From 3527433e48153ce76d5c4da6e20c21f58969dc7d Mon Sep 17 00:00:00 2001
From: Nick Lupien <github@worg.io>
Date: Tue, 7 Jan 2025 05:25:12 -0500
Subject: [PATCH] Fix false positives caused in Android manifest analysis

---
 .../views/android/manifest_analysis.py               | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/mobsf/StaticAnalyzer/views/android/manifest_analysis.py b/mobsf/StaticAnalyzer/views/android/manifest_analysis.py
index ccd3a7366..25903f98c 100755
--- a/mobsf/StaticAnalyzer/views/android/manifest_analysis.py
+++ b/mobsf/StaticAnalyzer/views/android/manifest_analysis.py
@@ -86,9 +86,11 @@ def is_tls_redirect(url_from: str, url_to: str):
     """Check if redirect is a simple TLS (i.e. safe) upgrade."""
     if not url_from.startswith("http://") or not url_to.startswith("https://"):
         return False
-    
+
     if url_from[7:] == url_to[8:]:
         return True
+    else:
+        return False
 
 
 def _check_url(host, w_url):
@@ -107,13 +109,15 @@ def _check_url(host, w_url):
         status_code = r.status_code
         if status_code in (301, 302):
             redirect_url = r.headers.get('Location')
-            
+
             # recurse (redirect) only if redirect URL is a simple TLS upgrade
             if redirect_url and is_tls_redirect(w_url, redirect_url):
-                logger.info(f'{status_code} Redirect detected (TLS upgrade) || From: {w_url} || To: {redirect_url}')
+                logger.info(
+                    f'{status_code} Redirect detected (TLS upgrade) || From: {w_url} || To: {redirect_url}')
                 return _check_url(host, redirect_url)
             else:
-                logger.warning(f'{status_code} Redirect detected || From: {w_url} || To: {redirect_url}')
+                logger.warning(
+                    f'{status_code} Redirect detected || From: {w_url} || To: {redirect_url}')
                 status = False
         if (str(status_code).startswith('2') and iden in str(r.json())):
             status = True