[HOTFIX][SECURITY] Fix an LFI, DSA Pub Key parsing bug and dependencies

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

GNU General Public License v3.0

16.68k stars 3.16k forks source link

Describe the Pull Request

* [SECURITY] Fixes an LFI reported by @0x33c0unt - A crafted APK resource with icon name containing arbitrary path will get copied by MobSF as the icon file to the download directory which is available under `/download/` route. Fixed by https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/a58f8a8c0aa49e1581d97e19e8e2255ca96cd838
* Fixes #2324 , Bug in parsing DSA Public Key parameters for fingerprint calculation.
* Update dependencies

Checklist for PR

[x] Run MobSF unit tests and lint tox -e lint,test
[x] Tested Working on Linux, Mac, Windows, and Docker
[x] Add unit test for any new Web API (Refer: StaticAnalyzer/tests.py)
[x] Make sure tests are passing on your PR

Additional Comments (if any)

DESCRIBE HERE

MobSF / Mobile-Security-Framework-MobSF

[HOTFIX][SECURITY] Fix an LFI, DSA Pub Key parsing bug and dependencies #2326

Describe the Pull Request

Checklist for PR

Additional Comments (if any)