Merge branch 'master' into copilot/fix-3069

Author: cpholguera

.github/FUNDING.yml

@@ -1 +1 @@
-custom: https://www.icrc.org/en/donate/ukraine
+custom: https://mas.owasp.org/donate/how_to_donate/

.github/ISSUE_TEMPLATE/bug-report-app.yml

@@ -23,7 +23,7 @@ body:
     id: where
     attributes:
       label: App Name
-      description: Name of crackme or challenge app that is broken. See all apps [here](https://github.com/OWASP/owasp-mastg/tree/master/Crackmes).
+      description: Name of crackme or challenge app that is broken. See all apps [here](https://github.com/OWASP/mastg/tree/master/Crackmes).
       placeholder: e.g. UnCrackable App for Android Level 1
     validations:
       required: true

.github/scripts/check_duplicate_ids.py

@@ -14,7 +14,6 @@
     "tests-beta",
     "tools",
     "techniques",
-    "weaknesses"
 ]
 
 # Regex patterns for different file types
@@ -23,16 +22,10 @@
     "demos": r"MASTG-DEMO-(\d{4})",
     "techniques": r"MASTG-TECH-(\d{4})",
     "tools": r"MASTG-TOOL-(\d{4})",
-    "weaknesses": r"MASWE-(\d{4})",
     "apps": r"MASTG-APP-(\d{4})",
     "tests-beta": r"MASTG-TEST-(\d{4})"
 }
 
-# Special handling for patterns that don't match folder names
-FOLDER_TO_PATTERN = {
-    "weaknesses": ["weaknesses"] 
-}
-
 def find_next_available_id(prefix, existing_ids):
     """Find the next available ID for a given prefix"""
     if not existing_ids:
@@ -84,11 +77,6 @@ def main():
             if key in folder:
                 prefix_match = key
                 break
-            # Check special mappings
-            for pattern_folder, patterns in FOLDER_TO_PATTERN.items():
-                if folder in patterns and key == pattern_folder:
-                    prefix_match = key
-                    break
 
         if not prefix_match:
             print(f"Warning: No pattern match found for folder: {folder}")
@@ -112,12 +100,7 @@ def main():
                 file_id = match.group(0)  # Full match like MASTG-BEST-0001
                 id_number = match.group(1)  # Just the number part (0001)
 
-                # For MASWE files, the prefix is just "MASWE"
-                if "MASWE" in file_id:
-                    id_prefix = "MASWE"
-                else:
-                    # For other files, split by dash and take first two parts
-                    id_prefix = "-".join(file_id.split("-")[:2])
+                id_prefix = "-".join(file_id.split("-")[:2])
 
                 # Record the ID and its associated path
                 existing_ids_by_prefix[id_prefix].append(id_number)
@@ -147,10 +130,6 @@ def main():
             if key in filepath:
                 prefix_match = key
                 break
-        
-        # Special case for MASWE files in weaknesses folder
-        if "weaknesses" in filepath and not prefix_match:
-            prefix_match = "weaknesses"
 
         if not prefix_match:
             print(f"Warning: No pattern match found for file: {filepath}")
@@ -170,12 +149,7 @@ def main():
         file_id = match.group(0)  # Full match like MASTG-BEST-0001
         id_number = match.group(1)  # Just the number part (0001)
 
-        # For MASWE files, the prefix is just "MASWE"
-        if "MASWE" in file_id:
-            id_prefix = "MASWE"
-        else:
-            # For other files, split by dash and take first two parts
-            id_prefix = "-".join(file_id.split("-")[:2])
+        id_prefix = "-".join(file_id.split("-")[:2])
 
         print(f"Found ID: {file_id} with prefix: {id_prefix} in new file: {filepath}")
 

.github/workflows/build-website-reusable.yml

@@ -9,7 +9,6 @@ on:
       - 'tests-beta/**'
       - 'tools/**'
       - 'techniques/**'
-      - 'weaknesses/**'
 
 jobs:
   check-duplicates:
@@ -37,7 +36,7 @@ jobs:
           git fetch origin $BASE_REF
           
           # Create a file with the list of new files in this PR
-          git diff --name-status --diff-filter=A origin/$BASE_REF..HEAD | grep -E "^A\s+(apps/|best-practices/|demos/|tests-beta/|tools/|techniques/|weaknesses/)" | cut -f2 > new_files_in_pr.txt || echo "No new files matching the pattern"
+          git diff --name-status --diff-filter=A origin/$BASE_REF..HEAD | grep -E "^A\s+(apps/|best-practices/|demos/|tests-beta/|tools/|techniques/)" | cut -f2 > new_files_in_pr.txt || echo "No new files matching the pattern"
           
           echo "New files in PR:"
           cat new_files_in_pr.txt
@@ -63,11 +62,6 @@ jobs:
               // Extract the ID prefix for a more specific message
               let idType = duplicate.file_id.split('-').slice(0, 2).join('-');
               
-              // Special case for MASWE which only has one segment
-              if (duplicate.file_id.startsWith('MASWE')) {
-                idType = 'MASWE';
-              }
-              
               // Choose the appropriate header style based on comment type
               const headerPrefix = isReviewComment ? '###' : '##';
               

.github/workflows/build-website.yml

@@ -3,8 +3,10 @@ on:
   pull_request:
     branches:
       - "*"
+
 jobs:
   build:
-    uses: ./.github/workflows/build-website-reusable.yml
+    uses: OWASP/mas-website/.github/workflows/build-website-reusable.yml@main
     with:
-      deploy: false
+      deploy: false
+      sources_override_json: ${{ format('{{"OWASP/mastg":"refs/pull/{0}/head"}}', github.event.pull_request.number) }}

.github/workflows/check-duplicate-ids.yml

@@ -119,6 +119,12 @@
         },
         {
             "pattern": "^/checklists/"
+        },
+        {
+            "pattern": "https://techbeacon.com/evolution-devops-new-thinking-gene-kim"
+        },
+        {
+            "pattern": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/"
         }
 
     ],

.github/workflows/check-website-build.yml

@@ -30,7 +30,7 @@ jobs:
 
     - name: Set MASTG_VERSION to env 
       # run: echo "MASTG_VERSION=$(git describe --tags `git rev-list --tags --max-count=1`)" >> $GITHUB_ENV
-      run: echo "MASTG_VERSION=$(curl -s https://api.github.com/repos/OWASP/owasp-mastg/tags | jq '.[0].name' | sed 's/\"//g')" >> $GITHUB_ENV
+      run: echo "MASTG_VERSION=$(curl -s https://api.github.com/repos/OWASP/mastg/tags | jq '.[0].name' | sed 's/\"//g')" >> $GITHUB_ENV
 
     - name: Set DEV VERSION if it's not a tag
       if: ${{ !startsWith(github.ref, 'refs/tags/') }}
@@ -45,14 +45,14 @@ jobs:
       run: echo ${{env.MASTG_COMMIT}}
 
     - name: Get Latest MASVS Release Tag
-      run: echo "MASVS_VERSION=$(curl -s https://api.github.com/repos/OWASP/owasp-masvs/releases/latest | jq '.tag_name' | sed 's/\"//g')" >> $GITHUB_ENV
+      run: echo "MASVS_VERSION=$(curl -s https://api.github.com/repos/OWASP/masvs/releases/latest | jq '.tag_name' | sed 's/\"//g')" >> $GITHUB_ENV
 
     - name: Confirm MASVS Release Tag
       run: echo ${{env.MASVS_VERSION}}
 
     - uses: actions/checkout@v4
       with:
-        repository: "OWASP/owasp-masvs.git"
+        repository: "OWASP/masvs.git"
         ref: ${{env.MASVS_VERSION}}
         fetch-depth: 1
         path: owasp-masvs

.github/workflows/config/url-checker-config.json

@@ -15,4 +15,3 @@ jobs:
         with:
           ignore_words_list: "aas,aaS,ba,bund,compliancy,firt,ist,keypair,ligh,Manuel,Manual,ro,ser,synopsys,theses,zuser,lief,EDE"
           skip: "*.json,*.yml,*.apk,*.ipa,*.svg,*.txt"
-          exclude_file: docs/contributing.md