HOTFIX: Feature updates and Bug Fixes (#2197)

* OFAC, jquery bump, tox fix
* AAR handle multiple application tags

Author: ajinabraham

mobsf/MalwareAnalyzer/views/MalwareDomainCheck.py

@@ -78,6 +78,19 @@ def update_maltrail_db(self):
     def gelocation(self):
         """Perform Geolocation."""
         try:
+            ofac_list = {
+                'cuba', 'iran', 'north korea',
+                'russia', 'syria', 'balkans',
+                'belarus', 'myanmar', 'congo',
+                'ethiopia', 'hong kong', 'iraq',
+                'lebanon', 'libya', 'sudan',
+                'venezuela', 'yemen', 'zimbabwe',
+                'crimea', 'donetsk', 'luhansk',
+                'afghanistan', 'china', 'ivory coast',
+                'cyprus', 'eritrea', 'haiti',
+                'liberia', 'somalia', 'sri lanka',
+                'vietnam', 'south sudan',
+            }
             self.IP2Loc.open(self.iplocbin)
             for domain in self.domainlist:
                 # Tag Good Domains
@@ -94,6 +107,16 @@ def gelocation(self):
                 if ip:
                     rec = self.IP2Loc.get_all(ip)
                     self.result[domain]['geolocation'] = rec.__dict__
+                    country = rec.__dict__.get('country_long')
+                    region = rec.__dict__.get('region')
+                    city = rec.__dict__.get('city')
+                    self.result[domain]['ofac'] = False
+                    if country and country.lower() in ofac_list:
+                        self.result[domain]['ofac'] = True
+                    elif region and region.lower() in ofac_list:
+                        self.result[domain]['ofac'] = True
+                    elif city and city.lower() in ofac_list:
+                        self.result[domain]['ofac'] = True
                 else:
                     self.result[domain]['geolocation'] = None
         except Exception:

mobsf/MobSF/init.py

@@ -10,7 +10,7 @@
 
 logger = logging.getLogger(__name__)
 
-VERSION = '3.6.7'
+VERSION = '3.6.8'
 BANNER = """
   __  __       _    ____  _____       _____  __   
  |  \/  | ___ | |__/ ___||  ___|_   _|___ / / /_  

mobsf/StaticAnalyzer/views/android/manifest_analysis.py

@@ -299,6 +299,8 @@ def manifest_analysis(mfxml, man_data_dic, src_type, app_dir):
             minsdk = man_data_dic.get('min_sdk')
             ret_list.append(('vulnerable_os_version', (minsdk,), ()))
         # APPLICATIONS
+        # Handle multiple application tags in AAR
+        backupDisabled = False
         for application in applications:
             # Esteve 23.07.2016 - begin - identify permission at the
             # application level
@@ -323,9 +325,10 @@ def manifest_analysis(mfxml, man_data_dic, src_type, app_dir):
             if application.getAttribute('android:allowBackup') == 'true':
                 ret_list.append(('app_allowbackup', (), ()))
             elif application.getAttribute('android:allowBackup') == 'false':
-                pass
+                backupDisabled = True
             else:
-                ret_list.append(('allowbackup_not_set', (), ()))
+                if not backupDisabled:
+                    ret_list.append(('allowbackup_not_set', (), ()))
             if application.getAttribute('android:testOnly') == 'true':
                 ret_list.append(('app_in_test_mode', (), ()))
             for node in application.childNodes:

mobsf/StaticAnalyzer/views/common/appsec.py

@@ -99,6 +99,21 @@ def common_fields(findings, data):
                 'description': str(value['geolocation']),
                 'section': 'domains',
             })
+        if value.get('ofac') and value['ofac'] is True:
+            country = ''
+            if value['geolocation'].get('country_long'):
+                country = value['geolocation'].get('country_long')
+            elif value['geolocation'].get('region'):
+                country = value['geolocation'].get('region')
+            elif value['geolocation'].get('city'):
+                country = value['geolocation'].get('city')
+            findings['hotspot'].append({
+                'title': ('App may communicate to a server '
+                          f'({domain}) in OFAC sanctioned country '
+                          f'({country})'),
+                'description': str(value['geolocation']),
+                'section': 'domains',
+            })
     # Firebase
     for fb in data['firebase_urls']:
         if fb['open']:

mobsf/static/adminlte/plugins/jquery.min.js

@@ -584,6 +584,35 @@ <h5 class="card-title"></h5>
               <div class="table-responsive">
                 <div id="chartdiv"></div>
             </div>
+
+            <div class="table-responsive">
+              {% if domains %}
+              <p></br>This app may communicate with the following OFAC sanctioned list of countries.</p>
+             <table id="table_ofac" class="table table-bordered table-hover table-striped">
+                  <thead>
+                  <tr>
+                     <th>DOMAIN</th>
+                     <th>COUNTRY/REGION</th>
+                  </tr>
+                 </thead>
+                 <tbody>
+                 {% for domain, details in domains.items %}
+                 {% if details|key:"ofac" == True %}
+                  <tr><td>{{domain}}</td>
+                  <td>
+                    <strong>IP: </strong>{{details|key:"geolocation"|key:"ip"}}  <br/>
+                    <strong>Country: </strong>{{details|key:"geolocation"|key:"country_long"}} <br/>
+                    <strong>Region: </strong>{{details|key:"geolocation"|key:"region"}} <br/>
+                    <strong>City: </strong>{{details|key:"geolocation"|key:"city"}} <br/>
+                  </td>
+                  </tr>
+                  {% endif %}
+                  {% endfor %}
+                </tbody>
+            </table>
+             {% endif %}
+            </div>
+  
           </div>
         </div><!-- /.card -->
         </div>

mobsf/templates/dynamic_analysis/android/dynamic_report.html

@@ -734,6 +734,31 @@ <h2><i class="fab fa-quora"></i> QUARK </h2>
         {% endif %}
 -->
       {% if domains  %}
+      <h2><i class="fa fa-exclamation"></i> OFAC SANCTIONED COUNTRIES</h2>
+      <p>This app may communicate with the following OFAC sanctioned list of countries.</p>
+      <table id="table_ofac" class="table table-bordered table-hover table-striped">
+           <thead>
+           <tr>
+              <th>DOMAIN</th>
+              <th>COUNTRY/REGION</th>
+           </tr>
+          </thead>
+          <tbody>
+          {% for domain, details in domains.items %}
+          {% if details|key:"ofac" == True %}
+           <tr><td>{{domain}}</td>
+           <td>
+             <strong>IP: </strong>{{details|key:"geolocation"|key:"ip"}}  <br/>
+             <strong>Country: </strong>{{details|key:"geolocation"|key:"country_long"}} <br/>
+             <strong>Region: </strong>{{details|key:"geolocation"|key:"region"}} <br/>
+             <strong>City: </strong>{{details|key:"geolocation"|key:"city"}} <br/>
+           </td>
+           </tr>
+           {% endif %}
+           {% endfor %}
+         </tbody>
+     </table>
+
       <h2><i class="fab fa-searchengin"></i> DOMAIN MALWARE CHECK</h2>
          <table  class="basic">
                   <thead>

mobsf/templates/pdf/android_report.html

@@ -586,6 +586,32 @@ <h5>CVSS V2:</h5>
 
       {% endif %}
       {% if domains  %}
+
+      <h2><i class="fa fa-exclamation"></i> OFAC SANCTIONED COUNTRIES</h2>
+      <p>This app may communicate with the following OFAC sanctioned list of countries.</p>
+      <table id="table_ofac" class="table table-bordered table-hover table-striped">
+           <thead>
+           <tr>
+              <th>DOMAIN</th>
+              <th>COUNTRY/REGION</th>
+           </tr>
+          </thead>
+          <tbody>
+          {% for domain, details in domains.items %}
+          {% if details|key:"ofac" == True %}
+           <tr><td>{{domain}}</td>
+           <td>
+             <strong>IP: </strong>{{details|key:"geolocation"|key:"ip"}}  <br/>
+             <strong>Country: </strong>{{details|key:"geolocation"|key:"country_long"}} <br/>
+             <strong>Region: </strong>{{details|key:"geolocation"|key:"region"}} <br/>
+             <strong>City: </strong>{{details|key:"geolocation"|key:"city"}} <br/>
+           </td>
+           </tr>
+           {% endif %}
+           {% endfor %}
+         </tbody>
+     </table>
+     
       <h2><i class="fab fa-searchengin"></i> DOMAIN MALWARE CHECK</h2>
          <table  class="basic">
                   <thead>

mobsf/templates/pdf/ios_report.html

@@ -1669,12 +1669,42 @@ <h5 class="description-header">{{ code_analysis.summary.suppressed }}</h5>
               <div class="table-responsive">
                 <div id="chartdiv"></div>
             </div>
-          </div>
-        </div><!-- /.card -->
-        </div>
-        <!-- end row -->
-        </div>
+         
+
+    <div class="table-responsive">
+      {% if domains %}
+      <p></br>This app may communicate with the following OFAC sanctioned list of countries.</p>
+     <table id="table_ofac" class="table table-bordered table-hover table-striped">
+          <thead>
+          <tr>
+             <th>DOMAIN</th>
+             <th>COUNTRY/REGION</th>
+          </tr>
+         </thead>
+         <tbody>
+         {% for domain, details in domains.items %}
+         {% if details|key:"ofac" == True %}
+          <tr><td>{{domain}}</td>
+          <td>
+            <strong>IP: </strong>{{details|key:"geolocation"|key:"ip"}}  <br/>
+            <strong>Country: </strong>{{details|key:"geolocation"|key:"country_long"}} <br/>
+            <strong>Region: </strong>{{details|key:"geolocation"|key:"region"}} <br/>
+            <strong>City: </strong>{{details|key:"geolocation"|key:"city"}} <br/>
+          </td>
+          </tr>
+          {% endif %}
+          {% endfor %}
+        </tbody>
+    </table>
+     {% endif %}
     </div>
+
+  </div>
+  </div><!-- /.card -->
+  </div>
+    <!-- end row -->
+  </div>
+  </div>
 </section>
  <!-- ===========================end server locations ================================== -->
 <a id="malware_check" class="anchor"></a>

mobsf/templates/static_analysis/android_binary_analysis.html

@@ -1184,6 +1184,35 @@ <h5 class="description-header">{{ code_analysis.summary.suppressed }}</h5>
               <div class="table-responsive">
                 <div id="chartdiv"></div>
             </div>
+            
+            <div class="table-responsive">
+              {% if domains %}
+              <p></br>This app may communicate with the following OFAC sanctioned list of countries.</p>
+             <table id="table_ofac" class="table table-bordered table-hover table-striped">
+                  <thead>
+                  <tr>
+                     <th>DOMAIN</th>
+                     <th>COUNTRY/REGION</th>
+                  </tr>
+                 </thead>
+                 <tbody>
+                 {% for domain, details in domains.items %}
+                 {% if details|key:"ofac" == True %}
+                  <tr><td>{{domain}}</td>
+                  <td>
+                    <strong>IP: </strong>{{details|key:"geolocation"|key:"ip"}}  <br/>
+                    <strong>Country: </strong>{{details|key:"geolocation"|key:"country_long"}} <br/>
+                    <strong>Region: </strong>{{details|key:"geolocation"|key:"region"}} <br/>
+                    <strong>City: </strong>{{details|key:"geolocation"|key:"city"}} <br/>
+                  </td>
+                  </tr>
+                  {% endif %}
+                  {% endfor %}
+                </tbody>
+            </table>
+             {% endif %}
+            </div>
+
           </div>
         </div><!-- /.card -->
         </div>