HOTFIX: MobSF Android Dynamic Analysis Docker Support (#2214)

ajinabraham · web-flow · commit d021da6eab6b · 2023-07-21T23:41:45.000-07:00
* MobSF Android Docker Support

* Pin pip version

* Update mobsf-test.yml
diff --git a/.github/workflows/mobsf-test.yml b/.github/workflows/mobsf-test.yml
@@ -25,10 +25,13 @@ jobs:
       uses: actions/setup-python@v1
       with:
         python-version: ${{ matrix.python-version }}
+    - name: Setup Pip
+      run: |
+        python -m pip install pip==22.3.1
     - name: Lint
       if: startsWith(matrix.os, 'ubuntu')
       run: |
-        python -m pip install --upgrade pip tox
+        python -m pip install --upgrade tox
         tox -e lint
     - name: Install Ubuntu Dependencies
       if: startsWith(matrix.os, 'ubuntu')
diff --git a/Dockerfile b/Dockerfile
@@ -80,9 +80,9 @@ WORKDIR /home/mobsf/Mobile-Security-Framework-MobSF
 # Copy source code
 COPY . .
 
-# Set adb binary path and apktool directory
-RUN sed -i "s#ADB_BINARY = ''#ADB_BINARY = '/usr/bin/adb'#" mobsf/MobSF/settings.py && \
-    mkdir -p /home/mobsf/.local/share/apktool/framework
+# Set adb binary path and create apktool framework directory
+ENV MOBSF_ADB_BINARY=/usr/bin/adb
+RUN mkdir -p /home/mobsf/.local/share/apktool/framework
 
 # Postgres support is set to false by default
 ARG POSTGRES=False
diff --git a/mobsf/DynamicAnalyzer/tools/webproxy.py b/mobsf/DynamicAnalyzer/tools/webproxy.py
@@ -8,7 +8,7 @@
 
 from django.conf import settings
 
-from mobsf.MobSF.utils import is_file_exists, upstream_proxy
+from mobsf.MobSF.utils import upstream_proxy
 
 logger = logging.getLogger(__name__)
 
@@ -61,17 +61,17 @@ def create_ca():
                      stdout=None,
                      stderr=None,
                      close_fds=True)
-    time.sleep(2)
+    time.sleep(3)
 
 
 def get_ca_file():
     """Get CA Dir."""
     from mitmproxy import ctx
     ca_dir = Path(ctx.mitmproxy.options.CONF_DIR).expanduser()
-    ca_file = os.path.join(str(ca_dir), 'mitmproxy-ca-cert.pem')
-    if not is_file_exists(ca_file):
+    ca_file = ca_dir / 'mitmproxy-ca-cert.pem'
+    if not ca_file.exists():
         create_ca()
-    return ca_file
+    return ca_file.as_posix()
 
 
 def get_traffic(package):
diff --git a/mobsf/DynamicAnalyzer/views/android/dynamic_analyzer.py b/mobsf/DynamicAnalyzer/views/android/dynamic_analyzer.py
@@ -75,6 +75,7 @@ def dynamic_analysis(request, api=False):
         try:
             if identifier:
                 env = Environment(identifier)
+                env.connect()
                 device_packages = env.get_device_packages()
                 pkg_file = Path(settings.DWD_DIR) / 'packages.json'
                 with pkg_file.open('w', encoding='utf-8') as target:
diff --git a/mobsf/DynamicAnalyzer/views/android/environment.py b/mobsf/DynamicAnalyzer/views/android/environment.py
@@ -17,6 +17,7 @@
 from frida import __version__ as frida_version
 
 from mobsf.DynamicAnalyzer.tools.webproxy import (
+    create_ca,
     get_ca_file,
     get_http_tools_url,
     start_proxy,
@@ -35,7 +36,7 @@
 from mobsf.StaticAnalyzer.models import StaticAnalyzerAndroid
 
 logger = logging.getLogger(__name__)
-ANDROID_API_SUPPORTED = 29
+ANDROID_API_SUPPORTED = 30
 
 
 class Environment:
@@ -51,8 +52,9 @@ def __init__(self, identifier=None):
 
     def wait(self, sec):
         """Wait in Seconds."""
-        logger.info('Waiting for %s seconds...', str(sec))
-        time.sleep(sec)
+        if sec > 0:
+            logger.info('Waiting for %s seconds...', str(sec))
+            time.sleep(sec)
 
     def check_connect_error(self, output):
         """Check if connect failed."""
@@ -61,12 +63,19 @@ def check_connect_error(self, output):
             return False
         return True
 
-    def run_subprocess_verify_output(self, cmd):
+    def run_subprocess_verify_output(self, cmd, wait=2):
         """Run subprocess and verify execution."""
         out = subprocess.check_output(cmd)  # lgtm [py/command-line-injection]
-        self.wait(2)                        # adb shell is allowed
+        self.wait(wait)                        # adb shell is allowed
         return self.check_connect_error(out)
 
+    def connect(self):
+        """ADB Connect."""
+        logger.info('Connecting to Android %s', self.identifier)
+        self.run_subprocess_verify_output([get_adb(),
+                                           'connect',
+                                           self.identifier], 0)
+
     def connect_n_mount(self):
         """Test ADB Connection."""
         self.adb_command(['kill-server'])
@@ -564,6 +573,7 @@ def mobsfy_init(self):
 
     def mobsf_agents_setup(self, agent):
         """Setup MobSF agents."""
+        create_ca()
         # Install MITM RootCA
         self.install_mobsf_ca('install')
         # Install MobSF Agents
diff --git a/mobsf/MobSF/init.py b/mobsf/MobSF/init.py
@@ -10,7 +10,7 @@
 
 logger = logging.getLogger(__name__)
 
-VERSION = '3.6.8'
+VERSION = '3.6.9'
 BANNER = """
   __  __       _    ____  _____       _____  __   
  |  \/  | ___ | |__/ ___||  ___|_   _|___ / / /_  
diff --git a/mobsf/templates/dynamic_analysis/dynamic_analysis.html b/mobsf/templates/dynamic_analysis/dynamic_analysis.html
@@ -87,7 +87,7 @@ <h3 class="card-title">Android Runtime not found!</h3>
                      <div class="col-md-9">
                         <h4>MobSF Dynamic Analyzer Supports</h4>
                         <h5>
-                          <strong>• Genymotion Android VM</strong> version 4.1 - 10.0 (x86, upto API 29)<br/>
+                          <strong>• Genymotion Android VM</strong> version 4.1 - 11.0 (x86, upto API 30)<br/>
                           <strong>• Android Emulator AVD</strong> (non production) version 5.0 - 9.0 (arm, arm64, x86, and x86_64 upto API 28)
                         </h5>
                         <p>
