROID_EMULATOR_HOME=/android/sdk/emulator
ENV ANDROID_USER_HOME=/android/user_home/
ENV PATH=$ANDROID_HOME/cmdline-tools/latest/bin:$PATH
ENV PATH=$ANDROID_HOME/platform-tools:$PATH
ENV PATH=$ANDROID_HOME/emulator/:$PATH
RUN yes | /android/sdk/cmdline-tools/latest/bin/sdkmanager --licenses ; exit 0 # Workaround against exit code 133
RUN /android/sdk/cmdline-tools/latest/bin/sdkmanager --install "build-tools;35.0.0" ; exit 0 # Workaround against exit code 133
ENV PATH=$ANDROID_SDK_ROOT/build-tools/35.0.0/:$PATH

#####################################
# Installing apktool                #
#####################################
RUN APKTOOL_VERSION=$(curl -s "https://api.github.com/repos/iBotPeaches/Apktool/releases/latest"  \
    | grep -Po '"tag_name": "v\K[0-9.]+')  \
    && curl -Lo /usr/local/bin/apktool.jar "https://github.com/iBotPeaches/Apktool/releases/latest/download/apktool_${APKTOOL_VERSION}.jar"
RUN curl -o /usr/local/bin/apktool https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/linux/apktool
RUN chmod a+x /usr/local/bin/apktool.jar && chmod a+x /usr/local/bin/apktool
RUN apktool --version

#####################################
# Installing jadx                   #
#####################################
RUN mkdir -p /tmp/jadx-temp/jadx/ && mkdir -p /opt/jadx/bin
WORKDIR /tmp/jadx-temp/
RUN JADX_VERSION=$(curl -s "https://api.github.com/repos/skylot/jadx/releases/latest"  \
    | grep -Po '"tag_name": "v\K[0-9.]+')  \
    && curl -Lo jadx.zip "https://github.com/skylot/jadx/releases/latest/download/jadx-${JADX_VERSION}.zip"
RUN unzip jadx.zip -d /tmp/jadx-temp/
RUN mv /tmp/jadx-temp/* /opt/jadx/
ENV JADX="/opt/jadx/bin"
ENV PATH="${JADX}:${PATH}"
RUN export PATH=$PATH
RUN jadx --version

##################################################
# Install RUST
##################################################
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
ENV PATH="/root/.cargo/bin:${PATH}"
RUN cargo --version

##################################################
# Install Gradle
##################################################
RUN mkdir -p /opt/gradle
ENV GRADLE_VERSION=7.6.3
RUN wget https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip -P /tmp \
    && unzip -d /opt/gradle /tmp/gradle-${GRADLE_VERSION}-bin.zip \
    && rm /tmp/gradle-${GRADLE_VERSION}-bin.zip
ENV GRADLE_HOME=/opt/gradle/gradle-${GRADLE_VERSION}
ENV PATH=${GRADLE_HOME}/bin:${PATH}
RUN gradle --version

##################################################
# Install Java decompilers
##################################################
RUN mkdir -p /opt/decompilers/java/
# Install CFR
RUN wget https://github.com/leibnitz27/cfr/releases/download/0.152/cfr-0.152.jar -O /opt/decompilers/java/cfr.jar

# Install Procyon
RUN wget https://github.com/mstrobel/procyon/releases/download/v0.6.0/procyon-decompiler-0.6.0.jar -O /opt/decompilers/java/procyon.jar

# Install Krakatau
RUN git clone https://github.com/Storyyeller/Krakatau.git /opt/decompilers/java/krakatau
WORKDIR /opt/decompilers/java/krakatau/
RUN cargo build --release
ENV PATH="${PATH}:/opt/firmwaredroid/decompilers/java/krakatau/target/release/krak2"

# Install Fernflower
# TODO find prebuilt version of fernflower or stable release jar
#RUN git clone https://github.com/fesh0r/fernflower.git /opt/decompilers/java/fernflower
#RUN /opt/firmwaredroid/decompilers/java/fernflower/gradlew build

WORKDIR /var/www/source/
#####################################
# Install SUPER Android Analyzer   #
#####################################
RUN apt-get install -y default-jre-headless
RUN wget -P /tmp/ https://github.com/SUPERAndroidAnalyzer/super/releases/download/0.5.1/super-analyzer_0.5.1_ubuntu_amd64.deb
RUN dpkg -i /tmp/super-analyzer_0.5.1_ubuntu_amd64.deb

#####################################
# Install FlowDroid                 #
#####################################
RUN mkdir -p /opt/flowdroid/rules/
# Please, update hardcoded version in flowdroid_wrapper.py when updating here!
RUN wget -O /opt/flowdroid/soot-infoflow-cmd-jar-with-dependencies.jar https://github.com/secure-software-engineering/FlowDroid/releases/download/v2.13/soot-infoflow-cmd-2.13.0-jar-with-dependencies.jar

# Download examples source and sink rules
RUN wget -O /opt/flowdroid/rules/SourcesAndSinks.txt https://raw.githubusercontent.com/secure-software-engineering/FlowDroid/develop/soot-infoflow-android/SourcesAndSinks.txt
RUN wget -O /opt/flowdroid/rules/SourcesAndSinks_SharedPrefsOnly.txt https://raw.githubusercontent.com/secure-software-engineering/FlowDroid/develop/soot-infoflow-android/SourcesAndSinks_SharedPrefsOnly.txt


########################################################
# Install Python requirements                          #
########################################################
RUN --mount=type=cache,target=/tmp/.cache \
    pip install -r /var/www/requirements/requirements_apk_scanner.txt

##################################################
# Install python-based static-analysis tools  #
##################################################
USER root
RUN chown -R www:www /android && chmod u+rwx /android
RUN chown -R www:www /opt/firmwaredroid/python/

USER www
ENV PATH="$PATH:/home/www/.local/bin/"
ENV PYTHONPATH="/var/www/source/:$PYTHONPATH"
WORKDIR /var/www/source/
RUN python3 /var/www/docker/setup_apk_scanner.py
