https://github.com/getsentry/reaper-server

https://github.com/getsentry/reaper-server

tag-production

Last synced: 2 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/getsentry/reaper-server
• Owner: getsentry
• License: mit
• Created: 2025-06-26T16:40:54.000Z (3 months ago)
• Default Branch: main
• Last Pushed: 2025-06-27T16:24:06.000Z (3 months ago)
• Last Synced: 2025-07-31T09:29:05.428Z (2 months ago)
• Topics: tag-production
• Language: Python
• Size: 9.17 MB
• Stars: 7
• Watchers: 2
• Forks: 2
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Reaper: Dead Code Detection for Mobile Apps

Reaper is a tool for detecting dead code in mobile applications by combining static analysis with runtime data collection. Unlike traditional static analysis tools, Reaper uses data from production - allowing it to detect unused code which is impossible to detect via static approaches.

This repo contains an example backend implementation for Reaper. See the video for a brief walkthrough.

[![Reaper Walkthough](https://img.youtube.com/vi/HA1Av22c4kI/0.jpg)](https://www.youtube.com/watch?v=HA1Av22c4kI)

For platform-specific implementations, see [iOS](https://github.com/getsentry/Reaper-iOS) and [Android](https://github.com/EmergeTools/emerge-android/tree/main/reaper) repos.

## How It Works

Reaper uses a two-step approach to identify dead code:

1. **Static Analysis**: Extracts all classes from your app binary (AAB for Android)

2. **Runtime Collection**: Collects data about which classes are actually used at runtime,

The difference between these sets represents code that is never used in production and can be removed.

### For Android Apps

On Android, Reaper:

- Computes the SHA256 hash of each class signature and extracts the top 64 bits

- Instruments the `` (static initializer) and `` (constructor) methods

- Collects and reports class usage data back to this backend

### For iOS Apps

On iOS, Reaper:

- Inspects the Objective-C and Swift runtime for metadata

- Uses the `RW_INITIALIZED` bit for Objective-C classes

- Uses runtime flags to detect accessed Swift types

## Features

- Upload Android App Bundles (AAB) for static analysis

- Automatically extracts package name and version information

- Collects and aggregates runtime data from mobile devices

- Visual dashboard for analyzing dead code metrics

- Detailed breakdown of unused classes

- Compare metrics across different app versions

- REST API for integration with CI/CD pipelines

## Getting Started

### Prerequisites

- Python 3.13+

- Flask

- Bundletool (for AAB processing)

- Baksmali (for DEX file disassembly)

### Installation

1. Clone the repository:

   ```bash

   git clone https://github.com/EmergeTools/oss-reaper.git

   cd oss-reaper

   ```

2. Install dependencies using `uv`:

   ```bash

   uv pip install -r requirements.txt

   ```

3. Run the development server:

   ```bash

   python app.py

   ```

4. Access the web interface at http://localhost:5000

## API Endpoints

### Report Class Usage

```

POST /report

```

Accepts JSON payload with the following structure:

```json

{

  "apiKey": "your_api_key",

  "seen": ["RvP1/Jw16IY=", ...],

  "platform": "android",

  "metadata": {

    "manufacturer": "Google",

    "model": "Pixel 7",

    "osVersion": "13",

    "reaperVersion": "1.0.2"

  },

  "appId": "com.example.app",

  "shortVersionString": "1.0.2"

}

```

### Report Errors

```

POST /reaper/error

```

Reports SDK errors back to the server.

## Integrating with Your App

### Android

Add the following to your Android manifest:

```xml

```

## Running Static Analysis

See how to extract all monitorable types for your app

### Android

To extract class signatures from an AAB file:

```bash

python reaper.py path/to/your/app.aab -o output.tsv

```

The output is a tab-separated file containing:

- Class signature

- SHA256 hash

- Base64-encoded top 64 bits

- Package name

- Version name

### iOS

Instructions found in the [iOS Reaper repo](https://github.com/getsentry/Reaper-iOS?tab=readme-ov-file#determining-all-types)

## Screenshots

### Home Screen

![Home Screen](screenshots/home.png)

### Apps Analysis

![Apps Analysis](screenshots/apps.png)

### Summary Analysis

![Summary Analysis](screenshots/summary.png)

### Detailed Analysis

![Detailed Analysis](screenshots/analyze.png)

### Reports

![Reports](screenshots/reports.png)

## License

This project is licensed under the MIT License - see the LICENSE file for details.