Skip to content

Port MASTG-TEST-0041: Testing for Debugging Code and Verbose Error Logging (android) (by @guardsquare)#3242

Merged
cpholguera merged 14 commits into
OWASP:masterfrom
titze:port-MASTG-TEST-0041
Mar 26, 2025
Merged

Port MASTG-TEST-0041: Testing for Debugging Code and Verbose Error Logging (android) (by @guardsquare)#3242
cpholguera merged 14 commits into
OWASP:masterfrom
titze:port-MASTG-TEST-0041

Conversation

@titze

@titze titze commented Mar 25, 2025

Copy link
Copy Markdown
Collaborator

This PR closes #3020

@titze

titze commented Mar 25, 2025

Copy link
Copy Markdown
Collaborator Author

I am unsure about the test itself. It was a dynamic test before, so I kept it like this. But it could very well be a static test, or even both...

The Test IDs are wrong at the moment, I will update them when we are close to merging the PR.

@cpholguera cpholguera changed the title Port mastg test 0041: App enables StrictMode (by @guardsquare) Port MASTG-TEST-0041: App enables StrictMode (Android) (by @guardsquare) Mar 25, 2025
@cpholguera cpholguera changed the title Port MASTG-TEST-0041: App enables StrictMode (Android) (by @guardsquare) Port MASTG-TEST-0041: Testing for Debugging Code and Verbose Error Logging (android) (by @guardsquare) Mar 25, 2025

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR aims to update Android documentation and testing assets for detecting unclosed SQL Cursors via StrictMode by ensuring debug-only execution and verbose logging for development builds.

  • Added a demo markdown file (MASTG-DEMO-0x41.md) illustrating a sample scenario of StrictMode detecting an unclosed SQL Cursor.
  • Introduced a new test markdown file (MASTG-TEST-0x41.md) to verify that StrictMode is enabled in production builds.
  • Updated documentation (0x05i-Testing-Code-Quality-and-Build-Settings.md) and weaknesses metadata to reflect changes such as using BuildConfig.DEBUG and emphasizing verbose logging and testing utilities.

Reviewed Changes

Copilot reviewed 4 out of 7 changed files in this pull request and generated 3 comments.

File Description
demos/android/MASVS-RESILIENCE/MASTG-DEMO-0x41/MASTG-DEMO-0x41.md New demo file detailing a sample StrictMode violation scenario.
tests-beta/android/MASVS-RESILIENCE/MASTG-TEST-0x41.md New test file for verifying StrictMode activation in production builds.
Document/0x05i-Testing-Code-Quality-and-Build-Settings.md Updated to use BuildConfig.DEBUG for conditionally enabling StrictMode.
weaknesses/MASVS-RESILIENCE/MASWE-0094.md Adjusted topics to include verbose logging and enabled testing utilities.
Files not reviewed (3)
  • demos/android/MASVS-RESILIENCE/MASTG-DEMO-0x41/MastgTest.kt: Language not supported
  • demos/android/MASVS-RESILIENCE/MASTG-DEMO-0x41/output.txt: Language not supported
  • demos/android/MASVS-RESILIENCE/MASTG-DEMO-0x41/run.sh: Language not supported
Comments suppressed due to low confidence (1)

tests-beta/android/MASVS-RESILIENCE/MASTG-TEST-0x41.md:4

  • The test ID uses an uppercase 'X' while the demo file uses a lowercase 'x'. Consider standardizing the test ID across files.
id: MASTG-TEST-0X41

Comment thread demos/android/MASVS-RESILIENCE/MASTG-DEMO-0x41/MASTG-DEMO-0x41.md Outdated
Comment thread tests-beta/android/MASVS-RESILIENCE/MASTG-TEST-0x41.md Outdated
Comment thread demos/android/MASVS-RESILIENCE/MASTG-DEMO-0x41/MASTG-DEMO-0x41.md Outdated
titze and others added 2 commits March 26, 2025 09:25
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Comment thread Document/0x05i-Testing-Code-Quality-and-Build-Settings.md Outdated
Comment thread Document/0x05i-Testing-Code-Quality-and-Build-Settings.md Outdated
Comment thread Document/0x05i-Testing-Code-Quality-and-Build-Settings.md Outdated
Comment thread demos/android/MASVS-RESILIENCE/MASTG-DEMO-0x41/MASTG-DEMO-0x41.md
Comment thread demos/android/MASVS-RESILIENCE/MASTG-DEMO-0x41/MASTG-DEMO-0x41.md
Comment thread demos/android/MASVS-RESILIENCE/MASTG-DEMO-0x41/MastgTest.kt
Comment thread demos/android/MASVS-RESILIENCE/MASTG-DEMO-0x41/MastgTest.kt
Comment thread demos/android/MASVS-RESILIENCE/MASTG-DEMO-0x41/output.txt Outdated
Comment thread tests-beta/android/MASVS-RESILIENCE/MASTG-TEST-0x41.md Outdated
Comment thread tests-beta/android/MASVS-RESILIENCE/MASTG-TEST-0x41.md Outdated

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was missing but I just added it so we can merge.

@cpholguera cpholguera merged commit f041b2c into OWASP:master Mar 26, 2025
@titze titze deleted the port-MASTG-TEST-0041 branch March 28, 2025 11:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

MASTG v1->v2 MASTG-TEST-0041: Testing for Debugging Code and Verbose Error Logging (android)

3 participants