Kotlin and Swift scans returning differerent codes.

[OlivettiOriana]

Hi,
I have been digging for a while and I have not been able to find the reason why when running mobsf with a swift project, the return code is 0, and when I do it with a kotlin project, the return code is 1, even though it seems to run successfully.

I have a docker container which clones the mobile repos and runs mobsf. I am currently calling it with the python module subprocess like this.
process = subprocess.run( "mobsfscan --sarif -o report.sarif <mobilerepo>", shell=True, capture_output=True, universal_newlines=True, timeout=None )

and when I look at the process.returncode I get 1 for the kotlin project and 0 for the swift project, even though both scans seems to run successfully.
Unfortunately, I am not able to share the projects, but I was wondering if it is something that is happening at the mobsf sourcecode level, or something that I'm doing wrong.

Thanks in advance!

[ajinabraham]

The exit codes depends on the scan results.

If the scan results have findings with ERROR severity, the exit code thrown will be 1 and 0 for the rest.
You can control the exit code for WARNING with the -w parameter.

mobsfscan/mobsfscan/__main__.py

Lines 25 to 26 in 8b497fa

	sys.exit(1)
	sys.exit(0)

[OlivettiOriana]

Thanks for the reply, this is really helpful.
I wonder then, if the scan fails completely, for example, the report file could not be created. What exit code will it throw? 1 as well?

Thanks so much for the help!

[ajinabraham]

It depends on the error. it will be non zero though.