Giters

MobSF / mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Unable to run mobsfscan on android (Kotlin) project

OgnjenKop opened this issue · comments

commented

I am unable to run mobsfscan on android (Kotlin) project. Seems like a semsgrep issue, but not sure how I could further diagnose and potentially resolve this.

Exception in thread Thread-1:
Traceback (most recent call last):
File "/opt/homebrew/Cellar/python@3.9/3.9.16/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 980, in _bootstrap_inner
self.run()
File "/opt/homebrew/Cellar/python@3.9/3.9.16/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 917, in run
self._target(*self._args, **self._kwargs)
File "/opt/homebrew/lib/python3.9/site-packages/libsast/common.py", line 45, in myrunner
ret[0] = function(*args, **kwargs)
File "/opt/homebrew/lib/python3.9/site-packages/libsast/core_sgrep/helpers.py", line 50, in invoke_semgrep
) = semgrep_main.main(
File "/opt/homebrew/lib/python3.9/site-packages/semgrep/semgrep_main.py", line 363, in main
rule_matches_by_rule, semgrep_errors, all_targets, profiling_data = run_rules(
File "/opt/homebrew/lib/python3.9/site-packages/semgrep/semgrep_main.py", line 154, in run_rules
) = core_runner.invoke_semgrep(
File "/opt/homebrew/lib/python3.9/site-packages/semgrep/core_runner.py", line 758, in invoke_semgrep
) = self._run_rules_direct_to_semgrep_core(
File "/opt/homebrew/lib/python3.9/site-packages/semgrep/core_runner.py", line 703, in _run_rules_direct_to_semgrep_core
returncode = runner.execute()
File "/opt/homebrew/lib/python3.9/site-packages/semgrep/core_runner.py", line 283, in execute
rc = asyncio.run(self._stream_subprocess())
File "/opt/homebrew/Cellar/python@3.9/3.9.16/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/runners.py", line 44, in run
return loop.run_until_complete(main)
File "/opt/homebrew/Cellar/python@3.9/3.9.16/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/base_events.py", line 647, in run_until_complete
return future.result()
File "/opt/homebrew/lib/python3.9/site-packages/semgrep/core_runner.py", line 257, in _stream_subprocess
raise SemgrepError(f"Error while running rules: {r}")
semgrep.error.SemgrepError: Error while running rules: 0 bytes read on a total of 2 expected bytes

  • Semantic Grep 28
    Traceback (most recent call last):
    File "/opt/homebrew/bin/mobsfscan", line 8, in
    sys.exit(main())
    File "/opt/homebrew/lib/python3.9/site-packages/mobsfscan/main.py", line 74, in main
    scan_results = MobSFScan(
    File "/opt/homebrew/lib/python3.9/site-packages/mobsfscan/mobsfscan.py", line 98, in scan
    result = scanner.scan()
    File "/opt/homebrew/lib/python3.9/site-packages/libsast/scanner.py", line 64, in scan
    results['semantic_grep'] = SemanticGrep(
    File "/opt/homebrew/lib/python3.9/site-packages/libsast/core_sgrep/semantic_sgrep.py", line 41, in scan
    self.format_output(sgrep_out)
    File "/opt/homebrew/lib/python3.9/site-packages/libsast/core_sgrep/semantic_sgrep.py", line 46, in format_output
    self.findings['errors'] = results['errors']
    TypeError: 'NoneType' object is not subscriptable
commented

Are you on Apple Silicon? (M1/M2)

commented

Are you on Apple Silicon? (M1/M2)

Yes. Tried running it in my CI/CD pipelines also, using the official docker container, but to no success :/

commented

Unfortunately semgrep that we use internally doesn't support Apple Silicon.

You could try running docker image with
--platform linux/amd64
at degraded performance.

commented

You were right, it works when run on platforms that are not Apple Silicon.