fundacaocerti / mobsf-action Goto Github PK

View Code? Open in Web Editor NEW

25.0 4.0 23.0 33 KB

GitHub Actions for MobSF

License: GNU General Public License v3.0

Dockerfile 21.93% Shell 78.07%

mobsf-action's Introduction

GitHub Actions for MobSF

This Action for MobSF enables MobSF analysis actions using the MobSF docker.

Inputs

INPUT_FILE_NAME - Required - The input fila path to be analysed
SCAN_TYPE - Required - the scan type: apk, zip, ipa, or appx
OUTPUT_FILE_NAME - Required - the output file path (will output two files, the first with extension .json and the second .pdf)

Example

To build a Flutter project with MobSF Analysis:

name: Build and Deploy
on:
  push:
    branches:
      - master

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repo
        uses: actions/checkout@master

      - name: Set-up Java
        uses: actions/setup-java@v1
        with:
          java-version: '12.x'

      - name: Set-up Flutter
        uses: subosito/flutter-action@v1
        with:
          flutter-version: '1.9.1+hotfix.6'

      - name: Flutter Install Dependencies
      - run: flutter pub get

      - name: Flutter Test
        run: flutter test

      - name: Flutter Build
        run: flutter build apk

      - name: Run MobSF Analysis
        uses: fundacaocerti/[email protected]
        env:
          INPUT_FILE_NAME: build/app/outputs/apk/app.apk
          SCAN_TYPE: apk
          OUTPUT_FILE_NAME: mobsf-report

      - name: Upload MobSF Analysis PDF Result
        uses: actions/upload-artifact@v2
        with:
          name: mobsf-report.pdf
          path: mobsf-report.pdf

      - name: Upload MobSF Analysis JSON Result
        uses: actions/upload-artifact@v2
        with:
          name: mobsf-report.json
          path: mobsf-report.json

Alternatively:

        with:
          SCAN_TYPE: ipa

Thanks @ajinabraham for the support on troubleshooting this development.

License

The Dockerfile and associated scripts and documentation in this project are released under the GPL-3.0.

mobsf-action's People

Contributors

Stargazers

Watchers

mobsf-action's Issues

Versions 1.5, 1.6 and 1.7.1 do not work. Is there a confirmed working version of this action?

I'm trying to use this action but it just doesn't work. All versions I tried fail for a reason or another.
Version 1.5 fails with this error:

  Reading package lists...
  E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
  The command '/bin/sh -c apt-get update -y &&   apt-get install -y curl jq' returned a non-zero code: 100
  
Error: Docker build failed with exit code 100

Version 1.6 fails with this error:

  Reading package lists...
  E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
  The command '/bin/sh -c apt-get update -y &&   apt-get install -y curl jq' returned a non-zero code: 100
  
Error: Docker build failed with exit code 100

Version 1.7.1 fails with this error:

[2022-01-29 13:20:19 +0000] [15] [INFO] Booting worker with pid: 15
Creating MobSF Home Directory
Traceback (most recent call last):
  File "/home/mobsf/Mobile-Security-Framework-MobSF/mobsf/MobSF/init.py", line 111, in get_mobsf_home
    os.makedirs(mobsf_home)
  File "/usr/lib/python3.8/os.py", line 223, in makedirs
    mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/github/home/.MobSF'
Error: 1-29 13:20:19 +0000] [15] [ERROR] Exception in worker process
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/gunicorn/arbiter.py", line 589, in spawn_worker
    worker.init_process()
  File "/usr/local/lib/python3.8/dist-packages/gunicorn/workers/gthread.py", line 92, in init_process
    super().init_process()
  File "/usr/local/lib/python3.8/dist-packages/gunicorn/workers/base.py", line 134, in init_process
    self.load_wsgi()
  File "/usr/local/lib/python3.8/dist-packages/gunicorn/workers/base.py", line 146, in load_wsgi
    self.wsgi = self.app.wsgi()

The workflow code is available here:
https://github.com/leinardi/Forlago/blob/master/.github/workflows/mobsf.yml

Issue generating pdf

Hi,

getting error generating and uploading pdf , below is error and few lines from the log

   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0[INFO] 13/Apr/2021 14:09:37 - 
API Key read from environment variable
[INFO] 13/Apr/2021 14:09:37 - Fetching data from DB for PDF Report Generation (Android)
[INFO] 13/Apr/2021 14:09:37 - Analysis is already Done. Fetching data from the DB...
[INFO] 13/Apr/2021 14:09:38 - Generating PDF report for android apk

100  738k    0  738k  100    37  1133k     56 --:--:-- --:--:-- --:--:-- 1133k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0[INFO] 13/Apr/2021 14:09:38 - 
API Key read from environment variable
[INFO] 13/Apr/2021 14:09:38 - Fetching data from DB for PDF Report Generation (Android)
[INFO] 13/Apr/2021 14:09:38 - Analysis is already Done. Fetching data from the DB...
[/api/v1/report_json] Generate the json report
[/api/v1/report_json] JSON report generated
[/api/v1/download_pdf] Generate the PDF report

100    37    0     0  100    37      0    180 --:--:-- --:--:-- --:--:--   179[INFO] 13/Apr/2021 14:09:38 - Generating PDF report for android apk

100    37    0     0  100    37      0     30  0:00:01  0:00:01 --:--:--    30
100    37    0     0  100    37      0     16  0:00:02  0:00:02 --:--:--    16
100 83644    0 83607  100    37  32094     14  0:00:02  0:00:02 --:--:-- 32096
[/api/v1/download_pdf] PDF report generated
[/api/v1/delete_scan] Remove analysis from MobSF server
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0[INFO] 13/Apr/2021 14:09:41 - 
API Key read from environment variable


Error occurred while creating file for class Lcom/google/zxing/common/detector/MathUtils;
java.io.IOException: No such file or directory
	at java.base/java.io.UnixFileSystem.createFileExclusively(Native Method)
	at java.base/java.io.File.createNewFile(File.java:1024)
	at org.jf.util.ClassFileNameHandler$FileEntry.createIfNeeded(ClassFileNameHandler.java:438)
	at org.jf.util.ClassFileNameHandler$FileSystemEntry.setSuffix(ClassFileNameHandler.java:290)
	at org.jf.util.ClassFileNameHandler$DirectoryEntry.addChild(ClassFileNameHandler.java:347)
	at org.jf.util.ClassFileNameHandler.addUniqueChild(ClassFileNameHandler.java:140)
	at org.jf.util.ClassFileNameHandler.addUniqueChild(ClassFileNameHandler.java:151)
	at org.jf.util.ClassFileNameHandler.addUniqueChild(ClassFileNameHandler.java:151)
	at org.jf.util.ClassFileNameHandler.addUniqueChild(ClassFileNameHandler.java:151)
	at org.jf.util.ClassFileNameHandler.addUniqueChild(ClassFileNameHandler.java:151)
	at org.jf.util.ClassFileNameHandler.addUniqueChild(ClassFileNameHandler.java:151)
	at org.jf.util.ClassFileNameHandler.getUniqueFilenameForClass(ClassFileNameHandler.java:132)
	at org.jf.baksmali.Baksmali.disassembleClass(Baksmali.java:123)
	at org.jf.baksmali.Baksmali.access$000(Baksmali.java:46)
	at org.jf.baksmali.Baksmali$1.call(Baksmali.java:76)
	at org.jf.baksmali.Baksmali$1.call(Baksmali.java:74)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:835)


Error occurred while creating file for class Lcom/google/zxing/common/detector/WhiteRectangleDetector;
java.io.IOException: No such file or directory
	at java.base/java.io.UnixFileSystem.createFileExclusively(Native Method)
	at java.base/java.io.File.createNewFile(File.java:1024)
	at org.jf.util.ClassFileNameHandler$FileEntry.createIfNeeded(ClassFileNameHandler.java:438)
	at org.jf.util.ClassFileNameHandler$FileSystemEntry.setSuffix(ClassFileNameHandler.java:290)
	at org.jf.util.ClassFileNameHandler$DirectoryEntry.addChild(ClassFileNameHandler.java:347)
	at org.jf.util.ClassFileNameHandler.addUniqueChild(ClassFileNameHandler.java:140)
	at org.jf.util.ClassFileNameHandler.addUniqueChild(ClassFileNameHandler.java:151)
	at org.jf.util.ClassFileNameHandler.addUniqueChild(ClassFileNameHandler.java:151)
	at org.jf.util.ClassFileNameHandler.addUniqueChild(ClassFileNameHandler.java:151)
	at org.jf.util.ClassFileNameHandler.addUniqueChild(ClassFileNameHandler.java:151)
	at org.jf.util.ClassFileNameHandler.addUniqueChild(ClassFileNameHandler.java:151)
	at org.jf.util.ClassFileNameHandler.getUniqueFilenameForClass(ClassFileNameHandler.java:132)
	at org.jf.baksmali.Baksmali.disassembleClass(Baksmali.java:123)
	at org.jf.baksmali.Baksmali.access$000(Baksmali.java:46)
	at org.jf.baksmali.Baksmali$1.call(Baksmali.java:76)
	at org.jf.baksmali.Baksmali$1.call(Baksmali.java:74)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:835)
[ERROR] 13/Apr/2021 14:09:41 - [Errno 39] Directory not empty: 'zxing'
[ERROR] 13/Apr/2021 14:09:41 - Internal Server Error: /api/v1/delete_scan

{"error": "[Errno 39] Directory not empty: 'zxing'"}[/api/v1/delete_scan] Analysis removed
100    89    0    52  100    37    154    109 --:--:-- --:--:-- --:--:--   264

I am using below steps


      - name: Run  MobSF Analysis scanning 
        uses: inm-certi/[email protected]
        env:
          INPUT_FILE_NAME: platforms/android/app/build/outputs/apk/release/app-release-unsigned-signed.apk
          SCAN_TYPE: apk
          OUTPUT_FILE_NAME: mobsf-report

      - name: Upload MobSF Analysis Result
        uses: actions/upload-artifact@v2
        with:
          name: mobsf-report.pdf
          path: reports/mobsf-report.pdf

      - name: Upload MobSF Analysis JSON Result
        uses: actions/upload-artifact@v2
        with:
          name: mobsf-report.json
          path: reports/mobsf-report.json

Looks like remove analysis didn't worked, but reports were not uploaded

Unable to perform an scan using Github Actions - No module named 'MobSF'

Hello,
since around 1 month we are unable to perform a scan of our code. Looks like gunicorn is unable to start a thread throwing "No module named 'MobSF'" error. Below you can find output.

`[2021-02-12 09:16:08 +0000] [47] [INFO] Starting gunicorn 20.0.4
[2021-02-12 09:16:08 +0000] [47] [INFO] Listening at: http://127.0.0.1:8000 (47)
[2021-02-12 09:16:08 +0000] [47] [INFO] Using worker: threads
[2021-02-12 09:16:08 +0000] [50] [INFO] Booting worker with pid: 50
Error: 2-12 09:16:08 +0000] [50] [ERROR] Exception in worker process
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/gunicorn/arbiter.py", line 583, in spawn_worker
worker.init_process()
File "/usr/local/lib/python3.8/dist-packages/gunicorn/workers/gthread.py", line 92, in init_process
super().init_process()
File "/usr/local/lib/python3.8/dist-packages/gunicorn/workers/base.py", line 119, in init_process
self.load_wsgi()
File "/usr/local/lib/python3.8/dist-packages/gunicorn/workers/base.py", line 144, in load_wsgi
self.wsgi = self.app.wsgi()
File "/usr/local/lib/python3.8/dist-packages/gunicorn/app/base.py", line 67, in wsgi
self.callable = self.load()
File "/usr/local/lib/python3.8/dist-packages/gunicorn/app/wsgiapp.py", line 49, in load
return self.load_wsgiapp()
File "/usr/local/lib/python3.8/dist-packages/gunicorn/app/wsgiapp.py", line 39, in load_wsgiapp
return util.import_app(self.app_uri)
File "/usr/local/lib/python3.8/dist-packages/gunicorn/util.py", line 358, in import_app
mod = importlib.import_module(module)
File "/usr/lib/python3.8/importlib/init.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 961, in _find_and_load_unlocked
File "", line 219, in _call_with_frames_removed
File "", line 1014, in _gcd_import
File "", line 991, in _find_and_load
File "", line 973, in _find_and_load_unlocked
ModuleNotFoundError: No module named 'MobSF'
[2021-02-12 09:16:08 +0000] [50] [INFO] Worker exiting (pid: 50)
[2021-02-12 09:16:08 +0000] [47] [INFO] Shutting down: Master
[2021-02-12 09:16:08 +0000] [47] [INFO] Reason: Worker failed to boot.
[/api/v1/upload] Upload the app to MobSF
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (7) Failed to connect to localhost port 8000: Connection refused`

Do you have any idea what might be causing this error?

How come you haven't published 1.6 as a release?

Running mobsf-action in Github actions pipelines fails

Hello,
I'm trying to run mobsf-action in Github actions pipeline on MacOS host machine but failing with following logs:

Run fundacaocerti/[email protected]
  env:
    INPUT_FILE_NAME: /path/to/apk.apk
    SCAN_TYPE: apk
    OUTPUT_FILE_NAME: mobsf-report
Error: Container action is only supported on Linux

Just wanted to make sure if action is not supporting MacOS machine or am I missing something?

Error while setting up container (Permission Denied)

Hi the container cannot build successfully. Please see the trace below:

Build container for action use: '/home/runner/work/_actions/fundacaocerti/mobsf-action/v1.6/Dockerfile'.
  /usr/bin/docker build -t 905b62:6f29436ac0fa4291a17ddff59f0f4e96 -f "/home/runner/work/_actions/fundacaocerti/mobsf-action/v1.6/Dockerfile" "/home/runner/work/_actions/fundacaocerti/mobsf-action/v1.6"
  Sending build context to Docker daemon  45.57kB
  
  Step 1/14 : FROM opensecurity/mobile-security-framework-mobsf
  latest: Pulling from opensecurity/mobile-security-framework-mobsf
  7b1a6ab2e44d: Already exists
  df6ce5148fe4: Pulling fs layer
  8d85ee498aa5: Pulling fs layer
  fe7e9bca3e73: Pulling fs layer
  f1efe1498947: Pulling fs layer
  9ab78c09fa60: Pulling fs layer
  61b0029a2470: Pulling fs layer
  eb430f67fce1: Pulling fs layer
  6b7959c4838a: Pulling fs layer
  1feebe05a56c: Pulling fs layer
  ac2aa6759c85: Pulling fs layer
  fece970a5674: Pulling fs layer
  a0ccbe44b78c: Pulling fs layer
  f57677a00ad0: Pulling fs layer
  f1efe1498947: Waiting
  9ab78c09fa60: Waiting
  61b0029a2470: Waiting
  eb430f67fce1: Waiting
  6b7959c4838a: Waiting
  1feebe05a56c: Waiting
  f57677a00ad0: Waiting
  ac2aa6759c85: Waiting
  fece970a5674: Waiting
  a0ccbe44b78c: Waiting
  8d85ee498aa5: Verifying Checksum
  8d85ee498aa5: Download complete
  fe7e9bca3e73: Verifying Checksum
  fe7e9bca3e73: Download complete
  9ab78c09fa60: Verifying Checksum
  9ab78c09fa60: Download complete
  61b0029a2470: Verifying Checksum
  61b0029a2470: Download complete
  eb430f67fce1: Verifying Checksum
  eb430f67fce1: Download complete
  df6ce5148fe4: Verifying Checksum
  df6ce5148fe4: Download complete
  1feebe05a56c: Verifying Checksum
  1feebe05a56c: Download complete
  ac2aa6759c85: Verifying Checksum
  ac2aa6759c85: Download complete
  6b7959c4838a: Verifying Checksum
  6b7959c4838a: Download complete
  fece970a5674: Verifying Checksum
  fece970a5674: Download complete
  a0ccbe44b78c: Verifying Checksum
  a0ccbe44b78c: Download complete
  f57677a00ad0: Verifying Checksum
  f57677a00ad0: Download complete
  f1efe1498947: Verifying Checksum
  f1efe1498947: Download complete
  df6ce5148fe4: Pull complete
  8d85ee498aa5: Pull complete
  fe7e9bca3e73: Pull complete
  f1efe1498947: Pull complete
  9ab78c09fa60: Pull complete
  61b0029a2470: Pull complete
  eb430f67fce1: Pull complete
  6b7959c4838a: Pull complete
  1feebe05a56c: Pull complete
  ac2aa6759c85: Pull complete
  fece970a5674: Pull complete
  a0ccbe44b78c: Pull complete
  f57677a00ad0: Pull complete
  Digest: sha256:05e8e41184766a6083c509d04887537c778138484c3494fd868b895e7d47536d
  Status: Downloaded newer image for opensecurity/mobile-security-framework-mobsf:latest
   ---> cea1aba56017
  Step 2/14 : LABEL version="1.0.0"
   ---> Running in 1cbf755fd943
  Removing intermediate container 1cbf755fd943
   ---> 9426e38fb01d
  Step 3/14 : LABEL repository="https://github.com/inm-certi/mobsf-action"
   ---> Running in 7abed7c38758
  Removing intermediate container 7abed7c38758
   ---> cbbb2ba081e6
  Step 4/14 : LABEL homepage="https://github.com/inm-certi/mobsf-action"
   ---> Running in 324ab02c11e9
  Removing intermediate container 324ab02c11e9
   ---> 6ac0ee19637d
  Step 5/14 : LABEL maintainer="Ian Koerich Maciel <[email protected]>"
   ---> Running in 80e1f4f17a12
  Removing intermediate container 80e1f4f17a12
   ---> 878c83fb8880
  Step 6/14 : LABEL com.github.actions.name="GitHub Action for MobSF"
   ---> Running in 87651ce2906f
  Removing intermediate container 87651ce2906f
   ---> 49309bfcab40
  Step 7/14 : LABEL com.github.actions.description="Wraps the MobSF docker to enable common commands."
   ---> Running in d16b4aa49e12
  Removing intermediate container d16b4aa49e12
   ---> 1fdaeaa15249
  Step 8/14 : LABEL com.github.actions.icon="package"
   ---> Running in 3b03cb145127
  Removing intermediate container 3b03cb145127
   ---> 8a0e63939a30
  Step 9/14 : LABEL com.github.actions.color="gray-dark"
   ---> Running in 2cd280ecdb03
  Removing intermediate container 2cd280ecdb03
   ---> 99688177df20
  Step 10/14 : RUN apt-get update -y &&   apt-get install -y curl jq
   ---> Running in f6022be44d13
  Reading package lists...
  E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)

Latest Action

Hello Team

When attempting run the latest action I get:
"docker: Error response from daemon: unable to find user mobsf: no matching entries in passwd file."

Perhaps the user in the docker image changed again?

Full step output:

Run fundacaocerti/[email protected].[2]
env:
JAVA_HOME_12.0.2_x64: /opt/hostedtoolcache/jdk/12.0.2/x64
JAVA_HOME: /opt/hostedtoolcache/jdk/12.0.2/x64
JAVA_HOME_12_0_2_X64: /opt/hostedtoolcache/jdk/12.0.2/x64
INPUT_FILE_NAME: build/app/outputs/apk/app.apk
SCAN_TYPE: apk
OUTPUT_FILE_NAME: mobsf-report
/usr/bin/docker run --name f155486fde8f45edb49c993ff06cde7e0c710_0e71e8 --label 6f1554 --workdir /github/workspace --rm -e JAVA_HOME_12.0.2_x64 -e JAVA_HOME -e JAVA_HOME_12_0_2_X64 -e INPUT_FILE_NAME -e SCAN_TYPE -e OUTPUT_FILE_NAME -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_RUN_ATTEMPT -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_REF_NAME -e GITHUB_REF_PROTECTED -e GITHUB_REF_TYPE -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e GITHUB_STEP_SUMMARY -e RUNNER_OS -e RUNNER_ARCH -e RUNNER_NAME -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/emc-KeyAttestation/emc-KeyAttestation":"/github/workspace" 6f1554:86fde8f45edb49c993ff06cde7e0c710
docker: Error response from daemon: unable to find user mobsf: no matching entries in passwd file.

unable to find user mobsf: no matching entries in passwd file

Receiving this error when try to run with .apk file

[Build App locally and run security analysis/security-test2] failed to start container: Error response from daemon: unable to find user mobsf: no matching entries in passwd file

security-test:
    runs-on: ubuntu-latest
    
    steps:
      - name: Run MobSF Analysis
        uses: fundacaocerti/[email protected]
        env:
          INPUT_FILE_NAME: ./TonomyID.apk
          SCAN_TYPE: apk
          OUTPUT_FILE_NAME: mobsf-report

Internal Server Error: /api/v1/scan

Hi everyone! I'm try to use mobsf github action workflow on self-hosted runner and have some error's. Could help me please with resolving of this error's?

Run 96f53da

env:

INPUT_FILE_NAME: /runner/_work/*NDA*

SCAN_TYPE: apk

OUTPUT_FILE_NAME: mobsf-report

/usr/local/bin/docker run --name e22689a8968ce8f24dafb05394106afbf671_af99d8 --label 60e226 --workdir /github/workspace --rm -e "INPUT_FILE_NAME" -e "SCAN_TYPE" -e "OUTPUT_FILE_NAME" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_EVENT_PATH" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "GITHUB_ACTION" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/runner/_work/_temp/_github_home":"/github/home" -v "/runner/_work/_temp/_github_workflow":"/github/workflow" -v "/runner/_work/_temp/_runner_file_commands":"/github/file_commands" -v "/runner/_work/NDA":"/github/workspace" 60e226:89a8968ce8f24dafb05394106afbf671

[2023-09-14 16:15:37 +0000] [46] [INFO] Starting gunicorn 21.2.0

[2023-09-14 16:15:37 +0000] [46] [INFO] Listening at: http://127.0.0.1:8000/ (46)

[2023-09-14 16:15:37 +0000] [46] [INFO] Using worker: gthread

[2023-09-14 16:15:37 +0000] [48] [INFO] Booting worker with pid: 48

[/api/v1/upload] Upload the app to MobSF

% Total % Received % Xferd Average Speed Time Time Time Current

                             Dload  Upload   Total   Spent    Left  Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0[INFO] 14/Sep/2023 16:15:39 -

API Key read from environment variable

100 306 0 0 100 306 0 254 0:00:01 0:00:01 --:--:-- 254[INFO] 14/Sep/2023 16:15:40 -

| / | ___ | |__/ || | | /| |

| |/| |/ _ | '_ ___ | |_ \ \ / / |_ \ / /

| | | | () | |) |__) | _| \ V / ___) | / /

|| ||_/|_.//|| _/ |()_/

[INFO] 14/Sep/2023 16:15:40 - Mobile Security Framework v3.7.8 Beta

[INFO] 14/Sep/2023 16:15:40 -

API Key read from environment variable

[INFO] 14/Sep/2023 16:15:40 - OS: Linux

REST API Key: 5UGTAUrZYC8iazyOImeb9fTMpt7JfNlUDLPiHEsCRCRHu6ucWBIMm1exR9szgACa

[INFO] 14/Sep/2023 16:15:40 - Platform: Linux-5.10.162+-x86_64-with-glibc2.35

[INFO] 14/Sep/2023 16:15:40 - Dist: ubuntu 22.04 Jammy Jellyfish

[INFO] 14/Sep/2023 16:15:40 - MobSF Basic Environment Check

Warning: 14/Sep/2023 16:15:40 - Bad Request: /api/v1/upload

100 345 0 39 100 306 30 237 0:00:01 0:00:01 --:--:-- 268

[/api/v1/upload] Received: FILE_NAME=null, HASH=null, SCAN_TYPE=null

[/api/v1/scan] Start the scan

% Total % Received % Xferd Average Speed Time Time Time Current

                             Dload  Upload   Total   Spent    Left  Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0[INFO] 14/Sep/2023 16:15:40 -

API Key read from environment variable

Error: 14/Sep/2023 16:15:40 - Internal Server Error: /api/v1/scan

100 68 0 29 100 39 9125 12271 --:--:-- --:--:-- --:--:-- 22666

{"error": "Invalid Checksum"}[/api/v1/scan] Scan finisehd

[/api/v1/report_json] Generate the json report

% Total % Received % Xferd Average Speed Time Time Time Current

                             Dload  Upload   Total   Spent    Left  Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0[INFO] 14/Sep/2023 16:15:40 -

API Key read from environment variable

Warning: 14/Sep/2023 16:15:40 - Bad Request: /api/v1/report_json

100 39 0 30 100 9 9149 2744 --:--:-- --:--:-- --:--:-- 13000

[/api/v1/report_json] JSON report generated

[/api/v1/download_pdf] Generate the PDF report

% Total % Received % Xferd Average Speed Time Time Time Current

                             Dload  Upload   Total   Spent    Left  Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0[INFO] 14/Sep/2023 16:15:40 -

API Key read from environment variable

Warning: 14/Sep/2023 16:15:40 - Bad Request: /api/v1/download_pdf

100 39 0 30 100 9 9986 2996 --:--:-- --:--:-- --:--:-- 19500

[/api/v1/download_pdf] PDF report generated

[/api/v1/delete_scan] Remove analysis from MobSF server

% Total % Received % Xferd Average Speed Time Time Time Current

                             Dload  Upload   Total   Spent    Left  Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0[INFO] 14/Sep/2023 16:15:40 -

API Key read from environment variable

100 43 0 34 100 9 12381 3277 --:--:-- --:--:-- --:--:-- 21500

{"deleted": "scan hash not found"}[/api/v1/delete_scan] Analysis removed

Error in ReadMe

Hi,

Can i check if there is any error written in the ReadMe?

It stated "To authenticate with Firebase, and deploy to Firebase Hosting:" at the header for the example. I think it should be building of "To build an flutter project with MobSF Analysis"

Thanks for the hard work on the Github Action.

INPUT_FILE_NAME is required to run MobSF action

Error output: INPUT_FILE_NAME is required to run MobSF action. (INPUT_FILE_NAME = /tmp/src_code.zip)

Command:

- name: Run MobSF Analysis
   uses: inm-certi/[email protected]
      env:
        INPUT_FILE_NAME: /tmp/src_code.zip
        SCAN_TYPE: zip
        OUTPUT_FILE_NAME: mobsf-report

File /tmp/src_code.zip does exist and still the scan is failed.

Version 1.7.1 - permission denied during scan

Thank you for fixing the permission denied error when building the container, but now I am getting the following error when trying to scan the IPA:

2022-01-10T22:37:00.0140487Z Creating MobSF Home Directory
2022-01-10T22:37:00.0141096Z Traceback (most recent call last):
2022-01-10T22:37:00.0142730Z   File "/home/mobsf/Mobile-Security-Framework-MobSF/mobsf/MobSF/init.py", line 111, in get_mobsf_home
2022-01-10T22:37:00.0143648Z     os.makedirs(mobsf_home)
2022-01-10T22:37:00.0144239Z   File "/usr/lib/python3.8/os.py", line 223, in makedirs
2022-01-10T22:37:00.0144786Z     mkdir(name, mode)
2022-01-10T22:37:00.0145636Z PermissionError: [Errno 13] Permission denied: '/github/home/.MobSF'
2022-01-10T22:37:00.0184445Z [2022-01-10 22:37:00 +0000] [17] [ERROR] Exception in worker process

My GitHub action:

 name: MobSF (scan IPA)

 on: [push,pull_request]

 jobs:
   build:
     name: Scan
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repo
         uses: actions/checkout@master
      
       - name: Run MobSF Analysis
         uses: fundacaocerti/[email protected]
         env:
           INPUT_FILE_NAME: test.ipa
           SCAN_TYPE: ipa
           OUTPUT_FILE_NAME: mobsf-report

       - name: Upload MobSF Analysis PDF Result
         uses: actions/upload-artifact@v2
         with:
           name: mobsf-report.pdf
           path: mobsf-report.pdf

       - name: Upload MobSF Analysis JSON Result
         uses: actions/upload-artifact@v2
         with:
           name: mobsf-report.json
           path: mobsf-report.json

Full log:

2022-01-10T22:36:59.2337133Z ##[group]Run fundacaocerti/[email protected]
2022-01-10T22:36:59.2337623Z env:
2022-01-10T22:36:59.2339750Z   INPUT_FILE_NAME: test.ipa
2022-01-10T22:36:59.2340164Z   SCAN_TYPE: ipa
2022-01-10T22:36:59.2340588Z   OUTPUT_FILE_NAME: mobsf-report
2022-01-10T22:36:59.2340999Z ##[endgroup]
2022-01-10T22:36:59.2376218Z ##[command]/usr/bin/docker run --name a6825d6b300c280654890b043b7c7f5d32230_69d155 --label 6a6825 --workdir /github/workspace --rm -e INPUT_FILE_NAME -e SCAN_TYPE -e OUTPUT_FILE_NAME -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_RUN_ATTEMPT -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_REF_NAME -e GITHUB_REF_PROTECTED -e GITHUB_REF_TYPE -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_ARCH -e RUNNER_NAME -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/iOS-Conf-Training/iOS-Conf-Training":"/github/workspace" 6a6825:d6b300c280654890b043b7c7f5d32230
2022-01-10T22:36:59.8834534Z [2022-01-10 22:36:59 +0000] [14] [INFO] Starting gunicorn 20.1.0
2022-01-10T22:36:59.8840681Z [2022-01-10 22:36:59 +0000] [14] [INFO] Listening at: http://127.0.0.1:8000 (14)
2022-01-10T22:36:59.8841555Z [2022-01-10 22:36:59 +0000] [14] [INFO] Using worker: gthread
2022-01-10T22:36:59.8895266Z [2022-01-10 22:36:59 +0000] [17] [INFO] Booting worker with pid: 17
2022-01-10T22:37:00.0140487Z Creating MobSF Home Directory
2022-01-10T22:37:00.0141096Z Traceback (most recent call last):
2022-01-10T22:37:00.0142730Z   File "/home/mobsf/Mobile-Security-Framework-MobSF/mobsf/MobSF/init.py", line 111, in get_mobsf_home
2022-01-10T22:37:00.0143648Z     os.makedirs(mobsf_home)
2022-01-10T22:37:00.0144239Z   File "/usr/lib/python3.8/os.py", line 223, in makedirs
2022-01-10T22:37:00.0144786Z     mkdir(name, mode)
2022-01-10T22:37:00.0145636Z PermissionError: [Errno 13] Permission denied: '/github/home/.MobSF'
2022-01-10T22:37:00.0184445Z [2022-01-10 22:37:00 +0000] [17] [ERROR] Exception in worker process
2022-01-10T22:37:00.0185058Z Traceback (most recent call last):
2022-01-10T22:37:00.0186062Z   File "/usr/local/lib/python3.8/dist-packages/gunicorn/arbiter.py", line 589, in spawn_worker
2022-01-10T22:37:00.0186806Z     worker.init_process()
2022-01-10T22:37:00.0187816Z   File "/usr/local/lib/python3.8/dist-packages/gunicorn/workers/gthread.py", line 92, in init_process
2022-01-10T22:37:00.0188610Z     super().init_process()
2022-01-10T22:37:00.0189561Z   File "/usr/local/lib/python3.8/dist-packages/gunicorn/workers/base.py", line 134, in init_process
2022-01-10T22:37:00.0190292Z     self.load_wsgi()
2022-01-10T22:37:00.0191199Z   File "/usr/local/lib/python3.8/dist-packages/gunicorn/workers/base.py", line 146, in load_wsgi
2022-01-10T22:37:00.0191977Z     self.wsgi = self.app.wsgi()
2022-01-10T22:37:00.0192898Z   File "/usr/local/lib/python3.8/dist-packages/gunicorn/app/base.py", line 67, in wsgi
2022-01-10T22:37:00.0193635Z     self.callable = self.load()
2022-01-10T22:37:00.0194593Z   File "/usr/local/lib/python3.8/dist-packages/gunicorn/app/wsgiapp.py", line 58, in load
2022-01-10T22:37:00.0195330Z     return self.load_wsgiapp()
2022-01-10T22:37:00.0196318Z   File "/usr/local/lib/python3.8/dist-packages/gunicorn/app/wsgiapp.py", line 48, in load_wsgiapp
2022-01-10T22:37:00.0197121Z     return util.import_app(self.app_uri)
2022-01-10T22:37:00.0198389Z   File "/usr/local/lib/python3.8/dist-packages/gunicorn/util.py", line 359, in import_app
2022-01-10T22:37:00.0199202Z     mod = importlib.import_module(module)
2022-01-10T22:37:00.0199911Z   File "/usr/lib/python3.8/importlib/__init__.py", line 127, in import_module
2022-01-10T22:37:00.0200685Z     return _bootstrap._gcd_import(name[level:], package, level)
2022-01-10T22:37:00.0201420Z   File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
2022-01-10T22:37:00.0202141Z   File "<frozen importlib._bootstrap>", line 991, in _find_and_load
2022-01-10T22:37:00.0202908Z   File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
2022-01-10T22:37:00.0203669Z   File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
2022-01-10T22:37:00.0204452Z   File "<frozen importlib._bootstrap_external>", line 848, in exec_module
2022-01-10T22:37:00.0205260Z   File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
2022-01-10T22:37:00.0206558Z   File "/home/mobsf/Mobile-Security-Framework-MobSF/mobsf/MobSF/wsgi.py", line 16, in <module>
2022-01-10T22:37:00.0207437Z     from . import settings
2022-01-10T22:37:00.0208603Z   File "/home/mobsf/Mobile-Security-Framework-MobSF/mobsf/MobSF/settings.py", line 32, in <module>
2022-01-10T22:37:00.0209787Z     DWD_DIR = os.path.join(MobSF_HOME, 'downloads/')
2022-01-10T22:37:00.0210461Z   File "/usr/lib/python3.8/posixpath.py", line 76, in join
2022-01-10T22:37:00.0211183Z     a = os.fspath(a)
2022-01-10T22:37:00.0211832Z TypeError: expected str, bytes or os.PathLike object, not NoneType
2022-01-10T22:37:00.0212745Z [2022-01-10 22:37:00 +0000] [17] [INFO] Worker exiting (pid: 17)
2022-01-10T22:37:00.0651559Z [2022-01-10 22:37:00 +0000] [14] [INFO] Shutting down: Master
2022-01-10T22:37:00.0652300Z [2022-01-10 22:37:00 +0000] [14] [INFO] Reason: Worker failed to boot.
2022-01-10T22:37:01.7258307Z [/api/v1/upload] Upload the app to MobSF
2022-01-10T22:37:01.7346025Z   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
2022-01-10T22:37:01.7346727Z                                  Dload  Upload   Total   Spent    Left  Speed
2022-01-10T22:37:01.7347065Z 
2022-01-10T22:37:01.7356287Z   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
2022-01-10T22:37:01.7356940Z   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
2022-01-10T22:37:01.7357529Z curl: (7) Failed to connect to localhost port 8000: Connection refused

fundacaocerti / mobsf-action Goto Github PK

mobsf-action's Introduction

GitHub Actions for MobSF

Inputs

Example

License

mobsf-action's People

Contributors

Stargazers

Watchers

Forkers

mobsf-action's Issues

Recommend Projects

Recommend Topics

Recommend Org