[BUG] Debug symbols stripped false positive

[didix21]

ENVIRONMENT

OS and Version: macOS Sequoia 15.3.1
Python Version: 3.12.9
MobSF Version: v4.3.0

EXPLANATION OF THE ISSUE

When running a static analysis using the Docker container (as recommended in the documentation), MobSF is reporting false positives for checking if debug symbols are stripped from binaries and dynamic libraries. Upon inspecting the source code at:

Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/common/binary/macho.py

Line 22 in ae34f7c

# Works only on MacOS

, the comment indicates that the check is intended for MacOS only. It is unclear whether this OS-specific behavior is clearly documented, and if not, it might be worth adding a note in the documentation.

Additionally, if the analyzed framework contains a symbol like:

also reports a false positive. It appears that the code attempts to handle this scenario in a try-catch block (see

Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/common/binary/macho.py

Line 278 in ae34f7c

stripped_sym = 'radr://5614542'

), but only in cases where an exception is thrown. Is this the expected behavior?

This can be reproduced in master also.

P.D: This issue is related to this: #1917 (comment).

[github-actions]

👋 @didix21
Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.