Merge branch 'develop' into feature/migrate-to-gcm

SailReal · SailReal · commit d4a279d95b22 · 2024-08-13T12:52:15.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -51,3 +51,7 @@ local.properties
 **/fastlane/izzyscript/iod-scan-apk.php
 **/fastlane/izzyscript/current_iod-scan-apk.php
 **/fastlane/izzyscript/current_result_*.json
+
+# Fluid Attacks
+**/fastlane/fluidattacks/results.csv
+**/fastlane/fluidattacks/apks/**
diff --git a/buildsystem/Dockerfile b/buildsystem/Dockerfile
@@ -38,3 +38,9 @@ RUN yes | sdkmanager --licenses --sdk_root="${ANDROID_HOME}"
 RUN update-java-alternatives -s java-1.17.0-openjdk-amd64
 
 RUN rm -rf ${ANDROID_HOME}/tools
+
+# Create a non-root user and group
+RUN groupadd -r appuser && useradd --no-log-init -r -g appuser appuser
+
+# Switch to the non-root user
+USER appuser
diff --git a/buildsystem/docker/dependencies.txt b/buildsystem/docker/dependencies.txt
@@ -1 +1,5 @@
+apt-utils=2.9.3
+wget=1.24.5-1
+git=1:2.45.1-1
+unzip=6.0-28
 openjdk-17-jdk=17.0.11+9-1
diff --git a/fastlane/Fastfile b/fastlane/Fastfile
@@ -364,6 +364,24 @@ platform :android do |options|
     FileUtils.rm_r("exodus-test")
   end
 
+  desc "Run fluidattacks"
+  lane :runFluidattacks do |options|
+    # if you want to run it for a specific version just set e.g. version = "1.10.0"
+    fluidattacks_apks_path = "fluidattacks/apks"
+    apk_types = %w[signed fdroid_signed lite_signed playstore_signed]
+
+    FileUtils.mkdir("#{fluidattacks_apks_path}")
+    apk_types.each do |type|
+      FileUtils.mkdir("#{fluidattacks_apks_path}/Cryptomator-#{version}_#{type}/")
+      FileUtils.cp("release/Cryptomator-#{version}_#{type}.apk", "#{fluidattacks_apks_path}/Cryptomator-#{version}_#{type}/")
+    end
+
+    puts "Run Fluidattacks. Results are in /src/fastlane/fluidattacks/results.csv"
+    sh("docker run -v $(cd .. && pwd):/src -w /src fluidattacks/cli:amd64 skims scan /src/fastlane/fluidattacks/config.yaml")
+
+    FileUtils.rm_r("#{fluidattacks_apks_path}")
+  end
+
   desc "Create GitHub draft release"
   lane :createGitHubDraftRelease do |options|
     target_branch = "main"
diff --git a/fastlane/README.md b/fastlane/README.md
@@ -79,6 +79,14 @@ Check if tracking added in some dependency using Izzy's script
 
 Check if tracking added in some dependency using exodus
 
+### android runFluidattacks
+
+```sh
+[bundle exec] fastlane android runFluidattacks
+```
+
+Run fluidattacks
+
 ### android createGitHubDraftRelease
 
 ```sh
diff --git a/fastlane/fluidattacks/config.yaml b/fastlane/fluidattacks/config.yaml
@@ -0,0 +1,135 @@
+# docker run --mount type=bind,source=<Root of repo>,target=/src fluidattacks/cli:<Tag> skims scan /src/fastlane/fluidattacks/config.yaml
+# <Root of repo>:	Path to the root of the repository.
+# <Tag>:			Tag of the tool image; usually "amd64" or "arm64".
+#					Also see: https://hub.docker.com/r/fluidattacks/cli
+#					Also see: https://web.archive.org/web/20240301173651/https://docs.fluidattacks.com/tech/scanner/standalone/casa/
+#
+# NOTE: Prefer using absolute paths over relative paths;
+#       the tool doesn't seem to handle relative paths too well in some places.
+namespace: CryptomatorAndroid
+output:
+  file_path: /src/fastlane/fluidattacks/results.csv
+  format: CSV
+
+# The working directory should resolve to the root of the repository.
+# This should stay "/src" because the tool doesn't seem to handle anything but the default too well.
+working_dir: /src
+language: EN
+file_size_limit: false
+
+# The "/src/apk_files" folder is deleted once the tool is done.
+# The folders named after the apks (e.g. "presentation-playstore-debug" for
+# "presentation-playstore-debug.apk") in "/src" seem to always stay empty.
+# If this behavior changes, it might be necessary to exclude those from "sast" to keep iterative scans possible.
+apk:
+  include:
+    - glob(/src/fastlane/fluidattacks/apks/**/*.apk)
+sast: # Used to be "path" (e.g. in the docs of the ADA)
+  include:
+    - .
+checks:
+  - F001
+  - F004
+  - F008
+  - F009
+  - F010
+  - F011
+  - F012
+  - F015
+  - F016
+  - F017
+  - F020
+  - F021
+  - F022
+  - F023
+  - F031
+  - F034
+  - F035
+  - F037
+  - F042
+  - F043
+  - F052
+  - F055
+  - F056
+  - F058
+  - F073
+  - F075
+  - F079
+  - F080
+  - F082
+  - F085
+  - F086
+  - F089
+  - F091
+  - F092
+  - F094
+  - F096
+  - F098
+  - F099
+  - F100
+  - F103
+  - F107
+  - F112
+  - F120
+  - F127
+  - F128
+  - F129
+  - F130
+  - F131
+  - F132
+  - F133
+  - F134
+  - F143
+  - F160
+  - F176
+  - F177
+  - F182
+  - F200
+  - F203
+  - F206
+  - F207
+  - F211
+  - F234
+  - F239
+  - F246
+  - F247
+  - F250
+  - F252
+  - F256
+  - F257
+  - F258
+  - F259
+  - F266
+  - F267
+  - F268
+  - F277
+  - F281
+  - F300
+  - F313
+  - F320
+  - F325
+  - F333
+  - F335
+  - F338
+  - F346
+  - F363
+  - F372
+  - F380
+  - F381
+  - F393
+  - F394
+  - F396
+  - F398
+  - F400
+  - F401
+  - F402
+  - F406
+  - F407
+  - F408
+  - F409
+  - F411
+  - F412
+  - F413
+  - F414
+  - F416
+  - F418
