mirror of
https://github.com/FuzzingLabs/fuzzforge_ai.git
synced 2026-02-12 20:32:46 +00:00
aa2cd48b00
Comprehensive Android security testing workflow converted from Prefect to Temporal architecture: Modules (3): - JadxDecompiler: APK to Java source code decompilation - OpenGrepAndroid: Static analysis with Android-specific security rules - MobSFScanner: Comprehensive mobile security framework integration Custom Rules (13): - clipboard-sensitive-data, hardcoded-secrets, insecure-data-storage - insecure-deeplink, insecure-logging, intent-redirection - sensitive_data_sharedPreferences, sqlite-injection - vulnerable-activity, vulnerable-content-provider, vulnerable-service - webview-javascript-enabled, webview-load-arbitrary-url Workflow: - 6-phase Temporal workflow: download → Jadx → OpenGrep → MobSF → SARIF → upload - 4 activities: decompile_with_jadx, scan_with_opengrep, scan_with_mobsf, generate_android_sarif - SARIF output combining findings from all security tools Docker Worker: - ARM64 Mac compatibility via amd64 platform emulation - Pre-installed: Android SDK, Jadx 1.4.7, OpenGrep 1.45.0, MobSF 3.9.7 - MobSF runs as background service with API key auto-generation - Added aiohttp for async HTTP communication Test APKs: - BeetleBug.apk and shopnest.apk for workflow validation
16 lines
386 B
YAML
16 lines
386 B
YAML
rules:
|
|
- id: clipboard-sensitive-data
|
|
severity: WARNING
|
|
languages: [java]
|
|
message: "Sensitive data may be copied to the clipboard."
|
|
metadata:
|
|
authors:
|
|
- Guerric ELOI (FuzzingLabs)
|
|
category: security
|
|
area: clipboard
|
|
verification-level: [L1]
|
|
paths:
|
|
include:
|
|
- "**/*.java"
|
|
pattern: "$CLIPBOARD.setPrimaryClip($CLIP)"
|