Skip to content

MASTG v1->v2 MASTG-TEST-0028: Testing for Testing Deep Links (android) (by @appknox) #3463

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

MASTG v1->v2 MASTG-TEST-0028: Testing for Testing Deep Links (android) (by @appknox) #3463

wants to merge 5 commits into from

Conversation

ScreaMy7
Copy link
Collaborator

closes #2980

cpholguera
cpholguera requested changes Sep 21, 2025
View reviewed changes
tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0292.md
platform: android
id: MASTG-TEST-0292
type: [static]
weakness: MASWE-0088
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the right MASWE should be MASWE-0071: WebViews Loading Content from Untrusted Sources

Suggested change
weakness: MASWE-0088
weakness: MASWE-0071

tests/android/MASVS-PLATFORM/MASTG-TEST-0028.md
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ScreaMy7 ⚠️ PLEASE BE CAREFUL:

I see that a lot of the information contained in this test is being lost right now. Please consider porting it all:

  • What information is knowledge and belongs in https://mas.owasp.org/MASTG/knowledge/android/MASVS-PLATFORM/MASTG-KNOW-0019/
  • What information describes best practices and should be added to a new MASTG-BEST-XXXX? (each test should have at least one best practice linked)
  • What techniques are here that don't have a MASTG-TECH-XXXX entry? e.g.
    • "Check for Deep Link Usage"
    • "Check for Correct Website Association"
    • "Monitoring Deep Links"
    • "Invoking Deep Links"
    • etc
  • What tools are used and don't have a MASTG-TOOL-XXXX entry? e.g. "Android App Link Verification Tester"
  • What tests are missing?
    • "Use of Unverified App Links"
    • "Use of Unverified Custom URL Schemes"
    • "Use of Verified App Links with Incorrect Website Association"

tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0293.md
@@ -0,0 +1,24 @@
---
title: Deep Link Intent Filter Missing android:autoVerify
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be "Use of Unverified App Links" plus an additional "Use of Unverified Custom URL Schemes" which is now missing.

@cpholguera
Copy link
Collaborator

Also please use "fake IDs" (e.g. MASTG-TEST-0x28-1, MASTG-TEST-0x28-2, MASTG-DEMO-00xx-1, MASTG-DEMO-00xx-2) until we're ready to merge, to avoid conflicts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cpholguera cpholguera cpholguera requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

MASTG v1->v2 MASTG-TEST-0028: Testing Deep Links (android)

2 participants

@ScreaMy7 @cpholguera