Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate [MASWE-0013] and add [MASTG-TEST-0210] and [MASTG-DEMO-0015] Hardcoded Cryptographic Keys in Code (by appknox) #2869

Merged
merged 10 commits into from
Sep 3, 2024
Merged

Deprecate [MASWE-0013] and add [MASTG-TEST-0210] and [MASTG-DEMO-0015] Hardcoded Cryptographic Keys in Code (by appknox) #2869

merged 10 commits into from
Sep 3, 2024

Conversation

ScreaMy7
Copy link
Collaborator

@ScreaMy7 ScreaMy7 commented Aug 8, 2024

closes #2577

cpholguera
cpholguera requested changes Aug 30, 2024
View reviewed changes
demos/android/MASVS-CRYPTO/MASTG-DEMO-0013/MastgTest.java Outdated Show resolved Hide resolved
rules/mastg-android-hardcoded-crypto-keys-usage.yml Show resolved Hide resolved
weaknesses/MASVS-CRYPTO/MASWE-0013.md Outdated Show resolved Hide resolved
tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0209.md Outdated Show resolved Hide resolved
tests-beta/ios/MASVS-CRYPTO/MASTG-TEST-210.md Outdated Show resolved Hide resolved
rules/mastg-ios-hardcoded-keys.yaml Outdated Show resolved Hide resolved
@cpholguera cpholguera changed the title [MASWE-0013] Hardcoded Cryptographic Keys in Use (by appknox) Deprecate MASWE-0013 and add Android test and demo for MASWE-0014 about Use of Hardcoded Cryptographic Keys in Code (by appknox) Aug 30, 2024
cpholguera
cpholguera requested changes Aug 30, 2024
View reviewed changes
demos/android/MASVS-CRYPTO/MASTG-DEMO-0015/MastgTest.kt Show resolved Hide resolved
demos/android/MASVS-CRYPTO/MASTG-DEMO-0015/output.txt Outdated
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO update the output after running the new rule on MastgTest_reversed.java

demos/android/MASVS-CRYPTO/MASTG-DEMO-0015/run.sh Outdated
@@ -0,0 +1 @@
semgrep -c ../rules/mastg-android-hardcoded-crypto-keys-usage.yml ./hardcoded-key-in-use.java --text -o output.txt
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This must work on MastgTest_reversed.java

Suggested change
semgrep -c ../rules/mastg-android-hardcoded-crypto-keys-usage.yml ./hardcoded-key-in-use.java --text -o output.txt
semgrep -c ../rules/mastg-android-hardcoded-crypto-keys-usage.yml ./MastgTest_reversed.java --text -o output.txt

rules/mastg-android-hardcoded-crypto-keys-usage.yml Show resolved Hide resolved
demos/android/MASVS-CRYPTO/MASTG-DEMO-0015/MastgTest.kt Show resolved Hide resolved
tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0210.md Show resolved Hide resolved
@ScreaMy7
Copy link
Collaborator Author

We have started working on this, soon we will send the next PR.
@cpholguera

@ScreaMy7
Copy link
Collaborator Author

ScreaMy7 commented Sep 3, 2024

@cpholguera We have added the Android section of the test case. Please review it, thank you.

cpholguera
cpholguera requested changes Sep 3, 2024
View reviewed changes
Copy link
Collaborator

@cpholguera cpholguera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ScreaMy7 I think we can merge after integrating these last changes. Please read thought them and use the "Add suggestion to batch" and "Commit Suggestions" functions to integrate the changes.

tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0210.md Outdated Show resolved Hide resolved
tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0210.md Outdated Show resolved Hide resolved
tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0210.md Outdated Show resolved Hide resolved
demos/android/MASVS-CRYPTO/MASTG-DEMO-0015/run.sh Outdated Show resolved Hide resolved
rules/mastg-android-hardcoded-crypto-keys-usage.yml Outdated Show resolved Hide resolved
demos/android/MASVS-CRYPTO/MASTG-DEMO-0015/MASTG-DEMO-0015.md Outdated Show resolved Hide resolved
@ScreaMy7 @cpholguera
Apply suggestions from code review
be89843 
added the changes

Co-authored-by: Carlos Holguera <[email protected]>
cpholguera
cpholguera approved these changes Sep 3, 2024
View reviewed changes
Copy link
Collaborator

@cpholguera cpholguera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much @ScreaMy7!

@cpholguera cpholguera changed the title Deprecate MASWE-0013 and add Android test and demo for MASWE-0014 about Use of Hardcoded Cryptographic Keys in Code (by appknox) Deprecate [MASWE-0013] and add [MASTG-TEST-0210] and [MASTG-DEMO-0015] Hardcoded Cryptographic Keys in Code (by appknox) Sep 3, 2024
@cpholguera cpholguera merged commit ae2793a into OWASP:master Sep 3, 2024
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpholguera cpholguera cpholguera approved these changes

Assignees

@ScreaMy7 ScreaMy7

Labels
MASVS-CRYPTO MASWE
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[MASWE-0013] Hardcoded Cryptographic Keys in Use
2 participants
@ScreaMy7 @cpholguera