chore: remove MobSF (overkill for current needs)
This commit is contained in:
Thomas Güttler
+1
-24
@@ -159,34 +159,11 @@ tasks:
|
||||
Android platform 34 or higher not found. Install it with:
|
||||
${ANDROID_HOME:-$HOME/Android/Sdk}/cmdline-tools/latest/bin/sdkmanager "build-tools;34.0.0" "platforms;android-34"
|
||||
|
||||
_mobsf-start:
|
||||
internal: true
|
||||
run: once
|
||||
ignore_error: true
|
||||
cmds:
|
||||
- cmd: |
|
||||
if ! docker ps -q --filter name=mobsf-sharedinbox | grep -q .; then
|
||||
docker rm mobsf-sharedinbox 2>/dev/null || true
|
||||
docker pull -q opensecurity/mobile-security-framework-mobsf:latest >/dev/null 2>&1 || true
|
||||
docker run -d --rm \
|
||||
--name mobsf-sharedinbox \
|
||||
-p 8000:8000 \
|
||||
-e MOBSF_API_KEY=sharedinbox-dev \
|
||||
opensecurity/mobile-security-framework-mobsf:latest >/dev/null
|
||||
fi
|
||||
|
||||
build-android:
|
||||
desc: Build a release APK (runs MobSF security scan if docker is available)
|
||||
desc: Build a release APK
|
||||
deps: [_preflight, _android-sdk-check, _pub-get]
|
||||
cmds:
|
||||
- ANDROID_HOME=${ANDROID_HOME:-$HOME/Android/Sdk} fvm flutter build apk --release --no-pub | grep -Ev "was tree-shaken|Tree-shaking can be disabled"
|
||||
- task: _mobsf-start
|
||||
- scripts/mobsf_scan.sh || true
|
||||
|
||||
mobsf-stop:
|
||||
desc: Stop the MobSF Docker container (started automatically by build-android)
|
||||
cmds:
|
||||
- docker stop mobsf-sharedinbox 2>/dev/null || true
|
||||
|
||||
deploy-android:
|
||||
desc: Build release APK and upload via scp to $ANDROID_APK_SCP_USER@$ANDROID_APK_SCP_HOST:$ANDROID_APK_SCP_PATH
|
||||
|
||||
@@ -218,7 +218,7 @@ and the tile is briefly absent right after. Fixed in
|
||||
`pumpUntil` (5 s timeout) before the tap.
|
||||
|
||||
Bundled with a coherent set of pre-existing infrastructure changes that make the full
|
||||
pipeline (Linux + Android UI tests, MobSF scan, APK upload) work in `nix develop`:
|
||||
pipeline (Linux + Android UI tests, APK upload) work in `nix develop`:
|
||||
|
||||
- `flake.nix`: adds Linux desktop runtime libs (gtk3, mesa, libGL, libsecret, …) plus
|
||||
`PKG_CONFIG_PATH`, `LD_LIBRARY_PATH`, `LIBGL_ALWAYS_SOFTWARE=1`, and the libglvnd
|
||||
@@ -311,15 +311,10 @@ above a divider and the folder list. Tapping it closes the drawer and navigates
|
||||
|
||||
## Speed up `task deploy-android`
|
||||
|
||||
Two parallelism improvements:
|
||||
Parallelism improvement:
|
||||
|
||||
- `_integrations` internal task: runs `integration` and `integration-ui` in parallel (they use
|
||||
random Stalwart ports and different Flutter build targets so there is no conflict).
|
||||
- `_mobsf-start` internal task: starts the MobSF Docker container as a dep of `build-android`,
|
||||
so it warms up concurrently with the APK build instead of blocking for up to 90 s afterwards.
|
||||
- `scripts/mobsf_scan.sh`: added `docker rm $CONTAINER_NAME 2>/dev/null || true` before
|
||||
`docker run` to handle stopped-but-not-yet-removed containers (same fix applied to the new
|
||||
`_mobsf-start` task).
|
||||
|
||||
## Android E2E test verifies APK before deploy
|
||||
|
||||
|
||||
@@ -1,87 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
# Uploads the release APK to MobSF and checks for required Android permissions.
|
||||
# MobSF is started via Docker automatically if not already running.
|
||||
#
|
||||
# Usage: scripts/mobsf_scan.sh [path/to/app.apk]
|
||||
#
|
||||
# Environment variables:
|
||||
# MOBSF_URL — MobSF base URL (default: http://localhost:8000)
|
||||
# MOBSF_API_KEY — REST API key (default: sharedinbox-dev; must match the
|
||||
# value used when starting the container)
|
||||
#
|
||||
# First run pulls the MobSF Docker image (~1 GB); subsequent runs reuse it.
|
||||
set -Eeuo pipefail
|
||||
|
||||
APK="${1:-build/app/outputs/flutter-apk/app-release.apk}"
|
||||
MOBSF_URL="${MOBSF_URL:-http://localhost:8000}"
|
||||
MOBSF_API_KEY="${MOBSF_API_KEY:-sharedinbox-dev}"
|
||||
CONTAINER_NAME="mobsf-sharedinbox"
|
||||
|
||||
[[ -f "$APK" ]] || { echo "APK not found: $APK"; exit 1; }
|
||||
|
||||
command -v docker >/dev/null 2>&1 || { echo "docker not found — install Docker to run MobSF scans"; exit 1; }
|
||||
|
||||
# Start MobSF if not already running.
|
||||
if ! docker ps --format '{{.Names}}' 2>/dev/null | grep -q "^${CONTAINER_NAME}$"; then
|
||||
echo "Starting MobSF Docker container (this may take a moment on first run)..."
|
||||
docker rm "$CONTAINER_NAME" 2>/dev/null || true
|
||||
# Pull quietly first so progress-bar noise doesn't overwrite other output.
|
||||
docker pull -q opensecurity/mobile-security-framework-mobsf:latest >/dev/null 2>&1
|
||||
docker run -d --rm \
|
||||
--name "$CONTAINER_NAME" \
|
||||
-p 8000:8000 \
|
||||
-e MOBSF_API_KEY="$MOBSF_API_KEY" \
|
||||
opensecurity/mobile-security-framework-mobsf:latest >/dev/null
|
||||
fi
|
||||
|
||||
# Wait up to 90 s for MobSF to become ready.
|
||||
echo "Waiting for MobSF to be ready..."
|
||||
READY=0
|
||||
for _i in $(seq 1 90); do
|
||||
curl -s --max-time 2 "$MOBSF_URL/" >/dev/null 2>&1 && READY=1 && break
|
||||
sleep 1
|
||||
done
|
||||
[[ "$READY" -eq 1 ]] || { echo "MobSF did not become ready at $MOBSF_URL within 90 s"; exit 1; }
|
||||
|
||||
# Upload APK.
|
||||
echo "Uploading $(basename "$APK") to MobSF..."
|
||||
UPLOAD=$(curl -s -F "file=@$APK" -H "Authorization: $MOBSF_API_KEY" "$MOBSF_URL/api/v1/upload")
|
||||
HASH=$(echo "$UPLOAD" | jq -r '.hash // empty')
|
||||
[[ -n "$HASH" ]] || { echo "Upload failed — response: $UPLOAD"; exit 1; }
|
||||
echo "Scan hash: $HASH"
|
||||
|
||||
# Trigger scan.
|
||||
echo "Scanning..."
|
||||
curl -s -X POST \
|
||||
--data "hash=$HASH&re_scan=0" \
|
||||
-H "Authorization: $MOBSF_API_KEY" \
|
||||
"$MOBSF_URL/api/v1/scan" >/dev/null
|
||||
|
||||
# Fetch JSON report.
|
||||
REPORT_FILE=$(mktemp /tmp/mobsf-report-XXXXXX.json)
|
||||
trap 'rm -f "$REPORT_FILE"' EXIT
|
||||
curl -s -X POST \
|
||||
--data "hash=$HASH" \
|
||||
-H "Authorization: $MOBSF_API_KEY" \
|
||||
"$MOBSF_URL/api/v1/report_json" >"$REPORT_FILE"
|
||||
|
||||
# ── Permission checks ─────────────────────────────────────────────────────────
|
||||
|
||||
FAIL=0
|
||||
|
||||
check_permission() {
|
||||
local perm="$1"
|
||||
# MobSF returns permissions as an object keyed by permission name.
|
||||
if jq -e --arg p "$perm" '.permissions | has($p)' "$REPORT_FILE" >/dev/null 2>&1; then
|
||||
echo " OK : $perm"
|
||||
else
|
||||
echo " FAIL: $perm missing from AndroidManifest.xml"
|
||||
FAIL=1
|
||||
fi
|
||||
}
|
||||
|
||||
echo "Checking required permissions..."
|
||||
check_permission "android.permission.INTERNET"
|
||||
|
||||
[[ "$FAIL" -eq 0 ]] || { echo "MobSF scan failed — fix the issues above."; exit 1; }
|
||||
echo "MobSF scan passed."
|
||||
Reference in New Issue
Block a user