Skip to content

Merge upstream v4.4.1#245

Merged
crickard-sl merged 257 commits intomasterfrom
merge-upstream-v4.4.1
Jan 7, 2026
Merged

Merge upstream v4.4.1#245
crickard-sl merged 257 commits intomasterfrom
merge-upstream-v4.4.1

Conversation

@crickard-sl
Copy link
Copy Markdown

@crickard-sl crickard-sl commented Jan 7, 2026

No description provided.

ajinabraham and others added 30 commits March 10, 2022 07:00
@ajinabraham
Hotfix:Slack link
c1afb4f
@ajinabraham
Hotfix:Slack link
dba910d
@ajinabraham
Introduce jadx decompilation timeout with env var (MobSF#1916)
c190a38 
* Introduce jadx decompilation timeout with env var
- exception for timeout
- replace subprocess.call for run


Co-authored-by: Ajin Abraham <ajin25@gmail.com>
@pyup-bot @ajinabraham
Update ip2location from 8.6.4 to 8.7.2 (MobSF#1926)
9dea1a2 
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
@pyup-bot @ajinabraham
Scheduled weekly dependency update for week 13 (MobSF#1931)
c49b045 
* Update quark-engine from 22.2.1 to 22.3.1

* update lief

Co-authored-by: Ajin Abraham <ajin25@gmail.com>
@superpoussin22
update apkid (MobSF#1939)
ba176e1
@N1neSun @ajinabraham
Fix dynamic report_json api bug (MobSF#1934)
c4f5130 
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
@ajinabraham
Hotfix: LIEF
16788ad
@dapoadedire
Update README.md (MobSF#1951)
1842969
@superpoussin22
update jadx to 1.3.4 (MobSF#1941)
664367e 
* update jadx to 1.3.4
* update lief
* update jadx and requirements
@pyup-bot
Scheduled weekly dependency update for week 22 (MobSF#1972)
1800d36 
* Update ip2location from 8.7.3 to 8.7.4

* Update quark-engine from 22.4.1 to 22.5.1

* Update frida from 15.1.17 to 15.1.23

* Update tldextract from 3.2.1 to 3.3.0
@atarii @ajinabraham
Check for updates via GitHub releases (MobSF#1957)
b76963f 
* Check the GitHub releases page for latest version number

* Update utils.py

Only log distro if not empty (or spaces)

Co-authored-by: Ajin Abraham <ajin25@gmail.com>
@atarii @ajinabraham
Update cert_analysis.py (MobSF#1948)
19e4602 
* Update cert_analysis.py

Flag on MD5 hash algorithm in signer certificate

* Update cert_analysis.py

Co-authored-by: Ajin Abraham <ajin25@gmail.com>
@ajinabraham
HOTFIX: Update Readme with Rewards Banner
e83cefc
@pyup-bot @ajinabraham
Update frida from 15.1.23 to 15.1.24 (MobSF#1975)
51b215b 
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
@ajinabraham
HOTFIX: openSSL link and readme update
e9cb1af
@ajinabraham
Hotfix: Broken slack channel link fix
1a5f9a7
@ajinabraham
Hotfix: Windows setup script
49bf0ee
@ajinabraham
Feature Parity Allow iOS IPA download (MobSF#1977)
7b49912 
* Allow iOS IPA download

* Code QA
@Han0nly @ajinabraham
Add the checking of the parent element of the permission-related elem…
774eae4 
…ents to manifest analysis (MobSF#1905)

* Add the checking of the parent element of the permission-related elements to manifest analysis

Co-authored-by: Ajin Abraham <ajin25@gmail.com>
@ajinabraham
Remove RELRO (MobSF#1978)
db3e516
@ajinabraham
Revert "Add the checking of the parent element of the permission-rela…
c2d1127 
…ted elements to manifest analysis (MobSF#1905)" (MobSF#1984)

HOTFIX: Revert MobSF#1905
@pyup-bot
Scheduled weekly dependency update for week 26 (MobSF#1986)
14c8c09 
* Update ip2location from 8.7.4 to 8.8.0

* Update frida from 15.1.24 to 15.1.27
@pyup-bot
Update quark-engine from 22.5.1 to 22.6.1 (MobSF#1989)
4a5a000
@pyup-bot
Scheduled weekly dependency update for week 28 (MobSF#1993)
e7e839f 
* Update frida from 15.1.27 to 15.1.28

* Update tldextract from 3.3.0 to 3.3.1
@ajinabraham
HOTFIX: libsast, iOS Rule, M1 Mac support
c630a90
@ajinabraham
Hotfix MobSF#1999
767896e
@pyup-bot
Update frida from 15.1.28 to 15.2.2 (MobSF#2002)
2906854
@superpoussin22
Update README.md (MobSF#2020)
e042252 
add Badge App
@rustaska @ajinabraham
Fix bug MobSF#1917 where checking for stripped debugging symbols prod…
3ae54e8 
…uces false positives in iOS. (MobSF#2023)

Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
ajinabraham and others added 26 commits December 2, 2024 22:38
@ajinabraham
Update README.md
8310104
@ajinabraham
HOTFIX: Show Abused Permissions, Fix Download AAB, Dependency bump
3223736
@ajinabraham
dependencies bump + show resources
fbf5674
@dmarushkin @ajinabraham
Save only unique intent priorities in findings (MobSF#2474)
17332e8 
* Save only unique intent priorities in findings

* Save only unique intent priorities in findings

* Save only unique intent priorities in findings

* Save only unique intent priorities in findings

---------

Co-authored-by: Dmitry Maryushkin <dmmaryushkin@ozon.ru>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
@dmarushkin @ajinabraham
Add files list in scorecard desc (MobSF#2473)
180de6b 
* Add files list in scorecard desc
* fix lint

---------

Co-authored-by: Dmitry Maryushkin <dmmaryushkin@ozon.ru>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
@ajinabraham @ByteSnipers
Byte snipers patch 2 (MobSF#2477)
79b2d28 
* Fix for missing 'packaging.metadata module

Changed the packaging version to 24.2

Co-authored-by: ByteSnipers GmbH <55362478+ByteSnipers@users.noreply.github.com>
@ajinabraham @nick-lupien
Dep bump + Support HTTPS upgrade for Assetlinks check (MobSF#2484)
d1d3b7a 
* Fix false positives caused in Android manifest analysis
* Dep bumps + Support HTTPS upgrade for Assetlinks check
* MobSF version bump to 4.3.0

---------

Co-authored-by: Nick Lupien <github@worg.io>
@ajinabraham
[SECURITY] Security update to fix vulnerabilities reported by Positiv…
05206e7 
…e Technologies researchers (MobSF#2488)

* Fix Stored XSS in iOS Dynamic Analysis, GHSA-cxqq-w3x5-7ph3
* Fix DOS by loose re_path check and strict check inside function, GHSA-jrm8-xgf3-fwqr
* Fix API Key leakage, replace REST API with authenticated endpoint, GHSA-79f6-p65j-3m2m
* Update SECURITY.md
@Antiksec @ajinabraham
Saml group mapping (MobSF#2487)
ae34f7c 
* add SSO groups mapping

* typo corrected

---------

Co-authored-by: Khabarov Konstantin Olegovich <kkhabarov@ozon.ru>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
@ajinabraham
March 25 QA (MobSF#2504)
5064346 
* Dependency bump
* Strict firebaseio domain check
* Fix frida server download proxy SSL verify config
* Fix CI build on mac
@ajinabraham
[SECURITY] Improve SSRF checks, strict path check for well_known_path (
4b8bab5 
…MobSF#2510)

* Improved SSRF checks (credential checks, length check, port check, path, query, and params check, ipv6, ipv4 coverage, handle possible decimal or hex IP bypasses)
* Add additional strict path check for Applink well known path
* Moved `valid_host` to `security.py`
* Update `security.md`
* Bump dependencies
* Fix docker build
@jpierson-at-riis
Fix misspelling of the word unpatched (MobSF#2515)
92ac55e
@lorakste @ajinabraham
Correct CVSS calculation by accessing findings key properly (MobSF#2511)
df9c53d 
Fixed an issue where the average CVSS score calculation was incorrect due to improper access to the findings key within the JSON structure. The calculation logic was bypassing the findings key and therefore failing to extract valid CVSS scores.

Co-authored-by: Ajin Abraham <ajin25@gmail.com>
@ajinabraham
pin lxml version as well
caa223d
@ajinabraham
Lint fixing:
702e9b2
@ajinabraham
update postgres to 14
cecec6e
@ajinabraham
v4.3.3 Security Updates (MobSF#2518)
6987a94 
* Fix GHSA-mwfg-948f-2cc5

* stricter email case validation

* Fix GHSA-c5vg-26p8-q8cr

* Bump deps

* Lint QA
@ajinabraham
June 22nd 2025 updates (MobSF#2530)
7e0355c 
* Breaking change: Frida 17+ support and script updates
* Breaking change: Corellium iOS device must install frida >=17
* Updated Frida scripts for logging, ssl/cert pinning bypass
* Added bridges support to frida
* Poetry dependency updates
* Fix Frida Code Editor code alignment issues
* Fix Google Play Scrapper timeout issues behind proxy
* Apply MobSF proxy settings to standalone tools_download.py
@cpuu @ajinabraham
fix(ios_analyzer): Correctly resolve executable path in .app bundles (M…
4953756 
…obSF#2533)

* fix(ios_analyzer): Correctly resolve executable path in .app bundles

The previous method for locating the executable within an IPA file was failing for apps with spaces in their `.app` bundle name. The logic incorrectly performed a string replacement on the full path of the bundle, resulting in an invalid path to the binary.

This commit refactors the path resolution logic to use `pathlib` features correctly. It now finds the `.app` directory as a `Path` object and uses the `.stem` attribute to reliably determine the executable's name. This approach is more robust, properly handles spaces and special characters in filenames, and avoids fragile string manipulation.

* Add doc string back

* Update mobsf/StaticAnalyzer/views/ios/binary_analysis.py

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Ajin Abraham <ajin25@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@ajinabraham
[Security] Fix Vulnerabilities Aug 2025 MobSF v4.4.1 (MobSF#2545)
7f3bc08 
Bump dependencies
Fix Security Vulnerabilities reported by @noname1337h1
GHSA-9gh8-9r95-3fc3
GHSA-ccc3-fvfx-mw3v
@crickard-sl
MobSF platform update, merge v4.4.1
f2f750d
@crickard-sl
Added missing permissions section
4803e31
@crickard-sl
Repaired urlpatterns entries from mistaken merge conflict resolution
597e68d
@crickard-sl
Add Queue tab to base layout
d5bdab6
@crickard-sl
Tie postgres to v14
445f324
@crickard-sl
Update version to 4.4.1
53a3d91
@github-actions
Copy link
Copy Markdown

github-actions bot commented Jan 7, 2026

👋 @crickard-sl
Thank you for sending this pull request ❤️.
Please make sure you have followed our contribution guidelines. We will review it as soon as possible

github-advanced-security[bot]
github-advanced-security AI found potential problems Jan 7, 2026
View reviewed changes
Comment thread mobsf/DynamicAnalyzer/views/common/frida/views.py Dismissed
Comment thread mobsf/DynamicAnalyzer/views/common/frida/views.py Dismissed
Comment thread mobsf/DynamicAnalyzer/views/common/frida/views.py Dismissed
Comment thread mobsf/DynamicAnalyzer/views/common/frida/views.py Dismissed
Comment thread mobsf/DynamicAnalyzer/views/common/frida/views.py Dismissed
Comment thread mobsf/MobSF/tools_download.py Dismissed
Comment thread mobsf/MobSF/views/home.py Dismissed
Comment thread mobsf/MobSF/views/home.py Dismissed
Comment thread mobsf/StaticAnalyzer/views/ios/binary_analysis.py Dismissed
@crickard-sl crickard-sl merged commit 1909089 into master Jan 7, 2026
9 checks passed
@crickard-sl crickard-sl deleted the merge-upstream-v4.4.1 branch January 7, 2026 17:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.