Compare commits
16 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| f59632a6b1 | |||
| 3f8f13050e | |||
| 0ba5f7b31e | |||
| 09979172dc | |||
| a45c74ffd6 | |||
| f730aed93a | |||
| a5eb6b557d | |||
| c022ea54ce | |||
| 01430414cb | |||
| d06491213c | |||
| a57a1446ca | |||
| 9bda5e34bc | |||
| 6b46ec8b45 | |||
| c960a6d56b | |||
| 822649ac8a | |||
| 32f18e6f13 |
40
.gitea/workflows/mobsf.yml
Normal file
40
.gitea/workflows/mobsf.yml
Normal file
@@ -0,0 +1,40 @@
|
|||||||
|
name: MobSF Security Scan
|
||||||
|
on: [push]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
mobsf-analysis:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Checkout Code
|
||||||
|
uses: https://github.com/actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Run MobSF Scan
|
||||||
|
run: |
|
||||||
|
# Setup environment
|
||||||
|
python3 -m venv .mobsf_venv
|
||||||
|
source .mobsf_venv/bin/activate
|
||||||
|
python3 -m pip install mobsfscan --quiet
|
||||||
|
|
||||||
|
# ---------------------------------------------------------
|
||||||
|
# ENFORCEMENT STRENGTH (Uncomment only ONE line)
|
||||||
|
# ---------------------------------------------------------
|
||||||
|
|
||||||
|
# STRENGTH: LOG ONLY (Always green build, artifact if bugs found)
|
||||||
|
mobsfscan --html --output report.html app/src/main || true
|
||||||
|
|
||||||
|
# STRENGTH: STRICT (Red build if ANY Warning/Error found)
|
||||||
|
# mobsfscan --html --output report.html app/src/main
|
||||||
|
|
||||||
|
# STRENGTH: CRITICAL ONLY (Red build only on High/Error severity)
|
||||||
|
# mobsfscan --html --output report.html --error-level ERROR app/src/main
|
||||||
|
# ---------------------------------------------------------
|
||||||
|
|
||||||
|
- name: Upload Report to Gitea
|
||||||
|
# if-no-files-found: ignore ensures NO artifact is created if scan is clean
|
||||||
|
uses: https://gitea.com/actions/upload-artifact@v3
|
||||||
|
with:
|
||||||
|
name: MobSF-Security-Report
|
||||||
|
path: report.html
|
||||||
|
if-no-files-found: ignore
|
||||||
|
# THE SETTING BELOW CONTROLS DELETION
|
||||||
|
retention-days: 7
|
||||||
@@ -1,3 +1,8 @@
|
|||||||
|
// Add these inside your MainActivity class
|
||||||
|
val google_api_key = "AIzaSyA1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6"
|
||||||
|
val s3_bucket = "http://my-private-data.s3.amazonaws.com"
|
||||||
|
|
||||||
|
|
||||||
package com.vinay.compose_test
|
package com.vinay.compose_test
|
||||||
|
|
||||||
import android.os.Bundle
|
import android.os.Bundle
|
||||||
|
|||||||
31
securitytest.js
Normal file
31
securitytest.js
Normal file
@@ -0,0 +1,31 @@
|
|||||||
|
import React from 'react';
|
||||||
|
import { Text, View } from 'react-native';
|
||||||
|
|
||||||
|
const SecurityTest = () => {
|
||||||
|
// VULNERABILITY: Hardcoded sensitive AWS Key
|
||||||
|
const AWS_SECRET = "AKIAIMNO7YBXQDWS7BAR";
|
||||||
|
|
||||||
|
const loginUser = (username, password) => {
|
||||||
|
// VULNERABILITY: Logging sensitive information to console
|
||||||
|
console.log("Attempting login for: " + username + " with password: " + password);
|
||||||
|
};
|
||||||
|
|
||||||
|
return (
|
||||||
|
<View>
|
||||||
|
<Text>MobSF Test File</Text>
|
||||||
|
</View>
|
||||||
|
);
|
||||||
|
};
|
||||||
|
|
||||||
|
export default SecurityTest;
|
||||||
|
// mobsf_test.js
|
||||||
|
// VULNERABILITY: Hardcoded Google API Key (Regex match)
|
||||||
|
const google_key = "AIzaSyA1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6";
|
||||||
|
|
||||||
|
// VULNERABILITY: Hardcoded AWS Secret (Entropy match)
|
||||||
|
const aws_secret = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";
|
||||||
|
|
||||||
|
// VULNERABILITY: Insecure Connection
|
||||||
|
const api_url = "http://insecure-api.com/v1/login";
|
||||||
|
|
||||||
|
console.log("Keys loaded successfully");
|
||||||
Reference in New Issue
Block a user