| commit | 59b22c01066a0857423f9df8327452bf54a7348b | [log] [tgz] |
|---|---|---|
| author | Chris Dombroski <cdombroski@google.com> | Mon Sep 15 23:57:33 2025 +0000 |
| committer | Chris Dombroski <cdombroski@google.com> | Mon Oct 20 22:07:19 2025 +0000 |
| tree | 160e7f58a63f2d7fccdc70f9d905934f881213bb | |
| parent | dd456faaddc962156bfb82148b0721b3e564bb20 [diff] |
Split single-app into app-instrumented-only and app-with-activity Bug: 441727732 Test: manually verified from command line and Android Studio Change-Id: Id5b041df1d7b0742aa4fbeebe3642b18f933655a
This repository contains standalone examples and templates for creating Android Vulnerability Reward Program (VRP) submissions using the AutoRepro framework.
The goal of these projects is to help you write effective, automatically reproducible proofs-of-concept.
To get started, choose the project that best fits your proof-of-concept:
example/: A comprehensive project that demonstrates all major AutoRepro features working together, including multiple device-side apps and a native (NDK) test. This is a good resource to see how different parts can interact.
templates/: A collection of minimal, use-case-specific projects. We recommend starting with one of these templates.
Each AutoRepro project's main purpose is to generate an autorepro-submission.zip file for your report.
You declare metadata about your test using the DSL blocks (e.g., appTest {}, submission {}) provided by the com.android.security.autorepro.* plugins in your build.gradle.kts files.
There are two key Gradle tasks:
./gradlew assembleSubmissionSources: This task compiles the metadata from your DSL blocks into a manifest.json file, which it places in an intermediate build/autorepro-submission/ directory along with your source code../gradlew assembleSubmissionZip: This task packages the contents of that intermediate directory into the final autorepro-submission.zip.Our internal systems parse the autorepro-submission.zip file, using the manifest.json inside it to reconstruct your test. Because the it's based on the generated manifest and not the Gradle files, any custom Gradle logic in your build files is not part of the final submission and will be ignored.
Throughout the projects, you will find variants of the string autorepro_placeholder used in package names, resource files, and other identifiers.
When your submission is processed, our internal tooling performs a find-and-replace on this token to assign your test a unique name for translation into the Android build system.
Please do not modify the autorepro_placeholder string. Leave it as-is in all file names, package names, and resource paths.
For full documentation on writing an AutoRepro test, please see the public documentation.