Ignore Node/npm related tmp files.

.gitignore

@@ -25,3 +25,7 @@ proguard/
 
 # Log Files
 *.log
+
+# Node/NPM
+DVHMA-Featherweight/node_modules/
+DVHMA-Featherweight/package-lock.json

DVHMA-Featherweight/config.xml

@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='utf-8'?>
-<widget id="de.zertapps.dvhma.featherweight" version="1.0.0-3.5.0" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
+<widget id="de.zertapps.dvhma.featherweight" version="1.0.0-6.3.0" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
     <name>Featherweight DVHMA</name>
-    <author href="https://logicalhacking.com"></author>
+    <author href="https://logicalhacking.com" />
     <description>
         Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities. 
 
@@ -9,4 +9,7 @@
     </description>
     <content src="index.html" />
     <access origin="*" />
+    <plugin name="de.zertapps.dvhma.plugins.storage" spec="../plugins/DVHMA-Storage" />
+    <plugin name="de.zertapps.dvhma.plugins.webintent" spec="../plugins/DVHMA-WebIntent" />
+    <engine name="android" spec="~7.0.0" />
 </widget>

DVHMA-OpenUI5/config.xml

@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='utf-8'?>
-<widget id="de.zertapps.dvhma.openui5" version="1.0.0-3.5.0" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
+<widget id="de.zertapps.dvhma.openui5" version="1.0.0-6.3.0" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
     <name>OpenUI5 DVHMA</name>
     <author href="https://logicalhacking.com"></author>
     <description>

README.md

@@ -1,4 +1,5 @@
 # DVHMA
+
 Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for
 Android) that *intentionally* contains vulnerabilities. Its purpose is
 to enable security professionals to test their tools and techniques
@@ -6,28 +7,37 @@ legally, help developers better understand the common pitfalls in
 developing hybrid mobile apps securely.
 
 ## Motivation and Scope
+
 This app is developed to study pitfalls in developing hybrid apps,
-e.g., using Apache Cordova or SAP Kapsel, securely. Currently, the
-main focus is to develop a deeper understanding of injection
-vulnerabilities that exploit the JavaScript to Java bridge.
+e.g., using [Apache Cordova](https://cordova.apache.org/) or
+[SAP Kapsel](https://blogs.sap.com/2013/10/21/an-introduction-to-smp-kapsel/),
+securely. Currently, the main focus is to develop a deeper
+understanding of injection vulnerabilities that exploit the JavaScript
+to Java bridge.
 
 ## Installation
+
 ### Prerequisites
+
 We assume that the
+
 * Android SDK (https://developer.android.com/sdk/index.html) and 
-* Apache Cordova (https://cordova.apache.org/), version 3.5 or later
-are installed. 
+* Apache Cordova (https://cordova.apache.org/), version 8.0.0 (later
+  versions might work) 
 
 Moreover, we assume a basic familiarity with the build system of 
 Apache Cordova.
 
 ### Building DVHMA
+
 #### Setting Environment Variables
+
     export ANDROID_HOME=<Android SDK Installation Directory>
     export PATH=$ANDROID_HOME/tools:$PATH
     export PATH=$ANDROID_HOME/platform-tools:$PATH
 
 #### Compiling DVHMA
+
     cd DVHMA-Featherweight
     cordova plugin add ../plugins/DVHMA-Storage
     cordova plugin add ../plugins/DVHMA-WebIntent 
@@ -35,9 +45,11 @@ Apache Cordova.
     cordova compile android
 
 #### Running DVHMA in an Emulator
+
     cordova run android 
 
 ## Team Members
+
 The development of this application started as part of the project 
 [ZertApps](http://www.zertapps.de). ZertApps was a collaborative 
 research project funded by the German Ministry for Research and 
@@ -50,4 +62,24 @@ The core developers of DVHMA are:
 * [Michael Herzberg](http://www.dcs.shef.ac.uk/cgi-bin/makeperson?M.Herzberg)
 
 ## License
+
 This project is under the Apache 2.0 License. 
+
+SPDX-License-Identifier: Apache-2.0
+
+## Master Repository
+
+The master git repository for this project is hosted by the [Software
+Assurance & Security Research Team](https://logicalhacking.com) at
+<https://git.logicalhacking.com/DASCA/DVHMA/>.
+
+## Publications
+
+* Achim D. Brucker and Michael Herzberg. [On the Static Analysis of
+  Hybrid Mobile Apps: A Report on the State of Apache Cordova
+  Nation.](https://www.brucker.ch/bibliography/download/2016/brucker.ea-cordova-security-2016.pdf)
+  In International Symposium on Engineering Secure Software
+  and Systems (ESSoS). Lecture Notes in Computer Science (9639), pages
+  72-88, Springer-Verlag, 2016.
+  https://www.brucker.ch/bibliography/abstract/brucker.ea-cordova-security-2016
+  doi: [10.1007/978-3-319-30806-7_5](http://dx.doi.org/10.1007/978-3-319-30806-7_5)

plugins/DVHMA-Storage/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "de.zertapps.dvhma.plugins.storage",
+  "version": "1.0.0",
+  "description": "DVHMA Storage Backend",
+  "cordova": {
+    "id": "de.zertapps.dvhma.plugins.storage",
+    "platforms": [
+      "android"
+    ]
+  },
+  "keywords": [
+    "ecosystem:cordova",
+    "cordova-android"
+  ],
+  "author": "",
+  "license": "Apache 2.0"
+}

plugins/DVHMA-WebIntent/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "de.zertapps.dvhma.plugins.webintent",
+  "version": "1.0.0",
+  "description": "Web intents for Cordova",
+  "cordova": {
+    "id": "de.zertapps.dvhma.plugins.webintent",
+    "platforms": [
+      "android"
+    ]
+  },
+  "keywords": [
+    "cordova",
+    "webintent",
+    "ecosystem:cordova",
+    "cordova-android"
+  ],
+  "author": "",
+  "license": "MIT"
+}

releases/de.zertapps.dvhma.featherweight_1.0.0_6.3.0_debug.apk.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJXrC6NAAoJEFk91tz4x3BGchsQAKEJ1lNe6D9a1OX6lsV7CiNP
+gC0z2zdnlBTrcJVqcvD9NE+pCMmhQYPAxenvCRMPVKxS/IotRddAgY9RnRU5AF1Q
+DjVoiq6q/zEfPB4vtTFxyczG6KwngWFa1wzLr1NJ6ksJQmn89v7ocwjBwVLb0F+S
+I47s0XH9ivhfzFwQOGUlDjJBUX58IaFUR4/shv7YdkBAnIWVk07cXP7aUbhS0XXF
+iVnA5GtRrNSyQqZxrYRU4oXYL/5p0/9DJFdWzXmPyj6KljwQiIqxTMZ+B0TlpEA1
+omkCDnKSaRSK9/+SnJtnhb07uw6Avc4O9QboqXW3Ckw4ZyRvpwzfm0YYhwJoQ6Hd
+jDXyQ99zBjPecuxvEDyhbvrq4dc8oUf5xFO8YvjtexvbTtNoZradx5DJHvQK09KR
+k6Q4v2jKh7ut01niGpVfbKbNAjjA8RsVSRCOOQstS80OSUq6KNSQOhX49QvJkjEn
++0SUoJZ4ey9RotpO11cY+pIvyPzeCqPcFBP3ZW/UqQXE1O5LPYDjmWQz9D4/NzQN
+7j+CJilbKRgH/2wdER77Id2QzISAqcruoW+wJ2IGsfG33fwp/+Tljm4ZJzXK2ujh
+oGFps5DtdW6iiUUAdNl8x9NrWqGpgzIfqHbOwRPNwKoanmroUyrD8oNWbKpmLusU
+SRHaAfwv9HQTUnZ1dEKG
+=F5nf
+-----END PGP SIGNATURE-----

releases/de.zertapps.dvhma.openui5_1.0.0_6.3.0_debug.apk.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJXrC6qAAoJEFk91tz4x3BGahYQAJ28bK7SdDEw7h9gQr2VUMx6
+rRbr2rGxrv/8k2mxhPKpinnG7gvsOnfKF2gPvT7Hqi/nmUAKw9niXnREFyKjDDxo
+Q4q0Bjix/+tO2V6hi5X0A1G5LIKHJbQ4pstCdRpwF/GKlU5DL5+VEJDouEM5DesQ
+Y0EnnH7SQPo5RnKALSnXOUvjjK2EuKQOiBwqf7p8slQo00G9DfMePDBeFL7tmJsv
+xgy8IO5kn1gSjsCL9xDbXpTxVWbskrvyYZT93kVnYagrCjyii/9nukPm1Jy9TNh8
+aRT/lvNH4JoZqzXoMmM0/PlM6R/OxWJwTEbS+L3fwoKj/Ojj5Gsoi6EjcgG6Pxug
+GLtEUs0DKv7Oub1BcVMqGI6F1Dbk1ZEd8K99LPg6fIHKNJwU0NzppRxmT6QYqm9m
+jBj6tGwflF7yH1Tz5WSf7Q9UAfoUFbYAx8NkKa6sfbenkt78QBnjIzB2B0Gn68H4
+fa6Z+0LYLS5qbvlmZqWZrRYJ1+FUvQDeM7lJLNAYe7jUs49/kkzgQizV+46/wUXx
+qK4W4mhCqGffP2sKqXnDzUGV6vp7I/KER9ryKcfIECxB+S5ac8RLaju/OWTVq2XH
+3eawhJFRp78R6Td7pv/h2/LezSEeglytGg9l5aQRNr1rNMlBRsQ5HxfxKcFytWqI
+LrNZ7ASFiPA0A/JeAi4S
+=2uOo
+-----END PGP SIGNATURE-----