Update DEMO-0128/ 0129 / 0130 and TEST-0364 / 0365 / 0366 and Add new DEMO for Broadcast Receivers#3884
Draft
cpholguera wants to merge 6 commits into
Draft
Update DEMO-0128/ 0129 / 0130 and TEST-0364 / 0365 / 0366 and Add new DEMO for Broadcast Receivers#3884cpholguera wants to merge 6 commits into
cpholguera wants to merge 6 commits into
Conversation
- Manifest (XML): exported-activity, exported-service, exported-receiver — each flags exported + no android:permission, and lists permission-protected components separately. - Code (Java): activity-entrypoints, service-entrypoints (+ caller-permission checks), receiver-entrypoints (+ intent-extra sources), context-registered-receiver.
…our "capture all → reduce → manual" model), mirroring the test steps: - run.sh runs @MASTG-TOOL-0110 to capture the manifest inventory + inspect the decompiled code → separate output files. - evaluate.sh (standalone, like MASTG-DEMO-0059) reduces the exported/unprotected set with jq, dropping framework/library namespaces (androidx.*, android.*, …) → evaluation.txt. - The .md Evaluation explains the remaining manual discards in prose. The discards are now explicit and visible in the tooling: - MASTG-DEMO-0128: evaluate.sh drops the androidx.* Compose tooling activities; the writeup discards MainActivity as the (legitimately exported) launcher, leaving SecretActivity. - MASTG-DEMO-0130: the manifest scan lists ProfileInstallReceiver under permission-protected (it's the AndroidX-merged receiver not in the original manifest), and evaluate.sh also drops it by namespace — both reasons stated.
…emos-128-129-130
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Refines the v2 demos and tests for sensitive functionality exposure through IPC (the MASTG-TEST-0029 port), targeting exported/unprotected app components that let third-party apps reach sensitive functionality without going through the intended flow (MASWE-0119, MASWE-0062, MASWE-0063). Reworks the existing demos into a staged, reproducible pipeline, factors the detection logic into reusable Semgrep rules, and adds a new demo covering context-registered receivers.
Reworked Demos (MASVS-PLATFORM)
Each demo now follows a staged pipeline (capture all → reduce → manual review) that mirrors the test steps, replacing the previous single output.txt with discrete, inspectable artifacts (
manifest_scan, code_scan, evaluate.sh, evaluation.txt) and a reversedMastgTest_reversed.java:New Demo (MASVS-PLATFORM)
New Reusable Semgrep Rules (rules/)
Factored the component-discovery and protection-level logic out of individual demos into shared rules:
Test Updates (tests-beta)
AI Tool Disclosure
Check exactly one option.