Upstream merge fixes (#78)

* HOTFIX: EFR01 Enterprise feature request (MobSF#1908)

* Replace Warning with Medium and added Hotspot
* Add file analysis to hotspot
* Enterprise Feature Request Flag
* EFR01 changes
* version bump

* update quark & frida (MobSF#1903)

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* Update tldextract from 3.1.2 to 3.2.0 (MobSF#1910)

* upgrade apktool to 2.6.1 (MobSF#1915)

* Hotfix: Update slack link

* Hotfix: update slack link

* Hotfix: Slack link

* Hotfix:Slack link

* Hotfix:Slack link

* Introduce jadx decompilation timeout with env var (MobSF#1916)

* Introduce jadx decompilation timeout with env var
- exception for timeout
- replace subprocess.call for run


Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* Update ip2location from 8.6.4 to 8.7.2 (MobSF#1926)

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* Scheduled weekly dependency update for week 13 (MobSF#1931)

* Update quark-engine from 22.2.1 to 22.3.1

* update lief

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* update apkid (MobSF#1939)

* Fix dynamic report_json api bug (MobSF#1934)

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* Hotfix: LIEF

* Update README.md (MobSF#1951)

* update jadx to 1.3.4 (MobSF#1941)

* update jadx to 1.3.4
* update lief
* update jadx and requirements

* Scheduled weekly dependency update for week 22 (MobSF#1972)

* Update ip2location from 8.7.3 to 8.7.4

* Update quark-engine from 22.4.1 to 22.5.1

* Update frida from 15.1.17 to 15.1.23

* Update tldextract from 3.2.1 to 3.3.0

* Check for updates via GitHub releases (MobSF#1957)

* Check the GitHub releases page for latest version number

* Update utils.py

Only log distro if not empty (or spaces)

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* Update cert_analysis.py (MobSF#1948)

* Update cert_analysis.py

Flag on MD5 hash algorithm in signer certificate

* Update cert_analysis.py

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* HOTFIX: Update Readme with Rewards Banner

* Update frida from 15.1.23 to 15.1.24 (MobSF#1975)

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* HOTFIX: openSSL link and readme update

* Hotfix: Broken slack channel link fix

* Hotfix: Windows setup script

* Feature Parity Allow iOS IPA download (MobSF#1977)

* Allow iOS IPA download

* Code QA

* Add the checking of the parent element of the permission-related elements to manifest analysis (MobSF#1905)

* Add the checking of the parent element of the permission-related elements to manifest analysis

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* Remove RELRO (MobSF#1978)

* Revert "Add the checking of the parent element of the permission-related elements to manifest analysis (MobSF#1905)" (MobSF#1984)

HOTFIX: Revert MobSF#1905

* Scheduled weekly dependency update for week 26 (MobSF#1986)

* Update ip2location from 8.7.4 to 8.8.0

* Update frida from 15.1.24 to 15.1.27

* Update quark-engine from 22.5.1 to 22.6.1 (MobSF#1989)

* Scheduled weekly dependency update for week 28 (MobSF#1993)

* Update frida from 15.1.27 to 15.1.28

* Update tldextract from 3.3.0 to 3.3.1

* HOTFIX: libsast, iOS Rule, M1 Mac support

* Hotfix MobSF#1999

* Update frida from 15.1.28 to 15.2.2 (MobSF#2002)

* Update README.md (MobSF#2020)

add Badge App

* Fix bug MobSF#1917 where checking for stripped debugging symbols produces false positives in iOS. (MobSF#2023)

Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* Update ip2location from 8.8.0 to 8.8.1 (MobSF#2035)

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* update apkid to 2.1.4 (MobSF#2037)

* Adding tarfile member sanitization to extractall() (MobSF#2039)

Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* fix res directory not exist (MobSF#2042)

Fix the problem that the res resource folder does not exist, the solution is to copy from the apktool_out directory

* [EFR-02]Enterprise Feature Request - False Positive Triaging (MobSF#2000)

* Suppression logic

* Android code analysis suppression

* Fixes MobSF#1981

* iOS source support bundle id extraction

* iOS Source Code - Suppression support

* Remove check in CFBundleURLName

* iOS Binary code analysis suppression support

* Add Code QL

* Suppression support for Manifest analysis

* Fixes MobSF#2014

* REST API + Docs

* Address review comments

* update suppression wordings

* Fixes MobSF#2043

* Icon analysis code QA

* Unit Test for False Positive Triaging

* print_n_send_error_response to error_response

* Lint fixes

* Lint fixes

* Attempted fix for 3.6.0 rescan requirement

Co-authored-by: Ajin Abraham <ajin25@gmail.com>
Co-authored-by: superpoussin22 <vincent.nadal@orange.fr>
Co-authored-by: pyup.io bot <github-bot@pyup.io>
Co-authored-by: Matej Soroka <hi@matejsoroka.com>
Co-authored-by: N1neSun <917549681@qq.com>
Co-authored-by: Ajin.Abraham <ajin.abraham@chime.com>
Co-authored-by: Dapo Adedire <adedireadedapo19@gmail.com>
Co-authored-by: Atarii <atarii@users.noreply.github.com>
Co-authored-by: Han0nly <byxiaohanzhang@foxmail.com>
Co-authored-by: rustaska <11994805+rustaska@users.noreply.github.com>
Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: TrellixVulnTeam <112716341+TrellixVulnTeam@users.noreply.github.com>
Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com>
Co-authored-by: ohyeah521 <ohyeah521@gmail.com>

mobsf/MobSF/urls.py

@@ -38,7 +38,6 @@
     # Static Analysis
     re_path(r'^api/v1/upload$', api_sz.api_upload),
     re_path(r'^api/v1/scan$', api_sz.api_scan),
-    re_path(r'^api/v1/update_scan$', api_sz.api_update_scan),
     re_path(r'^api/v1/scan_metadata$', api_sz.api_scan_metadata),
     re_path(r'^api/v1/delete_scan$', api_sz.api_delete_scan),
     re_path(r'^api/v1/download_pdf$', api_sz.api_pdf_report),

mobsf/MobSF/views/api/api_static_analysis.py

@@ -6,8 +6,7 @@
 
 from mobsf.MobSF.views.helpers import request_method
 from mobsf.MobSF.views.home import (RecentScans, Upload, delete_scan,
-                                    scan_metadata, update_cyberspect_scan,
-                                    update_scan)
+                                    scan_metadata, update_cyberspect_scan)
 from mobsf.MobSF.views.api.api_middleware import make_api_response
 from mobsf.StaticAnalyzer.views.android import view_source
 from mobsf.StaticAnalyzer.views.android.static_analyzer import static_analyzer
@@ -96,20 +95,6 @@ def api_scan(request):
     return response
 
 
-@request_method(['POST'])
-@csrf_exempt
-def api_update_scan(request):
-    """POST - Update a Scan."""
-    if 'hash' not in request.POST:
-        return make_api_response(
-            {'error': 'Missing Parameters'}, 422)
-    scan = update_scan(request)
-    if scan:
-        return make_api_response(scan, 200)
-    else:
-        return make_api_response({'hash': request.POST['hash']}, 404)
-
-
 @request_method(['POST'])
 @csrf_exempt
 def api_delete_scan(request):

mobsf/MobSF/views/home.py

@@ -322,19 +322,6 @@ def scan_metadata(md5):
     return None
 
 
-def update_scan(request):
-    """Update scan record."""
-    db_obj = RecentScansDB.objects.filter(MD5=request.POST['hash']).first()
-    if db_obj:
-        if 'email' in request.POST:
-            db_obj.EMAIL = request.POST['email']
-        if 'release' in request.POST:
-            db_obj.RELEASE = request.POST['release']
-        db_obj.save()
-        return model_to_dict(db_obj)
-    return None
-
-
 def update_cyberspect_scan(request):
     """Update Cyberspect scan record."""
     try:

mobsf/StaticAnalyzer/views/common/appsec.py

@@ -212,7 +212,7 @@ def get_android_dashboard(context, from_ctx=False):
         })
     # Manifest Analysis
     for m in data['manifest_analysis']:
-        if m['severity'] == 'info':
+        if ('severity' not in m or m['severity'] == 'info'):
             continue
         title = m['title'].replace('<strong>', '')
         title = title.replace('</strong>', '')