Scan Models

In this document, we will discuss two Django models, Scan and ScanTask. These models represent a scanning system that scans for vulnerabilities in mobile applications. The Scan model represents a single scan, and the ScanTask model represents a task within that scan. We will provide an overview of the models and explain their fields and methods in detail.

Overview of scan-related models — Figure 1: Overview of models that are related to `Scan` objects and will be covered on this page.

class mastf.MASTF.models.Scan(*args, **kwargs)[source]

Describes a static app scan.

end_date: Stores the ent datetime of the scan

file: Stores a relation to the file to scan.

static files(project: Project = None, initiator: User = None, team: Team = None) → list[source]

Returns a list of files that have been saved by a given user or within the provided project.

Parameters:

project (Project, optional) – the project, defaults to None
initiator (User, optional) – the initiator of target scans, defaults to None

Returns:

a list of uploaded files

Return type:

list

finished: Property to determine whether this scan has finished.

initiator: Stores the user that has started the scan

is_active: Simple property used to indicate whether the scan is stil busy.

static last_scan(project: Project = None, initiator: User = None)[source]

Returns the last scan that was started by the provided user or within the given project.

Parameters:

project (Project, optional) – the project the last scan has been started in, defaults to None
initiator (User, optional) – the initiator of the last scan, defaults to None

Returns:

the last scan instance or None

Return type:

Scan

origin

Stores the scan origin of the scan. The origin can point to the following values:

Play-Store
iOS-App-Store
APKPure
File
…

project: The project of this scan

risk_level: Stores the classification (LOW, MEDIUM, HIGH)

scan_type: Stores the name of the scan type

scan_uuid: Stores the identifier for this scan.

source

Stores the file source.

The source of an uploaded file can be one of the following: - URL: An URL was given from where the file was downloaded - File: Simple file upload

start_date: Stores the start time of this scan

status: Stores information about the current scan’s status

class mastf.MASTF.models.ScanTask(*args, **kwargs)[source]

Represents a task for internal scans.

Note

This model is introduced to enable multiple web instances being able to handle task-specific requests.

active: Indicates whether the ScanTask object is currently active.

static active_tasks(scan: Scan = None, project: Project = None) → list[source]

A static method that returns a list of active ScanTask objects.

It takes two optional parameters: scan and project. If scan is provided, it returns a list of active ScanTask objects associated with that Scan object. If project is provided, it returns a list of active ScanTask objects associated with Scan objects that belong to that Project object. If neither parameter is provided, an empty list is returned.

Parameters:

scan (Scan, optional) – the target scan, defaults to None
project (Project, optional) – the target project, defaults to None

Returns:

a list of active scans

Return type:

list

celery_id: The assigned celery id (may be null on creation).

static finish_scan(scan: Scan, task: ScanTask) → None[source]: This method is used to finish a scan by setting the is_active attribute of the corresponding Scan object to False when all related ScanTask objects have completed.

name: The task’s name (primarily used in HTML representation)

scan: A foreign key to the Scan model, with the CASCADE option to ensure that when a Scan object is deleted, all related ScanTask objects are also deleted.

scanner: A foreign key to the Scanner model, with the CASCADE option and able to allow null values.

task_uuid: The UUID field with a maximum length of 32 characters is set as the primary key of the model.

class mastf.MASTF.models.Certificate(*args, **kwargs)[source]

Represents an identified certificate.

The Details is designed to store multiple certificate instances as each app may contain more than one certificates. We don’t specify the scan reference directly as it will be created in a many-to-many relationship.

Variables:: details – A list of Details objects this certificate was found in

hash_algorithm: Describes the used hashing algorithm

issuer: Human readable certificate issuer.

serial_number: If present, the serial number will be stored in a TextField.

sha1: The sha1 fingerprint

sha256: The sha256 fingerprint

signature_algorithm: The used signature algorithm.

subject: Human readable subject.

version

Indicates whether the APK is signed using APK signature scheme version X.

Note that version values are stored in the format vX where X represents the version number. In addition, a higher version number declares lower signature schemes impicitly.

class mastf.MASTF.models.Details(id, created_on, updated_on, scan, file, cvss, icon, tracker_count, app_name, app_id, app_version, target_sdk, store_info)[source]