Port MASTG-TEST-0065 to v2: iOS Data Encryption on the Network

[Copilot]

This PR closes #831

Description

Ports iOS v1 test MASTG-TEST-0065 "Testing Data Encryption on the Network" to MASTG v2 format, splitting it into atomic tests per the porting guidelines.

New Tests:

• MASTG-TEST-0313: Hardcoded HTTP URLs - static analysis using r2 to detect HTTP URLs in iOS binaries
• MASTG-TEST-0314: ATS Configurations Allowing Cleartext Traffic - static analysis of NSAppTransportSecurity exceptions in Info.plist
• MASTG-TEST-0315: Uses of Low-Level Networking APIs that Bypass ATS - static analysis to detect Network framework, CFNetwork, or BSD sockets that bypass ATS protections

New Demos:

• MASTG-DEMO-0076: Insecure ATS config with NSAllowsArbitraryLoads=true
• MASTG-DEMO-0077: HTTP URL detection in binary (draft, requires MASTestApp rebuild)
• MASTG-DEMO-0078: Low-level Network framework usage bypassing ATS (draft, requires MASTestApp rebuild)
• MASTG-DEMO-0079: BSD sockets usage bypassing ATS (draft, requires MASTestApp rebuild)

Updates:

• MASTG-TEST-0236 (platform: network): Added related-tests linking to new iOS tests including MASTG-TEST-0315
• MASTG-TEST-0065: Deprecated with covered_by pointing to new v2 tests

All tests reference weakness MASWE-0050 and profiles [L1, L2]. Dynamic analysis is covered by existing MASTG-TEST-0236.

---

[x] I have read the contributing guidelines.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>MASTG v1->v2 MASTG-TEST-0065: Testing Data Encryption on the Network (ios)</issue_title>
<issue_description>
Create a new MASTG v2 test covering for":

• Title: Testing Data Encryption on the Network
• ID: MASTG-TEST-0065
• Link: https://mas.owasp.org/MASTG/tests/ios/MASVS-NETWORK/MASTG-TEST-0065/
• Platform: ios
• MASVS v1: ['MSTG-NETWORK-1']
• MASVS v2: ['MASVS-NETWORK-1']

Follow the guidelines
</issue_description>

<agent_instructions>Split into several new atomic tests wherever it makes sense and create one demo per new test.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes MASTG v1->v2 MASTG-TEST-0065: Testing Data Encryption on the Network (ios) #2956

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[cpholguera]

@copilot please add a test and a demo for connections by low level APIs that don't honor ATS

[Copilot]

@copilot please add a test and a demo for connections by low level APIs that don't honor ATS

Added MASTG-TEST-0315 "Uses of Low-Level Networking APIs that Bypass ATS" and MASTG-DEMO-0078 demonstrating Network framework usage without TLS. The test covers detection of NWConnection, CFNetwork, CFSocket APIs and BSD sockets that bypass ATS protections. Commit: 9afed1f

[cpholguera]

@copilot Now add a second demo for MASTG-TEST-0315 which uses sockets directly

[Copilot]

@copilot Now add a second demo for MASTG-TEST-0315 which uses sockets directly

Added MASTG-DEMO-0079 demonstrating BSD sockets (socket, connect, send, recv) usage that bypasses ATS. The demo includes a Swift sample showing direct socket connections and an r2 script to detect these APIs in binaries. Commit: 3dce386