Compare commits
16 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| f59632a6b1 | |||
| 3f8f13050e | |||
| 0ba5f7b31e | |||
| 09979172dc | |||
| a45c74ffd6 | |||
| f730aed93a | |||
| a5eb6b557d | |||
| c022ea54ce | |||
| 01430414cb | |||
| d06491213c | |||
| a57a1446ca | |||
| 9bda5e34bc | |||
| 6b46ec8b45 | |||
| c960a6d56b | |||
| 822649ac8a | |||
| 32f18e6f13 |
40
.gitea/workflows/mobsf.yml
Normal file
40
.gitea/workflows/mobsf.yml
Normal file
@@ -0,0 +1,40 @@
|
||||
name: MobSF Security Scan
|
||||
on: [push]
|
||||
|
||||
jobs:
|
||||
mobsf-analysis:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout Code
|
||||
uses: https://github.com/actions/checkout@v4
|
||||
|
||||
- name: Run MobSF Scan
|
||||
run: |
|
||||
# Setup environment
|
||||
python3 -m venv .mobsf_venv
|
||||
source .mobsf_venv/bin/activate
|
||||
python3 -m pip install mobsfscan --quiet
|
||||
|
||||
# ---------------------------------------------------------
|
||||
# ENFORCEMENT STRENGTH (Uncomment only ONE line)
|
||||
# ---------------------------------------------------------
|
||||
|
||||
# STRENGTH: LOG ONLY (Always green build, artifact if bugs found)
|
||||
mobsfscan --html --output report.html app/src/main || true
|
||||
|
||||
# STRENGTH: STRICT (Red build if ANY Warning/Error found)
|
||||
# mobsfscan --html --output report.html app/src/main
|
||||
|
||||
# STRENGTH: CRITICAL ONLY (Red build only on High/Error severity)
|
||||
# mobsfscan --html --output report.html --error-level ERROR app/src/main
|
||||
# ---------------------------------------------------------
|
||||
|
||||
- name: Upload Report to Gitea
|
||||
# if-no-files-found: ignore ensures NO artifact is created if scan is clean
|
||||
uses: https://gitea.com/actions/upload-artifact@v3
|
||||
with:
|
||||
name: MobSF-Security-Report
|
||||
path: report.html
|
||||
if-no-files-found: ignore
|
||||
# THE SETTING BELOW CONTROLS DELETION
|
||||
retention-days: 7
|
||||
@@ -1,3 +1,8 @@
|
||||
// Add these inside your MainActivity class
|
||||
val google_api_key = "AIzaSyA1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6"
|
||||
val s3_bucket = "http://my-private-data.s3.amazonaws.com"
|
||||
|
||||
|
||||
package com.vinay.compose_test
|
||||
|
||||
import android.os.Bundle
|
||||
|
||||
31
securitytest.js
Normal file
31
securitytest.js
Normal file
@@ -0,0 +1,31 @@
|
||||
import React from 'react';
|
||||
import { Text, View } from 'react-native';
|
||||
|
||||
const SecurityTest = () => {
|
||||
// VULNERABILITY: Hardcoded sensitive AWS Key
|
||||
const AWS_SECRET = "AKIAIMNO7YBXQDWS7BAR";
|
||||
|
||||
const loginUser = (username, password) => {
|
||||
// VULNERABILITY: Logging sensitive information to console
|
||||
console.log("Attempting login for: " + username + " with password: " + password);
|
||||
};
|
||||
|
||||
return (
|
||||
<View>
|
||||
<Text>MobSF Test File</Text>
|
||||
</View>
|
||||
);
|
||||
};
|
||||
|
||||
export default SecurityTest;
|
||||
// mobsf_test.js
|
||||
// VULNERABILITY: Hardcoded Google API Key (Regex match)
|
||||
const google_key = "AIzaSyA1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6";
|
||||
|
||||
// VULNERABILITY: Hardcoded AWS Secret (Entropy match)
|
||||
const aws_secret = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";
|
||||
|
||||
// VULNERABILITY: Insecure Connection
|
||||
const api_url = "http://insecure-api.com/v1/login";
|
||||
|
||||
console.log("Keys loaded successfully");
|
||||
Reference in New Issue
Block a user