安全分析报告:
安全分数
安全分数 42/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
2
用户/设备跟踪器
调研结果
高危
6
中危
12
信息
1
安全
2
关注
5
高危 Activity (cn.gov.jsgsj.portal.activity.SplashActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (cn.gov.jsgsj.portal.activity.jsqynb.SplashReportActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 Activity (com.phcx.businessmodule.main.downloadcert.DownloadCertActivity) 的启动模式不是standard模式
Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。
高危 Activity (com.phcx.businessmodule.main.downloadcert.DownloadCertInfoActivity) is vulnerable to StrandHogg 2.0
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: cn/gov/jsgsj/portal/activity/jsqynb/FillNoticeActivity.java, line(s) 98,7,8
高危 使用弱加密算法
使用弱加密算法 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/cntrust/phpkijni/testPHPkiCommNew.java, line(s) 787,791
中危 应用程序已启用明文网络流量
[android:usesCleartextTraffic=true] 应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。
中危 Activity (cn.gov.jsgsj.portal.activity.SplashActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.phcx.businessmodule.main.downloadcert.DownloadCertInfoActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 IP地址泄露
IP地址泄露 Files: cn/gov/jsgsj/portal/BuildConfig.java, line(s) 13 cn/gov/jsgsj/portal/Const.java, line(s) 182,182,182,182,182,182,182,182,182,147 cn/gov/jsgsj/portal/base/BaseActivity.java, line(s) 143 cn/gov/jsgsj/portal/base/BaseFragment.java, line(s) 58 com/baidu/aip/face/stat/Dev.java, line(s) 23 com/cntrust/asn1/microsoft/MicrosoftObjectIdentifiers.java, line(s) 6 com/cntrust/asn1/misc/MiscObjectIdentifiers.java, line(s) 20 com/cntrust/asn1/oiw/OIWObjectIdentifiers.java, line(s) 14,7,16,17,8,9,10,11,12,13,18 com/cntrust/asn1/pkcs/PKCSObjectIdentifiers.java, line(s) 7,47,48,49,50,51,52,135,136,118,119 com/cntrust/asn1/x500/style/BCStyle.java, line(s) 23,24,25,37,47,38,26,32,33,34,35,36,39,27,48,22,40,30,31,28,56,55,46,41,42,43,44,45 com/cntrust/asn1/x500/style/RFC4519Style.java, line(s) 37,38,56,23,47,18,41,42,43,40,53,55,54,28,60,33,45,24,44,21,35,39,46,48,59,50,36,30,32,29,61,26,27,25,49,58,31,19,34,51,52,57,22 com/cntrust/asn1/x509/AccessDescription.java, line(s) 12 com/cntrust/asn1/x509/CertificatePolicies.java, line(s) 14 com/cntrust/asn1/x509/KeyPurposeId.java, line(s) 27,6,8,17,18,19,20,21,22,23,24,25,26,9,10,11,12,13,14,15,16 com/cntrust/asn1/x509/PolicyQualifierId.java, line(s) 6,7,8 com/cntrust/asn1/x509/X509Attributes.java, line(s) 6 com/cntrust/asn1/x509/X509Extension.java, line(s) 14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,43,42,13,36,37,38,39,40,41 com/cntrust/asn1/x509/X509Extensions.java, line(s) 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,52,51,22,45,46,47,48,49,50 com/cntrust/asn1/x509/X509Name.java, line(s) 36,37,38,50,60,51,39,45,46,47,48,49,52,40,61,35,53,43,44,41,69,68,59,54,55,56,57,58 com/cntrust/asn1/x509/X509ObjectIdentifiers.java, line(s) 20,12,13,14,8,15,9,10,11,18,17,19 com/cntrust/asn1/x509/sigi/SigIObjectIdentifiers.java, line(s) 6 com/cntrust/asn1/x9/X9ObjectIdentifiers.java, line(s) 55 com/cntrust/phpkijni/ASN1Util.java, line(s) 35,42,36,43,37,44,32,39,34,41,33,40,198,220,419,423,446 com/cntrust/phpkijni/CertInfoObject.java, line(s) 130,132,143,155,134,146,136,149,138,152,140 com/cntrust/phpkijni/Extension.java, line(s) 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,39,38,8,40,47,49,31,33,34,35,36,37,32,57,58 com/cntrust/phpkijni/GMUtil.java, line(s) 25,12,13,14,17,18 com/cntrust/phpkijni/OCSPRequest.java, line(s) 99 com/cntrust/phpkijni/PKCSObjectIdentifiers.java, line(s) 4,44,45,46,47,48,49,132,133,115,116 com/cntrust/phpkijni/TestCertBody.java, line(s) 33,38,43,18,28,23 com/cntrust/phpkijni/TestClentPubKey.java, line(s) 37 com/cntrust/phpkijni/genCertRequest.java, line(s) 36 com/cntrust/phpkijni/testPHPkiCommNew.java, line(s) 155,133,137 com/cntrust/phpkijni/util.java, line(s) 309 com/framework/core/ldap/operat/LDAPOperat.java, line(s) 46,33,57 com/framework/core/ldap/operat/Test.java, line(s) 10 com/framework/core/pki/util/CertificateUtil.java, line(s) 50 com/framework/core/pki/util/ExtendedKeyUsage.java, line(s) 27,6,8,17,18,19,20,21,22,23,24,25,26,9,10,11,12,13,14,15,16 com/framework/core/pki/util/ExtentionObject.java, line(s) 37,45,33,42 com/framework/core/pki/util/Exts2_5_29_31_crl.java, line(s) 19 com/framework/core/pki/util/KPIUtil.java, line(s) 57,67,72,80,63,77 com/framework/core/test/Test.java, line(s) 12,13,14,9,11,10 com/phcx/businessmodule/base/BasePath.java, line(s) 6 com/phcx/businessmodule/main/downloadcert/judgeCert/JudgeCertDown.java, line(s) 40,43 com/phcx/businessmodule/safeserver/CertSafeServer.java, line(s) 87,468,1100,1501,1741,2037,90,471,1103,1504,1744,2040 com/phcx/businessmodule/safeserver/CommonSafeServer.java, line(s) 33,52,81,36,55,84 com/phcx/businessmodule/safeserver/EntrustSafeServer.java, line(s) 58,604,989,1220,1453,61,607,992,1223,1456 com/phcx/businessmodule/safeserver/LicenseSafeServer.java, line(s) 63,533,795,1001,1593,2211,2386,66,536,798,1004,1596,2214,2389 com/phcx/businessmodule/utils/Quantity.java, line(s) 4 com/scep/client/vo/test/TestSM2.java, line(s) 82 com/scep/client/vo/test/TestUserASNObject.java, line(s) 64,126,54,59 com/scep/service/pki/PKIServiceImpl.java, line(s) 97,94 com/scep/service/utils/RelateUtils.java, line(s) 7,22,23,24,19,21,20,26,25 com/scep/service/utils/ServiceUtils.java, line(s) 11 com/scep/web/test/CertTemplate.java, line(s) 27,28,29,30,31,32,33,34,35,37,36 com/scep/web/test/Values.java, line(s) 48,72,78,52,73,79,74,75,76,80,81,82
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: cn/dacas/security/Sm2.java, line(s) 3 cn/gov/jsgsj/portal/activity/silentliveness/LivenessMainActivity.java, line(s) 26 com/framework/core/util/DateTest.java, line(s) 5 com/framework/core/util/RandomData.java, line(s) 7 com/phcx/businessmodule/utils/Common.java, line(s) 22 com/scep/client/TestRecover.java, line(s) 11 com/scep/client/TestSM2.java, line(s) 17 com/scep/client/vo/test/TestSM2.java, line(s) 17 com/scep/client/vo/test/TestUserASNObject.java, line(s) 15 com/ziyeyouhu/safekeyboard/KeyboardUtil.java, line(s) 34 iie/dcs/securecore/a/c.java, line(s) 30
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: cn/gov/jsgsj/portal/activity/SignFileListActivity.java, line(s) 237 cn/gov/jsgsj/portal/activity/card/MyCardActivity.java, line(s) 90 cn/gov/jsgsj/portal/activity/face/FileUtil.java, line(s) 13,48 cn/gov/jsgsj/portal/activity/silentliveness/SilentLivenessActivity.java, line(s) 31 cn/gov/jsgsj/portal/activity/startBusiness/SelfEmpAddMemberActivity.java, line(s) 587 cn/gov/jsgsj/portal/activity/work/FileListActivity.java, line(s) 97 cn/gov/jsgsj/portal/activity/work/FileSignListActivity.java, line(s) 150,178 cn/gov/jsgsj/portal/activity/work/ScanPrintActivity.java, line(s) 75 cn/gov/jsgsj/portal/adapter/SignAdapter.java, line(s) 130 cn/gov/jsgsj/portal/base/BaseApplication.java, line(s) 126,126 cn/gov/jsgsj/portal/util/DataCleanManager.java, line(s) 15 cn/gov/jsgsj/portal/util/FileUtil.java, line(s) 177 cn/gov/jsgsj/portal/util/SdcardConfig.java, line(s) 8,33 com/phcx/businessmodule/utils/FileHelper.java, line(s) 17,24 com/phcx/businessmodule/utils/WriteToSD.java, line(s) 13 com/yongchun/library/utils/FileUtils.java, line(s) 25,26 iie/dcs/securecore/SecureCoreDevice.java, line(s) 1475
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: cn/gov/jsgsj/portal/Const.java, line(s) 4,138,177 cn/gov/jsgsj/portal/zxing/decoding/Intents.java, line(s) 45 com/framework/core/ldap/operat/LDAPOperat.java, line(s) 36,60 com/framework/core/mode/UserModule.java, line(s) 9 com/framework/core/util/SysOperType.java, line(s) 357 com/phcx/businessmodule/main/downloadcert/lineVerify/IDVerification.java, line(s) 56 com/phcx/businessmodule/mobilesdk/event/IMClientManager.java, line(s) 32 com/uuzuche/lib_zxing/decoding/Intents.java, line(s) 45 iie/dcs/securecore/a/a.java, line(s) 53 iie/dcs/utils/RegexsUtils.java, line(s) 12
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: cn/gov/jsgsj/portal/util/MD5.java, line(s) 9 com/baidu/aip/face/stat/Dev.java, line(s) 211 iie/dcs/utils/PhoneStateUtils.java, line(s) 81
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: cn/gov/jsgsj/portal/base/SignCheck.java, line(s) 70 cn/gov/jsgsj/portal/util/SHA1.java, line(s) 39,276 cn/gov/jsgsj/portal/util/ShA1Util.java, line(s) 202
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/yongchun/library/utils/CropUtil.java, line(s) 125
中危 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 百度统计的=> "BaiduMobAd_STAT_ID" : "8231deaffc" 友盟统计的=> "UMENG_APPKEY" : "59808a65aed17910c3001146" 百度统计的=> "BaiduMobAd_CHANNEL" : "Sparksoft" 友盟统计的=> "UMENG_MESSAGE_SECRET" : "2eace7e5413304b374aaceb8e13e545f" "isneilflag_key" : "isneilflag_key" "project_id_key" : "project_id_key" "app_version_key" : "app_version_key" "bestphoto_count_key" : "bestphoto_count_key" "difficulty_level_options_key" : "difficulty_level_options_key" "save_photo_key" : "save_photo_key" "password_key" : "password_key" "choose_tick_key" : "choose_tick_key" "server_address_key" : "server_address_key" "check_only_body_key" : "check_only_body_key" "is_open_tick_key" : "is_open_tick_key" "auto_pic_key" : "auto_pic_key" "version_id_key" : "version_id" "surface_size_key" : "surface_size_key" "username_key" : "username_key" "version_des_key" : "version_des" "frame_show_key" : "frame_show_key" "version_info_key" : "version_info_key" MIIBsjCCAVmgAwIBAAIGEzckkSg0MAoGCCqBHM9VAYN1MHMxCzAJBgNVBAYMAkNOMRIwEAYDVQQIDAnkuIrmtbfluIIxEjAQBgNVBAcMCeS4iua1t+W4gjEPMA0GA1UECgwGMjMyMzM0MRIwEAYDVQQLDAnkuIrmtbfluIIxFzAVBgNVBAMMDua1i+ivlWNh57O757ufMB4XDTEyMDUxNzEwMDM1OFoXDTMyMDUxNzEwMDM1OFowTjELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAmprMQswCQYDVQQHEwJqazELMAkGA1UEChMCYXMxCzAJBgNVBAsTAmFzMQswCQYDVQQDEwJhczBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABE2HvmnEgMHdbDyEPEQp8GDCddT418G1iyasZzPwxdiZbraatdFzKYKQDit0af53CLxoyp4KPRsUzok1k8ATr8MwCgYIKoEcz1UBg3UDRwAwRAIgVCxpvZubZeaA+FkiGEJRuc+SaJ6BRBisL66uHaz2fZACIHlUtlQ9SceziF7RAjWQLmef8ikbE8mmjGDOmANks3Nz MIIBGzCBwQIBADBfMQswCQYDVQQGEwJDTjESMBAGA1UECBMJZ3Vhbmdkb25nMRIwEAYDVQQHEwlndWFuZ3pob3UxDjAMBgNVBAoTBW5ldGNhMRgwFgYDVQQDDA9uZXRjYV90ZXN0X3VzZXIwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAATfChRMQM1FNYWG3MGA23MkVSTWvkRZd4GoqPJbtjvyJyeecJSr36Bcss2hm6xHZvBMEgI2UoorWNStKpI610M1oAAwDAYIKoEcz1UBg3UFAANHADBEAiAK9E+vq8FdjpfaWZf6ZPMeDtIJ0OvxOwzC1hGnOITFZgIgAl4L3qAsXIcihOIfVLqUYQrofmushvF78LbaK8ad2vI= 5418023dfd98c579b6001741 MIIBJzCBzQIBADBrMQswCQYDVQQGEwJDTjEPMA0GA1UECAwG5YyX5LqsMQ8wDQYDVQQHDAbljJfkuqwxGzAZBgNVBAoMEuWMl+S6rOenkeaKgOWFrOWPuDEdMBsGA1UEAwwU56eR5oqA5YWs5Y+45Li7566hMDIwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAASBImnB5RHIEXs0D91G4NICYg2w1dn4+KBPu1Le4D27V9YZ6G5YH++kZcXPKuKlXwv4PAHNlTAw4WKa5eUHThHPoAAwDAYIKoEcz1UBg3UFAANHADBEAiBx1puCH0fSqEfTCy8Y7Q3k22LL2Dj7P7EySR6VeTn54QIgdSHJKDbD9fnp/HuA6lBDkBndRIt4eG2uwCcv4PQy82g= coz6CjEq1mqeFCAkXYUx4DIw3dqFf0O61CuJnVM2W1Bu2wSbrNXlavRF2BeWX8H6 8dffab6aafc8ebc974bd82364ef9516b 51f72611acf6df792025ae5ce341b01f 3b8f7ad66017d298469b45adf3f976fd 09f9df311e5421a150dd7d161e4bc5c672179fad1833fc076bb08ff356f35020ccea490ce26775a52dc6ea718cc1aa600aed05fbf35e084a6632f6072da9ad13 9Ix4lDOgFm3EkXv1vnrqfM1984W2Not2uPdVE4bwfWavBWA6HqU1pTFOy3OsNC8x TmqH4+aJWtoq2GTUXDfRAUoIKZWBQzWZ CB793C3A6891754439A290D5139C21FB4695F8333230FD2A6D365E52CFD4C6E115FAB1C8E76872027B3CF4431C8DFFA5750D711542C8B0B43B866A3F2203C3E14727E0B2C92487B2D2742F07CC37D6B15FB6398BD53E8746CE1D8329113A75BA79710B45B8A8F7874BEBDE7F862F0E58B776CF76C675D3279E4EE53AEE295308
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: cn/dacas/security/ByteUtil.java, line(s) 71 cn/dacas/security/OpException.java, line(s) 12,18,24 cn/dacas/security/PdrContext.java, line(s) 17,23,33,64 cn/gov/jsgsj/portal/activity/SafetyCenterActivity.java, line(s) 127,113,188 cn/gov/jsgsj/portal/activity/SignFileListActivity.java, line(s) 157 cn/gov/jsgsj/portal/activity/SplashActivity.java, line(s) 51 cn/gov/jsgsj/portal/activity/card/ChangeCard2ndActivity.java, line(s) 481 cn/gov/jsgsj/portal/activity/face/FaceLivenessExpActivity.java, line(s) 137 cn/gov/jsgsj/portal/activity/jsqynb/AddGuaranteeActivity.java, line(s) 133 cn/gov/jsgsj/portal/activity/jsqynb/AnnualActivity.java, line(s) 282 cn/gov/jsgsj/portal/activity/jsqynb/AssetStatusActivity.java, line(s) 138 cn/gov/jsgsj/portal/activity/jsqynb/ForeignInvestActivity.java, line(s) 134 cn/gov/jsgsj/portal/activity/jsqynb/GuaranteeActivity.java, line(s) 154,180 cn/gov/jsgsj/portal/activity/jsqynb/LoginAnnualActivity.java, line(s) 154 cn/gov/jsgsj/portal/activity/jsqynb/NewEssential3rdActivity.java, line(s) 104 cn/gov/jsgsj/portal/activity/jsqynb/ShareholderContributioInformationActivity.java, line(s) 115 cn/gov/jsgsj/portal/activity/jsqynb/StockRightActivity.java, line(s) 114 cn/gov/jsgsj/portal/activity/jsqynb/WebsiteManageActivity.java, line(s) 109 cn/gov/jsgsj/portal/activity/jsqynb/branch/NewBranchEssentialInformationActivity.java, line(s) 153,156 cn/gov/jsgsj/portal/activity/jsqynb/branch/ProductionManagementActivity.java, line(s) 94 cn/gov/jsgsj/portal/activity/jsqynb/cooperative/BranchManageActivity.java, line(s) 106 cn/gov/jsgsj/portal/activity/jsqynb/cooperative/CooperativeAssetStatusActivity.java, line(s) 118 cn/gov/jsgsj/portal/activity/jsqynb/cooperative/NewCooperaEssential3rdActivity.java, line(s) 87 cn/gov/jsgsj/portal/activity/jsqynb/cooperative/NewCooperaEssentialInformationActivity.java, line(s) 112,115 cn/gov/jsgsj/portal/activity/jsqynb/customs/OperationSupplementActivity.java, line(s) 53 cn/gov/jsgsj/portal/activity/jsqynb/individual/IndividualAssetsActivity.java, line(s) 82 cn/gov/jsgsj/portal/activity/jsqynb/individual/NewIndividualEssential2ndActivity.java, line(s) 88 cn/gov/jsgsj/portal/activity/jsqynb/individual/PermitManageActivity.java, line(s) 178 cn/gov/jsgsj/portal/activity/jsqynb/nonbranch/NewNonBranchEssential3rdActivity.java, line(s) 68 cn/gov/jsgsj/portal/activity/jsqynb/nonbranch/NewNonBranchEssentialInformationActivity.java, line(s) 152,155 cn/gov/jsgsj/portal/activity/jsqynb/nonotherprivate/NewNonPrivateEssentialInformationActivity.java, line(s) 179 cn/gov/jsgsj/portal/activity/jsqynb/nonprivate/NewNonPrivateEssential3rdActivity.java, line(s) 68 cn/gov/jsgsj/portal/activity/jsqynb/nzbranch/NewNzBranchEssential3rdActivity.java, line(s) 61 cn/gov/jsgsj/portal/activity/jsqynb/nzbranch/NewNzBranchEssentialInformationActivity.java, line(s) 132,231,234 cn/gov/jsgsj/portal/activity/jsqynb/nzbranch/NzBranchAssetStatusActivity.java, line(s) 118 cn/gov/jsgsj/portal/activity/register/Register4thActivity.java, line(s) 541,650,748 cn/gov/jsgsj/portal/activity/register/Register5thActivity.java, line(s) 248 cn/gov/jsgsj/portal/activity/work/MsgReOffActivity.java, line(s) 196 cn/gov/jsgsj/portal/base/BaseActivity.java, line(s) 501,525 cn/gov/jsgsj/portal/base/SignCheck.java, line(s) 110 cn/gov/jsgsj/portal/fragment/HomeFragment.java, line(s) 379,392,1016,1018 cn/gov/jsgsj/portal/net/OkHttpClientManager.java, line(s) 530 cn/gov/jsgsj/portal/util/SHA1.java, line(s) 304 cn/gov/jsgsj/portal/util/ShA1Util.java, line(s) 247,222 cn/gov/jsgsj/portal/util/SharedPredUtil.java, line(s) 102,104,108,110,116,137 cn/gov/jsgsj/portal/widget/AnnualListSlideView.java, line(s) 55,78,85 cn/gov/jsgsj/portal/widget/ListSlideView.java, line(s) 61,86,112 cn/gov/jsgsj/portal/widget/ReportListSlideView.java, line(s) 61,84,91 cn/gov/jsgsj/portal/widget/SlideListView.java, line(s) 63,80,123,130,133,146 com/baidu/ocr/ui/util/ImageUtil.java, line(s) 65,71,105 com/cntrust/asn1/test/TestExtension.java, line(s) 43 com/cntrust/phpkijni/ASN1Util.java, line(s) 52,378 com/cntrust/phpkijni/CertChain.java, line(s) 60 com/cntrust/phpkijni/CertInfoObject.java, line(s) 161 com/cntrust/phpkijni/EnvelopeKeyObject.java, line(s) 87,113 com/cntrust/phpkijni/Extension.java, line(s) 124,251,253,256 com/cntrust/phpkijni/NetPHCertificate.java, line(s) 188,189 com/cntrust/phpkijni/OCSPRequest.java, line(s) 69,299,325,349,395,422,423 com/cntrust/phpkijni/PHCRL.java, line(s) 229 com/cntrust/phpkijni/PHCertificate.java, line(s) 189,190 com/cntrust/phpkijni/PHCertificateFromSubject.java, line(s) 191,192 com/cntrust/phpkijni/PHPkiComm.java, line(s) 54,55,56,57,58,67,68,69,70,71,222,1217,1330 com/cntrust/phpkijni/RSAPrivateKey.java, line(s) 241,435,436 com/cntrust/phpkijni/TestClentPubKey.java, line(s) 38,39,40,41,43,44 com/cntrust/phpkijni/genCertRequest.java, line(s) 40,41,42,56 com/cntrust/phpkijni/hexStringtoByte.java, line(s) 26,28 com/cntrust/phpkijni/net/NetCertificate.java, line(s) 110 com/cntrust/phpkijni/net/NetPHPkiComm.java, line(s) 454,459,529,530,537,538,539,540,1163 com/cntrust/phpkijni/testPHPkiCommNew.java, line(s) 69,70,71,83,92,189,190,191,277,278,279,297,361,368,404,497,498,499,507,508,568,590,633,634,647,671,694,697,734,752,772,780,783,786,790,795,829 com/cntrust/phpkijni/threadrun.java, line(s) 20,22 com/cntrust/phpkijni/util.java, line(s) 215,260,285,725,855 com/contrarywind/view/WheelView.java, line(s) 301 com/framework/core/kmc/resp/vo/RetKeyRespond.java, line(s) 26 com/framework/core/ldap/operat/LDAPOperat.java, line(s) 76,90,105,119,133,143,153,156,157,246 com/framework/core/pki/SUNPKIInterface.java, line(s) 62,64,68,71,72,73,77,81,99,100,110,111,248 com/framework/core/pki/ex/Exts_2_5_29_46_Entity.java, line(s) 16 com/framework/core/pki/ex/Exts_CRL_Entity.java, line(s) 26 com/framework/core/test/Test.java, line(s) 23,29,32 com/framework/core/util/DateTest.java, line(s) 13,16 com/framework/core/util/DateTime.java, line(s) 325,412,414 com/framework/core/util/Number.java, line(s) 38 com/nineoldandroids/animation/PropertyValuesHolder.java, line(s) 148,179,227,245,247,264,266,301,303,434,436,522,524 com/phcx/businessmodule/CompanyActivity.java, line(s) 323,331,342,344,318 com/phcx/businessmodule/PersonActivity.java, line(s) 300,308,319,321,142,295,140 com/phcx/businessmodule/base/BaseTitleActivity.java, line(s) 42 com/phcx/businessmodule/base/Permission.java, line(s) 62,63 com/phcx/businessmodule/interfaceImp/impl/IInterfaceImpl.java, line(s) 143,35,92,128 com/phcx/businessmodule/login/ChooseLoginModeActivity.java, line(s) 73,38,95,107,108 com/phcx/businessmodule/login/enterpriselogin/EnterpriseLoginActivity.java, line(s) 77 com/phcx/businessmodule/login/enterpriselogin/safecore/SafeVerifyLogin.java, line(s) 262,264,131,245,249,78,279,94,109,204 com/phcx/businessmodule/login/personlogin/safecore/SafeVerifyLogin.java, line(s) 280,282,146,263,267,67,297,109,124 com/phcx/businessmodule/main/authorizelogin/AuthorizeLogin.java, line(s) 79,478,480,108,253,363,461,465,92,215,494 com/phcx/businessmodule/main/backupsRecovery/backups/LicenseBackupsActivity.java, line(s) 56 com/phcx/businessmodule/main/backupsRecovery/recovery/LicenseRecoveryActivity.java, line(s) 51 com/phcx/businessmodule/main/checklicense/QueryLicenseActivity.java, line(s) 54 com/phcx/businessmodule/main/downloadcert/DownloadCertActivity.java, line(s) 32,33 com/phcx/businessmodule/main/downloadcert/DownloadCertInfoActivity.java, line(s) 662,80,201,210,277,343,413,444,459,521,545,633,185,328,513,627 com/phcx/businessmodule/main/downloadcert/DownloadedCertInfoActivity.java, line(s) 253,277,159,164 com/phcx/businessmodule/main/downloadcert/downloaded/DownloadedAdapter.java, line(s) 186 com/phcx/businessmodule/main/downloadcert/downloaded/DownloadedListActivity.java, line(s) 39 com/phcx/businessmodule/main/downloadcert/judgeCert/EqualPublicKey.java, line(s) 52,53 com/phcx/businessmodule/main/downloadcert/judgeCert/JudgeCertDown.java, line(s) 223,90,93,98,132,171,406,436,467,497,79 com/phcx/businessmodule/main/downloadcert/lineVerify/IDVerification.java, line(s) 582,381,405,556,635,451,554,633 com/phcx/businessmodule/main/downloadcert/verifyname/VerifyNameActivity.java, line(s) 128,81,159 com/phcx/businessmodule/main/downloadlicense/DownloadLicenseActivity.java, line(s) 66,196 com/phcx/businessmodule/main/downloadlicense/DownloadLicenseInfoActivity.java, line(s) 489,500,191,345,413,487 com/phcx/businessmodule/main/downloadlicense/bearerVerify/BearerVerifyDownLicenseActivity.java, line(s) 147,149,381,482,493,266,325,392,480 com/phcx/businessmodule/main/downloadlicense/cancellicense/CancelLicenseActivity.java, line(s) 131,213,224,132,211 com/phcx/businessmodule/main/downloadlicense/downloadInit/ChooseLicenceList.java, line(s) 65 com/phcx/businessmodule/main/downloadlicense/downloadInit/DownloadLicenseAdapter.java, line(s) 152 com/phcx/businessmodule/main/downloadlicense/downloadInit/DownloadLicenseListActivity.java, line(s) 62 com/phcx/businessmodule/main/downloadlicense/downloadInit/LocalLicenceList.java, line(s) 89,31,50,71,87 com/phcx/businessmodule/main/downloadlicense/downloaded/DownloadedLicenseInfoActivity.java, line(s) 114,125,196 com/phcx/businessmodule/main/downloadlicense/liaisonVerify/LiaisonVerifyDownLicenseActivity.java, line(s) 193,204,292,351 com/phcx/businessmodule/main/electronicsignature/AuthorizeSignActivity.java, line(s) 191,267,176,252 com/phcx/businessmodule/main/electronicsignature/SignatureInfoActivity.java, line(s) 156,141 com/phcx/businessmodule/main/electronicsignature/SignatureInfoAndHandSignActivity.java, line(s) 82,156,291,327,334,141,258,316,326 com/phcx/businessmodule/main/handsign/HandSignActivity.java, line(s) 159,142,219,204 com/phcx/businessmodule/main/replacePhone/ReplacePhoneActivity.java, line(s) 50 com/phcx/businessmodule/main/replacePhone/ReplacePhoneDownloadActivity.java, line(s) 48 com/phcx/businessmodule/main/replacePhoneNum/ReplacePhoneNumActivity.java, line(s) 49,98 com/phcx/businessmodule/main/scannerCode/CodeManage.java, line(s) 48 com/phcx/businessmodule/main/verifyLicense/VerifyLicenseActivity.java, line(s) 53 com/phcx/businessmodule/mobilesdk/ChatBaseEventImpl.java, line(s) 21,34,16,18,23,36 com/phcx/businessmodule/mobilesdk/ChatTransDataEventImpl.java, line(s) 57,50 com/phcx/businessmodule/mobilesdk/MessageQoSEventImpl.java, line(s) 15,24,17,26 com/phcx/businessmodule/phpkiTerminal/SM2PublicKey.java, line(s) 18,22 com/phcx/businessmodule/safeserver/CertSafeServer.java, line(s) 97,99,132,134,480,483,485,519,550,552,621,708,854,914,944,1112,1115,1148,1236,1511,1513,1545,1547,1581,1757,1759,1965,1997,2191,2194,2196,2231,2262,2264,2414,2444,168,605,607,615,617,638,642,644,172,589,597 com/phcx/businessmodule/safeserver/CommonSafeServer.java, line(s) 179,183,194,199,243,245,277,279,311,314,342,371,400,432,434,480,146 com/phcx/businessmodule/safeserver/EntrustSafeServer.java, line(s) 185,189,200,205,249,251,283,285,317,339,367,426,456,485,517,519,565,614,617,619,653,739,743,745,791,865,923,953,998,1000,1032,1034,1229,1231,1263,1265,1468,1470,1558,1590,152,336,788,1067,324,325,327,329,331,808,1070 com/phcx/businessmodule/safeserver/LicenseSafeServer.java, line(s) 73,75,108,110,545,548,550,582,584,671,804,806,838,840,876,1019,1022,1024,1060,1064,1066,1067,1126,1199,1316,1346,1375,1405,1435,1753,1756,1758,1794,1802,1804,1863,1937,2054,2084,2113,2143,2173,2226,2228,2316,2348,2452,2454,2493,2495,144,1120,1122,1857,1859,148,1104,1112,1841,1849,1880 com/phcx/businessmodule/utils/AnalysisJson.java, line(s) 16,18,26,29,31 com/phcx/businessmodule/utils/AnalyticalCertificate.java, line(s) 10,17 com/phcx/businessmodule/utils/Common.java, line(s) 254,269 com/phcx/businessmodule/utils/FileHelper.java, line(s) 59 com/phcx/businessmodule/utils/Log.java, line(s) 15,11,7 com/phcx/businessmodule/utils/OpException.java, line(s) 10,16,22 com/phcx/businessmodule/utils/RATest.java, line(s) 48,74 com/phcx/businessmodule/utils/SM3Helper.java, line(s) 166,167,169,171,177,179,180,182,184,187 com/phcx/businessmodule/utils/SPUtil.java, line(s) 17 com/phcx/businessmodule/utils/StringUtils.java, line(s) 88,89 com/phcx/businessmodule/utils/WriteToSD.java, line(s) 15,25,29,37 com/phcx/businessmodule/utils/hexStringtoByte.java, line(s) 26,28 com/scep/client/MultiThread.java, line(s) 5 com/scep/client/TestAdmin.java, line(s) 40,52,53,54,55,57 com/scep/client/TestArea.java, line(s) 40,52,53,54,55,56,58 com/scep/client/TestCertSearch.java, line(s) 38,47,48,49,50 com/scep/client/TestRecover.java, line(s) 51,63,64,66,67 com/scep/client/TestRegister.java, line(s) 51,61,62,64,67 com/scep/client/TestRevoke.java, line(s) 46,57,58 com/scep/client/TestSM2.java, line(s) 138,143,147,150,151,157 com/scep/client/TestSearch.java, line(s) 42,52,53,59,60,61,63,64,65 com/scep/client/TestTemplate.java, line(s) 42,54,55,56,58,60,63,65,68 com/scep/client/TestUpdate.java, line(s) 36,46,47,48,49 com/scep/client/vo/test/TestSM2.java, line(s) 39,50,110,118,120,123,126,137 com/scep/service/ScepServiceImpl.java, line(s) 29 com/scep/service/pki/PKIServiceImpl.java, line(s) 127 com/scep/web/RAScepService.java, line(s) 30,34 com/scep/web/test/Test.java, line(s) 27,28,29,30,31 com/scep/web/test/Values.java, line(s) 60,88 com/uuzuche/lib_zxing/camera/AutoFocusCallback.java, line(s) 27 com/uuzuche/lib_zxing/camera/CameraConfigurationManager.java, line(s) 32,36,46,51,82,44,106,123,171,182 com/uuzuche/lib_zxing/camera/FlashlightManager.java, line(s) 15,17,58,69,78,81,84 com/uuzuche/lib_zxing/camera/PreviewCallback.java, line(s) 38 com/uuzuche/lib_zxing/decoding/CaptureActivityHandler.java, line(s) 50,55,68,72 com/uuzuche/lib_zxing/decoding/DecodeHandler.java, line(s) 58 com/yanzhenjie/permission/AndPermission.java, line(s) 146 com/yanzhenjie/permission/DefaultPermission.java, line(s) 124,138 com/ziyeyouhu/safekeyboard/KeyboardUtil.java, line(s) 235,450,546 de/mindpipe/android/logging/log4j/LogCatAppender.java, line(s) 39,42,63,66,47,50,31,34,55,58,71,74 de/mindpipe/android/logging/log4j/LogConfigurator.java, line(s) 76 iie/dcs/utils/LogUtils.java, line(s) 9,53,105 iie/dcs/utils/PhoneStateUtils.java, line(s) 71,85 net/openmob/mobileimsdk/android/ClientCoreSDK.java, line(s) 45,50,95 net/openmob/mobileimsdk/android/core/AutoReLoginDaemon.java, line(s) 44 net/openmob/mobileimsdk/android/core/KeepAliveDaemon.java, line(s) 49 net/openmob/mobileimsdk/android/core/LocalUDPDataReciever.java, line(s) 54,99,118,156,191,164,58,64,174,178,185 net/openmob/mobileimsdk/android/core/LocalUDPDataSender.java, line(s) 184,92,99,104,138 net/openmob/mobileimsdk/android/core/LocalUDPSocketProvider.java, line(s) 27,32,49,54,62,68,36,71 net/openmob/mobileimsdk/android/core/QoS4ReciveDaemon.java, line(s) 43,49,56,92,96 net/openmob/mobileimsdk/android/core/QoS4SendDaemon.java, line(s) 55,74,85,65,79,92,138,142,146,150,166 net/openmob/mobileimsdk/android/utils/UDPUtils.java, line(s) 15,19,33,37 org/androidannotations/api/BackgroundExecutor.java, line(s) 128 org/androidannotations/api/ViewServer.java, line(s) 69,111,121,224,239,445,464,539,767 org/androidannotations/api/sharedpreferences/SetXmlSerializer.java, line(s) 60,63 psic/PSIJni.java, line(s) 71 psic/PSINetCA.java, line(s) 741,743,745 psic/PSIPH.java, line(s) 54,55,56,172,246,411,412,413,414,415,417 pub/devrel/easypermissions/EasyPermissions.java, line(s) 174,176,32 top/zibin/luban/Checker.java, line(s) 97,103,125,139 top/zibin/luban/Luban.java, line(s) 85,84 uk/co/senab/photoview/PhotoViewAttacher.java, line(s) 57 uk/co/senab/photoview/log/LoggerDefault.java, line(s) 18,23,48,53,28,33,8,13,38,43
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: cn/gov/jsgsj/portal/util/RootUtils.java, line(s) 41
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: cn/gov/jsgsj/portal/net/OkHttpClientManager.java, line(s) 435,514,423,81,433,433,512,512
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (jsgsj.gov.cn) 通信。
{'ip': '180.101.212.64', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南京', 'latitude': '32.061668', 'longitude': '118.777992'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (aip.baidubce.com) 通信。
{'ip': '180.101.212.64', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (www.cntrust.info) 通信。
{'ip': '117.184.199.38', 'country_short': 'CN', 'country_long': '中国', 'region': '上海', 'city': '上海', 'latitude': '31.224333', 'longitude': '121.468948'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (apps.sparksoft.com.cn) 通信。
{'ip': '49.234.24.225', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (verify.baidubce.com) 通信。
{'ip': '180.101.212.64', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '苏州', 'latitude': '31.311365', 'longitude': '120.617691'}