Comments (7)
Hello @robwillup, thank you very much for reporting, we are currently working on improvements for the ruleset and the way insider analyzes, meanwhile, we have the enterprise version with 2 free analysis if want to check it out: https://console.insidersec.io/en/register.
from insider.
Great!! @robwillup
I think that with theses tests we are ready to publish. Thank very much for your help and patience.
from insider.
Hi @robwillup , sorry for delay, but what version are you running of insider? I tested here with latest 2.0.5, and found some vulnerabilities:
>>> insider -tech ios -target iGoat-Swift/
[INSIDER]: 2020/12/15 11:39:29 Starting analysis for iOS app #
[INSIDER]: 2020/12/15 11:39:29 Starting iOS Source code analysis
[INSIDER]: 2020/12/15 11:39:29 Extracting libraries
[INSIDER]: 2020/12/15 11:39:30 Removing: [] from file list from ios tech
[INSIDER]: 2020/12/15 11:39:30 Removing: [pods] from file list from ios tech
[INSIDER]: 2020/12/15 11:39:30 Found 278 files to analyze.
[INSIDER]: 2020/12/15 11:39:30 loading core rules
[INSIDER]: 2020/12/15 11:39:30 Rules 8
[INSIDER]: 2020/12/15 11:39:30 loading IOS rules
[INSIDER]: 2020/12/15 11:39:30 Rules 25
[INSIDER]: 2020/12/15 11:39:30 Rules 25
[INSIDER]: 2020/12/15 11:39:30 Starting extracting hardcoded information
[INSIDER]: 2020/12/15 11:39:59 Finished hardcoded information extraction
[INSIDER]: 2020/12/15 11:44:56 Scanned 81069 lines
[INSIDER]: 2020/12/15 11:44:56 Finished code analysis
[INSIDER]: 2020/12/15 11:44:56 Json Report /home/matheus/dev/github/insidersec/insider/report-20201215114456.json
[INSIDER]: 2020/12/15 11:44:56 Json Report 428.4 kB bytes written successfully
[INSIDER]: 2020/12/15 11:44:56 Html Report /home/matheus/dev/github/insidersec/insider/report-20201215114456.html
[INSIDER]: 2020/12/15 11:44:56 Html Report 805.5 kB bytes written successfully
[INSIDER]: 2020/12/15 11:44:57 Found 682 warnings
[INSIDER]: 2020/12/15 11:44:57 -----------------------------------------------
[INSIDER]: 2020/12/15 11:44:57 Score Security 12/100
[INSIDER]: 2020/12/15 11:44:57 Vulnerability Number
[INSIDER]: 2020/12/15 11:44:57 High 10
[INSIDER]: 2020/12/15 11:44:57 Medium 660
[INSIDER]: 2020/12/15 11:44:57 Low 12
[INSIDER]: 2020/12/15 11:44:57 Total 682
[INSIDER]: 2020/12/15 11:44:57 -----------------------------------------------------------------------------------------------------------------------
[INSIDER]: 2020/12/15 11:44:57 You are using the Insider open source version. If you like the product and want more features,
[INSIDER]: 2020/12/15 11:44:57 visit http://insidersec.io and get to know our enterprise version.
[INSIDER]: 2020/12/15 11:44:57 If you are a developer, then you can contribute to the improvement of the software while using an open source version
[INSIDER]: 2020/12/15 11:44:57 -----------------------------------------------------------------------------------------------------------------------
[INSIDER]: 2020/12/15 11:44:57 Finished analysis for iOS app #
from insider.
Hi @msAlcantara,
Thank you for the reply!
When I opened the issue I think I was running version 2.0.4
.
However, today I downloaded the 2.0.5
version and got an error when trying to run it against iGoat-Swift
on Windows 10. I'll add the error below. I also tried to run it in a macOS agent, there was no error, but I noticed that it found 0 files to analyze. I'm curious as to why it is not finding the .swift
files.
Windows 10:
$ ./insider.exe -tech ios -target iGoat-Swift/ -no-banner -no-html -no-json -v
[INSIDER]: 2020/12/15 13:41:24 Starting analysis for iOS app #
[INSIDER]: 2020/12/15 13:41:24 Starting iOS Source code analysis
[INSIDER]: 2020/12/15 13:41:24 Extracting libraries
[INSIDER]: 2020/12/15 13:41:25 Removing: [ ] from file list from ios tech
[INSIDER]: 2020/12/15 13:41:25 Removing: [pods] from file list from ios tech
[INSIDER]: 2020/12/15 13:41:25 Found 0 files to analyze.
[INSIDER]: 2020/12/15 13:41:25 loading core rules
[INSIDER]: 2020/12/15 13:41:25 Rules 8
[INSIDER]: 2020/12/15 13:41:25 loading IOS rules
[INSIDER]: 2020/12/15 13:41:25 Rules 25
[INSIDER]: 2020/12/15 13:41:25 Rules 25
[INSIDER]: 2020/12/15 13:41:25 Starting extracting hardcoded information
panic: runtime error: index out of range [1] with length 1
goroutine 1 [running]:
insider/visitor.NewInputFile(0xc0000a00e0, 0xc, 0xc00038e340, 0x34, 0xc00010e000, 0x178, 0x378, 0x0, 0x0, 0x0, ...)
/home/runner/work/insider/insider/visitor/file.go:237 +0x708
insider/visitor.FindFiles.func1(0xc00038e340, 0x34, 0xba8600, 0xc000499420, 0x0, 0x0, 0x34, 0x0)
/home/runner/work/insider/insider/visitor/reader.go:146 +0x332
path/filepath.walk(0xc00038e340, 0x34, 0xba8600, 0xc000499420, 0xc000440fa8, 0x0, 0x0)
/opt/hostedtoolcache/go/1.14.4/x64/src/path/filepath/path.go:360 +0x42c
path/filepath.walk(0xc00049ac40, 0x17, 0xba8600, 0xc0004991f0, 0xc000440fa8, 0x0, 0x0)
/opt/hostedtoolcache/go/1.14.4/x64/src/path/filepath/path.go:384 +0x306
path/filepath.walk(0xc0000a00e0, 0xc, 0xba8600, 0xc00026df80, 0xc000440fa8, 0x0, 0x0)
/opt/hostedtoolcache/go/1.14.4/x64/src/path/filepath/path.go:384 +0x306
path/filepath.Walk(0xc0000a00e0, 0xc, 0xc000440fa8, 0xefe4c0, 0x1)
/opt/hostedtoolcache/go/1.14.4/x64/src/path/filepath/path.go:406 +0x106
insider/visitor.FindFiles(0xc0000a00e0, 0xc, 0x4cd200, 0x9ff0a8, 0x0, 0x49000cc500, 0xc0004410b0, 0x4d0ef4, 0xc0000cc500)
/home/runner/work/insider/insider/visitor/reader.go:116 +0xc2
insider/lib.ExtractHardcodedInfo(0xc0000a00e0, 0xc, 0x0, 0x0, 0xba7b40, 0xc000282780, 0xc, 0x0)
/home/runner/work/insider/insider/lib/analyzer.go:305 +0x68
insider/lib.AnalyzeIOSSource(0xc0000a00e0, 0xc, 0x0, 0x0, 0xc000282780, 0x9af06a, 0x2, 0x0, 0x0)
/home/runner/work/insider/insider/lib/ios.go:197 +0x263
insider/supervisors.RunIOSCodeAnalysis(0x9af482, 0x3, 0xc0000a00a8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
/home/runner/work/insider/insider/supervisors/ios.go:39 +0x83f
main.main()
/home/runner/work/insider/insider/main.go:109 +0xb5c
macOS agent:
[INSIDER]: 2020/12/15 14:22:33 Starting analysis for iOS app #
[INSIDER]: 2020/12/15 14:22:33 Starting iOS Source code analysis
[INSIDER]: 2020/12/15 14:22:33 Extracting libraries
[INSIDER]: 2020/12/15 14:22:33 Removing: [ ] from file list from ios tech
[INSIDER]: 2020/12/15 14:22:33 Removing: [pods] from file list from ios tech
[INSIDER]: 2020/12/15 14:22:33 Found 0 files to analyze.
[INSIDER]: 2020/12/15 14:22:33 loading core rules
[INSIDER]: 2020/12/15 14:22:33 Rules 8
[INSIDER]: 2020/12/15 14:22:33 loading IOS rules
[INSIDER]: 2020/12/15 14:22:33 Rules 25
[INSIDER]: 2020/12/15 14:22:33 Rules 25
[INSIDER]: 2020/12/15 14:22:33 Starting extracting hardcoded information
[INSIDER]: 2020/12/15 14:22:33 Finished hardcoded information extraction
[INSIDER]: 2020/12/15 14:22:33 Scanned 0 lines
[INSIDER]: 2020/12/15 14:22:33 Finished code analysis
[INSIDER]: 2020/12/15 14:22:33 ---------------------------------------------------------------------
[INSIDER]: 2020/12/15 14:22:33 Score Security 100
[INSIDER]: 2020/12/15 14:22:33
[INSIDER]: 2020/12/15 14:22:33
[INSIDER]: 2020/12/15 14:22:33 ---------------------------------------------------------------------
[INSIDER]: 2020/12/15 14:22:33 No Json report
[INSIDER]: 2020/12/15 14:22:33 No Html report
[INSIDER]: 2020/12/15 14:22:33 Found 0 warnings
[INSIDER]: 2020/12/15 14:22:33 -----------------------------------------------
[INSIDER]: 2020/12/15 14:22:33 Score Security 100/100
[INSIDER]: 2020/12/15 14:22:33 Vulnerability Number
[INSIDER]: 2020/12/15 14:22:33 High 0
[INSIDER]: 2020/12/15 14:22:33 Medium 0
[INSIDER]: 2020/12/15 14:22:33 Low 0
[INSIDER]: 2020/12/15 14:22:33 Total 0
[INSIDER]: 2020/12/15 14:22:33 -----------------------------------------------------------------------------------------------------------------------
[INSIDER]: 2020/12/15 14:22:33 You are using the Insider open source version. If you like the product and want more features,
[INSIDER]: 2020/12/15 14:22:33 visit http://insidersec.io and get to know our enterprise version.
[INSIDER]: 2020/12/15 14:22:33 If you are a developer, then you can contribute to the improvement of the software while using an open source version
[INSIDER]: 2020/12/15 14:22:33 -----------------------------------------------------------------------------------------------------------------------
[INSIDER]: 2020/12/15 14:22:33 Finished analysis for iOS app #
Thank you for the help!
from insider.
Thanks for reply @robwillup , I think that this could be related with issue #44. Can you try to build from master and test please? If you have go installed, you can only run go get github.com/insidersec/insider
. We are making some tests to generate next release with theses fixes.
from insider.
Thanks @msAlcantara !
That did it! Running the version built from master worked really well! 👍🏼
Would you have an estimate of when this new version will be released?
Here's part of the output:
...
[INSIDER]: 2020/12/15 14:09:47 ---------------------------------------------------------------------
[INSIDER]: 2020/12/15 14:09:47 No Json report
[INSIDER]: 2020/12/15 14:09:47 No Html report
[INSIDER]: 2020/12/15 14:09:47 Found 694 warnings
[INSIDER]: 2020/12/15 14:09:47 -----------------------------------------------
[INSIDER]: 2020/12/15 14:09:47 Score Security 12/100
[INSIDER]: 2020/12/15 14:09:47 Vulnerability Number
[INSIDER]: 2020/12/15 14:09:47 High 10
[INSIDER]: 2020/12/15 14:09:47 Medium 672
[INSIDER]: 2020/12/15 14:09:47 Low 12
[INSIDER]: 2020/12/15 14:09:47 Total 694
[INSIDER]: 2020/12/15 14:09:47 -----------------------------------------------------------------------------------------------------------------------
...
Thanks!
from insider.
Closing the issue because version 2.0.6 is released
from insider.
Related Issues (20)
- 0 vulnerabilities found in Android library project HOT 4
- NewInputFile throws an unhandled exception, with both javascript and C# HOT 2
- Skip files based on pattern HOT 2
- More information about -exclude HOT 2
- Insider 3.0.0 Hung on macOS when running analysis on JS application HOT 1
- html report is not getting generated HOT 5
- How To Install It On Macbook HOT 1
- README is unclear about how the -security switch works HOT 3
- Add a per-directory config file
- docker version report is stored in the image HOT 2
- Add tool/scan metadata to .json results file
- iOS Code Scan issue
- Option to define custom reports Path and Name
- Severity is blank in the report HOT 1
- SVG path in React component is detected and constants as hard coded credentials HOT 1
- Install from Source Instructions Need Update HOT 1
- Ability to scan from gradle project
- Unable to install Insider CLI software in Windows 10
- insider for ARM based computers HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from insider.