├── .dockerignore ├── .github ├── FUNDING.yml └── workflows │ ├── codeql.yml │ ├── docker-latest.yml │ ├── docker-release.yml │ ├── publish.yml │ └── tests.yml ├── .gitignore ├── Dockerfile ├── LICENSE ├── MANIFEST.in ├── Pipfile ├── Pipfile.lock ├── README.md ├── SECURITY.md ├── action.md ├── action.yml ├── dev-requirements.txt ├── mobsfscan ├── __init__.py ├── __main__.py ├── exceptions.py ├── formatters │ ├── __init__.py │ ├── cli.py │ ├── json_fmt.py │ ├── sarif.py │ └── sonarqube.py ├── logger.py ├── manifest.py ├── manifest_metadata.py ├── mobsfscan.py ├── rules │ ├── patterns │ │ ├── android │ │ │ └── kotlin │ │ │ │ ├── best_practices.yaml │ │ │ │ └── kotlin_rules.yaml │ │ └── ios │ │ │ ├── objectivec │ │ │ ├── best_practices.yaml │ │ │ └── objective_c_rules.yaml │ │ │ └── swift │ │ │ ├── best_practices.yaml │ │ │ └── swift_rules.yaml │ └── semgrep │ │ ├── android │ │ ├── hidden_ui.yaml │ │ ├── logging.yaml │ │ ├── secrets.yaml │ │ └── word_readable_writable.yaml │ │ ├── best_practices │ │ ├── android_safetynetapi.yaml │ │ ├── flag_secure.yaml │ │ ├── root_detection.yaml │ │ ├── tapjacking.yaml │ │ ├── tls_certificate_transparency.yaml │ │ └── tls_pinning.yaml │ │ ├── crypto │ │ ├── aes_ecb.yaml │ │ ├── aes_encryption_keys.yaml │ │ ├── cbc_padding_oracle.yaml │ │ ├── cbc_static_iv.yaml │ │ ├── insecure_random.yaml │ │ ├── insecure_ssl_v3.yaml │ │ ├── rsa_no_oeap.yaml │ │ ├── sha1_hash.yaml │ │ ├── weak_ciphers.yaml │ │ ├── weak_hashes.yaml │ │ ├── weak_iv.yaml │ │ └── weak_key_size.yaml │ │ ├── deserialization │ │ ├── jackson_deserialization.yaml │ │ └── object_deserialization.yaml │ │ ├── injection │ │ ├── command_injection.yaml │ │ ├── command_injection_formated.yaml │ │ └── sqlite_injection.yaml │ │ ├── network │ │ ├── accept_self_signed.yaml │ │ └── default_http_client_tls.yaml │ │ ├── webview │ │ ├── webview_allow_file_from_url.yaml │ │ ├── webview_debugging.yaml │ │ ├── webview_external_storage.yaml │ │ ├── webview_file_access.yaml │ │ ├── webview_ignore_ssl_errors.yaml │ │ └── webview_javascript_interface.yaml │ │ └── xxe │ │ ├── xmldecoder_xxe.yaml │ │ ├── xmlfactory_external_entities_enabled.yaml │ │ └── xmlfactory_xxe.yaml ├── settings.py └── utils.py ├── requirements.txt ├── setup.py ├── tests ├── assets │ ├── rules │ │ └── semgrep │ │ │ ├── android │ │ │ ├── hidden_ui.java │ │ │ ├── logging.java │ │ │ ├── secrets.java │ │ │ └── word_readable_writable.java │ │ │ ├── best_practices │ │ │ ├── android_safetynetapi.java │ │ │ ├── flag_secure.java │ │ │ ├── root_detection.java │ │ │ ├── tapjacking.java │ │ │ ├── tls_certificate_transparency.java │ │ │ └── tls_pinning.java │ │ │ ├── crypto │ │ │ ├── aes_ecb.java │ │ │ ├── aes_encryption_keys.java │ │ │ ├── cbc_padding_oracle.java │ │ │ ├── cbc_static_iv.java │ │ │ ├── insecure_random.java │ │ │ ├── insecure_ssl_v3.java │ │ │ ├── rsa_no_oeap.java │ │ │ ├── sha1_hash.java │ │ │ ├── weak_ciphers.java │ │ │ ├── weak_hashes.java │ │ │ ├── weak_iv.java │ │ │ └── weak_key_size.java │ │ │ ├── deserialization │ │ │ ├── jackson_deserialization.java │ │ │ └── object_deserialization.java │ │ │ ├── injection │ │ │ ├── command_injection.java │ │ │ ├── command_injection_formated.java │ │ │ └── sqlite_injection.java │ │ │ ├── network │ │ │ ├── accept_self_signed.java │ │ │ └── default_http_client.tls.java │ │ │ ├── webview │ │ │ ├── webview_allow_file_from_url.java │ │ │ ├── webview_debugging.java │ │ │ ├── webview_external_storage.java │ │ │ ├── webview_file_access.java │ │ │ ├── webview_ignore_ssl_errors.java │ │ │ └── webview_javascript_interface.java │ │ │ └── xxe │ │ │ ├── xmldecoder_xxe.java │ │ │ ├── xmlfactory_external_entities_enabled.java │ │ │ └── xmlfactory_xxe.java │ └── src │ │ ├── .semgrepignore │ │ ├── dot_mobsf │ │ ├── .mobsf │ │ ├── scan_but_ignore.java │ │ ├── scan_but_ignore.kt │ │ ├── skip.java │ │ └── skip_dir │ │ │ └── vuln.java │ │ ├── java │ │ └── java_vuln.java │ │ ├── kotlin │ │ └── kotlin.kt │ │ ├── objc │ │ └── objectivec.m │ │ ├── swift │ │ └── swift.swift │ │ └── xml │ │ ├── nsc_base_config_cert_pinning_bypass.xml │ │ ├── nsc_base_config_clear_text.xml │ │ ├── nsc_base_config_trust_user_certs.xml │ │ ├── nsc_domain_config_clear_text_multiple_domains.xml │ │ ├── nsc_domain_config_clear_text_nested.xml │ │ └── nsc_domain_config_trust_user_certs.xml └── unit │ ├── __init__.py │ ├── setup_test.py │ ├── test_dotfile.py │ ├── test_matcher.py │ ├── test_mobsfscan.py │ └── test_xml.py └── tox.ini /.dockerignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/.dockerignore -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: ajinabraham 2 | custom: ['https://opensecurity.in/donate'] 3 | -------------------------------------------------------------------------------- /.github/workflows/codeql.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/.github/workflows/codeql.yml -------------------------------------------------------------------------------- /.github/workflows/docker-latest.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/.github/workflows/docker-latest.yml -------------------------------------------------------------------------------- /.github/workflows/docker-release.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/.github/workflows/docker-release.yml -------------------------------------------------------------------------------- /.github/workflows/publish.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/.github/workflows/publish.yml -------------------------------------------------------------------------------- /.github/workflows/tests.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/.github/workflows/tests.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/.gitignore -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/LICENSE -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/MANIFEST.in -------------------------------------------------------------------------------- /Pipfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/Pipfile -------------------------------------------------------------------------------- /Pipfile.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/Pipfile.lock -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/README.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/SECURITY.md -------------------------------------------------------------------------------- /action.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/action.md -------------------------------------------------------------------------------- /action.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/action.yml -------------------------------------------------------------------------------- /dev-requirements.txt: -------------------------------------------------------------------------------- 1 | requests -------------------------------------------------------------------------------- /mobsfscan/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/__init__.py -------------------------------------------------------------------------------- /mobsfscan/__main__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/__main__.py -------------------------------------------------------------------------------- /mobsfscan/exceptions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/exceptions.py -------------------------------------------------------------------------------- /mobsfscan/formatters/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /mobsfscan/formatters/cli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/formatters/cli.py -------------------------------------------------------------------------------- /mobsfscan/formatters/json_fmt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/formatters/json_fmt.py -------------------------------------------------------------------------------- /mobsfscan/formatters/sarif.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/formatters/sarif.py -------------------------------------------------------------------------------- /mobsfscan/formatters/sonarqube.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/formatters/sonarqube.py -------------------------------------------------------------------------------- /mobsfscan/logger.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/logger.py -------------------------------------------------------------------------------- /mobsfscan/manifest.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/manifest.py -------------------------------------------------------------------------------- /mobsfscan/manifest_metadata.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/manifest_metadata.py -------------------------------------------------------------------------------- /mobsfscan/mobsfscan.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/mobsfscan.py -------------------------------------------------------------------------------- /mobsfscan/rules/patterns/android/kotlin/best_practices.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/patterns/android/kotlin/best_practices.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/patterns/android/kotlin/kotlin_rules.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/patterns/android/kotlin/kotlin_rules.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/patterns/ios/objectivec/best_practices.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/patterns/ios/objectivec/best_practices.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/patterns/ios/objectivec/objective_c_rules.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/patterns/ios/objectivec/objective_c_rules.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/patterns/ios/swift/best_practices.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/patterns/ios/swift/best_practices.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/patterns/ios/swift/swift_rules.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/patterns/ios/swift/swift_rules.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/android/hidden_ui.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/android/hidden_ui.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/android/logging.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/android/logging.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/android/secrets.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/android/secrets.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/android/word_readable_writable.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/android/word_readable_writable.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/best_practices/android_safetynetapi.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/best_practices/android_safetynetapi.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/best_practices/flag_secure.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/best_practices/flag_secure.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/best_practices/root_detection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/best_practices/root_detection.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/best_practices/tapjacking.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/best_practices/tapjacking.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/best_practices/tls_certificate_transparency.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/best_practices/tls_certificate_transparency.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/best_practices/tls_pinning.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/best_practices/tls_pinning.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/crypto/aes_ecb.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/crypto/aes_ecb.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/crypto/aes_encryption_keys.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/crypto/aes_encryption_keys.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/crypto/cbc_padding_oracle.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/crypto/cbc_padding_oracle.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/crypto/cbc_static_iv.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/crypto/cbc_static_iv.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/crypto/insecure_random.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/crypto/insecure_random.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/crypto/insecure_ssl_v3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/crypto/insecure_ssl_v3.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/crypto/rsa_no_oeap.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/crypto/rsa_no_oeap.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/crypto/sha1_hash.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/crypto/sha1_hash.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/crypto/weak_ciphers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/crypto/weak_ciphers.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/crypto/weak_hashes.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/crypto/weak_hashes.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/crypto/weak_iv.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/crypto/weak_iv.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/crypto/weak_key_size.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/crypto/weak_key_size.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/deserialization/jackson_deserialization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/deserialization/jackson_deserialization.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/deserialization/object_deserialization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/deserialization/object_deserialization.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/injection/command_injection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/injection/command_injection.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/injection/command_injection_formated.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/injection/command_injection_formated.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/injection/sqlite_injection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/injection/sqlite_injection.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/network/accept_self_signed.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/network/accept_self_signed.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/network/default_http_client_tls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/network/default_http_client_tls.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/webview/webview_allow_file_from_url.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/webview/webview_allow_file_from_url.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/webview/webview_debugging.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/webview/webview_debugging.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/webview/webview_external_storage.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/webview/webview_external_storage.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/webview/webview_file_access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/webview/webview_file_access.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/webview/webview_ignore_ssl_errors.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/webview/webview_ignore_ssl_errors.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/webview/webview_javascript_interface.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/webview/webview_javascript_interface.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/xxe/xmldecoder_xxe.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/xxe/xmldecoder_xxe.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/xxe/xmlfactory_external_entities_enabled.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/xxe/xmlfactory_external_entities_enabled.yaml -------------------------------------------------------------------------------- /mobsfscan/rules/semgrep/xxe/xmlfactory_xxe.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/rules/semgrep/xxe/xmlfactory_xxe.yaml -------------------------------------------------------------------------------- /mobsfscan/settings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/settings.py -------------------------------------------------------------------------------- /mobsfscan/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/mobsfscan/utils.py -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/requirements.txt -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/setup.py -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/android/hidden_ui.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/android/hidden_ui.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/android/logging.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/android/logging.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/android/secrets.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/android/secrets.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/android/word_readable_writable.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/android/word_readable_writable.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/best_practices/android_safetynetapi.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/best_practices/android_safetynetapi.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/best_practices/flag_secure.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/best_practices/flag_secure.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/best_practices/root_detection.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/best_practices/root_detection.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/best_practices/tapjacking.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/best_practices/tapjacking.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/best_practices/tls_certificate_transparency.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/best_practices/tls_certificate_transparency.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/best_practices/tls_pinning.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/best_practices/tls_pinning.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/crypto/aes_ecb.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/crypto/aes_ecb.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/crypto/aes_encryption_keys.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/crypto/aes_encryption_keys.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/crypto/cbc_padding_oracle.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/crypto/cbc_padding_oracle.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/crypto/cbc_static_iv.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/crypto/cbc_static_iv.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/crypto/insecure_random.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/crypto/insecure_random.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/crypto/insecure_ssl_v3.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/crypto/insecure_ssl_v3.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/crypto/rsa_no_oeap.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/crypto/rsa_no_oeap.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/crypto/sha1_hash.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/crypto/sha1_hash.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/crypto/weak_ciphers.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/crypto/weak_ciphers.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/crypto/weak_hashes.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/crypto/weak_hashes.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/crypto/weak_iv.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/crypto/weak_iv.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/crypto/weak_key_size.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/crypto/weak_key_size.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/deserialization/jackson_deserialization.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/deserialization/jackson_deserialization.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/deserialization/object_deserialization.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/deserialization/object_deserialization.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/injection/command_injection.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/injection/command_injection.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/injection/command_injection_formated.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/injection/command_injection_formated.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/injection/sqlite_injection.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/injection/sqlite_injection.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/network/accept_self_signed.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/network/accept_self_signed.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/network/default_http_client.tls.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/network/default_http_client.tls.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/webview/webview_allow_file_from_url.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/webview/webview_allow_file_from_url.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/webview/webview_debugging.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/webview/webview_debugging.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/webview/webview_external_storage.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/webview/webview_external_storage.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/webview/webview_file_access.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/webview/webview_file_access.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/webview/webview_ignore_ssl_errors.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/webview/webview_ignore_ssl_errors.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/webview/webview_javascript_interface.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/webview/webview_javascript_interface.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/xxe/xmldecoder_xxe.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/xxe/xmldecoder_xxe.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/xxe/xmlfactory_external_entities_enabled.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/xxe/xmlfactory_external_entities_enabled.java -------------------------------------------------------------------------------- /tests/assets/rules/semgrep/xxe/xmlfactory_xxe.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/rules/semgrep/xxe/xmlfactory_xxe.java -------------------------------------------------------------------------------- /tests/assets/src/.semgrepignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/assets/src/dot_mobsf/.mobsf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/src/dot_mobsf/.mobsf -------------------------------------------------------------------------------- /tests/assets/src/dot_mobsf/scan_but_ignore.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/src/dot_mobsf/scan_but_ignore.java -------------------------------------------------------------------------------- /tests/assets/src/dot_mobsf/scan_but_ignore.kt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/src/dot_mobsf/scan_but_ignore.kt -------------------------------------------------------------------------------- /tests/assets/src/dot_mobsf/skip.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/src/dot_mobsf/skip.java -------------------------------------------------------------------------------- /tests/assets/src/dot_mobsf/skip_dir/vuln.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/src/dot_mobsf/skip_dir/vuln.java -------------------------------------------------------------------------------- /tests/assets/src/java/java_vuln.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/src/java/java_vuln.java -------------------------------------------------------------------------------- /tests/assets/src/kotlin/kotlin.kt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/src/kotlin/kotlin.kt -------------------------------------------------------------------------------- /tests/assets/src/objc/objectivec.m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/src/objc/objectivec.m -------------------------------------------------------------------------------- /tests/assets/src/swift/swift.swift: -------------------------------------------------------------------------------- 1 | print("Salt used: \(self.salt)\n") -------------------------------------------------------------------------------- /tests/assets/src/xml/nsc_base_config_cert_pinning_bypass.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/src/xml/nsc_base_config_cert_pinning_bypass.xml -------------------------------------------------------------------------------- /tests/assets/src/xml/nsc_base_config_clear_text.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/src/xml/nsc_base_config_clear_text.xml -------------------------------------------------------------------------------- /tests/assets/src/xml/nsc_base_config_trust_user_certs.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/src/xml/nsc_base_config_trust_user_certs.xml -------------------------------------------------------------------------------- /tests/assets/src/xml/nsc_domain_config_clear_text_multiple_domains.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/src/xml/nsc_domain_config_clear_text_multiple_domains.xml -------------------------------------------------------------------------------- /tests/assets/src/xml/nsc_domain_config_clear_text_nested.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/src/xml/nsc_domain_config_clear_text_nested.xml -------------------------------------------------------------------------------- /tests/assets/src/xml/nsc_domain_config_trust_user_certs.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/assets/src/xml/nsc_domain_config_trust_user_certs.xml -------------------------------------------------------------------------------- /tests/unit/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/unit/setup_test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/unit/setup_test.py -------------------------------------------------------------------------------- /tests/unit/test_dotfile.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/unit/test_dotfile.py -------------------------------------------------------------------------------- /tests/unit/test_matcher.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/unit/test_matcher.py -------------------------------------------------------------------------------- /tests/unit/test_mobsfscan.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/unit/test_mobsfscan.py -------------------------------------------------------------------------------- /tests/unit/test_xml.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tests/unit/test_xml.py -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MobSF/mobsfscan/HEAD/tox.ini --------------------------------------------------------------------------------