public void AllowBackupTrue() { AndroidManifestFile androidManifestFile = GetAndroidManifestFile("AllowBackupTrue.xml"); _analyzer.Analyze(androidManifestFile); Assert.AreEqual(1, _vulnerabilities.Count); Vulnerability vulnerability = _vulnerabilities[0]; Assert.AreEqual("AllowBackup", vulnerability.Code); Assert.AreEqual("Backups are enabled", vulnerability.Title); Assert.AreEqual("Enabling backups may leak sensitive data to the cloud.", vulnerability.Description); string expectedPath = Path.Combine("TestFiles", "AllowBackup", "AllowBackupTrue.xml"); Assert.AreEqual(expectedPath, vulnerability.FilePath); Assert.AreEqual("AndroidManifest.xml", vulnerability.FullyQualifiedName); Assert.AreEqual(11, vulnerability.LineNumber); }
public void MinSdkUnsupported() { AndroidManifestFile androidManifestFile = GetAndroidManifestFile("MinSdkUnsupported.xml"); _analyzer.Analyze(androidManifestFile); Assert.AreEqual(1, _vulnerabilities.Count); Vulnerability vulnerability = _vulnerabilities[0]; Assert.AreEqual("MinSdk", vulnerability.Code); Assert.AreEqual("App supports outdated Android version", vulnerability.Title); Assert.AreEqual("Apps should no longer support Android Gingerbread or lower. This version is used by less than 0.3% of all devices and the latest release was in 2011.", vulnerability.Description); string expectedPath = Path.Combine("TestFiles", "MinSdk", "MinSdkUnsupported.xml"); Assert.AreEqual(expectedPath, vulnerability.FilePath); Assert.AreEqual("AndroidManifest.xml", vulnerability.FullyQualifiedName); Assert.AreEqual(9, vulnerability.LineNumber); }
public void DebuggableTrue() { AndroidManifestFile androidManifestFile = GetAndroidManifestFile("DebuggableTrue.xml"); _analyzer.Analyze(androidManifestFile); Assert.AreEqual(1, _vulnerabilities.Count); Vulnerability vulnerability = _vulnerabilities[0]; Assert.AreEqual("Debuggable", vulnerability.Code); Assert.AreEqual("App has debugging enabled", vulnerability.Title); Assert.AreEqual("Enabling debugging makes it easier for an attacker to reverse engineer your app.", vulnerability.Description); string expectedPath = Path.Combine("TestFiles", "Debuggable", "DebuggableTrue.xml"); Assert.AreEqual(expectedPath, vulnerability.FilePath); Assert.AreEqual("AndroidManifest.xml", vulnerability.FullyQualifiedName); Assert.AreEqual(11, vulnerability.LineNumber); }
public void AllowBackupTrue() { AndroidManifestFile androidManifestFile = GetAndroidManifestFile("AllowBackupTrue.xml"); _analyzer.Analyze(androidManifestFile); Assert.AreEqual(1, _vulnerabilities.Count); Vulnerability vulnerability = _vulnerabilities[0]; Assert.AreEqual("AllowBackup", vulnerability.Code); Assert.AreEqual("Backups are enabled", vulnerability.Title); Assert.AreEqual(SeverityLevel.Medium, vulnerability.SeverityLevel); Assert.AreEqual("Enabling backups may leak (sensitive) app data to Google's cloud services. If you would like to disable this feature, set 'allowBackup' to false in the <application> element.", vulnerability.Description); string expectedPath = Path.Combine("TestFiles", "AllowBackup", "AllowBackupTrue.xml"); Assert.AreEqual(expectedPath, vulnerability.FilePath); Assert.AreEqual("AndroidManifest.xml", vulnerability.FullyQualifiedName); Assert.AreEqual(11, vulnerability.LineNumber); }