advance mobsf to also parse exisiting unittestfile (#9563)

* advance mobsf to also parse exisiting unittestfile

* dupe_key update

* fix unittests

* flake8

* ruff linter

* remformat unittest files

* resolve todo

* resolve another todo

* remove accidently added file

* more unittests to retrigger pipeline

dojo/tools/mobsf/parser.py

@@ -320,7 +320,16 @@ def get_findings(self, filename, test):
                 }
 
                 mobsf_findings.append(mobsf_item)
-
+        if isinstance(data, list):
+            for finding in data:
+                mobsf_item = {
+                    "category": finding["category"],
+                    "title": finding["name"],
+                    "severity": finding["severity"],
+                    "description": finding["description"] + "\n" + "**apk_exploit_dict:** " + str(finding["apk_exploit_dict"]) + "\n" + "**line_number:** " + str(finding["line_number"]),
+                    "file_path": finding["file_object"]
+                }
+                mobsf_findings.append(mobsf_item)
         for mobsf_finding in mobsf_findings:
             title = mobsf_finding["title"]
             sev = self.getCriticalityRating(mobsf_finding["severity"])
@@ -343,8 +352,11 @@ def get_findings(self, filename, test):
             )
             if mobsf_finding["file_path"]:
                 finding.file_path = mobsf_finding["file_path"]
-
-            dupe_key = sev + title
+                dupe_key = sev + title + description + mobsf_finding["file_path"]
+            else:
+                dupe_key = sev + title + description
+            if mobsf_finding["category"]:
+                dupe_key += mobsf_finding["category"]
             if dupe_key in dupes:
                 find = dupes[dupe_key]
                 if description is not None:
@@ -372,12 +384,14 @@ def getSeverityForPermission(self, status):
     # Criticality rating
     def getCriticalityRating(self, rating):
         criticality = "Info"
-        if rating == "Good":
+        if rating.lower() == "good":
             criticality = "Info"
-        if rating == "Warning":
+        elif rating.lower() == "warning":
             criticality = "Low"
+        elif rating.lower() == "vulnerability":
+            criticality = "Medium"
         else:
-            criticality = rating.capitalize()
+            criticality = rating.lower().capitalize()
         return criticality
 
     def suite_data(self, suites):

unittests/tools/test_mobsf_parser.py

@@ -14,7 +14,7 @@ def test_parse_file(self):
         parser = MobSFParser()
         findings = parser.get_findings(testfile, test)
         testfile.close()
-        self.assertEqual(22, len(findings))
+        self.assertEqual(68, len(findings))
         item = findings[0]
         self.assertEqual('android.permission.WRITE_EXTERNAL_STORAGE', item.title)
         self.assertEqual('High', item.severity)
@@ -25,10 +25,10 @@ def test_parse_file(self):
         self.assertEqual('This shared object does not have RELRO enabled', item.title)
         self.assertEqual('High', item.severity)
         self.assertEqual('lib/armeabi-v7a/libdivajni.so', item.file_path)
-        self.assertEqual(7, item.nb_occurences)
+        self.assertEqual(1, item.nb_occurences)
         item = findings[17]
-        self.assertEqual('Local File I/O Operations', item.title)
-        self.assertEqual('Info', item.severity)
+        self.assertEqual('This shared object does not have a stack canary value added to the stack', item.title)
+        self.assertEqual('High', item.severity)
         self.assertEqual(1, item.nb_occurences)
 
     def test_parse_file2(self):
@@ -40,8 +40,10 @@ def test_parse_file2(self):
         parser = MobSFParser()
         findings = parser.get_findings(testfile, test)
         testfile.close()
-        self.assertEqual(0, len(findings))
-        # TODO add more checks dedicated to this file
+        self.assertEqual(1022, len(findings))
+        item = findings[1]
+        self.assertEqual('Potential API Key found', item.title)
+        self.assertEqual('Info', item.severity)
 
     def test_parse_file_3_1_9_android(self):
         test = Test()
@@ -52,8 +54,19 @@ def test_parse_file_3_1_9_android(self):
         parser = MobSFParser()
         findings = parser.get_findings(testfile, test)
         testfile.close()
-        self.assertEqual(77, len(findings))
-        # TODO add more checks dedicated to this file
+        item = findings[1]
+        self.assertEqual('android.permission.ACCESS_GPS', item.title)
+        self.assertEqual('High', item.severity)
+        item = findings[4]
+        self.assertEqual('android.permission.ACCESS_LOCATION', item.title)
+        self.assertEqual('High', item.severity)
+        item = findings[7]
+        self.assertEqual('android.permission.READ_PHONE_STATE', item.title)
+        self.assertEqual('High', item.severity)
+        item = findings[70]
+        self.assertEqual('HTTPS Connection', item.title)
+        self.assertEqual('Info', item.severity)
+        self.assertEqual(1, item.nb_occurences)
 
     def test_parse_file_3_1_9_ios(self):
         test = Test()
@@ -65,7 +78,16 @@ def test_parse_file_3_1_9_ios(self):
         findings = parser.get_findings(testfile, test)
         testfile.close()
         self.assertEqual(11, len(findings))
-        # TODO add more checks dedicated to this file
+        item = findings[2]
+        self.assertEqual('NSLocationAlwaysUsageDescription', item.title)
+        self.assertEqual('High', item.severity)
+        item = findings[3]
+        self.assertEqual('NSLocationWhenInUseUsageDescription', item.title)
+        self.assertEqual('High', item.severity)
+        item = findings[10]
+        self.assertEqual('App is compiled with Automatic Reference Counting (ARC) flag. ARC is a compiler feature that provides automatic memory management of Objective-C objects and is an exploit mitigation mechanism against memory corruption vulnerabilities.', item.title)
+        self.assertEqual('Info', item.severity)
+        self.assertEqual(1, item.nb_occurences)
 
     def test_parse_file_mobsf_3_7_9(self):
         test = Test()
@@ -102,7 +124,7 @@ def test_parse_allsafe(self):
         parser = MobSFParser()
         findings = parser.get_findings(testfile, test)
         testfile.close()
-        self.assertEqual(55, len(findings))
+        self.assertEqual(93, len(findings))
 
     def test_parse_damnvulnrablebank(self):
         test = Test()
@@ -113,4 +135,4 @@ def test_parse_damnvulnrablebank(self):
         parser = MobSFParser()
         findings = parser.get_findings(testfile, test)
         testfile.close()
-        self.assertEqual(39, len(findings))
+        self.assertEqual(80, len(findings))