导航菜单
登录 注册

应用安全检测报告

应用安全检测报告,支持文件搜索、内容检索和AI代码分析

移动应用安全检测报告

应用图标

Estar v4.1.22

Android APK 3d098eaa...
36
安全评分

安全基线评分

36/100

中风险

综合风险等级

风险等级评定
  1. A
  2. B
  3. C
  4. F

应用存在较高安全风险,需要重点关注

漏洞与安全项分布

8 高危
21 中危
2 信息
0 安全

隐私风险评估

2
第三方跟踪器

中等隐私风险
检测到少量第三方跟踪器


检测结果分布

高危安全漏洞 8
中危安全漏洞 21
安全提示信息 2
已通过安全项 0
重点安全关注 4

高危安全漏洞 Activity(com.esunny.estar.MainActivity)易受 Android Task Hijacking/StrandHogg 攻击。 

Activity 启动模式为 "singleTask" 时,恶意应用可将自身置于栈顶,导致任务劫持(StrandHogg 1.0),易被钓鱼攻击。建议将启动模式设为 "singleInstance" 或 taskAffinity 设为空(taskAffinity=""),或将 target SDK 版本(26) 升级至 28 及以上以获得平台级防护。

高危安全漏洞 Activity (esunny.zce.simulation.wxapi.WXEntryActivity) 易受 StrandHogg 2.0 攻击 

检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(26)升级至 29 及以上,从平台层面修复该漏洞。

高危安全漏洞 Activity(com.esunny.ui.common.setting.condition.EsTriggeredConditionalOrderActivity)易受 Android Task Hijacking/StrandHogg 攻击。 

Activity 启动模式为 "singleTask" 时,恶意应用可将自身置于栈顶,导致任务劫持(StrandHogg 1.0),易被钓鱼攻击。建议将启动模式设为 "singleInstance" 或 taskAffinity 设为空(taskAffinity=""),或将 target SDK 版本(26) 升级至 28 及以上以获得平台级防护。

高危安全漏洞 Activity(com.tencent.tauth.AuthActivity)易受 Android Task Hijacking/StrandHogg 攻击。 

Activity 启动模式为 "singleTask" 时,恶意应用可将自身置于栈顶,导致任务劫持(StrandHogg 1.0),易被钓鱼攻击。建议将启动模式设为 "singleInstance" 或 taskAffinity 设为空(taskAffinity=""),或将 target SDK 版本(26) 升级至 28 及以上以获得平台级防护。

高危安全漏洞 Activity (com.esunny.ui.wxapi.WXEntryActivity) 易受 StrandHogg 2.0 攻击 

检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(26)升级至 29 及以上,从平台层面修复该漏洞。

高危安全漏洞 Activity (com.igexin.sdk.GActivity) 易受 StrandHogg 2.0 攻击 

检测到 Activity 存在 StrandHogg 2.0 任务劫持漏洞。攻击者可将恶意 Activity 置于易受攻击应用的任务栈顶部,使应用极易成为钓鱼攻击目标。可通过将启动模式设置为 "singleInstance" 并将 taskAffinity 设为空(taskAffinity=""),或将应用的 target SDK 版本(26)升级至 29 及以上,从平台层面修复该漏洞。

高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 

如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7

Files:
com/esunny/estar/AdvertActivity.java, line(s) 66,5,6
com/esunny/ui/common/activity/EsPrivacyActivity.java, line(s) 108,8,9
com/esunny/ui/common/setting/about/EsFeedbackActivity.java, line(s) 235,24,25
com/esunny/ui/common/setting/quote/login/EsForgetPasswordActivity.java, line(s) 89,5,6
com/esunny/ui/common/setting/trade/EsFingerPrinterWarningActivity.java, line(s) 70,5
com/esunny/ui/common/setting/trade/EsMonitorCenterActivity.java, line(s) 78,5,6

高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 

应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
com/esunny/ui/data/setting/EsLoginAccountData.java, line(s) 274,287

中危安全漏洞 应用已启用明文网络流量 

[android:usesCleartextTraffic=true]
应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。

中危安全漏洞 应用数据允许备份 

[android:allowBackup=true]
该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。

中危安全漏洞 Activity (esunny.zce.simulation.wxapi.WXEntryActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.esunny.ui.util.EsDownloadManagerReceiver) 未受保护。 

存在 intent-filter。
检测到  Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。

中危安全漏洞 Broadcast Receiver (com.esunny.ui.util.EsNetworkConnectChangedReceiver) 未受保护。 

存在 intent-filter。
检测到  Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。

中危安全漏洞 Service (com.esunny.ui.common.server.DemoPushService) 未受保护。 

[android:exported=true]
检测到  Service 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Activity (com.tencent.tauth.AuthActivity) 未受保护。 

存在 intent-filter。
检测到  Activity 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Activity 被显式导出,存在安全风险。

中危安全漏洞 Activity (com.esunny.ui.wxapi.WXEntryActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 Broadcast Receiver (com.igexin.sdk.PushReceiver) 未受保护。 

存在 intent-filter。
检测到  Broadcast Receiver 已与设备上的其他应用共享,因此可被任意应用访问。intent-filter 的存在表明该 Broadcast Receiver 被显式导出,存在安全风险。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.igexin.sdk.PushActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity 设置了 TaskAffinity 属性 

(com.igexin.sdk.GActivity)
设置 taskAffinity 后,其他应用可读取发送至该 Activity 的 Intent。为防止敏感信息泄露,建议保持默认 affinity(包名)。

中危安全漏洞 Activity (com.igexin.sdk.GActivity) 未受保护。 

[android:exported=true]
检测到  Activity 已导出,未受任何权限保护,任意应用均可访问。

中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
com/esunny/estar/UpdateActivity.java, line(s) 32
com/esunny/ui/common/setting/about/EsFeedbackActivity.java, line(s) 260,261
com/esunny/ui/common/setting/trade/EsBillQueryActivity.java, line(s) 75
com/esunny/ui/data/setting/EsTradeLogSData.java, line(s) 55
com/esunny/ui/util/EsCrashHandler.java, line(s) 28,63,123
com/esunny/ui/util/EsDownloadManagerReceiver.java, line(s) 17
com/esunny/ui/util/EsPictureFileHelper.java, line(s) 23,107
com/esunny/ui/util/EsUpdateManager.java, line(s) 25
com/tencent/a/a/a/a/b.java, line(s) 22,24,36,45
skin/support/utils/SkinFileUtils.java, line(s) 19

中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞 

不安全的Web视图实现。可能存在WebView任意代码执行漏洞
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5

Files:
com/esunny/estar/match/EsMatchFragment.java, line(s) 66,55
com/esunny/ui/common/activity/EsDisclaimerActivity.java, line(s) 50,94
com/esunny/ui/common/setting/about/EsFeedbackActivity.java, line(s) 159,152

中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 

可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6

Files:
com/esunny/ui/common/setting/about/EsFeedbackActivity.java, line(s) 157,152

中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 

文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10

Files:
com/esunny/ui/api/EsUIConstant.java, line(s) 6,7
com/esunny/ui/common/EsConstant.java, line(s) 4
com/esunny/ui/common/server/DemoIntentService.java, line(s) 28,29,35,36
com/esunny/ui/common/setting/quote/login/EsForgetPasswordActivity.java, line(s) 14
com/esunny/ui/common/setting/trade/EsDefaultQtyActivity.java, line(s) 19
com/esunny/ui/common/setting/trade/EsPriceTypeActivity.java, line(s) 16
com/esunny/ui/data/quote/EsKLineData.java, line(s) 46,89,91,97
com/esunny/ui/data/setting/EsLoginAccountData.java, line(s) 33,24,26
com/esunny/ui/quote/kline/indicator/HisDataCalculate.java, line(s) 263
com/esunny/ui/util/EsSPHelper.java, line(s) 39
com/hundsun/jresplus/security/common/Constants.java, line(s) 29,30
com/hundsun/jresplus/security/gm/sm2/BCECUtil.java, line(s) 35

中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
com/esunny/database/DBHelper.java, line(s) 4,5,24,29
com/esunny/database/gen/AddressDao.java, line(s) 4,37,45
com/esunny/database/gen/TCommodityDao.java, line(s) 4,67,75
com/esunny/database/gen/TContractDao.java, line(s) 4,37,45
com/esunny/database/gen/TCurrencyDao.java, line(s) 4,36,44
com/esunny/database/gen/TExchangeDao.java, line(s) 4,37,45
com/esunny/database/gen/TUpdateManagerDao.java, line(s) 4,37,45
com/esunny/database/gen/UserInfoDataDao.java, line(s) 4,42,50
com/esunny/ui/data/setting/EsTradeLogSData.java, line(s) 6,7,122,446
org/greenrobot/greendao/AbstractDao.java, line(s) 6,7,115,119,141,412,540
org/greenrobot/greendao/DbUtils.java, line(s) 6,16,51
org/greenrobot/greendao/database/StandardDatabase.java, line(s) 5,15,16

中危安全漏洞 IP地址泄露 

IP地址泄露


Files:
com/esunny/data/util/EsNetHelper.java, line(s) 52,55,68,71
com/esunny/database/AddressDatabaseHelper.java, line(s) 21,22,22,22,22,22,22,22,22,21,21,22
com/kingstar/info/infomanager.java, line(s) 41,66,87,89

中危安全漏洞 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
org/greenrobot/greendao/test/DbTest.java, line(s) 7

中危安全漏洞 应用程序包含隐私跟踪程序 

此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。

中危安全漏洞 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
凭证信息=> "appmastersecret" : "P5RBjSu0e78TmEIfu8Bf58"
凭证信息=> "appkey" : "E978cD9ZbZ8df1SgCE2QQ4"
凭证信息=> "com.taobao.android.hotfix.RSASECRET" : "MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQCKDhdGX5ZRxUHAJSXR4JajdLBTuASUKzu6bCOuXeabbMUqGZa7/X6TR+Ml2b1pjsAaG3clzh9mM1/YR2qCIC1Z6ENKzh54HnXLq9+tSCYdeEi8OQk1jrYlkdZB+oVLroRkSot/huNa4/sVcevVH5Ib50A+2tfBSO6cIvW4oWlIFJ7nUHqgnSkRHRjm99GG9vOpKzhtJ0KF9Q6/h7P2fpVo4Pr2E6s0uK6e8875iujXZjOGyqlL12Km/vTBqDfQvvEJ0yIl1q/9lwHa3K0K76Md95bbKUZdx9EeaE9yNzU0J2ACJSbE/ekAHIHwkQypqilGdUorgS2eKyndVj0llHL9AgMBAAECggEAS/0PkJvCmMWzuDh6RbiSEeyDtcEfPBND8Avf4/UpnrlTGSY2kskoJ5c1Dzt3h6ecU4J0pal8HPwAMIK2vGNLsyYmDAHCQam6et3i43VIDYaMupXGXOVtmuZYAb8MKakolC938zzi3b+JD7fB8HBNMvCpqy83/NrRA742dGbcFWD2aU24l2h0emoebPjjW95iMi0OH77OI8v4osDrUdXl3bu52oHppZ5qKJ+W+Pxk/HLdSjMz9P8wgxttWpje8nUN1hM3lODLyxRAEdBkfPZup5Fhs/moaWjDQ15jVJGBYpUlwCKIuWD5me2qCBlXBwGDCiafeOP1+pSLKknvDqpgfQKBgQDzT5Xi8uQ7RENQU6LPxlh4X4HhWF2q0J9VMP2+nm6wPtte/4GLuu+eQncTI86h4cmuDLS+GHn5pEnTrA6bLGsShZmFmMmQRuV8rB6IAr2xVELPsr1taIe7wG9eI9+zvH7mAjvRnIOrIsF2fEeRtJk/g/FV01yJCXojprwxveLyBwKBgQCRQT9PG0ugQym6rCIDuh7MBByhoGbZgw+Xi05S+QdCtWlXpgKu1TKktfqKSBFwIr2Smvm1SuO0dfc/AQSZIkB29dJmNfGFHMssgGMiWNB86XpZRt7pNYKISlo70mfmRMOFEYt3H6a8/SlIZw5dHPXCwGVbKG+XoB7gT5atob+h2wKBgQDxJ2Rr+En15AbDyuGIBhMR27ejXi4Ya4ZArboSAH28+c/8LEp9794ngcD7m3XmRR/b/oP2FdRvdkImJlajvjaxuPEc1P6SnXI/S2lHbVAOPnGp4oKVuhEuKeE38V57isxLtNMNQo/OQzh082EMLW/m4COG6WLCAD6qr0vAEXCqaQKBgFGj7ZRl0AzEkxizlO6pVpPun7UMNaJ9cm8Hwj8KbtVEp2+3A/0GIU/IZIgCV6LCM/DJoB4QeIk+YHgN92qmgLscEWSXXyck9uENTCrK5mu+wqCZH8LN647002CaMwGOlqIdKVkL9ih01hY2rjERjOQoRQ+GW6pKOfBza0ouBkpPAn82K3FtZlannZ3FTq/YYeGTtxiPdVZ4RAzGGvXN8U5GgQAof3FqrIQKKHYIOw/+I8X1gUZB/JpyzT8krVvQ5JgfWczmC3uAZtxJea0Kl+EHh3rBgXme3AY/B9r+uWBk+gvs29ojJWHAn7zgiWzDwm0HUAf1nck0Yg3aQJXvuXXw"
凭证信息=> "com.taobao.android.hotfix.IDSECRET" : "25525371-1"
凭证信息=> "appsecret" : "F6vmXxcVQn8a9A78BWYMN8"
友盟统计的=> "UMENG_CHANNEL" : "Umeng"
凭证信息=> "com.taobao.android.hotfix.APPSECRET" : "9c056eab95dce138d6cd35c466a535c4"
个推–推送服务的=> "PUSH_APPID" : "lKkhzYoLqKAj1ot8zCZ0O"
凭证信息=> "shareWeiXinAppSecret" : "34b0ddd5b918c85b1727e8b909f3be64"
凭证信息=> "shareWeiXinAppID" : "wx6b3d54d1cc9cd7e3"
友盟统计的=> "UMENG_APPKEY" : "5b231a9ba40fa319390000cc"
个推–推送服务的=> "PUSH_APPKEY" : "E978cD9ZbZ8df1SgCE2QQ4"
个推–推送服务的=> "PUSH_APPSECRET" : "F6vmXxcVQn8a9A78BWYMN8"
凭证信息=> "appid" : "lKkhzYoLqKAj1ot8zCZ0O"
腾讯Bugly SDK的=> "BUGLY_APPID" : "@7F0E0BD4"
"es_price_keyboard_queue" : "Working"
"es_view_trade_threekey_locked" : "Locked"
"es_trade_view_trade_threekey_buy_foreign" : "Buy"
"es_baseapi_trademethods_hedge_trade" : "Trade"
"es_baseapi_trademethods_offset_covert" : "CoverT"
"es_baseapi_trademethods_orderstate_filled" : "Filled"
"es_baseapi_trademethods_orderstate_canceled" : "Cancelled"
"es_baseapi_trademethods_orderstate_orderstate_fail" : "Waste"
"es_price_keyboard_exceed_short" : "+"
"es_login_force_modify_pwd" : "Modify"
"es_baseapi_trademethods_orderstate_locked" : "Locked"
"es_baseapi_trademethods_ordertype_open_stopprofitorder" : "StopProfitOrder"
"es_baseapi_trademethods_orderstate_invalid" : "Invalid"
"es_baseapi_trademethods_direct_sell" : "Sell"
"es_price_keyboard_exceed" : "Exceed"
"es_price_keyboard_latest" : "Latest"
"es_strategy_time_keyboard_hour" : "H"
"es_baseapi_trademethods_ordertype_autoorder" : "AutoOrder"
"es_trade_view_trade_threekey_sellshort" : "Sell"
"es_trade_view_trade_threekey_sellopen" : "Sell(O)"
"es_strategy_time_keyboard_minute" : "M"
"es_baseapi_trademethods_ordertype_stopprofitorder" : "StopProfitOrder"
"es_baseapi_trademethods_orderstate_fail" : "Failed"
"es_baseapi_trademethods_orderstate_active" : "Active"
"es_login_password_notice" : "Notice"
"es_lots_keyboard_canopen_ask" : "ask"
"es_trade_view_trade_threekey_sell_stock" : "Sell"
"es_price_keyboard_market" : "Market"
"es_baseapi_trademethods_offset_cover" : "Cover"
"es_baseapi_trademethods_orderstate_trigger_fail" : "TriggerFail"
"es_baseapi_trademethods_ordertype_open_stoplossorder" : "StopLossOrder"
"es_quote_sort_key_trading_volume" : "Volume"
"es_trade_view_trade_threekey_buy_stock" : "Buy"
"es_baseapi_trademethods_hedge_cover" : "Cover"
"es_price_keyboard_counter" : "Opposite"
"es_baseapi_trademethods_orderstate_paired" : "Paired"
"es_trade_view_trade_threekey_locked" : "Locked"
"es_baseapi_trademethods_orderstate_sended" : "Sended"
"es_trade_view_trade_threekey_sell_foreign" : "Sell"
"es_baseapi_trademethods_direct_buy" : "Buy"
"es_trade_view_trade_threekey_lock" : "Lock"
"es_baseapi_trademethods_hedge_spread" : "Spread"
"es_baseapi_trademethods_ordertype_brakevenorder" : "BrakevenOrder"
"es_baseapi_trademethods_orderstate_pairing" : "Pairing"
"es_quote_sort_key_positions" : "Position"
"es_trade_view_trade_threekey_cover" : "Cover"
"es_baseapi_trademethods_ordertype_floatstoplossorder" : "FloatStopLossOrder"
"es_baseapi_trademethods_ordertype_conditionorder" : "ConditionOrder"
"es_baseapi_trademethods_orderstate_apply" : "Applied"
"es_baseapi_trademethods_ordertype_stoplossorder" : "StopLossOrder"
"es_lots_keyboard_canopen_buy" : "bid"
"es_strategy_time_keyboard_opentrigger" : "OpeningTrigger"
"es_view_trade_threekey_FOFC" : "FO.FC"
"es_lots_keyboard_can_cover_qty" : "CanCoverQty:%1$d"
"es_trade_view_trade_threekey_short_title" : "Short"
"es_baseapi_trademethods_orderstate_filltriggered" : "Triggered"
"es_bugly_app_id" : "06b2024d5c"
"es_login_password_warning_succeed" : "Success"
"es_trade_view_trade_threekey_FOFC" : "FO.FC"
"es_baseapi_trademethods_orderstate_unlocked" : "Unlocked"
"es_baseapi_trademethods_hedge_hedge" : "Hedge"
"es_trade_view_trade_threekey_buyopen" : "Buy(O)"
"es_baseapi_trademethods_direct_long" : "Long"
"es_baseapi_trademethods_hedge_market" : "Market"
"es_trade_view_trade_threekey_long_title" : "Long"
"es_lots_keyboard_can_open_cover_qty" : "CanOpenQty:%1$d"
"es_baseapi_trademethods_ordertype_open_floatstoplossorder" : "FloatStopLossOrder"
"es_baseapi_trademethods_ordertype_open_brakevenorder" : "BrakevenOrder"
"es_baseapi_trademethods_direct_both" : "Both"
"es_quote_sort_key_turnover" : "Turnover"
"es_baseapi_trademethods_orderstate_suspended" : "Suspended"
"es_baseapi_trademethods_offset_coveropen" : "CoverOpen"
"es_baseapi_trademethods_hedge_none" : "None"
"es_baseapi_trademethods_offset_open" : "Open"
"es_baseapi_trademethods_ordertype_preorder" : "PreOrder"
"es_login_password_warning_failed" : "Fail!"
"es_baseapi_trademethods_hedge_speculate" : "Spec"
"es_trade_view_trade_threekey_buylong" : "Buy"
"es_strategy_time_keyboard_second" : "S"
"es_lots_keyboard_can_open_qty" : "CanOpenQty:"
"es_baseapi_trademethods_offset_opencover" : "OpenCover"
"es_baseapi_trademethods_direct_short" : "Short"
"es_baseapi_trademethods_orderstate_accept" : "Accepted"
"es_count_of_user" : "accounts"
32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7
28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93
vgPLm3YRLi0iXHBUF72HlVOIGJTEKCa7sNTEYTqtU7ZAHhJZw
6X8Y4XdM2Vhvn0KfzcEatGnWaNU=
BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0
81669a11341b23c0f1a7c7ed7e8cfa6d
44656C69766572792D646174653A

安全提示信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
com/esunny/ct/DeviceInfo.java, line(s) 56,69,76,85,92,111,66,95
com/esunny/data/api/EsBaseApi.java, line(s) 91,141,421,434,440
com/esunny/data/api/EsQuoteApi.java, line(s) 53,87,137,167,383,539,649,707,735,757,770,786,799,833,927,275
com/esunny/data/api/EsTradeApi.java, line(s) 79,219,285,324,374,563,591,633,665,692,733,885,891
com/esunny/data/api/callback/EsStarApiNotify.java, line(s) 29
com/esunny/data/api/util/CallbackDispatcher.java, line(s) 73,94,106,126,139,145,156
com/esunny/data/util/EsLog.java, line(s) 28,35,70,77,42,49,14,21,56,63
com/esunny/data/util/EsNetHelper.java, line(s) 108
com/esunny/database/codetable/CodeTable.java, line(s) 56,61,64,67,129,147,153,159,176
com/esunny/database/codetable/strategy/TCommodityCodeInfo.java, line(s) 52
com/esunny/database/codetable/strategy/TContractCodeInfo.java, line(s) 42
com/esunny/database/codetable/strategy/TCurrencyCodeInfo.java, line(s) 50,90
com/esunny/database/codetable/strategy/TExchangeCodeInfo.java, line(s) 51,97
com/esunny/database/gen/DaoMaster.java, line(s) 72,87
com/esunny/estar/EsNavFragment.java, line(s) 140
com/esunny/estar/StartActivity.java, line(s) 337,345,414,456,477
com/esunny/http/AccessHelper.java, line(s) 239,249,268,282
com/esunny/http/SocketHelper.java, line(s) 43,46,73,79
com/esunny/infocollect/EsunnyInfoTrackHelper.java, line(s) 68,93,152
com/esunny/ui/Esunny.java, line(s) 47
com/esunny/ui/api/EsUIApi.java, line(s) 43,48,65,70,79,84,89,98,103,108,113,118,123,128,133,138,143,148,153,158,163,168,173,178,183,188,193,198,203,216,221,226,231,237,239,253,255
com/esunny/ui/api/EsUIBaseAPI.java, line(s) 71,97,125,65
com/esunny/ui/common/news/EsNewsFragment.java, line(s) 340,342,499,501,512,555,557
com/esunny/ui/common/server/DemoIntentService.java, line(s) 48,57,108,113,118,125,148,182,70,85
com/esunny/ui/common/server/NetEventService.java, line(s) 65,79,159,166,248,277,280,259,289,312
com/esunny/ui/common/setting/about/EsFeedbackActivity.java, line(s) 274,306,325
com/esunny/ui/common/setting/condition/EsStrategyActivity.java, line(s) 893
com/esunny/ui/common/setting/pricewarning/EsPriceWarnEditActivity.java, line(s) 390,405
com/esunny/ui/common/setting/stopLossOpen/EsStopLossOpenActivity.java, line(s) 485,544
com/esunny/ui/common/setting/system/EsCodeTableSettingActivity.java, line(s) 106,114
com/esunny/ui/common/setting/trade/EsBillQueryActivity.java, line(s) 168
com/esunny/ui/data/quote/EsFavoriteListData.java, line(s) 210,212
com/esunny/ui/data/quote/EsKLineData.java, line(s) 716,733,807,830
com/esunny/ui/data/quote/EsOptionListData.java, line(s) 53,57
com/esunny/ui/data/quote/EsQuoteListData.java, line(s) 50
com/esunny/ui/data/setting/EsTradeLogSData.java, line(s) 232,235,324,341,343,356,358,380,138,276,382,438,313
com/esunny/ui/login/EsLoginActivity.java, line(s) 295,665,799,1058,1231,1243,1306
com/esunny/ui/login/EsMultiLoginActivity.java, line(s) 111,118,248
com/esunny/ui/quote/QuotePresenterImpl.java, line(s) 92,95,104,107
com/esunny/ui/quote/SortQuoteActivity.java, line(s) 338,341,350,353,368
com/esunny/ui/quote/adapter/EsOptionListAdapter.java, line(s) 184
com/esunny/ui/quote/kline/EsKLineTradePopUpWindow.java, line(s) 412,620,630,645,649
com/esunny/ui/quote/kline/KLineActivity.java, line(s) 440,501,533,774
com/esunny/ui/quote/kline/adapter/KLineDayAdapter.java, line(s) 49,51
com/esunny/ui/quote/kline/draw/ARBRDraw.java, line(s) 39,19,25,27
com/esunny/ui/quote/kline/draw/BBIDraw.java, line(s) 18,24,26
com/esunny/ui/quote/kline/draw/BIASDraw.java, line(s) 21,25,29
com/esunny/ui/quote/kline/draw/BOLLDraw.java, line(s) 42,19,25
com/esunny/ui/quote/kline/draw/CCIDraw.java, line(s) 32,19,25,29
com/esunny/ui/quote/kline/draw/CDPDraw.java, line(s) 45,19,25,29
com/esunny/ui/quote/kline/draw/CJLDraw.java, line(s) 35,40,45
com/esunny/ui/quote/kline/draw/DDIDraw.java, line(s) 33,38,43
com/esunny/ui/quote/kline/draw/DMIDraw.java, line(s) 45,19,25,29
com/esunny/ui/quote/kline/draw/EMA2Draw.java, line(s) 58,34,40
com/esunny/ui/quote/kline/draw/EMADraw.java, line(s) 58,34,40
com/esunny/ui/quote/kline/draw/KDDraw.java, line(s) 19,25
com/esunny/ui/quote/kline/draw/KDJDraw.java, line(s) 19,25
com/esunny/ui/quote/kline/draw/MACDDraw.java, line(s) 33,38,43
com/esunny/ui/quote/kline/draw/MADraw.java, line(s) 59,34,40
com/esunny/ui/quote/kline/draw/MTMDraw.java, line(s) 19,25,27
com/esunny/ui/quote/kline/draw/PSYDraw.java, line(s) 19,25,27
com/esunny/ui/quote/kline/draw/PUBUDraw.java, line(s) 56,34,40
com/esunny/ui/quote/kline/draw/RSIDraw.java, line(s) 21,27
com/esunny/ui/quote/kline/draw/SARDraw.java, line(s) 32
com/esunny/ui/quote/kline/draw/SLOWKDDraw.java, line(s) 19,25,27
com/esunny/ui/quote/kline/draw/SMADraw.java, line(s) 58,34,40
com/esunny/ui/quote/kline/draw/SPDraw.java, line(s) 18,23,28
com/esunny/ui/quote/kline/draw/TRIXDraw.java, line(s) 19,25,27
com/esunny/ui/quote/kline/draw/WRDraw.java, line(s) 18,24,26
com/esunny/ui/quote/kline/indicator/HisDataCalculate.java, line(s) 263
com/esunny/ui/quote/kline/view/EsKLineBetInfoView.java, line(s) 62,94
com/esunny/ui/quote/kline/view/EsKLineBetView.java, line(s) 98,117,125
com/esunny/ui/quote/kline/view/EsKLineDetailView.java, line(s) 83,111,189,341
com/esunny/ui/quote/kline/view/EsKLineHisTickPopUpWindow.java, line(s) 148
com/esunny/ui/quote/kline/view/EsKLineMinView.java, line(s) 257
com/esunny/ui/quote/option/EsOptionFragment.java, line(s) 543,545,549,554,556,560
com/esunny/ui/trade/EsTradeFragment.java, line(s) 324,343
com/esunny/ui/trade/adapter/EsTradePositionListAdapter.java, line(s) 169
com/esunny/ui/trade/point/EsTradeClickOrderActivity.java, line(s) 604
com/esunny/ui/trade/point/EsTradeClickView.java, line(s) 103,111,119,125,131,182,190,198,204,210,261,269,277,283,289
com/esunny/ui/trade/view/EsPositionStopLossPanelActivity.java, line(s) 632,635
com/esunny/ui/util/EsAppManager.java, line(s) 117
com/esunny/ui/util/EsCrashHandler.java, line(s) 69,88,126,64
com/esunny/ui/util/EsHanziToPinyin.java, line(s) 69,55
com/esunny/ui/util/EsLanguageHelper.java, line(s) 31
com/esunny/ui/util/EsQuoteUtil.java, line(s) 41,54,68,71,92,95,106,112,114,125,131,133
com/esunny/ui/util/EsTradeNotification.java, line(s) 99,109,304,332,346,355
com/esunny/ui/util/imageuitl/ImageDownloader.java, line(s) 78
com/esunny/ui/util/imageuitl/ImageLoader.java, line(s) 43,59
com/esunny/ui/util/imageuitl/ImageRefactor.java, line(s) 51,53
com/esunny/ui/util/picturechoose/activity/ImageSelectorActivity.java, line(s) 186
com/esunny/ui/view/ArcProgress.java, line(s) 159
com/esunny/ui/view/EsBadgeView.java, line(s) 158
com/esunny/ui/view/EsNoPaddingTextView.java, line(s) 60
com/geek/thread/executor/BaseExecutor.java, line(s) 89
com/geek/thread/executor/ExecutorFactory.java, line(s) 51
com/geek/thread/executor/SerialExecutor.java, line(s) 54,71,104,72
com/geek/thread/task/GeekTask.java, line(s) 55
com/hundsun/jresplus/security/common/CreateEncryption.java, line(s) 23
com/hundsun/jresplus/security/gm/util/Util.java, line(s) 77,79
com/sfit/ctp/info/LogUtil.java, line(s) 30
com/tencent/a/a/a/a/b.java, line(s) 21,43,49,29,55
com/tencent/a/a/a/a/c.java, line(s) 31,45
com/tencent/a/a/a/a/d.java, line(s) 16,32
com/tencent/a/a/a/a/e.java, line(s) 14,28
com/tencent/a/a/a/a/h.java, line(s) 31,21,61,25
com/tictactec/ta/lib/meta/CoreMetaInfo.java, line(s) 63
com/tictactec/ta/lib/meta/TaFuncMetaInfo.java, line(s) 132
com/tictactec/ta/lib/test/TestAbstractClosure.java, line(s) 130
com/tictactec/ta/lib/test/TestCoreMetaData.java, line(s) 26,28,35,68,71,72,76,77,81,82,83,84,88,90,91,93,94,97,98,100,104,105,106,110,112,113,115,116,119,120,122,128,129,136,152,153,156,157,163,176,177,185,186,189,198,199,204,205,207,212,213,215,216,218
org/greenrobot/eventbus/Logger.java, line(s) 82,87
org/greenrobot/eventbus/util/ErrorDialogConfig.java, line(s) 34
org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 184
org/greenrobot/eventbus/util/ExceptionToResourceMapping.java, line(s) 25
org/greenrobot/greendao/AbstractDao.java, line(s) 276,666
org/greenrobot/greendao/DaoException.java, line(s) 28,29
org/greenrobot/greendao/DaoLog.java, line(s) 35,39,67,15,43,47,27,31,51,55,59,63
org/greenrobot/greendao/DbUtils.java, line(s) 89,31
org/greenrobot/greendao/async/AsyncOperationExecutor.java, line(s) 129
org/greenrobot/greendao/internal/LongHashMap.java, line(s) 131
org/greenrobot/greendao/query/QueryBuilder.java, line(s) 243,246
org/greenrobot/greendao/test/AbstractDaoTest.java, line(s) 53,55,46
org/greenrobot/greendao/test/AbstractDaoTestLongPk.java, line(s) 32,35
org/greenrobot/greendao/test/AbstractDaoTestSinglePk.java, line(s) 305
org/greenrobot/greendao/test/DbTest.java, line(s) 84
org/skylark/deepsupervise/IPUtil.java, line(s) 45
org/skylark/deepsupervise/MacUtil.java, line(s) 27,46
org/skylark/deepsupervise/UserApi.java, line(s) 45,58,63,68,175,185,192,202,213,184,201,153,450
skin/support/app/SkinCompatViewInflater.java, line(s) 344
skin/support/content/res/SkinCompatDrawableManager.java, line(s) 230,470,488
skin/support/utils/Slog.java, line(s) 11,17,22,26

安全提示信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 

此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密


Files:
org/greenrobot/greendao/database/DatabaseOpenHelper.java, line(s) 98,6,94,98,102,106,110,114

重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (news.epolestar.xyz) 通信。 

{'ip': '61.163.80.198', 'country_short': 'CN', 'country_long': '中国', 'region': '河南', 'city': '郑州', 'latitude': '34.757778', 'longitude': '113.648613'}

重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (edu.czce.com.cn) 通信。 

{'ip': '61.163.80.198', 'country_short': 'CN', 'country_long': '中国', 'region': '河南', 'city': '郑州', 'latitude': '34.757778', 'longitude': '113.648613'}

重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.epolestar.xyz) 通信。 

{'ip': '61.163.80.198', 'country_short': 'CN', 'country_long': '中国', 'region': '河南', 'city': '郑州', 'latitude': '34.757778', 'longitude': '113.648613'}

重点安全关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (download.epolestar.xyz) 通信。 

{'ip': '61.163.80.198', 'country_short': 'CN', 'country_long': '中国', 'region': '河南', 'city': '郑州', 'latitude': '34.757778', 'longitude': '113.648613'}

综合安全基线评分总结

应用图标

Estar v4.1.22

Android APK
36
综合安全评分
高风险