Imported: semgrep android rules

MobSF / mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

GNU Lesser General Public License v3.0

562 stars 90 forks source link

Imported: semgrep android rules #68

Open ajinabraham opened 11 months ago

ajinabraham commented 11 months ago

https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2195

Hi, recently I work on a collection of Semgrep rules to cover the static tests described by the OWASP MASTG.
This is the official repo: https://github.com/mindedsecurity/semgrep-rules-android-security

Why not include these rules in MobFS? 😃
Hope you like it! 👍

Reported by :@gand3lf

rafaelhziliao commented 8 months ago

Hey, have these rules been included already?

gand3lf commented 8 months ago

Hi @rafaelhziliao, no, they have not yet updated with the proposed rules. If you want to use the rules collection I recommend you refer to the official repository.