MASTestApp is an Android application written in Kotlin. Contributors can easily create and test new MASTG demos, ensuring that the static and dynamic analysis processes are properly documented and reproducible.
The app is intentionally simple, offering three essential files:
MainActivity.kt
- Contains the default UI, which should not be modified.AndroidManifest.xml
- Contains placeholders for additional things that may be needed.MastgTest.kt
- Contains one function. This file is intended to be modified by users to create new MASTG demos but should not be modified in the original repository.
Contributors must copy the final modified MastgTest.kt
file to their demo folder in the OWASP MASTG repository under the corresponding demos/MASTG-DEMO-XXXX
.
Create a new folder in the MASTG repository under the corresponding demos/MASTG-DEMO-XXXX
following the guidelines
Clone the app repository and open it in Android Studio.
git clone https://github.com/cpholguera/MASTestApp-Android.git
- Edit
MastgTest.kt
to implement your demo. - If applicable, modify the
AndroidManifest.xml
to add necessary permissions or components. - Build the app and test it on the Android emulator or a physical device
Install jadx and apktool and ensure they're available in your path.
Launch the app in the emulator and run the provided script:
./tools/extract-code-for-mastg-demo.sh
The output will be:
output/
├── MastgTest.kt
├── MastgTest_reversed.java
├── AndroidManifest.xml
└── AndroidManifest_reversed.xml
Run your SAST rules on the _reversed
files and ensure they work as expected.
Use the Android emulator or a physical device and run your dynamic scripts.
Once everything works fine, copy the relevant files from the output folder to the demo folder in the MASTG repository. It should look like this:
owasp-mastg/demos/MASTG-DEMO-XXXX/
├── MastgTest.kt
├── MastgTest_reversed.java
├── AndroidManifest.xml
├── AndroidManifest_reversed.xml
├── MASTG-DEMO-XXXX.md
├── output.txt
└── run.sh
Finalize your demo by adding a MASTG-DEMO-XXXX.md
file, tweaking the run.sh
script, and adding the relevant output files.