Port MASTG-TEST-0006 (by @guardsquare) #3055
Conversation
There was a problem hiding this comment.
there's an explanation potentially missing here
we need to indicate that these attributes can appear as e.g. textPassword or TYPE_TEXT_VARIATION_PASSWORD depending on ...
This is sth. I would not have in the theory but rather in the test because it directly affect how we're going to test.
There was a problem hiding this comment.
I added the explanation in the latest commit. PLease have a look
…rence between them
|
|
||
| Android apps can use XML or code to create the UI. Many apps use both techniques simultaneously. So you should test both. After unpacking the APK with @MASTG-TOOL-0011, the XML files are in `/res/layout` directory. You can search for the code attributes with @MASTG-TOOL-0018. | ||
|
|
||
| ## Steps |
There was a problem hiding this comment.
from the original test:
Finally, check the minimum required SDK version in the Android Manifest (
android:minSdkVersion) since it must support the used constants (for example, Android SDK version 11 is required fortextWebPassword). Otherwise, the compiled app would not honor the used input type constants allowing keyboard caching.
Shouldn't we add this? Maybe we see the constants but the app can be installed on older OS versions where they won't apply.
|
|
||
| 1. Statically search for the above XML attributes with @MASTG-TOOL-0011 | ||
|
|
||
| 2. Statically search for above code attributes with @MASTG-TOOL-0018 |
There was a problem hiding this comment.
Also from the original:
Check the application code to verify that none of the input types are being overwritten. For example, by doing
findViewById(R.id.KeyBoardCache).setInputType(InputType.TYPE_CLASS_TEXT)the input type of the input fieldKeyBoardCacheis set totextreenabling the keyboard cache.
Shouldn't we also check for this here?
| | [`numberPassword`](https://developer.android.com/reference/android/widget/TextView#attr_android:inputType:~:text=_DECIMAL.-,numberPassword,-12) | [`TYPE_NUMBER_VARIATION_PASSWORD`](https://developer.android.com/reference/android/text/InputType#TYPE_NUMBER_VARIATION_PASSWORD "A numeric password field") | 11 | | ||
| | [`textWebPassword`](https://developer.android.com/reference/android/widget/TextView#attr_android:inputType:~:text=_ADDRESS.-,textWebPassword,-e1) | [`TYPE_TEXT_VARIATION_WEB_PASSWORD`](https://developer.android.com/reference/android/text/InputType#TYPE_TEXT_VARIATION_WEB_PASSWORD "Text web password input type") | 11 | | ||
|
|
||
| Android apps can use XML or code to create the UI. Many apps use both techniques simultaneously. So you should test both. After unpacking the APK with @MASTG-TOOL-0011, the XML files are in `/res/layout` directory. You can search for the code attributes with @MASTG-TOOL-0018. |
There was a problem hiding this comment.
The section isn't super useful but just for the sake of keeping track of it. We can improve that section later.
| Android apps can use XML or code to create the UI. Many apps use both techniques simultaneously. So you should test both. After unpacking the APK with @MASTG-TOOL-0011, the XML files are in `/res/layout` directory. You can search for the code attributes with @MASTG-TOOL-0018. | |
| Android apps can use XML or code to create the UI. Many apps use both techniques simultaneously. So you should test both. After unpacking the APK with @MASTG-TOOL-0011, the XML files are in `/res/layout` directory. You can search for the code attributes with @MASTG-TOOL-0018. | |
| For more information you can consult the MASTG section about ["Keyboard Cache"](../../../Document/0x05d-Testing-Data-Storage.md#keyboard-cache). |
There was a problem hiding this comment.
Do we have any demos / could you add one?
This PR closes #2936.