[EFR05] Enterprise Feature Request: AAR and JAR support#2163
Merged
ajinabraham merged 4 commits intomasterfrom Apr 17, 2023
Merged
[EFR05] Enterprise Feature Request: AAR and JAR support#2163ajinabraham merged 4 commits intomasterfrom
ajinabraham merged 4 commits intomasterfrom
Conversation
|
👋 @ajinabraham |
| return redirect('/download/' + file_name) | ||
| src = app_dir / file_name | ||
| dst = dwd_dir / file_name | ||
| shutil.copy2(src.as_posix(), dst.as_posix()) |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression
| return redirect('/download/' + file_name) | ||
| src = app_dir / file_name | ||
| dst = dwd_dir / file_name | ||
| shutil.copy2(src.as_posix(), dst.as_posix()) |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression
| src = app_dir / file_name | ||
| dst = dwd_dir / file_name | ||
| shutil.copy2(src.as_posix(), dst.as_posix()) | ||
| return redirect(f'/download/{file_name}') |
Check warning
Code scanning / CodeQL
URL redirection from remote source
superpoussin22
approved these changes
Apr 16, 2023
Collaborator
superpoussin22
left a comment
There was a problem hiding this comment.
sounds good on my side , it works with 2 aar I upload to MobSF
brice-syslogic
added a commit
to cyberspect/Mobile-Security-Framework-MobSF
that referenced
this pull request
Sep 7, 2023
* HOTFIX: EFR01 Enterprise feature request (MobSF#1908) * Replace Warning with Medium and added Hotspot * Add file analysis to hotspot * Enterprise Feature Request Flag * EFR01 changes * version bump * update quark & frida (MobSF#1903) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Update tldextract from 3.1.2 to 3.2.0 (MobSF#1910) * upgrade apktool to 2.6.1 (MobSF#1915) * Hotfix: Update slack link * Hotfix: update slack link * Hotfix: Slack link * Hotfix:Slack link * Hotfix:Slack link * Introduce jadx decompilation timeout with env var (MobSF#1916) * Introduce jadx decompilation timeout with env var - exception for timeout - replace subprocess.call for run Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Update ip2location from 8.6.4 to 8.7.2 (MobSF#1926) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Scheduled weekly dependency update for week 13 (MobSF#1931) * Update quark-engine from 22.2.1 to 22.3.1 * update lief Co-authored-by: Ajin Abraham <ajin25@gmail.com> * update apkid (MobSF#1939) * Fix dynamic report_json api bug (MobSF#1934) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Hotfix: LIEF * Update README.md (MobSF#1951) * update jadx to 1.3.4 (MobSF#1941) * update jadx to 1.3.4 * update lief * update jadx and requirements * Scheduled weekly dependency update for week 22 (MobSF#1972) * Update ip2location from 8.7.3 to 8.7.4 * Update quark-engine from 22.4.1 to 22.5.1 * Update frida from 15.1.17 to 15.1.23 * Update tldextract from 3.2.1 to 3.3.0 * Check for updates via GitHub releases (MobSF#1957) * Check the GitHub releases page for latest version number * Update utils.py Only log distro if not empty (or spaces) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Update cert_analysis.py (MobSF#1948) * Update cert_analysis.py Flag on MD5 hash algorithm in signer certificate * Update cert_analysis.py Co-authored-by: Ajin Abraham <ajin25@gmail.com> * HOTFIX: Update Readme with Rewards Banner * Update frida from 15.1.23 to 15.1.24 (MobSF#1975) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * HOTFIX: openSSL link and readme update * Hotfix: Broken slack channel link fix * Hotfix: Windows setup script * Feature Parity Allow iOS IPA download (MobSF#1977) * Allow iOS IPA download * Code QA * Add the checking of the parent element of the permission-related elements to manifest analysis (MobSF#1905) * Add the checking of the parent element of the permission-related elements to manifest analysis Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Remove RELRO (MobSF#1978) * Revert "Add the checking of the parent element of the permission-related elements to manifest analysis (MobSF#1905)" (MobSF#1984) HOTFIX: Revert MobSF#1905 * Scheduled weekly dependency update for week 26 (MobSF#1986) * Update ip2location from 8.7.4 to 8.8.0 * Update frida from 15.1.24 to 15.1.27 * Update quark-engine from 22.5.1 to 22.6.1 (MobSF#1989) * Scheduled weekly dependency update for week 28 (MobSF#1993) * Update frida from 15.1.27 to 15.1.28 * Update tldextract from 3.3.0 to 3.3.1 * HOTFIX: libsast, iOS Rule, M1 Mac support * Hotfix MobSF#1999 * Update frida from 15.1.28 to 15.2.2 (MobSF#2002) * Update README.md (MobSF#2020) add Badge App * Fix bug MobSF#1917 where checking for stripped debugging symbols produces false positives in iOS. (MobSF#2023) Co-authored-by: Toor <toor@DES-macOS-pentest.local> Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Update ip2location from 8.8.0 to 8.8.1 (MobSF#2035) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * update apkid to 2.1.4 (MobSF#2037) * Adding tarfile member sanitization to extractall() (MobSF#2039) Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com> Co-authored-by: Ajin Abraham <ajin25@gmail.com> * fix res directory not exist (MobSF#2042) Fix the problem that the res resource folder does not exist, the solution is to copy from the apktool_out directory * [EFR-02]Enterprise Feature Request - False Positive Triaging (MobSF#2000) * Suppression logic * Android code analysis suppression * Fixes MobSF#1981 * iOS source support bundle id extraction * iOS Source Code - Suppression support * Remove check in CFBundleURLName * iOS Binary code analysis suppression support * Add Code QL * Suppression support for Manifest analysis * Fixes MobSF#2014 * REST API + Docs * Address review comments * update suppression wordings * Fixes MobSF#2043 * Icon analysis code QA * Unit Test for False Positive Triaging * Adding numeric_owner as a keyword argument (MobSF#2050) numeric_owner needs to be a keyword argument. * Scheduled weekly dependency update for week 41 (MobSF#2046) * Update quark-engine from 22.6.1 to 22.9.1 * Update frida from 15.2.2 to 16.0.1 * Update tldextract from 3.3.1 to 3.4.0 * Update openstep-parser from 1.5.3 to 1.5.4 Co-authored-by: Ajin Abraham <ajin25@gmail.com> * HOTFIX: revert frida to 15.X * HOTFIX: UI changes and warning on mobsf.live (MobSF#2051) * UI changes and warning on mobsf.live * Update home.html * HOTFIX: Split certificate analysis out, suppression list fixes (MobSF#2052) * Hotfix: ui on donate page * Hotfix: Homescreen Navbar * Hotfix: UI icon * hotfix for quyark rules location (MobSF#2053) * HOTFIX: jadx update to 1.4.5 (MobSF#2064) * jadx update to 1.4.5 * MobSF version bump * Fixes CVE-2022-42889 in third party dependency * Installation script error: Solving spelling error (MobSF#2067) changed "installtion" to "installation" * Android APK support extracting icon SVG from XML (MobSF#2060) * Added support for SVG icon extraction * Add jar binaries * code refactoring * Update settings.py * HOTFIX: Setup improvement (MobSF#2078) * Improve setup scripts. * Python support to 3.8 - 3.10 * Delete MobSF data directory on running setup. * Bump applicable dependencies. * Apktool 2.7.0 update (MobSF#2082) * Update apktool to version 2.7.0 * HOTFIX: Icon should be a file * version bump * New Android Manifest Rule: App support vulnerable android versions (MobSF#2114) * add a new rule: dangerous os version * qa * lint checks * run lint test on one os * Support for filenames containing & (MobSF#2129) Co-authored-by: none <none@none.com> * HOTFIX: Fix docker build (MobSF#2135) * Fix Scorecard Severity Distribution chart data (MobSF#2140) * HOTIX: Update Dockerfile to install jq (MobSF#2149) * Update Dockerfile * Update tox.ini * [HOTFIX] Add support for environment variable for MobSF config (MobSF#2150) * add support for environment variable config * Fixes MobSF#2109 * update lief * HOTFIX: Fixes MobSF#2144 * HOTFIX: Android min SDK check on janus vulnerability detection (MobSF#2159) * Android min SDK check on janus check * Update README.md * [Enterprise Feature Request EFR02] Support summary of severity in each section. (MobSF#2160) * Summary for Android and iOS SCA * [EFR05] Enterprise Feature Request: AAR and JAR support (MobSF#2163) * AAR and JAR support * Enable binary analysis for aar/jar * Scheduled weekly dependency update for week 24 (MobSF#2187) * Update ip2location from 8.9.0 to 8.10.0 * Update quark-engine from 22.10.1 to 23.5.1 * Update LIEF from to 0.13.1 * Update tldextract from 3.4.0 to 3.4.4 * Update requirements.txt --------- Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Update requirements.txt 0.13.1 not available. * HOTFIX: update lief * Revert Hotfix * HOTFIX: Feature updates and Bug Fixes (MobSF#2197) * OFAC, jquery bump, tox fix * AAR handle multiple application tags * HOTFIX: MobSF Android Dynamic Analysis Docker Support (MobSF#2214) * MobSF Android Docker Support * Pin pip version * Update mobsf-test.yml * updated requirements.txt to most recent django backend version and returned the data object internal to the class method scan_apk in mobsf/MobSF/views/scanning.py instead of the class's self.data. * had to remove all returns of self.data from the scanning methods in mobsf/MobSF/views/scanning.py and just return the data object local to the method. * Bug and lint fixes * Lint fixes, JAR/AAR fix * Lint fix * Spell check update * Attempt at fixing template error --------- Co-authored-by: Ajin Abraham <ajin25@gmail.com> Co-authored-by: superpoussin22 <vincent.nadal@orange.fr> Co-authored-by: pyup.io bot <github-bot@pyup.io> Co-authored-by: Matej Soroka <hi@matejsoroka.com> Co-authored-by: N1neSun <917549681@qq.com> Co-authored-by: Ajin.Abraham <ajin.abraham@chime.com> Co-authored-by: Dapo Adedire <adedireadedapo19@gmail.com> Co-authored-by: Atarii <atarii@users.noreply.github.com> Co-authored-by: Han0nly <byxiaohanzhang@foxmail.com> Co-authored-by: rustaska <11994805+rustaska@users.noreply.github.com> Co-authored-by: Toor <toor@DES-macOS-pentest.local> Co-authored-by: TrellixVulnTeam <112716341+TrellixVulnTeam@users.noreply.github.com> Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com> Co-authored-by: ohyeah521 <ohyeah521@gmail.com> Co-authored-by: th3-d4v1d-c0de <116191845+th3-d4v1d-c0de@users.noreply.github.com> Co-authored-by: evmxattr <evmxattr@users.noreply.github.com> Co-authored-by: none <none@none.com> Co-authored-by: antoinbo <87284775+antoinbo@users.noreply.github.com> Co-authored-by: brice-syslogic <65510350+brice-syslogic@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Describe the Pull Request
Checklist for PR
tox -e lint,testStaticAnalyzer/tests.py)Additional Comments (if any)