search

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
https://opensecurity.in
GNU General Public License v3.0
17.18k stars 3.22k forks source link

Inappropriate argument type. 'NoneType' object is not subscriptable #1106

Closed haruncetin closed 5 years ago

haruncetin commented 5 years ago

ENVIRONMENT

OS and Version: Kali Linux 2018.4
Python Version: Python 3.7
MobSF Version: 2.0.0.Beta

EXPLANATION OF THE ISSUE

The problem occured after an apk file uploaded for analyze.

STEPS TO REPRODUCE THE ISSUE

1. Dragged apk to upload area or clicked upload button

LOG FILE

[ERROR] 03/Oct/2019 07:31:21 - Saving to DB
Traceback (most recent call last):
  File "/home/pc/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/db_interaction.py", line 255, in create_db_entry
    CERT_INFO=cert_dic['cert_info'],
TypeError: 'NoneType' object is not subscriptable
[ERROR] 03/Oct/2019 07:31:21 - Rendering to Template
Traceback (most recent call last):
  File "/home/pc/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/db_interaction.py", line 120, in get_context_from_analysis
    'certinfo': cert_dic['cert_info'],
TypeError: 'NoneType' object is not subscriptable
[ERROR] 03/Oct/2019 07:31:21 - Error Performing Static Analysis
Traceback (most recent call last):
  File "/home/pc/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/static_analyzer.py", line 270, in static_analyzer
    context['average_cvss'], context['security_score'] = score(context['findings'])
TypeError: 'NoneType' object is not subscriptable
[ERROR] 03/Oct/2019 07:31:21 - 'NoneType' object is not subscriptable
[ERROR] 03/Oct/2019 07:31:21 - Internal Server Error: /StaticAnalyzer/
ajinabraham commented 5 years ago

Need full logs.

haruncetin commented 5 years ago

pc@kali:~/Mobile-Security-Framework-MobSF$ ./run.sh [2019-10-03 09:12:22 -0400] [44592] [INFO] Starting gunicorn 19.9.0 [2019-10-03 09:12:22 -0400] [44592] [INFO] Listening at: http://0.0.0.0:8000 (44592) [2019-10-03 09:12:22 -0400] [44592] [INFO] Using worker: threads [2019-10-03 09:12:22 -0400] [44595] [INFO] Booting worker with pid: 44595 [INFO] 03/Oct/2019 13:12:32 -

| \/ | _ | |_/ || _| | \ / \ | |\/| |/ | ' \ | |_ \ \ / / ) || | | | | | | | () | |) |) | _| \ V / / / | || | || ||\/|_./__/|| _/ |____(_)___/

[INFO] 03/Oct/2019 13:12:32 - Mobile Security Framework v2.0.0 Beta REST API Key: 9f4cb0b6727083fdc05fb99c9fcc7950639dc14f454c5d4eba92e700fc42d27e [INFO] 03/Oct/2019 13:12:32 - OS: Linux [INFO] 03/Oct/2019 13:12:32 - Platform: Linux-4.19.0-kali5-amd64-x86_64-with-Kali-kali-rolling-kali-rolling [INFO] 03/Oct/2019 13:12:32 - Dist: ('Kali', 'kali-rolling', 'kali-rolling') [INFO] 03/Oct/2019 13:12:32 - MobSF Basic Environment Check [WARNING] 03/Oct/2019 13:12:32 - Dynamic Analysis related functions will not work. Make sure a Genymotion Android VM is running before performing Dynamic Analyis. [INFO] 03/Oct/2019 13:12:32 - Checking for Update. [INFO] 03/Oct/2019 13:12:33 - No updates available. [INFO] 03/Oct/2019 13:12:36 - MIME Type: application/vnd.android.package-archive FILE: plus messenger_v5.11.0.3_apkpure.com.apk [INFO] 03/Oct/2019 13:12:36 - Performing Static Analysis of Android APK [INFO] 03/Oct/2019 13:12:36 - Starting Analysis on : Plus Messenger_v5.11.0.3_apkpure.com.apk [INFO] 03/Oct/2019 13:12:36 - Generating Hashes [INFO] 03/Oct/2019 13:12:36 - Unzipping [INFO] 03/Oct/2019 13:12:37 - Getting Hardcoded Certificates/Keystores [INFO] 03/Oct/2019 13:12:37 - APK Extracted [INFO] 03/Oct/2019 13:12:37 - Reading Android Manifest [INFO] 03/Oct/2019 13:12:37 - Parsing AndroidManifest.xml invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length [INFO] 03/Oct/2019 13:12:39 - Fetching icon path invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length [INFO] 03/Oct/2019 13:12:41 - Extracting Manifest Data [INFO] 03/Oct/2019 13:12:41 - Fetching Details from Play Store: org.telegram.plus [WARNING] 03/Oct/2019 13:12:42 - Unable to get app details. [INFO] 03/Oct/2019 13:12:42 - Manifest Analysis Started [INFO] 03/Oct/2019 13:12:42 - Static Android Binary Analysis Started [INFO] 03/Oct/2019 13:12:42 - Static Android Resource Analysis Started [INFO] 03/Oct/2019 13:12:42 - Reading Code Signing Certificate [ERROR] 03/Oct/2019 13:12:42 - Reading Code Signing Certificate Traceback (most recent call last): File "/home/pc/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/cert_analysis.py", line 111, in cert_info binascii.hexlify(x509_public_key.fingerprint).decode('utf-8'))) File "/home/pc/Mobile-Security-Framework-MobSF/venv/lib/python3.7/site-packages/asn1crypto/keys.py", line 1212, in fingerprint 'asn1crypto.keys.PublicKeyInfo().fingerprint has been removed, ' asn1crypto._errors.APIException: asn1crypto.keys.PublicKeyInfo().fingerprint has been removed, please use oscrypto.asymmetric.PublicKey().fingerprint instead [INFO] 03/Oct/2019 13:12:43 - Trackers Database is up-to-date [INFO] 03/Oct/2019 13:12:43 - Detecting Trackers [INFO] 03/Oct/2019 13:12:43 - APK -> JAVA [INFO] 03/Oct/2019 13:12:43 - Decompiling to Java with jadx [ERROR] 03/Oct/2019 13:12:43 - Decompiling to JAVA Traceback (most recent call last): File "/home/pc/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/converter.py", line 65, in apk_2_java shutil.rmtree(output) File "/usr/lib/python3.7/shutil.py", line 494, in rmtree _rmtree_safe_fd(fd, path, onerror) File "/usr/lib/python3.7/shutil.py", line 432, in _rmtree_safe_fd _rmtree_safe_fd(dirfd, fullname, onerror) File "/usr/lib/python3.7/shutil.py", line 432, in _rmtree_safe_fd _rmtree_safe_fd(dirfd, fullname, onerror) File "/usr/lib/python3.7/shutil.py", line 432, in _rmtree_safe_fd _rmtree_safe_fd(dirfd, fullname, onerror) [Previous line repeated 1 more time] File "/usr/lib/python3.7/shutil.py", line 452, in _rmtree_safe_fd onerror(os.unlink, fullname, sys.exc_info()) File "/usr/lib/python3.7/shutil.py", line 450, in _rmtree_safe_fd os.unlink(entry.name, dir_fd=topfd) PermissionError: [Errno 13] Permission denied: 'Clock.java' [INFO] 03/Oct/2019 13:12:43 - DEX -> SMALI [INFO] 03/Oct/2019 13:12:43 - Converting classes.dex to Smali Code [INFO] 03/Oct/2019 13:12:43 - Static Android Code Analysis Started [INFO] 03/Oct/2019 13:12:43 - Code Analysis Started on - java_source [INFO] 03/Oct/2019 13:12:53 - Finished Code Analysis, Email and URL Extraction [INFO] 03/Oct/2019 13:12:53 - Extracting Strings from APK invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length invalid decoded string length [INFO] 03/Oct/2019 13:12:55 - Detecting Firebase URL(s) [INFO] 03/Oct/2019 13:12:56 - Performing Malware Check on extracted Domains [INFO] 03/Oct/2019 13:12:57 - Malware Database is up-to-date [INFO] 03/Oct/2019 13:12:58 - Generating Java and Smali Downloads [INFO] 03/Oct/2019 13:12:58 - Generating Downloads [INFO] 03/Oct/2019 13:12:58 - Zipping [INFO] 03/Oct/2019 13:12:58 - Zipping [INFO] 03/Oct/2019 13:12:59 - Connecting to Database [INFO] 03/Oct/2019 13:12:59 - Saving to Database [ERROR] 03/Oct/2019 13:12:59 - Saving to DB Traceback (most recent call last): File "/home/pc/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/db_interaction.py", line 255, in create_db_entry CERT_INFO=cert_dic['cert_info'], TypeError: 'NoneType' object is not subscriptable [ERROR] 03/Oct/2019 13:12:59 - Rendering to Template Traceback (most recent call last): File "/home/pc/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/db_interaction.py", line 120, in get_context_from_analysis 'certinfo': cert_dic['cert_info'], TypeError: 'NoneType' object is not subscriptable [ERROR] 03/Oct/2019 13:12:59 - Error Performing Static Analysis Traceback (most recent call last): File "/home/pc/Mobile-Security-Framework-MobSF/StaticAnalyzer/views/android/static_analyzer.py", line 270, in static_analyzer context['average_cvss'], context['security_score'] = score(context['findings']) TypeError: 'NoneType' object is not subscriptable [ERROR] 03/Oct/2019 13:12:59 - 'NoneType' object is not subscriptable [ERROR] 03/Oct/2019 13:12:59 - Internal Server Error: /StaticAnalyzer/

ajinabraham commented 5 years ago

Duplicate of https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1105