Ignore Node/npm related tmp files.

.gitignore

@@ -25,3 +25,7 @@ proguard/
 
 # Log Files
 *.log
+
+# Node/NPM
+DVHMA-Featherweight/node_modules/
+DVHMA-Featherweight/package-lock.json

DVHMA-Featherweight/config.xml

@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='utf-8'?>
 <widget id="de.zertapps.dvhma.featherweight" version="1.0.0-6.3.0" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
     <name>Featherweight DVHMA</name>
-    <author href="https://logicalhacking.com"></author>
+    <author href="https://logicalhacking.com" />
     <description>
         Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities. 
 
@@ -9,4 +9,7 @@
     </description>
     <content src="index.html" />
     <access origin="*" />
+    <plugin name="de.zertapps.dvhma.plugins.storage" spec="../plugins/DVHMA-Storage" />
+    <plugin name="de.zertapps.dvhma.plugins.webintent" spec="../plugins/DVHMA-WebIntent" />
+    <engine name="android" spec="~7.0.0" />
 </widget>

README.md

@@ -1,4 +1,5 @@
 # DVHMA
+
 Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for
 Android) that *intentionally* contains vulnerabilities. Its purpose is
 to enable security professionals to test their tools and techniques
@@ -6,28 +7,37 @@ legally, help developers better understand the common pitfalls in
 developing hybrid mobile apps securely.
 
 ## Motivation and Scope
+
 This app is developed to study pitfalls in developing hybrid apps,
-e.g., using Apache Cordova or SAP Kapsel, securely. Currently, the
+e.g., using [Apache Cordova](https://cordova.apache.org/) or
-main focus is to develop a deeper understanding of injection
+[SAP Kapsel](https://blogs.sap.com/2013/10/21/an-introduction-to-smp-kapsel/),
-vulnerabilities that exploit the JavaScript to Java bridge.
+securely. Currently, the main focus is to develop a deeper
+understanding of injection vulnerabilities that exploit the JavaScript
+to Java bridge.
 
 ## Installation
+
 ### Prerequisites
+
 We assume that the
+
 * Android SDK (https://developer.android.com/sdk/index.html) and 
-* Apache Cordova (https://cordova.apache.org/), version 6.3.0 or later
+* Apache Cordova (https://cordova.apache.org/), version 8.0.0 (later
-  are installed. 
+  versions might work) 
 
 Moreover, we assume a basic familiarity with the build system of 
 Apache Cordova.
 
 ### Building DVHMA
+
 #### Setting Environment Variables
+
     export ANDROID_HOME=<Android SDK Installation Directory>
     export PATH=$ANDROID_HOME/tools:$PATH
     export PATH=$ANDROID_HOME/platform-tools:$PATH
 
 #### Compiling DVHMA
+
     cd DVHMA-Featherweight
     cordova plugin add ../plugins/DVHMA-Storage
     cordova plugin add ../plugins/DVHMA-WebIntent 
@@ -35,9 +45,11 @@ Apache Cordova.
     cordova compile android
 
 #### Running DVHMA in an Emulator
+
     cordova run android 
 
 ## Team Members
+
 The development of this application started as part of the project 
 [ZertApps](http://www.zertapps.de). ZertApps was a collaborative 
 research project funded by the German Ministry for Research and 
@@ -50,4 +62,24 @@ The core developers of DVHMA are:
 * [Michael Herzberg](http://www.dcs.shef.ac.uk/cgi-bin/makeperson?M.Herzberg)
 
 ## License
+
 This project is under the Apache 2.0 License. 
+
+SPDX-License-Identifier: Apache-2.0
+
+## Master Repository
+
+The master git repository for this project is hosted by the [Software
+Assurance & Security Research Team](https://logicalhacking.com) at
+<https://git.logicalhacking.com/DASCA/DVHMA/>.
+
+## Publications
+
+* Achim D. Brucker and Michael Herzberg. [On the Static Analysis of
+  Hybrid Mobile Apps: A Report on the State of Apache Cordova
+  Nation.](https://www.brucker.ch/bibliography/download/2016/brucker.ea-cordova-security-2016.pdf)
+  In International Symposium on Engineering Secure Software
+  and Systems (ESSoS). Lecture Notes in Computer Science (9639), pages
+  72-88, Springer-Verlag, 2016.
+  https://www.brucker.ch/bibliography/abstract/brucker.ea-cordova-security-2016
+  doi: [10.1007/978-3-319-30806-7_5](http://dx.doi.org/10.1007/978-3-319-30806-7_5)

plugins/DVHMA-Storage/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "de.zertapps.dvhma.plugins.storage",
+  "version": "1.0.0",
+  "description": "DVHMA Storage Backend",
+  "cordova": {
+    "id": "de.zertapps.dvhma.plugins.storage",
+    "platforms": [
+      "android"
+    ]
+  },
+  "keywords": [
+    "ecosystem:cordova",
+    "cordova-android"
+  ],
+  "author": "",
+  "license": "Apache 2.0"
+}

plugins/DVHMA-WebIntent/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "de.zertapps.dvhma.plugins.webintent",
+  "version": "1.0.0",
+  "description": "Web intents for Cordova",
+  "cordova": {
+    "id": "de.zertapps.dvhma.plugins.webintent",
+    "platforms": [
+      "android"
+    ]
+  },
+  "keywords": [
+    "cordova",
+    "webintent",
+    "ecosystem:cordova",
+    "cordova-android"
+  ],
+  "author": "",
+  "license": "MIT"
+}