-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support MobSF (https://github.com/MobSF/Mobile-Security-Framework-MobSF) as a Dracon producer. Since MobSF runs as a server and exposes a REST API for uploading mobile app projects to be scanned, this requires the MobSF container to be vendorised and integrated into Dracon with a wrapper that initialises MobSF, identifies individual MobSF-compatible mobile app projects within the target code base, compresses and uploads these projects to MobSF, retrieves and filters scan reports, and transforms reported problems into Dracon Issues.
- Loading branch information
1 parent
c11ef14
commit da3fdbf
Showing
14 changed files
with
1,229 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
subinclude("@third_party/subrepos/pleasings//docker") | ||
|
||
go_binary( | ||
name = "entrypoint", | ||
srcs = [ | ||
"cli.go", | ||
"main.go", | ||
"project.go", | ||
], | ||
out = "entrypoint", | ||
deps = [ | ||
"//api/proto:v1", | ||
"//pkg/template:template", | ||
"//producers:producers", | ||
"//producers/mobsf/report:report", | ||
"//producers/mobsf/report/android:android", | ||
"//producers/mobsf/report/ios:ios", | ||
], | ||
) | ||
|
||
docker_image( | ||
name = "mobsf", | ||
srcs = [ | ||
":entrypoint", | ||
], | ||
dockerfile = "Dockerfile-producer-mobsf", | ||
image = "dracon-producer-mobsf", | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
FROM opensecurity/mobile-security-framework-mobsf:v3.1.1 as mobsf | ||
|
||
COPY /entrypoint / | ||
|
||
WORKDIR / | ||
ENTRYPOINT ["/entrypoint"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
package main | ||
|
||
import ( | ||
"fmt" | ||
"regexp" | ||
"strings" | ||
) | ||
|
||
// Exclusions represents a list of MobSF static analysis scan rules whose | ||
// findings should be ignored when scan reports are being processed by the tool. | ||
// A rule is given by its ID (the value of the "id" key in the YAML files in the | ||
// directories below), and must be prefixed with either "android." or "ios." as | ||
// appropriate. | ||
// - Android: https://github.com/MobSF/Mobile-Security-Framework-MobSF/tree/master/StaticAnalyzer/views/android/rules | ||
// - iOS: https://github.com/MobSF/Mobile-Security-Framework-MobSF/tree/master/StaticAnalyzer/views/ios/rules | ||
type Exclusions struct { | ||
All []string | ||
PerPlatform map[string]map[string]bool | ||
} | ||
|
||
// String returns the Exclusions in its canonical string form (a comma-delimited | ||
// list of values in the order in which they were added). | ||
func (e *Exclusions) String() string { | ||
if e.All == nil { | ||
return "" | ||
} | ||
return strings.Join(e.All, ",") | ||
} | ||
|
||
// Set defines a value for the Exclusions, given a comma-delimited list of | ||
// values as a string. | ||
func (e *Exclusions) Set(value string) error { | ||
for _, id := range strings.Split(value, ",") { | ||
if found, _ := regexp.MatchString(`^(android|ios)\.`, id); !found { | ||
return fmt.Errorf("rule ID must begin with either 'android.' or 'ios.'") | ||
} | ||
|
||
e.All = append(e.All, id) | ||
|
||
split := strings.SplitN(id, ".", 2) | ||
platform := split[0] | ||
mobSFID := split[1] | ||
if _, found := e.PerPlatform[platform]; !found { | ||
e.PerPlatform[platform] = make(map[string]bool) | ||
} | ||
e.PerPlatform[platform][mobSFID] = true | ||
} | ||
|
||
return nil | ||
} | ||
|
||
// SetFor returns a map whose keys represent rule IDs that should be excluded | ||
// when scanning projects for the given platform. | ||
func (e *Exclusions) SetFor(platform string) map[string]bool { | ||
if _, found := e.PerPlatform[platform]; found { | ||
return e.PerPlatform[platform] | ||
} else { | ||
return map[string]bool{} | ||
} | ||
} | ||
|
||
// CLI represents the command line options supported by this tool. | ||
type CLI struct { | ||
InPath string | ||
OutPath string | ||
CodeAnalysisExclusions Exclusions | ||
} | ||
|
||
// NewCLI creates and initialises a new CLI struct. | ||
func NewCLI() *CLI { | ||
cli := new(CLI) | ||
|
||
cli.CodeAnalysisExclusions.PerPlatform = make(map[string]map[string]bool) | ||
|
||
return cli | ||
} |
Oops, something went wrong.