Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"PIE" applies not only to executable files but also to "frameworks." #2290

Closed
watanabemk opened this issue Nov 20, 2023 · 3 comments
Closed

"PIE" applies not only to executable files but also to "frameworks." #2290

watanabemk opened this issue Nov 20, 2023 · 3 comments
Labels
enhancement MobSF enhancements and feature requests static analyzer Static Analyzer related

Comments

@watanabemk
Copy link

watanabemk commented Nov 20, 2023
edited
Loading

ENVIRONMENT

OS and Version: Ubuntu 22.04.3 LTS (Jammy Jellyfish) on WSL2
Python Version: 3.10.12
MobSF Version: v3.7.9 beta

EXPLANATION OF THE ISSUE

Originally, the diagnosis target of "PIE" is executable files, so "Severiyt" of "framework" should be "Info".
However, in the API diagnosis result, "Severiyt" of "PIE" in the JSON "framework_analysis" object is "High".

STEPS TO REPRODUCE THE ISSUE

Diagnosis target app: Upload DVIA-v2 [https://github.com/prateek147/DVIA-v2] to MobSF
Output diagnostic results using the API "Generate JSON Report API"
Check that the “severity” entry in the “PIE” section of the “framework_analysis” array is “High”
Expected output result
The “severity” entry in the “PIE” section of the “framework_analysis” array becomes “Info”

LOG FILE

*The [-] line is the current output result, and the [+] line is the expected output result.

...
    "framework_analysis": [
        {
...
            "pie": {
                "has_pie": false,
-                 "severity": "high",
+                 "severity": "info",
                "description": "The binary is built without Position Independent Code flag...."
            },
...

POTENTIAL SOLUTION

Add “framework” and work to the conditional expression in the file below.

Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/common/binary/macho.py

Line 65 in 4685d8e

if self.macho_name.endswith('.dylib'):

@github-actions GitHub Actions
Copy link

👋 @watanabemk
Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

@ajinabraham
Copy link
Member

I will update the current checks.

#define	MH_PIE 0x200000			/* When this bit is set, the OS will
					   load the main executable at a
					   random address.  Only used in
					   MH_EXECUTE filetypes. */

Ref: https://opensource.apple.com/source/xnu/xnu-4570.1.46/EXTERNAL_HEADERS/mach-o/loader.h.auto.html

I believe only MachO executables are meant to be PIE.
Dylibs and framework bundles are always implicitly position-independent.

@ajinabraham ajinabraham added the enhancement MobSF enhancements and feature requests label Dec 2, 2023
@ajinabraham ajinabraham added the static analyzer Static Analyzer related label Dec 10, 2023
@ajinabraham
Copy link
Member

Addressed when this #2307 gets merged to master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement MobSF enhancements and feature requests static analyzer Static Analyzer related
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ajinabraham @watanabemk