Enhancements to ARC and Stack Canary Checks in Mach-O Parsing (#2284)

* Extend 'has_arc' check to include '_swift_release' Updated the has_arc method to detect the usage of ARC not only by the presence of the _objc_release symbol but also by the _swift_release symbol. This change broadens the scope of ARC detection to cover both Objective-C and Swift implementations. * Optimize has_canary function without using a set Refactored the has_canary method to directly check the presence of ___stack_chk_fail and ___stack_chk_guard symbols in imported_functions. Removed the unnecessary conversion to a set, streamlining the function and enhancing readability. Now, has_canary uses any() for efficient symbol existence checks.
MobSF · Dec 6, 2023 · b668ee8 · b668ee8
1 parent 361e76a
commit b668ee8
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/mobsf/StaticAnalyzer/views/common/binary/macho.py b/mobsf/StaticAnalyzer/views/common/binary/macho.py
@@ -213,14 +213,17 @@ def has_pie(self):
     def has_canary(self):
         stk_check = '___stack_chk_fail'
         stk_guard = '___stack_chk_guard'
-        ipt_list = set()
-        for ipt in self.macho.imported_functions:
-            ipt_list.add(str(ipt))
-        return stk_check in ipt_list and stk_guard in ipt_list
+        imp_func_gen = self.macho.imported_functions
+        has_stk_check = any(
+            str(func).strip() == stk_check for func in imp_func_gen)
+        has_stk_guard = any(
+            str(func).strip() == stk_guard for func in imp_func_gen)
+
+        return has_stk_check and has_stk_guard
 
     def has_arc(self):
         for func in self.macho.imported_functions:
-            if str(func).strip() == '_objc_release':
+            if str(func).strip() in ('_objc_release', '_swift_release'):
                 return True
         return False