Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[MASWE-0004] Sensitive Data Not Excluded From Backup #2866
base: master
Are you sure you want to change the base?
[MASWE-0004] Sensitive Data Not Excluded From Backup #2866
Changes from 25 commits
b51b366
51d783c
4ed2882
eb8ff39
aa8d3c2
34fffb8
94d5eb0
7f4ba70
75d4aca
2f58384
7561818
d8e2e3f
b1dcc1a
384d866
c7ab9f3
a5b6eb5
01ec6fc
444021a
d913187
6c71761
9d50d70
45c62bb
64dea15
e21a5e6
83149cd
401f5b8
3918a26
9db4282
2643176
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"The test fails because ..."
See https://mas.owasp.org/MASTG/demos/ios/MASVS-CRYPTO/MASTG-DEMO-0015/MASTG-DEMO-0015/#evaluation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
grep could be good for a quick check but if we want to obtain all references in the actual code that can be challenging. I'd suggest to use r2. The run.sh would be:
And the isExcludedFromBackup.r2:
The output would be:
Uses of isExcludedFromBackup: 0x10000cc28 1 12 sym.imp.Foundation.URLResourceValues.isExcludedFromBackup...Sgvs xrefs to isExcludedFromBackup: sym.MASTestApp.MastgTest.mastg.completion...FZ 0x100004594 [CALL:--x] bl sym.imp.Foundation.URLResourceValues.isExcludedFromBackup...Sgvs Use of isExcludedFromBackup: │ 0x100004580 080540f9 ldr x8, [x8, 8] │ 0x100004584 00013fd6 blr x8 │ 0x100004588 e80314aa mov x8, x20 │ 0x10000458c a1210094 bl sym.imp.Foundation.URLResourceValues...VACycfC...ycfC │ 0x100004590 20008052 mov w0, 1 │ 0x100004594 a5210094 bl sym Foundation.URLResourceValues.isExcludedFromBackup...Sgvs ; sym.imp.Foundation.URLResourceValues.isExcludedFromBackup...Sgvs │ 0x100004598 a82300d1 sub x8, x29, 8 │ 0x10000459c 140150f8 ldur x20, [x8, -0x100] │ 0x1000045a0 a82302d1 sub x8, x29, 0x88 │ 0x1000045a4 080150f8 ldur x8, [x8, -0x100]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Evaluation must start with "The test case fails if"
See https://mas.owasp.org/MASTG/tests-beta/ios/MASVS-CRYPTO/MASTG-TEST-0211/#evaluation
Check failure on line 46 in weaknesses/MASVS-STORAGE/MASWE-0004.md
GitHub Actions / markdown-lint-check
Trailing spaces