Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IP Address disclosure #1606

Closed
XalfiE opened this issue Nov 26, 2020 · 8 comments
Closed

IP Address disclosure #1606

XalfiE opened this issue Nov 26, 2020 · 8 comments
Labels
investigating MobSF collaborators are investigating this issue regression Issues reintroduced or appearing on new releases static analyzer Static Analyzer related
Projects
MobSF 2021 Developement

Comments

@XalfiE
Copy link

XalfiE commented Nov 26, 2020

ENVIRONMENT

OS and Version: Kali
Python Version: 2.7.18
MobSF Version: 3.1

EXPLANATION OF THE ISSUE

Something seems to change on the IP Address disclosure scripts. On MobSF 3.0, I got more IPs detected under IP Address disclosure; on upgrading to 3.1 I got less IPs

STEPS TO REPRODUCE THE ISSUE

1. Run static analysis on MobSF 3.0
2. Run Static Analysis on MobSF 3.1
3. Check differences under IP Address disclosure 

I could provide the APK on request.
@ajinabraham
Copy link
Member

We have improved the detection regex to avoid some false positives and a redos vulnerability. That's might be the reson for this. If you could share an example of an IP that is not detected, I can take a look.

@XalfiE
Copy link
Author

XalfiE commented Nov 26, 2020

Thanks. I have sent APK to your e-mail

@ajinabraham
Copy link
Member

ajinabraham commented Dec 4, 2020
edited
Loading

Haven't got the APK yet. could you please resend or share in MobSF slack channel as PM.

@ajinabraham ajinabraham added the investigating MobSF collaborators are investigating this issue label Dec 4, 2020
@ajinabraham
Copy link
Member

Thanks for the APK.

@ajinabraham
Copy link
Member

Closing as per comments on Slack

@XalfiE
Copy link
Author

XalfiE commented Dec 16, 2020

We could reopen as we seek solution?

@ajinabraham
Copy link
Member

as per discussion over slack this looks like an issue

@ajinabraham ajinabraham reopened this Dec 16, 2020
@ajinabraham ajinabraham added static analyzer Static Analyzer related regression Issues reintroduced or appearing on new releases labels Dec 16, 2020
@ajinabraham ajinabraham mentioned this issue Dec 31, 2020
Merged
ajinabraham added a commit to ajinabraham/libsast that referenced this issue Dec 31, 2020
@ajinabraham
Merge pull request #12 from ajinabraham/comment_fix
fe939a5 
Fixes a bug that where comment replacer replaces a valid URL.
MobSF/Mobile-Security-Framework-MobSF#1606

Semgrep version bump
ajinabraham added a commit that referenced this issue Dec 31, 2020
@ajinabraham
fixes #1606
350727e
@ajinabraham
Copy link
Member

Fixed in latest master

MobSF 2021 Developement automation moved this from To Do to Done Dec 31, 2020
ajinabraham added a commit that referenced this issue Dec 31, 2020
@ajinabraham
HOTFIX: Maltrail Malware DB + Bug Fix #1606 (#1634)
12b0737 
Added support for Maltrail Malware DB
Fixes a bug in libsast #1606
fengjixuchui added a commit to fengjixuchui/Mobile-Security-Framework-MobSF that referenced this issue Dec 31, 2020
@fengjixuchui
Merge pull request #49 from MobSF/master
e461c8e 
HOTFIX: Maltrail Malware DB + Bug Fix MobSF#1606 (MobSF#1634)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
investigating MobSF collaborators are investigating this issue regression Issues reintroduced or appearing on new releases static analyzer Static Analyzer related
Projects
MobSF 2021 Developement
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ajinabraham @XalfiE