mobsfscan
mobsfscan copied to clipboard
MobSF
mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis r...
I noticed that the full framework has [rules dealing with the network-security-config.xml file](https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/master/mobsf/StaticAnalyzer/views/android/network_security.py), which are implemented in Python and seem to not be included in mobsfscan (unless mobsfscan somehow includes...
## Overview This PR includes changes to support the `security-severity` property of a given code scanning alert. By doing this, a given alert will be assigned a severity of low,...
Fixed 4 issues related to metadata: - the semgrep rules have `reference` key. This should be `references` to be compliant with semgrep required format - the semgrep rules `reference` key...
Identified 4 issues related to metadata field (reference and cwe) are not in semgrep recommended format : - the semgrep rules have `reference` key. This should be `references` to be...
We've recently updated our `targetSdk` from `33` to `34` and all was fine while using `mobsfscan` version `v0.3.4`. Once we updated to `mobsfscan` version `v0.3.5` we started having 2 false...
https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2195 ``` Hi, recently I work on a collection of Semgrep rules to cover the static tests described by the OWASP MASTG. This is the official repo: https://github.com/mindedsecurity/semgrep-rules-android-security Why not...
If the network_security_config file contains multiple domain-config blocks, the scan fails in the function clear_text_traffic_permitted network_security_config.xml: ``` domainA domainB ``` The scan fails with exception: ``` * Error: 'list' object...
