Python 3.13 Support (#2546)

* Python Support updated to 3.12-3.13
* Bump mitmproxy
* Bump httptools
* Remove pinned xmlsec, lxml
* Android Permission Update
* Updates Signatures

Author: ajinabraham

.dockerignore

@@ -6,6 +6,7 @@
 .sonarcloud.properties
 .pyup.yml
 .python-version
+.venv
 tox.ini
 mobsf/db.sqlite3
 Dockerfile

.github/workflows/mobsf-test.yml

@@ -15,7 +15,7 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu-22.04, macos-latest, windows-latest]
-        python-version: ['3.12']
+        python-version: ['3.12', '3.13']
 
     runs-on: ${{ matrix.os }}
     steps:

.gitignore

@@ -9,6 +9,7 @@ __pycache__/
 
 # Distribution / packaging
 .Python
+.venv/
 venv/
 env/
 build/

.sonarcloud.properties

@@ -1,4 +1,4 @@
 sonar.sources=.
 sonar.exclusions=mobsf/static/**/*,mobsf/templates/**/*
 sonar.sourceEncoding=UTF-8
-sonar.python.version=3.10, 3.11, 3.12
+sonar.python.version=3.12, 3.13

Dockerfile

@@ -1,5 +1,5 @@
 # Base image
-FROM python:3.12-slim-bookworm
+FROM python:3.13-slim-bookworm
 
 LABEL \
     name="MobSF" \

README.md

@@ -6,7 +6,7 @@ Mobile Security Framework (MobSF) is a security research platform for mobile app
 
 Made with ![Love](https://cloud.githubusercontent.com/assets/4301109/16754758/82e3a63c-4813-11e6-9430-6015d98aeaab.png) in India
 
-[![Docker Pulls](https://img.shields.io/docker/pulls/opensecurity/mobile-security-framework-mobsf?style=social)](https://hub.docker.com/r/opensecurity/mobile-security-framework-mobsf/) [![python](https://img.shields.io/badge/python-3.10+-blue.svg?logo=python&labelColor=yellow)](https://www.python.org/downloads/)
+[![Docker Pulls](https://img.shields.io/docker/pulls/opensecurity/mobile-security-framework-mobsf?style=social)](https://hub.docker.com/r/opensecurity/mobile-security-framework-mobsf/) [![python](https://img.shields.io/badge/python-3.12+-blue.svg?logo=python&labelColor=yellow)](https://www.python.org/downloads/)
 [![PyPI version](https://badge.fury.io/py/mobsf.svg)](https://badge.fury.io/py/mobsf)
 [![platform](https://img.shields.io/badge/platform-osx%2Flinux%2Fwindows-green.svg)](https://github.com/MobSF/Mobile-Security-Framework-MobSF/)
 [![License](https://img.shields.io/:license-GPL--3.0--only-blue.svg)](https://www.gnu.org/licenses/gpl-3.0.html)

mobsf/MobSF/init.py

@@ -18,7 +18,7 @@
 
 logger = logging.getLogger(__name__)
 
-VERSION = '4.4.1'
+VERSION = '4.4.2'
 BANNER = r"""
   __  __       _    ____  _____       _  _   _  _   
  |  \/  | ___ | |__/ ___||  ___|_   _| || | | || |  

mobsf/MobSF/utils.py

@@ -132,6 +132,8 @@ def print_version():
         dst_str = f' ({dist}) '
     env_str = f'OS Environment: {os}{dst_str}{pltfm}'
     logger.info(env_str)
+    python_version = sys.version.split(' ')[0]
+    logger.info('Python Version: %s', python_version)
     cores, threads, ram = get_system_resources()
     logger.info('CPU Cores: %s, Threads: %s, RAM: %.2f GB', cores, threads, ram)
     find_java_binary()

mobsf/StaticAnalyzer/views/android/kb/dvm_permissions.py

@@ -396,6 +396,22 @@
         'READ_DROPBOX_DATA': ['normal', 'Allows an application to access data stored in Dropbox, intended exclusively for use by system-level or first-party applications, and not available for third-party applications.', 'Allows an application to access the data in Dropbox. Not for use by third-party applications.'],
         'SET_BIOMETRIC_DIALOG_ADVANCED': ['normal', 'Allows an application to customize BiometricDialog features, including logo and content view. Restricted to system use only.', 'Allows an application to set the advanced features on BiometricDialog (SystemUI), including logo, logo description, and content view with more options button. Not for use by third-party applications.'],
         'ACCESS_ORIENTATION': ['normal', 'Allows an application to access the device\'s orientation.', 'Allows an application to access the device\'s orientation.'],
+        'ACCESS_LAUNCHER_DATA': ['normal', 'Manage home screen metadata and shortcuts', 'This permission protects a content provider within home/launcher applications, enabling management of home screen metadata such as shortcut placement, launch intents, and labels.'],
+        'APPLY_PICTURE_PROFILE': ['normal', 'Apply media quality profiles to video layers', 'Allows an app to apply a ERROR(/MediaQualityManager.PictureProfile) to a layer via ERROR(/MediaCodec.PARAMETER_KEY_PICTURE_PROFILE) and, additionally, system apps via ERROR(/SurfaceControl.Transaction#setPictureProfileHandle) .'],
+        'BIND_TV_AD_SERVICE': ['signature', 'Bind to TV advertising services', 'Must be required by a android.media.tv.ad.TvAdService to ensure that only the system can bind to it.'],
+        'CAPTURE_KEYBOARD': ['normal', 'Capture keyboard input before system processing', 'Allows an application to be able to capture keys before Android system get chance to process system keys and shortcuts.'],
+        'EXECUTE_APP_FUNCTIONS': ['normal', 'Execute functions on behalf of users', 'Allows an application to perform actions on behalf of users inside of applications.'],
+        'MANAGE_DEVICE_POLICY_APP_FUNCTIONS': ['internal', 'Manage app function policies', 'Allows an application to manage policy related to AppFunctions.'],
+        'MANAGE_DEVICE_POLICY_THREAD_NETWORK': ['internal', 'Manage Thread network policies', 'Allows an application to set policy related to Thread network.'],
+        'POST_PROMOTED_NOTIFICATIONS': ['normal', 'Post promoted notifications', 'Required for apps to post promoted notifications.'],
+        'QUERY_ADVANCED_PROTECTION_MODE': ['normal', 'Query advanced protection mode status', "Allows an application to query the device's advanced protection mode status."],
+        'RANGING': ['dangerous', 'Range to nearby devices', 'Required to be able to range to devices using generic ranging module.'],
+        'READ_COLOR_ZONES': ['normal', 'Read screen color zones for ambient lighting', 'Allows an application to read the aggregated color zones on the screen for use cases like TV ambient backlight usages.'],
+        'READ_SYSTEM_PREFERENCES': ['normal', 'Read system settings and preferences', 'Allows an application to access the Settings Preference services to read settings exposed by the system Settings app and system apps that contribute settings surfaced by the Settings app. This allows the calling application to read settings values through the host application, agnostic of underlying storage.'],
+        'RECEIVE_SENSITIVE_NOTIFICATIONS': ['signature', 'Receive sensitive notification content', 'Allows apps with a NotificationListenerService to receive notifications with sensitive information'],
+        'REQUEST_OBSERVE_DEVICE_UUID_PRESENCE': ['normal', 'Observe nearby device presence by UUID', "Allows an application to subscribe to notifications about the nearby devices' presence status change base on the UUIDs. Not for use by third-party applications."],
+        'TV_IMPLICIT_ENTER_PIP': ['normal', 'Enter Picture-in-Picture mode implicitly', 'Allows an app to enter Picture-in-Picture mode when the user is not explicitly requesting it. This includes using ERROR(/PictureInPictureParams.Builder#setAutoEnterEnabled) as well as lifecycle methods such as ERROR(/Activity#onUserLeaveHint) and ERROR(/Activity#onPause) to enter PiP when the user leaves the app. This permission should only be used for certain PiP usage types .'],
+        'WRITE_SYSTEM_PREFERENCES': ['normal', 'Write system settings and preferences', 'Allows an application to access the Settings Preference services to write settings values exposed by the system Settings app and system apps that contribute settings surfaced in the Settings app. This allows the calling application to write settings values through the host application, agnostic of underlying storage.'],
     },
 
     'SPECIAL_PERMISSIONS': {