diff --git a/mobsf/StaticAnalyzer/views/android/code_analysis.py b/mobsf/StaticAnalyzer/views/android/code_analysis.py index 27aa5a0e28..e5bf46e5b5 100755 --- a/mobsf/StaticAnalyzer/views/android/code_analysis.py +++ b/mobsf/StaticAnalyzer/views/android/code_analysis.py @@ -42,7 +42,7 @@ def get_perm_rules(checksum, perm_rules, android_permissions): return None dynamic_rules = [] with perm_rules.open('r') as perm_file: - prules = yaml.load(perm_file, Loader=yaml.FullLoader) + prules = yaml.safe_load(perm_file) for p in prules: if p['id'] in android_permissions.keys(): dynamic_rules.append(p) @@ -183,7 +183,7 @@ def code_analysis(checksum, app_dir, typ, manifest_file, android_permissions): try: content = pfile.read_text('utf-8', 'ignore') # Certain file path cannot be read in windows - except Exception: + except OSError: continue relative_java_path = pfile.as_posix().replace(src, '') urls, urls_nf, emails_nf = url_n_email_extract( diff --git a/mobsf/__main__.py b/mobsf/__main__.py index 6f93abfaa4..5e534e1eec 100644 --- a/mobsf/__main__.py +++ b/mobsf/__main__.py @@ -33,7 +33,8 @@ def main(): try: if not connection.introspection.table_names(): db() - except Exception: + except Exception as exp: + print(f"Database initialization error: {exp}") db() listen = '127.0.0.1:8000' if len(sys.argv) == 2 and sys.argv[1]: diff --git a/mobsf/install/windows/setup.py b/mobsf/install/windows/setup.py index fb64712e8d..982b441d32 100755 --- a/mobsf/install/windows/setup.py +++ b/mobsf/install/windows/setup.py @@ -297,12 +297,10 @@ def generate_secret(): (pubkey, privkey) = rsa.newkeys(2048) # Save private and pub key - priv_key_file = open(CONFIG['MobSF']['priv_key'], 'w') - priv_key_file.write(privkey.save_pkcs1().decode('utf-8')) - priv_key_file.close() - pub_key_file = open(CONFIG['MobSF']['pub_key'], 'w') - pub_key_file.write(pubkey.save_pkcs1().decode('utf-8')) - pub_key_file.close() + with open(CONFIG['MobSF']['priv_key'], 'w') as priv_key_file: + priv_key_file.write(privkey.save_pkcs1().decode('utf-8')) + with open(CONFIG['MobSF']['pub_key'], 'w') as pub_key_file: + pub_key_file.write(pubkey.save_pkcs1().decode('utf-8')) config_path = os.path.join( expanduser('~'), '.MobSF', diff --git a/scripts/update_android_permissions.py b/scripts/update_android_permissions.py index d0e4f77b10..5f58ca40f2 100644 --- a/scripts/update_android_permissions.py +++ b/scripts/update_android_permissions.py @@ -1,5 +1,6 @@ #!/usr/bin/env python3 +import importlib.util import re import requests @@ -45,11 +46,11 @@ description] # check the permissions we currently have in dvm_permissions.py -DVM_PERMISSIONS = {} -eval(compile(open('../mobsf/StaticAnalyzer/views/' - 'android/kb/dvm_permissions.py').read(), - '', - 'exec')) +dvm_permissions_path = '../mobsf/StaticAnalyzer/views/android/kb/dvm_permissions.py' +spec = importlib.util.spec_from_file_location("dvm_permissions", dvm_permissions_path) +dvm_module = importlib.util.module_from_spec(spec) +spec.loader.exec_module(dvm_module) +DVM_PERMISSIONS = dvm_module.DVM_PERMISSIONS MANIFEST_PERMISSIONS = DVM_PERMISSIONS['MANIFEST_PERMISSION'] for permission_name in online_permissions: