[SECURITY] Fix Arbitrary file writes on Windows

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

GNU General Public License v3.0

16.68k stars 3.16k forks source link

Describe the Pull Request

Arbitrary file writes on Windows with apktool fixed with this version
Discovered by [Cl0udG0d](https://github.com/Cl0udG0d?ref=connortumbleson.com) the previous path traversal fix was not hardened when running against Windows. It was learned that Windows will handle both path separators (/ and \) which v2.9.2 had previously isolated to the intended OS. Now cleansing of resource names will include both path separators no matter the OS.

Checklist for PR

[X] Run MobSF unit tests and lint tox -e lint,test
[X] Tested Working on Linux, Mac, and Docker
[ ] Add unit test for any new Web API (Refer: StaticAnalyzer/tests.py)
[X] Make sure tests are passing on your PR

MobSF / Mobile-Security-Framework-MobSF

[SECURITY] Fix Arbitrary file writes on Windows #2328

Describe the Pull Request

Checklist for PR