移动应用安全检测报告: 星辰软件库 v9.1

安全基线评分


安全基线评分 45/100

综合风险等级


风险等级评定

  1. A
  2. B
  3. C
  4. F

漏洞与安全项分布(%)


隐私风险

0

检测到的第三方跟踪器数量


检测结果分布

高危安全漏洞 4
中危安全漏洞 7
安全提示信息 2
已通过安全项 2
重点安全关注 0

高危安全漏洞 基本配置不安全地配置为允许到所有域的明文流量。 

Scope:
*

高危安全漏洞 启用了调试配置。生产版本不能是可调试的 

启用了调试配置。生产版本不能是可调试的
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing

Files:
abc/BuildConfig.java, line(s) 3,4
com/Mus/BuildConfig.java, line(s) 3,4
com/mx/BuildConfig.java, line(s) 3,4
com/textview/BuildConfig.java, line(s) 3,4

高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 

如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7

Files:
com/iapp/app/c.java, line(s) 100,105,10

高危安全漏洞 该文件是World Writable。任何应用程序都可以写入文件 

该文件是World Writable。任何应用程序都可以写入文件
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2

Files:
com/sadfxg/fasg/C0422.java, line(s) 75

中危安全漏洞 应用程序已启用明文网络流量 

[android:usesCleartextTraffic=true]
应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。

中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
c/b/a/a/d.java, line(s) 311,328,19
com/iapp/app/p.java, line(s) 27
mirrorb/android/hardware/location/C0365.java, line(s) 358
mirrorb/android/hardware/location/C0432.java, line(s) 358

中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 

可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6

Files:
c/b/a/a/t.java, line(s) 5129,2055,5113
com/iapp/app/Aid_YuCodeX.java, line(s) 1766,1798,1750,1782,3561
com/iapp/app/Aid_javaCode.java, line(s) 1154,1138,2068,2177
com/iapp/app/Aid_jsCode.java, line(s) 1792,1776,2642,2751
com/iapp/app/Aid_luaCode.java, line(s) 1694,1678,2627,2743
com/iapp/app/Webview.java, line(s) 390,373
com/iapp/app/c.java, line(s) 45,70,46,71
com/iapp/app/run/main.java, line(s) 728,712
com/iapp/app/run/main2.java, line(s) 467,451
com/iapp/app/run/main3.java, line(s) 709,693
com/iapp/app/run/mian.java, line(s) 1127,1159,1111,1143

中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞 

不安全的Web视图实现。可能存在WebView任意代码执行漏洞
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5

Files:
c/b/a/a/t.java, line(s) 2072,5902,2055,5113
com/iapp/app/Aid_YuCodeX.java, line(s) 3578,4974,1750,1782,3561
com/iapp/app/Aid_javaCode.java, line(s) 2085,2194,3003,1138,2068,2177
com/iapp/app/Aid_jsCode.java, line(s) 2659,2768,3645,4469,1776,2642,2751
com/iapp/app/Aid_luaCode.java, line(s) 2644,2760,3582,1678,2627,2743
com/iapp/app/c.java, line(s) 63,88,46,71

中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
c/b/a/a/n.java, line(s) 6,97,99,108
c/b/a/a/t.java, line(s) 15,7377
com/iapp/app/Aid_YuCodeX.java, line(s) 15,6391
com/iapp/app/Aid_javaCode.java, line(s) 14,3808
com/iapp/app/Aid_jsCode.java, line(s) 13,4359
com/iapp/app/Aid_luaCode.java, line(s) 14,4476

中危安全漏洞 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
c/b/a/a/g.java, line(s) 28

中危安全漏洞 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
1AC4474F806E1B4F1C220214BA11F9D40889D5C311620A2C7F2790D1889A1357B4FA16E8A0E82708
A9EFCF079CC4DF698A633C3A4DF7ADD6F9182A7B8779C6E77607AB8A168F55753ED94469194C9EE3236D0A4B8D9FDA6B
2D04BA851107EEB5B6122C84FA5A3C9A640DD6C39A6AB5396291BE0D68192C84
D4A737180F99CAB727E24BAE6FBC256BA940D1E488300D30D10CCA08B5B95176
90F7E8E20CDA0C18BB2AEDC7656F9F0C
BF414359B1C23DB3EA0DF015F1B2C5AF306B4176216D907E
0AE6A788DFDCDA3D50B9C86353873E07
805DC61EDA235195E08E2B9BAEA3D64FE4CAEDE81E02921AF5E92E609F9E764771DE2A73DE3A4D814F8FC1561DF692783BF8785C05CD18A0C5F1154696CDC617C64AE4D8FF7CD773207B8887A80AF964
0E7555EE27CEEBF48EF455937EDEC3FA
C6EC87467D057F4F21C3EB5CA1F72DC147E66FD203138C342B4A42D64067D9A50D741CE85F5F26B6
C749D033AFE42204C50F7DDCD8F0565800DB62E255463F18CD1C0D0504AD5A87
A0FFA2DBC8E4C73A6B989DD27B86D91AC7C46213955122326DF82D6F5013E959D996ED638D73EE3CEEB431ED574A78ED2379202E1F366B6C7ED4D57E5799C00D51767146A64E78A0950FEB52E4F1D0C19F4F4FAC3DE0D8516C77B2C143F3E65AED4BCB4EEFCDE532CE811E314EE08727
6352198648D6644D8CEE503AC5102735D89C5146153C05C307E94C287C7D7F39
98AC6D739DC00A921EA4A9D6E791013D
F8E500899394BC15C39E97DD36D185BB8209DB9459674A9E995B2F99D586EE0DB4CA5B6226A0193CFE4600D00A347F36
091FE04B40D78654CF02E18D5FED0E67
C17BA30A1506D2F771E950BAF7DB22435950753DEFBB95005CA33C38C890BE87
B5826E6D7CC90BE5D367A1F2B1ADBF7A
6FE62335E166A1BC50C3E6D3549BB1FC84CD283878EE0363
A08C863135F09F0897F5F89B5CE46D7314B8C4F1F9E32C96C32AB90843107F6B
82FEBEA9DDB5090F5BFA1B2DB3F7A900
F1DE69126717A6EEE21E9ADA7152F4AEA238A39C8A408FAFAE3201C4C30B106F40011DF1951EBE82FE2FD26937486A02
DD2C128842403852C7D98FD676D78F746E380C18DA5E850D1271B1A123DDCFF3
9717D0C529424CB872339577454CCE1D
F955D6CD6E76262A08A6B83CA55F93495CAF1AB3261AAAE8A0B222126BD9EADCBF95CB40E135444E1E05B47A259BB1D9
57D462518C50403D3F0DA0193B2C596E
5FD3E3A6B13BB2ED0033FE94865770F7
DD2C128842403852E10FF0F005DEC3FC56F7EAEAD427212C95F2B5152EBC23FE229BA8D444B471CF
F16533F57FBF200AA27C6BAD4C0CD1A3336767E6D41F8274
1ADD19A77E504C1379FE58339DC14F9905F3AC14D2B98D9A5DE884AB7022C4D1
04E992D675EDF9EC7E250E6E7DF77D2D
E85F941F852633C41413CBA935905FDF
556AC84FD8C24C420DD4A8B059DF1779
3BF70E43115C66B33034DB7FB501A3FBB207D61B80C4AD652F3CF9AD9E10B744
485C1F3488C571E9C68BC0610C678DC36D1152DFD788AFC17AF37689E591559D
C84261386B30D67728A934D29D8C697E
A8B3935A5AF942C8E6B4307C0B594BCA2947B9CE575A82ABD1E43B3C432527EF767C08ABC0AE81840EBECEBB5DFE3E2D
42845300EA9C1428080C68DB34E4A91A
D916D445AD8FBB4C820CF7A0E1BCE40CBDBE65358E2212D0CAB7EB2BC2B4F718
A94C4330AEEE79A07AAF244C63C551ED
10DE8D428365BA04D026A1435513AFE79495ABE1EB8E8820
CB7F341DA6C1022620DE491823774AF1DC2454B41538417B
22C8AA5FCE134FA8A8E6916EFD43D1C99C86CCDC83A78565
AA6A6B46E1AEEC2917C80752C243A66CA8AE91726F6C1EFD
DD2C128842403852C7D98FD676D78F74FB80D1CA1A793CFFEF3E2C25D6391C12
07624E2EA5FF6B0051197838FD91ED1C1F141C638E36C783
805DC61EDA2351955360A309B8BD9EBA5118071B49D6531601266065A033D96B7747E549223BABA092D55DB072C29E7CF148957D8A11E7AF2D9DBA7BD48AA7E439C68B9B5EA64A71
4B92A3DDC04674D4A53329E91FAA9D57
FE0161083793D8CAA1C925533227F7B26E3EC9FBEC5B3848C5132144F4CB5420
6F08F6E4ABB7AA63F0DEA6CFD356CA8F
8F92F0DBBAF88C840CC684B2DCD097C944829ECB8ADE1E70B2A12FB78315C016
50FD1D84C447912A1ADC14C15FB56994
A08C863135F09F08E127EA6895E81F5B5892450B6D7B9472
A2C2AD4D147D9DFA155633AF5285B80D
1A9D6DD3D7B942BEC338CFD61E9F75BC60A61858FE4E3377
4E6C33CC2225B4CA3181A694DDA0B783B005462FBE5D7514
F20C81F0B487BB073A32F48C9906B9F5
28D7F4F0938ED7088292ADB7DD3F6BCA
D6E7520CC664C117467388B15ED3BABA
F07AC86EE27AF30EC4D5F3842B47F8242D0033CFD814F4F49F9828F46A1D9785
758CB5A7B208A0998A60A4EB6F027E1DAD0BDA8A06D8DC79C2F7D56D062690163595752487B90E62B7A554079E386BE8
CC1DD7C95D48200E76B7A77265F8F0C0
A790F71AB57DD5C2DE1326DCDC5471F9
F465FF404D3ED7E9B86DC79B7BBBAB24
F3FA29A454D58C28C4F60B1B8849588F1E9B06B8F047EB523746CF510B852A0C70A2FF0BA54F1049
27895E8863E851F293BE90E15D4E6FD1091E1701CC5FCC563333396A4035ED2311BAF4326725EF6EB0A1268DB4943926C9449EEA750C6DF96351F450453CBF113874785DA92F0142718A8A0BED6C0463BC068B08B73D74A2A25226F4EADD07FA5BBFF98B69D40990DE414C0865923E1336B47F80DE6FB922DF55A684D96E7D4E
97745B701803821F4B0400CEF14AEAB87126529B8EEF34F4
3577B6E635644962CAD4AD27EFB65A2D
B95C2A929A9FD5A7CFD2C19662D4D8E2
1285CE19CF6FAC8C8DE3CC9439DC697E2E85D14146BA0C56CD87BDB2660B3BE36A09C9ECC1B02A6378CDBAE80EB0237C
8BA0D9F6812FE6D74A1099F4CCACC5CD8621D81E0B126854029129EEF8D033EF
97745B701803821F4238DB8735FEF03D
805DC61EDA235195E08E2B9BAEA3D64FE4CAEDE81E02921AF5E92E609F9E764771DE2A73DE3A4D814F8FC1561DF692783BF8785C05CD18A03B4843384D2724C1630EEC6339993691BF605B9BE61B0C39
C6EC87467D057F4F5A351936A1BE499D6F17C5559E1AB4DC98EAAFE9CD73269F7EF9C5C6F1CC4E4E2EF02AFF771BAF406BE896FC7F26A83E
F3FA29A454D58C281AC864E4D3CD2FF19CB61E367867FC2E4B6A7D2F5451B778
E4F3FAB5B9F5BE722F26141E2BD655F443D6D05E514C489A114C45BA70CC1673
485C1F3488C571E9C68BC0610C678DC3733A6EA688E3B236
5973240BF0813B78E1727C9F54D288F4
473CE5013F9A7301114B2B216FD019DF786D5B7C753AF28A42F4584BDB6DAA69
E51FE2F45839D91A64B0D33F33957725
F955D6CD6E76262AB26C4420649E0613BEB077357DFB74DE735C91ED866341DA
2C670D8DE3CF72F34E7A3F6FDDB5365B
6F08F6E4ABB7AA63BE5EF3CB2F674AE3
EACF04968056D7BB5A34F5E58BFC930CBCACC167D028949802C898853A63E365
C545FFAFE86A902E121376DD385071B5
DD2C12884240385216F68A69EEB652BC847162A9D1FC22B3E406544665C1C33C7A13DFAE38CBBB19
18504195CB08533C97F59685CDAE8BEA
B887D727DF6DEC5FF898219AFFE07224102E7D466DEA5D0CDDE5A1B755FE8B0D4F82ABB5B767A43C3A580B0977C87EAA
D66A7082D205A006A1A1D32CEEE0DEC6
06815C5C82775F2A131876A3C58207A5
2FABFE9EB6E74DC5BDA102A8ADFD1AC9
49598275AD670617D38DF02958AFD76F
F88AF004D42BE2E2A4A6B62EFDFD422A895A1421FE2D595671E7A3C18D19670D86B37AD2A58A0B66C7F39D2B88FE1093
0B7587B223255AD6D8C174B50A852906
7D56DF6391744296D7BBD8A46C8E9DE4
C84261386B30D677887D1EA344E5DC55
269C787CE79DB7C73479E1E9A0C34524
5FC68A6AE004A308EF0FBF2953899370B09BD93EC55B6B11B81924B0130D80CB
1ADD19A77E504C1379FE58339DC14F9905F3AC14D2B98D9A6E9A0512C84083AE
B8911F8F36FC511385334B916F641581CE1742D6426AFD2B82BA13F196F889E3
E3545870FDB596FB9ABBE5155F2418B2
361D1889EB415A9014B437BFEEB3AEC3
6977C9672D1480353F71FE36FA3D286F
6FE62335E166A1BCE560E8F01A01C2A3
805DC61EDA23519536679026062157C8A8F75600C5E8ACF4
6699B57D100066D4FDE008D0C05ACBBF
54E5CC0D544F155495501C3004C0759723029A648C0D6E92
C627E8B51BC17CB3FB68BB0695BF13B98184EEC3155053E2
4D3F65F5ECC02D476B33A5FD0F8DF4AB5F257421ADA891333F04A3D48C4178BE
B6F7519866F39E535F2F64AA203F71E76AC2AC915822EC56941A47865788227D
F07AC86EE27AF30EC4D5F3842B47F824FB10618D5CC87F772FB54D43CF7AE521
EC1F49A0314D0E9DD68C27D826860A409926371BBA909BB38684F1B598CCC078
758CB5A7B208A09936F64E52305802D1A8B62F339EFD403FFF1A07AC9E46FDB1ADE8948FA15FB65376BB2EA021ADA7F4
6F868D2063D650801E98BD1068BDFD22
07131CD95FFBB1927AEC8259A87402C3
805DC61EDA23519528E6D0FFFAC3F9974874431025405532E96FFFFA847912C4B4AAB883FD97B85BA60D972A8C6992631D02F7669F96C0C915EE050B0BCF87381F25B43CC79685783578586F98D0C3F52AF37813733D86CA
AA18E92FE6C9C63B53783CFE66143A34D951C8CAC5C7355B9CBE856D7C38007E58F88DB12C31EA2CC86553902098D74F0C0D1B848B80AA899CF73B8BBF597960FA5424A8408593AC
DD2C128842403852C7D98FD676D78F74F23493D16CA376A853593A7F9D98701ABB0F3B1EE5AA4970
3EB6650D8639BD6BA801D70D2B1590AC2B6B52E3E7EC12F8
BF8C69511D111B009460370D67FABC1EF30BE564BE1C4EF9
805DC61EDA2351955360A309B8BD9EBA5118071B49D6531601266065A033D96B7747E549223BABA092D55DB072C29E7C4E493913AFE84BBA260D8A2DB5DC5B8F
CD97BC8BFBBE222C9152D0847AC97AD1349BF691956B6EF84D519773FB915F41
F955D6CD6E76262A237F1EF828990672CC883835ACD83E891AD3799AF97A67F7
362CA7AFA951E9691148C1468D3B61E912D35B379BC8B42C
229DD51A81E5399E4684D78E21ABC91E5570999928FAE63D
DD632A40825E4C711E191152704CA5646A7395DE8BF0C39A90633F0423E24CE5BA40F669FC367022
F1ACDF9AE022A2791A6D9D33E394BE6C
485C1F3488C571E9CE6C5B59194088AC10DA5DBA4445AACB
61A87CDCA18609F004A1F4ED569593B9
F3FA29A454D58C281AC864E4D3CD2FF1C562E2D40EF22DE489747B5C837AA6A2
BC6D028349712F3BF0AF445D509EDA0B324BBA2453E1B245D8837A917D13BB49
251DF560A41CE6C33C769746E5C41AD2FB519A0383624D74
8040D854FC7610984DEB8EB22272DF69
94128B4AEA4078713876815251F22E68
805DC61EDA2351957CB095263BE78E79EC6EE3B35B4A9279
97745B701803821FC4DAA84E293D44EE
515ADAACC13B4550AE1CB50CDB7FB925
D1FC3C141C09DF2B30554C880792B19BB51778051FD8D791
FDCFB21D35C0EDDF0A356D4768EB7A69
50FD1D84C447912A8C276F0BF96EAAE0
C8389913B1E4DBACEEFFD7E8BF7AD76328636DDE20DBCBC53AEED7C59A8A8B0675CDAE9D8731EB227D8F6665213DCE2E
E2616D0288EF3965715637EA11E4B725
80E3D49FE5BBB38AD0FB4A6918411F6DF061A24A776B56F9F829B92C968329EB7320E0A77213F0567C2BC835DF80FD23
dcf01d447d21b3520d3d3462bd493cdd29e090f91daffbb6ceb39cd1a52855dc
7BE95BB408B3958CA14EAA5277609E5954FF69021688CFEDCCF14BC9B890265A
1AC4474F806E1B4FC16D4E1F235FC4558B4071AD73785E2C0A7BC05F88FB3EA395A83ADCBA41A41C
97859F29C6208CFD30C7F245B0D6116C5960913C14EC97249EADBC1FF9F47E591C0D3FE3031ECE55422077AF1686A84F5C1A8FABF892B2D004487AD7A2AFCAE9AA7E58FC53664DD3
AD93F687A22D1561CB44F7E156F8B8855E2B3B8A5BB81AF9
AE86BAA1829D60CDF3BC75A83A3C794D098AC32A3BC0F29D8038252F52DC412366D0DA38EB1E93850B3FA26DA2FF871906E622A4CAEB6C60
BAA0792348D1C61258982E65C88D3059AED90092AB4A450F
F3FA29A454D58C286DEC92B9DCF29CFA3DAA9A533324989D
3A1669229F6BA3247BDBCACFE88765C2
8537C174988EF331327881D9846F979F254815C9F442B6975121F134A2F6234B
F9C392D2E8760C045A20C29C283AB2EA
1CBC72F9B572BA6195B65A226D7080E1
DF4F7C479D85A37F8FFB4B99A1ACA025C80A6935D923582D91C88F8BDDDF8FED
C752C9FB9256A343E02BBC98A176BDEF800E81A171FA5303
3A67CA10D4F4AB7AC01499BDA18971AF
DD2C128842403852E10FF0F005DEC3FCAF219861952D8A553B8B6D2940C9C01D1D7CF42F5D8584852C9381A5915F7F02
1FC618E831D14ADCDE7B948E1891DA9A
DE15558774D90171011AF3CBFAD5452A0FB287614E9C78EB80E92E5A8D47ED324DBC285662B862A047946B8A304B6FD14DD16E38943B2D8891451E6C0C6822BC4A4CF5316B30AA74
2ADFAB91DFF1C8C9195C18FD780C8C510D85BB8FFE8957C3
805DC61EDA235195835F9B3377DE9F2FEB7CCD8EB19FFE01FD0AFFE56565B8F707D306404A382D5BE2F84EC0F07D6895FC8B862BBC84731B02A38043655B291465E5A6035B5D9D43
4261D7DD0EC287140E33180838779B54
509EA580A437C0FD7AC93DFEFE3294E88BF36076E7202E2A
71BF65DF8979788932577F7C7117A487
C3EB647C245F3CE34ED9A7F1A8EA29F4BA5D9D6A589F9C4191308AC2DACBC3E85E1B613CAB455F8CE7D78EE824B6615A
2DE9081F7D1FE6F61DD4DF4DBBC0D714
805DC61EDA235195735FE6997D63C1417D38820AE9BFCA2D0FAE09C2953C63C22E5DC81493039CCE
69E5E65D1CD9BDD128978965CB7F00A5
CC38E38E25CEAD0CC1E1FAACE677AE624BB95F42CF37F653EF7FD8B9CC5E8A8803F8306571ADE336B9B21D9B7E580BB6
1ADD19A77E504C1379FE58339DC14F9905F3AC14D2B98D9AD56895A0A781DBBCA91A6FE9C315F3B5
805DC61EDA235195C2EAE0467763D50764457F78BFEE9FD2A94EA097D5D510446199F38186E13E162134BFBAEFA362C3
190567F62F3A2684C9FC4CA8CF90DC11
C1B8AAA9E6547633BCD86511A183DEFF3CC289133C7F18F27BF459213F4CFFDD90CCAD9F29E2096ADE0B377289F88C3CC83B32181C6212D0AF64C977A372B5A57CD7523D5B0CA06F
E9338BA1C770EF05E91BD9730ABD11D7778CAB0E39219BF8
6FE62335E166A1BC1D726F67A575B625D6006AFEE5BD55EF156E8489BDD2350E
5AC33705718F0C53EC2EA497AC029F72
DE15558774D90171011AF3CBFAD5452A0FB287614E9C78EB80E92E5A8D47ED324DBC285662B862A047946B8A304B6FD14DD16E38943B2D883545E451AEE047B64B40A3BFCEF69AFAF5FD95306A47D08F
ACAB82F91A92816EB4A62947FC83AB4F63E8DAFFEEA5B378
8EDEDB9AAAB6D41F59A4B53E0ECF6732
19bb59ac9db160fb39d276c146aef14c
1AC4474F806E1B4F1C220214BA11F9D40889D5C311620A2C7C297DBC73BF80887CAD3474CF1A78EC
B6F7519866F39E53AC510DB58AA4C24554683D21A83540F2
30A27B6148A0528EA4D073057DB1B020
D046F899EB3F13F0220673272AD8A8869FFEF023923DF6F8638F1801643D17F20A29565DDA908C8935FA51553BDD1901
E55BADC7A42829C63751916332AE6719A29BB7348E647C35DDAB250A1E68CB9A
A08C863135F09F0897F5F89B5CE46D73AC3A95F30978B2E6
c8fcc7eefd3fdd600000242d50cf1ffd
21B4CFC4C2245ADA21897D7F8CD899792DA556CAD088648FEC54D33CED4025A4596ABF266523B58B78B107270AB3EB681739D57D7673F9393478D2475B231F09
6DDA1554C7397DA638F5BF6A0B3CA362
CD1305072CAE2473CE5D33AF5878B4DEF86BB05E23D9D1C8A9EB12BFACD085CC
97BB583F0428F6EA5ADC690FFB22C06B363D1327D9A4657ECC499D3C5D8E5973E3990C330A1626EF
DC9E886A46189C061ED1A008CDF331C8
C9F59FE736B4EDDAE78999E3C6EC84DD
A2ECDE587D1C7C48A4AC4061647F0717
4555CC234AECEFD08A4EE39E77E04EAA7CF5B58931E486C2D592C5E57D164E4D
7F69B1F69C059D83A97198E7900F9736
6F26F074A06EF9E94BCF9D07875834B24D4683BEE4F9844132FDA71B26DB0884
7lfzp50D3o46P3tRg82xrCpTZGw
43802EED616B59D7467DA6000C92DFBEB8715DA5837A93F3871DEFA21A41BC1E
D05AB539485845134C453B3FF9E7EAEE
F955D6CD6E76262A05BB244F1A2C5B7E1325261436A1124E99905AA1F1368466
1D186817FF6E4F9594857239CC26E52C
805DC61EDA235195826ACC2DCDAE6A93338CF0CA439130905769F4B4CE6A534A2E03593D13F2D330
5934E6950A8818AD178801604AAF2024DF1CC712C3113D69
406659E6E08B5997A6BDD15813D1921C0943BD4E7C5F247E7E16FACFDD3A1098
BF414359B1C23DB3B2BDC4A7C3B344EBF59B79F1B2334B5F
805DC61EDA235195826ACC2DCDAE6A93338CF0CA439130901D29CC931D4DBD6CB747AE5D945E16FBBB51458874507B73
2ADFAB91DFF1C8C9195C18FD780C8C510ABFF01592C65094
29D5BA5B6EAC859070CD40734B1CB5701184A91194B9E02F11A8CEDF4A781755
7A7E53F71C6813491663E1E6B648E727
34DFA62279E55324696D1FB81E292E7C
0DEBA9DBCAD1CA6AD399A7F77FD21209
ABE0E02AA611094E693D7AA27004D9476D7BECC94A9E275C
F2112FB1CDAAB20DE59F4A3408B350E4
F3FA29A454D58C281AC864E4D3CD2FF17A8CE51730ADB524
805DC61EDA235195C2EAE0467763D50764457F78BFEE9FD23A0FF4F6B07A0E0F3E5E623575F77865569CEE1152B5B225
EA7043B83408558C57F40141D684601E
31EC74384C75E1F63FD922C89EE8D82D
518DD1C0FC554C9D8C1DC73B157DD86961F0AC949AF7FE80F451A545A9835C0B696F6E66F2685405259A02D19DB7302D
7ABC62546B425F89F1DB79702F6CF49C2027E46CDA68BD5BDF9AB294074564C3
C8721ECEE5722052F77953B9C62900B67F6949A18A9841C7
F6198E5E717A3244CB93B6EA585E199C2CDDA87A7BEFBD21
rz29sgtU4jwZpkCdFfpVuoKbGJI
B53F56A769DFFC7F8814561E1B8C92D0
D1B996D32EDDC2ADBD9D8B5D841654F28F800C6D9044FAA2AD42F9D11538C2C4
C143F7D6FB88D6EC0D804FEB93A82C4C
F955D6CD6E76262A89F98455D93D803224EA3AA4C86860A3
5FCD12DE8DD36A56F1F416707F39C32B
805A980004A00CAD21E07C9FCCC62F896256420CAD72102C
F955D6CD6E76262AB0BB177417B0F4E900F4BCBADC2A72B1B7A2E3CAD4CD7331
4B7BCC4C8AEA20ABA3EEC56AB93970B8761BA3E3D20EC1D9
1317766E6259E83043CC11EA7F7C86D26DA99304E36C2D76A41C7238BE3CE1A1
715E042F67B345B5420EB9460FA156EA535AC348BC33823C
77690C3D24D4E5A30539247ED7501040BC123D6873C82E97
34100CCCF071811E438A0CCF270ACC049C3D6C60C566218D888CABA0E60535E4
33E33114B9B655918F3EC69B18692BC16BF074CA20D30F8DB9A0E311809CC499
13198C6396C8906158979B69054A4B66
EC25A03A424D3ED64BF9C526E290B8E2E034627122D44E22
22C8AA5FCE134FA8E4F944A493B48D8DFDB59523D7E62A0E
1BB470FD7C2F29C85C3EB743D7F0A5B84E1A8ACC2DAAD605
242F1296684A219E5881AA69E01C6980
BD4567619649E3D124654A74BEC7D9908022F141AFFF8DB9F2848701D5BFDD58
F955D6CD6E76262AB26C4420649E06138D234D81DABAF7CA0E9BC9667A4A532D
BC2F2A5B5235795FC936EFDE95646080
54F1A687613DE487106C41AC0B2EDC92
ed20a9894c294741da9a53a1133cf7c0637326e33e9185498ccd4f67022e819c48608c05a9426fb3
27A4FD61C5821BA9842C39B7A5F723E4
DED948501A3260A87C3CB54ECCEEB475
1BB470FD7C2F29C85C3EB743D7F0A5B87147A564B35979A1505A02C9D997EB60
DECEAF978EDE053345A653D2FEF3E1BAFE8D3B195F89A67DC0C73AA75D446C34
453A22F91EDD6D8778544FAA6B899687E2E36D8A9A1411D4
FB0EA09AC009DA48B1402CC3F5DC830EE4E734AD29EACF310091FCF8F9AAC3BC
4F80A23F73A8074A5B2DDB8468A8947B9BFBDB6DE651A666EE6BEA864CDCBF0352ECE5842984AD86
B6EBA40A4703ACD3033570C754E3495A
54F1A687613DE487D99311F51858570F
882EA9689C37C66833EB41A87D99D138
C6EC87467D057F4F5F3C9F508819F6CDCBC006215D427ED73307267933E53321F3620DCA4F5CA11D
6F08F6E4ABB7AA63B9144E32A85F5B1A
556AC84FD8C24C421FE8B40889575B33

安全提示信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
bsh/BshClassManager.java, line(s) 320
bsh/CommandLineReader.java, line(s) 20
bsh/Console.java, line(s) 12,9
bsh/NameSpace.java, line(s) 301
bsh/Parser.java, line(s) 2304
bsh/Remote.java, line(s) 44,97,105,142
bsh/SimpleNode.java, line(s) 32
bsh/classpath/BshClassPath.java, line(s) 466,475,672
bsh/classpath/ClassManagerImpl.java, line(s) 245
bsh/util/ClassBrowser.java, line(s) 469
bsh/util/Httpd.java, line(s) 23
bsh/util/JDemoApplet.java, line(s) 27,30
bsh/util/Sessiond.java, line(s) 22
bsh/util/SessiondConnection.java, line(s) 29
c/b/a/a/f.java, line(s) 69
c/d/a/k.java, line(s) 79,82,191,275,278,315,334,337
cn/hugo/android/scanner/CaptureActivity.java, line(s) 282,104,114,117
cn/hugo/android/scanner/b.java, line(s) 41
cn/hugo/android/scanner/d.java, line(s) 28,79,85
cn/hugo/android/scanner/f/a.java, line(s) 54,64,74
cn/hugo/android/scanner/f/b.java, line(s) 60,68,81,86,103,114,125,166,178,188,54,185,190,211
cn/hugo/android/scanner/f/c.java, line(s) 73,100,101,102,177,141,140,149
cn/hugo/android/scanner/f/e.java, line(s) 25,28,12
cn/hugo/android/scanner/f/f.java, line(s) 30
cn/hugo/android/scanner/h/c.java, line(s) 77,90,98,113,117,109
cn/hugo/android/scanner/h/f.java, line(s) 49
com/Mus/ReboundScrollView.java, line(s) 113,119
com/px/DaemonService.java, line(s) 38,73,79,87
fr/castorflex/android/verticalviewpager/VerticalViewPager.java, line(s) 1572,1578,1595
org/keplerproject/luajava/Console.java, line(s) 38,39,24
org/keplerproject/luajava/LuaObject.java, line(s) 353

安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 

此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
com/cloudinject/feature/p021/C0281.java, line(s) 9,314
com/cloudinject/feature/p021/C0332.java, line(s) 9,314
com/iapp/app/ays.java, line(s) 8,148

已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 

此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4

Files:
c/b/a/a/g.java, line(s) 572,574
com/mx/MainActivity.java, line(s) 61,41

已通过安全项 此应用程序没有隐私跟踪程序 

此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。

综合安全基线评分: ( 星辰软件库 9.1)