Skip to content

Commit

Permalink
Merge iOS Framework and Dylib Analysis
Browse files Browse the repository at this point in the history
  • Loading branch information
@ajinabraham
ajinabraham committed Dec 16, 2023
1 parent 924a878 commit d4dd27f
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 86 deletions.
3 changes: 2 additions & 1 deletion mobsf/MobSF/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -763,13 +763,14 @@ def replace(value, arg):

def relative_path(value):
"""Show relative path to two parents."""
sep = None
if '/' in value:
sep = '/'
elif '\\\\' in value:
sep = '\\\\'
elif '\\' in value:
sep = '\\'
if value.count(sep) < 2:
if not sep or value.count(sep) < 2:
return value
path = Path(value)
return path.relative_to(path.parent.parent).as_posix()
Expand Down
4 changes: 3 additions & 1 deletion mobsf/StaticAnalyzer/views/common/shared_func.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -382,8 +382,10 @@ def scan_library(request, checksum):
if not is_safe_path(lib_dir.as_posix(), sfile.as_posix()):
msg = 'Path Traversal Detected!'
return print_n_send_error_response(request, msg)

ext = sfile.suffix
if not ext and 'Frameworks' in relative_path:
# Force Dylib on Frameworks
ext = '.dylib'
if not sfile.exists():
msg = 'Library File not found'
return print_n_send_error_response(request, msg)
Expand Down
3 changes: 3 additions & 0 deletions mobsf/StaticAnalyzer/views/ios/static_analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,9 @@ def static_analyzer_ios(request, checksum, api=False):
api)
file_type = robj[0].SCAN_TYPE
filename = robj[0].FILE_NAME
if file_type == 'dylib' and not Path(filename).suffix:
# Force dylib extension on Frameworks
filename = f'{filename}.dylib'
allowed_exts = ('ios', '.ipa', '.zip', '.dylib', '.a')
allowed_typ = [i.replace('.', '') for i in allowed_exts]
if (not filename.lower().endswith(allowed_exts)
Expand Down
39 changes: 9 additions & 30 deletions mobsf/templates/pdf/ios_report.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -516,14 +516,14 @@ <h2><i class="fa fa-braille"></i> IPA BINARY ANALYSIS</h2>
</tbody>
</table>
{% endif %}

{% if dylib_analysis and app_type not in 'A' %}
<h2><i class="fa fa-flag"></i> DYNAMIC LIBRARY BINARY ANALYSIS</h2>
{% if app_type not in 'A' %}
{% if dylib_analysis or framework_analysis %}
<h2><i class="fa fa-flag"></i> DYNAMIC LIBRARY & FRAMEWORK BINARY ANALYSIS</h2>
<table class="basic">
<thead>
<tr>
<th>NO</th>
<th>DYLIB</th>
<th>DYLIB/FRAMEWORK</th>
<th>NX</th>
<th>STACK CANARY</th>
<th>ARC</th>
Expand Down Expand Up @@ -568,28 +568,7 @@ <h2><i class="fa fa-flag"></i> DYNAMIC LIBRARY BINARY ANALYSIS</h2>
<br/>{{dy.symbol.description}}</td>
</tr>
{% endfor %}
</tbody>
</table>
{% endif %}

{% if framework_analysis and app_type not in 'A' %}
<h2><i class="fa fa-archive"></i> FRAMEWORK BINARY ANALYSIS</h2>
<table class="basic">
<thead>
<tr>
<th>NO</th>
<th>FRAMEWORK</th>
<th>NX</th>
<th>STACK CANARY</th>
<th>ARC</th>
<th>RPATH</th>
<th>CODE SIGNATURE</th>
<th>ENCRYPTED</th>
<th>SYMBOLS STRIPPED</th>
</tr>
</thead>
<tbody>
{% for frm in framework_analysis %}
{% for frm in framework_analysis %}
<tr>
<td>{{ forloop.counter }}</td>
<td>{{frm.name}}</td>
Expand Down Expand Up @@ -623,10 +602,10 @@ <h2><i class="fa fa-archive"></i> FRAMEWORK BINARY ANALYSIS</h2>
<br/>{{frm.symbol.description}}</td>
</tr>
{% endfor %}
</tbody>
</table>
{% endif %}

</tbody>
</table>
{% endif %}
{% endif %}
<!--static library-->
{% if app_type in 'A' %}
<h2><i class="fa fa-flag"></i> STATIC LIBRARY BINARY ANALYSIS</h2>
Expand Down
63 changes: 9 additions & 54 deletions mobsf/templates/static_analysis/ios_binary_analysis.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,13 +119,7 @@
<li class="nav-item">
<a href="#dylib_analysis" class="nav-link">
<i class="nav-icon fas fa-flag"></i>
<p>Dylib Analysis</p>
</a>
</li>
<li class="nav-item">
<a href="#framework_analysis" class="nav-link">
<i class="nav-icon fa fa-archive"></i>
<p>Framework Analysis</p>
<p>Dylib & Framework Analysis</p>
</a>
</li>
{% endif %}
Expand Down Expand Up @@ -925,15 +919,15 @@ <h5 class="description-header">{{ binary_analysis.summary.suppressed }}</h5>
<div class="card">
<div class="card-body">
<p>
<strong><i class="fa fa-flag"></i> DYNAMIC LIBRARY BINARY ANALYSIS</strong>
<strong><i class="fa fa-flag"></i> DYNAMIC LIBRARY & FRAMEWORK BINARY ANALYSIS</strong>
</p>
<div class="table-responsive">
<table id="table_dylib" class="table table-bordered table-hover table-striped">
<thead>
<tr>
{% if app_type not in 'Dylib' %}
<th>NO</th>
<th>DYLIB</th>
<th>DYLIB/FRAMEWORK</th>
{% endif %}
<th>NX</th>
<th>STACK CANARY</th>
Expand All @@ -945,8 +939,8 @@ <h5 class="description-header">{{ binary_analysis.summary.suppressed }}</h5>
</tr>
</thead>
<tbody>
{% if not dylib_analysis %}
No Dylibs found.
{% if not dylib_analysis and not framework_analysis %}
No Dylibs/Frameworks found.
{% endif %}
{% for dy in dylib_analysis %}
<tr>
Expand Down Expand Up @@ -986,51 +980,12 @@ <h5 class="description-header">{{ binary_analysis.summary.suppressed }}</h5>
<br/>{{dy.symbol.description}}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>

</div>
</div><!-- /.card -->
</div>
<!-- end row -->
</div>
</div>
</section>
<!-- ===========================end dylib analysis ================================== -->
<a id="framework_analysis" class="anchor"></a>
<section class="content">
<div class="container-fluid">
<div class="row">
<div class="col-lg-12">
<div class="card">
<div class="card-body">
<p>
<strong><i class="fa fa-archive"></i> FRAMEWORK BINARY ANALYSIS</strong>
</p>
<div class="table-responsive">
<table id="table_framework" class="table table-bordered table-hover table-striped">
<thead>
<tr>
<th>NO</th>
<th>FRAMEWORK</th>
<th>NX</th>
<th>STACK CANARY</th>
<th>ARC</th>
<th>RPATH</th>
<th>CODE SIGNATURE</th>
<th>ENCRYPTED</th>
<th>SYMBOLS STRIPPED</th>
</tr>
</thead>
<tbody>
{% if not framework_analysis %}
No Frameworks found.
{% endif %}
{% for frm in framework_analysis %}
<tr>
<td>{{ forloop.counter }}</td>
<td>{{frm.name}}</td>
<td>{{frm.name | relative_path}}</br>
<a class="btn btn-primary btn-xs" href="{% url 'scan_library' checksum=md5 %}?library={{ frm.name }}" target="_blank" rel="noopener noreferrer"><i class="fa fa-search"></i> Analyze</a>
</td>
<td><b>{{frm.nx.has_nx}}</b>
<br/>
<span class="badge bg-{% if frm.nx.severity == 'high' %}danger{% elif frm.nx.severity == 'warning' %}warning{% else %}info{% endif %}">{{frm.nx.severity}}</span>
Expand Down Expand Up @@ -1072,7 +1027,7 @@ <h5 class="description-header">{{ binary_analysis.summary.suppressed }}</h5>
</div>
</div>
</section>
<!-- ===========================end framework analysis ================================== -->
<!-- ===========================end dylib analysis ================================== -->
{% endif %}
<!--static library-->
{% if app_type in 'A' %}
Expand Down

0 comments on commit d4dd27f

Please sign in to comment.