From bc06132e4407e978d2a68c3f1746df4f83941b95 Mon Sep 17 00:00:00 2001
From: Ajin Abraham <ajin.abraham@chime.com>
Date: Fri, 24 May 2024 20:01:21 -0700
Subject: [PATCH] simplify extensions

---
 mobsf/MobSF/settings.py                              |  8 +++++++-
 mobsf/MobSF/views/api/api_static_analysis.py         |  8 ++++----
 mobsf/StaticAnalyzer/tests.py                        | 12 +-----------
 .../StaticAnalyzer/views/android/static_analyzer.py  |  7 ++-----
 mobsf/StaticAnalyzer/views/common/shared_func.py     |  4 ++--
 mobsf/StaticAnalyzer/views/ios/static_analyzer.py    |  7 ++++---
 mobsf/StaticAnalyzer/views/windows/windows.py        |  2 +-
 7 files changed, 21 insertions(+), 27 deletions(-)

diff --git a/mobsf/MobSF/settings.py b/mobsf/MobSF/settings.py
index 0902f0180a..071ebd55fe 100644
--- a/mobsf/MobSF/settings.py
+++ b/mobsf/MobSF/settings.py
@@ -103,12 +103,18 @@
     'application/x-zip-compressed',
     'binary/octet-stream',
 ]
+# Supported File Extensions
 APPX_MIME = [
     'application/octet-stream',
     'application/vns.ms-appx',
     'application/x-zip-compressed',
 ]
-
+ANDROID_EXTS = (
+    'apk', 'xapk', 'apks', 'zip',
+    'aab', 'so', 'jar', 'aar',
+)
+IOS_EXTS = ('ipa', 'dylib', 'a')
+WINDOWS_EXTS = ('appx',)
 # REST API only mode
 # Set MOBSF_API_ONLY to 1 to enable REST API only mode
 # In this mode, web UI related urls are disabled.
diff --git a/mobsf/MobSF/views/api/api_static_analysis.py b/mobsf/MobSF/views/api/api_static_analysis.py
index e0a095cdac..3aa824afe3 100755
--- a/mobsf/MobSF/views/api/api_static_analysis.py
+++ b/mobsf/MobSF/views/api/api_static_analysis.py
@@ -2,6 +2,7 @@
 """MobSF REST API V 1."""
 from django.http import HttpResponse
 from django.views.decorators.csrf import csrf_exempt
+from django.conf import settings
 
 from mobsf.StaticAnalyzer.models import (
     RecentScansDB,
@@ -66,8 +67,7 @@ def api_scan(request):
             {'error': 'The file is not uploaded/available'}, 500)
     scan_type = robj[0].SCAN_TYPE
     # APK, Source Code (Android/iOS) ZIP, SO, JAR, AAR
-    if scan_type in {'xapk', 'apk', 'apks', 'aab',
-                     'zip', 'so', 'jar', 'aar'}:
+    if scan_type in settings.ANDROID_EXTS:
         resp = static_analyzer(request, checksum, True)
         if 'type' in resp:
             resp = static_analyzer_ios(request, checksum, True)
@@ -76,14 +76,14 @@ def api_scan(request):
         else:
             response = make_api_response(resp, 200)
     # IPA
-    elif scan_type in {'ipa', 'dylib', 'a'}:
+    elif scan_type in settings.IOS_EXTS:
         resp = static_analyzer_ios(request, checksum, True)
         if 'error' in resp:
             response = make_api_response(resp, 500)
         else:
             response = make_api_response(resp, 200)
     # APPX
-    elif scan_type == 'appx':
+    elif scan_type in settings.WINDOWS_EXTS:
         resp = windows.staticanalyzer_windows(request, checksum, True)
         if 'error' in resp:
             response = make_api_response(resp, 500)
diff --git a/mobsf/StaticAnalyzer/tests.py b/mobsf/StaticAnalyzer/tests.py
index 19e9ab7395..aeee70840a 100755
--- a/mobsf/StaticAnalyzer/tests.py
+++ b/mobsf/StaticAnalyzer/tests.py
@@ -14,17 +14,7 @@
 
 RESCAN = False
 # Set RESCAN to True if Static Analyzer Code is modified
-EXTS = (
-    '.xapk',
-    '.apk',
-    '.ipa',
-    '.appx',
-    '.zip',
-    '.a',
-    '.so',
-    '.dylib',
-    '.aar',
-    '.jar')
+EXTS = settings.ANDROID_EXTS + settings.IOS_EXTS + settings.WINDOWS_EXTS
 
 
 def static_analysis_test():
diff --git a/mobsf/StaticAnalyzer/views/android/static_analyzer.py b/mobsf/StaticAnalyzer/views/android/static_analyzer.py
index 9597b037da..d7a15860b5 100755
--- a/mobsf/StaticAnalyzer/views/android/static_analyzer.py
+++ b/mobsf/StaticAnalyzer/views/android/static_analyzer.py
@@ -132,12 +132,9 @@ def static_analyzer(request, checksum, api=False):
                 api)
         typ = robj[0].SCAN_TYPE
         filename = robj[0].FILE_NAME
-        allowed_exts = (
-            '.apk', '.xapk', '.zip', '.apks',
-            '.aab', '.jar', '.aar', '.so')
-        allowed_typ = [i.replace('.', '') for i in allowed_exts]
+        allowed_exts = tuple(f'.{i}' for i in settings.ANDROID_EXTS)
         if (not filename.lower().endswith(allowed_exts)
-                or typ not in allowed_typ):
+                or typ not in settings.ANDROID_EXTS):
             return print_n_send_error_response(
                 request,
                 'Invalid file extension or file type',
diff --git a/mobsf/StaticAnalyzer/views/common/shared_func.py b/mobsf/StaticAnalyzer/views/common/shared_func.py
index c1f1e14b53..a8c90bd854 100755
--- a/mobsf/StaticAnalyzer/views/common/shared_func.py
+++ b/mobsf/StaticAnalyzer/views/common/shared_func.py
@@ -411,12 +411,12 @@ def scan_library(request, checksum):
             return print_n_send_error_response(request, msg)
         with open(sfile, 'rb') as f:
             libchecksum = handle_uploaded_file(f, ext)
-        if ext in ('.ipa', '.dylib', '.a'):
+        if ext in [f'.{i}' for i in settings.IOS_EXTS]:
             static_analyzer = 'static_analyzer_ios'
         elif ext == '.appx':
             # Not applicable, but still set it
             static_analyzer = 'windows_static_analyzer'
-        elif ext in ('.zip', '.so', '.jar', '.aar', '.apk', '.xapk'):
+        elif ext in [f'.{i}' for i in settings.ANDROID_EXTS]:
             static_analyzer = 'static_analyzer'
         else:
             msg = 'Extension not supported'
diff --git a/mobsf/StaticAnalyzer/views/ios/static_analyzer.py b/mobsf/StaticAnalyzer/views/ios/static_analyzer.py
index c4e4bea4c7..638c880217 100755
--- a/mobsf/StaticAnalyzer/views/ios/static_analyzer.py
+++ b/mobsf/StaticAnalyzer/views/ios/static_analyzer.py
@@ -105,10 +105,11 @@ def static_analyzer_ios(request, checksum, api=False):
         if file_type == 'dylib' and not Path(filename).suffix:
             # Force dylib extension on Frameworks
             filename = f'{filename}.dylib'
-        allowed_exts = ('ios', '.ipa', '.zip', '.dylib', '.a')
-        allowed_typ = [i.replace('.', '') for i in allowed_exts]
+        ios_exts = tuple(f'.{i}' for i in settings.IOS_EXTS)
+        allowed_exts = ios_exts + ('.zip', 'ios')
+        allowed_types = settings.IOS_EXTS + ('zip', 'ios')
         if (not filename.lower().endswith(allowed_exts)
-                or file_type not in allowed_typ):
+                or file_type not in allowed_types):
             return print_n_send_error_response(
                 request,
                 'Invalid file extension or file type',
diff --git a/mobsf/StaticAnalyzer/views/windows/windows.py b/mobsf/StaticAnalyzer/views/windows/windows.py
index 98697105df..97e11a202e 100755
--- a/mobsf/StaticAnalyzer/views/windows/windows.py
+++ b/mobsf/StaticAnalyzer/views/windows/windows.py
@@ -91,7 +91,7 @@ def staticanalyzer_windows(request, checksum, api=False):
                 api)
         typ = robj[0].SCAN_TYPE
         filename = robj[0].FILE_NAME
-        if typ != 'appx':
+        if typ not in settings.WINDOWS_EXTS:
             return print_n_send_error_response(
                 request,
                 'File type not supported',