markdown fix

macik09 · macik09 · commit 4a930bcbfb3c · 2025-11-28T10:25:05.000+01:00
diff --git a/demos/android/MASVS-STORAGE/MASTG-DEMO-0069/MASTG-DEMO-0069.md b/demos/android/MASVS-STORAGE/MASTG-DEMO-0069/MASTG-DEMO-0069.md
@@ -32,4 +32,4 @@ The output contains the extracted sensitive data, showing PII (email address) an
 
 ### Evaluation
 
-This test fails because the app uses DataStore without encryption, storing sensitive data such as an access token (secret) and the user's email address (PII) in **plaintext** within the sandbox.  
+This test fails because the app uses DataStore without encryption, storing sensitive data such as an access token (secret) and the user's email address (PII) in **plaintext** within the sandbox.
diff --git a/tests-beta/android/MASVS-STORAGE/MASTG-TEST-0305.md b/tests-beta/android/MASVS-STORAGE/MASTG-TEST-0305.md
@@ -20,6 +20,7 @@ The goal of this test is to detect insecure storage of sensitive information in
 ## Steps
 
 ### Static Analysis
+
 1. Obtain the application package (e.g., APK file) using @MASTG-TECH-0003.
 2. Use a static analysis technique (@MASTG-TECH-0014) to identify references to DataStore APIs such as:
     - `androidx.datastore.preferences.preferencesDataStore`
@@ -30,19 +31,21 @@ The goal of this test is to detect insecure storage of sensitive information in
     - a secure mechanism (e.g., applying an `EncryptedFile.Builder` for Preferences DataStore or using an encrypted custom serializer for Proto DataStore) is explicitly applied to the sensitive fields.
 
 ### Dynamic Analysis
+
 1. Install and run the app on a rooted or emulated device (@MASTG-TECH-0005).
 2. Trigger app functionality that processes or stores sensitive data.
-3. Access the app’s private storage (typically `/data/data/<package_name>/datastore/`) and locate the DataStore files. This requires accessing the app data directories (@MASTG-TECH-0008). File names usually end with:
+3. Access the app's private storage (typically `/data/data/<package_name>/datastore/`) and locate the DataStore files. This requires accessing the app data directories (@MASTG-TECH-0008). File names usually end with:
     - `.preferences_pb` (Preferences DataStore)
     - `.proto` (Proto DataStore)
 4. Extract the DataStore files from the device using @MASTG-TECH-0003.
-5. Inspect the file content using a suitable tool, applying the technique for Dynamic Analysis (@MASTG-TECH-0015) to confirm whether sensitive data is stored in plaintext. *Note: Proto DataStore files require a Proto decoder for inspection.*
+5. Inspect the file content using a suitable tool, applying the technique for Dynamic Analysis (@MASTG-TECH-0015) to confirm whether sensitive data is stored in plaintext. _Note: Proto DataStore files require a Proto decoder for inspection._
 
 ---
 
 ## Observation
 
 The output should indicate:
+
 - which DataStore files the app creates,
 - whether sensitive data (tokens, secrets, PII) is present inside these files,
 - whether the stored values appear in plaintext (or easily reversible format).
@@ -52,5 +55,6 @@ The output should indicate:
 ## Evaluation
 
 The test fails if:
+
 - sensitive data is stored in DataStore files without encryption.
 - plaintext tokens, secrets, or PII can be read from the DataStore files through static or dynamic analysis.

Original file line number	Diff line number	Diff line change
`@@ -32,4 +32,4 @@ The output contains the extracted sensitive data, showing PII (email address) an`
`32`	`32`
`33`	`33`	`### Evaluation`
`34`	`34`
`35`		`-This test fails because the app uses DataStore without encryption, storing sensitive data such as an access token (secret) and the user's email address (PII) in plaintext within the sandbox.`
	`35`	`+This test fails because the app uses DataStore without encryption, storing sensitive data such as an access token (secret) and the user's email address (PII) in plaintext within the sandbox.`