Bug fixes from upstream merge (#79)

* HOTFIX: EFR01 Enterprise feature request (MobSF#1908) * Replace Warning with Medium and added Hotspot * Add file analysis to hotspot * Enterprise Feature Request Flag * EFR01 changes * version bump * update quark & frida (MobSF#1903) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Update tldextract from 3.1.2 to 3.2.0 (MobSF#1910) * upgrade apktool to 2.6.1 (MobSF#1915) * Hotfix: Update slack link * Hotfix: update slack link * Hotfix: Slack link * Hotfix:Slack link * Hotfix:Slack link * Introduce jadx decompilation timeout with env var (MobSF#1916) * Introduce jadx decompilation timeout with env var - exception for timeout - replace subprocess.call for run Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Update ip2location from 8.6.4 to 8.7.2 (MobSF#1926) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Scheduled weekly dependency update for week 13 (MobSF#1931) * Update quark-engine from 22.2.1 to 22.3.1 * update lief Co-authored-by: Ajin Abraham <ajin25@gmail.com> * update apkid (MobSF#1939) * Fix dynamic report_json api bug (MobSF#1934) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Hotfix: LIEF * Update README.md (MobSF#1951) * update jadx to 1.3.4 (MobSF#1941) * update jadx to 1.3.4 * update lief * update jadx and requirements * Scheduled weekly dependency update for week 22 (MobSF#1972) * Update ip2location from 8.7.3 to 8.7.4 * Update quark-engine from 22.4.1 to 22.5.1 * Update frida from 15.1.17 to 15.1.23 * Update tldextract from 3.2.1 to 3.3.0 * Check for updates via GitHub releases (MobSF#1957) * Check the GitHub releases page for latest version number * Update utils.py Only log distro if not empty (or spaces) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Update cert_analysis.py (MobSF#1948) * Update cert_analysis.py Flag on MD5 hash algorithm in signer certificate * Update cert_analysis.py Co-authored-by: Ajin Abraham <ajin25@gmail.com> * HOTFIX: Update Readme with Rewards Banner * Update frida from 15.1.23 to 15.1.24 (MobSF#1975) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * HOTFIX: openSSL link and readme update * Hotfix: Broken slack channel link fix * Hotfix: Windows setup script * Feature Parity Allow iOS IPA download (MobSF#1977) * Allow iOS IPA download * Code QA * Add the checking of the parent element of the permission-related elements to manifest analysis (MobSF#1905) * Add the checking of the parent element of the permission-related elements to manifest analysis Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Remove RELRO (MobSF#1978) * Revert "Add the checking of the parent element of the permission-related elements to manifest analysis (MobSF#1905)" (MobSF#1984) HOTFIX: Revert MobSF#1905 * Scheduled weekly dependency update for week 26 (MobSF#1986) * Update ip2location from 8.7.4 to 8.8.0 * Update frida from 15.1.24 to 15.1.27 * Update quark-engine from 22.5.1 to 22.6.1 (MobSF#1989) * Scheduled weekly dependency update for week 28 (MobSF#1993) * Update frida from 15.1.27 to 15.1.28 * Update tldextract from 3.3.0 to 3.3.1 * HOTFIX: libsast, iOS Rule, M1 Mac support * Hotfix MobSF#1999 * Update frida from 15.1.28 to 15.2.2 (MobSF#2002) * Update README.md (MobSF#2020) add Badge App * Fix bug MobSF#1917 where checking for stripped debugging symbols produces false positives in iOS. (MobSF#2023) Co-authored-by: Toor <toor@DES-macOS-pentest.local> Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Update ip2location from 8.8.0 to 8.8.1 (MobSF#2035) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * update apkid to 2.1.4 (MobSF#2037) * Adding tarfile member sanitization to extractall() (MobSF#2039) Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com> Co-authored-by: Ajin Abraham <ajin25@gmail.com> * fix res directory not exist (MobSF#2042) Fix the problem that the res resource folder does not exist, the solution is to copy from the apktool_out directory * [EFR-02]Enterprise Feature Request - False Positive Triaging (MobSF#2000) * Suppression logic * Android code analysis suppression * Fixes MobSF#1981 * iOS source support bundle id extraction * iOS Source Code - Suppression support * Remove check in CFBundleURLName * iOS Binary code analysis suppression support * Add Code QL * Suppression support for Manifest analysis * Fixes MobSF#2014 * REST API + Docs * Address review comments * update suppression wordings * Fixes MobSF#2043 * Icon analysis code QA * Unit Test for False Positive Triaging * print_n_send_error_response to error_response * Lint fixes * Lint fixes * Attempted fix for 3.6.0 rescan requirement * Enabling Manage Suppressions links * Enabling Manage Suppressions links * Fixed divide by zero bug Co-authored-by: Ajin Abraham <ajin25@gmail.com> Co-authored-by: superpoussin22 <vincent.nadal@orange.fr> Co-authored-by: pyup.io bot <github-bot@pyup.io> Co-authored-by: Matej Soroka <hi@matejsoroka.com> Co-authored-by: N1neSun <917549681@qq.com> Co-authored-by: Ajin.Abraham <ajin.abraham@chime.com> Co-authored-by: Dapo Adedire <adedireadedapo19@gmail.com> Co-authored-by: Atarii <atarii@users.noreply.github.com> Co-authored-by: Han0nly <byxiaohanzhang@foxmail.com> Co-authored-by: rustaska <11994805+rustaska@users.noreply.github.com> Co-authored-by: Toor <toor@DES-macOS-pentest.local> Co-authored-by: TrellixVulnTeam <112716341+TrellixVulnTeam@users.noreply.github.com> Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com> Co-authored-by: ohyeah521 <ohyeah521@gmail.com>
cyberspect · Oct 14, 2022 · faa6608 · faa6608
1 parent a129a7e
commit faa6608
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 29 deletions.
diff --git a/mobsf/StaticAnalyzer/views/common/appsec.py b/mobsf/StaticAnalyzer/views/common/appsec.py
@@ -161,8 +161,10 @@ def common_fields(findings, data):
     warn = len(findings.get('warning'))
     sec = len(findings.get('secure'))
     total = high + warn + sec
-    score = int(100 - (
-        ((high * 1) + (warn * .5) - (sec * .2)) / total) * 100)
+    score = 100
+    if total > 0:
+        score = int(100 - (
+            ((high * 1) + (warn * .5) - (sec * .2)) / total) * 100)
     if score > 100:
         score = 100
     findings['security_score'] = score

diff --git a/mobsf/templates/static_analysis/android_binary_analysis.html b/mobsf/templates/static_analysis/android_binary_analysis.html
@@ -619,21 +619,22 @@ <h3>{{ providers | length }}</h3>
 <section class="content">
       <div class="container-fluid">
         <div class="row">
-            <!--<div class="col-lg-4">
-            <div class="card">
-              <div class="card-body">
-                <p>
-                <strong><i class="fas fa-cog"></i> SCAN OPTIONS</strong>
-                </p>
-                <p> <a href="../static_analyzer/?checksum={{ md5 }}&amp;name={{ file_name }}&amp;type=apk&amp;rescan=1" class="btn btn-info" role="button"><i class="fa fa-sync"></i> Rescan</a>
-                  <a id="supbtn" onclick="list_suppressions()" role="button" class="btn btn-primary" data-target="#sup_list" data-toggle="modal" href="#"><i class="fa fa-list"></i> Manage Suppressions</a>
-                </p>
-                <p>
-                  <a onclick="dynamic_loader()" href="../android_dynamic/{{md5}}" class="btn btn-success" role="button"><i class="fa fa-play-circle"></i> Start Dynamic Analysis</a>
-                </p>
+            <div class="col-lg-4">
+              <div class="card">
+                <div class="card-body">
+                  <p>
+                  <strong><i class="fas fa-cog"></i> SCAN OPTIONS</strong>
+                  </p>
+                  <p>
+                    <!--<a href="../static_analyzer/?checksum={{ md5 }}&amp;name={{ file_name }}&amp;type=apk&amp;rescan=1" class="btn btn-info" role="button"><i class="fa fa-sync"></i> Rescan</a>-->
+                    <a id="supbtn" onclick="list_suppressions()" role="button" class="btn btn-primary" data-target="#sup_list" data-toggle="modal" href="#"><i class="fa fa-list"></i> Manage Suppressions</a>
+                  </p>
+                  <!--<p>
+                    <a onclick="dynamic_loader()" href="../android_dynamic/{{md5}}" class="btn btn-success" role="button"><i class="fa fa-play-circle"></i> Start Dynamic Analysis</a>
+                  </p>-->
+                </div>
               </div>
             </div>
-            </div>-->
             <div class="col-lg-8">
               <div class="card">
                 <div class="card-body">
@@ -997,7 +998,7 @@ <h3>{{ providers | length }}</h3>
                             </a>
 
                             <div class="dropdown-menu" aria-labelledby="dropdownMenuLink">
-                              <a style="cursor:pointer;" class="dropdown-item" onclick="suppress('{{ item|key:"title" | android_component}}{{item|key:'rule' | escapejs }}', false, $(this.closest('tr')), true)">Suppression the rule <b>{{ item|key:"title" | android_component}}{{ item|key:'rule' }}</b> in <b>{{package_name}}</b></a>
+                              <a style="cursor:pointer;" class="dropdown-item" onclick="suppress('{{ item|key:"title" | android_component}}{{item|key:'rule' | escapejs }}', false, $(this.closest('tr')), true)">Suppress the rule <b>{{ item|key:"title" | android_component}}{{ item|key:'rule' }}</b> in <b>{{package_name}}</b></a>
                             </div>
                           </div>
                         </td>

diff --git a/mobsf/templates/static_analysis/android_source_analysis.html b/mobsf/templates/static_analysis/android_source_analysis.html
@@ -533,12 +533,8 @@ <h3>{{ providers | length }}</h3>
                 <strong><i class="fas fa-cog"></i> SCAN OPTIONS</strong>
                 </p>
                 <p align="center">
-<<<<<<< HEAD
                   <!--<a href="../static_analyzer/?checksum={{ md5 }}&amp;name={{ file_name }}&amp;type=zip&amp;rescan=1" class="btn btn-info" role="button"><i class="fa fa-sync"></i> Rescan</a>-->
-=======
-                  <a href="../static_analyzer/?checksum={{ md5 }}&amp;name={{ file_name }}&amp;type=zip&amp;rescan=1" class="btn btn-info" role="button"><i class="fa fa-sync"></i> Rescan</a>
                   <a id="supbtn" onclick="list_suppressions()" role="button" class="btn btn-primary" data-target="#sup_list" data-toggle="modal" href="#"><i class="fa fa-list"></i> Manage Suppressions</a>
->>>>>>> 037caac135ba5d9a5d77af80a70b7cdafa653b5d
                   <a target="_blank" href="../manifest_view/?md5={{ md5 }}&amp;type={{ app_type }}&amp;bin=0" role="button" class="btn btn-primary"><i class="fa fa-eye"></i>  View AndroidManifest.xml</a>
                   <a href="{% url "tree_view" %}?md5={{ md5 }}&amp;type=java" class="btn btn-info" role="button"><i class="fa fa-code"></i> View Source</a>
                 </p>

diff --git a/mobsf/templates/static_analysis/ios_binary_analysis.html b/mobsf/templates/static_analysis/ios_binary_analysis.html
@@ -396,13 +396,9 @@ <h5 class="card-title"></h5>
                 <p>
                   <strong><i class="fas fa-cog"></i> SCAN OPTIONS</strong>
                 </p>
-<<<<<<< HEAD
                 <p>
-                  <!--<a role="button" class="btn btn-info" href="../static_analyzer_ios/?checksum={{ md5 }}&amp;name={{ file_name }}&amp;type=ipa&amp;rescan=1" ><i class="fa fa-sync"></i> Rescan</a>-->
-=======
-                 <a role="button" class="btn btn-info" href="../static_analyzer_ios/?checksum={{ md5 }}&amp;name={{ file_name }}&amp;type=ipa&amp;rescan=1" ><i class="fa fa-sync"></i> Rescan</a>
+                 <!--<a role="button" class="btn btn-info" href="../static_analyzer_ios/?checksum={{ md5 }}&amp;name={{ file_name }}&amp;type=ipa&amp;rescan=1" ><i class="fa fa-sync"></i> Rescan</a>-->
                  <a id="supbtn" onclick="list_suppressions()" role="button" class="btn btn-primary" data-target="#sup_list" data-toggle="modal" href="#"><i class="fa fa-list"></i> Manage Suppressions</a>
->>>>>>> 037caac135ba5d9a5d77af80a70b7cdafa653b5d
                 </p>
               </div>
             </div><!-- /.card -->

diff --git a/mobsf/templates/static_analysis/ios_source_analysis.html b/mobsf/templates/static_analysis/ios_source_analysis.html
@@ -361,12 +361,8 @@ <h5 class="card-title"></h5>
                 <strong><i class="fas fa-cog"></i> SCAN OPTIONS</strong>
                 </p>
                 <p align="center">
-<<<<<<< HEAD
                   <!--<a href="../static_analyzer_ios/?checksum={{ md5 }}&amp;name={{ file_name }}&amp;type=ios&amp;rescan=1" class="btn btn-info" role="button"><i class="fa fa-sync"></i> Rescan</a>-->
-=======
-                  <a href="../static_analyzer_ios/?checksum={{ md5 }}&amp;name={{ file_name }}&amp;type=ios&amp;rescan=1" class="btn btn-info" role="button"><i class="fa fa-sync"></i> Rescan</a>
                   <a id="supbtn" onclick="list_suppressions()" role="button" class="btn btn-primary" data-target="#sup_list" data-toggle="modal" href="#"><i class="fa fa-list"></i> Manage Suppressions</a>
->>>>>>> 037caac135ba5d9a5d77af80a70b7cdafa653b5d
                   <a data-target="#mplist" role="button" class="btn btn-primary" data-toggle="modal" href="#"><i class="fa fa-list"></i> View Info.plist</a>
                </p>
               </div>