Skip to content

Adding OWASP Mobile 2024 compliance support #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
poseidontor wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Adding OWASP Mobile 2024 compliance support #72

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ $ appknox reports create 4
3

$ appknox reports download summary-csv 3
Organization ID,Project ID,Application Name,Application Namespace,Platform,Version,Version Code,File ID,Test Case,Scan Type,Severity,Risk Override,CVSS Score,Findings,Description,Noncompliant Code Example,Compliant Solution,Business Implication,OWASP,CWE,MSTG,OWASP MASVS (v2),ASVS,PCI-DSS,GDPR,Created On
Organization ID,Project ID,Application Name,Application Namespace,Platform,Version,Version Code,File ID,Test Case,Scan Type,Severity,Risk Override,CVSS Score,Findings,Description,Noncompliant Code Example,Compliant Solution,Business Implication,OWASP,CWE,MSTG,OWASP MASVS (v2),OWASP Mobile 2024,ASVS,PCI-DSS,GDPR,Created On
1,1,MFVA,com.appknox.mfva,Android,1.1,1605631525,51,Broken SSL Trust Manager,Static,High,,6.9,"BluK8lNUoeHkNxZ3GVrKN9BP2
NVWmfbtHDiJBOTbOEpCnsbMhc6T31t...(Truncated)

Expand Down
1 change: 1 addition & 0 deletions appknox/mapper.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ def mapper_drf_api(model: type, resource: dict) -> object:
"cwe",
"mstg",
"masvs",
"owaspmobile2024",
"asvs",
"gdpr",
"computed_risk",
Expand Down
Binary file modified docs/.doctrees/client.doctree
View file
Open in desktop
Binary file not shown.
Binary file modified docs/.doctrees/environment.pickle
View file
Open in desktop
Binary file not shown.
Binary file modified docs/.doctrees/index.doctree
View file
Open in desktop
Binary file not shown.
Binary file modified docs/.doctrees/mapper.doctree
View file
Open in desktop
Binary file not shown.
62 changes: 19 additions & 43 deletions docs/_modules/appknox/client.html
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions docs/_modules/appknox/mapper.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ <h1>Source code for appknox.mapper</h1><div class="highlight"><pre>
<span class="s2">&quot;cwe&quot;</span><span class="p">,</span>
<span class="s2">&quot;mstg&quot;</span><span class="p">,</span>
<span class="s2">&quot;masvs&quot;</span><span class="p">,</span>
<span class="s2">&quot;owaspmobile2024&quot;</span><span class="p">,</span>
<span class="s2">&quot;asvs&quot;</span><span class="p">,</span>
<span class="s2">&quot;gdpr&quot;</span><span class="p">,</span>
<span class="s2">&quot;computed_risk&quot;</span><span class="p">,</span>
Expand Down
102 changes: 15 additions & 87 deletions docs/_sources/index.rst.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,91 +165,19 @@ Get the analyses for this new file:

.. code-block:: python

>>> client.get_analyses(273)[:3]
[Analysis(id = 22248, risk = 2, status = 3, cvss_base = 6.6, cvss_vector = 'CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H', cvss_version = 3, cvss_metrics_humanized = [{
'key': 'Attack Vector',
'value': 'Adjacent'
}, {
'key': 'Attack Complexity',
'value': 'Low'
}, {
'key': 'Privileges Required',
'value': 'High'
}, {
'key': 'User Interaction',
'value': 'Required'
}, {
'key': 'Scope',
'value': 'Unchanged'
}, {
'key': 'Confidentiality Impact',
'value': 'High'
}, {
'key': 'Integrity Impact',
'value': 'High'
}, {
'key': 'Availability Impact',
'value': 'High'
}],
findings = [{
'title': 'ssLA5o60a398i7TM5RkofIA1J',
'description': 'MfmnwBwK2HsWqnZMOJoDvWnhIFdVMn'
}, {
'title': 'p9TPfBKLqtlExLklJYnifHO72',
'description': '0rppCThV5ybdROVlizmG5ryoWd7S7r'
}, {
'title': 'DpqNGv4q8ZhrYgyobSpEuqiq7',
'description': 'BmQkMywysefELpWcG1OGYN9N98PdSi'
}, {
'title': 'pcqd88I0ZLpRqKYD7lTrbGEEY',
'description': '7PYqk3Gg9J3Zr7nu8PKhv1tHH1NhdA'
}, {
'title': 'TGdwRQOaFBQ9J046BRB2DJXn4',
'description': 'skEJq90yDVC5y0zmSD09f1rQyK8KNZ'
}],
updated_on = '2023-09-13T06:08:18.384903Z', vulnerability = 1, owasp = ['M1_2016'], pcidss = ['3_2', '3_3', '3_4'], hipaa = ['164_312_a_1'], cwe = ['CWE_926'], mstg = ['MSTG_6_3', 'MSTG_6_4'], masvs = ['MASVS_6_1'], asvs = [], gdpr = ['gdpr_25', 'gdpr_32'], computed_risk = 2, overridden_risk = None),
Analysis(id = 22247, risk = 2, status = 3, cvss_base = 5.7, cvss_vector = 'CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:N', cvss_version = 3, cvss_metrics_humanized = [{
'key': 'Attack Vector',
'value': 'Physical'
}, {
'key': 'Attack Complexity',
'value': 'Low'
}, {
'key': 'Privileges Required',
'value': 'High'
}, {
'key': 'User Interaction',
'value': 'Not Required'
}, {
'key': 'Scope',
'value': 'Changed'
}, {
'key': 'Confidentiality Impact',
'value': 'Low'
}, {
'key': 'Integrity Impact',
'value': 'High'
}, {
'key': 'Availability Impact',
'value': 'None'
}],
findings = [{
'title': 'y4iutu3KCWb7shg6BsZqu867Y',
'description': 'cqB9EcXpGrvQbsrGNMProR3J1cbmxw'
}, {
'title': 'kPLH7e9juz1wq2JCBJrVR9fnb',
'description': '2rSLRxGXZbeSZ437l5bzKTTwwSB7il'
}, {
'title': 'qUObDBfoIvOSbVgyhQwxBWOY6',
'description': 'iHdHrlq0dCA1gxjWyo4wnGZ3flmr70'
}, {
'title': 'l1i4LxUXU3PaMv1wsYaN7zzLu',
'description': '5g4ml46nrfndL7M4V43ZbkEXVX0bVn'
}, {
'title': 'OgZY2lNjHTPqvNl75bupA3tNH',
'description': 'IiwQX1xQDjX5t4W6Y9KyWIrMdeREtw'
}],
updated_on = '2023-09-13T06:08:21.540225Z', vulnerability = 2, owasp = ['M1_2016'], pcidss = ['3_2', '3_3', '3_4'], hipaa = ['164_312_a_1'], cwe = ['CWE_926'], mstg = ['MSTG_6_1'], masvs = ['MASVS_6_1'], asvs = [], gdpr = ['gdpr_25', 'gdpr_32'], computed_risk = 2, overridden_risk = None), ]
>>> client.get_analyses(1)[6:9]
[Analysis(id=7, risk=0, status=3, cvss_base=0.0, cvss_vector='', cvss_version=3, cvss_metrics_humanized=[],
findings=[], updated_on='2024-02-28T09:53:39.292318Z', vulnerability=7, owasp=['M3_2016'], pcidss=['4_1'],
hipaa=['164_312_e_1'], cwe=['CWE_296'], mstg=['MSTG_3_2', 'MSTG_3_3', 'MSTG_3_3'], masvs=['MASVS_2_1'],
owaspmobile2024=['M5_2024'], asvs=[], gdpr=['gdpr_25', 'gdpr_32'], computed_risk=0, overridden_risk=None),
Analysis(id=8, risk=0, status=3, cvss_base=0.0, cvss_vector='', cvss_version=3, cvss_metrics_humanized=[],
findings=[], updated_on='2024-02-28T09:53:52.471037Z', vulnerability=8, owasp=['M3_2016'], pcidss=['4_1'],
hipaa=['164_312_e_1'], cwe=['CWE_297'], mstg=['MSTG_5_3'], masvs=['MASVS_5_1'], owaspmobile2024=['M5_2024'],
asvs=[], gdpr=['gdpr_25', 'gdpr_32'], computed_risk=0, overridden_risk=None),
Analysis(id=9, risk=0, status=3, cvss_base=0.0, cvss_vector='', cvss_version=3, cvss_metrics_humanized=[],
findings=[], updated_on='2024-02-28T09:54:06.240677Z', vulnerability=9, owasp=['M3_2016'],
pcidss=[], hipaa=[], cwe=['CWE_749'], mstg=['MSTG_6_6'], masvs=['MASVS_6_2'], owaspmobile2024=['M5_2024'],
asvs=[], gdpr=['gdpr_25', 'gdpr_32'], computed_risk=0, overridden_risk=None)]


Note the ``vulnerability_id`` for ``Analysis(id=235)``. To get details about this vulnerability:
Expand Down Expand Up @@ -432,7 +360,7 @@ __

Download Report Data from URL
------------------------------
Returns full HTTP response body from a given absolute URL
Returns full HTTP response body from a given absolute URL

.. code-block:: python

Expand All @@ -459,7 +387,7 @@ Complete Reference
:maxdepth: 2

client

mapper

--
Expand Down
2 changes: 2 additions & 0 deletions docs/genindex.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -341,6 +341,8 @@ <h2 id="O">O</h2>
<li><a href="mapper.html#appknox.mapper.Analysis.owasp">owasp (appknox.mapper.Analysis attribute)</a>
</li>
<li><a href="mapper.html#appknox.mapper.OWASP">OWASP (class in appknox.mapper)</a>
</li>
<li><a href="mapper.html#appknox.mapper.Analysis.owaspmobile2024">owaspmobile2024 (appknox.mapper.Analysis attribute)</a>
</li>
</ul></td>
</tr></table>
Expand Down
98 changes: 13 additions & 85 deletions docs/index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,91 +147,19 @@ <h2>Quickstart<a class="headerlink" href="#quickstart" title="Permalink to this
</pre></div>
</div>
<p><em>Example:</em></p>
<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="gp">&gt;&gt;&gt; </span><span class="n">client</span><span class="o">.</span><span class="n">get_analyses</span><span class="p">(</span><span class="mi">273</span><span class="p">)[:</span><span class="mi">3</span><span class="p">]</span>
<span class="go"> [Analysis(id = 22248, risk = 2, status = 3, cvss_base = 6.6, cvss_vector = &#39;CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H&#39;, cvss_version = 3, cvss_metrics_humanized = [{</span>
<span class="go"> &#39;key&#39;: &#39;Attack Vector&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;Adjacent&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;key&#39;: &#39;Attack Complexity&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;Low&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;key&#39;: &#39;Privileges Required&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;High&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;key&#39;: &#39;User Interaction&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;Required&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;key&#39;: &#39;Scope&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;Unchanged&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;key&#39;: &#39;Confidentiality Impact&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;High&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;key&#39;: &#39;Integrity Impact&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;High&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;key&#39;: &#39;Availability Impact&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;High&#39;</span>
<span class="go"> }],</span>
<span class="go"> findings = [{</span>
<span class="go"> &#39;title&#39;: &#39;ssLA5o60a398i7TM5RkofIA1J&#39;,</span>
<span class="go"> &#39;description&#39;: &#39;MfmnwBwK2HsWqnZMOJoDvWnhIFdVMn&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;title&#39;: &#39;p9TPfBKLqtlExLklJYnifHO72&#39;,</span>
<span class="go"> &#39;description&#39;: &#39;0rppCThV5ybdROVlizmG5ryoWd7S7r&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;title&#39;: &#39;DpqNGv4q8ZhrYgyobSpEuqiq7&#39;,</span>
<span class="go"> &#39;description&#39;: &#39;BmQkMywysefELpWcG1OGYN9N98PdSi&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;title&#39;: &#39;pcqd88I0ZLpRqKYD7lTrbGEEY&#39;,</span>
<span class="go"> &#39;description&#39;: &#39;7PYqk3Gg9J3Zr7nu8PKhv1tHH1NhdA&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;title&#39;: &#39;TGdwRQOaFBQ9J046BRB2DJXn4&#39;,</span>
<span class="go"> &#39;description&#39;: &#39;skEJq90yDVC5y0zmSD09f1rQyK8KNZ&#39;</span>
<span class="go"> }],</span>
<span class="go"> updated_on = &#39;2023-09-13T06:08:18.384903Z&#39;, vulnerability = 1, owasp = [&#39;M1_2016&#39;], pcidss = [&#39;3_2&#39;, &#39;3_3&#39;, &#39;3_4&#39;], hipaa = [&#39;164_312_a_1&#39;], cwe = [&#39;CWE_926&#39;], mstg = [&#39;MSTG_6_3&#39;, &#39;MSTG_6_4&#39;], masvs = [&#39;MASVS_6_1&#39;], asvs = [], gdpr = [&#39;gdpr_25&#39;, &#39;gdpr_32&#39;], computed_risk = 2, overridden_risk = None),</span>
<span class="go"> Analysis(id = 22247, risk = 2, status = 3, cvss_base = 5.7, cvss_vector = &#39;CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:N&#39;, cvss_version = 3, cvss_metrics_humanized = [{</span>
<span class="go"> &#39;key&#39;: &#39;Attack Vector&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;Physical&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;key&#39;: &#39;Attack Complexity&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;Low&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;key&#39;: &#39;Privileges Required&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;High&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;key&#39;: &#39;User Interaction&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;Not Required&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;key&#39;: &#39;Scope&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;Changed&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;key&#39;: &#39;Confidentiality Impact&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;Low&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;key&#39;: &#39;Integrity Impact&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;High&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;key&#39;: &#39;Availability Impact&#39;,</span>
<span class="go"> &#39;value&#39;: &#39;None&#39;</span>
<span class="go"> }],</span>
<span class="go"> findings = [{</span>
<span class="go"> &#39;title&#39;: &#39;y4iutu3KCWb7shg6BsZqu867Y&#39;,</span>
<span class="go"> &#39;description&#39;: &#39;cqB9EcXpGrvQbsrGNMProR3J1cbmxw&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;title&#39;: &#39;kPLH7e9juz1wq2JCBJrVR9fnb&#39;,</span>
<span class="go"> &#39;description&#39;: &#39;2rSLRxGXZbeSZ437l5bzKTTwwSB7il&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;title&#39;: &#39;qUObDBfoIvOSbVgyhQwxBWOY6&#39;,</span>
<span class="go"> &#39;description&#39;: &#39;iHdHrlq0dCA1gxjWyo4wnGZ3flmr70&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;title&#39;: &#39;l1i4LxUXU3PaMv1wsYaN7zzLu&#39;,</span>
<span class="go"> &#39;description&#39;: &#39;5g4ml46nrfndL7M4V43ZbkEXVX0bVn&#39;</span>
<span class="go"> }, {</span>
<span class="go"> &#39;title&#39;: &#39;OgZY2lNjHTPqvNl75bupA3tNH&#39;,</span>
<span class="go"> &#39;description&#39;: &#39;IiwQX1xQDjX5t4W6Y9KyWIrMdeREtw&#39;</span>
<span class="go"> }],</span>
<span class="go"> updated_on = &#39;2023-09-13T06:08:21.540225Z&#39;, vulnerability = 2, owasp = [&#39;M1_2016&#39;], pcidss = [&#39;3_2&#39;, &#39;3_3&#39;, &#39;3_4&#39;], hipaa = [&#39;164_312_a_1&#39;], cwe = [&#39;CWE_926&#39;], mstg = [&#39;MSTG_6_1&#39;], masvs = [&#39;MASVS_6_1&#39;], asvs = [], gdpr = [&#39;gdpr_25&#39;, &#39;gdpr_32&#39;], computed_risk = 2, overridden_risk = None), ]</span>
<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="gp">&gt;&gt;&gt; </span><span class="n">client</span><span class="o">.</span><span class="n">get_analyses</span><span class="p">(</span><span class="mi">1</span><span class="p">)[</span><span class="mi">6</span><span class="p">:</span><span class="mi">9</span><span class="p">]</span>
<span class="go"> [Analysis(id=7, risk=0, status=3, cvss_base=0.0, cvss_vector=&#39;&#39;, cvss_version=3, cvss_metrics_humanized=[],</span>
<span class="go"> findings=[], updated_on=&#39;2024-02-28T09:53:39.292318Z&#39;, vulnerability=7, owasp=[&#39;M3_2016&#39;], pcidss=[&#39;4_1&#39;],</span>
<span class="go"> hipaa=[&#39;164_312_e_1&#39;], cwe=[&#39;CWE_296&#39;], mstg=[&#39;MSTG_3_2&#39;, &#39;MSTG_3_3&#39;, &#39;MSTG_3_3&#39;], masvs=[&#39;MASVS_2_1&#39;],</span>
<span class="go"> owaspmobile2024=[&#39;M5_2024&#39;], asvs=[], gdpr=[&#39;gdpr_25&#39;, &#39;gdpr_32&#39;], computed_risk=0, overridden_risk=None),</span>
<span class="go"> Analysis(id=8, risk=0, status=3, cvss_base=0.0, cvss_vector=&#39;&#39;, cvss_version=3, cvss_metrics_humanized=[],</span>
<span class="go"> findings=[], updated_on=&#39;2024-02-28T09:53:52.471037Z&#39;, vulnerability=8, owasp=[&#39;M3_2016&#39;], pcidss=[&#39;4_1&#39;],</span>
<span class="go"> hipaa=[&#39;164_312_e_1&#39;], cwe=[&#39;CWE_297&#39;], mstg=[&#39;MSTG_5_3&#39;], masvs=[&#39;MASVS_5_1&#39;], owaspmobile2024=[&#39;M5_2024&#39;],</span>
<span class="go"> asvs=[], gdpr=[&#39;gdpr_25&#39;, &#39;gdpr_32&#39;], computed_risk=0, overridden_risk=None),</span>
<span class="go"> Analysis(id=9, risk=0, status=3, cvss_base=0.0, cvss_vector=&#39;&#39;, cvss_version=3, cvss_metrics_humanized=[],</span>
<span class="go"> findings=[], updated_on=&#39;2024-02-28T09:54:06.240677Z&#39;, vulnerability=9, owasp=[&#39;M3_2016&#39;],</span>
<span class="go"> pcidss=[], hipaa=[], cwe=[&#39;CWE_749&#39;], mstg=[&#39;MSTG_6_6&#39;], masvs=[&#39;MASVS_6_2&#39;], owaspmobile2024=[&#39;M5_2024&#39;],</span>
<span class="go"> asvs=[], gdpr=[&#39;gdpr_25&#39;, &#39;gdpr_32&#39;], computed_risk=0, overridden_risk=None)]</span>
</pre></div>
</div>
<p>Note the <code class="docutils literal notranslate"><span class="pre">vulnerability_id</span></code> for <code class="docutils literal notranslate"><span class="pre">Analysis(id=235)</span></code>. To get details about this vulnerability:</p>
Expand Down
Loading