[FEATURE] Analyzing string values looking for credentials

[SynacktivCerv]

After analyzing some APKs, I was thinking that having regex run on the strings values (and not on the strings name) may be interesting. For example, looking for patterns that look likes credentials such as: Basic BASE64STRING.

Is your feature request related to a problem? Please describe.
MobSF check for string names in order to find potential secrets. However, secrets may be stored into variables with unpredictable name.

Describe the solution you'd like
is_secret method in mobsf/StaticAnalyzer/views/shared_func.py is looking for variable names. Something may be added there, looking for string or regex:

• Basic BASE64STRING -> Basic [^-A-Za-z0-9+/=]|=[^=]|={3,}
• {"alg":"
• eyJhbGciOi (encoded string for {"alg":)

I'll add more patterns.

[github-actions]

👋 @SynacktivCerv
Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

[SynacktivCerv]

This regex can trigger authentication URL using SSH/FTP/SFTP/HTTP

- :\/\/[-\w:%.\+~#=]+@[-\w@:%.\+~#=]{1,256}\.[-\w@:%.\+~#=]{1,256}

[ajinabraham]

Tracked separately