From 036d80bcce0dbbc7f73923b347288fb75196cf05 Mon Sep 17 00:00:00 2001
From: "Ajin.Abraham" <ajin.abraham@chime.com>
Date: Sat, 16 Dec 2023 21:13:57 -0800
Subject: [PATCH] Fixes #2307

---
 mobsf/MobSF/views/home.py                         | 2 +-
 mobsf/StaticAnalyzer/views/common/binary/macho.py | 6 +++++-
 mobsf/templates/base/base_layout.html             | 2 +-
 mobsf/templates/general/about.html                | 2 +-
 mobsf/templates/general/apidocs.html              | 4 ++--
 mobsf/templates/general/home.html                 | 4 ++--
 scripts/mass_static_analysis.py                   | 4 ++--
 7 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/mobsf/MobSF/views/home.py b/mobsf/MobSF/views/home.py
index c4cf9a2a7a..b66e7583c9 100755
--- a/mobsf/MobSF/views/home.py
+++ b/mobsf/MobSF/views/home.py
@@ -164,7 +164,7 @@ def upload(self):
 def api_docs(request):
     """Api Docs Route."""
     context = {
-        'title': 'REST API Docs',
+        'title': 'API Docs',
         'api_key': api_key(),
         'version': settings.MOBSF_VER,
     }
diff --git a/mobsf/StaticAnalyzer/views/common/binary/macho.py b/mobsf/StaticAnalyzer/views/common/binary/macho.py
index 9d4ca34f05..d08e2a2819 100644
--- a/mobsf/StaticAnalyzer/views/common/binary/macho.py
+++ b/mobsf/StaticAnalyzer/views/common/binary/macho.py
@@ -2,6 +2,7 @@
 # coding=utf-8
 import shutil
 import subprocess
+from pathlib import Path
 
 import lief
 
@@ -75,7 +76,10 @@ def checksec(self):
                 'to execute reliably.')
         else:
             severity = 'high'
-            if self.macho_name.endswith('.dylib'):
+            ext = Path(self.macho_name).suffix
+            # PIE check not applicable for static and dynamic libraries
+            if (ext == '.dylib'
+                    or (not ext and '.framework' in self.macho_name)):
                 severity = 'info'
             desc = (
                 'The binary is built without Position '
diff --git a/mobsf/templates/base/base_layout.html b/mobsf/templates/base/base_layout.html
index 94ea285eed..d423d7446c 100644
--- a/mobsf/templates/base/base_layout.html
+++ b/mobsf/templates/base/base_layout.html
@@ -41,7 +41,7 @@
         <li class="nav-item d-none d-sm-inline-block"><a href="{% url 'recent' %}" class="nav-link">RECENT SCANS</a></li>
         <li class="nav-item d-none d-sm-inline-block"><a href="{% url 'home' %}" class="nav-link">STATIC ANALYZER</a></li>
         <li class="nav-item d-none d-sm-inline-block"><a href="{% url 'dynamic' %}" class="nav-link">DYNAMIC ANALYZER</a></li>
-        <li class="nav-item d-none d-sm-inline-block"><a href="{% url 'api_docs' %}" class="nav-link">REST API</a></li>
+        <li class="nav-item d-none d-sm-inline-block"><a href="{% url 'api_docs' %}" class="nav-link">API</a></li>
         <li class="nav-item d-none d-sm-inline-block"><a href="{% url 'donate' %}" class="nav-link">DONATE ♥</a></li>
         <li class="nav-item d-none d-sm-inline-block"><a target="_blank" href="https://mobsf.github.io/docs/#/" class="nav-link">DOCS</a></li>
         <li class="nav-item d-none d-sm-inline-block"><a href="{% url 'about' %}" class="nav-link">ABOUT</a></li>
diff --git a/mobsf/templates/general/about.html b/mobsf/templates/general/about.html
index e444650d90..64b2ce9164 100644
--- a/mobsf/templates/general/about.html
+++ b/mobsf/templates/general/about.html
@@ -14,7 +14,7 @@
                 <h1>About Mobile Security Framework</h1>
               
                   <p class="lead">
-                  Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, XAPK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline. The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.
+                  Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, XAPK, IPA & APPX) along with zipped source code and provides APIs for seamless integration with your CI/CD or DevSecOps pipeline. The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.
                  </p>
                   <p> <strong>Author:</strong> <a href="//twitter.com/ajinabraham">Ajin Abraham</a> </p>      
                   <h2>Active Collaborators</h2>
diff --git a/mobsf/templates/general/apidocs.html b/mobsf/templates/general/apidocs.html
index cc7105a58c..37c1d27882 100644
--- a/mobsf/templates/general/apidocs.html
+++ b/mobsf/templates/general/apidocs.html
@@ -19,9 +19,9 @@
       <div class="col-lg-12">
         <div class="card">
           <div class="card-body">
-            <h1><strong>REST API Docs</strong></h1>
+            <h1><strong>API Docs</strong></h1>
             <p class="lead">
-              REST API Key: <strong><code>{{ api_key}}</code></strong>
+              API Key: <strong><code>{{ api_key}}</code></strong>
             </p>
 
             <!--API Docs -->
diff --git a/mobsf/templates/general/home.html b/mobsf/templates/general/home.html
index 09204302f6..eba13a359d 100644
--- a/mobsf/templates/general/home.html
+++ b/mobsf/templates/general/home.html
@@ -35,7 +35,7 @@
                         <a class="nav-link" href="{% url 'dynamic' %}">DYNAMIC ANALYZER</a>
                     </li>
                     <li class="nav-item">
-                        <a class="nav-link" href="{% url 'api_docs' %}">REST API</a>
+                        <a class="nav-link" href="{% url 'api_docs' %}">API</a>
                     </li>
                 </ul>
                 <ul class="navbar-nav ml-auto">
@@ -88,7 +88,7 @@ <h5 id="status"></h5>
 
 
                   <div class="inner">
-                     <h6> <a href="{% url 'recent' %}">RECENT SCANS</a>  |  <a href="{% url 'dynamic' %}">DYNAMIC ANALYZER</a>  |  <a href="{% url 'api_docs' %}">REST API</a>   |  <a href="{% url 'donate' %}">DONATE ♥</a> |  <a target="_blank"
+                     <h6> <a href="{% url 'recent' %}">RECENT SCANS</a>  |  <a href="{% url 'dynamic' %}">DYNAMIC ANALYZER</a>  |  <a href="{% url 'api_docs' %}">API</a>   |  <a href="{% url 'donate' %}">DONATE ♥</a> |  <a target="_blank"
                          href="https://mobsf.github.io/docs/#/">DOCS</a>  | <a href="{% url 'about' %}">ABOUT</a></h6>
                      </br>
                      <p>&copy; {% now "Y" %}  Mobile Security Framework - MobSF {{ version }}</p>
diff --git a/scripts/mass_static_analysis.py b/scripts/mass_static_analysis.py
index 4102fbc673..e9db8cf3c5 100755
--- a/scripts/mass_static_analysis.py
+++ b/scripts/mass_static_analysis.py
@@ -73,7 +73,7 @@ def start_scan(directory, server_url, apikey, rescan='0'):
                                'of a running MobSF Server. '
                                '(ex: 127.0.0.1:8000)')
     parser.add_argument(
-        '-k', '--apikey', help='MobSF REST API Key')
+        '-k', '--apikey', help='MobSF API Key')
     parser.add_argument(
         '-r', '--rescan', help='Run a fresh scan. '
                                'Value can be 1 or 0 (Default: 0)')
@@ -86,7 +86,7 @@ def start_scan(directory, server_url, apikey, rescan='0'):
         apikey = args.apikey
         rescan = args.rescan
         if not is_server_up(server_url):
-            print('MobSF REST API Server is not running at ' + server_url)
+            print('MobSF API Server is not running at ' + server_url)
             print('Exiting!')
             exit(0)
         # MobSF is running, start scan