HOTFIX: Code QA, Move Version String, USE_HOME by default + Others (s…

…ee desc) (#1712) * Move Version to init.py * Default to Use HOME from MobSF v3.4 * Update Checking improvement * New Android Rule AES ECB Default * Update all code locations to dynamically detect config/settings location. * Rescan Code QA Re: #1670
MobSF · Mar 27, 2021 · c660ca0 · c660ca0
1 parent d7823dc
commit c660ca0
Show file tree

Hide file tree

Showing 20 changed files with 1,905 additions and 1,324 deletions.
diff --git a/.github/workflows/auto-comment.yml b/.github/workflows/auto-comment.yml
@@ -17,6 +17,6 @@ jobs:
           pullRequestOpened: >
             👋 @{{ author }}
             
-            Thank you for sending this pull request.
+            Thank you for sending this pull request ❤️.
             
-            Please make sure you have followed our contributing guidelines. We will review it as soon as possible
+            Please make sure you have followed our [contribution guidelines](https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/master/.github/CONTRIBUTING.md). We will review it as soon as possible
diff --git a/Dockerfile b/Dockerfile
@@ -81,9 +81,8 @@ RUN \
 # Copy source code
 COPY . .
 
-# Enable Use Home Directory and set adb path
-RUN sed -i 's/USE_HOME = False/USE_HOME = True/g' mobsf/MobSF/settings.py && \
-    sed -i "s#ADB_BINARY = ''#ADB_BINARY = '/usr/bin/adb'#" mobsf/MobSF/settings.py
+# Set adb binary path
+RUN sed -i "s#ADB_BINARY = ''#ADB_BINARY = '/usr/bin/adb'#" mobsf/MobSF/settings.py
 
 # Postgres support is set to false by default
 ARG POSTGRES=False

diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # Mobile Security Framework (MobSF)
-Version: v3.3 beta
+Version: v3.4 beta
 ![](https://cloud.githubusercontent.com/assets/4301109/20019521/cc61f7fc-a2f2-11e6-95f3-407030d9fdde.png)
 
 Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, XAPK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.

diff --git a/mobsf/DynamicAnalyzer/views/android/dynamic_analyzer.py b/mobsf/DynamicAnalyzer/views/android/dynamic_analyzer.py
@@ -65,6 +65,7 @@ def dynamic_analysis(request, api=False):
                    'identifier': identifier,
                    'proxy_ip': proxy_ip,
                    'proxy_port': settings.PROXY_PORT,
+                   'settings_loc': get_config_loc(),
                    'title': 'MobSF Dynamic Analysis',
                    'version': settings.MOBSF_VER}
         if api:

diff --git a/mobsf/MalwareAnalyzer/views/VirusTotal.py b/mobsf/MalwareAnalyzer/views/VirusTotal.py
@@ -6,6 +6,7 @@
 
 from mobsf.MobSF.utils import (
     file_size,
+    get_config_loc,
     upstream_proxy,
 )
 
@@ -124,12 +125,14 @@ def get_result(self, file_path, file_hash):
                                 upload_response['verbose_msg'])
                 return upload_response
             else:
-                logger.info('MobSF: VirusTotal Scan not performed as file'
-                            ' upload is disabled in settings.py. '
-                            'To enable file upload, set VT_UPLOAD to True.')
+                logger.info('VirusTotal Scan not performed as file'
+                            ' upload is disabled in %s. '
+                            'To enable file upload, '
+                            'set VT_UPLOAD to True.', get_config_loc())
                 report = {
-                    'verbose_msg': ('Scan Not performed, VirusTotal file'
-                                    ' upload disabled in settings.py'),
+                    'verbose_msg': ('Scan not performed, VirusTotal file'
+                                    ' upload disabled '
+                                    'in %s', get_config_loc()),
                     'positives': 0,
                     'total': 0}
                 return report

diff --git a/mobsf/MobSF/init.py b/mobsf/MobSF/init.py
@@ -10,6 +10,16 @@
 
 logger = logging.getLogger(__name__)
 
+VERSION = '3.4.0'
+BANNER = """
+  __  __       _    ____  _____         _____ _  _   
+ |  \/  | ___ | |__/ ___||  ___| __   _|___ /| || |  
+ | |\/| |/ _ \| '_ \___ \| |_    \ \ / / |_ \| || |_ 
+ | |  | | (_) | |_) |__) |  _|    \ V / ___) |__   _|
+ |_|  |_|\___/|_.__/____/|_|       \_/ |____(_) |_|  
+"""  # noqa: W291
+# ASCII Font: Standard
+
 
 def first_run(secret_file, base_dir, mobsf_home):
     # Based on https://gist.github.com/ndarville/3452907#file-secret-key-gen-py
@@ -127,3 +137,7 @@ def get_mobsf_home(use_home, base_dir):
         return mobsf_home
     except Exception:
         logger.exception('Creating MobSF Home Directory')
+
+
+def get_mobsf_version():
+    return BANNER, VERSION, f'v{VERSION} Beta'