missing code, file, binary and certificate analysis from mapping file of mobsf

[bc-venkata]

This is in reference to https://github.com/OWASP/glue/blob/master/lib/glue/mappings/mobsf.json
Could you please provide key for formatting code_analysis and certificate analysis as well? Currently it is just providing manifest analysis only.
FYI... Latest MobSF V3 API changed the "app_name": "name" to "app_name": "app_name" and "key": "manifest", to "key": "manifest_analysis".

I drafted very vague mapping file for mobsf. Could you please correct this? Or could you provide an update mapping file would be great?

{ "task_name": "MobSF", "app_name": "app_name", "mappings": [ { "key": "manifest_analysis", "properties": { "description": "desc", "detail": "title", "source": "title", "severity": "stat", "fingerprint": "title" } "key": "certificate_analysis", "properties": { "description": "description", "detail": "certificate_info", "severity": "certificate_status", "fingerprint": "description" } "key": "binary_analysis", "properties": { "description": "desc", "detail": "title", "source": "file", "severity": "stat", "fingerprint": "title" } "key": "code_analysis", "properties": { "description": "desc", "detail": "owasp", "source": "path", "fingerprint": "owasp" } "key": "manifest_analysis", "properties": { "description": "android_api" } } ] }

[omerlh]

Regarding the schema change - see #174, this was already merged :)

Regarding the new mapping - have you tested it? If you tested it and it worked a PR is welcomed!

[bc-venkata]

I have tried the new mapping file but it does not work for some reason. It only reports manifest issues only. I'm not sure if the mapping file is correct or not. Kindly, help in proceeding further.

[bc-venkata]

$ ruby bin/glue -t Dynamic -T report.json --mapping-file mobsf -z 2

Setting severity_threshold to 2
Logfile nil?
calling scan
Running scanner
Loading scanner...
Processing target...report.json
Running tasks in stage: wait
Running tasks in stage: mount
Running tasks in stage: file
Running tasks in stage: code
code - Dynamic - #Set:0x00007f8fd9c131b0
Invalid mappings JSON: ["The property '#/mappings/0/properties' did not contain a required property of 'source' in schema b9d9fa95-af34-55cd-827a-d1762791af40"]

Here is the mapping file that I used

{
"task_name": "MobSF",
"app_name": "app_name",
"mappings": [
{
"key": "manifest_analysis",
"properties": {
"description": "desc",
"detail": "title",
"source": "title",
"severity": "stat",
"fingerprint": "title"
},
"key": "findings",
"properties": {
"description": "cwe",
"detail": "path",
"severity": "level",
"fingerprint": "cwe"
}
}
]
}

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.