Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] urls should be extracted as case-sensitive #2491

Open
lxj616 opened this issue Feb 13, 2025 · 1 comment
Open

[FEATURE] urls should be extracted as case-sensitive #2491

lxj616 opened this issue Feb 13, 2025 · 1 comment
Assignees
@ajinabraham
Labels
enhancement MobSF enhancements and feature requests

Comments

@lxj616
Copy link

lxj616 commented Feb 13, 2025

If you're requesting a new feature/enhancement, explain why you'd like it to be added and it's importance.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is.

When I was scanning one app, and the urls extracted are all converted to lower case, and when I try to inspect and open it, the url does not work in lower case

To demonstrate the problem:

Tencent Cloud COS are case sensitive ... and does not support turn it off

URLs in general are case-sensitive (with the exception of machine names). There may be URLs, or parts of URLs, where case doesn't matter, but identifying these may not be easy. Users should always consider that URLs are case-sensitive.

Describe the solution you'd like
A clear and concise description of what you want to happen.

https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/ae34f7c055aa64fca58e995b70bc7f19da6ca33a/mobsf/DynamicAnalyzer/views/common/shared.py#L27C5-L27C12

currently urls are extracted lowercase
my suggestion would be NOT to do the lowercase conversion (there could be more something needs to be tweaked)

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Or we could just warn our users that the URLs section is just lowercase converted, if a link can't open, find the original string in decompiled code

Additional context
Add any other context or screenshots about the feature request here.

The app I am scanning and the exact url sensitive link are confidential so I'll just give a stripped example url

https://xxx-xxx-123456.cos.ap-nanjing.myqcloud.com/SomeStringUpperCase.txt

in scan report: https://xxx-xxx-123456.cos.ap-nanjing.myqcloud.com/somestringuppercase.txt which the link can not open
@lxj616 lxj616 added the enhancement MobSF enhancements and feature requests label Feb 13, 2025
@github-actions GitHub Actions
Copy link

👋 @lxj616
Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ajinabraham ajinabraham

Labels
enhancement MobSF enhancements and feature requests
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ajinabraham @lxj616