Merge branch 'master' into patch-1

mobsf/MobSF/utils.py

@@ -98,6 +98,17 @@ def upstream_proxy(flaw_type):
     return proxies, verify
 
 
+def get_system_resources():
+    """Get CPU and Memory Available."""
+    # Get number of physical cores
+    physical_cores = psutil.cpu_count(logical=False)
+    # Get number of logical processors (threads)
+    logical_processors = psutil.cpu_count(logical=True)
+    # Get total RAM
+    total_ram = psutil.virtual_memory().total / (1024 ** 3)  # Convert bytes to GB
+    return physical_cores, logical_processors, total_ram
+
+
 def print_version():
     """Print MobSF Version."""
     logger.info(settings.BANNER)
@@ -122,6 +133,8 @@ def print_version():
         dst_str = f' ({dist}) '
     env_str = f'OS Environment: {os}{dst_str}{pltfm}'
     logger.info(env_str)
+    cores, threads, ram = get_system_resources()
+    logger.info('CPU Cores: %s, Threads: %s, RAM: %.2f GB', cores, threads, ram)
     find_java_binary()
     check_basic_env()
     thread = threading.Thread(target=check_update, name='check_update')

mobsf/StaticAnalyzer/views/android/kb/android_manifest_desc.py

@@ -219,12 +219,12 @@
         'name': 'Data SMS Receiver Set on Port: %s Found. [android:port]',
     },
     'high_intent_priority_found': {
-        'title': 'High Intent Priority (%s)<br>[android:priority]',
+        'title': 'High Intent Priority (%s) - {%s} Hit(s)<br>[android:priority]',
         'level': 'warning',
         'description': ('By setting an intent priority higher than another'
                         ' intent, the app effectively overrides '
                         'other requests.'),
-        'name': 'High Intent Priority (%s). [android:priority]',
+        'name': 'High Intent Priority (%s) - {%s} Hit(s) [android:priority]',
     },
     'high_action_priority_found': {
         'title': 'High Action Priority (%s)<br>[android:priority] ',

mobsf/StaticAnalyzer/views/android/manifest_analysis.py

@@ -761,12 +761,18 @@ def manifest_analysis(app_dic, man_data_dic):
                 dataport = data.getAttribute(f'{ns}:port')
                 ret_list.append(('sms_receiver_port_found', (dataport,), ()))
         # INTENTS
+        processed_priorities = {}
         for intent in intents:
             if intent.getAttribute(f'{ns}:priority').isdigit():
                 value = intent.getAttribute(f'{ns}:priority')
                 if int(value) > 100:
-                    ret_list.append(
-                        ('high_intent_priority_found', (value,), ()))
+                    if value not in processed_priorities:
+                        processed_priorities[value] = 1
+                    else:
+                        processed_priorities[value] += 1
+        for priority, count in processed_priorities.items():
+            ret_list.append(
+                ('high_intent_priority_found', (priority, count,), ()))
         # ACTIONS
         for action in actions:
             if action.getAttribute(f'{ns}:priority').isdigit():

mobsf/StaticAnalyzer/views/common/appsec.py

@@ -38,9 +38,20 @@ def common_fields(findings, data):
             sev = cd['metadata']['severity']
         desc = cd['metadata']['description']
         ref = cd['metadata'].get('ref', '')
+
+        files_dict = cd.get('files', {})
+        files_lines = [f'{file}, line(s) {lines}'
+                       for file, lines in files_dict.items()]
+        all_files_str = '\n'.join(files_lines)
+
+        if files_dict:
+            fdesc = f'{desc}\n{ref}\n\nFiles:\n{all_files_str}'
+        else:
+            fdesc = f'{desc}\n{ref}'
+
         findings[sev].append({
             'title': cd['metadata']['description'],
-            'description': f'{desc}\n{ref}',
+            'description': fdesc,
             'section': 'code',
         })
     # Permissions