IWA-Mobile is an insecure React Native mobile application with ExpressJS API and MongoDB database backend. It includes some examples of bad and insecure code - which can be found using static and mobile security testing tools such as those provided by Fortify by OpenText.
The application is intended to provide the functionality of a typical "online pharmacy", including purchasing Products (medication) and requesting Services (prescriptions, health checks etc).
Please note: the application should not be used in a production environment!
In order to execute example scenarios for yourself, it is recommended that you "fork" a copy of this repository into your own GitHub account. The process of "forking" is described in detail in the GitHub documentation
- you can start the process by clicking on the "Fork" button at the top right.
This application uses the API from https://github.com/fortify-presales/IWA-API. Please follow the instructions for this application and how to get it running.
For this application to run you will also require the following to be installed:
- NodeJS LTS version
- React Native CLI for your preferred operating system and target device/simulator.
Clone the repository (preferably your fork from above) and then install all the required third-party packages using:
Please read the instructions from https://reactnative.dev/docs/environment-setup on how to start up the Metro Bundler and running the application first. Then in one terminal, run
cd src
npm install
npm run dev
then press a
for run on android.
If your environment is configured correctly, the Android emulator should startup with the application running. Finally, to create a proxy from the Express API running locally to the application running on the emulator:
adb reverse tcp:3000 tcp:3000
Press r
in the react-native console to reload the app and the application should now be ready to use.
iOS
TBD
Android
To build the Android .apk
run the following:
cd android
.\gradlew assembleRelease
Attach your android device via USB and run:
adb devices
to list your attached device id. Then install it using a command similar to the following:
adb -S YOUR_DEVICE_ID install "FULL_PATH_TO\android\app\build\outputs\apk\release\app-release.apk"
iOS
TBD