Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

4.2.0 #2450

Merged
merged 16 commits into from
Nov 18, 2024
Merged

4.2.0 #2450

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
ba628ec
Added Malware lookup for Android, iOS, Windows and other binary types
ajinabraham Nov 12, 2024
8d3e91a
QA
ajinabraham Nov 12, 2024
0e0040e
File download with sanitized file name
ajinabraham Nov 12, 2024
eb64e83
Split APK and ZIP logic to apk.py
ajinabraham Nov 12, 2024
f36ae46
Optimize apk and src analysis
ajinabraham Nov 13, 2024
d932575
Pathlib optimizations
ajinabraham Nov 13, 2024
e3ce0cf
fix untar permission errors, update ssl pinning scripts, add intent t…
ajinabraham Nov 14, 2024
0753b6f
Add support for async scan with djangoq2, improved frida scripts, new…
ajinabraham Nov 17, 2024
1eee28e
Fix save_ctx for a and dylib
ajinabraham Nov 17, 2024
e228def
Update codeql
ajinabraham Nov 17, 2024
5ff1ec5
suppress noisey rule
ajinabraham Nov 17, 2024
06bc2b4
1G for nginx
ajinabraham Nov 17, 2024
fa4e603
Queue improvements + webview frida scripts
ajinabraham Nov 18, 2024
41f770a
Code QA
ajinabraham Nov 18, 2024
5059941
Code QA
ajinabraham Nov 18, 2024
fbeb8a2
Final QA
ajinabraham Nov 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions mobsf/MobSF/init.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,13 @@

logger = logging.getLogger(__name__)

VERSION = '4.1.9'
VERSION = '4.2.0'
BANNER = r"""
__ __ _ ____ _____ _ _ _
| \/ | ___ | |__/ ___|| ___|_ _| || | / |
| |\/| |/ _ \| '_ \___ \| |_ \ \ / / || |_ | |
| | | | (_) | |_) |__) | _| \ V /|__ _|| |
|_| |_|\___/|_.__/____/|_| \_/ |_|(_)_|
__ __ _ ____ _____ _ _ ____
| \/ | ___ | |__/ ___|| ___|_ _| || | |___ \
| |\/| |/ _ \| '_ \___ \| |_ \ \ / / || |_ __) |
| | | | (_) | |_) |__) | _| \ V /|__ _| / __/
|_| |_|\___/|_.__/____/|_| \_/ |_|(_)_____|
""" # noqa: W291
# ASCII Font: Standard

Expand Down
15 changes: 15 additions & 0 deletions mobsf/MobSF/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -966,3 +966,18 @@
if result:
return result[0]
return None


def set_permissions(path):
base_path = Path(path)
perm_755 = stat.S_IRWXU | stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH
perm_644 = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH
# Set permissions for directories and files
for item in base_path.rglob('*'):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression

This path depends on a [user-provided value](1). This path depends on a [user-provided value](2). This path depends on a [user-provided value](3). This path depends on a [user-provided value](4).

Copilot Autofix AI 2 months ago

To fix the problem, we need to ensure that the constructed file path is contained within a safe root folder. This can be achieved by normalizing the path using os.path.normpath and then checking that the normalized path starts with the root folder. This approach will prevent path traversal attacks by ensuring that the path does not escape the intended directory.

  1. Normalize the path using os.path.normpath.
  2. Check that the normalized path starts with the intended base directory.
  3. If the check fails, raise an exception or handle the error appropriately.
Suggested changeset 1
mobsf/MobSF/utils.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/mobsf/MobSF/utils.py b/mobsf/MobSF/utils.py
--- a/mobsf/MobSF/utils.py
+++ b/mobsf/MobSF/utils.py
@@ -965,2 +965,6 @@
     base_path = Path(path)
+    base_dir = Path(settings.BASE_DIR)
+    normalized_path = base_path.resolve()
+    if not str(normalized_path).startswith(str(base_dir)):
+        raise Exception("Path traversal attempt detected")
     perm_755 = stat.S_IRWXU | stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH
@@ -968,3 +972,3 @@
     # Set permissions for directories and files
-    for item in base_path.rglob('*'):
+    for item in normalized_path.rglob('*'):
         try:
EOF
@@ -965,2 +965,6 @@
base_path = Path(path)
base_dir = Path(settings.BASE_DIR)
normalized_path = base_path.resolve()
if not str(normalized_path).startswith(str(base_dir)):
raise Exception("Path traversal attempt detected")
perm_755 = stat.S_IRWXU | stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH
@@ -968,3 +972,3 @@
# Set permissions for directories and files
for item in base_path.rglob('*'):
for item in normalized_path.rglob('*'):
try:
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
try:
if item.is_dir():
item.chmod(perm_755)
elif item.is_file():
item.chmod(perm_644)
except Exception:
pass
3 changes: 3 additions & 0 deletions mobsf/StaticAnalyzer/views/android/manifest_utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,9 @@ def get_android_manifest_androguard(apk, app_dir):
"""Get AndroidManifest.xml using Androguard."""
try:
logger.info('Extracting AndroidManifest.xml with Androguard')
if not apk:
logger.warning('Androgaurd APK parsing failed')
return
manifest = apk.get_android_manifest_axml()
if not manifest:
return
Expand Down
1 change: 1 addition & 0 deletions mobsf/StaticAnalyzer/views/common/binary/strings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,3 +34,4 @@ def strings_on_binary(bin_path):
return list(set(strings_util(bin_path)))
except Exception:
logger.exception('Extracting strings from binary')
return []
4 changes: 4 additions & 0 deletions mobsf/StaticAnalyzer/views/common/shared_func.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
is_path_traversal,
is_safe_path,
print_n_send_error_response,
set_permissions,
)
from mobsf.MobSF.views.scanning import (
add_to_recent_scan,
Expand Down Expand Up @@ -108,6 +109,9 @@ def unzip(checksum, app_path, ext_path):
unzip_b = shutil.which('unzip')
subprocess.call(
[unzip_b, '-o', '-q', app_path, '-d', ext_path])
# Set permissions, packed files
# may not have proper permissions
set_permissions(ext_path)
dat = subprocess.check_output([unzip_b, '-qq', '-l', app_path])
dat = dat.decode('utf-8').split('\n')
files_det = ['Length Date Time Name']
Expand Down
62 changes: 60 additions & 2 deletions mobsf/templates/static_analysis/android_binary_analysis.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,12 @@
</p>
</a>
<ul class="nav nav-treeview">
<li class="nav-item">
<a href="#malware_lookup" class="nav-link">
<i class="fa fa-ban nav-icon"></i>
<p>Malware Lookup</p>
</a>
</li>
{% if app_type not in 'so' %}
<li class="nav-item">
<a href="#apkid" class="nav-link">
Expand All @@ -206,12 +212,14 @@
</a>
</li>
{% endif %}
{% if app_type not in 'so' %}
<li class="nav-item">
<a href="#malware_permissions" class="nav-link">
<i class="fa fa-braille nav-icon"></i>
<p>Abused Permissions</p>
</a>
</li>
{% endif %}
<li class="nav-item">
<a href="#serverlocations" class="nav-link">
<i class="fas fa-globe-asia nav-icon"></i>
Expand Down Expand Up @@ -1511,6 +1519,7 @@ <h5 class="description-header">{{ code_analysis.summary.suppressed }}</h5>
</div>
</section>
<!-- ===========================end file analysis ================================== -->
{% endif %}
<a id="firebase" class="anchor"></a>
<section class="content">
<div class="container-fluid">
Expand Down Expand Up @@ -1559,7 +1568,56 @@ <h5 class="description-header">{{ code_analysis.summary.suppressed }}</h5>
</div>
</section>
<!-- ===========================end firebase db analysis ================================== -->

<!---Malware Analysis Section-->
<a id="malware_lookup" class="anchor"></a>
<section class="content">
<div class="container-fluid">
<div class="row">
<div class="col-lg-12">
<div class="card">
<div class="card-body">
<p>
<strong><i class="fa fa-ban"></i> MALWARE LOOKUP</strong>
</p>
<div class="table-responsive">
<div class="row">
<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-danger"><a href="https://www.virustotal.com/gui/file/{{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> VirusTotal Report</a></span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-warning"></i><a href="https://tria.ge/s?q={{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> Triage Report</a>
</span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-info"><a href="https://metadefender.com/results/hash/{{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> MetaDefender Report</a>
</span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-success"><a href="https://www.hybrid-analysis.com/search?query={{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> Hybrid Analysis Report</a>
</span>
</div>
</div>
</div>
</div>
</div><!-- /.card -->
</div>
<!-- end row -->
</div>
</div>
</section>
<!-- ===========================end malware lookup ================================== -->
{% if app_type not in 'so' %}
<!---APKiD Analysis Section-->
<a id="apkid" class="anchor"></a>
<section class="content">
<div class="container-fluid">
Expand Down Expand Up @@ -1762,7 +1820,6 @@ <h5 class="description-header">{{ code_analysis.summary.suppressed }}</h5>
</div>
</div>
</section>
{% endif %}
<!-- ===========================end virus total ================================== -->
<a id="malware_permissions" class="anchor"></a>
<section class="content">
Expand Down Expand Up @@ -1822,6 +1879,7 @@ <h5 class="description-header">{{ code_analysis.summary.suppressed }}</h5>
</div>
</section>
<!-- ===========================end malware permissions ================================== -->
{% endif %}
<style>
#chartdiv {
width: 100%;
Expand Down
54 changes: 54 additions & 0 deletions mobsf/templates/static_analysis/ios_binary_analysis.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,12 @@
</p>
</a>
<ul class="nav nav-treeview">
<li class="nav-item">
<a href="#malware_lookup" class="nav-link">
<i class="fa fa-ban nav-icon"></i>
<p>Malware Lookup</p>
</a>
</li>
{% if virus_total %}
<li class="nav-item">
<a href="#virus_total" class="nav-link">
Expand Down Expand Up @@ -1280,6 +1286,54 @@ <h5 class="description-header">{{ binary_analysis.summary.suppressed }}</h5>
</div>
</section>
<!-- ===========================end firebase db analysis ================================== -->
<!---Malware Analysis Section-->
<a id="malware_lookup" class="anchor"></a>
<section class="content">
<div class="container-fluid">
<div class="row">
<div class="col-lg-12">
<div class="card">
<div class="card-body">
<p>
<strong><i class="fa fa-ban"></i> MALWARE LOOKUP</strong>
</p>
<div class="table-responsive">
<div class="row">
<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-danger"><a href="https://www.virustotal.com/gui/file/{{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> VirusTotal Report</a></span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-warning"></i><a href="https://tria.ge/s?q={{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> Triage Report</a>
</span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-info"><a href="https://metadefender.com/results/hash/{{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> MetaDefender Report</a>
</span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-success"><a href="https://www.hybrid-analysis.com/search?query={{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> Hybrid Analysis Report</a>
</span>
</div>
</div>
</div>
</div>
</div><!-- /.card -->
</div>
<!-- end row -->
</div>
</div>
</section>
<!-- ===========================end malware lookup ================================== -->
{% if virus_total %}
<a id="virus_total" class="anchor"></a>
<section class="content">
Expand Down
56 changes: 56 additions & 0 deletions mobsf/templates/static_analysis/windows_binary_analysis.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,14 @@
Binary Analysis
</p>
</a>
</li>
<li class="nav-item">
<a href="#malware_lookup" class="nav-link">
<i class="fa fa-ban nav-icon"></i>
<p>
Malware Lookup
</p>
</a>
</li>
{% if virus_total %}
<li class="nav-item">
Expand Down Expand Up @@ -280,6 +288,54 @@ <h5 class="card-title"></h5>
</div>
</section>
<!-- ===========================end binary analysis ================================== -->
<!---Malware Analysis Section-->
<a id="malware_lookup" class="anchor"></a>
<section class="content">
<div class="container-fluid">
<div class="row">
<div class="col-lg-12">
<div class="card">
<div class="card-body">
<p>
<strong><i class="fa fa-ban"></i> MALWARE LOOKUP</strong>
</p>
<div class="table-responsive">
<div class="row">
<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-danger"><a href="https://www.virustotal.com/gui/file/{{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> VirusTotal Report</a></span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-warning"></i><a href="https://tria.ge/s?q={{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> Triage Report</a>
</span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-info"><a href="https://metadefender.com/results/hash/{{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> MetaDefender Report</a>
</span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-success"><a href="https://www.hybrid-analysis.com/search?query={{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> Hybrid Analysis Report</a>
</span>
</div>
</div>
</div>
</div>
</div><!-- /.card -->
</div>
<!-- end row -->
</div>
</div>
</section>
<!-- ===========================end malware lookup ================================== -->
{% if virus_total %}
<a id="virus_total" class="anchor"></a>
<section class="content">
Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[tool.poetry]
name = "mobsf"
version = "4.1.9"
version = "4.2.0"
description = "Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis."
keywords = ["mobsf", "mobile security framework", "mobile security", "security tool", "static analysis", "dynamic analysis", "malware analysis"]
authors = ["Ajin Abraham <[email protected]>"]
Expand Down
Loading