Skip to content

IWA-Mobile is an insecure React Native mobile application for use in Fortify Demonstrations

License

Notifications You must be signed in to change notification settings

fortify-presales/IWA-Mobile

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ec4e80d · Dec 13, 2023

History

97 Commits
Dec 13, 2023
Dec 8, 2023
Nov 2, 2023
Mar 7, 2023
Dec 13, 2023

Repository files navigation

Fortify Security Scan

IWA-Mobile

Table of Contents

Overview

IWA-Mobile is an insecure React Native mobile application with ExpressJS API and MongoDB database backend. It includes some examples of bad and insecure code - which can be found using static and mobile security testing tools such as those provided by Fortify by OpenText.

The application is intended to provide the functionality of a typical "online pharmacy", including purchasing Products (medication) and requesting Services (prescriptions, health checks etc).

Please note: the application should not be used in a production environment!

Forking the Repository

In order to execute example scenarios for yourself, it is recommended that you "fork" a copy of this repository into your own GitHub account. The process of "forking" is described in detail in the GitHub documentation

  • you can start the process by clicking on the "Fork" button at the top right.

Setting up the Development Environment

This application uses the API from https://github.com/fortify-presales/IWA-API. Please follow the instructions for this application and how to get it running.

For this application to run you will also require the following to be installed:

  • NodeJS LTS version
  • React Native CLI for your preferred operating system and target device/simulator.

Clone the repository (preferably your fork from above) and then install all the required third-party packages using:

Please read the instructions from https://reactnative.dev/docs/environment-setup on how to start up the Metro Bundler and running the application first. Then in one terminal, run

cd src
npm install
npm run dev

then press a for run on android.

If your environment is configured correctly, the Android emulator should startup with the application running. Finally, to create a proxy from the Express API running locally to the application running on the emulator:

adb reverse tcp:3000 tcp:3000

Press r in the react-native console to reload the app and the application should now be ready to use.

iOS

TBD

Building and Installing the Application Binary

Android

To build the Android .apk run the following:

cd android
.\gradlew assembleRelease

Attach your android device via USB and run:

adb devices

to list your attached device id. Then install it using a command similar to the following:

adb -S YOUR_DEVICE_ID install "FULL_PATH_TO\android\app\build\outputs\apk\release\app-release.apk"

iOS

TBD