omerlh
commented
4 years ago Regarding the schema change - see #174, this was already merged :)
Regarding the new mapping - have you tested it? If you tested it and it worked a PR is welcomed!
Open bc-venkata opened 4 years ago
omerlh
commented
4 years ago Regarding the schema change - see #174, this was already merged :)
Regarding the new mapping - have you tested it? If you tested it and it worked a PR is welcomed!
bc-venkata
commented
4 years ago I have tried the new mapping file but it does not work for some reason. It only reports manifest issues only. I'm not sure if the mapping file is correct or not. Kindly, help in proceeding further.
bc-venkata
commented
4 years ago $ ruby bin/glue -t Dynamic -T report.json --mapping-file mobsf -z 2
Setting severity_threshold to 2 Logfile nil? calling scan Running scanner Loading scanner... Processing target...report.json Running tasks in stage: wait Running tasks in stage: mount Running tasks in stage: file Running tasks in stage: code code - Dynamic - #Set:0x00007f8fd9c131b0 Invalid mappings JSON: ["The property '#/mappings/0/properties' did not contain a required property of 'source' in schema b9d9fa95-af34-55cd-827a-d1762791af40"]
Here is the mapping file that I used
{ "task_name": "MobSF", "app_name": "app_name", "mappings": [ { "key": "manifest_analysis", "properties": { "description": "desc", "detail": "title", "source": "title", "severity": "stat", "fingerprint": "title" }, "key": "findings", "properties": { "description": "cwe", "detail": "path", "severity": "level", "fingerprint": "cwe" } } ] }
stale[bot]
commented
4 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This is in reference to https://github.com/OWASP/glue/blob/master/lib/glue/mappings/mobsf.json Could you please provide key for formatting code_analysis and certificate analysis as well? Currently it is just providing manifest analysis only. FYI... Latest MobSF V3 API changed the "app_name": "name" to "app_name": "app_name" and "key": "manifest", to "key": "manifest_analysis".
I drafted very vague mapping file for mobsf. Could you please correct this? Or could you provide an update mapping file would be great?
{ "task_name": "MobSF", "app_name": "app_name", "mappings": [ { "key": "manifest_analysis", "properties": { "description": "desc", "detail": "title", "source": "title", "severity": "stat", "fingerprint": "title" } "key": "certificate_analysis", "properties": { "description": "description", "detail": "certificate_info", "severity": "certificate_status", "fingerprint": "description" } "key": "binary_analysis", "properties": { "description": "desc", "detail": "title", "source": "file", "severity": "stat", "fingerprint": "title" } "key": "code_analysis", "properties": { "description": "desc", "detail": "owasp", "source": "path", "fingerprint": "owasp" } "key": "manifest_analysis", "properties": { "description": "android_api" } } ] }