Set up Fluid Attacks for CASA tier 2 audit

JaniruTEC · JaniruTEC · commit 2c2b57ced518 · 2024-03-04T22:57:10.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -51,3 +51,7 @@ local.properties
 **/fastlane/izzyscript/iod-scan-apk.php
 **/fastlane/izzyscript/current_iod-scan-apk.php
 **/fastlane/izzyscript/current_result_*.json
+
+# Fluid Attacks
+**/fastlane/fluidattacks/results.csv
+/apk_files/
diff --git a/fastlane/fluidattacks/apks/.gitkeep b/fastlane/fluidattacks/apks/.gitkeep
diff --git a/fastlane/fluidattacks/config.yaml b/fastlane/fluidattacks/config.yaml
@@ -0,0 +1,135 @@
+# docker run --mount type=bind,source=<Root of repo>,target=/src fluidattacks/cli:<Tag> skims scan /src/fastlane/fluidattacks/config.yaml
+# <Root of repo>:	Path to the root of the repository.
+# <Tag>:			Tag of the tool image; usually "amd64" or "arm64".
+#					Also see: https://hub.docker.com/r/fluidattacks/cli
+#					Also see: https://web.archive.org/web/20240301173651/https://docs.fluidattacks.com/tech/scanner/standalone/casa/
+#
+# NOTE: Prefer using absolute paths over relative paths;
+#       the tool doesn't seem to handle relative paths too well in some places.
+namespace: CryptomatorAndroid
+output:
+  file_path: /src/fastlane/fluidattacks/results.csv
+  format: CSV
+
+# The working directory should resolve to the root of the repository.
+# This should stay "/src" because the tool doesn't seem to handle anything but the default too well.
+working_dir: /src
+language: EN
+file_size_limit: false
+
+# The "/src/apk_files" folder is deleted once the tool is done.
+# The folders named after the apks (e.g. "presentation-playstore-debug" for
+# "presentation-playstore-debug.apk") in "/src" seem to always stay empty.
+# If this behavior changes, it might be necessary to exclude those from "sast" to keep iterative scans possible.
+apk:
+  include:
+    - glob(/src/fastlane/fluidattacks/apks/**/*.apk)
+sast: # Used to be "path" (e.g. in the docs of the ADA)
+  include:
+    - .
+checks:
+  - F001
+  - F004
+  - F008
+  - F009
+  - F010
+  - F011
+  - F012
+  - F015
+  - F016
+  - F017
+  - F020
+  - F021
+  - F022
+  - F023
+  - F031
+  - F034
+  - F035
+  - F037
+  - F042
+  - F043
+  - F052
+  - F055
+  - F056
+  - F058
+  - F073
+  - F075
+  - F079
+  - F080
+  - F082
+  - F085
+  - F086
+  - F089
+  - F091
+  - F092
+  - F094
+  - F096
+  - F098
+  - F099
+  - F100
+  - F103
+  - F107
+  - F112
+  - F120
+  - F127
+  - F128
+  - F129
+  - F130
+  - F131
+  - F132
+  - F133
+  - F134
+  - F143
+  - F160
+  - F176
+  - F177
+  - F182
+  - F200
+  - F203
+  - F206
+  - F207
+  - F211
+  - F234
+  - F239
+  - F246
+  - F247
+  - F250
+  - F252
+  - F256
+  - F257
+  - F258
+  - F259
+  - F266
+  - F267
+  - F268
+  - F277
+  - F281
+  - F300
+  - F313
+  - F320
+  - F325
+  - F333
+  - F335
+  - F338
+  - F346
+  - F363
+  - F372
+  - F380
+  - F381
+  - F393
+  - F394
+  - F396
+  - F398
+  - F400
+  - F401
+  - F402
+  - F406
+  - F407
+  - F408
+  - F409
+  - F411
+  - F412
+  - F413
+  - F414
+  - F416
+  - F418
