fix: make MobSFScanner import conditional for ARM64 compatibility

- Add try-except block to conditionally import MobSFScanner in modules/android/__init__.py - Allows Android worker to start on ARM64 without MobSF dependencies (aiohttp) - MobSF activity gracefully skips on ARM64 with clear warning message - Remove workflow path detection logic (not needed - workflows receive directories) Platform-aware architecture fully functional on ARM64: - CLI detects ARM64 and selects Dockerfile.arm64 automatically - Worker builds and runs without MobSF on ARM64 - Jadx successfully decompiles APKs (4145 files from BeetleBug.apk) - OpenGrep finds security vulnerabilities (8 issues found) - MobSF gracefully skips with warning on ARM64 - Graceful degradation working as designed Tested with: ff workflow run android_static_analysis test_projects/android_test/ \ --wait --no-interactive apk_path=BeetleBug.apk decompile_apk=true Results: 8 security findings (1 ERROR, 7 WARNINGS)
2026-02-13 07:52:45 +00:00 · 2025-10-24 15:14:06 +02:00
parent c1eee5d164
commit 38bd08a2f1
2 changed files with 33 additions and 4 deletions
--- a/backend/toolbox/modules/android/init.py
+++ b/backend/toolbox/modules/android/init.py
@@ -19,7 +19,13 @@ Modules for Android application security testing:
 # Additional attribution and requirements are provided in the NOTICE file.

 from .jadx_decompiler import JadxDecompiler
-from .mobsf_scanner import MobSFScanner
 from .opengrep_android import OpenGrepAndroid

-__all__ = ["JadxDecompiler", "MobSFScanner", "OpenGrepAndroid"]
+# MobSF is optional (not available on ARM64 platform)
+try:
+    from .mobsf_scanner import MobSFScanner
+    __all__ = ["JadxDecompiler", "MobSFScanner", "OpenGrepAndroid"]
+except ImportError:
+    # MobSF dependencies not available (e.g., ARM64 platform)
+    MobSFScanner = None
+    __all__ = ["JadxDecompiler", "OpenGrepAndroid"]
--- a/backend/toolbox/workflows/android_static_analysis/workflow.py
+++ b/backend/toolbox/workflows/android_static_analysis/workflow.py
@@ -127,8 +127,31 @@ class AndroidStaticAnalysisWorkflow:
        )
        workflow.logger.info(f"✓ Target downloaded to: {workspace_path}")

-        # Determine APK path (default to first .apk file if not specified)
-        actual_apk_path = apk_path if apk_path else None
+        # Handle case where workspace_path is a file (single APK upload)
+        # vs. a directory containing files
+        from pathlib import Path
+        workspace_path_obj = Path(workspace_path)
+
+        # Determine actual workspace directory and APK path
+        if apk_path:
+            # User explicitly provided apk_path
+            actual_apk_path = apk_path
+            # workspace_path could be either a file or directory
+            # If it's a file and apk_path matches the filename, use parent as workspace
+            if workspace_path_obj.name == apk_path:
+                workspace_path = str(workspace_path_obj.parent)
+                workflow.logger.info(f"Adjusted workspace to parent directory: {workspace_path}")
+        else:
+            # No apk_path provided - check if workspace_path is an APK file
+            if workspace_path_obj.suffix.lower() == '.apk' or workspace_path_obj.name.endswith('.apk'):
+                # workspace_path is the APK file itself
+                actual_apk_path = workspace_path_obj.name
+                workspace_path = str(workspace_path_obj.parent)
+                workflow.logger.info(f"Detected single APK file: {actual_apk_path}, workspace: {workspace_path}")
+            else:
+                # workspace_path is a directory, need to find APK within it
+                actual_apk_path = None
+                workflow.logger.info("Workspace is a directory, APK detection will be handled by modules")

        # Phase 1: Jadx decompilation (if enabled and APK provided)
        jadx_result = None