DefectDojo
diff --git a/‎docs/content/en/connecting_your_tools/parsers/file/mobsf.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/content/en/connecting_your_tools/parsers/file/mobsf.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/content/en/connecting_your_tools/parsers/file/mobsfscan.md‎
Lines changed: 0 additions & 8 deletions b/‎docs/content/en/connecting_your_tools/parsers/file/mobsfscan.md‎
Lines changed: 0 additions & 8 deletions
diff --git a/‎dojo/tools/mobsf/api_report_json.py‎
Lines changed: 388 additions & 0 deletions b/‎dojo/tools/mobsf/api_report_json.py‎
Lines changed: 388 additions & 0 deletions
diff --git a/‎dojo/tools/mobsf/parser.py‎
Lines changed: 8 additions & 383 deletions b/‎dojo/tools/mobsf/parser.py‎
Lines changed: 8 additions & 383 deletions
diff --git a/‎dojo/tools/mobsfscan/parser.py‎ ‎dojo/tools/mobsf/report.py‎dojo/tools/mobsfscan/parser.py renamed to dojo/tools/mobsf/report.py
Lines changed: 2 additions & 15 deletions b/‎dojo/tools/mobsfscan/parser.py‎ ‎dojo/tools/mobsf/report.py‎dojo/tools/mobsfscan/parser.py renamed to dojo/tools/mobsf/report.py
Lines changed: 2 additions & 15 deletions
diff --git a/‎dojo/tools/mobsfscan/__init__.py‎ b/‎dojo/tools/mobsfscan/__init__.py‎
diff --git a/‎…tests/scans/mobsfscan/many_findings.json‎ ‎unittests/scans/mobsf/many_findings.json‎unittests/scans/mobsfscan/many_findings.json renamed to unittests/scans/mobsf/many_findings.json b/‎…tests/scans/mobsfscan/many_findings.json‎ ‎unittests/scans/mobsf/many_findings.json‎unittests/scans/mobsfscan/many_findings.json renamed to unittests/scans/mobsf/many_findings.json
diff --git a/‎…s/mobsfscan/many_findings_cwe_lower.json‎ ‎…scans/mobsf/many_findings_cwe_lower.json‎unittests/scans/mobsfscan/many_findings_cwe_lower.json renamed to unittests/scans/mobsf/many_findings_cwe_lower.json b/‎…s/mobsfscan/many_findings_cwe_lower.json‎ ‎…scans/mobsf/many_findings_cwe_lower.json‎unittests/scans/mobsfscan/many_findings_cwe_lower.json renamed to unittests/scans/mobsf/many_findings_cwe_lower.json
diff --git a/‎…ittests/scans/mobsfscan/no_findings.json‎ ‎unittests/scans/mobsf/no_findings.json‎unittests/scans/mobsfscan/no_findings.json renamed to unittests/scans/mobsf/no_findings.json b/‎…ittests/scans/mobsfscan/no_findings.json‎ ‎unittests/scans/mobsf/no_findings.json‎unittests/scans/mobsfscan/no_findings.json renamed to unittests/scans/mobsf/no_findings.json
diff --git a/‎unittests/tools/test_mobsf_parser.py‎
Lines changed: 159 additions & 0 deletions b/‎unittests/tools/test_mobsf_parser.py‎
Lines changed: 159 additions & 0 deletions
@@ -2,7 +2,7 @@
 title: "MobSF Scanner"
 toc_hide: true
 ---
-Export a JSON file using the API, api/v1/report\_json.
+Export a JSON file using the API, api/v1/report\_json and import it to Defectdojo or import a JSON report from <https://github.com/MobSF/mobsfscan>
 
 ### Sample Scan Data
 Sample MobSF Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/mobsf).
@@ -1,11 +1,10 @@
 import hashlib
-import json
 import re
 
 from dojo.models import Finding
 
 
-class MobsfscanParser:
+class MobSFjsonreport:
 
     """A class that can be used to parse the mobsfscan (https://github.com/MobSF/mobsfscan) JSON report file."""
 
@@ -15,19 +14,7 @@ class MobsfscanParser:
         "INFO": "Low",
     }
 
-    def get_scan_types(self):
-        return ["Mobsfscan Scan"]
-
-    def get_label_for_scan_types(self, scan_type):
-        return "Mobsfscan Scan"
-
-    def get_description_for_scan_types(self, scan_type):
-        return "Import JSON report for mobsfscan report file."
-
-    def get_findings(self, filename, test):
-        data = json.load(filename)
-        if len(data.get("results")) == 0:
-            return []
+    def get_findings(self, data, test):
         dupes = {}
         for key, item in data.get("results").items():
             metadata = item.get("metadata")
 
@@ -136,3 +136,162 @@ def test_parse_damnvulnrablebank(self):
         findings = parser.get_findings(testfile, test)
         testfile.close()
         self.assertEqual(80, len(findings))
+
+    def test_parse_no_findings(self):
+        with (get_unit_tests_scans_path("mobsf") / "no_findings.json").open(encoding="utf-8") as testfile:
+            parser = MobSFParser()
+            findings = parser.get_findings(testfile, Test())
+            self.assertEqual(0, len(findings))
+
+    def test_parse_many_findings(self):
+        with (get_unit_tests_scans_path("mobsf") / "many_findings.json").open(encoding="utf-8") as testfile:
+            parser = MobSFParser()
+            findings = parser.get_findings(testfile, Test())
+            self.assertEqual(8, len(findings))
+
+            with self.subTest(i=0):
+                finding = findings[0]
+                self.assertEqual("android_certificate_transparency", finding.title)
+                self.assertEqual("Low", finding.severity)
+                self.assertEqual(1, finding.nb_occurences)
+                self.assertIsNotNone(finding.description)
+                self.assertEqual(295, finding.cwe)
+                self.assertIsNotNone(finding.references)
+
+            with self.subTest(i=1):
+                finding = findings[1]
+                self.assertEqual("android_kotlin_hardcoded", finding.title)
+                self.assertEqual("Medium", finding.severity)
+                self.assertEqual(1, finding.nb_occurences)
+                self.assertIsNotNone(finding.description)
+                self.assertEqual(798, finding.cwe)
+                self.assertIsNotNone(finding.references)
+                self.assertEqual("app/src/main/java/com/routes/domain/analytics/event/Signatures.kt", finding.file_path)
+                self.assertEqual(10, finding.line)
+
+            with self.subTest(i=2):
+                finding = findings[2]
+                self.assertEqual("android_kotlin_hardcoded", finding.title)
+                self.assertEqual("Medium", finding.severity)
+                self.assertEqual(1, finding.nb_occurences)
+                self.assertIsNotNone(finding.description)
+                self.assertEqual(798, finding.cwe)
+                self.assertIsNotNone(finding.references)
+                self.assertEqual("app/src/main/java/com/routes/domain/analytics/event/Signatures2.kt", finding.file_path)
+                self.assertEqual(20, finding.line)
+
+            with self.subTest(i=3):
+                finding = findings[3]
+                self.assertEqual("android_prevent_screenshot", finding.title)
+                self.assertEqual("Low", finding.severity)
+                self.assertEqual(1, finding.nb_occurences)
+                self.assertIsNotNone(finding.description)
+                self.assertEqual(200, finding.cwe)
+                self.assertIsNotNone(finding.references)
+
+            with self.subTest(i=4):
+                finding = findings[4]
+                self.assertEqual("android_root_detection", finding.title)
+                self.assertEqual("Low", finding.severity)
+                self.assertEqual(1, finding.nb_occurences)
+                self.assertIsNotNone(finding.description)
+                self.assertEqual(919, finding.cwe)
+                self.assertIsNotNone(finding.references)
+
+            with self.subTest(i=5):
+                finding = findings[5]
+                self.assertEqual("android_safetynet", finding.title)
+                self.assertEqual("Low", finding.severity)
+                self.assertEqual(1, finding.nb_occurences)
+                self.assertIsNotNone(finding.description)
+                self.assertEqual(353, finding.cwe)
+                self.assertIsNotNone(finding.references)
+
+            with self.subTest(i=6):
+                finding = findings[6]
+                self.assertEqual("android_ssl_pinning", finding.title)
+                self.assertEqual("Low", finding.severity)
+                self.assertEqual(1, finding.nb_occurences)
+                self.assertIsNotNone(finding.description)
+                self.assertEqual(295, finding.cwe)
+                self.assertIsNotNone(finding.references)
+
+            with self.subTest(i=7):
+                finding = findings[7]
+                self.assertEqual("android_tapjacking", finding.title)
+                self.assertEqual("Low", finding.severity)
+                self.assertEqual(1, finding.nb_occurences)
+                self.assertIsNotNone(finding.description)
+                self.assertEqual(200, finding.cwe)
+                self.assertIsNotNone(finding.references)
+
+    def test_parse_many_findings_cwe_lower(self):
+        with (get_unit_tests_scans_path("mobsf") / "many_findings_cwe_lower.json").open(encoding="utf-8") as testfile:
+            parser = MobSFParser()
+            findings = parser.get_findings(testfile, Test())
+            self.assertEqual(7, len(findings))
+
+            with self.subTest(i=0):
+                finding = findings[0]
+                self.assertEqual("android_certificate_transparency", finding.title)
+                self.assertEqual("Low", finding.severity)
+                self.assertEqual(1, finding.nb_occurences)
+                self.assertIsNotNone(finding.description)
+                self.assertEqual(295, finding.cwe)
+                self.assertIsNotNone(finding.references)
+
+            with self.subTest(i=1):
+                finding = findings[1]
+                self.assertEqual("android_kotlin_hardcoded", finding.title)
+                self.assertEqual("Medium", finding.severity)
+                self.assertEqual(1, finding.nb_occurences)
+                self.assertIsNotNone(finding.description)
+                self.assertEqual(798, finding.cwe)
+                self.assertIsNotNone(finding.references)
+                self.assertEqual("app/src/main/java/com/routes/domain/analytics/event/Signatures.kt", finding.file_path)
+                self.assertEqual(10, finding.line)
+
+            with self.subTest(i=2):
+                finding = findings[2]
+                self.assertEqual("android_prevent_screenshot", finding.title)
+                self.assertEqual("Low", finding.severity)
+                self.assertEqual(1, finding.nb_occurences)
+                self.assertIsNotNone(finding.description)
+                self.assertEqual(200, finding.cwe)
+                self.assertIsNotNone(finding.references)
+
+            with self.subTest(i=3):
+                finding = findings[3]
+                self.assertEqual("android_root_detection", finding.title)
+                self.assertEqual("Low", finding.severity)
+                self.assertEqual(1, finding.nb_occurences)
+                self.assertIsNotNone(finding.description)
+                self.assertEqual(919, finding.cwe)
+                self.assertIsNotNone(finding.references)
+
+            with self.subTest(i=4):
+                finding = findings[4]
+                self.assertEqual("android_safetynet", finding.title)
+                self.assertEqual("Low", finding.severity)
+                self.assertEqual(1, finding.nb_occurences)
+                self.assertIsNotNone(finding.description)
+                self.assertEqual(353, finding.cwe)
+                self.assertIsNotNone(finding.references)
+
+            with self.subTest(i=5):
+                finding = findings[5]
+                self.assertEqual("android_ssl_pinning", finding.title)
+                self.assertEqual("Low", finding.severity)
+                self.assertEqual(1, finding.nb_occurences)
+                self.assertIsNotNone(finding.description)
+                self.assertEqual(295, finding.cwe)
+                self.assertIsNotNone(finding.references)
+
+            with self.subTest(i=6):
+                finding = findings[6]
+                self.assertEqual("android_tapjacking", finding.title)
+                self.assertEqual("Low", finding.severity)
+                self.assertEqual(1, finding.nb_occurences)
+                self.assertIsNotNone(finding.description)
+                self.assertEqual(200, finding.cwe)
+                self.assertIsNotNone(finding.references)