Skip to content

Commit

Permalink
fixed mobsf parser, #8860 (#8865)
Browse files Browse the repository at this point in the history 
* fixed mobsf parser, #8860

* 🐛 fix

* condensed unittestfile
  • Loading branch information
@manuel-sommer
manuel-sommer authored Oct 30, 2023
1 parent 4726e3f commit 0e31926
Show file tree
Hide file tree
Showing 3 changed files with 319 additions and 0 deletions.
19 changes: 19 additions & 0 deletions dojo/tools/mobsf/parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,25 @@ def get_findings(self, filename, test):
"file_path": details["name"]
}
mobsf_findings.append(mobsf_item)
elif data["binary_analysis"].get("findings"):
for binary_analysis_type, details in list(data["binary_analysis"]["findings"].items()):
# "findings":{
# "Binary makes use of insecure API(s)":{
# "detailed_desc":"The binary may contain the following insecure API(s) _memcpy\n, _strlen\n",
# "severity":"high",
# "cvss":6,
# "cwe":"CWE-676: Use of Potentially Dangerous Function",
# "owasp-mobile":"M7: Client Code Quality",
# "masvs":"MSTG-CODE-8"
# },
mobsf_item = {
"category": "Binary Analysis",
"title": details["detailed_desc"],
"severity": details["severity"].replace("good", "info").title(),
"description": details["detailed_desc"],
"file_path": None
}
mobsf_findings.append(mobsf_item)
else:
for binary_analysis_type, details in list(data["binary_analysis"].items()):
# "Binary makes use of insecure API(s)":{
Expand Down
285 changes: 285 additions & 0 deletions unittests/scans/mobsf/mobsf_3_7_9.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,285 @@
{
"version":"v3.7.9 Beta",
"title":"Static Analysis",
"file_name":"bitbar-ios-sample.ipa",
"app_name":"BitbarIOSSample",
"app_type":"Objective C",
"size":"0.14MB",
"md5":"e1f08f17e868e9de32a87d0bdc522fac",
"sha1":"deca43e3dd1186d002dea64b4cef4c8b88142488",
"sha256":"07ff7a6608265fff57bd3369fb4e10321d939de5101bd966677cd9a210b820b1",
"build":"1.0",
"app_version":"1.0",
"sdk_name":"iphoneos9.1",
"platform":"9.1",
"min_os_version":"6.0",
"bundle_id":"com.bitbar.testdroid.BitbarIOSSample",
"bundle_url_types":[

],
"bundle_supported_platforms":[
"iPhoneOS"
],
"icon_path":"",
"info_plist":"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n<plist version=\"1.0\">\n<dict>\n\t<key>BuildMachineOSBuild</key>\n\t<string>15B42</string>\n\t<key>CFBundleDevelopmentRegion</key>\n\t<string>en</string>\n\t<key>CFBundleDisplayName</key>\n\t<string>BitbarIOSSample</string>\n\t<key>CFBundleExecutable</key>\n\t<string>BitbarIOSSample</string>\n\t<key>CFBundleIconFiles</key>\n\t<array>\n\t\t<string>icon.png</string>\n\t</array>\n\t<key>CFBundleIcons</key>\n\t<dict>\n\t\t<key>CFBundlePrimaryIcon</key>\n\t\t<dict>\n\t\t\t<key>CFBundleIconFiles</key>\n\t\t\t<array>\n\t\t\t\t<string>icon.png</string>\n\t\t\t</array>\n\t\t</dict>\n\t</dict>\n\t<key>CFBundleIdentifier</key>\n\t<string>com.bitbar.testdroid.BitbarIOSSample</string>\n\t<key>CFBundleInfoDictionaryVersion</key>\n\t<string>6.0</string>\n\t<key>CFBundleName</key>\n\t<string>BitbarIOSSample</string>\n\t<key>CFBundlePackageType</key>\n\t<string>APPL</string>\n\t<key>CFBundleShortVersionString</key>\n\t<string>1.0</string>\n\t<key>CFBundleSignature</key>\n\t<string>????</string>\n\t<key>CFBundleSupportedPlatforms</key>\n\t<array>\n\t\t<string>iPhoneOS</string>\n\t</array>\n\t<key>CFBundleVersion</key>\n\t<string>1.0</string>\n\t<key>DTCompiler</key>\n\t<string>com.apple.compilers.llvm.clang.1_0</string>\n\t<key>DTPlatformBuild</key>\n\t<string>13B137</string>\n\t<key>DTPlatformName</key>\n\t<string>iphoneos</string>\n\t<key>DTPlatformVersion</key>\n\t<string>9.1</string>\n\t<key>DTSDKBuild</key>\n\t<string>13B137</string>\n\t<key>DTSDKName</key>\n\t<string>iphoneos9.1</string>\n\t<key>DTXcode</key>\n\t<string>0711</string>\n\t<key>DTXcodeBuild</key>\n\t<string>7B1005</string>\n\t<key>LSRequiresIPhoneOS</key>\n\t<true/>\n\t<key>MinimumOSVersion</key>\n\t<string>6.0</string>\n\t<key>UIDeviceFamily</key>\n\t<array>\n\t\t<integer>1</integer>\n\t\t<integer>2</integer>\n\t</array>\n\t<key>UIRequiredDeviceCapabilities</key>\n\t<array>\n\t\t<string>armv7</string>\n\t</array>\n\t<key>UISupportedInterfaceOrientations</key>\n\t<array>\n\t\t<string>UIInterfaceOrientationPortrait</string>\n\t</array>\n\t<key>UISupportedInterfaceOrientations~ipad</key>\n\t<array>\n\t\t<string>UIInterfaceOrientationPortrait</string>\n\t</array>\n</dict>\n</plist>\n",
"binary_info":{
"endian":"<",
"bit":"32-bit",
"arch":"ARM",
"subarch":"CPU_SUBTYPE_ARM_V7"
},
"permissions":{

},
"ats_analysis":{
"ats_findings":[

],
"ats_summary":{

}
},
"binary_analysis":{
"findings":{
"Binary makes use of insecure API(s)":{
"detailed_desc":"The binary may contain the following insecure API(s) _memcpy\n, _strlen\n",
"severity":"high",
"cvss":6,
"cwe":"CWE-676: Use of Potentially Dangerous Function",
"owasp-mobile":"M7: Client Code Quality",
"masvs":"MSTG-CODE-8"
},
"Binary makes use of malloc function":{
"detailed_desc":"The binary may use _malloc\n function instead of calloc",
"severity":"high",
"cvss":2,
"cwe":"CWE-789: Uncontrolled Memory Allocation",
"owasp-mobile":"M7: Client Code Quality",
"masvs":"MSTG-CODE-8"
}
},
"summary":{
"high":2,
"warning":0,
"info":0,
"secure":0,
"suppressed":0
}
},
"macho_analysis":{
"name":"BitbarIOSSample",
"nx":{
"has_nx":true,
"severity":"info",
"description":"The binary has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable."
},
"pie":{
"has_pie":true,
"severity":"info",
"description":"The binary is build with -fPIC flag which enables Position independent code. This makes Return Oriented Programming (ROP) attacks much more difficult to execute reliably."
},
"stack_canary":{
"has_canary":true,
"severity":"info",
"description":"This binary has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return."
},
"arc":{
"has_arc":false,
"severity":"warning",
"description":"This binary has debug symbols stripped. We cannot identify whether ARC is enabled or not."
},
"rpath":{
"has_rpath":false,
"severity":"info",
"description":"The binary does not have Runpath Search Path (@rpath) set."
},
"code_signature":{
"has_code_signature":true,
"severity":"info",
"description":"This binary has a code signature."
},
"encrypted":{
"is_encrypted":false,
"severity":"warning",
"description":"This binary is not encrypted."
},
"symbol":{
"is_stripped":true,
"severity":"info",
"description":"Debug Symbols are stripped"
}
},
"dylib_analysis":[

],
"framework_analysis":[

],
"ios_api":{

},
"code_analysis":{
"findings":{

},
"summary":{

}
},
"file_analysis":[
{
"issue":"Plist Files",
"files":[
{
"file_path":"BitbarIOSSample.app/Info.plist",
"type":"ipa",
"hash":"e1f08f17e868e9de32a87d0bdc522fac"
}
]
}
],
"libraries":[
"/System/Library/Frameworks/QuartzCore.framework/QuartzCore (compatibility version: 1.2.0, current version: 1.11.0)",
"/System/Library/Frameworks/UIKit.framework/UIKit (compatibility version: 1.0.0, current version: 3512.29.5)",
"/System/Library/Frameworks/Foundation.framework/Foundation (compatibility version: 300.0.0, current version: 1241.14.0)",
"/System/Library/Frameworks/CoreGraphics.framework/CoreGraphics (compatibility version: 64.0.0, current version: 600.0.0)",
"/usr/lib/libobjc.A.dylib (compatibility version: 1.0.0, current version: 228.0.0)",
"/usr/lib/libSystem.B.dylib (compatibility version: 1.0.0, current version: 1226.10.1)",
"/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation (compatibility version: 150.0.0, current version: 1241.11.0)"
],
"files":[
"BitbarIOSSample.app/embedded.mobileprovision",
"BitbarIOSSample.app/[email protected]",
"BitbarIOSSample.app/RadioButton-Selected.png",
"BitbarIOSSample.app/_CodeSignature/CodeResources",
"BitbarIOSSample.app/en.lproj/InfoPlist.strings"
],
"urls":[
{
"urls":[
"http://www.apple.com/dtds/propertylist-1.0.dtd"
],
"path":"BitbarIOSSample.app/archived-expanded-entitlements.xcent"
},
{
"urls":[
"http://www.apple.com/dtds/propertylist-1.0.dtd",
"http://www.apple.com/appleca/root.crl0",
"https://www.apple.com/appleca/0",
"http://www.apple.com/appleca/0m",
"http://developer.apple.com/certificationauthority/wwdrca.crl0"
],
"path":"BitbarIOSSample.app/BitbarIOSSample"
},
{
"urls":[
"http://www.apple.com/dtds/propertylist-1.0.dtd",
"https://www.apple.com/appleca/0",
"http://developer.apple.com/certificationauthority/wwdrca.crl0",
"http://www.apple.com/appleca/0m",
"http://www.apple.com/appleca/root.crl0"
],
"path":"IPA Strings Dump"
}
],
"domains":{
"www.apple.com":{
"bad":"no",
"geolocation":{
"ip":"92.122.160.209",
"country_short":"GB",
"country_long":"United Kingdom of Great Britain and Northern Ireland",
"region":"England",
"city":"Slough",
"latitude":"51.509491",
"longitude":"-0.595410"
},
"ofac":false
},
"developer.apple.com":{
"bad":"no",
"geolocation":{
"ip":"17.253.37.202",
"country_short":"GB",
"country_long":"United Kingdom of Great Britain and Northern Ireland",
"region":"England",
"city":"London",
"latitude":"51.508530",
"longitude":"-0.125740"
},
"ofac":false
}
},
"emails":[

],
"strings":[
"@_protocol_getMethodDescription",
"+FxD",
"otherButtonSelected:",
"NSString",
"%http://www.apple.com/appleca/root.crl0",
"!i*i",
"^s./%u",
"@_kCFCoreFoundationVersionNumber"
],
"firebase_urls":[

],
"appstore_details":{
"error":true
},
"secrets":[

],
"trackers":{
"detected_trackers":0,
"total_trackers":428,
"trackers":[

]
},
"virus_total":null,
"appsec":{
"high":[
{
"title":"Binary makes use of insecure API(s)",
"description":"The binary may contain the following insecure API(s) _memcpy\n, _strlen\n",
"section":"binary"
},
{
"title":"Binary makes use of malloc function",
"description":"The binary may use _malloc\n function instead of calloc",
"section":"binary"
}
],
"warning":[
{
"title":"Application binary is not compiled with ARC flag",
"description":"This binary has debug symbols stripped. We cannot identify whether ARC is enabled or not.",
"section":"macho"
}
],
"info":[

],
"secure":[
{
"title":"This application has no privacy trackers",
"description":"This application does not include any user or device trackers. Unable to find trackers during static analysis.",
"section":"trackers"
}
],
"hotspot":[

],
"total_trackers":428,
"trackers":0,
"security_score":42,
"app_name":"BitbarIOSSample",
"file_name":"bitbar-ios-sample.ipa",
"hash":"e1f08f17e868e9de32a87d0bdc522fac",
"version_name":"1.0"
},
"average_cvss":null
}
15 changes: 15 additions & 0 deletions unittests/tools/test_mobsf_parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,3 +66,18 @@ def test_parse_file_3_1_9_ios(self):
testfile.close()
self.assertEqual(11, len(findings))
# TODO add more checks dedicated to this file

def test_parse_file_mobsf_3_7_9(self):
test = Test()
engagement = Engagement()
engagement.product = Product()
test.engagement = engagement
testfile = open("unittests/scans/mobsf/mobsf_3_7_9.json")
parser = MobSFParser()
findings = parser.get_findings(testfile, test)
testfile.close()
self.assertEqual(2, len(findings))
self.assertEqual(findings[0].title, "The binary may contain the following insecure API(s) _memcpy\n, _strlen\n")
self.assertEqual(findings[1].title, "The binary may use _malloc\n function instead of calloc")
self.assertEqual(findings[0].severity, "High")
self.assertEqual(findings[1].severity, "High")

0 comments on commit 0e31926

Please sign in to comment.