March 25 QA (#2504)

* Dependency bump
* Strict firebaseio domain check
* Fix frida server download proxy SSL verify config
* Fix CI build on mac

Author: ajinabraham

.github/workflows/mobsf-test.yml

@@ -47,7 +47,9 @@ jobs:
     - name: Install macOS Dependencies
       if: startsWith(matrix.os, 'macOS')
       run: |
-        brew install --cask wkhtmltopdf
+        export WKHTML_URL=https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-2/
+        export WKHTML_PKG=wkhtmltox-0.12.6-2.macos-cocoa.pkg
+        curl -L ${WKHTML_URL}${WKHTML_PKG} -O && sudo installer -pkg ${WKHTML_PKG} -target ~ && rm -rf ${WKHTML_PKG}
 
     - name: Install Windows Dependencies
       if: startsWith(matrix.os, 'windows')

mobsf/DynamicAnalyzer/views/android/frida_server_download.py

@@ -30,7 +30,7 @@ def clean_up_old_binaries(dirc, version):
                 pass
 
 
-def download_frida_server(url, version, fname, proxies):
+def download_frida_server(url, version, fname, proxies, verify):
     """Download frida-server-binary."""
     try:
         download_dir = Path(settings.DWD_DIR)
@@ -40,6 +40,7 @@ def download_frida_server(url, version, fname, proxies):
                 url,
                 timeout=5,
                 proxies=proxies,
+                verify=verify,
                 stream=True) as r:
             with LZMAFile(r.raw) as f:
                 with open(dwd_loc, 'wb') as flip:
@@ -72,7 +73,7 @@ def update_frida_server(arch, version):
         for item in response.json()['assets']:
             if item['name'] == f'{fserver}.xz':
                 url = item['browser_download_url']
-                return download_frida_server(url, version, fserver, proxies)
+                return download_frida_server(url, version, fserver, proxies, verify)
         return False
     except Exception:
         logger.exception('[ERROR] Fetching Frida Server Release')

mobsf/StaticAnalyzer/views/common/firebase.py

@@ -85,7 +85,7 @@ def open_firebase(checksum, url):
             logger.warning(invalid)
             return url, False
         purl = urlparse(url)
-        if not purl.netloc.endswith('firebaseio.com'):
+        if not purl.netloc.endswith('.firebaseio.com'):
             logger.warning(invalid)
             return url, False
         base_url = f'{purl.scheme}://{purl.netloc}/.json'
@@ -116,7 +116,7 @@ def firebase_db_check(checksum, code_an_dic):
     try:
         urls = list(set(code_an_dic['urls_list']))
         for url in urls:
-            if 'firebaseio.com' not in url:
+            if '.firebaseio.com' not in url:
                 continue
             returl, is_open = open_firebase(checksum, url)
             if is_open: