You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After analyzing some APKs, I was thinking that having regex run on the strings values (and not on the strings name) may be interesting. For example, looking for patterns that look likes credentials such as: Basic BASE64STRING.
Is your feature request related to a problem? Please describe.
MobSF check for string names in order to find potential secrets. However, secrets may be stored into variables with unpredictable name.
Describe the solution you'd like is_secret method in mobsf/StaticAnalyzer/views/shared_func.py is looking for variable names. Something may be added there, looking for string or regex:
👋 @SynacktivCerv
Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.
After analyzing some APKs, I was thinking that having regex run on the strings values (and not on the strings name) may be interesting. For example, looking for patterns that look likes credentials such as: Basic BASE64STRING.
Is your feature request related to a problem? Please describe.
MobSF check for string names in order to find potential secrets. However, secrets may be stored into variables with unpredictable name.
Describe the solution you'd like
is_secret method in mobsf/StaticAnalyzer/views/shared_func.py is looking for variable names. Something may be added there, looking for string or regex:
I'll add more patterns.
The text was updated successfully, but these errors were encountered: