iOS rule updates, scan type support, Rule QA, Explicit scan_type support.

MobSF / mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

GNU Lesser General Public License v3.0

607 stars 97 forks source link

iOS rule updates, scan type support, Rule QA, Explicit scan_type support. #65

Closed ajinabraham closed 1 year ago

ajinabraham commented 1 year ago

IOS Swift Rules updates
- Updated or added rules ios_biometric_bool, ios_biometric_acl, ios_keychain_weak_acl_device_passcode, ios_keychain_weak_accessibility_value, ios_insecure_random_no_generator
- Regex Hardening: Fixes possible Regex DoS
- Add support for --type android|ios|auto for explicitly forcing a rule set on source directory.