Storage

rules:
  - id: dart-logging-detected
    pattern-either:
      - pattern: print(...)
      - pattern: debugPrint(...)
      - pattern: $LOG.log(...)
      - pattern: $LOG.info(...)
      - pattern: $LOG.warning(...)
      - pattern: $LOG.severe(...)
      - pattern: $LOG.fine(...)
      - pattern: $LOG.finer(...)
      - pattern: $LOG.finest(...)
      - pattern: $LOG.shout(...)
    message: Logging statement detected. Ensure sensitive data is not logged in production.
    severity: WARNING
    languages:
      - dart
    metadata:
      category: security
      cwe: "CWE-532: Insertion of Sensitive Information into Log File"
      owasp: "MASWE-0001: Insertion of Sensitive Data into Logs"

semgrep scan --config ./logging_reference.yaml

fun mastgTestApi() {
    val externalStorageDir = context.getExternalFilesDir(null)
    val fileName = File(externalStorageDir, "secret.txt")
    val fileContent = "secr3tPa\$\$W0rd\n"

    try {
        FileOutputStream(fileName).use { output ->
            output.write(fileContent.toByteArray())
            Log.d("WriteExternalStorage", "File written to external storage successfully.")
        }
    } catch (e: IOException) {
        Log.e("WriteExternalStorage", "Error writing file to external storage", e)
    }
}

emulator -avd Medium_Phone_API_34 -netdelay none -netspeed full
adb install ./MASTG-DEMO-0001.apk

#!/bin/bash

# SUMMARY: This script creates a dummy file to mark a timestamp that we can use later
# on to identify files created during the app exercising

adb shell "touch /data/local/tmp/test_start"

#!/bin/bash

# SUMMARY: List all files created after the creation date of a file created in run_before

adb shell "find /sdcard/ -type f -newer /data/local/tmp/test_start" > output.txt
adb shell "rm /data/local/tmp/test_start"
mkdir -p new_files
while read -r line; do
  adb pull "$line" ./new_files/
done < output.txt

Future<void> mastgTestExternalPath() async {
    var path = await ExternalPath.getExternalStoragePublicDirectory(
      ExternalPath.DIRECTORY_DOCUMENTS,
    );
    final file = File('$path/secret.txt');
    await file.writeAsString('secr3tPa\$\$W0rd\n');
}

jadx -d decompiled MASTG-DEMO-0001.apk 

public final void mastgTestApi() {
    File externalStorageDir = this.context.getExternalFilesDir(null);
    File fileName = new File(externalStorageDir, "secret.txt");
    try {
        FileOutputStream fileOutputStream = new FileOutputStream(fileName);
        try {
            FileOutputStream output = fileOutputStream;
            byte[] bytes = "secr3tPa$$W0rd\n".getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
            output.write(bytes);
            Log.d("WriteExternalStorage", "File written to external storage successfully.");
            CloseableKt.closeFinally(fileOutputStream, null);
        } finally {
        }
    } catch (IOException e) {
        Log.e("WriteExternalStorage", "Error writing file to external storage", e);
    }
}

python3 blutter.py app-release.apk decompiled

├── asm
│   └── mas_test_app
│       ├── demo_results.dart
│       ├── main.dart
│       ├── mastg_test.dart
│       └── result.dart
├── blutter_frida.js
├── ida_script
│   ├── addNames.py
│   └── ida_dart_struct.h
├── objs.txt
└── pp.txt

_ mastgTestExternalPath(/* No info */) async {
    // ** addr: 0x23caf4, size: 0xf8
    // 0x23caf4: EnterFrame
    //     0x23caf4: stp             fp, lr, [SP, #-0x10]!
    //     0x23caf8: mov             fp, SP
    // 0x23cafc: AllocStack(0x28)
    //     0x23cafc: sub             SP, SP, #0x28
...
    // 0x23cbc8: r2 = "secr3tPa$$W0rd\n"

flutter build apk --obfuscate --split-debug-info=symbols

.
├── asm
│   ├── Abd.dart
│   ├── aed.dart
...
│   ├── zhd.dart
│   └── Zid.dart
├── blutter_frida.js
├── ida_script
│   ├── addNames.py
│   └── ida_dart_struct.h
├── objs.txt
└── pp.txt

[pp+0x7fc8] String: "secr3tPa$$W0rd\n"

package org.owasp.mastestapp

import android.content.Context
import androidx.core.content.edit
import androidx.security.crypto.EncryptedSharedPreferences
import androidx.security.crypto.MasterKey

class MastgTest(private val context: Context) {
    // WARNING: In a real application, these keys should NOT be hardcoded. They should be stored securely, for instance, in the Android Keystore.
    private val awsKey = "AKIAABCDEFGHIJKLMNOP"
    private val githubToken = "ghp_1234567890abcdefghijklmnopqrstuvABCD"
    private val preSharedKeys = hashSetOf(
        "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALfX7kbfFv3pc3JjOHQ=\n-----END PRIVATE KEY-----",
        "-----BEGIN PRIVATE KEY-----\ngJXS9EwpuzK8U1TOgfplwfKEVngCE2D5FNBQWvNmuHHbigmTCabsA=\n-----END PRIVATE KEY-----"
    )
    private val sharedPrefsName = "MasSharedPref_Sensitive_Data"

    fun mastgTest(): String {
        return try {
            val masterKey = MasterKey.Builder(context)
                .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
                .build()

            val encryptedPrefs = EncryptedSharedPreferences.create(
                context,
                sharedPrefsName,
                masterKey,
                EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
                EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
            )

            encryptedPrefs.edit {
                putString("EncryptedAWSKey", awsKey)
                putString("GitHubToken", githubToken)
                putStringSet("preSharedKeys", preSharedKeys)
            }

            "Sensitive data has been written and deleted in the sandbox."
        } catch (e: Exception) {
            "Error during MastgTest: ${e.message ?: "Unknown error"}"
        }
    }
}

adb root
adb push frida-server /data/local/tmp/
adb shell "chmod 755 /data/local/tmp/frida-server"
adb shell "/data/local/tmp/frida-server &"

var target = {
  category: "STORAGE",
  demo: "0060",
  hooks: [
    {
      class: "androidx.security.crypto.EncryptedSharedPreferences$Editor",
      methods: [
        "putString",
        "putStringSet"
      ]
    },
    {
      class: "android.app.SharedPreferencesImpl$EditorImpl",
      methods: [
        "putString",
        "putStringSet"
      ]
    }
  ]
}

{
  "id": "8a1fa598-4cb8-427e-ab73-4f24a1f76efe",
  "category": "STORAGE",
  "time": "2025-11-19T17:35:08.695Z",
  "class": "android.app.SharedPreferencesImpl$EditorImpl",
  "method": "putString",
  "stackTrace": [
    "android.app.SharedPreferencesImpl$EditorImpl.putString(Native Method)",
    "com.google.crypto.tink.integration.android.SharedPrefKeysetWriter.write(SharedPrefKeysetWriter.java:70)",
    "com.google.crypto.tink.KeysetHandle.writeWithAssociatedData(KeysetHandle.java:869)",
    "com.google.crypto.tink.KeysetHandle.write(KeysetHandle.java:858)",
    "com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.generateKeysetAndWriteToPrefs(AndroidKeysetManager.java:353)",
    "com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build(AndroidKeysetManager.java:292)",
    "androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:169)",
    "androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:131)"
  ],
  "inputParameters": [
    {
      "type": "java.lang.String",
      "value": "__androidx_security_crypto_encrypted_prefs_key_keyset__"
    },
    {
      "type": "java.lang.String",
      "value": "12a70146597673f2b896ed619f976052ecf522726e8c922e2b5b8f396f64778a1141b44a02733ffe8824705a5ebf15be75807096ac69bd83276465aa5625d89f125d0ebe93c4f3cc389965cf0423ccf793cf399335fb56159adad48af44c0038fb99282439b2ccfddeda689f2a71d209099873c35427a1dd1aaeb82c8f62df695aa04f27fd22761275bbca7fb5a7829cf142dfe602910d44df1ff9dd31bf495aefb4509cc819114ba2a91a4208f5f8bc7a123b0a30747970652e676f6f676c65617069732e636f6d2f676f6f676c652e63727970746f2e74696e6b2e4165735369764b6579100118f5f8bc7a2001"
    }
  ],
  "returnValue": [
    {
      "type": "android.content.SharedPreferences$Editor",
      "value": "<instance: android.content.SharedPreferences$Editor, $className: android.app.SharedPreferencesImpl$EditorImpl>"
    }
  ]
}

import 'package:flutter_secure_storage/flutter_secure_storage.dart';
import 'package:mas_test_app/demo_results.dart';

class MastgTest {
  final FlutterSecureStorage _storage = const FlutterSecureStorage();
  // WARNING: In a real application, these keys should NOT be hardcoded. They should be stored securely, for instance, in a Keystore.
  final String _awsKey = "AKIAABCDEFGHIJKLMNOP";
  final String _githubToken = "ghp_1234567890abcdefghijklmnopqrstuvABCD";

  DemoResults mastgTest() {
    DemoResults r = DemoResults(demoId: '0001');
    try {
      _write("EncryptedAWSKey", _awsKey);
      _write("GitHubToken", _githubToken);
      r.add(
        Status.pass,
        "Sensitive data has been written and deleted in the sandbox.",
      );
    } catch (e) {
      r.add(Status.error, e.toString());
    }
    return r;
  }

  Future<void> _write(String key, String value) async {
    await _storage.write(
      key: key,
      value: value,
      iOptions: _getIOSOptions(),
      aOptions: _getAndroidOptions(),
    );
  }

  IOSOptions _getIOSOptions() =>
      IOSOptions(accessibility: KeychainAccessibility.first_unlock);
  AndroidOptions _getAndroidOptions() =>
      const AndroidOptions(encryptedSharedPreferences: true);
}

adb pull /data/user/0/com.davidmartos96.example/databases/unencrypted.db
adb pull /data/user/0/com.davidmartos96.example/databases/encrypted.db