Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Port MASTG-TEST-0073 (by @guardsquare) #3051

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Port MASTG-TEST-0073 (by @guardsquare) #3051

wants to merge 1 commit into from

Conversation

pascalj
Copy link
Collaborator

@pascalj pascalj commented Nov 7, 2024

  • Your contribution is written in the 2nd person (e.g. you)
  • Your contribution is written in an active present form for as much as possible.
  • You have made sure that the reference section is up to date (e.g. please add sources you have used, make sure that the references to MITRE/MASVS/etc. are up to date)
  • Your contribution has proper formatted markdown and/or code
  • Any references to website have been formatted as [TEXT](URL “NAME”)
  • You verified/tested the effectiveness of your contribution (e.g.: is the code really an effective remediation? Please verify it works!)

This PR closes #2966

@pascalj pascalj changed the title Port MASTG-TEST-0073 Port MASTG-TEST-0073 (by @guardsquare) Nov 7, 2024
@pascalj
Copy link
Collaborator Author

pascalj commented Nov 7, 2024

A couple of comments:

TheDauntless
TheDauntless reviewed Nov 7, 2024
View reviewed changes
tests-beta/ios/MASVS-PLATFORM/MASTG-TEST-0x73-1.md Outdated

The systemwide general pasteboard can be obtained by the [`generalPasteboard`](https://developer.apple.com/documentation/uikit/uipasteboard/1622106-generalpasteboard "UIPasteboard generalPasteboard") function. The general pasteboard enables easy sharing of information between apps. However, it can also leak sensitive data, since every app and [potentially even other devices](https://developer.apple.com/documentation/uikit/uipasteboard#3671087 "UIPasteboard") can request the contents. Since iOS 16.0 this requires user interaction.

When you are dealing with sensitive data, usage of the general pasteboard should be avoided. This static test case identifies whether the app uses the general keyboard.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
When you are dealing with sensitive data, usage of the general pasteboard should be avoided. This static test case identifies whether the app uses the general keyboard.
When you are dealing with sensitive data, usage of the general pasteboard should be avoided. This static test case identifies whether the app uses the general pasteboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TheDauntless TheDauntless TheDauntless left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

MASTG v1->v2 MASTG-TEST-0073: Testing UIPasteboard (ios)
2 participants
@pascalj @TheDauntless