安全分析报告:
安全分数
安全分数 46/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
1
用户/设备跟踪器
调研结果
高危
7
中危
54
信息
1
安全
2
关注
2
高危 Activity (com.igexin.sdk.GActivity) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (20) 更新到 29 或更高版本以在平台级别修复此问题。
高危 SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击
SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#android-network-apis Files: com/hikvision/vmsnetsdk/util/HttpUtil.java, line(s) 462,25,26,27,28,29,30,31 com/lidroid/xutils/http/client/DefaultSSLSocketFactory.java, line(s) 61,13,14,15 com/lidroid/xutils/util/OtherUtils.java, line(s) 230,230,16,17,18,19,20
高危 使用弱加密算法
使用弱加密算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/secure/comm/utils/SPTripleDes.java, line(s) 36,70
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/secure/comm/utils/SPTripleDes.java, line(s) 36,70
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/esri/android/map/popup/ArcGISDescriptionAdapter.java, line(s) 77,8
高危 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/lidroid/xutils/BuildConfig.java, line(s) 3,4
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
com/hikvision/vmsnetsdk/util/AESUtil.java, line(s) 77,85
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Activity (com.zjsl.hezz2_hx.business.meeting.MeetingActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.meeting.MeetingTypeAct) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.meeting.MeetingSelectActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.my.IMActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.information.ExposureActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.patrol.PatrolSelfDailyActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.patrol.PatrolSubDailyActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.patrol.PatrolDailyHomeActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.patrol.PatrolSubDailyListActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.patrol.ReachChooseActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.waterquality.QualtiySectionActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.waterquality.QualitySectionNewActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.waterquality.QualitySectionWithHtml) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.event.EventReportActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.dailypatrol.DailyPatrolReportActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.event.InstructionActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.event.MyEventActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.event.MyInstructionActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.event.EventTodoActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.event.EventTraceActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.event.EventClosedActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.checkplan.CheckPlanListActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.secretlyplan.SecretlyPlanListActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.inspection.InspectionListActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.duban.DuBanListActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.photograph.PhotographActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.mytag.MyTagActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.rivertag.RiverTagChooseActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.micro.MicroActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.project.ImportantProjectActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.river.MyReachChooseActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.river.BindRiverAct) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.rivercollect.RiverCollectTagChooseActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.riverstrategy.RiverStrategyActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.zjsl.hezz2_hx.business.rfonline.RiverChiefOnlineActivity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Service (com.secure.sportal.sdk.vpn.SPNCService) 受权限保护, 但是应该检查权限的保护级别。
Permission: android.permission.BIND_VPN_SERVICE [android:exported=true] 发现一个 Service被共享给了设备上的其他应用程序,因此让它可以被设备上的任何其他应用程序访问。它受到一个在分析的应用程序中没有定义的权限的保护。因此,应该在定义它的地方检查权限的保护级别。如果它被设置为普通或危险,一个恶意应用程序可以请求并获得这个权限,并与该组件交互。如果它被设置为签名,只有使用相同证书签名的应用程序才能获得这个权限。
中危 Activity设置了TaskAffinity属性
(com.igexin.sdk.PushActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity设置了TaskAffinity属性
(com.igexin.sdk.GActivity) 如果设置了 taskAffinity,其他应用程序可能会读取发送到属于另一个任务的 Activity 的 Intent。为了防止其他应用程序读取发送或接收的 Intent 中的敏感信息,请始终使用默认设置,将 affinity 保持为包名
中危 Activity (com.igexin.sdk.GActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.zjsl.hezz2_hx.service.DemoPushService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.igexin.sdk.PushService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.zjsl.hezz2_hx.base.SystemTimeChangeReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Broadcast Receiver (com.igexin.sdk.PushReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/lidroid/xutils/http/client/multipart/MultipartEntity.java, line(s) 10 com/uhope/base/utils/RandomUtil.java, line(s) 4 de/tavendo/autobahn/AutobahnConnection.java, line(s) 7 de/tavendo/autobahn/WebSocketWriter.java, line(s) 11
中危 IP地址泄露
IP地址泄露 Files: com/hik/mcrsdk/talk/module/TalkControl.java, line(s) 47 com/hik/mcrsdk/test/RtspClientTest.java, line(s) 17,43 com/secure/comm/net/SPHttpClient.java, line(s) 119 com/secure/sportal/entry/SPNetItemInfo.java, line(s) 55 com/secure/sportal/entry/SPUserDataInfo.java, line(s) 35 com/secure/sportal/gateway/GatewayBrokerConn.java, line(s) 31 com/secure/sportal/gateway/GatewayLink.java, line(s) 113 com/secure/sportal/jni/SPLibBridge.java, line(s) 501 com/secure/sportal/sdk/SPVPNClient.java, line(s) 150,195 com/secure/sportal/sdk/deprecated/SPSDKClientV1.java, line(s) 165,205 com/secure/sportal/sdk/vpn/SPNCService.java, line(s) 284 com/zjsl/hezz2_hx/base/BaseConstant.java, line(s) 52 com/zjsl/hezz2_hx/util/VPNUtils.java, line(s) 36
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/esri/core/portal/PortalFolder.java, line(s) 97 com/esri/core/portal/PortalInfo.java, line(s) 418 com/esri/core/portal/PortalUser.java, line(s) 309 com/hik/mcrsdk/talk/module/TalkControl.java, line(s) 50 com/hikvision/vmsnetsdk/netLayer/mag/MAGServer.java, line(s) 182 com/hikvision/vmsnetsdk/util/AESUtil.java, line(s) 16 com/hikvision/vmsnetsdk/util/EnCode.java, line(s) 15,35,14,27,13,19 com/secure/sportal/entry/SPortalConf.java, line(s) 19,22,25 com/secure/sportal/gateway/msg/LoginReq.java, line(s) 15 com/secure/sportal/sdk/LibSecIDSDKLite.java, line(s) 25,27 com/secure/sportal/sdk/SPVPNClient.java, line(s) 53,55 com/secure/sportal/sdk/deprecated/SPLoginTaskV1.java, line(s) 98 com/zjsl/hezz2_hx/base/BaseConstant.java, line(s) 145,92,55 com/zjsl/hezz2_hx/business/LoginActivity.java, line(s) 400 com/zjsl/hezz2_hx/business/PagerActivity.java, line(s) 348 com/zjsl/hezz2_hx/business/event/EventDetailActivity.java, line(s) 1296,1322 com/zjsl/hezz2_hx/business/event/InstructionActivity.java, line(s) 141 com/zjsl/hezz2_hx/business/event/MyInstructionActivity.java, line(s) 137 com/zjsl/hezz2_hx/business/information/NoticeActivity.java, line(s) 173 com/zjsl/hezz2_hx/business/meeting/ContactActivity.java, line(s) 220,221 com/zjsl/hezz2_hx/business/micro/MicroDetailActivity.java, line(s) 212 com/zjsl/hezz2_hx/business/patrol/AddPatrolLogActivity.java, line(s) 1116 com/zjsl/hezz2_hx/business/patrol/OutfallDetailyActivity.java, line(s) 102 com/zjsl/hezz2_hx/business/patrol/TrailRecordActivity.java, line(s) 189 com/zjsl/hezz2_hx/callback/HomeWatcherReceiver.java, line(s) 14,15 com/zjsl/hezz2_hx/entity/Micro.java, line(s) 275 com/zjsl/hezz2_hx/entity/User.java, line(s) 519,519 com/zjsl/hezz2_hx/util/HomeWatcherReceiver.java, line(s) 14,15 com/zjsl/hezz2_hx/util/SyncDataBackgroundTask.java, line(s) 110,363 com/zjsl/hezz2_hx/util/SyncLocationDataTask.java, line(s) 89,113,156,180 com/zjsl/hezz2_hx/util/SyncLocationDataTaskForDataManage.java, line(s) 127,155 me/iwf/photopicker/utils/ImageCaptureManager.java, line(s) 17
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: cn/qqtheme/framework/util/ConvertUtils.java, line(s) 318 cn/qqtheme/framework/util/LogUtils.java, line(s) 108 com/hikvision/vmsnetsdk/VMSNetSDK.java, line(s) 2503 com/lidroid/xutils/util/OtherUtils.java, line(s) 87 com/nostra13/universalimageloader/utils/StorageUtils.java, line(s) 24,53,54,63 com/secure/comm/utils/SPFileUtil.java, line(s) 83,85,93,95 com/secure/sportal/jni/LibSecurePortal.java, line(s) 43,45,48 com/yuyh/library/imgsel/ImgSelConfig.java, line(s) 77 com/yuyh/library/imgsel/utils/FileUtils.java, line(s) 33 com/zjsl/hezz2_hx/base/Config.java, line(s) 25,26,27,28,29,30,31,32,33 com/zjsl/hezz2_hx/base/CrashHandler.java, line(s) 152,164 com/zjsl/hezz2_hx/business/checkplan/ProblemAddActivity.java, line(s) 193,355 com/zjsl/hezz2_hx/business/dailypatrol/DailyPatrolAddProblemActivity.java, line(s) 253,480 com/zjsl/hezz2_hx/business/duban/XianChangHeChaFragment.java, line(s) 214,398 com/zjsl/hezz2_hx/business/event/EventDetailActivity.java, line(s) 381 com/zjsl/hezz2_hx/business/event/EventReportActivity.java, line(s) 326,398 com/zjsl/hezz2_hx/business/inspection/InspectionAddProblemActivity.java, line(s) 251,364 com/zjsl/hezz2_hx/business/micro/MicroLabelActivity.java, line(s) 122 com/zjsl/hezz2_hx/business/mytag/AddBiaozhuActivity.java, line(s) 158 com/zjsl/hezz2_hx/business/mytag/AddTagActivity.java, line(s) 431 com/zjsl/hezz2_hx/business/patrol/ReportActivity.java, line(s) 160 com/zjsl/hezz2_hx/business/photograph/AddPhotographActivity.java, line(s) 165 com/zjsl/hezz2_hx/business/secretlyplan/SecretlyPlanProblemAddActivity.java, line(s) 209,380 com/zjsl/hezz2_hx/meeting/Helper.java, line(s) 369 com/zjsl/hezz2_hx/util/CleanDataUtil.java, line(s) 193,201 com/zjsl/hezz2_hx/util/ParsePicturePath.java, line(s) 26 com/zjsl/hezz2_hx/util/UpdateService.java, line(s) 69 com/zjsl/hezz2_hx/util/Utils.java, line(s) 104 me/iwf/photopicker/utils/ImageCaptureManager.java, line(s) 29
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/hikvision/vmsnetsdk/bygone/BG_VMSNetSDK.java, line(s) 220 com/lidroid/xutils/cache/MD5FileNameGenerator.java, line(s) 10 com/secure/comm/utils/SPStringUtil.java, line(s) 106,117 com/secure/comm/utils/SPTripleDes.java, line(s) 21,55 com/zjsl/hezz2_hx/util/ToolUtil.java, line(s) 425
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/lidroid/xutils/DbUtils.java, line(s) 5,791,800
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: com/esri/android/map/CSVLayer.java, line(s) 139
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/hikvision/vmsnetsdk/util/AESUtil.java, line(s) 54,56 com/zjsl/hezz2_hx/business/SplashActivity.java, line(s) 74
中危 应用程序包含隐私跟踪程序
此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 个推–推送服务的=> "PUSH_APPKEY" : "pOCP4Sf4I1Ahm6eKmO9z28" 个推–推送服务的=> "PUSH_APPID" : "pOCP4Sf4I1Ahm6eKmO9z28" 个推–推送服务的=> "PUSH_APPSECRET" : "pOCP4Sf4I1Ahm6eKmO9z28" 高德地图的=> "com.amap.api.v2.apikey" : "33afd999a2a780cd4637185663eaf05f" 1b5844da81c64c8385885a2cb09ec8c8 10f89f2260af44a091f8c2ffe595c2c5 cb0a5c20b4b811e88338fa163e29a9e1 cd2701266a4d4eea90313994548698e2 a49030dc9302474782da2ee0bf27652f abc91784725cc10817dedf128d39b3fe fca74e7d677111e7968ef01fafcf3a37
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: cn/qqtheme/framework/util/LogUtils.java, line(s) 58,102,44,80,146 com/ant/liao/GifView.java, line(s) 272 com/esri/android/map/CSVLayer.java, line(s) 72,84,94,58,92,102,128,161,168,177,184 com/esri/android/map/Callout.java, line(s) 838 com/esri/android/map/DynamicLayer.java, line(s) 83,92,85 com/esri/android/map/GraphicsLayer.java, line(s) 134,144,253 com/esri/android/map/Layer.java, line(s) 339,478,486 com/esri/android/map/LocationService.java, line(s) 366,369,385,388,760,761,764,769,775,785,789,796,797,799,817,343,356,644,668,853,906,944 com/esri/android/map/MapOnTouchListener.java, line(s) 109 com/esri/android/map/MapSurface.java, line(s) 267,291,302,304,310,326,329,332,337,414,418,430,442,452,455,530,535,605,463,621,933,952,308,323 com/esri/android/map/MapView.java, line(s) 306,310,431,435,539,543,647,651,764,768,874,878,984,988,1164,1169,1285,1315,1327,1339,1922,1928,1047,1253,2045,2065,1187,1191 com/esri/android/map/TiledServiceLayer.java, line(s) 131,146,148,156,161,187,189,192,221,251,136,140,273,134 com/esri/android/map/a.java, line(s) 43,46,50 com/esri/android/map/ags/ArcGISDynamicMapServiceLayer.java, line(s) 114,135,305,326 com/esri/android/map/ags/ArcGISFeatureLayer.java, line(s) 163,209,237,305,310,313,316,510,558,569,596,651,659,672,674,888,914,934,973,977,1031,1035,1043,1048,1067,1072,1080,1085,1122,1184,1319,1324,1332,1335,1351,1356,1364,1367,1382,1387,1395,1398,1421,1429,1434,1469,1480,1499,1686,1906,1914,294,298,442,522,679,1166,1193,1503,676,862,1022,1037,1074,1326,1358,1389,1423 com/esri/android/map/ags/ArcGISImageServiceLayer.java, line(s) 61,82 com/esri/android/map/ags/ArcGISLocalTiledLayer.java, line(s) 105,108,62,66 com/esri/android/map/ags/ArcGISPopupInfo.java, line(s) 137 com/esri/android/map/ags/ArcGISTiledMapServiceLayer.java, line(s) 194,230,233,84,115,153,174,209,236,206 com/esri/android/map/b.java, line(s) 106,182,187,193,197,200,204,207,210,213,216,219,222,323,326,82,190,374,535,366 com/esri/android/map/bing/BingMapsLayer.java, line(s) 142,114,126,137,230,249,288,292,297,306,282 com/esri/android/map/ogc/KMLLayer.java, line(s) 104,108,150,152,139,156,200 com/esri/android/map/ogc/WMSLayer.java, line(s) 175,230 com/esri/android/map/ogc/b.java, line(s) 51,102 com/esri/android/map/osm/OpenStreetMapLayer.java, line(s) 67,105,119 com/esri/android/map/popup/ArcGISAttachmentsAdapter.java, line(s) 835,851 com/esri/android/map/popup/ArcGISMediaAdapter.java, line(s) 399 com/esri/android/map/popup/ArcGISTitleView.java, line(s) 331 com/esri/core/internal/catalog/Item.java, line(s) 197,211 com/esri/core/internal/catalog/User.java, line(s) 193 com/esri/core/portal/PortalItem.java, line(s) 217,247 com/esri/core/symbol/advanced/SymbolDictionary.java, line(s) 65,79 com/esri/core/symbol/advanced/SymbolDictionaryImpl.java, line(s) 43 com/github/barteksc/pdfviewer/PDFView.java, line(s) 487,690,699 com/hik/mcrsdk/talk/module/AudioStreamManager.java, line(s) 59,82,130,144,147,174,207,212,50,53,66,88,91,158,169,74 com/hik/mcrsdk/talk/module/TalkControl.java, line(s) 26,33,55,60,65,68,74,86,91,96,101,104,116,125,132,135,143,19 com/hik/mcrsdk/test/RtspClientTest.java, line(s) 37,51,58,35,49,71 com/hik/mcrsdk/util/CLog.java, line(s) 12,28,24,16,20 com/hikvision/vmsnetsdk/CNetSDKLog.java, line(s) 14,38,32,20,26 com/hikvision/vmsnetsdk/ServInfo.java, line(s) 89,141,157 com/hikvision/vmsnetsdk/VMSNetSDK.java, line(s) 241,304,322,357,438,439,882,888,890,900,1574,1595,1721,1758,1773,2201,2235,2456,2466,2468,2479,2481,2498,2512,2514,2517,2519,2529,2531,2540,2606,2611,2633,2643,2644,2651,2695,2700,2701,266,366,387,429,469,486,504,511,521,522,529,530,546,553,564,571,606,648,665,681,699,739,756,797,846,911,918,960,989,1026,1075,1120,1164,1205,1249,1293,1331,1498,1558,1615,1621,1642,1784,1800,1817,1864,1893,1898,1943,1961,1975,1983,2079,2118,2136,2158,2166,2194,2262,2296,2299,2307,2340,2347,2381,2389,2412,2420,2563,2571,2578,312,328,896,1554,1611,1638,1732,1838,1855,1921,1980,2215,2247,2501,2504,2551,2559,253 com/hikvision/vmsnetsdk/XMLParser.java, line(s) 51,97,147,376,392,451,516,659,727,742,743,972,1134,1216,1325,1380,1405,1459,1529,1621,1693,1746,1870,2105,2168,2171,2176,2181,2186,2191,2196,2201,2206,2213,2245,2281,510,574,1696,1701,2234 com/hikvision/vmsnetsdk/bygone/BG_VMSNetSDK.java, line(s) 130,154,179,186,208,241,266,291,316,341,366,391,407,417,435,443,476,505,511,513,523,533,539,545,549,559,573,575,578,583,590,603,605,608,613,620,632,634,639,642,652,664,666,671,674,684,696,698,703,706,716,728,730,735,738,748,760,762,767,770,780,796,801,808,821,823,826,831,838,847,858,863,871,882,887,895,906,911,919,930,935,947,949,952,957,964,977,979,982,987,994,1003,1014,1017,1034,1075,1091,1129,1146,1279,1291,1309,1317,1335,1343,1368,1393,1426,1451,1469,1479,141,165,253,278,303,328,353,378,403,429,457,488,519,555,1303,1329,1355,1380,1407,1438,1463 com/hikvision/vmsnetsdk/netLayer/NetSyncHttpRequest.java, line(s) 32 com/hikvision/vmsnetsdk/netLayer/base/NetHttpResponse.java, line(s) 54,58,25,38,42,64,68,23 com/hikvision/vmsnetsdk/netLayer/mag/MAGServer.java, line(s) 144,169 com/hikvision/vmsnetsdk/netLayer/mag/MagRequest.java, line(s) 45,68,50,65 com/hikvision/vmsnetsdk/netLayer/mag/MagResponse.java, line(s) 34,40,49,55,61,29 com/hikvision/vmsnetsdk/netLayer/mag/ability/MagAbilityRequest.java, line(s) 25,29,60 com/hikvision/vmsnetsdk/netLayer/mag/ability/MagAbilityResponse.java, line(s) 36,41,30 com/hikvision/vmsnetsdk/netLayer/mag/kms/GetKmsRequest.java, line(s) 27,69 com/hikvision/vmsnetsdk/netLayer/mag/kms/GetKmsResponse.java, line(s) 41,46,52,56,60,35 com/hikvision/vmsnetsdk/netLayer/mag/logout/LogoutMagRequest.java, line(s) 42,67 com/hikvision/vmsnetsdk/netLayer/mag/logout/LogoutMagResponse.java, line(s) 26 com/hikvision/vmsnetsdk/netLayer/mag/ptz/PtzCommandRequest.java, line(s) 91,118,255,261,265,269,273,278,282,99,239,259,290 com/hikvision/vmsnetsdk/netLayer/mag/ptz/PtzCommandResponse.java, line(s) 26 com/hikvision/vmsnetsdk/netLayer/mag/queryNcg/QueryNcgRequest.java, line(s) 63,78,123 com/hikvision/vmsnetsdk/netLayer/mag/queryNcg/QueryNcgResponse.java, line(s) 58,61,88,91,100,108,126,129,134,139,146,151,35,49 com/hikvision/vmsnetsdk/netLayer/mag/queryVrm/QueryVrmRequest.java, line(s) 124,143,232,238,245,225,234 com/hikvision/vmsnetsdk/netLayer/mag/queryVrm/QueryVrmResponse.java, line(s) 56,59,89,112,128,131,136,141,146,150,162,167,33,47 com/hikvision/vmsnetsdk/netLayer/mag/register/RegisterMagRequest.java, line(s) 56,60,41,103 com/hikvision/vmsnetsdk/netLayer/mag/register/RegisterMagResponse.java, line(s) 37,42,46,31 com/hikvision/vmsnetsdk/netLayer/msp/MspRequest.java, line(s) 20,34 com/hikvision/vmsnetsdk/netLayer/msp/MspServer.java, line(s) 41,53,62,46,72,104,114,125,130 com/hikvision/vmsnetsdk/netLayer/msp/alarmInfo/AlarmInfoRequest.java, line(s) 25,37,23,29,35,41 com/hikvision/vmsnetsdk/netLayer/msp/alarmInfo/AlarmInfoResponse.java, line(s) 51,57,62,68,74,78,82,45 com/hikvision/vmsnetsdk/netLayer/msp/bonetInfo/BonetInfo.java, line(s) 98,119 com/hikvision/vmsnetsdk/netLayer/msp/bonetInfo/BonetInfoRequest.java, line(s) 25,37,23,29,35,41 com/hikvision/vmsnetsdk/netLayer/msp/bonetInfo/BonetInfoResponse.java, line(s) 51,57,62,68,74,80,86,92,101,110,116,122,128,134,140,146,150,154,45 com/hikvision/vmsnetsdk/netLayer/msp/cameraInfo/CameraDetailInfo.java, line(s) 105 com/hikvision/vmsnetsdk/netLayer/msp/cameraInfo/CameraInfoRequest.java, line(s) 25,37,23,29,35,41 com/hikvision/vmsnetsdk/netLayer/msp/cameraInfo/CameraInfoResponse.java, line(s) 52,58,63,69,75,81,90,96,102,114,120,126,135,140,149,153,157,46 com/hikvision/vmsnetsdk/netLayer/msp/cameraList/Camera.java, line(s) 66 com/hikvision/vmsnetsdk/netLayer/msp/cameraList/CameraListRequest.java, line(s) 30,42,28,34,40,46 com/hikvision/vmsnetsdk/netLayer/msp/cameraList/CameraListResponse.java, line(s) 38,41,46,51,56,64,69,74,81,86,119,123,113 com/hikvision/vmsnetsdk/netLayer/msp/checkMsg/CheckMsgRequest.java, line(s) 45,57,65,72,43,49,55,79 com/hikvision/vmsnetsdk/netLayer/msp/checkMsg/CheckMsgResponse.java, line(s) 43,47,37 com/hikvision/vmsnetsdk/netLayer/msp/collectCamera/CollectCameraRequest.java, line(s) 31,43,29,35,41,47 com/hikvision/vmsnetsdk/netLayer/msp/collectCamera/CollectCameraResponse.java, line(s) 43,47,37 com/hikvision/vmsnetsdk/netLayer/msp/collectedCameraList/CollectedCameraListRequest.java, line(s) 37,49,35,41,47,53 com/hikvision/vmsnetsdk/netLayer/msp/controlUnitList/ControlUnitListRequest.java, line(s) 29,41,27,33,39,45 com/hikvision/vmsnetsdk/netLayer/msp/controlUnitList/ControlUnitListResponse.java, line(s) 38,41,46,51,60,65,72,77,110,114,104 com/hikvision/vmsnetsdk/netLayer/msp/deleteMsg/DeleteMsgRequest.java, line(s) 45,57,65,72,43,49,55,79 com/hikvision/vmsnetsdk/netLayer/msp/deleteMsg/DeleteMsgResponse.java, line(s) 43,47,37 com/hikvision/vmsnetsdk/netLayer/msp/deviceGps/DeviceGpsRequest.java, line(s) 23,40,21,27,33,44 com/hikvision/vmsnetsdk/netLayer/msp/deviceGps/DeviceGpsResponse.java, line(s) 44,47,52,57,62,69,74,107,113,123,127,101 com/hikvision/vmsnetsdk/netLayer/msp/deviceInfo/DeviceInfoRequest.java, line(s) 25,37,23,29,35,41 com/hikvision/vmsnetsdk/netLayer/msp/deviceInfo/DeviceInfoResponse.java, line(s) 49,55,60,66,72,78,84,90,99,103,43 com/hikvision/vmsnetsdk/netLayer/msp/gisInitInfo/GisInitInfoRequest.java, line(s) 23,35,21,27,33,39 com/hikvision/vmsnetsdk/netLayer/msp/gisInitInfo/GisInitInfoResponse.java, line(s) 44,50,55,64,93,96,103,110,119,127,151,154,161,170,178,202,205,210,215,222,227,242,252,38,83,141,192 com/hikvision/vmsnetsdk/netLayer/msp/gisPoint/all/AllGisPointRequest.java, line(s) 31,43,29,35,41,47 com/hikvision/vmsnetsdk/netLayer/msp/gisPoint/all/AllGisPointResponse.java, line(s) 41,45,63,66,71,76,84,92,100,118,123,130,135,35 com/hikvision/vmsnetsdk/netLayer/msp/gisPoint/local/LocalGisPointRequest.java, line(s) 46,58,67,81,91,112,125,44,50,56,102,116,129 com/hikvision/vmsnetsdk/netLayer/msp/gisPoint/local/SingleGisPointRequest.java, line(s) 26,37,30,41 com/hikvision/vmsnetsdk/netLayer/msp/keeplive/KeepliveRequest.java, line(s) 23,35,21,27,33,39 com/hikvision/vmsnetsdk/netLayer/msp/keeplive/KeepliveResponse.java, line(s) 43,47,37 com/hikvision/vmsnetsdk/netLayer/msp/login/AutoLoginExcuteRequest.java, line(s) 35,39,48,33,40,46,52,53 com/hikvision/vmsnetsdk/netLayer/msp/login/AutoLoginExcuteResponse.java, line(s) 45,49,53,39 com/hikvision/vmsnetsdk/netLayer/msp/login/AutoLoginRequest.java, line(s) 28,40,26,32,38,44 com/hikvision/vmsnetsdk/netLayer/msp/login/AutoLoginResponse.java, line(s) 49,53,57,43 com/hikvision/vmsnetsdk/netLayer/msp/login/LoginRequest.java, line(s) 53,33,46,57,31,37,44,71 com/hikvision/vmsnetsdk/netLayer/msp/login/LoginResponse.java, line(s) 95,109,115,120,125,132,138,143,149,155,161,167,173,196,202,232,235,240,245,255,260,270,275,280,285,295,300,310,315,325,332,343,363,366,371,379,384,391,396,92,103 com/hikvision/vmsnetsdk/netLayer/msp/login/ModifyRequest.java, line(s) 30,42,47,28,34,40,54 com/hikvision/vmsnetsdk/netLayer/msp/login/WebApp.java, line(s) 42 com/hikvision/vmsnetsdk/netLayer/msp/logout/LogoutRequest.java, line(s) 23,35,21,27,33,39 com/hikvision/vmsnetsdk/netLayer/msp/logout/LogoutResponse.java, line(s) 48,52,42 com/hikvision/vmsnetsdk/netLayer/msp/modifyGISInfo/ModifyGISInfoRequest.java, line(s) 29,41,27,33,39,45 com/hikvision/vmsnetsdk/netLayer/msp/modifyGISInfo/ModifyGISInfoResponse.java, line(s) 42,47,37 com/hikvision/vmsnetsdk/netLayer/msp/msg/Msg.java, line(s) 65 com/hikvision/vmsnetsdk/netLayer/msp/msg/detail/MsgDetailRequest.java, line(s) 25,37,23,29,35,41 com/hikvision/vmsnetsdk/netLayer/msp/msg/detail/MsgDetailResponse.java, line(s) 44,48,62,65,70,75,80,93,98,107,112,122,129,136,141,146,153,164,178,186,207,38,101 com/hikvision/vmsnetsdk/netLayer/msp/msg/list/detail/MsgDetailListResponse.java, line(s) 43,47,65,68,73,78,83,96,101,110,115,120,127,134,139,146,152,37,104 com/hikvision/vmsnetsdk/netLayer/msp/msg/list/detail/history/HistoryMsgDetailListRequest.java, line(s) 29,41,27,33,39,45 com/hikvision/vmsnetsdk/netLayer/msp/msg/list/detail/latest/LatestMsgDetailListRequest.java, line(s) 27,39,25,31,37,43 com/hikvision/vmsnetsdk/netLayer/msp/msg/list/history/HistoryMsgListRequest.java, line(s) 29,41,27,33,39,45 com/hikvision/vmsnetsdk/netLayer/msp/msg/list/latest/LatestMsgListRequest.java, line(s) 25,37,23,29,35,41 com/hikvision/vmsnetsdk/netLayer/msp/msg/list/latest/LatestMsgListResponse.java, line(s) 40,44,62,65,70,75,80,85,96,101,34,88 com/hikvision/vmsnetsdk/netLayer/msp/playToken/PlayTokenRequest.java, line(s) 23,35,21,27,33,39 com/hikvision/vmsnetsdk/netLayer/msp/playToken/PlayTokenResponse.java, line(s) 48,52,56,42 com/hikvision/vmsnetsdk/netLayer/msp/pushServerInfo/PushServerInfoRequest.java, line(s) 25,37,23,29,35,41 com/hikvision/vmsnetsdk/netLayer/msp/pushServerInfo/PushServerInfoResponse.java, line(s) 43,47,37 com/hikvision/vmsnetsdk/netLayer/msp/unreadMsgCount/UnreadMsgCountRequest.java, line(s) 23,35,21,27,33,39 com/hikvision/vmsnetsdk/netLayer/msp/unreadMsgCount/UnreadMsgCountResponse.java, line(s) 57,63,68,74,80,84,88,51 com/hikvision/vmsnetsdk/netLayer/msp/updatePassword/GainVerCodeRequest.java, line(s) 25 com/hikvision/vmsnetsdk/netLayer/msp/updatePassword/GainVerCodeResponse.java, line(s) 38,42,32 com/hikvision/vmsnetsdk/netLayer/msp/updatePassword/UpdatePasswordRequest.java, line(s) 32,44,30,36,42,59 com/hikvision/vmsnetsdk/netLayer/msp/updatePassword/UpdatePasswordResponse.java, line(s) 43,47,37 com/hikvision/vmsnetsdk/util/AESUtil.java, line(s) 62,66 com/hikvision/vmsnetsdk/util/EnCode.java, line(s) 43,63 com/hikvision/vmsnetsdk/util/HttpUtil.java, line(s) 71,130,146,162,178,194,210,226,242,263,267,284,295,298,303,307,319,332,544,555,559,563,567,390,396,402 com/hikvision/vmsnetsdk/util/ParseHelper.java, line(s) 15,19,28,37,50,67,70,54 com/hp/hpl/sparta/DefaultLog.java, line(s) 9,14,19 com/hp/hpl/sparta/ParseByteStream.java, line(s) 60 com/hp/hpl/sparta/ParseException.java, line(s) 33 com/jiang/android/indexrecyclerview/pinyin/CharacterParser.java, line(s) 43 com/lidroid/xutils/util/LogUtils.java, line(s) 65,77,89,101,113,125,137,149,161,173,185,197,209,221 com/nineoldandroids/animation/PropertyValuesHolder.java, line(s) 148,179,227,245,247,264,266,301,303,434,436,522,524 com/nostra13/universalimageloader/cache/disc/impl/ext/DiskLruCache.java, line(s) 116 com/scwang/smartrefresh/layout/SmartRefreshLayout.java, line(s) 2039 com/scwang/smartrefresh/layout/internal/pathview/PathParser.java, line(s) 569,574 com/secure/comm/SPLog.java, line(s) 80,86,92,116,122,128,134,140,146,98,104,110,62,68,74 com/secure/comm/app/SPAppReceiver.java, line(s) 33,45,89 com/secure/comm/app/SPMiscService.java, line(s) 28,37 com/secure/comm/net/SPHttpClient.java, line(s) 166,224,190 com/secure/comm/net/SPHttpDownloadTask.java, line(s) 86,61 com/secure/comm/utils/SPDeviceUtil.java, line(s) 29 com/secure/comm/utils/SPErrorHandler.java, line(s) 38 com/secure/comm/utils/SPFileUtil.java, line(s) 288,319,325,337,347,199,207,215,289,320,326,338,348,364,375,409 com/secure/comm/utils/SPFingerprintUtil.java, line(s) 66 com/secure/comm/utils/SPHostsCache.java, line(s) 41,73,42,74 com/secure/comm/utils/SPIntentUtil.java, line(s) 143,151,161 com/secure/comm/utils/SPNetUtil.java, line(s) 203,208,218 com/secure/comm/utils/SPStringUtil.java, line(s) 110,121 com/secure/comm/utils/SPWebViewUtil.java, line(s) 96,137,160,177,187,209,219,244,104,109,113,120,135,140,144,148,152,180,212,247,24 com/secure/sportal/entry/SPUserPolicy.java, line(s) 72,111 com/secure/sportal/gateway/GatewayAgent.java, line(s) 147,65,93,148 com/secure/sportal/gateway/GatewayAgentAuth.java, line(s) 61,186 com/secure/sportal/gateway/GatewayBroker.java, line(s) 126,135 com/secure/sportal/gateway/GatewayLink.java, line(s) 69,119,70,75,120,125,145,174 com/secure/sportal/jni/LibSecurePortal.java, line(s) 63 com/secure/sportal/sdk/app/SPLoginActivity.java, line(s) 98 com/secure/sportal/sdk/app/SPLoginBaseActivity.java, line(s) 238,63 com/secure/sportal/sdk/app/SPSecAppUpdater.java, line(s) 52 com/secure/sportal/sdk/app/SPTunnelService.java, line(s) 71,49,55,61,92,100 com/secure/sportal/sdk/auth/SPAuthModel.java, line(s) 243,302,336,381,487 com/secure/sportal/sdk/deprecated/SPLoginTaskV1.java, line(s) 98,110 com/secure/sportal/sdk/deprecated/SPLogoutTaskV1.java, line(s) 17 com/secure/sportal/sdk/deprecated/SPSDKClientV1.java, line(s) 107,105,342 com/secure/sportal/sdk/gesture/SPGestureHolder.java, line(s) 372,378 com/secure/sportal/sdk/gesture/SPGestureWidget.java, line(s) 303 com/secure/sportal/sdk/vpn/SPNCService.java, line(s) 98,104,128,135,263,280,341,353,375,445,535,563,564,590,291,423,430,491,505,247,288,302,323,373,408,431,534,541,576,595 com/secure/sportal/secid/SPSecID.java, line(s) 267,315,320 com/shockwave/pdfium/PdfiumCore.java, line(s) 195,199,215,219 com/uhope/androidcrash/log/CrashCatcher.java, line(s) 33 com/yuyh/library/imgsel/adapter/ImageListAdapter.java, line(s) 70 com/yuyh/library/imgsel/utils/LogUtils.java, line(s) 96,92,98,100,94 com/zjsl/hezz2_hx/MyCallBack.java, line(s) 27,33,41,58 com/zjsl/hezz2_hx/NetChangeReceiver.java, line(s) 62,86,112 com/zjsl/hezz2_hx/OutfallActivity.java, line(s) 291,302 com/zjsl/hezz2_hx/adapter/MyPhotoAdapter.java, line(s) 68,83 com/zjsl/hezz2_hx/base/ApplicationEx.java, line(s) 158 com/zjsl/hezz2_hx/base/CrashHandler.java, line(s) 91,99,127 com/zjsl/hezz2_hx/base/ImageCache.java, line(s) 105,107,146,149 com/zjsl/hezz2_hx/base/SystemTimeChangeReceiver.java, line(s) 20,22 com/zjsl/hezz2_hx/business/HostTabNewActivity.java, line(s) 213,268,277 com/zjsl/hezz2_hx/business/LoginActivity.java, line(s) 429 com/zjsl/hezz2_hx/business/SplashActivity.java, line(s) 98,52 com/zjsl/hezz2_hx/business/common/ShowDialogPhotoActivity.java, line(s) 112 com/zjsl/hezz2_hx/business/common/ShowPhotoActivity.java, line(s) 55 com/zjsl/hezz2_hx/business/dailypatrol/DailyPatrolReportActivity.java, line(s) 358 com/zjsl/hezz2_hx/business/duban/DuBanListActivity.java, line(s) 131 com/zjsl/hezz2_hx/business/event/EventReportActivity.java, line(s) 926,934,988 com/zjsl/hezz2_hx/business/event/MyEventActivity.java, line(s) 171,204 com/zjsl/hezz2_hx/business/mediarecord/AudioRecoderUtils.java, line(s) 68,70,72 com/zjsl/hezz2_hx/business/mediarecord/MediaPlayActivity.java, line(s) 26 com/zjsl/hezz2_hx/business/meeting/ContactActivity.java, line(s) 151,220 com/zjsl/hezz2_hx/business/meeting/MeetingActivity.java, line(s) 208,211 com/zjsl/hezz2_hx/business/meeting/MeetingSelectActivity.java, line(s) 284,287 com/zjsl/hezz2_hx/business/more/OfflineMapActivity.java, line(s) 185 com/zjsl/hezz2_hx/business/my/DataManageActivity.java, line(s) 165 com/zjsl/hezz2_hx/business/mytag/AddBiaozhuActivity.java, line(s) 222,304,330,351,353,355,364 com/zjsl/hezz2_hx/business/mytag/AddTagActivity.java, line(s) 617,730,759,790,831 com/zjsl/hezz2_hx/business/mytag/EditBiaozhuActivity.java, line(s) 114 com/zjsl/hezz2_hx/business/mytag/TagDetailActivity.java, line(s) 104 com/zjsl/hezz2_hx/business/patrol/AddPatrolLogActivity.java, line(s) 1755,321,566,1117,1608 com/zjsl/hezz2_hx/business/patrol/NewPatrolWorkLogActivity.java, line(s) 1510 com/zjsl/hezz2_hx/business/patrol/NewPatrolWorkLog_gaode_Activity.java, line(s) 1524 com/zjsl/hezz2_hx/business/patrol/OutfallDetailyActivity.java, line(s) 69 com/zjsl/hezz2_hx/business/patrol/PatrolDailyHomeActivity.java, line(s) 56 com/zjsl/hezz2_hx/business/patrol/PatrolSelfDailyActivity.java, line(s) 142,407 com/zjsl/hezz2_hx/business/patrol/ReportActivity.java, line(s) 455,202 com/zjsl/hezz2_hx/business/patrol/TrailRecordActivity.java, line(s) 190 com/zjsl/hezz2_hx/business/photograph/AddPhotographActivity.java, line(s) 340,546,550 com/zjsl/hezz2_hx/business/river/BindRiverAct.java, line(s) 122,135 com/zjsl/hezz2_hx/business/river/RiverInfoActivity.java, line(s) 103 com/zjsl/hezz2_hx/business/river/RiverResouseAct.java, line(s) 110,245,264,411 com/zjsl/hezz2_hx/business/rivercollect/RiverCollectMapActivity.java, line(s) 174 com/zjsl/hezz2_hx/business/rivercollect/RiverCollectTrailMapActivity.java, line(s) 350,351,356,432,632,640 com/zjsl/hezz2_hx/business/riverstrategy/PdfActivity.java, line(s) 66,101 com/zjsl/hezz2_hx/business/riverstrategy/RiverStrategyActivity.java, line(s) 48 com/zjsl/hezz2_hx/business/rivertag/RiverMapActivity.java, line(s) 422,427 com/zjsl/hezz2_hx/business/rivertag/RiverTrailMapActivity.java, line(s) 326,327,332,408,552,584,592 com/zjsl/hezz2_hx/business/socialsupervision/SocialSupervisionAddActivity.java, line(s) 329 com/zjsl/hezz2_hx/business/waterquality/QualityDetailActivity.java, line(s) 237 com/zjsl/hezz2_hx/callback/MyCallBack.java, line(s) 25,31,39,55 com/zjsl/hezz2_hx/map/LocationHelper$2.java, line(s) 49,19,20 com/zjsl/hezz2_hx/map/LocationHelper$3.java, line(s) 36 com/zjsl/hezz2_hx/map/TianDiTuTiledMapServiceLayer.java, line(s) 87 com/zjsl/hezz2_hx/meeting/SortAdapter.java, line(s) 124,144 com/zjsl/hezz2_hx/service/DemoIntentService.java, line(s) 22,33,34,39,46,56,60,111,147,183,193,36,50 com/zjsl/hezz2_hx/service/DemoPushService.java, line(s) 14,21,28,34 com/zjsl/hezz2_hx/service/TrailMapService.java, line(s) 330 com/zjsl/hezz2_hx/service/UploadFileService.java, line(s) 92,134,175 com/zjsl/hezz2_hx/util/CleanDataUtil.java, line(s) 57,73,114 com/zjsl/hezz2_hx/util/DataHelper$13.java, line(s) 22 com/zjsl/hezz2_hx/util/DataHelper$14.java, line(s) 22 com/zjsl/hezz2_hx/util/DataHelper$15.java, line(s) 20 com/zjsl/hezz2_hx/util/DataHelper$19.java, line(s) 23 com/zjsl/hezz2_hx/util/DataHelper$20.java, line(s) 23 com/zjsl/hezz2_hx/util/DataHelper$24.java, line(s) 20 com/zjsl/hezz2_hx/util/DataHelper$30.java, line(s) 20,21 com/zjsl/hezz2_hx/util/DataHelper$8.java, line(s) 22 com/zjsl/hezz2_hx/util/DataHelper.java, line(s) 674 com/zjsl/hezz2_hx/util/DataHelperNew$7.java, line(s) 23 com/zjsl/hezz2_hx/util/DataHelperNew.java, line(s) 562 com/zjsl/hezz2_hx/util/RSAUtils.java, line(s) 269,270,271,272,273,278,279,280,281,282 com/zjsl/hezz2_hx/util/ReachUtil.java, line(s) 63,95 com/zjsl/hezz2_hx/util/SyncDailyDataTask.java, line(s) 318,398,436,364 com/zjsl/hezz2_hx/util/SyncDailyPatrolDataTask.java, line(s) 186 com/zjsl/hezz2_hx/util/SyncDataBackgroundTask.java, line(s) 328,409,447,375 com/zjsl/hezz2_hx/util/SyncEventDataTask.java, line(s) 80,93,99 com/zjsl/hezz2_hx/util/SyncLocationDataTaskForDataManage.java, line(s) 111 com/zjsl/hezz2_hx/util/SyncLocationDataTaskForFirst.java, line(s) 100,148 com/zjsl/hezz2_hx/util/SyncOfflineDataTask.java, line(s) 144 com/zjsl/hezz2_hx/util/ToolUtil.java, line(s) 537,569 com/zjsl/hezz2_hx/util/VPNUtils.java, line(s) 145,157,158 com/zjsl/hezz2_hx/view/CityPickerFragment.java, line(s) 201,217 com/zjsl/hezz2_hx/view/CustomImageView.java, line(s) 88,162 com/zjsl/hezz2_hx/view/EmptyRecyclerView.java, line(s) 22,40,58 com/zjsl/hezz2_hx/view/PatrolOutfallView.java, line(s) 214 com/zjsl/hezz2_hx/view/SuperSlidingPaneLayout$SlidingPanelLayoutImplJB.java, line(s) 16,22,33 com/zjsl/hezz2_hx/view/SuperSlidingPaneLayout.java, line(s) 284,749 com/zjsl/hezz2_hx/view/snackbar/ScreenUtil.java, line(s) 58,61,64,86 de/tavendo/autobahn/AutobahnConnection.java, line(s) 63,70,106,115,125,167,169 de/tavendo/autobahn/AutobahnReader.java, line(s) 33,67,79,95,108,111,114,117 de/tavendo/autobahn/AutobahnWriter.java, line(s) 25 de/tavendo/autobahn/WebSocketConnection.java, line(s) 82,105,114,124,133,142,144,205,216,226,236,245,252,257,262,264,292,298 de/tavendo/autobahn/WebSocketReader.java, line(s) 59,64,323,332,338,341,346 de/tavendo/autobahn/WebSocketWriter.java, line(s) 32,243 jsqlite/Benchmark.java, line(s) 82,83,84,85,86,87,88,89,90,91,92,93,96,97,98,99,100,101,102,106,118,120,123,134,149,232,233,235,237,240,242,244,245,246,248,265,270,288,294,311,332,351,357,380,404,419,428,431,467 jsqlite/BenchmarkThread.java, line(s) 47,86,154 jsqlite/Database.java, line(s) 500 jsqlite/JDBCDriver.java, line(s) 80 jsqlite/Shell.java, line(s) 571,577,583,590 kankan/wheel/widget/adapters/AbstractWheelTextAdapter.java, line(s) 134 lecho/lib/hellocharts/formatter/ValueFormatterHelper.java, line(s) 69 me/iwf/photopicker/utils/ImageCaptureManager.java, line(s) 31 me/iwf/photopicker/widget/PhotoAdapter.java, line(s) 70,79 me/iwf/photopicker/widget/TouchImageView.java, line(s) 884 org/MediaPlayer/PlayM4/HardwareCodec.java, line(s) 150 org/MediaPlayer/PlayM4/Player.java, line(s) 228,277,289,294,336,411,451,221 org/MediaPlayer/PlayM4/SurfaceCallBack.java, line(s) 31,37,43 org/achartengine/internal/chart/BarChart.java, line(s) 60,89 slidedatetimepicker/CustomDatePicker.java, line(s) 31,33,35,37 slidedatetimepicker/CustomTimePicker.java, line(s) 30,32,34,36
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/esri/core/internal/io/handler/f.java, line(s) 25,24,23,23 com/secure/comm/net/SPHttpClient.java, line(s) 133,135
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/secure/comm/utils/SPDeviceUtil.java, line(s) 144,124,132,128,132,132,132,132
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (ip.chinaz.com) 通信。
{'ip': '49.4.56.26', 'country_short': 'CN', 'country_long': '中国', 'region': '山东', 'city': '济南', 'latitude': '36.668331', 'longitude': '116.997223'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (t0.tianditu.gov.cn) 通信。
{'ip': '49.4.56.26', 'country_short': 'CN', 'country_long': '中国', 'region': '北京', 'city': '北京', 'latitude': '39.907501', 'longitude': '116.397102'}