This test currently contains mostly 'testing for injection' stuff, which could be moved to #2999, though it would have to be refactored.

There are specific issues with implicit intents, for example using them to trigger internal components, which is what this test should cover.

@cpholguera Please assign this to me.

Thanks @ScreaMy7 , it's yours now. Please consider the above comment from @TheDauntless . If you want I can also assign you #2999 so that you can tackle both at the same time and try to properly separate concerns. What do you think?

Thanks for assigning this @cpholguera. We will take testing injection flaw next.

@cpholguera Should the demo be using static analysis (using semgrep) or dynamic analysis (using ADB) for this test case of triggering internal components from implicit intents?

You can do a static demo (semgrep) and a dynamic one (frida).

You may also need an attacker, as I did in this PR: https://github.com/OWASP/owasp-mastg/pull/3177/files#diff-7cf9a476904f94bca9185237fd004add0b6a0c20e3ead78ce2813612069c0a22

In my case the "attacker" is a server in python. In your case, it could be a script using adb, a MastgTestAttacker.kt, or whatever you see fit.

This would be the first time we use such a MASTG-DEMO-xxxx/MastgTestAttacker.kt, but don't worry, I will take care of the pipelines so that it is built correctly. I can make them generate MASTG-DEMO-xxxx.apk and MASTG-DEMO-xxxx-Attacker.apk if necessary.

The Demo for the dynamic testcase is completed. The Static demo using semgrep, should we use the semgrep pattern on the reversed_AndroidManifest or the MastgTest_reversed.java?
@cpholguera