simplify extensions

mobsf/MobSF/settings.py

@@ -103,12 +103,18 @@
  'application/x-zip-compressed',
  'binary/octet-stream',
 ]
+# Supported File Extensions
 APPX_MIME = [
  'application/octet-stream',
  'application/vns.ms-appx',
  'application/x-zip-compressed',
 ]
-
+ANDROID_EXTS = (
+ 'apk', 'xapk', 'apks', 'zip',
+ 'aab', 'so', 'jar', 'aar',
+)
+IOS_EXTS = ('ipa', 'dylib', 'a')
+WINDOWS_EXTS = ('appx',)
 # REST API only mode
 # Set MOBSF_API_ONLY to 1 to enable REST API only mode
 # In this mode, web UI related urls are disabled.

mobsf/MobSF/views/api/api_static_analysis.py

@@ -2,6 +2,7 @@
 """MobSF REST API V 1."""
 from django.http import HttpResponse
 from django.views.decorators.csrf import csrf_exempt
+from django.conf import settings
 
 from mobsf.StaticAnalyzer.models import (
  RecentScansDB,
@@ -66,8 +67,7 @@ def api_scan(request):
  {'error': 'The file is not uploaded/available'}, 500)
  scan_type = robj[0].SCAN_TYPE
  # APK, Source Code (Android/iOS) ZIP, SO, JAR, AAR
- if scan_type in {'xapk', 'apk', 'apks', 'aab',
- 'zip', 'so', 'jar', 'aar'}:
+ if scan_type in settings.ANDROID_EXTS:
  resp = static_analyzer(request, checksum, True)
  if 'type' in resp:
  resp = static_analyzer_ios(request, checksum, True)
@@ -76,14 +76,14 @@ def api_scan(request):
  else:
  response = make_api_response(resp, 200)
  # IPA
- elif scan_type in {'ipa', 'dylib', 'a'}:
+ elif scan_type in settings.IOS_EXTS:
  resp = static_analyzer_ios(request, checksum, True)
  if 'error' in resp:
  response = make_api_response(resp, 500)
  else:
  response = make_api_response(resp, 200)
  # APPX
- elif scan_type == 'appx':
+ elif scan_type in settings.WINDOWS_EXTS:
  resp = windows.staticanalyzer_windows(request, checksum, True)
  if 'error' in resp:
  response = make_api_response(resp, 500)

mobsf/StaticAnalyzer/tests.py

@@ -14,17 +14,7 @@
 
 RESCAN = False
 # Set RESCAN to True if Static Analyzer Code is modified
-EXTS = (
- '.xapk',
- '.apk',
- '.ipa',
- '.appx',
- '.zip',
- '.a',
- '.so',
- '.dylib',
- '.aar',
- '.jar')
+EXTS = settings.ANDROID_EXTS + settings.IOS_EXTS + settings.WINDOWS_EXTS
 
 
 def static_analysis_test():

mobsf/StaticAnalyzer/views/android/static_analyzer.py

@@ -132,12 +132,9 @@ def static_analyzer(request, checksum, api=False):
  api)
  typ = robj[0].SCAN_TYPE
  filename = robj[0].FILE_NAME
- allowed_exts = (
- '.apk', '.xapk', '.zip', '.apks',
- '.aab', '.jar', '.aar', '.so')
- allowed_typ = [i.replace('.', '') for i in allowed_exts]
+ allowed_exts = tuple(f'.{i}' for i in settings.ANDROID_EXTS)
  if (not filename.lower().endswith(allowed_exts)
- or typ not in allowed_typ):
+ or typ not in settings.ANDROID_EXTS):
  return print_n_send_error_response(
  request,
  'Invalid file extension or file type',

mobsf/StaticAnalyzer/views/common/shared_func.py

@@ -411,12 +411,12 @@ def scan_library(request, checksum):
  return print_n_send_error_response(request, msg)
  with open(sfile, 'rb') as f:
  libchecksum = handle_uploaded_file(f, ext)
- if ext in ('.ipa', '.dylib', '.a'):
+ if ext in [f'.{i}' for i in settings.IOS_EXTS]:
  static_analyzer = 'static_analyzer_ios'
  elif ext == '.appx':
  # Not applicable, but still set it
  static_analyzer = 'windows_static_analyzer'
- elif ext in ('.zip', '.so', '.jar', '.aar', '.apk', '.xapk'):
+ elif ext in [f'.{i}' for i in settings.ANDROID_EXTS]:
  static_analyzer = 'static_analyzer'
  else:
  msg = 'Extension not supported'

mobsf/StaticAnalyzer/views/ios/static_analyzer.py

@@ -105,10 +105,11 @@ def static_analyzer_ios(request, checksum, api=False):
  if file_type == 'dylib' and not Path(filename).suffix:
  # Force dylib extension on Frameworks
  filename = f'{filename}.dylib'
- allowed_exts = ('ios', '.ipa', '.zip', '.dylib', '.a')
- allowed_typ = [i.replace('.', '') for i in allowed_exts]
+ ios_exts = tuple(f'.{i}' for i in settings.IOS_EXTS)
+ allowed_exts = ios_exts + ('.zip', 'ios')
+ allowed_types = settings.IOS_EXTS + ('zip', 'ios')
  if (not filename.lower().endswith(allowed_exts)
- or file_type not in allowed_typ):
+ or file_type not in allowed_types):
  return print_n_send_error_response(
  request,
  'Invalid file extension or file type',

mobsf/StaticAnalyzer/views/windows/windows.py

@@ -91,7 +91,7 @@ def staticanalyzer_windows(request, checksum, api=False):
  api)
  typ = robj[0].SCAN_TYPE
  filename = robj[0].FILE_NAME
- if typ != 'appx':
+ if typ not in settings.WINDOWS_EXTS:
  return print_n_send_error_response(
  request,
  'File type not supported',