Describe the bug No vulnerabilities were found when scanning the

Hello <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-ur

Great!! <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

Thanks for reply <a class="user-mention notranslate" data-hovercard-type="user" data-h

Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-u

Closing the issue because version <a href="https://github.com/insidersec/insider/relea

0 vulnerabilities reported for iGoat-Swift about insider HOT 7 CLOSED

insidersec commented on July 18, 2024 1

0 vulnerabilities reported for iGoat-Swift

from insider.

Comments (7)

omatron commented on July 18, 2024 2

Hello @robwillup, thank you very much for reporting, we are currently working on improvements for the ruleset and the way insider analyzes, meanwhile, we have the enterprise version with 2 free analysis if want to check it out: https://console.insidersec.io/en/register.

from insider.

msAlcantara commented on July 18, 2024 1

Great!! @robwillup

I think that with theses tests we are ready to publish. Thank very much for your help and patience.

from insider.

msAlcantara commented on July 18, 2024

Hi @robwillup , sorry for delay, but what version are you running of insider? I tested here with latest 2.0.5, and found some vulnerabilities:

>>> insider -tech ios -target iGoat-Swift/

[INSIDER]: 2020/12/15 11:39:29 Starting analysis for iOS app #
[INSIDER]: 2020/12/15 11:39:29 Starting iOS Source code analysis
[INSIDER]: 2020/12/15 11:39:29 Extracting libraries
[INSIDER]: 2020/12/15 11:39:30 Removing: [] from file list from ios tech
[INSIDER]: 2020/12/15 11:39:30 Removing: [pods] from file list from ios tech
[INSIDER]: 2020/12/15 11:39:30 Found 278 files to analyze.
[INSIDER]: 2020/12/15 11:39:30 loading core rules
[INSIDER]: 2020/12/15 11:39:30 Rules 8
[INSIDER]: 2020/12/15 11:39:30 loading IOS rules
[INSIDER]: 2020/12/15 11:39:30 Rules 25
[INSIDER]: 2020/12/15 11:39:30 Rules 25
[INSIDER]: 2020/12/15 11:39:30 Starting extracting hardcoded information
[INSIDER]: 2020/12/15 11:39:59 Finished hardcoded information extraction
[INSIDER]: 2020/12/15 11:44:56 Scanned 81069 lines
[INSIDER]: 2020/12/15 11:44:56 Finished code analysis
[INSIDER]: 2020/12/15 11:44:56 Json Report /home/matheus/dev/github/insidersec/insider/report-20201215114456.json
[INSIDER]: 2020/12/15 11:44:56 Json Report 428.4 kB bytes written successfully
[INSIDER]: 2020/12/15 11:44:56 Html Report /home/matheus/dev/github/insidersec/insider/report-20201215114456.html
[INSIDER]: 2020/12/15 11:44:56 Html Report 805.5 kB bytes written successfully
[INSIDER]: 2020/12/15 11:44:57 Found 682 warnings
[INSIDER]: 2020/12/15 11:44:57 -----------------------------------------------
[INSIDER]: 2020/12/15 11:44:57 Score Security 12/100
[INSIDER]: 2020/12/15 11:44:57 Vulnerability    Number
[INSIDER]: 2020/12/15 11:44:57 High              10
[INSIDER]: 2020/12/15 11:44:57 Medium           660
[INSIDER]: 2020/12/15 11:44:57 Low               12
[INSIDER]: 2020/12/15 11:44:57 Total            682
[INSIDER]: 2020/12/15 11:44:57 -----------------------------------------------------------------------------------------------------------------------
[INSIDER]: 2020/12/15 11:44:57 You are using the Insider open source version. If you like the product and want more features,
[INSIDER]: 2020/12/15 11:44:57 visit http://insidersec.io and get to know our enterprise version.
[INSIDER]: 2020/12/15 11:44:57 If you are a developer, then you can contribute to the improvement of the software while using an open source version
[INSIDER]: 2020/12/15 11:44:57 -----------------------------------------------------------------------------------------------------------------------
[INSIDER]: 2020/12/15 11:44:57 Finished analysis for iOS app #

from insider.

robwillup commented on July 18, 2024

Hi @msAlcantara,

Thank you for the reply!

When I opened the issue I think I was running version 2.0.4.

However, today I downloaded the 2.0.5 version and got an error when trying to run it against iGoat-Swift on Windows 10. I'll add the error below. I also tried to run it in a macOS agent, there was no error, but I noticed that it found 0 files to analyze. I'm curious as to why it is not finding the .swift files.

Windows 10:

$ ./insider.exe -tech ios -target iGoat-Swift/ -no-banner -no-html -no-json -v
[INSIDER]: 2020/12/15 13:41:24 Starting analysis for iOS app #
[INSIDER]: 2020/12/15 13:41:24 Starting iOS Source code analysis
[INSIDER]: 2020/12/15 13:41:24 Extracting libraries
[INSIDER]: 2020/12/15 13:41:25 Removing: [ ] from file list from ios tech
[INSIDER]: 2020/12/15 13:41:25 Removing: [pods] from file list from ios tech
[INSIDER]: 2020/12/15 13:41:25 Found 0 files to analyze.
[INSIDER]: 2020/12/15 13:41:25 loading core rules
[INSIDER]: 2020/12/15 13:41:25 Rules 8
[INSIDER]: 2020/12/15 13:41:25 loading IOS rules
[INSIDER]: 2020/12/15 13:41:25 Rules 25
[INSIDER]: 2020/12/15 13:41:25 Rules 25
[INSIDER]: 2020/12/15 13:41:25 Starting extracting hardcoded information
panic: runtime error: index out of range [1] with length 1

goroutine 1 [running]:
insider/visitor.NewInputFile(0xc0000a00e0, 0xc, 0xc00038e340, 0x34, 0xc00010e000, 0x178, 0x378, 0x0, 0x0, 0x0, ...)
        /home/runner/work/insider/insider/visitor/file.go:237 +0x708
insider/visitor.FindFiles.func1(0xc00038e340, 0x34, 0xba8600, 0xc000499420, 0x0, 0x0, 0x34, 0x0)
        /home/runner/work/insider/insider/visitor/reader.go:146 +0x332
path/filepath.walk(0xc00038e340, 0x34, 0xba8600, 0xc000499420, 0xc000440fa8, 0x0, 0x0)
        /opt/hostedtoolcache/go/1.14.4/x64/src/path/filepath/path.go:360 +0x42c
path/filepath.walk(0xc00049ac40, 0x17, 0xba8600, 0xc0004991f0, 0xc000440fa8, 0x0, 0x0)
        /opt/hostedtoolcache/go/1.14.4/x64/src/path/filepath/path.go:384 +0x306
path/filepath.walk(0xc0000a00e0, 0xc, 0xba8600, 0xc00026df80, 0xc000440fa8, 0x0, 0x0)
        /opt/hostedtoolcache/go/1.14.4/x64/src/path/filepath/path.go:384 +0x306
path/filepath.Walk(0xc0000a00e0, 0xc, 0xc000440fa8, 0xefe4c0, 0x1)
        /opt/hostedtoolcache/go/1.14.4/x64/src/path/filepath/path.go:406 +0x106
insider/visitor.FindFiles(0xc0000a00e0, 0xc, 0x4cd200, 0x9ff0a8, 0x0, 0x49000cc500, 0xc0004410b0, 0x4d0ef4, 0xc0000cc500)
        /home/runner/work/insider/insider/visitor/reader.go:116 +0xc2
insider/lib.ExtractHardcodedInfo(0xc0000a00e0, 0xc, 0x0, 0x0, 0xba7b40, 0xc000282780, 0xc, 0x0)
        /home/runner/work/insider/insider/lib/analyzer.go:305 +0x68
insider/lib.AnalyzeIOSSource(0xc0000a00e0, 0xc, 0x0, 0x0, 0xc000282780, 0x9af06a, 0x2, 0x0, 0x0)
        /home/runner/work/insider/insider/lib/ios.go:197 +0x263
insider/supervisors.RunIOSCodeAnalysis(0x9af482, 0x3, 0xc0000a00a8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
        /home/runner/work/insider/insider/supervisors/ios.go:39 +0x83f
main.main()
        /home/runner/work/insider/insider/main.go:109 +0xb5c

macOS agent:

[INSIDER]: 2020/12/15 14:22:33 Starting analysis for iOS app #
[INSIDER]: 2020/12/15 14:22:33 Starting iOS Source code analysis
[INSIDER]: 2020/12/15 14:22:33 Extracting libraries
[INSIDER]: 2020/12/15 14:22:33 Removing: [ ] from file list from ios tech
[INSIDER]: 2020/12/15 14:22:33 Removing: [pods] from file list from ios tech
[INSIDER]: 2020/12/15 14:22:33 Found 0 files to analyze.
[INSIDER]: 2020/12/15 14:22:33 loading core rules
[INSIDER]: 2020/12/15 14:22:33 Rules 8
[INSIDER]: 2020/12/15 14:22:33 loading IOS rules
[INSIDER]: 2020/12/15 14:22:33 Rules 25
[INSIDER]: 2020/12/15 14:22:33 Rules 25
[INSIDER]: 2020/12/15 14:22:33 Starting extracting hardcoded information
[INSIDER]: 2020/12/15 14:22:33 Finished hardcoded information extraction
[INSIDER]: 2020/12/15 14:22:33 Scanned 0 lines
[INSIDER]: 2020/12/15 14:22:33 Finished code analysis
[INSIDER]: 2020/12/15 14:22:33 ---------------------------------------------------------------------
[INSIDER]: 2020/12/15 14:22:33 Score Security 100

[INSIDER]: 2020/12/15 14:22:33  
[INSIDER]: 2020/12/15 14:22:33  
[INSIDER]: 2020/12/15 14:22:33 ---------------------------------------------------------------------
[INSIDER]: 2020/12/15 14:22:33 No Json report
[INSIDER]: 2020/12/15 14:22:33 No Html report
[INSIDER]: 2020/12/15 14:22:33 Found 0 warnings
[INSIDER]: 2020/12/15 14:22:33 -----------------------------------------------
[INSIDER]: 2020/12/15 14:22:33 Score Security 100/100
[INSIDER]: 2020/12/15 14:22:33 Vulnerability	Number
[INSIDER]: 2020/12/15 14:22:33 High		  0 
[INSIDER]: 2020/12/15 14:22:33 Medium		  0 
[INSIDER]: 2020/12/15 14:22:33 Low		  0 
[INSIDER]: 2020/12/15 14:22:33 Total		  0 
[INSIDER]: 2020/12/15 14:22:33 -----------------------------------------------------------------------------------------------------------------------
[INSIDER]: 2020/12/15 14:22:33 You are using the Insider open source version. If you like the product and want more features,
[INSIDER]: 2020/12/15 14:22:33 visit http://insidersec.io and get to know our enterprise version.
[INSIDER]: 2020/12/15 14:22:33 If you are a developer, then you can contribute to the improvement of the software while using an open source version
[INSIDER]: 2020/12/15 14:22:33 -----------------------------------------------------------------------------------------------------------------------
[INSIDER]: 2020/12/15 14:22:33 Finished analysis for iOS app #

Thank you for the help!

from insider.

msAlcantara commented on July 18, 2024

Thanks for reply @robwillup , I think that this could be related with issue #44. Can you try to build from master and test please? If you have go installed, you can only run go get github.com/insidersec/insider. We are making some tests to generate next release with theses fixes.

from insider.

robwillup commented on July 18, 2024

Thanks @msAlcantara !

That did it! Running the version built from master worked really well! 👍🏼

Would you have an estimate of when this new version will be released?

Here's part of the output:

...
[INSIDER]: 2020/12/15 14:09:47 ---------------------------------------------------------------------
[INSIDER]: 2020/12/15 14:09:47 No Json report
[INSIDER]: 2020/12/15 14:09:47 No Html report
[INSIDER]: 2020/12/15 14:09:47 Found 694 warnings
[INSIDER]: 2020/12/15 14:09:47 -----------------------------------------------
[INSIDER]: 2020/12/15 14:09:47 Score Security 12/100
[INSIDER]: 2020/12/15 14:09:47 Vulnerability    Number
[INSIDER]: 2020/12/15 14:09:47 High              10
[INSIDER]: 2020/12/15 14:09:47 Medium           672
[INSIDER]: 2020/12/15 14:09:47 Low               12
[INSIDER]: 2020/12/15 14:09:47 Total            694
[INSIDER]: 2020/12/15 14:09:47 -----------------------------------------------------------------------------------------------------------------------
...

Thanks!

from insider.

msAlcantara commented on July 18, 2024

Closing the issue because version 2.0.6 is released

from insider.

0 vulnerabilities reported for iGoat-Swift about insider HOT 7 CLOSED

Comments (7)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent