diff --git a/dojo/tools/mobsf/parser.py b/dojo/tools/mobsf/parser.py index fcf623cfe3a..2ad02517b51 100644 --- a/dojo/tools/mobsf/parser.py +++ b/dojo/tools/mobsf/parser.py @@ -139,6 +139,25 @@ def get_findings(self, filename, test): "file_path": details["name"] } mobsf_findings.append(mobsf_item) + elif data["binary_analysis"].get("findings"): + for binary_analysis_type, details in list(data["binary_analysis"]["findings"].items()): + # "findings":{ + # "Binary makes use of insecure API(s)":{ + # "detailed_desc":"The binary may contain the following insecure API(s) _memcpy\n, _strlen\n", + # "severity":"high", + # "cvss":6, + # "cwe":"CWE-676: Use of Potentially Dangerous Function", + # "owasp-mobile":"M7: Client Code Quality", + # "masvs":"MSTG-CODE-8" + # }, + mobsf_item = { + "category": "Binary Analysis", + "title": details["detailed_desc"], + "severity": details["severity"].replace("good", "info").title(), + "description": details["detailed_desc"], + "file_path": None + } + mobsf_findings.append(mobsf_item) else: for binary_analysis_type, details in list(data["binary_analysis"].items()): # "Binary makes use of insecure API(s)":{ diff --git a/unittests/scans/mobsf/mobsf_3_7_9.json b/unittests/scans/mobsf/mobsf_3_7_9.json new file mode 100644 index 00000000000..7d7b922a450 --- /dev/null +++ b/unittests/scans/mobsf/mobsf_3_7_9.json @@ -0,0 +1,285 @@ +{ + "version":"v3.7.9 Beta", + "title":"Static Analysis", + "file_name":"bitbar-ios-sample.ipa", + "app_name":"BitbarIOSSample", + "app_type":"Objective C", + "size":"0.14MB", + "md5":"e1f08f17e868e9de32a87d0bdc522fac", + "sha1":"deca43e3dd1186d002dea64b4cef4c8b88142488", + "sha256":"07ff7a6608265fff57bd3369fb4e10321d939de5101bd966677cd9a210b820b1", + "build":"1.0", + "app_version":"1.0", + "sdk_name":"iphoneos9.1", + "platform":"9.1", + "min_os_version":"6.0", + "bundle_id":"com.bitbar.testdroid.BitbarIOSSample", + "bundle_url_types":[ + + ], + "bundle_supported_platforms":[ + "iPhoneOS" + ], + "icon_path":"", + "info_plist":"\n\n\n\n\tBuildMachineOSBuild\n\t15B42\n\tCFBundleDevelopmentRegion\n\ten\n\tCFBundleDisplayName\n\tBitbarIOSSample\n\tCFBundleExecutable\n\tBitbarIOSSample\n\tCFBundleIconFiles\n\t\n\t\ticon.png\n\t\n\tCFBundleIcons\n\t\n\t\tCFBundlePrimaryIcon\n\t\t\n\t\t\tCFBundleIconFiles\n\t\t\t\n\t\t\t\ticon.png\n\t\t\t\n\t\t\n\t\n\tCFBundleIdentifier\n\tcom.bitbar.testdroid.BitbarIOSSample\n\tCFBundleInfoDictionaryVersion\n\t6.0\n\tCFBundleName\n\tBitbarIOSSample\n\tCFBundlePackageType\n\tAPPL\n\tCFBundleShortVersionString\n\t1.0\n\tCFBundleSignature\n\t????\n\tCFBundleSupportedPlatforms\n\t\n\t\tiPhoneOS\n\t\n\tCFBundleVersion\n\t1.0\n\tDTCompiler\n\tcom.apple.compilers.llvm.clang.1_0\n\tDTPlatformBuild\n\t13B137\n\tDTPlatformName\n\tiphoneos\n\tDTPlatformVersion\n\t9.1\n\tDTSDKBuild\n\t13B137\n\tDTSDKName\n\tiphoneos9.1\n\tDTXcode\n\t0711\n\tDTXcodeBuild\n\t7B1005\n\tLSRequiresIPhoneOS\n\t\n\tMinimumOSVersion\n\t6.0\n\tUIDeviceFamily\n\t\n\t\t1\n\t\t2\n\t\n\tUIRequiredDeviceCapabilities\n\t\n\t\tarmv7\n\t\n\tUISupportedInterfaceOrientations\n\t\n\t\tUIInterfaceOrientationPortrait\n\t\n\tUISupportedInterfaceOrientations~ipad\n\t\n\t\tUIInterfaceOrientationPortrait\n\t\n\n\n", + "binary_info":{ + "endian":"<", + "bit":"32-bit", + "arch":"ARM", + "subarch":"CPU_SUBTYPE_ARM_V7" + }, + "permissions":{ + + }, + "ats_analysis":{ + "ats_findings":[ + + ], + "ats_summary":{ + + } + }, + "binary_analysis":{ + "findings":{ + "Binary makes use of insecure API(s)":{ + "detailed_desc":"The binary may contain the following insecure API(s) _memcpy\n, _strlen\n", + "severity":"high", + "cvss":6, + "cwe":"CWE-676: Use of Potentially Dangerous Function", + "owasp-mobile":"M7: Client Code Quality", + "masvs":"MSTG-CODE-8" + }, + "Binary makes use of malloc function":{ + "detailed_desc":"The binary may use _malloc\n function instead of calloc", + "severity":"high", + "cvss":2, + "cwe":"CWE-789: Uncontrolled Memory Allocation", + "owasp-mobile":"M7: Client Code Quality", + "masvs":"MSTG-CODE-8" + } + }, + "summary":{ + "high":2, + "warning":0, + "info":0, + "secure":0, + "suppressed":0 + } + }, + "macho_analysis":{ + "name":"BitbarIOSSample", + "nx":{ + "has_nx":true, + "severity":"info", + "description":"The binary has NX bit set. This marks a memory page non-executable making attacker injected shellcode non-executable." + }, + "pie":{ + "has_pie":true, + "severity":"info", + "description":"The binary is build with -fPIC flag which enables Position independent code. This makes Return Oriented Programming (ROP) attacks much more difficult to execute reliably." + }, + "stack_canary":{ + "has_canary":true, + "severity":"info", + "description":"This binary has a stack canary value added to the stack so that it will be overwritten by a stack buffer that overflows the return address. This allows detection of overflows by verifying the integrity of the canary before function return." + }, + "arc":{ + "has_arc":false, + "severity":"warning", + "description":"This binary has debug symbols stripped. We cannot identify whether ARC is enabled or not." + }, + "rpath":{ + "has_rpath":false, + "severity":"info", + "description":"The binary does not have Runpath Search Path (@rpath) set." + }, + "code_signature":{ + "has_code_signature":true, + "severity":"info", + "description":"This binary has a code signature." + }, + "encrypted":{ + "is_encrypted":false, + "severity":"warning", + "description":"This binary is not encrypted." + }, + "symbol":{ + "is_stripped":true, + "severity":"info", + "description":"Debug Symbols are stripped" + } + }, + "dylib_analysis":[ + + ], + "framework_analysis":[ + + ], + "ios_api":{ + + }, + "code_analysis":{ + "findings":{ + + }, + "summary":{ + + } + }, + "file_analysis":[ + { + "issue":"Plist Files", + "files":[ + { + "file_path":"BitbarIOSSample.app/Info.plist", + "type":"ipa", + "hash":"e1f08f17e868e9de32a87d0bdc522fac" + } + ] + } + ], + "libraries":[ + "/System/Library/Frameworks/QuartzCore.framework/QuartzCore (compatibility version: 1.2.0, current version: 1.11.0)", + "/System/Library/Frameworks/UIKit.framework/UIKit (compatibility version: 1.0.0, current version: 3512.29.5)", + "/System/Library/Frameworks/Foundation.framework/Foundation (compatibility version: 300.0.0, current version: 1241.14.0)", + "/System/Library/Frameworks/CoreGraphics.framework/CoreGraphics (compatibility version: 64.0.0, current version: 600.0.0)", + "/usr/lib/libobjc.A.dylib (compatibility version: 1.0.0, current version: 228.0.0)", + "/usr/lib/libSystem.B.dylib (compatibility version: 1.0.0, current version: 1226.10.1)", + "/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation (compatibility version: 150.0.0, current version: 1241.11.0)" + ], + "files":[ + "BitbarIOSSample.app/embedded.mobileprovision", + "BitbarIOSSample.app/Default@2x.png", + "BitbarIOSSample.app/RadioButton-Selected.png", + "BitbarIOSSample.app/_CodeSignature/CodeResources", + "BitbarIOSSample.app/en.lproj/InfoPlist.strings" + ], + "urls":[ + { + "urls":[ + "http://www.apple.com/dtds/propertylist-1.0.dtd" + ], + "path":"BitbarIOSSample.app/archived-expanded-entitlements.xcent" + }, + { + "urls":[ + "http://www.apple.com/dtds/propertylist-1.0.dtd", + "http://www.apple.com/appleca/root.crl0", + "https://www.apple.com/appleca/0", + "http://www.apple.com/appleca/0m", + "http://developer.apple.com/certificationauthority/wwdrca.crl0" + ], + "path":"BitbarIOSSample.app/BitbarIOSSample" + }, + { + "urls":[ + "http://www.apple.com/dtds/propertylist-1.0.dtd", + "https://www.apple.com/appleca/0", + "http://developer.apple.com/certificationauthority/wwdrca.crl0", + "http://www.apple.com/appleca/0m", + "http://www.apple.com/appleca/root.crl0" + ], + "path":"IPA Strings Dump" + } + ], + "domains":{ + "www.apple.com":{ + "bad":"no", + "geolocation":{ + "ip":"92.122.160.209", + "country_short":"GB", + "country_long":"United Kingdom of Great Britain and Northern Ireland", + "region":"England", + "city":"Slough", + "latitude":"51.509491", + "longitude":"-0.595410" + }, + "ofac":false + }, + "developer.apple.com":{ + "bad":"no", + "geolocation":{ + "ip":"17.253.37.202", + "country_short":"GB", + "country_long":"United Kingdom of Great Britain and Northern Ireland", + "region":"England", + "city":"London", + "latitude":"51.508530", + "longitude":"-0.125740" + }, + "ofac":false + } + }, + "emails":[ + + ], + "strings":[ + "@_protocol_getMethodDescription", + "+FxD", + "otherButtonSelected:", + "NSString", + "%http://www.apple.com/appleca/root.crl0", + "!i*i", + "^s./%u", + "@_kCFCoreFoundationVersionNumber" + ], + "firebase_urls":[ + + ], + "appstore_details":{ + "error":true + }, + "secrets":[ + + ], + "trackers":{ + "detected_trackers":0, + "total_trackers":428, + "trackers":[ + + ] + }, + "virus_total":null, + "appsec":{ + "high":[ + { + "title":"Binary makes use of insecure API(s)", + "description":"The binary may contain the following insecure API(s) _memcpy\n, _strlen\n", + "section":"binary" + }, + { + "title":"Binary makes use of malloc function", + "description":"The binary may use _malloc\n function instead of calloc", + "section":"binary" + } + ], + "warning":[ + { + "title":"Application binary is not compiled with ARC flag", + "description":"This binary has debug symbols stripped. We cannot identify whether ARC is enabled or not.", + "section":"macho" + } + ], + "info":[ + + ], + "secure":[ + { + "title":"This application has no privacy trackers", + "description":"This application does not include any user or device trackers. Unable to find trackers during static analysis.", + "section":"trackers" + } + ], + "hotspot":[ + + ], + "total_trackers":428, + "trackers":0, + "security_score":42, + "app_name":"BitbarIOSSample", + "file_name":"bitbar-ios-sample.ipa", + "hash":"e1f08f17e868e9de32a87d0bdc522fac", + "version_name":"1.0" + }, + "average_cvss":null + } \ No newline at end of file diff --git a/unittests/tools/test_mobsf_parser.py b/unittests/tools/test_mobsf_parser.py index 8a1901a5c4e..c5100cf5d23 100644 --- a/unittests/tools/test_mobsf_parser.py +++ b/unittests/tools/test_mobsf_parser.py @@ -66,3 +66,18 @@ def test_parse_file_3_1_9_ios(self): testfile.close() self.assertEqual(11, len(findings)) # TODO add more checks dedicated to this file + + def test_parse_file_mobsf_3_7_9(self): + test = Test() + engagement = Engagement() + engagement.product = Product() + test.engagement = engagement + testfile = open("unittests/scans/mobsf/mobsf_3_7_9.json") + parser = MobSFParser() + findings = parser.get_findings(testfile, test) + testfile.close() + self.assertEqual(2, len(findings)) + self.assertEqual(findings[0].title, "The binary may contain the following insecure API(s) _memcpy\n, _strlen\n") + self.assertEqual(findings[1].title, "The binary may use _malloc\n function instead of calloc") + self.assertEqual(findings[0].severity, "High") + self.assertEqual(findings[1].severity, "High")