-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
91 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| --- | ||
| title: Position Independent Code (PIC) not enabled | ||
| platform: ios | ||
| id: MASTG-TEST-0x87-1 | ||
| type: [static] | ||
| weakness: MASWE-0116 | ||
| --- | ||
|
|
||
| ## Overview | ||
|
|
||
| [PIE (Position Independent Executables)](../../../Document/0x04h-Testing-Code-Quality/#position-independent-code) are designed to enhance security by allowing executables to be loaded at random memory addresses, mitigating certain types of attacks. In the context Mach-O file format of iOS applications, PIE is applicable to executables with the `MH_EXECUTE` file type, which essentially means the main binary of the application. | ||
|
|
||
| Conversely, shared libraries with the `MH_DYLIB` file type (dylibs and frameworks) are inherently position-independent and do not utilize the `MH_PIE` flag. | ||
|
|
||
| This test case checks if the main executable is compiled without PIE. | ||
|
|
||
| ## Steps | ||
|
|
||
| 1. Extract the application. | ||
| 2. Run @MASTG-TECH-0115 on the main binary (`App.app/YourApp`) and grep for "pic" or the corresponding keyword used by the selected tool. | ||
|
|
||
| ## Observation | ||
|
|
||
| The output should list if PIC is enabled or disabled. | ||
|
|
||
| ## Evaluation | ||
|
|
||
| The test case fails if PIC is disabled. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| --- | ||
| title: Stack Canaries not enabled | ||
| platform: ios | ||
| id: MASTG-TEST-0x87-2 | ||
| type: [static] | ||
| weakness: MASWE-0116 | ||
| --- | ||
|
|
||
| ## Overview | ||
|
|
||
| This test case checks if the main binary or any libraries of the app are compiled without stack canaries and therefore lack [stack smashing protection](../../../Document/0x06i-Testing-Code-Quality-and-Build-Settings/#binary-protection-mechanisms), a common mitigation technique against buffer overflow attacks. | ||
|
|
||
| This test applies to all binaries and libraries, but is especially important for non-memory safe code like Objective-C or C/C++. | ||
|
|
||
| ## Steps | ||
|
|
||
| 1. Extract the application. | ||
| 2. Run @MASTG-TECH-0113 on the main binary (`App.app/YourApp`) and each shared library (e.g., stored in the Frameworks folder) | ||
| 3. If the output contains the symbol `__stack_chk_fail` it indicates stack canaries are enabled. | ||
|
|
||
| ## Observation | ||
|
|
||
| The output should list of symbols of the main binary and each shared library. | ||
|
|
||
| ## Evaluation | ||
|
|
||
| The test case fails any binary or library is not purely Swift but does not contain methods indicating stack canaries like `objc_autorelease` or `objc_retainAutorelease`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| --- | ||
| title: Automatic Reference Counting (ARC) not enabled | ||
| platform: ios | ||
| id: MASTG-TEST-0x87-3 | ||
| type: [static] | ||
| weakness: MASWE-0116 | ||
| --- | ||
|
|
||
| ## Overview | ||
|
|
||
| [ARC (Automatic Reference Counting)](../../../Document/0x04h-Testing-Code-Quality/#automatic-reference-counting) is a memory management feature of the compiler for the Objective-C and Swift code. | ||
|
|
||
| The main binary and all libraries should have ARC enabled if they contain Objective-C or Swift code. | ||
| - For libraries written purely in Swift, ARC is enabled by default. | ||
| - For libraries containing Objective-C code, it can be enabled via the `-fobjc-arc` of clang. | ||
|
|
||
| For libraries written purely in C/C++, ARC is not available. | ||
|
|
||
| Once ARC is enabled, symbols such as `objc_autorelease` or `objc_retainAutorelease` will be present in the binaries. | ||
|
|
||
| This test case checks if ARC is enabled. | ||
|
|
||
| ## Steps | ||
|
|
||
| 1. Extract the application. | ||
| 2. Run @MASTG-TECH-0113 on the main binary (`App.app/YourApp`) and each shared library (e.g., stored in the Frameworks folder) | ||
| 3. If the output contains symbols indicating the usage of Objective-C (e.g., `__objc_data...`) or symbols indicating the usage of Swift (e.g., `_swift_allocObject`), check if the symbols `objc_autorelease` or `objc_retainAutorelease` exist in the app. | ||
|
|
||
| ## Observation | ||
|
|
||
| The output should list of symbols of the main binary and each shared library. | ||
|
|
||
| ## Evaluation | ||
|
|
||
| The test case fails any binary or library is not purely C/C++ but does not contain methods indicating ARC is present like `objc_autorelease` or `objc_retainAutorelease`. |