-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mobsfscan report files parsing fix #11278
Conversation
DryRun Security SummaryThe pull request includes various updates and improvements to the application security-related functionality of the project, including configuration file updates, new security findings, and enhancements to the MobSF security scanner parser and its test suite. Expand for full summarySummary: The code changes in this pull request cover various updates and improvements to the application security-related functionality of the project. The changes include:
Overall, these changes appear to be focused on improving the security-related functionality and testing capabilities of the project. From an application security engineer's perspective, the changes seem reasonable and do not introduce any obvious security concerns. However, it's important to review the changes carefully, especially those related to configuration updates and the handling of sensitive information, to ensure that the application's security posture is not compromised. Files Changed:
Code AnalysisWe ran Riskiness🟢 Risk threshold not exceeded. |
Description
In mobsfscan reports each result can contain a list of files:
In previous parser logic in finding stores only last file, and do not stores snippet.
In new logic finding added for each file and snippet added to description.
Also file and description added to hash fields in settings (God help me dial with sha256)
Test results
Fixed tests for many findings case.