Fix url checker

.github/instructions/mastg-test.instructions.md

@@ -21,7 +21,7 @@ Example tests for reference:
 
 - [MASTG-TEST-0207](https://mas.owasp.org/MASTG/tests/android/MASVS-STORAGE/MASTG-TEST-0207/)
 - [MASTG-TEST-0216](https://mas.owasp.org/MASTG/tests/android/MASVS-STORAGE/MASTG-TEST-0216/)
-- [MASTG-TEST-0263](https://mas.owasp.org/MASTG/tests/android/MASVS-STORAGE/MASTG-TEST-0263/)
+- [MASTG-TEST-0263](https://mas.owasp.org/MASTG/tests/android/MASVS-RESILIENCE/MASTG-TEST-0263/)
 
 Notes:
 
@@ -127,7 +127,7 @@ prerequisites:
 ### profiles
 
 Specify the MAS profiles to which the test applies. Valid values: L1, L2, P, R.
-The profiles are described in [MAS Testing Profiles Guide](Document/0x03b-Testing-Profiles.md)
+The profiles are described in [MAS Testing Profiles Guide](../../Document/0x03b-Testing-Profiles.md)
 
 - L1 denotes Essential Security.
 - L2 denotes Advanced Security.

.github/workflows/config/url-checker-config.json

@@ -1,26 +1,14 @@
 {
     "ignorePatterns": [
-        {
-            "pattern": "https://github.com/Your_Github_Handle/owasp-mstg"
-        },
         {
             "pattern": "changelog"
         },
-        {
-            "pattern": "https://github.com/commjoen/contributors-mstg"
-        },
-        {
-            "pattern": "https://www.dhanjani.com/blog/2010/11/insecure-handling-of-url-schemes-in-apples-ios.html"
-        },
         {
             "pattern": "^http://127.0.0.1"
         },
         {
             "pattern": "^http://localhost"
         },
-        {
-            "pattern": "https://haveibeenpwned.com"
-        },
         {
             "pattern": "https://www.hackingwithswift.com"
         },
@@ -105,9 +93,6 @@
         {
             "pattern": "^https://github.com/sushi2k/MSTG-MASVS-Internal"
         },
-        {
-            "pattern": "^https://fidoalliance.org/"
-        },
         {
             "pattern": "^/MASVS/"
         },
@@ -121,12 +106,17 @@
             "pattern": "^/checklists/"
         },
         {
-            "pattern": "https://techbeacon.com/evolution-devops-new-thinking-gene-kim"
+            "pattern": "^https://stackoverflow.com/"
         },
         {
-            "pattern": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/"
+            "pattern": "^https://academy.realm.io/posts/russ-bishop-unsafe-swift/"
+        }
+    ],
+    "replacementPatterns": [
+        {
+            "pattern": "^Images/",
+            "replacement": "{{BASEURL}}/Document/Images/"
         }
-
     ],
     "httpHeaders": [
         {
@@ -135,7 +125,7 @@
                 "http://"
             ],
             "headers": {
-                "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
+                "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36"
             }
         }
     ],

.github/workflows/url-checker-pr.yml

@@ -1,21 +1,16 @@
 name: URL Checker (PR)
 
-on:
-  pull_request:
+on: [pull_request]
 
 jobs:
   markdown-link-check:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-      - name: link-check
-        uses: gaurav-nelson/github-action-markdown-link-check@v1
+      - name: URL Link Check
+        uses: Diolor/[email protected]
         with:
           use-quiet-mode: 'yes'
-          use-verbose-mode: 'yes'
           config-file: '.github/workflows/config/url-checker-config.json'
-          folder-path: '.'
           check-modified-files-only: 'yes'

.github/workflows/url-checker.yml

@@ -12,12 +12,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-      - name: link-check
-        uses: gaurav-nelson/github-action-markdown-link-check@v1
+      - name: URL Link Check
+        uses: Diolor/[email protected]
         with:
           use-quiet-mode: 'yes'
-          use-verbose-mode: 'yes'
           config-file: '.github/workflows/config/url-checker-config.json'
-          folder-path: '.'

apps/android/MASTG-APP-0014.md

@@ -2,6 +2,7 @@
 title: InsecureShop
 platform: android
 source: https://github.com/hax0rgb/InsecureShop/
+status: deprecated
 ---
 
 InsecureShop is an intentionally designed Android application that showcases vulnerabilities, aiming to educate developers and security experts about common pitfalls within modern Android apps. It serves as a dynamic platform for refining Android pentesting skills.
@@ -15,4 +16,4 @@ The majority of these vulnerabilities can be exploited on non-rooted devices, po
 - **Insecure Broadcast Receiver**: Registration of a broadcast enabling URL injection.
 - **Insecure Content Provider**: Accessible content provider putting user data at risk.
 
-Complementing these learning experiences, InsecureShop provides [documentation](https://docs.insecureshopapp.com/ "InsecureShop Docs") about the implemented vulnerabilities and their associated code. This documentation, however, refrains from offering complete solutions for each vulnerability showcased within the InsecureShop app.
+Complementing these learning experiences, InsecureShop provided documentation about the implemented vulnerabilities and their associated code. This documentation, however, refrains from offering complete solutions for each vulnerability showcased within the InsecureShop app. The documentation website is not accessible anymore.

knowledge/android/MASVS-CODE/MASTG-KNOW-0006.md

@@ -4,21 +4,21 @@ platform: android
 title: Binary Protection Mechanisms
 ---
 
-Detecting the presence of [binary protection mechanisms](0x04h-Testing-Code-Quality.md#binary-protection-mechanisms) heavily depend on the language used for developing the application.
+Detecting the presence of [binary protection mechanisms](../../../Document/0x04h-Testing-Code-Quality.md#binary-protection-mechanisms) heavily depend on the language used for developing the application.
 
 In general all binaries should be tested, which includes both the main app executable as well as all libraries/dependencies. However, on Android we will focus on native libraries since the main executables are considered safe as we will see next.
 
 Android optimizes its Dalvik bytecode from the app DEX files (e.g. classes.dex) and generates a new file containing the native code, usually with an .odex, .oat extension. This Android compiled binary (see "Compiled App Binary" in @MASTG-TECH-0007) is wrapped using the [ELF format](https://refspecs.linuxfoundation.org/elf/gabi4+/contents.html) which is the format used by Linux and Android to package assembly code.
 
 The app's NDK native libraries (see "Native Libraries" in @MASTG-TECH-0007) also [use the ELF format](https://developer.android.com/ndk/guides/abis).
 
-- [**PIE (Position Independent Executable)**](0x04h-Testing-Code-Quality.md#position-independent-code):
+- [**PIE (Position Independent Executable)**](../../../Document/0x04h-Testing-Code-Quality.md#position-independent-code):
     - Since Android 7.0 (API level 24), PIC compilation is [enabled by default](https://source.android.com/devices/tech/dalvik/configure) for the main executables.
     - With Android 5.0 (API level 21), support for non-PIE enabled native libraries was [dropped](https://source.android.com/security/enhancements/enhancements50) and since then, PIE is [enforced by the linker](https://cs.android.com/android/platform/superproject/+/master:bionic/linker/linker_main.cpp;l=430).
-- [**Memory management**](0x04h-Testing-Code-Quality.md#memory-management):
+- [**Memory management**](../../../Document/0x04h-Testing-Code-Quality.md#memory-management):
     - Garbage Collection will simply run for the main binaries and there's nothing to be checked on the binaries themselves.
-    - Garbage Collection does not apply to Android native libraries. The developer is responsible for doing proper [manual memory management](0x04h-Testing-Code-Quality.md#manual-memory-management). See ["Memory Corruption Bugs"](0x04h-Testing-Code-Quality.md#memory-corruption-bugs).
-- [**Stack Smashing Protection**](0x04h-Testing-Code-Quality.md#stack-smashing-protection):
+    - Garbage Collection does not apply to Android native libraries. The developer is responsible for doing proper [manual memory management](../../../Document/0x04h-Testing-Code-Quality.md#manual-memory-management). See ["Memory Corruption Bugs"](../../../Document/0x04h-Testing-Code-Quality.md#memory-corruption-bugs).
+- [**Stack Smashing Protection**](../../../Document/0x04h-Testing-Code-Quality.md#stack-smashing-protection):
     - Android apps get compiled to Dalvik bytecode which is considered memory safe (at least for mitigating buffer overflows). Other frameworks such as Flutter will not compile using stack canaries because of the way their language, in this case Dart, mitigates buffer overflows.
     - It must be enabled for Android native libraries but it might be difficult to fully determine it.
         - NDK libraries should have it enabled since the compiler does it by default.

knowledge/android/MASVS-CRYPTO/MASTG-KNOW-0012.md

@@ -93,7 +93,7 @@ KeyPair keyPair = keyPairGenerator.generateKeyPair();
 
 This sample creates the RSA key pair with a key size of 4096-bit (i.e. modulus size). Elliptic Curve (EC) keys can also be generated in a similar way. However as of Android 11 (API level 30), [AndroidKeyStore does not support encryption or decryption with EC keys](https://developer.android.com/guide/topics/security/cryptography#SupportedCipher). They can only be used for signatures.
 
-A symmetric encryption key can be generated from the passphrase by using the Password Based Key Derivation Function version 2 (PBKDF2). This cryptographic protocol is designed to generate cryptographic keys, which can be used for cryptography purpose. Input parameters for the algorithm are adjusted according to [improper key generation function](0x04g-Testing-Cryptography.md#improper-key-derivation-functions) section. The code listing below illustrates how to generate a strong encryption key based on a password.
+A symmetric encryption key can be generated from the passphrase by using the Password Based Key Derivation Function version 2 (PBKDF2). This cryptographic protocol is designed to generate cryptographic keys, which can be used for cryptography purpose. Input parameters for the algorithm are adjusted according to [improper key generation function](../../../Document/0x04g-Testing-Cryptography.md#improper-key-derivation-functions) section. The code listing below illustrates how to generate a strong encryption key based on a password.
 
 ```java
 public static SecretKey generateStrongAESKey(char[] password, int keyLength)

knowledge/android/MASVS-NETWORK/MASTG-KNOW-0015.md

@@ -4,7 +4,7 @@ platform: android
 title: Certificate Pinning
 ---
 
-[Certificate pinning](0x04f-Testing-Network-Communication.md/#restricting-trust-identity-pinning) can be employed in Android apps to safeguard against Machine-in-the-Middle (MITM) attacks by ensuring that the app communicates exclusively with remote endpoints possessing specific identities.
+[Certificate pinning](../../../Document/0x04f-Testing-Network-Communication.md#restricting-trust-identity-pinning) can be employed in Android apps to safeguard against Machine-in-the-Middle (MITM) attacks by ensuring that the app communicates exclusively with remote endpoints possessing specific identities.
 
 While effective when implemented correctly, insecure implementations potentially enable attackers to read and modify all communication. For more general details on pinning, refer to @MASWE-0047.
 

knowledge/ios/MASVS-CODE/MASTG-KNOW-0061.md

@@ -4,17 +4,17 @@ platform: ios
 title: Binary Protection Mechanisms
 ---
 
-Detecting the presence of [binary protection mechanisms](0x04h-Testing-Code-Quality.md#binary-protection-mechanisms) heavily depend on the language used for developing the application.
+Detecting the presence of [binary protection mechanisms](../../../Document/0x04h-Testing-Code-Quality.md#binary-protection-mechanisms) heavily depend on the language used for developing the application.
 
 Although Xcode enables all binary security features by default, it may be relevant to verify this for old applications or to check for compiler flag misconfigurations. The following features are applicable:
 
-- [**PIE (Position Independent Executable)**](0x04h-Testing-Code-Quality.md#position-independent-code):
+- [**PIE (Position Independent Executable)**](../../../Document/0x04h-Testing-Code-Quality.md#position-independent-code):
     - PIE applies to executable binaries (Mach-O type `MH_EXECUTE`) [source](https://web.archive.org/web/20230328221404/https://opensource.apple.com/source/cctools/cctools-921/include/mach-o/loader.h.auto.html).
     - However it's not applicable for libraries (Mach-O type `MH_DYLIB`).
-- [**Memory management**](0x04h-Testing-Code-Quality.md#memory-management):
+- [**Memory management**](../../../Document/0x04h-Testing-Code-Quality.md#memory-management):
     - Both pure Objective-C, Swift and hybrid binaries should have ARC (Automatic Reference Counting) enabled.
-    - For C/C++ libraries, the developer is responsible for doing proper [manual memory management](0x04h-Testing-Code-Quality.md#manual-memory-management). See ["Memory Corruption Bugs"](0x04h-Testing-Code-Quality.md#memory-corruption-bugs).
-- [**Stack Smashing Protection**](0x04h-Testing-Code-Quality.md#stack-smashing-protection): For pure Objective-C binaries, this should always be enabled. Since Swift is designed to be memory safe, if a library is purely written in Swift, and stack canaries weren't enabled, the risk will be minimal.
+    - For C/C++ libraries, the developer is responsible for doing proper [manual memory management](../../../Document/0x04h-Testing-Code-Quality.md#manual-memory-management). See ["Memory Corruption Bugs"](../../../Document/0x04h-Testing-Code-Quality.md#memory-corruption-bugs).
+- [**Stack Smashing Protection**](../../../Document/0x04h-Testing-Code-Quality.md#stack-smashing-protection): For pure Objective-C binaries, this should always be enabled. Since Swift is designed to be memory safe, if a library is purely written in Swift, and stack canaries weren't enabled, the risk will be minimal.
 
 Learn more:
 

knowledge/ios/MASVS-PLATFORM/MASTG-KNOW-0079.md

@@ -22,7 +22,7 @@ Supporting a custom URL scheme is done by:
 
 Security issues arise when an app processes calls to its URL scheme without properly validating the URL and its parameters and when users aren't prompted for confirmation before triggering an important action.
 
-One example is the following [bug in the Skype Mobile app](https://www.dhanjani.com/blog/2010/11/insecure-handling-of-url-schemes-in-apples-ios.html "Insecure Handling of URL Schemes in Apple's iOS"), discovered in 2010: The Skype app registered the `skype://` protocol handler, which allowed other apps to trigger calls to other Skype users and phone numbers. Unfortunately, Skype didn't ask users for permission before placing the calls, so any app could call arbitrary numbers without the user's knowledge. Attackers exploited this vulnerability by putting an invisible `<iframe src="skype://xxx?call"></iframe>` (where `xxx` was replaced by a premium number), so any Skype user who inadvertently visited a malicious website called the premium number.
+One example is the following [bug in the Skype Mobile app](https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5 "Insecure Handling of URL Schemes in Apple's iOS"), discovered in 2010: The Skype app registered the `skype://` protocol handler, which allowed other apps to trigger calls to other Skype users and phone numbers. Unfortunately, Skype didn't ask users for permission before placing the calls, so any app could call arbitrary numbers without the user's knowledge. Attackers exploited this vulnerability by putting an invisible `<iframe src="skype://xxx?call"></iframe>` (where `xxx` was replaced by a premium number), so any Skype user who inadvertently visited a malicious website called the premium number.
 
 As a developer, you should carefully validate any URL before calling it. You can allow only certain applications which may be opened via the registered protocol handler. Prompting users to confirm the URL-invoked action is another helpful control.
 

techniques/android/MASTG-TECH-0109.md

@@ -83,4 +83,4 @@ You can either configure @MASTG-TOOL-0120 or create `iptables` rules to redirect
 
 - Use the app, and you should be able to intercept the HTTP traffic of the Flutter app.
 
-Further explanations for this setup can be found in the blog post from [Nviso](https://blog.nviso.eu/2019/08/13/intercepting-traffic-from-android-flutter-applications/).
+Further explanations for this setup can be found in the blog post from [Nviso](https://blog.nviso.eu/2022/08/18/intercept-flutter-traffic-on-ios-and-android-http-https-dio-pinning/).

techniques/ios/MASTG-TECH-0110.md

@@ -52,7 +52,7 @@ There are generally two approaches to this: **@MASTG-TOOL-0100** and **@MASTG-TO
 
 ## Intercepting Traffic using Wi-Fi Hotspot / openVPN with Frida
 
-1. Configure using [Wi-Fi hotspot / openVPN](https://blog.nviso.eu/2020/06/12/intercepting-flutter-traffic-on-ios/) method to redirect requests to Burp.
+1. Configure using [Wi-Fi hotspot / openVPN](https://blog.nviso.eu/2022/08/18/intercept-flutter-traffic-on-ios-and-android-http-https-dio-pinning/) method to redirect requests to Burp.
 
 2. Install the @MASTG-APP-0025 on the mobile device.
 

tests-beta/android/MASVS-NETWORK/MASTG-TEST-0217.md

@@ -36,4 +36,4 @@ The output contains a list of all enabled TLS versions in the above mentioned AP
 
 ## Evaluation
 
-The test case fails if any [insecure TLS version](https://mas.owasp.org/MASTG/0x04f-Testing-Network-Communication/#recommended-tls-settings) is directly enabled, or if the app enabled any settings allowing the use of outdated TLS versions, such as `okhttp3.ConnectionSpec.COMPATIBLE_TLS`.
+The test case fails if any [insecure TLS version](../../../Document/0x04f-Testing-Network-Communication.md#recommended-tls-settings) is directly enabled, or if the app enabled any settings allowing the use of outdated TLS versions, such as `okhttp3.ConnectionSpec.COMPATIBLE_TLS`.

tests-beta/android/MASVS-NETWORK/MASTG-TEST-0218.md

@@ -26,4 +26,4 @@ The output shows the actually used TLS version.
 
 ## Evaluation
 
-The test case fails if any [insecure TLS version](https://mas.owasp.org/MASTG/0x04f-Testing-Network-Communication/#recommended-tls-settings) is used.
+The test case fails if any [insecure TLS version](../../../Document/0x04f-Testing-Network-Communication.md#recommended-tls-settings) is used.

tests-beta/android/MASVS-NETWORK/MASTG-TEST-0242.md

@@ -10,7 +10,7 @@ knowledge: [MASTG-KNOW-0014, MASTG-KNOW-0015]
 
 ## Overview
 
-Apps can configure [certificate pinning using the Network Security Configuration]("../../../Document/0x05g-Testing-Network-Communication.md#pinning-via-network-security-configuration-api-24"). For each domain, one or multiple digests can be pinned.
+Apps can configure [certificate pinning using the Network Security Configuration](../../../knowledge/android/MASVS-NETWORK/MASTG-KNOW-0015.md#pinning-via-network-security-configuration-api-24). For each domain, one or multiple digests can be pinned.
 
 The goal of this test is to check if the app does not implement certificate pinning using the NSC. However, note that the app may be using other pinning methods covered in other tests.