Merge branch 'OWASP:master' into master

.devcontainer/devcontainer.json

@@ -0,0 +1,35 @@
+{
+  "name": "MkDocs-VSCode",
+  "build": {
+    "context": "..",
+    "dockerfile": "../Dockerfile"
+  },
+  "customizations": {
+    "vscode": {
+      // Set *default* container specific settings.json values on container create.
+      "settings": {
+        "terminal.integrated.shell.linux": "/bin/bash",
+        "debug.javascript.usePreview": false
+      },
+      // Add the IDs of extensions you want installed when the container is created.
+      "extensions": [
+        "yzhang.markdown-all-in-one",
+        "redhat.vscode-yaml",
+        "shardulm94.trailing-spaces",
+        "oderwat.indent-rainbow",
+        "msjsdiag.debugger-for-chrome",
+        "ms-python.python",
+        "ms-python.debugpy",
+        "davidanson.vscode-markdownlint",
+        "timonwong.shellcheck",
+        "ms-python.vscode-pylance"
+      ]
+    }
+  },
+  // Use 'forwardPorts' to make a list of ports inside the container available locally.
+  "forwardPorts": [
+    8000
+  ]
+  // Uncomment to connect as a non-root user. See https://aka.ms/vscode-remote/containers/non-root.
+  //"remoteUser": "vscode"
+}

.dockerignore

@@ -0,0 +1,6 @@
+node_modules
+dist
+build
+.git
+Dockerfile
+.dockerignore

.github/workflows/build-android-demos.yml

@@ -0,0 +1,102 @@
+name: Build All Android Demos
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+    paths:
+      - 'demos/**'
+  pull_request:
+    branches:
+      - master
+    paths:
+      - 'demos/**'
+
+jobs:
+  generate-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Generate matrix
+        id: set-matrix
+        run: |
+          demos=$(find demos/android -type d -name "MASTG-DEMO-*")
+          matrix="{\"demo\":["
+          for demo in $demos; do
+            matrix="${matrix}\"$demo\","
+          done
+          matrix="${matrix%,}]}"
+          echo "matrix=$matrix" >> $GITHUB_ENV
+          echo "matrix=$matrix" >> $GITHUB_OUTPUT
+
+      - name: Print matrix
+        run: echo "${{ steps.set-matrix.outputs.matrix }}"
+
+  build:
+    needs: generate-matrix
+    runs-on: ubuntu-latest
+    timeout-minutes: 60  # Increase this value as needed
+    strategy:
+      matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
+      max-parallel: 3  # Limit the number of parallel jobs
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Clone MASTestApp-Android repository
+        run: git clone https://github.com/cpholguera/MASTestApp-Android.git
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Replace files and build APK
+        run: |
+          demo="${{ matrix.demo }}"
+          if [ -d "$demo" ]; then
+            echo "Processing $demo"
+            [ -f "$demo/MastgTest.kt" ] && cp -f "$demo/MastgTest.kt" MASTestApp-Android/app/src/main/java/org/owasp/mastestapp/MastgTest.kt && echo "Copied MastgTest.kt for $demo" || echo "No MastgTest.kt found for $demo"
+            [ -f "$demo/AndroidManifest.xml" ] && cp -f "$demo/AndroidManifest.xml" MASTestApp-Android/app/src/main/AndroidManifest.xml && echo "Copied AndroidManifest.xml for $demo" || echo "No AndroidManifest.xml found for $demo"
+            cd MASTestApp-Android
+            echo "Building APK for $demo"
+            ./gradlew assembleDebug --stacktrace
+            build_status=$?
+            cd ..
+            if [ $build_status -eq 0 ]; then
+              echo "Build succeeded for $demo"
+              apk_name="$(basename "$demo").apk"
+              if [ -f "MASTestApp-Android/app/build/outputs/apk/debug/app-debug.apk" ]; then
+                mv MASTestApp-Android/app/build/outputs/apk/debug/app-debug.apk "$apk_name"
+                echo "APK for $demo moved to $apk_name"
+              else
+                echo "APK not found for $demo"
+              fi
+            else
+              echo "Build failed for $demo"
+            fi
+          else
+            echo "Demo directory not found: $demo"
+          fi
+
+      - name: Set APK name variable
+        id: set_apk_name
+        run: echo "APK_NAME=$(basename ${{ matrix.demo }}).apk" >> $GITHUB_ENV
+
+      - name: List generated APK
+        run: |
+          echo "Listing generated APK in demos/android directory:"
+          ls -l "${{ env.APK_NAME }}" || echo "No APK found."
+
+      - name: Upload APK
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.APK_NAME }}
+          path: "${{ env.APK_NAME }}"

.github/workflows/build-website.yml

@@ -7,7 +7,7 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
-    if: github.actor == 'cpholguera' || github.actor == 'sushi2k'
+    if: github.actor == 'cpholguera' || github.actor == 'sushi2k' || github.actor == 'TheDauntless'
     steps:
       - uses: actions/checkout@v4
         with:
@@ -26,21 +26,24 @@ jobs:
       - name: Get Latest MASVS Release Tag
         run: echo "MASVS_VERSION=$(curl -s https://api.github.com/repos/OWASP/owasp-masvs/releases/latest | jq '.tag_name' | sed 's/\"//g')" >> $GITHUB_ENV
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           repository: "OWASP/owasp-masvs"
           fetch-depth: 1
           path: owasp-masvs/
       - name: Generate MASVS yaml
         run: python3 ./owasp-masvs/tools/generate_masvs_yaml.py -v ${{env.MASVS_VERSION}} -i ./owasp-masvs/Document -c ./owasp-masvs/controls
-      # - name: Populate MASVS Categories Markdown Files
-      #   run: python3 ./owasp-masvs/src/populate_masvs_categories_md.py -d ./owasp-masvs/Document -w
+      - name: Populate MASVS Categories Markdown Files
+        run: python3 ./owasp-masvs/tools/populate_masvs_categories_md.py -d ./owasp-masvs/Document -w
       - run: ./src/scripts/structure_masvs.sh
 
       - name: Generate MASVS Control Markdown Files
         run: python3 src/scripts/write_masvs_control_md_files.py
 
       - name: Populate Dynamic Pages
         run: python3 src/scripts/populate_dynamic_pages.py
+
+      - name: Generate Cross-References
+        run: python3 src/scripts/generate_cross_references.py
 
       - run: mkdocs gh-deploy --force --clean --verbose

.github/workflows/config/url-checker-config.json

@@ -96,6 +96,9 @@
         {
             "pattern": "^/MASTG/"
         },
+        {
+            "pattern": "^/MASWE/"
+        },
         {
             "pattern": "^/checklists/"
         }

.github/workflows/docgenerator.yml

@@ -94,10 +94,10 @@ jobs:
         repository: "OWASP/owasp-masvs.git"
         ref: ${{env.MASVS_VERSION}}
         fetch-depth: 1
-        path: src/scripts/owasp-masvs
+        path: owasp-masvs
 
     - name: Get MASVS Current Commit ID
-      run: cd src/scripts/owasp-masvs && echo "MASVS_COMMIT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+      run: cd owasp-masvs && echo "MASVS_COMMIT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
     - name: Confirm MASTG Current Commit ID
       run: echo ${{env.MASVS_COMMIT}}
 

.github/workflows/markdown-linter.yml

@@ -15,9 +15,8 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 1
-      - name: markdownlint-cli
-        uses: nosborn/github-action-markdown-cli@v3.0.1
+      - name: markdownlint-cli2
+        uses: DavidAnson/markdownlint-cli2-action@v16.0.0
         with:
-          files: Document
-          config_file: ".markdownlint.jsonc"
-          ignore_files: "src, node_modules, Crackmes, Samples"
+          config: ".markdownlint.jsonc"
+

.gitignore

@@ -13,10 +13,10 @@ logs
 *.pdf
 *.docx
 *.epub
-launch.json
 docs/MASVS/**/
-docs/MASVS/*-MASVS-*.md
+docs/MASVS/*-*.md
 docs/MASTG/**/
+docs/MASTG/0x*.md
 docs/assets/Images
 docs/checklists/MASVS-*.md
 docs/talks.md

.markdownlint-cli2.jsonc

@@ -0,0 +1,15 @@
+{
+    "globs": [
+        "**/*.md"
+      ],
+
+    "ignores": [
+      "src",
+      "node_modules",
+      "Crackmes",
+      "Samples",
+      ".github",
+      "docs/contributing/5_Style_Guide.md"
+    ],
+      "gitignore": true
+}

.markdownlint.jsonc

@@ -4,14 +4,17 @@
     "MD004": {"style": "dash"},                   // ul-style
     "MD007": { "indent": 4 },                     // ul-indent
     "MD013": false,                               // line-length
-    "MD024": {"allow_different_nesting": true},   // no-duplicate-header
+    "MD014": false,                               // commands-show-output
+    "MD024": {"siblings_only": true},             // no-duplicate-header
     "MD026": {"punctuation": ".,;:"},             // no-trailing-punctuation (allows !?)
     "MD033": false,                               // no-inline-html
     "MD035": {"style": "---"},                    // hr-style
     "MD036": {"punctuation": ".,;:!。"},          // no-emphasis-as-header
     "MD041": false,                               // first-line-h1
-    "MD046": {"style": "fenced"} ,                // code-block-style
-    "MD049": {"style": "underscore"},              // emphasis-style
-    "MD050": {"style": "asterisk"}              // strong-style
+    "MD045": false,                               // no-alt-text
+    "MD046": false,                               // code-block-style (unsupported admonitions)
+    "MD049": {"style": "underscore"},             // emphasis-style
+    "MD050": {"style": "asterisk"},               // strong-style
+    "MD055": {"style": "leading_and_trailing"}    // table-pipe-style
 
   }

.vscode/launch.json

@@ -0,0 +1,28 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Python: Current File",
+            "type": "debugpy",
+            "request": "launch",
+            "program": "${file}",
+            "console": "integratedTerminal",
+            "justMyCode": true
+        },
+        {
+            "name": "Python: MkDocs Serve",
+            "type": "debugpy",
+            "request": "launch",
+            "program": "${workspaceFolder}/.venv/bin/mkdocs",  // Adjust the path if mkdocs is not in a virtual environment
+            "args": ["serve", "-a", "localhost:8002"],
+            "console": "integratedTerminal",
+            "env": {
+                "PYTHONPATH": "${workspaceFolder}/.venv/bin/python3"
+            },
+            "preLaunchTask": "Run populate_dynamic_pages.py"
+        }
+    ]
+}

.vscode/tasks.json

@@ -0,0 +1,27 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "Run structure_mastg.sh",
+            "type": "shell",
+            "command": "./src/scripts/structure_mastg.sh",
+            "problemMatcher": []
+        },
+        {
+            "label": "Run transform_files.py",
+            "type": "shell",
+            "command": "${workspaceFolder}/.venv/bin/python",
+            "args": ["src/scripts/transform_files.py"],
+            "problemMatcher": [],
+            "dependsOn": "Run structure_mastg.sh"
+        },
+        {
+            "label": "Run populate_dynamic_pages.py",
+            "type": "shell",
+            "command": "${workspaceFolder}/.venv/bin/python",
+            "args": ["src/scripts/populate_dynamic_pages.py"],
+            "problemMatcher": [],
+            "dependsOn": "Run transform_files.py"
+        }
+    ]
+}

Dockerfile

@@ -0,0 +1,26 @@
+# Use the latest Python image
+FROM python:3-slim
+
+# Install dependencies
+RUN apt-get update && \
+    apt-get install -y git jq curl && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install Python dependencies
+COPY src/scripts/requirements.txt .
+RUN python -m pip install --no-cache-dir -r requirements.txt
+
+# Clone the OWASP MASVS as required by the website build
+RUN git clone --depth 1 https://github.com/OWASP/owasp-masvs.git /workspaces/owasp-masvs
+
+# Set the working directory this way to be compatible with devcontainers and also run independently
+WORKDIR /workspaces/owasp-mastg
+
+# Expose port 8000
+EXPOSE 8000
+
+# Start the container with a shell
+CMD ["bash"]
+
+# If running manually: docker run -it --rm -p 8000:8000 -v $(pwd):/workspaces/owasp-mastg mastg