feat(mobile): add unified Security Shepherd Android app#894
Open
SeanDuggan wants to merge 6 commits into
Open
Conversation
Replaces the collection of per-challenge standalone APKs with a single unified app (org.owasp.mobileshepherd) covering all 19 mobile modules: lessons and challenges for Client-Side Injection, Insecure Data Storage, Insecure Communication, Insufficient Cryptography, Reverse Engineering, Poor Authentication, Security Misconfiguration, Privacy Controls, Input Validation, Insecure Authorization, and Supply Chain. Android app changes: - New unified app with Navigation Component and ViewBinding - Material Design 3 with dark mode support - Full login/registration flow connected to the web platform - Progress tracking and scoreboard integration - Cheatsheets for all 19 modules - CI workflow for Android lint and build Server-side changes: - Add MobileFlagGet, MobileFlagSubmit, MobileInsecureApi, MobileModuleFlags, MobileModuleProgress, MobileModuleStart, MobileRegister servlets - Update MobileLogin servlet - Update coreSchema.sql with mobile module tables and procedures - Add i18n properties for mobile challenge/lesson strings - Add Android lint and build GitHub Actions workflows
MobileFlagGet was calling Getter.hasPlayerStarted() as a DB fallback for the in-memory module-start cache, but this method does not exist in upstream's Getter class. Remove the fallback; the in-memory check in MobileModuleProgress.hasStarted() is sufficient.
…ster Fix Spotless violations: - MobileLogin.java: convert CRLF to LF line endings - MobileRegister.java: reflow Javadoc and method call line breaks
The previous version re-inserted 68 modules that already exist in the upstream schema, causing PRIMARY KEY violations during integration test DB setup and failing all IT tests. Replace with upstream coreSchema.sql and append only the 9 genuinely new mobile modules: - Mobile Insecure Authorization (lesson) - Mobile Insecure Communication (lesson + challenge) - Mobile Security Misconfiguration (lesson + challenge) - Mobile Input Validation (lesson) - Mobile Privacy Controls (lesson) - Mobile Supply Chain (lesson) - Mobile Insufficient Cryptography (lesson) incrementalRank values set to 105-113 (after upstream's highest rank of ~100) to avoid conflicts.
…edWhereClause testGetModuleStatusMenuWhenMobileOnlyOpen validates that every module in the DB belongs to either the web or mobile hardcoded category list. Our 7 new mobile categories were missing from the list, causing the test to fail with a count mismatch after openOnlyMobileCategories() was called.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replaces the collection of per-challenge standalone APKs with a single unified app (org.owasp.mobileshepherd) covering all 19 mobile modules: lessons and challenges for Client-Side Injection, Insecure Data Storage, Insecure Communication, Insufficient Cryptography, Reverse Engineering, Poor Authentication, Security Misconfiguration, Privacy Controls, Input Validation, Insecure Authorization, and Supply Chain.
Android app changes:
Server-side changes: