Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Mobile apps cannot be built #752

Open
malte-skoruppa-sonarsource opened this issue Mar 15, 2023 · 0 comments
Open

[BUG] Mobile apps cannot be built #752

malte-skoruppa-sonarsource opened this issue Mar 15, 2023 · 0 comments
Labels
Bug

Comments

@malte-skoruppa-sonarsource
Copy link

Describe the bug

SecurityShepherd contains several "mobile apps" in https://github.com/OWASP/SecurityShepherd/tree/dev/src/MobileShepherd.

Each of these mobile apps is built using Gradle.

It appears that they all rely on some very old Android API (21 for the most part, some are 22/23/24) which is not supported any longer.

Trying to build the projects results (depending on the project) in various errors, for example for BrokenCrypto:

$ ./gradlew build

FAILURE: Build failed with an exception.

* What went wrong:
A problem occurred configuring project ':app'.
> Could not resolve all dependencies for configuration ':app:_debugCompile'.
   > Could not find com.android.support:appcompat-v7:21.0.3.
     Searched in the following locations:
         https://jcenter.bintray.com/com/android/support/appcompat-v7/21.0.3/appcompat-v7-21.0.3.pom
         https://jcenter.bintray.com/com/android/support/appcompat-v7/21.0.3/appcompat-v7-21.0.3.jar
     Required by:
         BrokenCrypto:app:unspecified

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output.

BUILD FAILED

Total time: 2.65 secs

It seems like the dependencies are not available any longer, which (I assume) is due to the fact that the corresponding Android versions are no longer supported.

This is only an example for BrokenCrypto and the exact build failure error message is different depending on the exact mobile project being built. This bug report is not about BrokenCrypto in particular, but rather to point out that all the mobile projects seem to be outdated and do not build anymore.

To Reproduce
Steps to reproduce the behavior:

  1. Go to src/MobileShepherd/BrokenCrypto (or some other project in src/MobileShepherd/)
  2. Make sure to use Java 8, as Java 11 or Java 17 are not supported at all and Gradle immediately fails with an error message along the lines of Could not determine java version from '17.0.6' before it even tries to build the project.
  3. Set ANDROID_HOME to your Android SDK.
  4. Execute ./gradlew build
  5. See error.

Expected behavior

I expect the build to succeed.

It would also be great to have a README.md that describes how the projects are supposed to be built, what are the prerequisites, etc., similar to the main page of the repository which explains how to build the Docker container and fire up the server.

Desktop (please complete the following information):

  • OS: Ubuntu Linux 22.04

Further Information:
Java version used: 1.8.0_362.
As mentioned above, the build fails even earlier with modern Java versions.

Android SDK version used: Android SDK Platform 33 (revision: 2)

Additional context
It seems like the mobile apps were built around 7 or so years ago by @SeanDuggan. It is quite possible that the projects are simply no longer maintained and no longer work, but in this case, does it make sense to even keep them in the repository? I would love to get Seán's view about this. 🙂
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@malte-skoruppa-sonarsource