Port MASTG-TEST-0036: Testing Enforced Updating (android)

[aakarshgopishetty]

Thank you for submitting a Pull Request to the OWASP MASTG. Please make sure that:

• Your contribution is written in the 2nd person (e.g. you)
• Your contribution is written in an active present form for as much as possible.
• You have made sure that the reference section is up to date (e.g. please add sources you have used, make sure that the references to MITRE/MASVS/etc. are up to date)
• Your contribution has proper formatted markdown and/or code
• Any references to website have been formatted as [TEXT](URL “NAME”)
• You verified/tested the effectiveness of your contribution (e.g.: is the code really an effective remediation? Please verify it works!)

If your PR is related to an issue. Please end your PR test with the following line:
This PR closes #2994.

[cpholguera]

This PR doesn't comply with our guidelines. Please check them out before proceeding. See our previous discussions here:

#2994 (comment)

#2999 (comment)

Turning into "DRAFT" until the files are compliant.

[cpholguera]

This file doesn't belong to this PR

[cpholguera]

This file doesn't belong to this PR

[cpholguera]

This doesn't comply with the required structure and style as defined in our guidelines. Please check them out before proceeding.

[aakarshgopishetty]

@cpholguera I have removed unrelated files and fixed Markdown linting. Please review again. Thanks!

[sk3l10x1ng]

@aakarshgopishetty kindly follow the structure and update changes accordingly.

[sk3l10x1ng]

@aakarshgopishetty

Here are the links to the guidelines as well as the specific guidelines for writing new tests and demos here:

https://docs.google.com/document/d/1EMsVdfrDBAu0gmjWAUEs60q-fWaOmDB5oecY9d9pOlg/edit?tab=t.0

• The file is located in the wrong directory.This new porting MASTG-TEST-xxxx.md file needs to be located in tests-beta/android/MASVS-CODE/ and should include the following essential elements.

  • Metadata

    ---
    platform: android
    title: Enforced Updating
    id: MASTG-TEST-0x36
    type: [static]
    weakness: MASWE-0075
    --- 
    
  • Body

     ## Overview
    
     ## Steps
    
     ## Observation
    
     ## Evaluation
    

  Here’s a example of the MASTG-TEST-0254 structure https://github.com/OWASP/owasp-mastg/blob/f041b2c60afc81452095bd921e243309c817e292/tests-beta/android/MASVS-PRIVACY/MASTG-TEST-0254.md

Demo

• A demo needs to be developed for MASTG-TEST-xxxx using the demo application found at https://github.com/cpholguera/MASTestApp-Android.
  For this demo should be located in the directory demos/android/MASVS-CODE/MASTG-DEMO-xxxx/.

• The Semgrep rule for the application needs to be located beneath rules/mastg-android-xxxx.yaml. i.e https://github.com/OWASP/owasp-mastg/tree/f041b2c60afc81452095bd921e243309c817e292/rules

Here’s an example of the demo folder structure:
https://github.com/OWASP/owasp-mastg/tree/f041b2c60afc81452095bd921e243309c817e292/demos/android/MASVS-PRIVACY/MASTG-DEMO-0033

[sk3l10x1ng]

• This file doesn't belong to this PR , the MASTG-TEST-0036 is associated with this testcase

• When dealing with "porting tests" issues, you won't be modifying the V1 tests. Instead, you'll mark them as deprecated and indicate the new tests to be used at the end of the metadata.

  status: deprecated
  covered_by: [MASTG-TEST-0x36]
  deprecation_note: New version available in MASTG V2