search

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
https://opensecurity.in
GNU General Public License v3.0
17.47k stars 3.23k forks source link

'NoneType' object is not subscriptable #2057

Closed Kasug4 closed 2 years ago

Kasug4 commented 2 years ago

ENVIRONMENT

OS and Version: EndeavourOS Linux x86_64 Kernel: 6.0.2-arch1-1
Python Version: Python 3.10.8
MobSF Version: v3.6.1 Beta

EXPLANATION OF THE ISSUE

Analyzing ANY APK throws this error

image

There is no error running the setup scripts.

STEPS TO REPRODUCE THE ISSUE

1. Clone this repo
2. Run ./setup.py
3. Run ./run.py
4. Analyze an application

LOG FILE

  __  __       _    ____  _____       _____  __   
 |  \/  | ___ | |__/ ___||  ___|_   _|___ / / /_  
 | |\/| |/ _ \| '_ \___ \| |_  \ \ / / |_ \| '_ \ 
 | |  | | (_) | |_) |__) |  _|  \ V / ___) | (_) |
 |_|  |_|\___/|_.__/____/|_|     \_/ |____(_)___/ 

[INFO] 20/Oct/2022 11:08:29 - Mobile Security Framework v3.6.1 Beta
[INFO] 20/Oct/2022 11:08:29 - OS: Linux
[INFO] 20/Oct/2022 11:08:29 - Platform: Linux-6.0.2-arch1-1-x86_64-with-glibc2.36
[INFO] 20/Oct/2022 11:08:29 - Dist: endeavouros rolling rolling
[INFO] 20/Oct/2022 11:08:29 - MobSF Basic Environment Check
[WARNING] 20/Oct/2022 11:08:29 - Dynamic Analysis related functions will not work. 
Make sure a Genymotion Android VM/Android Studio Emulator is running before performing Dynamic Analysis.
[INFO] 20/Oct/2022 11:08:30 - Checking for Update.
[INFO] 20/Oct/2022 11:08:30 - No updates available.
[INFO] 20/Oct/2022 11:10:03 - MIME Type: application/vnd.android.package-archive FILE: Shopee PH Shop on 10 10_v2.95.08_APKPure_Installer.apk
[INFO] 20/Oct/2022 11:10:03 - Performing Static Analysis of Android APK
[INFO] 20/Oct/2022 11:10:03 - Starting Analysis on: Shopee PH Shop on 10 10_v2.95.08_APKPure_Installer.apk
[INFO] 20/Oct/2022 11:10:03 - Generating Hashes
[INFO] 20/Oct/2022 11:10:03 - Unzipping
[INFO] 20/Oct/2022 11:10:03 - APK Extracted
[INFO] 20/Oct/2022 11:10:03 - Getting Hardcoded Certificates/Keystores
[INFO] 20/Oct/2022 11:10:03 - Getting AndroidManifest.xml from APK
[INFO] 20/Oct/2022 11:10:03 - Converting AXML to XML
[INFO] 20/Oct/2022 11:10:09 - Parsing AndroidManifest.xml
[INFO] 20/Oct/2022 11:10:09 - Fetching icon path
[INFO] 20/Oct/2022 11:10:10 - Extracting Manifest Data
[INFO] 20/Oct/2022 11:10:10 - Fetching Details from Play Store: com.apkpure.aegon
[INFO] 20/Oct/2022 11:10:10 - Manifest Analysis Started
[INFO] 20/Oct/2022 11:10:10 - Binary Analysis Started
[INFO] 20/Oct/2022 11:10:10 - Analyzing lib/armeabi-v7a/libqsealib.so
[INFO] 20/Oct/2022 11:10:10 - Analyzing lib/armeabi-v7a/libqmp.so
[INFO] 20/Oct/2022 11:10:10 - Analyzing lib/armeabi-v7a/libdaemon_acc_v2.1.5.so
[INFO] 20/Oct/2022 11:10:10 - Reading Code Signing Certificate
[INFO] 20/Oct/2022 11:10:10 - Running APKiD 2.1.4
[INFO] 20/Oct/2022 11:10:18 - Trackers Database is up-to-date
[INFO] 20/Oct/2022 11:10:18 - Detecting Trackers
[INFO] 20/Oct/2022 11:10:18 - APK -> JAVA
[INFO] 20/Oct/2022 11:10:18 - Decompiling to Java with jadx
[INFO] 20/Oct/2022 11:10:33 - DEX -> SMALI
[INFO] 20/Oct/2022 11:10:33 - Converting classes.dex to Smali Code
[INFO] 20/Oct/2022 11:10:33 - Code Analysis Started on - java_source
[INFO] 20/Oct/2022 11:11:40 - Running NIAP Analyzer
[INFO] 20/Oct/2022 11:12:06 - Finished Code Analysis, Email and URL Extraction
[INFO] 20/Oct/2022 11:12:06 - Extracting Strings from APK
[INFO] 20/Oct/2022 11:12:06 - Detecting Firebase URL(s)
[INFO] 20/Oct/2022 11:12:07 - Performing Malware Check on extracted Domains
[INFO] 20/Oct/2022 11:12:08 - Maltrail Database is outdated!
[INFO] 20/Oct/2022 11:12:08 - Updating Maltrail Database
[INFO] 20/Oct/2022 11:12:19 - Connecting to Database
[INFO] 20/Oct/2022 11:12:19 - Saving to Database
[ERROR] 20/Oct/2022 11:12:19 - Rendering to Template
Traceback (most recent call last):
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/utils.py", line 89, in _execute
    return self.cursor.execute(sql, params)
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/sqlite3/base.py", line 357, in execute
    return Database.Cursor.execute(self, query, params)
sqlite3.OperationalError: no such table: StaticAnalyzer_suppressfindings

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/android/db_interaction.py", line 99, in get_context_from_analysis
    code = process_suppression(
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/common/suppression.py", line 239, in process_suppression
    if not filters.exists():
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/models/query.py", line 1225, in exists
    return self.query.has_results(using=self.db)
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/models/sql/query.py", line 592, in has_results
    return compiler.has_results()
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/models/sql/compiler.py", line 1366, in has_results
    return bool(self.execute_sql(SINGLE))
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/models/sql/compiler.py", line 1398, in execute_sql
    cursor.execute(sql, params)
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/utils.py", line 103, in execute
    return super().execute(sql, params)
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/utils.py", line 67, in execute
    return self._execute_with_wrappers(
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/utils.py", line 80, in _execute_with_wrappers
    return executor(sql, params, many, context)
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/utils.py", line 84, in _execute
    with self.db.wrap_database_errors:
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/utils.py", line 91, in __exit__
    raise dj_exc_value.with_traceback(traceback) from exc_value
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/utils.py", line 89, in _execute
    return self.cursor.execute(sql, params)
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/sqlite3/base.py", line 357, in execute
    return Database.Cursor.execute(self, query, params)
django.db.utils.OperationalError: no such table: StaticAnalyzer_suppressfindings
[ERROR] 20/Oct/2022 11:12:19 - Error Performing Static Analysis
Traceback (most recent call last):
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/android/static_analyzer.py", line 292, in static_analyzer
    context['appsec'] = get_android_dashboard(context, True)
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/common/appsec.py", line 189, in get_android_dashboard
    if 'certificate_findings' in data['certificate_analysis']:
TypeError: 'NoneType' object is not subscriptable
[ERROR] 20/Oct/2022 11:12:19 - 'NoneType' object is not subscriptable
[ERROR] 20/Oct/2022 11:12:19 - Internal Server Error: /static_analyzer/
[INFO] 20/Oct/2022 11:12:19 - Starting Analysis on: Shopee PH Shop on 10 10_v2.95.08_APKPure_Installer.apk
[INFO] 20/Oct/2022 11:12:19 - Analysis is already Done. Fetching data from the DB...
[ERROR] 20/Oct/2022 11:12:19 - Fetching from DB
Traceback (most recent call last):
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/utils.py", line 89, in _execute
    return self.cursor.execute(sql, params)
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/sqlite3/base.py", line 357, in execute
    return Database.Cursor.execute(self, query, params)
sqlite3.OperationalError: no such table: StaticAnalyzer_suppressfindings

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/android/db_interaction.py", line 26, in get_context_from_db_entry
    code = process_suppression(
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/common/suppression.py", line 239, in process_suppression
    if not filters.exists():
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/models/query.py", line 1225, in exists
    return self.query.has_results(using=self.db)
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/models/sql/query.py", line 592, in has_results
    return compiler.has_results()
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/models/sql/compiler.py", line 1366, in has_results
    return bool(self.execute_sql(SINGLE))
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/models/sql/compiler.py", line 1398, in execute_sql
    cursor.execute(sql, params)
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/utils.py", line 103, in execute
    return super().execute(sql, params)
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/utils.py", line 67, in execute
    return self._execute_with_wrappers(
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/utils.py", line 80, in _execute_with_wrappers
    return executor(sql, params, many, context)
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/utils.py", line 84, in _execute
    with self.db.wrap_database_errors:
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/utils.py", line 91, in __exit__
    raise dj_exc_value.with_traceback(traceback) from exc_value
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/utils.py", line 89, in _execute
    return self.cursor.execute(sql, params)
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/venv/lib/python3.10/site-packages/django/db/backends/sqlite3/base.py", line 357, in execute
    return Database.Cursor.execute(self, query, params)
django.db.utils.OperationalError: no such table: StaticAnalyzer_suppressfindings
[ERROR] 20/Oct/2022 11:12:19 - Error Performing Static Analysis
Traceback (most recent call last):
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/android/static_analyzer.py", line 292, in static_analyzer
    context['appsec'] = get_android_dashboard(context, True)
  File "/home/r64/repo/Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/common/appsec.py", line 189, in get_android_dashboard
    if 'certificate_findings' in data['certificate_analysis']:
TypeError: 'NoneType' object is not subscriptable
[ERROR] 20/Oct/2022 11:12:19 - 'NoneType' object is not subscriptable
[ERROR] 20/Oct/2022 11:12:19 - Internal Server Error: /static_analyzer/
github-actions[bot] commented 2 years ago

👋 @g-n-x Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.